auth-server-helper/test/spec/Authority.ts

/*
 * Copyright (C) Sapphirecode - All Rights Reserved
 * This file is part of Auth-Server-Helper which is released under MIT.
 * See file 'LICENSE' for full license details.
 * Created by Timo Hocker <timo@scode.ovh>, December 2020
 */

import auth from '../../lib/Authority';
import bl from '../../lib/Blacklist';
import { modify_signature } from '../Helper';

// eslint-disable-next-line max-lines-per-function
describe ('authority', () => {
  beforeEach (() => {
    jasmine.clock ()
      .install ();
    jasmine.clock ()
      .mockDate (new Date);
  });

  afterEach (() => {
    jasmine.clock ()
      .tick (24 * 60 * 60 * 1000);
    jasmine.clock ()
      .uninstall ();
  });

  it ('should create an access token', () => {
    const token = auth.sign ('access_token', 60);
    jasmine.clock ()
      .tick (30000);
    const res = auth.verify (token.signature);
    expect (res.authorized)
      .toBeTrue ();
    expect (res.valid)
      .toBeTrue ();
    expect (res.type)
      .toEqual ('access_token');
    expect (res.next_module)
      .toBeUndefined ();
  });

  it ('should create a refresh token', () => {
    const token = auth.sign ('refresh_token', 600);
    jasmine.clock ()
      .tick (30000);
    const res = auth.verify (token.signature);
    expect (res.authorized)
      .toBeFalse ();
    expect (res.valid)
      .toBeTrue ();
    expect (res.type)
      .toEqual ('refresh_token');
    expect (res.next_module)
      .toBeUndefined ();
  });

  it ('should create a part token', () => {
    const token = auth.sign ('part_token', 60, { next_module: '2fa' });
    jasmine.clock ()
      .tick (30000);
    const res = auth.verify (token.signature);
    expect (res.authorized)
      .toBeFalse ();
    expect (res.valid)
      .toBeTrue ();
    expect (res.type)
      .toEqual ('part_token');
    expect (res.next_module)
      .toEqual ('2fa');
  });

  it ('should reject an invalid access token', () => {
    const token = auth.sign ('access_token', 60);
    token.signature = modify_signature (token.signature);
    jasmine.clock ()
      .tick (30000);
    const res = auth.verify (token.signature);
    expect (res.authorized)
      .toBeFalse ();
    expect (res.valid)
      .toBeFalse ();
    expect (res.type)
      .toEqual ('none');
    expect (res.next_module)
      .toBeUndefined ();
  });

  it ('should reject blacklisted access token', () => {
    const token = auth.sign ('access_token', 60);
    jasmine.clock ()
      .tick (30000);
    bl.add_signature (token.id);
    const res = auth.verify (token.signature);
    expect (res.authorized)
      .toBeFalse ();
    expect (res.valid)
      .toBeFalse ();
    expect (res.type)
      .toEqual ('access_token');
    expect (res.next_module)
      .toBeUndefined ();
  });

  it ('should reject an invalid refresh token', () => {
    const token = auth.sign ('refresh_token', 600);
    token.signature = modify_signature (token.signature);
    jasmine.clock ()
      .tick (30000);
    const res = auth.verify (token.signature);
    expect (res.authorized)
      .toBeFalse ();
    expect (res.valid)
      .toBeFalse ();
    expect (res.type)
      .toEqual ('none');
    expect (res.next_module)
      .toBeUndefined ();
  });

  it ('should reject a blacklisted refresh token', () => {
    const token = auth.sign ('refresh_token', 600);
    jasmine.clock ()
      .tick (30000);
    bl.add_signature (token.id);
    const res = auth.verify (token.signature);
    expect (res.authorized)
      .toBeFalse ();
    expect (res.valid)
      .toBeFalse ();
    expect (res.type)
      .toEqual ('refresh_token');
    expect (res.next_module)
      .toBeUndefined ();
  });
});