authelia/server/test/routes/secondfactor/u2f/identity/RegistrationHandler.test.ts

import Sinon = require("sinon");
import Assert = require("assert");
import BluebirdPromise = require("bluebird");

import { Identity } from "../../../../../types/Identity";
import RegistrationHandler from "../../../../../src/lib/routes/secondfactor/u2f/identity/RegistrationHandler";
import ExpressMock = require("../../../../mocks/express");
import { UserDataStoreStub } from "../../../../mocks/storage/UserDataStoreStub";
import { ServerVariablesMock, ServerVariablesMockBuilder } from "../../../../mocks/ServerVariablesMockBuilder";
import { ServerVariables } from "../../../../../src/lib/ServerVariables";

describe("test U2F register handler", function () {
  let req: ExpressMock.RequestMock;
  let res: ExpressMock.ResponseMock;
  let mocks: ServerVariablesMock;
  let vars: ServerVariables;

  beforeEach(function () {
    const s = ServerVariablesMockBuilder.build();
    mocks = s.mocks;
    vars = s.variables;

    req = ExpressMock.RequestMock();
    req.app = {};
    req.session = {
      auth: {
        userid: "user",
        email: "user@example.com",
        first_factor: true,
        second_factor: false
      }
    };
    req.headers = {};
    req.headers.host = "localhost";

    const options = {
      inMemoryOnly: true
    };

    mocks.userDataStore.saveU2FRegistrationStub.returns(BluebirdPromise.resolve({}));
    mocks.userDataStore.retrieveU2FRegistrationStub.returns(BluebirdPromise.resolve({}));
    mocks.userDataStore.produceIdentityValidationTokenStub.returns(BluebirdPromise.resolve({}));
    mocks.userDataStore.consumeIdentityValidationTokenStub.returns(BluebirdPromise.resolve({}));

    res = ExpressMock.ResponseMock();
    res.send = Sinon.spy();
    res.json = Sinon.spy();
    res.status = Sinon.spy();
  });

  describe("test u2f registration check", test_registration_check);

  function test_registration_check() {
    it("should fail if first_factor has not been passed", function () {
      req.session.auth.first_factor = false;
      return new RegistrationHandler(vars.logger).preValidationInit(req as any)
        .then(function () { return BluebirdPromise.reject(new Error("It should fail")); })
        .catch(function (err: Error) {
          return BluebirdPromise.resolve();
        });
    });

    it("should fail if userid is missing", function () {
      req.session.auth.first_factor = false;
      req.session.auth.userid = undefined;

      return new RegistrationHandler(vars.logger).preValidationInit(req as any)
        .then(function () {
          return BluebirdPromise.reject(new Error("should not be here"));
        },
        function (err: Error) {
          return BluebirdPromise.resolve();
        });
    });

    it("should fail if email is missing", function () {
      req.session.auth.first_factor = false;
      req.session.auth.email = undefined;

      return new RegistrationHandler(vars.logger).preValidationInit(req as any)
        .then(function () {
          return BluebirdPromise.reject(new Error("should not be here"));
        },
        function (err: Error) {
          return BluebirdPromise.resolve();
        });
    });

    it("should succeed if first factor passed, userid and email are provided", function () {
      req.session.auth.first_factor = true;
      req.session.auth.email = "admin@example.com";
      req.session.auth.userid = "user";
      return new RegistrationHandler(vars.logger).preValidationInit(req as any);
    });
  }
});
Disable notifiers when server uses single factor method only Notifier is not mandatory when authentication method is single_factor for all sub-domains since there is no registration required. 2017-10-22 15:42:05 +00:00			`import Sinon = require("sinon");`
			`import Assert = require("assert");`
Refactor client to make it responsive and testable 2017-05-25 13:09:29 +00:00			`import BluebirdPromise = require("bluebird");`

