var server = require('../../src/lib/server'); var Jwt = require('../../src/lib/jwt'); var request = require('request'); var assert = require('assert'); var speakeasy = require('speakeasy'); var sinon = require('sinon'); var BASE_URL = 'http://localhost:8090'; describe('test the server', function() { var jwt = new Jwt('jwt_secret'); var ldap_client = { bind: sinon.stub() }; before(function() { var config = { port: 8090, totp_secret: 'totp_secret', ldap_url: 'ldap://127.0.0.1:389', ldap_users_dn: 'ou=users,dc=example,dc=com', jwt_secret: 'jwt_secret', jwt_expiration_time: '1h' }; // ldap_client.bind.yields(undefined); ldap_client.bind.withArgs('cn=test_ok,ou=users,dc=example,dc=com', 'password').yields(undefined); ldap_client.bind.withArgs('cn=test_nok,ou=users,dc=example,dc=com', 'password').yields('error'); server.run(config, ldap_client); }); describe('test GET /login', function() { test_login() }); describe('test GET /logout', function() { test_logout() }); describe('test GET /_auth', function() { test_get_auth(jwt); }); describe('test POST /_auth', function() { test_post_auth(jwt); }); }); function test_login() { it('should serve the login page', function(done) { request.get(BASE_URL + '/login') .on('response', function(response) { assert.equal(response.statusCode, 200); done(); }) }); } function test_logout() { it('should logout and redirect to /', function(done) { request.get(BASE_URL + '/logout') .on('response', function(response) { assert.equal(response.req.path, '/'); done(); }) }); } function test_get_auth(jwt) { it('should return status code 401 when user is not authenticated', function(done) { request.get(BASE_URL + '/_auth') .on('response', function(response) { assert.equal(response.statusCode, 401); done(); }) }); it('should return status code 204 when user is authenticated', function(done) { var j = request.jar(); var r = request.defaults({jar: j}); var token = jwt.sign({ user: 'test' }, '1h'); var cookie = r.cookie('access_token=' + token); j.setCookie(cookie, BASE_URL + '/_auth'); r.get(BASE_URL + '/_auth') .on('response', function(response) { assert.equal(response.statusCode, 204); done(); }) }); } function test_post_auth() { it('should return the JWT token when authentication is successful', function(done) { var clock = sinon.useFakeTimers(); var real_token = speakeasy.totp({ secret: 'totp_secret', encoding: 'base32' }); var expectedJwt = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjoidGVzdF9vayIsImlhdCI6MCwiZXhwIjozNjAwfQ.ihvaljGjO5h3iSO_h3PkNNSCYeePyB8Hr5lfVZZYyrQ'; request.post(BASE_URL + '/_auth', { form: { username: 'test_ok', password: 'password', token: real_token } }, function (error, response, body) { if (!error && response.statusCode == 200) { assert.equal(body, expectedJwt); clock.restore(); done(); } }); }); it('should return invalid authentication status code', function(done) { var clock = sinon.useFakeTimers(); var real_token = speakeasy.totp({ secret: 'totp_secret', encoding: 'base32' }); var data = { form: { username: 'test_nok', password: 'password', token: real_token } } request.post(BASE_URL + '/_auth', data, function (error, response, body) { if(response.statusCode == 401) { clock.restore(); done(); } }); }); }