288 lines
8.0 KiB
JavaScript
288 lines
8.0 KiB
JavaScript
var extract_jwt = require('../lib/extract_jwt'),
|
|
Request = require('./mock_request');
|
|
|
|
describe('Token extractor', function() {
|
|
|
|
describe('fromHeader', function() {
|
|
|
|
var extractor = extract_jwt.fromHeader('test_header');
|
|
|
|
it('should return null no when token is present', function() {
|
|
var req = new Request();
|
|
|
|
var token = extractor(req);
|
|
|
|
expect(token).to.be.null;
|
|
});
|
|
|
|
|
|
it('should return the value from the specified header', function() {
|
|
var req = new Request();
|
|
req.headers['test_header'] = 'abcd123'
|
|
|
|
var token = extractor(req)
|
|
|
|
expect(token).to.equal('abcd123');
|
|
});
|
|
});
|
|
|
|
|
|
describe('fromBodyField', function() {
|
|
|
|
var extractor = extract_jwt.fromBodyField('test_field');
|
|
|
|
it('should return null when no body is present', function() {
|
|
var req = new Request();
|
|
|
|
var token = extractor(req);
|
|
|
|
expect(token).to.be.null;
|
|
});
|
|
|
|
|
|
it('should return null when the specified body field is not present', function() {
|
|
var req = new Request();
|
|
req.body = {};
|
|
|
|
var token = extractor(req);
|
|
|
|
expect(token).to.be.null;
|
|
});
|
|
|
|
|
|
it('should return the value from the specified body field', function() {
|
|
var req = new Request();
|
|
req.body = {};
|
|
req.body.test_field = 'abcd123';
|
|
|
|
var token = extractor(req);
|
|
|
|
expect(token).to.equal('abcd123');
|
|
});
|
|
|
|
|
|
it('should work properly with querystring', function() {
|
|
var req = new Request();
|
|
const querystring = require('querystring');
|
|
req.body = querystring.parse('test_field=abcd123')
|
|
|
|
var token = extractor(req);
|
|
|
|
expect(token).to.equal('abcd123')
|
|
});
|
|
});
|
|
|
|
|
|
describe('fromUrlQueryParameter', function() {
|
|
|
|
var extractor = extract_jwt.fromUrlQueryParameter('test_param');
|
|
|
|
|
|
it('should return null when the specified paramter is not present', function() {
|
|
var req = new Request();
|
|
|
|
var token = extractor(req);
|
|
|
|
expect(token).to.be.null;
|
|
});
|
|
|
|
|
|
it('should return the value from the specified parameter', function() {
|
|
var req = new Request();
|
|
req.url += '?test_param=abcd123';
|
|
|
|
var token = extractor(req);
|
|
|
|
expect(token).to.equal('abcd123');
|
|
});
|
|
});
|
|
|
|
|
|
describe('fromAuthHeaderWithScheme', function() {
|
|
|
|
var extractor = extract_jwt.fromAuthHeaderWithScheme('TEST_SCHEME');
|
|
|
|
it('should return null when no auth header is present', function() {
|
|
var req = new Request();
|
|
|
|
var token = extractor(req);
|
|
|
|
expect(token).to.be.null;
|
|
});
|
|
|
|
|
|
it('should return null when the auth header is present but the auth scheme doesnt match', function() {
|
|
var req = new Request()
|
|
req.headers['authorization'] = "NOT_TEST_SCHEME abcd123";
|
|
|
|
var token = extractor(req);
|
|
|
|
expect(token).to.be.null;
|
|
});
|
|
|
|
|
|
it('should return the value from the authorization header with specified auth scheme', function() {
|
|
var req = new Request()
|
|
req.headers['authorization'] = "TEST_SCHEME abcd123";
|
|
|
|
var token = extractor(req);
|
|
|
|
expect(token).to.equal('abcd123');
|
|
});
|
|
|
|
|
|
it('should perform a case-insensivite string comparison', function () {
|
|
var req = new Request()
|
|
req.headers['authorization'] = 'test_scheme abcd123';
|
|
|
|
var token = extractor(req);
|
|
|
|
expect(token).to.equal('abcd123');
|
|
});
|
|
});
|
|
|
|
|
|
describe('fromAuthHeader', function() {
|
|
|
|
var extractor = extract_jwt.fromAuthHeaderAsBearerToken();
|
|
|
|
