141 lines
4.5 KiB
TypeScript
141 lines
4.5 KiB
TypeScript
/*
|
|
* Copyright (C) Sapphirecode - All Rights Reserved
|
|
* This file is part of Auth-Server-Helper which is released under MIT.
|
|
* See file 'LICENSE' for full license details.
|
|
* Created by Timo Hocker <timo@scode.ovh>, January 2021
|
|
*/
|
|
|
|
import http from 'http';
|
|
import { create_gateway } from '../../lib/index';
|
|
import authority from '../../lib/Authority';
|
|
import blacklist from '../../lib/Blacklist';
|
|
import { clock_finalize, clock_setup, get } from '../Helper';
|
|
|
|
// eslint-disable-next-line max-lines-per-function
|
|
describe ('gateway', () => {
|
|
let server: http.Server|null = null;
|
|
|
|
beforeAll (() => {
|
|
clock_setup ();
|
|
|
|
const g = create_gateway ({
|
|
redirect_url: 'http://localhost/auth',
|
|
cookie_name: 'cookie_jar'
|
|
});
|
|
|
|
server = http.createServer ((req, res) => {
|
|
const passed_handler = () => {
|
|
res.writeHead (200);
|
|
const con = req.connection as unknown as Record<string, unknown>;
|
|
res.end (JSON.stringify (con.auth));
|
|
};
|
|
g (req, res, passed_handler);
|
|
});
|
|
server.listen (3000);
|
|
});
|
|
|
|
afterAll (() => {
|
|
if (server === null)
|
|
throw new Error ('server is null');
|
|
server.close ();
|
|
|
|
clock_finalize ();
|
|
});
|
|
|
|
it ('should redirect any unauthorized request', async () => {
|
|
const resp = await get ();
|
|
expect (resp.statusCode)
|
|
.toEqual (302);
|
|
expect (resp.headers.location)
|
|
.toEqual ('http://localhost/auth');
|
|
});
|
|
|
|
it ('should allow a valid access token', async () => {
|
|
const token = await authority.sign ('access_token', 60);
|
|
const resp = await get ({ authorization: `Bearer ${token.signature}` });
|
|
expect (resp.statusCode)
|
|
.toEqual (200);
|
|
expect (JSON.parse (resp.body as string).token_id)
|
|
.toEqual (token.id);
|
|
});
|
|
|
|
it ('should allow a valid access token using cookies', async () => {
|
|
const token = await authority.sign ('access_token', 60);
|
|
const resp = await get (
|
|
{ cookie: `foo=bar;cookie_jar=${token.signature};asd=efg` }
|
|
);
|
|
expect (resp.statusCode)
|
|
.toEqual (200);
|
|
expect (JSON.parse (resp.body as string).token_id)
|
|
.toEqual (token.id);
|
|
});
|
|
|
|
it ('should correctly deliver token data', async () => {
|
|
const token = await authority.sign ('access_token', 60, { data: 'foobar' });
|
|
const resp = await get ({ authorization: `Bearer ${token.signature}` });
|
|
expect (resp.statusCode)
|
|
.toEqual (200);
|
|
const body = JSON.parse (resp.body as string);
|
|
expect (body.token_id)
|
|
.toEqual (token.id);
|
|
expect (body.token_data)
|
|
.toEqual ('foobar');
|
|
});
|
|
|
|
it ('should reject an outdated access token', async () => {
|
|
const token = await authority.sign ('access_token', 60);
|
|
jasmine.clock ()
|
|
.tick (70000);
|
|
const resp = await get ({ authorization: `Bearer ${token.signature}` });
|
|
expect (resp.statusCode)
|
|
.toEqual (302);
|
|
expect (resp.headers.location)
|
|
.toEqual ('http://localhost/auth');
|
|
});
|
|
|
|
it ('should reject a blacklisted access token', async () => {
|
|
const token = await authority.sign ('access_token', 60);
|
|
blacklist.add_signature (token.id);
|
|
const resp = await get ({ authorization: `Bearer ${token.signature}` });
|
|
expect (resp.statusCode)
|
|
.toEqual (302);
|
|
expect (resp.headers.location)
|
|
.toEqual ('http://localhost/auth');
|
|
});
|
|
|
|
it ('should reject any refresh_token', async () => {
|
|
const token = await authority.sign ('refresh_token', 60);
|
|
const resp = await get ({ authorization: `Bearer ${token.signature}` });
|
|
expect (resp.statusCode)
|
|
.toEqual (302);
|
|
expect (resp.headers.location)
|
|
.toEqual ('http://localhost/auth');
|
|
});
|
|
|
|
it ('should reject any part_token', async () => {
|
|
const token = await authority.sign ('part_token', 60);
|
|
const resp = await get ({ authorization: `Bearer ${token.signature}` });
|
|
expect (resp.statusCode)
|
|
.toEqual (302);
|
|
expect (resp.headers.location)
|
|
.toEqual ('http://localhost/auth');
|
|
});
|
|
|
|
it ('should reject any noname token', async () => {
|
|
const token = await authority.sign ('none', 60);
|
|
const resp = await get ({ authorization: `Bearer ${token.signature}` });
|
|
expect (resp.statusCode)
|
|
.toEqual (302);
|
|
expect (resp.headers.location)
|
|
.toEqual ('http://localhost/auth');
|
|
});
|
|
|
|
it ('should reject non-bearer auth', async () => {
|
|
const resp = await get ({ authorization: 'Basic foo:bar' });
|
|
expect (resp.statusCode)
|
|
.toEqual (302);
|
|
expect (resp.headers.location)
|
|
.toEqual ('http://localhost/auth');
|
|
});
|
|
});
|