2017-01-21 16:41:06 +00:00
|
|
|
|
|
|
|
var assert = require('assert');
|
|
|
|
var verify = require('../../../src/lib/routes/verify');
|
|
|
|
var sinon = require('sinon');
|
2017-03-25 14:17:21 +00:00
|
|
|
var winston = require('winston');
|
2017-01-21 16:41:06 +00:00
|
|
|
|
|
|
|
describe('test authentication token verification', function() {
|
|
|
|
var req, res;
|
2017-03-25 14:17:21 +00:00
|
|
|
var config_mock;
|
2017-01-21 16:41:06 +00:00
|
|
|
|
|
|
|
beforeEach(function() {
|
2017-03-25 14:17:21 +00:00
|
|
|
config_mock = {};
|
2017-01-21 16:41:06 +00:00
|
|
|
req = {};
|
|
|
|
res = {};
|
2017-03-25 14:17:21 +00:00
|
|
|
req.headers = {};
|
|
|
|
req.headers.host = 'secret.example.com';
|
|
|
|
req.app = {};
|
|
|
|
req.app.get = sinon.stub();
|
|
|
|
req.app.get.withArgs('config').returns(config_mock);
|
|
|
|
req.app.get.withArgs('logger').returns(winston);
|
2017-01-21 16:41:06 +00:00
|
|
|
res.status = sinon.spy();
|
|
|
|
});
|
|
|
|
|
|
|
|
it('should be already authenticated', function(done) {
|
|
|
|
req.session = {};
|
2017-03-25 14:17:21 +00:00
|
|
|
req.session.auth_session = {
|
|
|
|
first_factor: true,
|
|
|
|
second_factor: true,
|
|
|
|
userid: 'myuser',
|
|
|
|
group: 'mygroup'
|
|
|
|
};
|
2017-01-21 16:41:06 +00:00
|
|
|
|
|
|
|
res.send = sinon.spy(function() {
|
|
|
|
assert.equal(204, res.status.getCall(0).args[0]);
|
|
|
|
done();
|
|
|
|
});
|
|
|
|
|
|
|
|
verify(req, res);
|
|
|
|
});
|
|
|
|
|
|
|
|
describe('given different cases of session', function() {
|
2017-03-25 14:17:21 +00:00
|
|
|
function test_session(auth_session, status_code) {
|
2017-01-21 16:41:06 +00:00
|
|
|
return new Promise(function(resolve, reject) {
|
|
|
|
req.session = {};
|
|
|
|
req.session.auth_session = auth_session;
|
|
|
|
|
|
|
|
res.send = sinon.spy(function() {
|
2017-03-25 14:17:21 +00:00
|
|
|
assert.equal(status_code, res.status.getCall(0).args[0]);
|
2017-01-21 16:41:06 +00:00
|
|
|
resolve();
|
|
|
|
});
|
|
|
|
|
|
|
|
verify(req, res);
|
|
|
|
});
|
|
|
|
}
|
|
|
|
|
2017-03-25 14:17:21 +00:00
|
|
|
function test_unauthorized(auth_session) {
|
|
|
|
return test_session(auth_session, 401);
|
|
|
|
}
|
|
|
|
|
|
|
|
function test_authorized(auth_session) {
|
|
|
|
return test_session(auth_session, 204);
|
|
|
|
}
|
|
|
|
|
2017-01-21 16:41:06 +00:00
|
|
|
it('should not be authenticated when second factor is missing', function() {
|
|
|
|
return test_unauthorized({ first_factor: true, second_factor: false });
|
|
|
|
});
|
|
|
|
|
|
|
|
it('should not be authenticated when first factor is missing', function() {
|
|
|
|
return test_unauthorized({ first_factor: false, second_factor: true });
|
|
|
|
});
|
|
|
|
|
2017-03-25 14:17:21 +00:00
|
|
|
it('should not be authenticated when userid is missing', function() {
|
|
|
|
return test_unauthorized({
|
|
|
|
first_factor: true,
|
|
|
|
second_factor: true,
|
|
|
|
group: 'mygroup',
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
2017-01-21 16:41:06 +00:00
|
|
|
it('should not be authenticated when first and second factor are missing', function() {
|
|
|
|
return test_unauthorized({ first_factor: false, second_factor: false });
|
|
|
|
});
|
|
|
|
|
|
|
|
it('should not be authenticated when session has not be initiated', function() {
|
|
|
|
return test_unauthorized(undefined);
|
|
|
|
});
|
|
|
|
|
2017-03-25 14:17:21 +00:00
|
|
|
it('should reply unauthorized when the domain is restricted', function() {
|
|
|
|
config_mock.access_control = [];
|
|
|
|
config_mock.access_control.push({
|
|
|
|
group: 'abc',
|
|
|
|
allowed_domains: ['secret.example.com']
|
|
|
|
});
|
|
|
|
return test_unauthorized({
|
|
|
|
first_factor: true,
|
|
|
|
second_factor: true,
|
|
|
|
userid: 'user',
|
|
|
|
allowed_domains: ['restricted.example.com']
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
it('should reply authorized when the domain is allowed', function() {
|
|
|
|
config_mock.access_control = [];
|
|
|
|
config_mock.access_control.push({
|
|
|
|
group: 'abc',
|
|
|
|
allowed_domains: ['secret.example.com']
|
|
|
|
});
|
|
|
|
return test_authorized({
|
|
|
|
first_factor: true,
|
|
|
|
second_factor: true,
|
|
|
|
userid: 'user',
|
|
|
|
allowed_domains: ['secret.example.com']
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
2017-01-21 16:41:06 +00:00
|
|
|
it('should not be authenticated when session is partially initialized', function() {
|
|
|
|
return test_unauthorized({ first_factor: true });
|
|
|
|
});
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|