Split client and server Client and server now have their own tsconfig so that the transpilation is only done on the part that is being modified. It also allows faster transpilation since tests are now excluded from tsconfig. They are compiled by ts-node during unit tests execution. 2017-10-06 22:09:42 +00:00			`import { Identity } from "../../../../../types/Identity";`
			`import RegistrationHandler from "../../../../../src/lib/routes/secondfactor/u2f/identity/RegistrationHandler";`
Refactor client to make it responsive and testable 2017-05-25 13:09:29 +00:00			`import ExpressMock = require("../../../../mocks/express");`
Add Mongo as scalable and resilient storage backend 2017-07-19 19:06:12 +00:00			`import { UserDataStoreStub } from "../../../../mocks/storage/UserDataStoreStub";`
Add default_redirection_url as configuration option This URL is used when user access the authentication domain without providing the 'redirect' query parameter. In that case, Authelia does not know where to redirect the user. If the parameter is defined, Authelia can redirect the user to a default page when no redirect parameter is provided. When user is already authenticated and tries to access the authentication domain, the "already logged in" page is rendered and it now tells the user he is to be redirected in few seconds and uses this URL to redirect. This parameter is optional. If it is not provided, there is only a notification message at the end of the authentication process, as before, and the user is not redirected when visiting the authentication domain while already authenticated. 2017-10-17 21:24:02 +00:00			`import { ServerVariablesMock, ServerVariablesMockBuilder } from "../../../../mocks/ServerVariablesMockBuilder";`
			`import { ServerVariables } from "../../../../../src/lib/ServerVariables";`
Refactor client to make it responsive and testable 2017-05-25 13:09:29 +00:00
Disable notifiers when server uses single factor method only Notifier is not mandatory when authentication method is single_factor for all sub-domains since there is no registration required. 2017-10-22 15:42:05 +00:00			`describe("test U2F register handler", function () {`
Refactor client to make it responsive and testable 2017-05-25 13:09:29 +00:00			`let req: ExpressMock.RequestMock;`
			`let res: ExpressMock.ResponseMock;`
Add default_redirection_url as configuration option This URL is used when user access the authentication domain without providing the 'redirect' query parameter. In that case, Authelia does not know where to redirect the user. If the parameter is defined, Authelia can redirect the user to a default page when no redirect parameter is provided. When user is already authenticated and tries to access the authentication domain, the "already logged in" page is rendered and it now tells the user he is to be redirected in few seconds and uses this URL to redirect. This parameter is optional. If it is not provided, there is only a notification message at the end of the authentication process, as before, and the user is not redirected when visiting the authentication domain while already authenticated. 2017-10-17 21:24:02 +00:00			`let mocks: ServerVariablesMock;`
			`let vars: ServerVariables;`
Refactor client to make it responsive and testable 2017-05-25 13:09:29 +00:00
			`beforeEach(function () {`
Add default_redirection_url as configuration option This URL is used when user access the authentication domain without providing the 'redirect' query parameter. In that case, Authelia does not know where to redirect the user. If the parameter is defined, Authelia can redirect the user to a default page when no redirect parameter is provided. When user is already authenticated and tries to access the authentication domain, the "already logged in" page is rendered and it now tells the user he is to be redirected in few seconds and uses this URL to redirect. This parameter is optional. If it is not provided, there is only a notification message at the end of the authentication process, as before, and the user is not redirected when visiting the authentication domain while already authenticated. 2017-10-17 21:24:02 +00:00			`const s = ServerVariablesMockBuilder.build();`
			`mocks = s.mocks;`
			`vars = s.variables;`

Fix typescript transpilation after typescript update 2017-09-01 14:06:02 +00:00			`req = ExpressMock.RequestMock();`
Refactor client to make it responsive and testable 2017-05-25 13:09:29 +00:00			`req.app = {};`
Add default_redirection_url as configuration option This URL is used when user access the authentication domain without providing the 'redirect' query parameter. In that case, Authelia does not know where to redirect the user. If the parameter is defined, Authelia can redirect the user to a default page when no redirect parameter is provided. When user is already authenticated and tries to access the authentication domain, the "already logged in" page is rendered and it now tells the user he is to be redirected in few seconds and uses this URL to redirect. This parameter is optional. If it is not provided, there is only a notification message at the end of the authentication process, as before, and the user is not redirected when visiting the authentication domain while already authenticated. 2017-10-17 21:24:02 +00:00			`req.session = {`
			`auth: {`
			`userid: "user",`
			`email: "user@example.com",`
			`first_factor: true,`
			`second_factor: false`
			`}`
			`};`
Refactor client to make it responsive and testable 2017-05-25 13:09:29 +00:00			`req.headers = {};`
			`req.headers.host = "localhost";`

			`const options = {`
			`inMemoryOnly: true`
			`};`

Add Mongo as scalable and resilient storage backend 2017-07-19 19:06:12 +00:00			`mocks.userDataStore.saveU2FRegistrationStub.returns(BluebirdPromise.resolve({}));`
			`mocks.userDataStore.retrieveU2FRegistrationStub.returns(BluebirdPromise.resolve({}));`
			`mocks.userDataStore.produceIdentityValidationTokenStub.returns(BluebirdPromise.resolve({}));`
			`mocks.userDataStore.consumeIdentityValidationTokenStub.returns(BluebirdPromise.resolve({}));`
Refactor client to make it responsive and testable 2017-05-25 13:09:29 +00:00
			`res = ExpressMock.ResponseMock();`
Disable notifiers when server uses single factor method only Notifier is not mandatory when authentication method is single_factor for all sub-domains since there is no registration required. 2017-10-22 15:42:05 +00:00			`res.send = Sinon.spy();`
			`res.json = Sinon.spy();`
			`res.status = Sinon.spy();`
Refactor client to make it responsive and testable 2017-05-25 13:09:29 +00:00			`});`

