Fix redirection url sent by email during identity validation
parent
3890c5b24d
commit
b344db786a
|
@ -122,7 +122,8 @@ export class IdentityValidator {
|
||||||
})
|
})
|
||||||
.then(function (token: string) {
|
.then(function (token: string) {
|
||||||
const redirect_url = objectPath.get<express.Request, string>(req, "body.redirect");
|
const redirect_url = objectPath.get<express.Request, string>(req, "body.redirect");
|
||||||
const original_url = util.format("https://%s%s", req.headers.host, req.headers["x-original-uri"]);
|
const original_uri = objectPath.get<express.Request, string>(req, "headers.x-original-uri", "");
|
||||||
|
const original_url = util.format("https://%s%s", req.headers.host, original_uri);
|
||||||
let link_url = util.format("%s?identity_token=%s", original_url, token);
|
let link_url = util.format("%s?identity_token=%s", original_url, token);
|
||||||
if (redirect_url) {
|
if (redirect_url) {
|
||||||
link_url = util.format("%s&redirect=%s", link_url, redirect_url);
|
link_url = util.format("%s&redirect=%s", link_url, redirect_url);
|
||||||
|
|
|
@ -14,7 +14,7 @@ import NotifierMock = require("./mocks/Notifier");
|
||||||
import IdentityValidatorMock = require("./mocks/IdentityValidator");
|
import IdentityValidatorMock = require("./mocks/IdentityValidator");
|
||||||
|
|
||||||
|
|
||||||
describe("test identity check process", function() {
|
describe("test identity check process", function () {
|
||||||
let req: ExpressMock.RequestMock;
|
let req: ExpressMock.RequestMock;
|
||||||
let res: ExpressMock.ResponseMock;
|
let res: ExpressMock.ResponseMock;
|
||||||
let userDataStore: UserDataStoreMock.UserDataStore;
|
let userDataStore: UserDataStoreMock.UserDataStore;
|
||||||
|
@ -24,7 +24,7 @@ describe("test identity check process", function() {
|
||||||
let app_post: sinon.SinonStub;
|
let app_post: sinon.SinonStub;
|
||||||
let identityValidable: IdentityValidatorMock.IdentityValidableMock;
|
let identityValidable: IdentityValidatorMock.IdentityValidableMock;
|
||||||
|
|
||||||
beforeEach(function() {
|
beforeEach(function () {
|
||||||
req = ExpressMock.RequestMock();
|
req = ExpressMock.RequestMock();
|
||||||
res = ExpressMock.ResponseMock();
|
res = ExpressMock.ResponseMock();
|
||||||
|
|
||||||
|
@ -55,12 +55,12 @@ describe("test identity check process", function() {
|
||||||
identityValidable = IdentityValidatorMock.IdentityValidableMock();
|
identityValidable = IdentityValidatorMock.IdentityValidableMock();
|
||||||
});
|
});
|
||||||
|
|
||||||
afterEach(function() {
|
afterEach(function () {
|
||||||
app_get.restore();
|
app_get.restore();
|
||||||
app_post.restore();
|
app_post.restore();
|
||||||
});
|
});
|
||||||
|
|
||||||
it("should register a POST and GET endpoint", function() {
|
it("should register a POST and GET endpoint", function () {
|
||||||
const endpoint = "/test";
|
const endpoint = "/test";
|
||||||
const icheck_interface = {};
|
const icheck_interface = {};
|
||||||
|
|
||||||
|
@ -77,13 +77,13 @@ describe("test identity check process", function() {
|
||||||
describe("test GET", test_get_handler);
|
describe("test GET", test_get_handler);
|
||||||
|
|
||||||
function test_post_handler() {
|
function test_post_handler() {
|
||||||
it("should send 403 if pre check rejects", function(done) {
|
it("should send 403 if pre check rejects", function (done) {
|
||||||
const endpoint = "/protected";
|
const endpoint = "/protected";
|
||||||
|
|
||||||
identityValidable.preValidation.returns(Promise.reject("No access"));
|
identityValidable.preValidation.returns(Promise.reject("No access"));
|
||||||
IdentityValidator.IdentityValidator.setup(app, endpoint, identityValidable, userDataStore as any, winston);
|
