auth-server-helper/test/spec/Gateway.ts

/*
 * Copyright (C) Sapphirecode - All Rights Reserved
 * This file is part of Auth-Server-Helper which is released under MIT.
 * See file 'LICENSE' for full license details.
 * Created by Timo Hocker <timo@scode.ovh>, January 2021
 */

import http from 'http';
import { create_gateway } from '../../lib/index';
import authority from '../../lib/Authority';
import blacklist from '../../lib/Blacklist';
import { clock_finalize, clock_setup, get } from '../Helper';

// eslint-disable-next-line max-lines-per-function
describe ('gateway', () => {
  let server: http.Server|null = null;

  beforeAll (() => {
    clock_setup ();

    const g = create_gateway ({
      redirect_url:        'http://localhost/auth',
      cookie_name:         'cookie_jar',
      refresh_cookie_name: 'mint_cookies',
      refresh_settings:    {
        access_token_expires_in:  600,
        include_refresh_token:    true,
        refresh_token_expires_in: 3600
      }
    });

    server = http.createServer ((req, res) => {
      const passed_handler = () => {
        res.writeHead (200);
        const con = req.connection as unknown as Record<string, unknown>;
        res.end (JSON.stringify (con.auth));
      };
      g (req, res, passed_handler);
    });
    server.listen (3000);
  });

  afterAll (() => {
    if (server === null)
      throw new Error ('server is null');
    server.close ();

    clock_finalize ();
  });

  it ('should redirect any unauthorized request', async () => {
    const resp = await get ();
    expect (resp.statusCode)
      .toEqual (302);
    expect (resp.headers.location)
      .toEqual ('http://localhost/auth');
  });

  it ('should allow a valid access token', async () => {
    const token = await authority.sign ('access_token', 60);
    const resp = await get ({ authorization: `Bearer ${token.signature}` });
    expect (resp.statusCode)
      .toEqual (200);
    expect (JSON.parse (resp.body as string).token_id)
      .toEqual (token.id);
  });

  it ('should allow a valid access token using cookies', async () => {
    const token = await authority.sign ('access_token', 60);
    const resp = await get (
      { cookie: `foo=bar;cookie_jar=${token.signature};asd=efg` }
    );
    expect (resp.statusCode)
      .toEqual (200);
    expect (JSON.parse (resp.body as string).token_id)
      .toEqual (token.id);
  });

  it ('should automatically return new tokens', async () => {
    const token = await authority.sign ('access_token', 60);
    const refresh = await authority.sign ('refresh_token', 3600);
    jasmine.clock ()
      .tick (70000);
    const resp = await get (
      // eslint-disable-next-line max-len
      { cookie: `foo=bar;cookie_jar=${token.signature};asd=efg;mint_cookies=${refresh.signature}` }
    );
    expect (resp.statusCode)
      .toEqual (200);
    expect (JSON.parse (resp.body as string).token_id)
      .not
      .toEqual (token.id);
  });

  it ('should correctly deliver token data', async () => {
    const token = await authority.sign ('access_token', 60, { data: 'foobar' });
    const resp = await get ({ authorization: `Bearer ${token.signature}` });
    expect (resp.statusCode)
      .toEqual (200);
    const body = JSON.parse (resp.body as string);
    expect (body.token_id)
      .toEqual (token.id);
    expect (body.token_data)
      .toEqual ('foobar');
  });

  it ('should reject an outdated access token', async () => {
    const token = await authority.sign ('access_token', 60);
    jasmine.clock ()
      .tick (70000);
    const resp = await get ({ authorization: `Bearer ${token.signature}` });
    expect (resp.statusCode)
      .toEqual (302);
    expect (resp.headers.location)
      .toEqual ('http://localhost/auth');
  });