			`describe("test u2f registration check", test_registration_check);`

			`function test_registration_check() {`
			`it("should fail if first_factor has not been passed", function () {`
Add default_redirection_url as configuration option This URL is used when user access the authentication domain without providing the 'redirect' query parameter. In that case, Authelia does not know where to redirect the user. If the parameter is defined, Authelia can redirect the user to a default page when no redirect parameter is provided. When user is already authenticated and tries to access the authentication domain, the "already logged in" page is rendered and it now tells the user he is to be redirected in few seconds and uses this URL to redirect. This parameter is optional. If it is not provided, there is only a notification message at the end of the authentication process, as before, and the user is not redirected when visiting the authentication domain while already authenticated. 2017-10-17 21:24:02 +00:00			`req.session.auth.first_factor = false;`
			`return new RegistrationHandler(vars.logger).preValidationInit(req as any)`
Refactor client to make it responsive and testable 2017-05-25 13:09:29 +00:00			`.then(function () { return BluebirdPromise.reject(new Error("It should fail")); })`
			`.catch(function (err: Error) {`
			`return BluebirdPromise.resolve();`
			`});`
			`});`

Disable notifiers when server uses single factor method only Notifier is not mandatory when authentication method is single_factor for all sub-domains since there is no registration required. 2017-10-22 15:42:05 +00:00			`it("should fail if userid is missing", function () {`
Add default_redirection_url as configuration option This URL is used when user access the authentication domain without providing the 'redirect' query parameter. In that case, Authelia does not know where to redirect the user. If the parameter is defined, Authelia can redirect the user to a default page when no redirect parameter is provided. When user is already authenticated and tries to access the authentication domain, the "already logged in" page is rendered and it now tells the user he is to be redirected in few seconds and uses this URL to redirect. This parameter is optional. If it is not provided, there is only a notification message at the end of the authentication process, as before, and the user is not redirected when visiting the authentication domain while already authenticated. 2017-10-17 21:24:02 +00:00			`req.session.auth.first_factor = false;`
			`req.session.auth.userid = undefined;`
Refactor client to make it responsive and testable 2017-05-25 13:09:29 +00:00
Disable notifiers when server uses single factor method only Notifier is not mandatory when authentication method is single_factor for all sub-domains since there is no registration required. 2017-10-22 15:42:05 +00:00			`return new RegistrationHandler(vars.logger).preValidationInit(req as any)`
			`.then(function () {`
			`return BluebirdPromise.reject(new Error("should not be here"));`
			`},`
			`function (err: Error) {`
			`return BluebirdPromise.resolve();`
Refactor client to make it responsive and testable 2017-05-25 13:09:29 +00:00			`});`
			`});`

Disable notifiers when server uses single factor method only Notifier is not mandatory when authentication method is single_factor for all sub-domains since there is no registration required. 2017-10-22 15:42:05 +00:00			`it("should fail if email is missing", function () {`
Add default_redirection_url as configuration option This URL is used when user access the authentication domain without providing the 'redirect' query parameter. In that case, Authelia does not know where to redirect the user. If the parameter is defined, Authelia can redirect the user to a default page when no redirect parameter is provided. When user is already authenticated and tries to access the authentication domain, the "already logged in" page is rendered and it now tells the user he is to be redirected in few seconds and uses this URL to redirect. This parameter is optional. If it is not provided, there is only a notification message at the end of the authentication process, as before, and the user is not redirected when visiting the authentication domain while already authenticated. 2017-10-17 21:24:02 +00:00			`req.session.auth.first_factor = false;`
			`req.session.auth.email = undefined;`
Refactor client to make it responsive and testable 2017-05-25 13:09:29 +00:00
Disable notifiers when server uses single factor method only Notifier is not mandatory when authentication method is single_factor for all sub-domains since there is no registration required. 2017-10-22 15:42:05 +00:00			`return new RegistrationHandler(vars.logger).preValidationInit(req as any)`
			`.then(function () {`
			`return BluebirdPromise.reject(new Error("should not be here"));`
			`},`
			`function (err: Error) {`
			`return BluebirdPromise.resolve();`
Refactor client to make it responsive and testable 2017-05-25 13:09:29 +00:00			`});`
			`});`

Disable notifiers when server uses single factor method only Notifier is not mandatory when authentication method is single_factor for all sub-domains since there is no registration required. 2017-10-22 15:42:05 +00:00			`it("should succeed if first factor passed, userid and email are provided", function () {`
			`req.session.auth.first_factor = true;`
			`req.session.auth.email = "admin@example.com";`
			`req.session.auth.userid = "user";`
			`return new RegistrationHandler(vars.logger).preValidationInit(req as any);`
Refactor client to make it responsive and testable 2017-05-25 13:09:29 +00:00			`});`
			`}`
			`});`