IdentityValidator.IdentityValidator.setup(app, endpoint, identityValidable, userDataStore as any, winston);
|
||||||
|
|
||||||
res.send = sinon.spy(function() {
|
res.send = sinon.spy(function () {
|
||||||
assert.equal(res.status.getCall(0).args[0], 403);
|
assert.equal(res.status.getCall(0).args[0], 403);
|
||||||
done();
|
done();
|
||||||
});
|
});
|
||||||
|
@ -92,14 +92,14 @@ describe("test identity check process", function() {
|
||||||
handler(req, res);
|
handler(req, res);
|
||||||
});
|
});
|
||||||
|
|
||||||
it("should send 400 if email is missing in provided identity", function(done) {
|
it("should send 400 if email is missing in provided identity", function (done) {
|
||||||
const endpoint = "/protected";
|
const endpoint = "/protected";
|
||||||
const identity = { userid: "abc" };
|
const identity = { userid: "abc" };
|
||||||
|
|
||||||
identityValidable.preValidation.returns(Promise.resolve(identity));
|
identityValidable.preValidation.returns(Promise.resolve(identity));
|
||||||
IdentityValidator.IdentityValidator.setup(app, endpoint, identityValidable, userDataStore as any, winston);
|
IdentityValidator.IdentityValidator.setup(app, endpoint, identityValidable, userDataStore as any, winston);
|
||||||
|
|
||||||
res.send = sinon.spy(function() {
|
res.send = sinon.spy(function () {
|
||||||
assert.equal(res.status.getCall(0).args[0], 400);
|
assert.equal(res.status.getCall(0).args[0], 400);
|
||||||
done();
|
done();
|
||||||
});
|
});
|
||||||
|
@ -108,14 +108,14 @@ describe("test identity check process", function() {
|
||||||
handler(req, res);
|
handler(req, res);
|
||||||
});
|
});
|
||||||
|
|
||||||
it("should send 400 if userid is missing in provided identity", function(done) {
|
it("should send 400 if userid is missing in provided identity", function (done) {
|
||||||
const endpoint = "/protected";
|
const endpoint = "/protected";
|
||||||
const identity = { email: "abc@example.com" };
|
const identity = { email: "abc@example.com" };
|
||||||
|
|
||||||
identityValidable.preValidation.returns(Promise.resolve(identity));
|
identityValidable.preValidation.returns(Promise.resolve(identity));
|
||||||
IdentityValidator.IdentityValidator.setup(app, endpoint, identityValidable, userDataStore as any, winston);
|
IdentityValidator.IdentityValidator.setup(app, endpoint, identityValidable, userDataStore as any, winston);
|
||||||
|
|
||||||
res.send = sinon.spy(function() {
|
res.send = sinon.spy(function () {
|
||||||
assert.equal(res.status.getCall(0).args[0], 400);
|
assert.equal(res.status.getCall(0).args[0], 400);
|
||||||
done();
|
done();
|
||||||
});
|
});
|
||||||
|
@ -123,35 +123,64 @@ describe("test identity check process", function() {
|
||||||
handler(req, res);
|
handler(req, res);
|
||||||
});
|
});
|
||||||
|
|
||||||
it("should issue a token, send an email and return 204", function(done) {
|
describe("should issue a token, send an email and return 204", () => {
|
||||||
const endpoint = "/protected";
|
function contains(str: string, pattern: string): boolean {
|
||||||
const identity = { userid: "user", email: "abc@example.com" };
|
return str.indexOf(pattern) > -1;
|
||||||
req.headers.host = "localhost";
|
}
|
||||||
req.headers["x-original-uri"] = "/auth/test";
|
|
||||||
|
|
||||||
identityValidable.preValidation.returns(Promise.resolve(identity));
|
it("with x-original-uri", function(done) {
|
||||||
IdentityValidator.IdentityValidator.setup(app, endpoint, identityValidable, userDataStore as any, winston);
|
const endpoint = "/protected";
|
||||||
|
const identity = { userid: "user", email: "abc@example.com" };
|
||||||
|
req.headers.host = "localhost";
|
||||||
|
req.headers["x-original-uri"] = "/auth/test";
|
||||||
|
|
||||||