  it ('should reject a blacklisted access token', async () => {
    const token = await authority.sign ('access_token', 60);
    blacklist.add_signature (token.id);
    const resp = await get ({ authorization: `Bearer ${token.signature}` });
    expect (resp.statusCode)
      .toEqual (302);
    expect (resp.headers.location)
      .toEqual ('http://localhost/auth');
  });

  it ('should reject any refresh_token', async () => {
    const token = await authority.sign ('refresh_token', 60);
    const resp = await get ({ authorization: `Bearer ${token.signature}` });
    expect (resp.statusCode)
      .toEqual (302);
    expect (resp.headers.location)
      .toEqual ('http://localhost/auth');
  });

  it ('should reject any part_token', async () => {
    const token = await authority.sign ('part_token', 60);
    const resp = await get ({ authorization: `Bearer ${token.signature}` });
    expect (resp.statusCode)
      .toEqual (302);
    expect (resp.headers.location)
      .toEqual ('http://localhost/auth');
  });

  it ('should reject any noname token', async () => {
    const token = await authority.sign ('none', 60);
    const resp = await get ({ authorization: `Bearer ${token.signature}` });
    expect (resp.statusCode)
      .toEqual (302);
    expect (resp.headers.location)
      .toEqual ('http://localhost/auth');
  });

  it ('should reject non-bearer auth', async () => {
    const resp = await get ({ authorization: 'Basic foo:bar' });
    expect (resp.statusCode)
      .toEqual (302);
    expect (resp.headers.location)
      .toEqual ('http://localhost/auth');
  });

  it ('should disallow access and refresh cookies with the same name', () => {
    expect (() => {
      create_gateway ({ cookie_name: 'foo', refresh_cookie_name: 'foo' });
    })
      .toThrowError ('access and refresh cookies cannot have the same name');
  });
});
complete redesign 2021-01-03 14:51:07 +01:00			`/*`
			`* Copyright (C) Sapphirecode - All Rights Reserved`
			`* This file is part of Auth-Server-Helper which is released under MIT.`
			`* See file 'LICENSE' for full license details.`
			`* Created by Timo Hocker <timo@scode.ovh>, January 2021`
			`*/`

testing gateway 2020-12-28 16:53:08 +01:00			`import http from 'http';`
fix 2021-01-05 21:35:45 +01:00			`import { create_gateway } from '../../lib/index';`
testing gateway 2020-12-28 16:53:08 +01:00			`import authority from '../../lib/Authority';`
			`import blacklist from '../../lib/Blacklist';`
fixes 2021-01-07 15:43:54 +01:00			`import { clock_finalize, clock_setup, get } from '../Helper';`
testing gateway 2020-12-28 16:53:08 +01:00
			`// eslint-disable-next-line max-lines-per-function`
			`describe ('gateway', () => {`
			`let server: http.Server\|null = null;`

			`beforeAll (() => {`
fixes 2021-01-07 15:43:54 +01:00			`clock_setup ();`
testing gateway 2020-12-28 16:53:08 +01:00
fix 2021-01-05 21:35:45 +01:00			`const g = create_gateway ({`
automatic refresh tokens 2022-01-04 21:32:04 +01:00			`redirect_url: 'http://localhost/auth',`
			`cookie_name: 'cookie_jar',`
			`refresh_cookie_name: 'mint_cookies',`
			`refresh_settings: {`
			`access_token_expires_in: 600,`
			`include_refresh_token: true,`
			`refresh_token_expires_in: 3600`
			`}`
testing gateway 2020-12-28 16:53:08 +01:00			`});`

			`server = http.createServer ((req, res) => {`
			`const passed_handler = () => {`
			`res.writeHead (200);`
fix 2021-01-05 15:59:06 +01:00			`const con = req.connection as unknown as Record<string, unknown>;`
			`res.end (JSON.stringify (con.auth));`
testing gateway 2020-12-28 16:53:08 +01:00			`};`
			`g (req, res, passed_handler);`
			`});`
			`server.listen (3000);`
			`});`

