2017-05-20 20:55:37 +00:00
|
|
|
|
|
|
|
|
|
import sinon = require("sinon");
|
|
|
|
|
import BluebirdPromise = require("bluebird");
|
2017-10-10 21:03:30 +00:00
|
|
|
|
import Assert = require("assert");
|
2017-05-20 20:55:37 +00:00
|
|
|
|
import winston = require("winston");
|
|
|
|
|
|
2017-10-06 22:09:42 +00:00
|
|
|
|
import FirstFactorPost = require("../../../src/lib/routes/firstfactor/post");
|
|
|
|
|
import exceptions = require("../../../src/lib/Exceptions");
|
|
|
|
|
import AuthenticationSession = require("../../../src/lib/AuthenticationSession");
|
|
|
|
|
import Endpoints = require("../../../../shared/api");
|
2017-05-25 13:09:29 +00:00
|
|
|
|
|
|
|
|
|
import AuthenticationRegulatorMock = require("../../mocks/AuthenticationRegulator");
|
2017-09-03 13:22:09 +00:00
|
|
|
|
import { AccessControllerStub } from "../../mocks/AccessControllerStub";
|
2017-05-25 13:09:29 +00:00
|
|
|
|
import ExpressMock = require("../../mocks/express");
|
|
|
|
|
import ServerVariablesMock = require("../../mocks/ServerVariablesMock");
|
2017-10-07 22:46:57 +00:00
|
|
|
|
import { ServerVariables } from "../../../src/lib/ServerVariables";
|
2017-05-20 20:55:37 +00:00
|
|
|
|
|
2017-05-21 21:32:09 +00:00
|
|
|
|
describe("test the first factor validation route", function () {
|
2017-05-21 10:14:59 +00:00
|
|
|
|
let req: ExpressMock.RequestMock;
|
|
|
|
|
let res: ExpressMock.ResponseMock;
|
2017-05-20 20:55:37 +00:00
|
|
|
|
let emails: string[];
|
|
|
|
|
let groups: string[];
|
|
|
|
|
let configuration;
|
2017-05-21 10:14:59 +00:00
|
|
|
|
let regulator: AuthenticationRegulatorMock.AuthenticationRegulatorMock;
|
2017-09-03 13:22:09 +00:00
|
|
|
|
let accessController: AccessControllerStub;
|
2017-07-16 15:37:13 +00:00
|
|
|
|
let serverVariables: ServerVariables;
|
2017-05-20 20:55:37 +00:00
|
|
|
|
|
2017-05-21 21:32:09 +00:00
|
|
|
|
beforeEach(function () {
|
2017-05-20 20:55:37 +00:00
|
|
|
|
configuration = {
|
|
|
|
|
ldap: {
|
|
|
|
|
base_dn: "ou=users,dc=example,dc=com",
|
|
|
|
|
user_name_attribute: "uid"
|
|
|
|
|
}
|
|
|
|
|
};
|
|
|
|
|
|
2017-05-21 21:32:09 +00:00
|
|
|
|
emails = ["test_ok@example.com"];
|
|
|
|
|
groups = ["group1", "group2" ];
|
2017-05-20 20:55:37 +00:00
|
|
|
|
|
2017-09-03 13:22:09 +00:00
|
|
|
|
accessController = new AccessControllerStub();
|
|
|
|
|
accessController.isAccessAllowedMock.returns(true);
|
2017-05-20 20:55:37 +00:00
|
|
|
|
|
2017-05-21 10:14:59 +00:00
|
|
|
|
regulator = AuthenticationRegulatorMock.AuthenticationRegulatorMock();
|
2017-05-20 20:55:37 +00:00
|
|
|
|
regulator.regulate.returns(BluebirdPromise.resolve());
|
|
|
|
|
regulator.mark.returns(BluebirdPromise.resolve());
|
|
|
|
|
|
|
|
|
|
req = {
|
|
|
|
|
app: {
|
2017-09-21 20:07:34 +00:00
|
|
|
|
get: sinon.stub().returns({ logger: winston })
|
2017-05-20 20:55:37 +00:00
|
|
|
|
},
|
|
|
|
|
body: {
|
|
|
|
|
username: "username",
|
|
|
|
|
password: "password"
|
|
|
|
|
},
|
2017-09-24 21:19:03 +00:00
|
|
|
|
query: {
|
|
|
|
|
redirect: "http://redirect.url"
|
|
|
|
|
},
|
2017-05-20 20:55:37 +00:00
|
|
|
|
session: {
|
2017-05-21 21:32:09 +00:00
|
|
|
|
},
|
|
|
|
|
headers: {
|
|
|
|
|
host: "home.example.com"
|
2017-05-20 20:55:37 +00:00
|
|
|
|
}
|
|
|
|
|
};
|
2017-05-25 13:09:29 +00:00
|
|
|
|
|
|
|
|
|
AuthenticationSession.reset(req as any);
|
|
|
|
|
|
2017-07-16 15:37:13 +00:00
|
|
|
|
serverVariables = ServerVariablesMock.mock(req.app);
|
|
|
|
|
serverVariables.ldapAuthenticator = {
|
|
|
|
|
authenticate: sinon.stub()
|
|
|
|
|
} as any;
|
|
|
|
|
serverVariables.config = configuration as any;
|
|
|
|
|
serverVariables.regulator = regulator as any;
|
|
|
|
|
serverVariables.accessController = accessController as any;
|
2017-05-25 13:09:29 +00:00
|
|
|
|
|
2017-05-20 23:15:34 +00:00
|
|
|
|
res = ExpressMock.ResponseMock();
|
2017-05-20 20:55:37 +00:00
|
|
|
|
});
|
|
|
|
|
|
2017-09-22 15:53:18 +00:00
|
|
|
|
it("should reply with 204 if success", function () {
|