res.send = sinon.spy(function() {
|
identityValidable.preValidation.returns(Promise.resolve(identity));
|
||||||
assert.equal(res.status.getCall(0).args[0], 204);
|
IdentityValidator.IdentityValidator.setup(app, endpoint, identityValidable, userDataStore as any, winston);
|
||||||
assert(notifier.notify.calledOnce);
|
|
||||||
assert(userDataStore.issue_identity_check_token.calledOnce);
|
res.send = sinon.spy(function () {
|
||||||
assert.equal(userDataStore.issue_identity_check_token.getCall(0).args[0], "user");
|
assert.equal(res.status.getCall(0).args[0], 204);
|
||||||
assert.equal(userDataStore.issue_identity_check_token.getCall(0).args[3], 240000);
|
assert(notifier.notify.calledOnce);
|
||||||
done();
|
console.log(notifier.notify.getCall(0).args[2]);
|
||||||
|
assert(contains(notifier.notify.getCall(0).args[2], "https://localhost/auth/test?identity_token="));
|
||||||
|
assert(userDataStore.issue_identity_check_token.calledOnce);
|
||||||
|
assert.equal(userDataStore.issue_identity_check_token.getCall(0).args[0], "user");
|
||||||
|
assert.equal(userDataStore.issue_identity_check_token.getCall(0).args[3], 240000);
|
||||||
|
done();
|
||||||
|
});
|
||||||
|
const handler = app_post.getCall(0).args[1];
|
||||||
|
handler(req, res);
|
||||||
|
});
|
||||||
|
|
||||||
|
it("without x-original-uri", function(done) {
|
||||||
|
const endpoint = "/protected";
|
||||||
|
const identity = { userid: "user", email: "abc@example.com" };
|
||||||
|
req.headers.host = "localhost";
|
||||||
|
|
||||||
|
identityValidable.preValidation.returns(Promise.resolve(identity));
|
||||||
|
IdentityValidator.IdentityValidator.setup(app, endpoint, identityValidable, userDataStore as any, winston);
|
||||||
|
|
||||||
|
res.send = sinon.spy(function () {
|
||||||
|
assert.equal(res.status.getCall(0).args[0], 204);
|
||||||
|
assert(notifier.notify.calledOnce);
|
||||||
|
assert(contains(notifier.notify.getCall(0).args[2], "https://localhost?identity_token="));
|
||||||
|
assert(userDataStore.issue_identity_check_token.calledOnce);
|
||||||
|
assert.equal(userDataStore.issue_identity_check_token.getCall(0).args[0], "user");
|
||||||
|
assert.equal(userDataStore.issue_identity_check_token.getCall(0).args[3], 240000);
|
||||||
|
done();
|
||||||
|
});
|
||||||
|
const handler = app_post.getCall(0).args[1];
|
||||||
|
handler(req, res);
|
||||||
});
|
});
|
||||||
const handler = app_post.getCall(0).args[1];
|
|
||||||
handler(req, res);
|
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
function test_get_handler() {
|
function test_get_handler() {
|
||||||
it("should send 403 if no identity_token is provided", function(done) {
|
it("should send 403 if no identity_token is provided", function (done) {
|
||||||
const endpoint = "/protected";
|
const endpoint = "/protected";
|
||||||
|
|
||||||
IdentityValidator.IdentityValidator.setup(app, endpoint, identityValidable, userDataStore as any, winston);
|
IdentityValidator.IdentityValidator.setup(app, endpoint, identityValidable, userDataStore as any, winston);
|
||||||
|
|
||||||
res.send = sinon.spy(function() {
|
res.send = sinon.spy(function () {
|
||||||
assert.equal(res.status.getCall(0).args[0], 403);
|
assert.equal(res.status.getCall(0).args[0], 403);
|
||||||
done();
|
done();
|
||||||
});
|
});
|
||||||
|
@ -159,14 +188,14 @@ describe("test identity check process", function() {
|
||||||
handler(req, res);
|
handler(req, res);
|
||||||
});
|
});
|
||||||
|
|
||||||
it("should render template if identity_token is provided and still valid", function(done) {
|
it("should render template if identity_token is provided and still valid", function (done) {
|
||||||
req.query.identity_token = "token";
|
req.query.identity_token = "token";
|