			`afterAll (() => {`
			`if (server === null)`
			`throw new Error ('server is null');`
			`server.close ();`

fixes 2021-01-07 15:43:54 +01:00			`clock_finalize ();`
testing gateway 2020-12-28 16:53:08 +01:00			`});`

			`it ('should redirect any unauthorized request', async () => {`
update 2020-12-30 17:21:56 +01:00			`const resp = await get ();`
			`expect (resp.statusCode)`
testing gateway 2020-12-28 16:53:08 +01:00			`.toEqual (302);`
update 2020-12-30 17:21:56 +01:00			`expect (resp.headers.location)`
testing gateway 2020-12-28 16:53:08 +01:00			`.toEqual ('http://localhost/auth');`
			`});`

			`it ('should allow a valid access token', async () => {`
asymmetric keys 2021-01-06 16:06:03 +01:00			`const token = await authority.sign ('access_token', 60);`
update 2020-12-30 17:21:56 +01:00			const resp = await get ({ authorization: `Bearer ${token.signature}` });
			`expect (resp.statusCode)`
testing gateway 2020-12-28 16:53:08 +01:00			`.toEqual (200);`
fix 2021-01-05 15:59:06 +01:00			`expect (JSON.parse (resp.body as string).token_id)`
			`.toEqual (token.id);`
testing gateway 2020-12-28 16:53:08 +01:00			`});`

			`it ('should allow a valid access token using cookies', async () => {`
asymmetric keys 2021-01-06 16:06:03 +01:00			`const token = await authority.sign ('access_token', 60);`
test with additional cookies 2021-01-12 21:26:19 +01:00			`const resp = await get (`
			{ cookie: `foo=bar;cookie_jar=${token.signature};asd=efg` }
			`);`
update 2020-12-30 17:21:56 +01:00			`expect (resp.statusCode)`
testing gateway 2020-12-28 16:53:08 +01:00			`.toEqual (200);`
fix 2021-01-05 15:59:06 +01:00			`expect (JSON.parse (resp.body as string).token_id)`
			`.toEqual (token.id);`
			`});`

automatic refresh tokens 2022-01-04 21:32:04 +01:00			`it ('should automatically return new tokens', async () => {`
			`const token = await authority.sign ('access_token', 60);`
			`const refresh = await authority.sign ('refresh_token', 3600);`
			`jasmine.clock ()`
			`.tick (70000);`
			`const resp = await get (`
			`// eslint-disable-next-line max-len`
			{ cookie: `foo=bar;cookie_jar=${token.signature};asd=efg;mint_cookies=${refresh.signature}` }
			`);`
			`expect (resp.statusCode)`
			`.toEqual (200);`
			`expect (JSON.parse (resp.body as string).token_id)`
			`.not`
			`.toEqual (token.id);`
			`});`

fix 2021-01-05 15:59:06 +01:00			`it ('should correctly deliver token data', async () => {`
asymmetric keys 2021-01-06 16:06:03 +01:00			`const token = await authority.sign ('access_token', 60, { data: 'foobar' });`
fix 2021-01-05 15:59:06 +01:00			const resp = await get ({ authorization: `Bearer ${token.signature}` });
			`expect (resp.statusCode)`
			`.toEqual (200);`
			`const body = JSON.parse (resp.body as string);`
			`expect (body.token_id)`
			`.toEqual (token.id);`
			`expect (body.token_data)`
			`.toEqual ('foobar');`
testing gateway 2020-12-28 16:53:08 +01:00			`});`

			`it ('should reject an outdated access token', async () => {`
asymmetric keys 2021-01-06 16:06:03 +01:00			`const token = await authority.sign ('access_token', 60);`
testing gateway 2020-12-28 16:53:08 +01:00			`jasmine.clock ()`
			`.tick (70000);`
update 2020-12-30 17:21:56 +01:00			const resp = await get ({ authorization: `Bearer ${token.signature}` });
			`expect (resp.statusCode)`
testing gateway 2020-12-28 16:53:08 +01:00			`.toEqual (302);`
update 2020-12-30 17:21:56 +01:00			`expect (resp.headers.location)`
testing gateway 2020-12-28 16:53:08 +01:00			`.toEqual ('http://localhost/auth');`
			`});`

