authelia/test/unitary/routes/test_totp.js

var totp = require('../../../src/lib/routes/totp');
var Promise = require('bluebird');
var sinon = require('sinon');
var assert = require('assert');
var winston = require('winston');

describe('test totp route', function() {
  var req, res;
  var totpValidator;
  var user_data_store;

  beforeEach(function() {
    var app_get = sinon.stub();
    req = {
      app: {
        get: app_get
      },
      body: {
        token: 'abc'
      },
      session: {
        auth_session: {
          userid: 'user',
          first_factor: false,
          second_factor: false
        }
      }
    };
    res = {
      send: sinon.spy(),
      status: sinon.spy()
    };

    var config = { totp_secret: 'secret' };
    totpValidator = {
      validate: sinon.stub()
    }

    user_data_store = {};
    user_data_store.get_totp_secret = sinon.stub();

    var doc = {};
    doc.userid = 'user';
    doc.secret = {};
    doc.secret.base32 = 'ABCDEF';
    user_data_store.get_totp_secret.returns(Promise.resolve(doc));

    app_get.withArgs('logger').returns(winston);
    app_get.withArgs('totp validator').returns(totpValidator);
    app_get.withArgs('config').returns(config);
    app_get.withArgs('user data store').returns(user_data_store);
  });


  it('should send status code 204 when totp is valid', function(done) {
    totpValidator.validate.returns(Promise.resolve("ok"));
    res.send = sinon.spy(function() {
      // Second factor passed
      assert.equal(true, req.session.auth_session.second_factor)
      assert.equal(204, res.status.getCall(0).args[0]);
      done();
    });
    totp(req, res); 
  });

  it('should send status code 401 when totp is not valid', function(done) {
    totpValidator.validate.returns(Promise.reject('bad_token'));
    res.send = sinon.spy(function() {
      assert.equal(false, req.session.auth_session.second_factor)
      assert.equal(401, res.status.getCall(0).args[0]);
      done();
    });
    totp(req, res); 
  });

  it('should send status code 401 when session has not been initiated', function(done) {
    totpValidator.validate.returns(Promise.resolve('abc'));
    res.send = sinon.spy(function() {
      assert.equal(403, res.status.getCall(0).args[0]);
      done();
    });
    req.session = {};
    totp(req, res); 
  });
});