auth-server-helper/test/spec/Gateway.ts

/*
 * Copyright (C) Sapphirecode - All Rights Reserved
 * This file is part of Auth-Server-Helper which is released under MIT.
 * See file 'LICENSE' for full license details.
 * Created by Timo Hocker <timo@scode.ovh>, January 2021
 */

import http from 'http';
import { create_gateway } from '../../lib/index';
import authority from '../../lib/Authority';
import blacklist from '../../lib/Blacklist';
import { assert_keystore_state, flush_routine, get } from '../Helper';

// eslint-disable-next-line max-lines-per-function
describe ('gateway', () => {
  let server: http.Server|null = null;

  beforeAll (() => {
    flush_routine ();
    assert_keystore_state ();
    jasmine.clock ()
      .install ();
    jasmine.clock ()
      .mockDate (new Date);

    const g = create_gateway ({
      redirect_url: 'http://localhost/auth',
      cookie_name:  'cookie_jar'
    });

    server = http.createServer ((req, res) => {
      const passed_handler = () => {
        res.writeHead (200);
        const con = req.connection as unknown as Record<string, unknown>;
        res.end (JSON.stringify (con.auth));
      };
      g (req, res, passed_handler);
    });
    server.listen (3000);
  });

  afterAll (() => {
    if (server === null)
      throw new Error ('server is null');
    server.close ();

    jasmine.clock ()
      .uninstall ();
  });

  it ('should redirect any unauthorized request', async () => {
    const resp = await get ();
    expect (resp.statusCode)
      .toEqual (302);
    expect (resp.headers.location)
      .toEqual ('http://localhost/auth');
  });

  it ('should allow a valid access token', async () => {
    const token = await authority.sign ('access_token', 60);
    const resp = await get ({ authorization: `Bearer ${token.signature}` });
    expect (resp.statusCode)
      .toEqual (200);
    expect (JSON.parse (resp.body as string).token_id)
      .toEqual (token.id);
  });

  it ('should allow a valid access token using cookies', async () => {
    const token = await authority.sign ('access_token', 60);
    const resp = await get ({ cookie: `cookie_jar=${token.signature}` });
    expect (resp.statusCode)
      .toEqual (200);
    expect (JSON.parse (resp.body as string).token_id)
      .toEqual (token.id);
  });

  it ('should correctly deliver token data', async () => {
    const token = await authority.sign ('access_token', 60, { data: 'foobar' });
    const resp = await get ({ authorization: `Bearer ${token.signature}` });
    expect (resp.statusCode)
      .toEqual (200);
    const body = JSON.parse (resp.body as string);
    expect (body.token_id)
      .toEqual (token.id);
    expect (body.token_data)
      .toEqual ('foobar');
  });

  it ('should reject an outdated access token', async () => {
    const token = await authority.sign ('access_token', 60);
    jasmine.clock ()
      .tick (70000);
    const resp = await get ({ authorization: `Bearer ${token.signature}` });
    expect (resp.statusCode)
      .toEqual (302);
    expect (resp.headers.location)
      .toEqual ('http://localhost/auth');
  });

  it ('should reject a blacklisted access token', async () => {
    const token = await authority.sign ('access_token', 60);
    blacklist.add_signature (token.id);
    const resp = await get ({ authorization: `Bearer ${token.signature}` });
    expect (resp.statusCode)
      .toEqual (302);
    expect (resp.headers.location)
      .toEqual ('http://localhost/auth');
  });

  it ('should reject any refresh_token', async () => {
    const token = await authority.sign ('refresh_token', 60);
    const resp = await get ({ authorization: `Bearer ${token.signature}` });
    expect (resp.statusCode)
      .toEqual (302);
    expect (resp.headers.location)
      .toEqual ('http://localhost/auth');
  });

  it ('should reject any part_token', async () => {
    const token = await authority.sign ('part_token', 60);
    const resp = await get ({ authorization: `Bearer ${token.signature}` });
    expect (resp.statusCode)
      .toEqual (302);
    expect (resp.headers.location)
      .toEqual ('http://localhost/auth');
  });

  it ('should reject any noname token', async () => {
    const token = await authority.sign ('none', 60);
    const resp = await get ({ authorization: `Bearer ${token.signature}` });
    expect (resp.statusCode)
      .toEqual (302);
    expect (resp.headers.location)
      .toEqual ('http://localhost/auth');
  });