			`it ('should reject a blacklisted access token', async () => {`
asymmetric keys 2021-01-06 16:06:03 +01:00			`const token = await authority.sign ('access_token', 60);`
testing gateway 2020-12-28 16:53:08 +01:00			`blacklist.add_signature (token.id);`
update 2020-12-30 17:21:56 +01:00			const resp = await get ({ authorization: `Bearer ${token.signature}` });
			`expect (resp.statusCode)`
testing gateway 2020-12-28 16:53:08 +01:00			`.toEqual (302);`
update 2020-12-30 17:21:56 +01:00			`expect (resp.headers.location)`
testing gateway 2020-12-28 16:53:08 +01:00			`.toEqual ('http://localhost/auth');`
			`});`

			`it ('should reject any refresh_token', async () => {`
asymmetric keys 2021-01-06 16:06:03 +01:00			`const token = await authority.sign ('refresh_token', 60);`
update 2020-12-30 17:21:56 +01:00			const resp = await get ({ authorization: `Bearer ${token.signature}` });
			`expect (resp.statusCode)`
testing gateway 2020-12-28 16:53:08 +01:00			`.toEqual (302);`
update 2020-12-30 17:21:56 +01:00			`expect (resp.headers.location)`
testing gateway 2020-12-28 16:53:08 +01:00			`.toEqual ('http://localhost/auth');`
			`});`

			`it ('should reject any part_token', async () => {`
asymmetric keys 2021-01-06 16:06:03 +01:00			`const token = await authority.sign ('part_token', 60);`
update 2020-12-30 17:21:56 +01:00			const resp = await get ({ authorization: `Bearer ${token.signature}` });
			`expect (resp.statusCode)`
testing gateway 2020-12-28 16:53:08 +01:00			`.toEqual (302);`
update 2020-12-30 17:21:56 +01:00			`expect (resp.headers.location)`
testing gateway 2020-12-28 16:53:08 +01:00			`.toEqual ('http://localhost/auth');`
			`});`

			`it ('should reject any noname token', async () => {`
asymmetric keys 2021-01-06 16:06:03 +01:00			`const token = await authority.sign ('none', 60);`
update 2020-12-30 17:21:56 +01:00			const resp = await get ({ authorization: `Bearer ${token.signature}` });
			`expect (resp.statusCode)`
testing gateway 2020-12-28 16:53:08 +01:00			`.toEqual (302);`
update 2020-12-30 17:21:56 +01:00			`expect (resp.headers.location)`
testing gateway 2020-12-28 16:53:08 +01:00			`.toEqual ('http://localhost/auth');`
			`});`

			`it ('should reject non-bearer auth', async () => {`
update 2020-12-30 17:21:56 +01:00			`const resp = await get ({ authorization: 'Basic foo:bar' });`
			`expect (resp.statusCode)`
testing gateway 2020-12-28 16:53:08 +01:00			`.toEqual (302);`
update 2020-12-30 17:21:56 +01:00			`expect (resp.headers.location)`
testing gateway 2020-12-28 16:53:08 +01:00			`.toEqual ('http://localhost/auth');`
			`});`
automatic refresh tokens 2022-01-04 21:32:04 +01:00
			`it ('should disallow access and refresh cookies with the same name', () => {`
			`expect (() => {`
			`create_gateway ({ cookie_name: 'foo', refresh_cookie_name: 'foo' });`
			`})`
			`.toThrowError ('access and refresh cookies cannot have the same name');`
			`});`
testing gateway 2020-12-28 16:53:08 +01:00			`});`