/* * Copyright (C) Sapphirecode - All Rights Reserved * This file is part of Auth-Server-Helper which is released under MIT. * See file 'LICENSE' for full license details. * Created by Timo Hocker , January 2021 */ import http from 'http'; import { create_gateway } from '../../lib/index'; import authority from '../../lib/Authority'; import blacklist from '../../lib/Blacklist'; import { get } from '../Helper'; // eslint-disable-next-line max-lines-per-function describe ('gateway', () => { let server: http.Server|null = null; beforeAll (() => { jasmine.clock () .install (); jasmine.clock () .mockDate (new Date); const g = create_gateway ({ redirect_url: 'http://localhost/auth', cookie_name: 'cookie_jar' }); server = http.createServer ((req, res) => { const passed_handler = () => { res.writeHead (200); const con = req.connection as unknown as Record; res.end (JSON.stringify (con.auth)); }; g (req, res, passed_handler); }); server.listen (3000); }); afterAll (() => { if (server === null) throw new Error ('server is null'); server.close (); jasmine.clock () .tick (24 * 60 * 60 * 1000); jasmine.clock () .uninstall (); }); it ('should redirect any unauthorized request', async () => { const resp = await get (); expect (resp.statusCode) .toEqual (302); expect (resp.headers.location) .toEqual ('http://localhost/auth'); }); it ('should allow a valid access token', async () => { const token = await authority.sign ('access_token', 60); const resp = await get ({ authorization: `Bearer ${token.signature}` }); expect (resp.statusCode) .toEqual (200); expect (JSON.parse (resp.body as string).token_id) .toEqual (token.id); }); it ('should allow a valid access token using cookies', async () => { const token = await authority.sign ('access_token', 60); const resp = await get ({ cookie: `cookie_jar=${token.signature}` }); expect (resp.statusCode) .toEqual (200); expect (JSON.parse (resp.body as string).token_id) .toEqual (token.id); }); it ('should correctly deliver token data', async () => { const token = await authority.sign ('access_token', 60, { data: 'foobar' }); const resp = await get ({ authorization: `Bearer ${token.signature}` }); expect (resp.statusCode) .toEqual (200); const body = JSON.parse (resp.body as string); expect (body.token_id) .toEqual (token.id); expect (body.token_data) .toEqual ('foobar'); }); it ('should reject an outdated access token', async () => { const token = await authority.sign ('access_token', 60); jasmine.clock () .tick (70000); const resp = await get ({ authorization: `Bearer ${token.signature}` }); expect (resp.statusCode) .toEqual (302); expect (resp.headers.location) .toEqual ('http://localhost/auth'); }); it ('should reject a blacklisted access token', async () => { const token = await authority.sign ('access_token', 60); blacklist.add_signature (token.id); const resp = await get ({ authorization: `Bearer ${token.signature}` }); expect (resp.statusCode) .toEqual (302); expect (resp.headers.location) .toEqual ('http://localhost/auth'); }); it ('should reject any refresh_token', async () => { const token = await authority.sign ('refresh_token', 60); const resp = await get ({ authorization: `Bearer ${token.signature}` }); expect (resp.statusCode) .toEqual (302); expect (resp.headers.location) .toEqual ('http://localhost/auth'); }); it ('should reject any part_token', async () => { const token = await authority.sign ('part_token', 60); const resp = await get ({ authorization: `Bearer ${token.signature}` }); expect (resp.statusCode) .toEqual (302); expect (resp.headers.location) .toEqual ('http://localhost/auth'); }); it ('should reject any noname token', async () => { const token = await authority.sign ('none', 60); const resp = await get ({ authorization: `Bearer ${token.signature}` }); expect (resp.statusCode) .toEqual (302); expect (resp.headers.location) .toEqual ('http://localhost/auth'); }); it ('should reject non-bearer auth', async () => { const resp = await get ({ authorization: 'Basic foo:bar' }); expect (resp.statusCode) .toEqual (302); expect (resp.headers.location) .toEqual ('http://localhost/auth'); }); });