authelia/test/unitary/routes/FirstFactor.test.ts

140 lines
4.8 KiB
TypeScript
Raw Normal View History

2017-05-20 20:55:37 +00:00
import sinon = require("sinon");
import BluebirdPromise = require("bluebird");
import assert = require("assert");
import winston = require("winston");
import FirstFactor = require("../../../src/lib/routes/FirstFactor");
import exceptions = require("../../../src/lib/Exceptions");
import AuthenticationRegulatorMock = require("../mocks/AuthenticationRegulator");
import AccessControllerMock = require("../mocks/AccessController");
2017-05-20 23:15:34 +00:00
import { LdapClientMock } from "../mocks/LdapClient";
2017-05-20 20:55:37 +00:00
import ExpressMock = require("../mocks/express");
describe("test the first factor validation route", function () {
2017-05-21 10:14:59 +00:00
let req: ExpressMock.RequestMock;
let res: ExpressMock.ResponseMock;
2017-05-20 20:55:37 +00:00
let emails: string[];
let groups: string[];
let configuration;
2017-05-20 23:15:34 +00:00
let ldapMock: LdapClientMock;
2017-05-21 10:14:59 +00:00
let regulator: AuthenticationRegulatorMock.AuthenticationRegulatorMock;
let accessController: AccessControllerMock.AccessControllerMock;
2017-05-20 20:55:37 +00:00
beforeEach(function () {
2017-05-20 20:55:37 +00:00
configuration = {
ldap: {
base_dn: "ou=users,dc=example,dc=com",
user_name_attribute: "uid"
}
};
emails = ["test_ok@example.com"];
groups = ["group1", "group2" ];
2017-05-20 20:55:37 +00:00
2017-05-20 23:15:34 +00:00
ldapMock = LdapClientMock();
2017-05-20 20:55:37 +00:00
2017-05-21 10:14:59 +00:00
accessController = AccessControllerMock.AccessControllerMock();
2017-05-20 20:55:37 +00:00
accessController.isDomainAllowedForUser.returns(true);
2017-05-21 10:14:59 +00:00
regulator = AuthenticationRegulatorMock.AuthenticationRegulatorMock();
2017-05-20 20:55:37 +00:00
regulator.regulate.returns(BluebirdPromise.resolve());
regulator.mark.returns(BluebirdPromise.resolve());
const app_get = sinon.stub();
app_get.withArgs("ldap").returns(ldapMock);
app_get.withArgs("configuration").returns(configuration);
app_get.withArgs("logger").returns(winston);
app_get.withArgs("authentication regulator").returns(regulator);
app_get.withArgs("access controller").returns(accessController);
req = {
app: {
get: app_get
},
body: {
username: "username",
password: "password"
},
session: {
auth_session: {
FirstFactor: false,
second_factor: false
}
},
headers: {
host: "home.example.com"
2017-05-20 20:55:37 +00:00
}
};
2017-05-20 23:15:34 +00:00
res = ExpressMock.ResponseMock();
2017-05-20 20:55:37 +00:00
});
it("should return status code 204 when LDAP binding succeeds", function () {
return new Promise(function (resolve, reject) {
res.send = sinon.spy(function () {
2017-05-20 20:55:37 +00:00
assert.equal("username", req.session.auth_session.userid);
assert.equal(204, res.status.getCall(0).args[0]);
resolve();
});
ldapMock.bind.withArgs("username").returns(BluebirdPromise.resolve());
ldapMock.get_emails.returns(BluebirdPromise.resolve(emails));
2017-05-21 10:14:59 +00:00
FirstFactor(req as any, res as any);
2017-05-20 20:55:37 +00:00
});
});
it("should retrieve email from LDAP", function (done) {
res.send = sinon.spy(function () { done(); });
2017-05-20 20:55:37 +00:00
ldapMock.bind.returns(BluebirdPromise.resolve());
ldapMock.get_emails = sinon.stub().withArgs("username").returns(BluebirdPromise.resolve([{ mail: ["test@example.com"] }]));
2017-05-21 10:14:59 +00:00
FirstFactor(req as any, res as any);
2017-05-20 20:55:37 +00:00
});
it("should set email as session variables", function () {
return new Promise(function (resolve, reject) {
res.send = sinon.spy(function () {
2017-05-20 20:55:37 +00:00
assert.equal("test_ok@example.com", req.session.auth_session.email);
resolve();
});
const emails = ["test_ok@example.com"];
2017-05-20 20:55:37 +00:00
ldapMock.bind.returns(BluebirdPromise.resolve());
ldapMock.get_emails.returns(BluebirdPromise.resolve(emails));
2017-05-21 10:14:59 +00:00
FirstFactor(req as any, res as any);
2017-05-20 20:55:37 +00:00
});
});
it("should return status code 401 when LDAP binding throws", function (done) {
res.send = sinon.spy(function () {
2017-05-20 20:55:37 +00:00
assert.equal(401, res.status.getCall(0).args[0]);
assert.equal(regulator.mark.getCall(0).args[0], "username");
done();
});
2017-05-21 10:14:59 +00:00
ldapMock.bind.returns(BluebirdPromise.reject(new exceptions.LdapBindError("Bad credentials")));
FirstFactor(req as any, res as any);
2017-05-20 20:55:37 +00:00
});
it("should return status code 500 when LDAP search throws", function (done) {
res.send = sinon.spy(function () {
2017-05-20 20:55:37 +00:00
assert.equal(500, res.status.getCall(0).args[0]);
done();
});
ldapMock.bind.returns(BluebirdPromise.resolve());
2017-05-21 10:14:59 +00:00
ldapMock.get_emails.returns(BluebirdPromise.reject(new exceptions.LdapSeachError("error while retrieving emails")));
FirstFactor(req as any, res as any);
2017-05-20 20:55:37 +00:00
});
it("should return status code 403 when regulator rejects authentication", function (done) {
2017-05-20 20:55:37 +00:00
const err = new exceptions.AuthenticationRegulationError("Authentication regulation...");
regulator.regulate.returns(BluebirdPromise.reject(err));
res.send = sinon.spy(function () {
2017-05-20 20:55:37 +00:00
assert.equal(403, res.status.getCall(0).args[0]);
done();
});
ldapMock.bind.returns(BluebirdPromise.resolve());
ldapMock.get_emails.returns(BluebirdPromise.resolve());
2017-05-21 10:14:59 +00:00
FirstFactor(req as any, res as any);
2017-05-20 20:55:37 +00:00
});
});