/* * Copyright (C) Sapphirecode - All Rights Reserved * This file is part of Auth-Server-Helper which is released under MIT. * See file 'LICENSE' for full license details. * Created by Timo Hocker , January 2021 */ import http from 'http'; import { create_gateway } from '../../lib/index'; import authority from '../../lib/Authority'; import blacklist from '../../lib/Blacklist'; import { clock_finalize, clock_setup, get } from '../Helper'; // eslint-disable-next-line max-lines-per-function describe ('gateway', () => { let server: http.Server|null = null; beforeAll (() => { clock_setup (); const g = create_gateway ({ redirect_url: 'http://localhost/auth', cookie_name: 'cookie_jar', refresh_cookie_name: 'mint_cookies', refresh_settings: { access_token_expires_in: 600, include_refresh_token: true, refresh_token_expires_in: 3600 } }); server = http.createServer ((req, res) => { const passed_handler = () => { res.writeHead (200); const con = req.connection as unknown as Record; res.end (JSON.stringify (con.auth)); }; g (req, res, passed_handler); }); server.listen (3000); }); afterAll (() => { if (server === null) throw new Error ('server is null'); server.close (); clock_finalize (); }); it ('should redirect any unauthorized request', async () => { const resp = await get (); expect (resp.statusCode) .toEqual (302); expect (resp.headers.location) .toEqual ('http://localhost/auth'); }); it ('should allow a valid access token', async () => { const token = await authority.sign ('access_token', 60); const resp = await get ({ authorization: `Bearer ${token.signature}` }); expect (resp.statusCode) .toEqual (200); expect (JSON.parse (resp.body as string).token_id) .toEqual (token.id); }); it ('should allow a valid access token using cookies', async () => { const token = await authority.sign ('access_token', 60); const resp = await get ( { cookie: `foo=bar;cookie_jar=${token.signature};asd=efg` } ); expect (resp.statusCode) .toEqual (200); expect (JSON.parse (resp.body as string).token_id) .toEqual (token.id); }); it ('should automatically return new tokens', async () => { const token = await authority.sign ('access_token', 60); const refresh = await authority.sign ('refresh_token', 3600); jasmine.clock () .tick (70000); const resp = await get ( // eslint-disable-next-line max-len { cookie: `foo=bar;cookie_jar=${token.signature};asd=efg;mint_cookies=${refresh.signature}` } ); expect (resp.statusCode) .toEqual (200); expect (JSON.parse (resp.body as string).token_id) .not .toEqual (token.id); }); it ('should correctly deliver token data', async () => { const token = await authority.sign ('access_token', 60, { data: 'foobar' }); const resp = await get ({ authorization: `Bearer ${token.signature}` }); expect (resp.statusCode) .toEqual (200); const body = JSON.parse (resp.body as string); expect (body.token_id) .toEqual (token.id); expect (body.token_data) .toEqual ('foobar'); }); it ('should reject an outdated access token', async () => { const token = await authority.sign ('access_token', 60); jasmine.clock () .tick (70000); const resp = await get ({ authorization: `Bearer ${token.signature}` }); expect (resp.statusCode) .toEqual (302); expect (resp.headers.location) .toEqual ('http://localhost/auth'); }); it ('should reject a blacklisted access token', async () => { const token = await authority.sign ('access_token', 60); blacklist.add_signature (token.id); const resp = await get ({ authorization: `Bearer ${token.signature}` }); expect (resp.statusCode) .toEqual (302); expect (resp.headers.location) .toEqual ('http://localhost/auth'); }); it ('should reject any refresh_token', async () => { const token = await authority.sign ('refresh_token', 60); const resp = await get ({ authorization: `Bearer ${token.signature}` }); expect (resp.statusCode) .toEqual (302); expect (resp.headers.location) .toEqual ('http://localhost/auth'); }); it ('should reject any part_token', async () => { const token = await authority.sign ('part_token', 60); const resp = await get ({ authorization: `Bearer ${token.signature}` }); expect (resp.statusCode) .toEqual (302); expect (resp.headers.location) .toEqual ('http://localhost/auth'); }); it ('should reject any noname token', async () => { const token = await authority.sign ('none', 60); const resp = await get ({ authorization: `Bearer ${token.signature}` }); expect (resp.statusCode) .toEqual (302); expect (resp.headers.location) .toEqual ('http://localhost/auth'); }); it ('should reject non-bearer auth', async () => { const resp = await get ({ authorization: 'Basic foo:bar' }); expect (resp.statusCode) .toEqual (302); expect (resp.headers.location) .toEqual ('http://localhost/auth'); }); it ('should disallow access and refresh cookies with the same name', () => { expect (() => { create_gateway ({ cookie_name: 'foo', refresh_cookie_name: 'foo' }); }) .toThrowError ('access and refresh cookies cannot have the same name'); }); });