authelia/server/test/routes/firstfactor/post.test.ts

143 lines
5.0 KiB
TypeScript
Raw Normal View History

2017-05-20 20:55:37 +00:00
import sinon = require("sinon");
import BluebirdPromise = require("bluebird");
import assert = require("assert");
import winston = require("winston");
import FirstFactorPost = require("../../../src/lib/routes/firstfactor/post");
import exceptions = require("../../../src/lib/Exceptions");
import AuthenticationSession = require("../../../src/lib/AuthenticationSession");
import Endpoints = require("../../../../shared/api");
import AuthenticationRegulatorMock = require("../../mocks/AuthenticationRegulator");
import { AccessControllerStub } from "../../mocks/AccessControllerStub";
import ExpressMock = require("../../mocks/express");
import ServerVariablesMock = require("../../mocks/ServerVariablesMock");
import { ServerVariables } from "../../../src/lib/ServerVariablesHandler";
2017-05-20 20:55:37 +00:00
describe("test the first factor validation route", function () {
2017-05-21 10:14:59 +00:00
let req: ExpressMock.RequestMock;
let res: ExpressMock.ResponseMock;
2017-05-20 20:55:37 +00:00
let emails: string[];
let groups: string[];
let configuration;
2017-05-21 10:14:59 +00:00
let regulator: AuthenticationRegulatorMock.AuthenticationRegulatorMock;
let accessController: AccessControllerStub;
let serverVariables: ServerVariables;
2017-05-20 20:55:37 +00:00
beforeEach(function () {
2017-05-20 20:55:37 +00:00
configuration = {
ldap: {
base_dn: "ou=users,dc=example,dc=com",
user_name_attribute: "uid"
}
};
emails = ["test_ok@example.com"];
groups = ["group1", "group2" ];
2017-05-20 20:55:37 +00:00
accessController = new AccessControllerStub();
accessController.isAccessAllowedMock.returns(true);
2017-05-20 20:55:37 +00:00
2017-05-21 10:14:59 +00:00
regulator = AuthenticationRegulatorMock.AuthenticationRegulatorMock();
2017-05-20 20:55:37 +00:00
regulator.regulate.returns(BluebirdPromise.resolve());
regulator.mark.returns(BluebirdPromise.resolve());
req = {
app: {
get: sinon.stub().returns({ logger: winston })
2017-05-20 20:55:37 +00:00
},
body: {
username: "username",
password: "password"
},
query: {
redirect: "http://redirect.url"
},
2017-05-20 20:55:37 +00:00
session: {
},
headers: {
host: "home.example.com"
2017-05-20 20:55:37 +00:00
}
};
AuthenticationSession.reset(req as any);
serverVariables = ServerVariablesMock.mock(req.app);
serverVariables.ldapAuthenticator = {
authenticate: sinon.stub()
} as any;
serverVariables.config = configuration as any;
serverVariables.logger = winston as any;
serverVariables.regulator = regulator as any;
serverVariables.accessController = accessController as any;
2017-05-20 23:15:34 +00:00
res = ExpressMock.ResponseMock();
2017-05-20 20:55:37 +00:00
});
it("should reply with 204 if success", function () {
(serverVariables.ldapAuthenticator as any).authenticate.withArgs("username", "password")
.returns(BluebirdPromise.resolve({
emails: emails,
groups: groups
}));
let authSession: AuthenticationSession.AuthenticationSession;
return AuthenticationSession.get(req as any)
.then(function (_authSession: AuthenticationSession.AuthenticationSession) {
authSession = _authSession;
return FirstFactorPost.default(req as any, res as any);
})
.then(function () {
assert.equal("username", authSession.userid);
assert(res.send.calledOnce);
2017-05-20 20:55:37 +00:00
});
});
it("should retrieve email from LDAP", function () {
(serverVariables.ldapAuthenticator as any).authenticate.withArgs("username", "password")
.returns(BluebirdPromise.resolve([{ mail: ["test@example.com"] }]));
return FirstFactorPost.default(req as any, res as any);
2017-05-20 20:55:37 +00:00
});
it("should set first email address as user session variable", function () {
const emails = ["test_ok@example.com"];
let authSession: AuthenticationSession.AuthenticationSession;
(serverVariables.ldapAuthenticator as any).authenticate.withArgs("username", "password")
.returns(BluebirdPromise.resolve({
emails: emails,
groups: groups
}));
return AuthenticationSession.get(req as any)
.then(function (_authSession: AuthenticationSession.AuthenticationSession) {
authSession = _authSession;
return FirstFactorPost.default(req as any, res as any);
})
.then(function () {
assert.equal("test_ok@example.com", authSession.email);
2017-05-20 20:55:37 +00:00
});
});
it("should return status code 401 when LDAP authenticator throws", function () {
(serverVariables.ldapAuthenticator as any).authenticate.withArgs("username", "password")
.returns(BluebirdPromise.reject(new exceptions.LdapBindError("Bad credentials")));
return FirstFactorPost.default(req as any, res as any)
.then(function () {
assert.equal(401, res.status.getCall(0).args[0]);
assert.equal(regulator.mark.getCall(0).args[0], "username");
});
2017-05-20 20:55:37 +00:00
});
it("should return status code 403 when regulator rejects authentication", function () {
2017-05-20 20:55:37 +00:00
const err = new exceptions.AuthenticationRegulationError("Authentication regulation...");
regulator.regulate.returns(BluebirdPromise.reject(err));
return FirstFactorPost.default(req as any, res as any)
.then(function () {
assert.equal(403, res.status.getCall(0).args[0]);
assert.equal(1, res.send.callCount);
});
});
2017-05-20 20:55:37 +00:00
});