||||||
const endpoint = "/protected";
|
const endpoint = "/protected";
|
||||||
identityValidable.templateName.returns("template");
|
identityValidable.templateName.returns("template");
|
||||||
|
|
||||||
IdentityValidator.IdentityValidator.setup(app, endpoint, identityValidable, userDataStore as any, winston);
|
IdentityValidator.IdentityValidator.setup(app, endpoint, identityValidable, userDataStore as any, winston);
|
||||||
|
|
||||||
res.render = sinon.spy(function(template: string) {
|
res.render = sinon.spy(function (template: string) {
|
||||||
assert.equal(template, "template");
|
assert.equal(template, "template");
|
||||||
done();
|
done();
|
||||||
});
|
});
|
||||||
|
@ -174,7 +203,7 @@ describe("test identity check process", function() {
|
||||||
handler(req, res);
|
handler(req, res);
|
||||||
});
|
});
|
||||||
|
|
||||||
it("should return 403 if identity_token is provided but invalid", function(done) {
|
it("should return 403 if identity_token is provided but invalid", function (done) {
|
||||||
req.query.identity_token = "token";
|
req.query.identity_token = "token";
|
||||||
const endpoint = "/protected";
|
const endpoint = "/protected";
|
||||||
|
|
||||||
|
@ -184,7 +213,7 @@ describe("test identity check process", function() {
|
||||||
|
|
||||||
IdentityValidator.IdentityValidator.setup(app, endpoint, identityValidable, userDataStore as any, winston);
|
IdentityValidator.IdentityValidator.setup(app, endpoint, identityValidable, userDataStore as any, winston);
|
||||||
|
|
||||||
res.send = sinon.spy(function(template: string) {
|
res.send = sinon.spy(function (template: string) {
|
||||||
assert.equal(res.status.getCall(0).args[0], 403);
|
assert.equal(res.status.getCall(0).args[0], 403);
|
||||||
done();
|
done();
|
||||||
});
|
});
|
||||||
|
@ -192,7 +221,7 @@ describe("test identity check process", function() {
|
||||||
handler(req, res);
|
handler(req, res);
|
||||||
});
|
});
|
||||||
|
|
||||||
it("should set the identity_check session object even if session does not exist yet", function(done) {
|
it("should set the identity_check session object even if session does not exist yet", function (done) {
|
||||||
req.query.identity_token = "token";
|
req.query.identity_token = "token";
|
||||||
const endpoint = "/protected";
|
const endpoint = "/protected";
|
||||||
|
|
||||||
|
@ -201,7 +230,7 @@ describe("test identity check process", function() {
|
||||||
|
|
||||||
IdentityValidator.IdentityValidator.setup(app, endpoint, identityValidable, userDataStore as any, winston);
|
IdentityValidator.IdentityValidator.setup(app, endpoint, identityValidable, userDataStore as any, winston);
|
||||||
|
|
||||||
res.render = sinon.spy(function(template: string) {
|
res.render = sinon.spy(function (template: string) {
|
||||||
assert.equal(req.session.auth_session.identity_check.userid, "user");
|
assert.equal(req.session.auth_session.identity_check.userid, "user");
|
||||||
assert.equal(template, "template");
|
assert.equal(template, "template");
|
||||||
done();
|
done();
|
||||||
|
|
|
@ -106,7 +106,7 @@ describe("test authentication token verification", function () {
|
||||||
return test_unauthorized({ first_factor: true });
|
return test_unauthorized({ first_factor: true });
|
||||||
});
|
});
|
||||||
|
|
||||||
it.only("should not be authenticated when domain is not allowed for user", function () {
|
it("should not be authenticated when domain is not allowed for user", function () {
|
||||||
req.headers.host = "test.example.com";
|
req.headers.host = "test.example.com";
|
||||||
|
|
||||||
accessController.isDomainAllowedForUser.returns(false);
|
accessController.isDomainAllowedForUser.returns(false);
|
||||||
|
|
Loading…
Reference in New Issue