it('should return the value from the authorization header with default JWT auth scheme', function() {
|
|
var req = new Request()
|
|
req.headers['authorization'] = "bearer abcd123";
|
|
|
|
var token = extractor(req);
|
|
|
|
expect(token).to.equal('abcd123');
|
|
});
|
|
|
|
|
|
});
|
|
|
|
describe('fromExtractors', function() {
|
|
|
|
it('should raise a type error when the extractor is constructed with a non-array argument', function() {
|
|
this_should_throw = function() {
|
|
var extractor = extract_jwt.fromExtractors({})
|
|
}
|
|
|
|
expect(this_should_throw).to.throw(TypeError)
|
|
});
|
|
|
|
|
|
var extractor = extract_jwt.fromExtractors([extract_jwt.fromAuthHeaderAsBearerToken(), extract_jwt.fromHeader('authorization')]);
|
|
|
|
it('should return null when no extractor extracts token', function() {
|
|
var req = new Request();
|
|
|
|
var token = extractor(req);
|
|
|
|
expect(token).to.be.null;
|
|
});
|
|
|
|
|
|
it('should return token found by least extractor', function() {
|
|
var req = new Request()
|
|
req.headers['authorization'] = "abcd123";
|
|
|
|
var token = extractor(req);
|
|
|
|
expect(token).to.equal('abcd123');
|
|
});
|
|
|
|
|
|
it('should return token found by first extractor', function() {
|
|
var req = new Request()
|
|
req.headers['authorization'] = "bearer abcd123";
|
|
|
|
var token = extractor(req);
|
|
|
|
expect(token).to.equal('abcd123');
|
|
});
|
|
|
|
});
|
|
|
|
|
|
describe('versionOneCompatibility', function () {
|
|
|
|
describe('default behavior', function() {
|
|
|
|
var extractor = extract_jwt.versionOneCompatibility({});
|
|
|
|
it('should return the token in the default "JWT" auth header', function () {
|
|
var req = new Request();
|
|
req.headers['authorization'] = "JWT abcd123";
|
|
|
|
var token = extractor(req);
|
|
|
|
expect(token).to.equal('abcd123');
|
|
});
|
|
|
|
|
|
it('should return the token in the default "auth_token" body field', function () {
|
|
var req = new Request();
|
|
req.body = {};
|
|
req.body['auth_token'] = 'xyzabcd';
|
|
|
|
var token = extractor(req);
|
|
|
|
expect(token).to.equal('xyzabcd');
|
|
});
|
|
|
|
|
|
it('should return then token in the default "auth_token" query parameter', function () {
|
|
var req = new Request();
|
|
req.url += '?auth_token=abcd123';
|
|
|
|
var token = extractor(req);
|
|
|
|
expect(token).to.equal('abcd123');
|
|
});
|
|
});
|
|
|
|
|
|
describe('user supplied parameters', function() {
|
|
|
|
it('should return the token in an auth header with a user specified auth scheme', function() {
|
|
var opts = { authScheme: 'MY_CUSTOM_AUTH_SCHEME' };
|
|
var extractor = extract_jwt.versionOneCompatibility(opts);
|
|
var req = new Request();
|
|
req.headers['authorization'] = 'MY_CUSTOM_AUTH_SCHEME deadbeef';
|
|
|
|
var token = extractor(req);
|
|
|
|
expect(token).to.equal('deadbeef');
|
|
});
|
|
|
|
|
|
it('should return the token in a user supplied body field', function () {
|
|
var opts = { tokenBodyField: 'CUSTOM_BODY_FIELD' };
|
|
var extractor = extract_jwt.versionOneCompatibility(opts);
|
|
var req = new Request();
|
|
req.body = {};
|
|
req.body['CUSTOM_BODY_FIELD'] = 'badbeef';
|
|
|
|
var token = extractor(req);
|
|
|
|
expect(token).to.equal('badbeef');
|
|
});
|
|
|
|
|
|
it('should return the token in a user specified query parameter', function () {
|
|
var opts = { tokenQueryParameterName: 'CustomQueryParam' };
|
|
var extractor = extract_jwt.versionOneCompatibility(opts);
|
|
var req = new Request();
|
|
req.url += '?CustomQueryParam=deadbeef';
|
|
|
|
var token = extractor(req);
|
|
|
|
expect(token).to.equal('deadbeef');
|
|
});
|
|
|
|
});
|
|
|
|
|
|
});
|
|
|
|
});
|
|
|