2017-01-21 16:41:06 +00:00
|
|
|
|
|
|
|
var totp = require('../../../src/lib/routes/totp');
|
|
|
|
var Promise = require('bluebird');
|
|
|
|
var sinon = require('sinon');
|
|
|
|
var assert = require('assert');
|
2017-01-28 17:27:54 +00:00
|
|
|
var winston = require('winston');
|
2017-01-21 16:41:06 +00:00
|
|
|
|
|
|
|
describe('test totp route', function() {
|
|
|
|
var req, res;
|
|
|
|
var totp_engine;
|
2017-01-28 17:27:54 +00:00
|
|
|
var user_data_store;
|
2017-01-21 16:41:06 +00:00
|
|
|
|
|
|
|
beforeEach(function() {
|
|
|
|
var app_get = sinon.stub();
|
|
|
|
req = {
|
|
|
|
app: {
|
|
|
|
get: app_get
|
|
|
|
},
|
|
|
|
body: {
|
|
|
|
token: 'abc'
|
|
|
|
},
|
|
|
|
session: {
|
|
|
|
auth_session: {
|
2017-01-28 17:27:54 +00:00
|
|
|
userid: 'user',
|
2017-01-21 16:41:06 +00:00
|
|
|
first_factor: false,
|
|
|
|
second_factor: false
|
|
|
|
}
|
|
|
|
}
|
|
|
|
};
|
|
|
|
res = {
|
|
|
|
send: sinon.spy(),
|
|
|
|
status: sinon.spy()
|
|
|
|
};
|
|
|
|
|
|
|
|
var config = { totp_secret: 'secret' };
|
|
|
|
totp_engine = {
|
|
|
|
totp: sinon.stub()
|
|
|
|
}
|
2017-01-28 17:27:54 +00:00
|
|
|
|
|
|
|
user_data_store = {};
|
|
|
|
user_data_store.get_totp_secret = sinon.stub();
|
|
|
|
|
|
|
|
var doc = {};
|
|
|
|
doc.userid = 'user';
|
|
|
|
doc.secret = {};
|
|
|
|
doc.secret.base32 = 'ABCDEF';
|
|
|
|
user_data_store.get_totp_secret.returns(Promise.resolve(doc));
|
|
|
|
|
|
|
|
app_get.withArgs('logger').returns(winston);
|
2017-01-21 16:41:06 +00:00
|
|
|
app_get.withArgs('totp engine').returns(totp_engine);
|
|
|
|
app_get.withArgs('config').returns(config);
|
2017-01-28 17:27:54 +00:00
|
|
|
app_get.withArgs('user data store').returns(user_data_store);
|
2017-01-21 16:41:06 +00:00
|
|
|
});
|
|
|
|
|
|
|
|
|
2017-01-28 17:27:54 +00:00
|
|
|
it('should send status code 204 when totp is valid', function(done) {
|
|
|
|
totp_engine.totp.returns('abc');
|
|
|
|
res.send = sinon.spy(function() {
|
|
|
|
// Second factor passed
|
|
|
|
assert.equal(true, req.session.auth_session.second_factor)
|
|
|
|
assert.equal(204, res.status.getCall(0).args[0]);
|
|
|
|
done();
|
|
|
|
});
|
|
|
|
totp(req, res);
|
2017-01-21 16:41:06 +00:00
|
|
|
});
|
|
|
|
|
2017-01-28 17:27:54 +00:00
|
|
|
it('should send status code 401 when totp is not valid', function(done) {
|
|
|
|
totp_engine.totp.returns('bad_token');
|
|
|
|
res.send = sinon.spy(function() {
|
|
|
|
assert.equal(false, req.session.auth_session.second_factor)
|
|
|
|
assert.equal(401, res.status.getCall(0).args[0]);
|
|
|
|
done();
|
|
|
|
});
|
|
|
|
totp(req, res);
|
2017-01-21 16:41:06 +00:00
|
|
|
});
|
|
|
|
|
2017-01-28 17:27:54 +00:00
|
|
|
it('should send status code 401 when session has not been initiated', function(done) {
|
|
|
|
totp_engine.totp.returns('abc');
|
|
|
|
res.send = sinon.spy(function() {
|
|
|
|
assert.equal(403, res.status.getCall(0).args[0]);
|
|
|
|
done();
|
|
|
|
});
|
|
|
|
req.session = {};
|
|
|
|
totp(req, res);
|
2017-01-21 16:41:06 +00:00
|
|
|
});
|
|
|
|
});
|
|
|
|
|