  it ('should reject non-bearer auth', async () => {
    const resp = await get ({ authorization: 'Basic foo:bar' });
    expect (resp.statusCode)
      .toEqual (302);
    expect (resp.headers.location)
      .toEqual ('http://localhost/auth');
  });
});
complete redesign 2021-01-03 14:51:07 +01:00			`/*`
			`* Copyright (C) Sapphirecode - All Rights Reserved`
			`* This file is part of Auth-Server-Helper which is released under MIT.`
			`* See file 'LICENSE' for full license details.`
			`* Created by Timo Hocker <timo@scode.ovh>, January 2021`
			`*/`

testing gateway 2020-12-28 16:53:08 +01:00			`import http from 'http';`
fix 2021-01-05 21:35:45 +01:00			`import { create_gateway } from '../../lib/index';`
testing gateway 2020-12-28 16:53:08 +01:00			`import authority from '../../lib/Authority';`
			`import blacklist from '../../lib/Blacklist';`
asymmetric keys import/export 2021-01-06 22:43:03 +01:00			`import { assert_keystore_state, flush_routine, get } from '../Helper';`
testing gateway 2020-12-28 16:53:08 +01:00
			`// eslint-disable-next-line max-lines-per-function`
			`describe ('gateway', () => {`
			`let server: http.Server\|null = null;`

			`beforeAll (() => {`
asymmetric keys import/export 2021-01-06 22:43:03 +01:00			`flush_routine ();`
			`assert_keystore_state ();`
testing gateway 2020-12-28 16:53:08 +01:00			`jasmine.clock ()`
			`.install ();`
			`jasmine.clock ()`
			`.mockDate (new Date);`

fix 2021-01-05 21:35:45 +01:00			`const g = create_gateway ({`
testing gateway 2020-12-28 16:53:08 +01:00			`redirect_url: 'http://localhost/auth',`
			`cookie_name: 'cookie_jar'`
			`});`

			`server = http.createServer ((req, res) => {`
			`const passed_handler = () => {`
			`res.writeHead (200);`
fix 2021-01-05 15:59:06 +01:00			`const con = req.connection as unknown as Record<string, unknown>;`
			`res.end (JSON.stringify (con.auth));`
testing gateway 2020-12-28 16:53:08 +01:00			`};`
			`g (req, res, passed_handler);`
			`});`
			`server.listen (3000);`
			`});`

			`afterAll (() => {`
			`if (server === null)`
			`throw new Error ('server is null');`
			`server.close ();`

			`jasmine.clock ()`
			`.uninstall ();`
			`});`

			`it ('should redirect any unauthorized request', async () => {`
update 2020-12-30 17:21:56 +01:00			`const resp = await get ();`
			`expect (resp.statusCode)`
testing gateway 2020-12-28 16:53:08 +01:00			`.toEqual (302);`
update 2020-12-30 17:21:56 +01:00			`expect (resp.headers.location)`
testing gateway 2020-12-28 16:53:08 +01:00			`.toEqual ('http://localhost/auth');`
			`});`

			`it ('should allow a valid access token', async () => {`
asymmetric keys 2021-01-06 16:06:03 +01:00			`const token = await authority.sign ('access_token', 60);`
update 2020-12-30 17:21:56 +01:00			const resp = await get ({ authorization: `Bearer ${token.signature}` });
			`expect (resp.statusCode)`
testing gateway 2020-12-28 16:53:08 +01:00			`.toEqual (200);`
fix 2021-01-05 15:59:06 +01:00			`expect (JSON.parse (resp.body as string).token_id)`
			`.toEqual (token.id);`
testing gateway 2020-12-28 16:53:08 +01:00			`});`

			`it ('should allow a valid access token using cookies', async () => {`
asymmetric keys 2021-01-06 16:06:03 +01:00			`const token = await authority.sign ('access_token', 60);`
update 2020-12-30 17:21:56 +01:00			const resp = await get ({ cookie: `cookie_jar=${token.signature}` });
			`expect (resp.statusCode)`
testing gateway 2020-12-28 16:53:08 +01:00			`.toEqual (200);`
fix 2021-01-05 15:59:06 +01:00			`expect (JSON.parse (resp.body as string).token_id)`
			`.toEqual (token.id);`
			`});`