2017-07-16 15:37:13 +00:00
|
|
|
|
(serverVariables.ldapAuthenticator as any).authenticate.withArgs("username", "password")
|
|
|
|
|
.returns(BluebirdPromise.resolve({
|
|
|
|
|
emails: emails,
|
|
|
|
|
groups: groups
|
|
|
|
|
}));
|
2017-09-21 20:07:34 +00:00
|
|
|
|
let authSession: AuthenticationSession.AuthenticationSession;
|
|
|
|
|
return AuthenticationSession.get(req as any)
|
|
|
|
|
.then(function (_authSession: AuthenticationSession.AuthenticationSession) {
|
|
|
|
|
authSession = _authSession;
|
|
|
|
|
return FirstFactorPost.default(req as any, res as any);
|
|
|
|
|
})
|
2017-05-25 13:09:29 +00:00
|
|
|
|
.then(function () {
|
2017-10-10 21:03:30 +00:00
|
|
|
|
Assert.equal("username", authSession.userid);
|
|
|
|
|
Assert(res.send.calledOnce);
|
2017-05-20 20:55:37 +00:00
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
2017-06-14 22:22:16 +00:00
|
|
|
|
it("should retrieve email from LDAP", function () {
|
2017-07-16 15:37:13 +00:00
|
|
|
|
(serverVariables.ldapAuthenticator as any).authenticate.withArgs("username", "password")
|
|
|
|
|
.returns(BluebirdPromise.resolve([{ mail: ["test@example.com"] }]));
|
2017-06-14 22:22:16 +00:00
|
|
|
|
return FirstFactorPost.default(req as any, res as any);
|
2017-05-20 20:55:37 +00:00
|
|
|
|
});
|
|
|
|
|
|
2017-06-14 22:22:16 +00:00
|
|
|
|
it("should set first email address as user session variable", function () {
|
2017-05-25 13:09:29 +00:00
|
|
|
|
const emails = ["test_ok@example.com"];
|
2017-09-21 20:07:34 +00:00
|
|
|
|
let authSession: AuthenticationSession.AuthenticationSession;
|
2017-07-16 15:37:13 +00:00
|
|
|
|
(serverVariables.ldapAuthenticator as any).authenticate.withArgs("username", "password")
|
|
|
|
|
.returns(BluebirdPromise.resolve({
|
|
|
|
|
emails: emails,
|
|
|
|
|
groups: groups
|
|
|
|
|
}));
|
2017-09-21 20:07:34 +00:00
|
|
|
|
|
|
|
|
|
return AuthenticationSession.get(req as any)
|
|
|
|
|
.then(function (_authSession: AuthenticationSession.AuthenticationSession) {
|
|
|
|
|
authSession = _authSession;
|
|
|
|
|
return FirstFactorPost.default(req as any, res as any);
|
|
|
|
|
})
|
2017-05-25 13:09:29 +00:00
|
|
|
|
.then(function () {
|
2017-10-10 21:03:30 +00:00
|
|
|
|
Assert.equal("test_ok@example.com", authSession.email);
|
2017-05-20 20:55:37 +00:00
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
2017-10-10 21:03:30 +00:00
|
|
|
|
it("should return error message when LDAP authenticator throws", function () {
|
2017-07-16 15:37:13 +00:00
|
|
|
|
(serverVariables.ldapAuthenticator as any).authenticate.withArgs("username", "password")
|
|
|
|
|
.returns(BluebirdPromise.reject(new exceptions.LdapBindError("Bad credentials")));
|
2017-10-14 23:34:23 +00:00
|
|
|
|
|
2017-06-14 22:22:16 +00:00
|
|
|
|
return FirstFactorPost.default(req as any, res as any)
|
|
|
|
|
.then(function () {
|
2017-10-10 21:03:30 +00:00
|
|
|
|
Assert.equal(res.status.getCall(0).args[0], 200);
|
|
|
|
|
Assert.equal(regulator.mark.getCall(0).args[0], "username");
|
|
|
|
|
Assert.deepEqual(res.send.getCall(0).args[0], {
|
|
|
|
|
error: "Operation failed."
|
|
|
|
|
});
|
2017-06-14 22:22:16 +00:00
|
|
|
|
});
|
2017-05-20 20:55:37 +00:00
|
|
|
|
});
|
|
|
|
|
|
2017-10-10 21:03:30 +00:00
|
|
|
|
it("should return error message when regulator rejects authentication", function () {
|
2017-05-20 20:55:37 +00:00
|
|
|
|
const err = new exceptions.AuthenticationRegulationError("Authentication regulation...");
|
|
|
|
|
regulator.regulate.returns(BluebirdPromise.reject(err));
|
2017-06-14 22:22:16 +00:00
|
|
|
|
return FirstFactorPost.default(req as any, res as any)
|
|
|
|
|
.then(function () {
|
2017-10-10 21:03:30 +00:00
|
|
|
|
Assert.equal(res.status.getCall(0).args[0], 200);
|
|
|
|
|
Assert.deepEqual(res.send.getCall(0).args[0], {
|
|
|
|
|
error: "Operation failed."
|
|
|
|
|
});
|
2017-06-14 22:22:16 +00:00
|
|
|
|
});
|
|
|
|
|
});
|
2017-05-20 20:55:37 +00:00
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|