			`it ('should correctly deliver token data', async () => {`
asymmetric keys 2021-01-06 16:06:03 +01:00			`const token = await authority.sign ('access_token', 60, { data: 'foobar' });`
fix 2021-01-05 15:59:06 +01:00			const resp = await get ({ authorization: `Bearer ${token.signature}` });
			`expect (resp.statusCode)`
			`.toEqual (200);`
			`const body = JSON.parse (resp.body as string);`
			`expect (body.token_id)`
			`.toEqual (token.id);`
			`expect (body.token_data)`
			`.toEqual ('foobar');`
testing gateway 2020-12-28 16:53:08 +01:00			`});`

			`it ('should reject an outdated access token', async () => {`
asymmetric keys 2021-01-06 16:06:03 +01:00			`const token = await authority.sign ('access_token', 60);`
testing gateway 2020-12-28 16:53:08 +01:00			`jasmine.clock ()`
			`.tick (70000);`
update 2020-12-30 17:21:56 +01:00			const resp = await get ({ authorization: `Bearer ${token.signature}` });
			`expect (resp.statusCode)`
testing gateway 2020-12-28 16:53:08 +01:00			`.toEqual (302);`
update 2020-12-30 17:21:56 +01:00			`expect (resp.headers.location)`
testing gateway 2020-12-28 16:53:08 +01:00			`.toEqual ('http://localhost/auth');`
			`});`

			`it ('should reject a blacklisted access token', async () => {`
asymmetric keys 2021-01-06 16:06:03 +01:00			`const token = await authority.sign ('access_token', 60);`
testing gateway 2020-12-28 16:53:08 +01:00			`blacklist.add_signature (token.id);`
update 2020-12-30 17:21:56 +01:00			const resp = await get ({ authorization: `Bearer ${token.signature}` });
			`expect (resp.statusCode)`
testing gateway 2020-12-28 16:53:08 +01:00			`.toEqual (302);`
update 2020-12-30 17:21:56 +01:00			`expect (resp.headers.location)`
testing gateway 2020-12-28 16:53:08 +01:00			`.toEqual ('http://localhost/auth');`
			`});`

			`it ('should reject any refresh_token', async () => {`
asymmetric keys 2021-01-06 16:06:03 +01:00			`const token = await authority.sign ('refresh_token', 60);`
update 2020-12-30 17:21:56 +01:00			const resp = await get ({ authorization: `Bearer ${token.signature}` });
			`expect (resp.statusCode)`
testing gateway 2020-12-28 16:53:08 +01:00			`.toEqual (302);`
update 2020-12-30 17:21:56 +01:00			`expect (resp.headers.location)`
testing gateway 2020-12-28 16:53:08 +01:00			`.toEqual ('http://localhost/auth');`
			`});`

			`it ('should reject any part_token', async () => {`
asymmetric keys 2021-01-06 16:06:03 +01:00			`const token = await authority.sign ('part_token', 60);`
update 2020-12-30 17:21:56 +01:00			const resp = await get ({ authorization: `Bearer ${token.signature}` });
			`expect (resp.statusCode)`
testing gateway 2020-12-28 16:53:08 +01:00			`.toEqual (302);`
update 2020-12-30 17:21:56 +01:00			`expect (resp.headers.location)`
testing gateway 2020-12-28 16:53:08 +01:00			`.toEqual ('http://localhost/auth');`
			`});`

			`it ('should reject any noname token', async () => {`
asymmetric keys 2021-01-06 16:06:03 +01:00			`const token = await authority.sign ('none', 60);`
update 2020-12-30 17:21:56 +01:00			const resp = await get ({ authorization: `Bearer ${token.signature}` });
			`expect (resp.statusCode)`
testing gateway 2020-12-28 16:53:08 +01:00			`.toEqual (302);`
update 2020-12-30 17:21:56 +01:00			`expect (resp.headers.location)`
testing gateway 2020-12-28 16:53:08 +01:00			`.toEqual ('http://localhost/auth');`
			`});`

			`it ('should reject non-bearer auth', async () => {`
update 2020-12-30 17:21:56 +01:00			`const resp = await get ({ authorization: 'Basic foo:bar' });`
			`expect (resp.statusCode)`
testing gateway 2020-12-28 16:53:08 +01:00			`.toEqual (302);`
update 2020-12-30 17:21:56 +01:00			`expect (resp.headers.location)`
testing gateway 2020-12-28 16:53:08 +01:00			`.toEqual ('http://localhost/auth');`
			`});`
			`});`