@quarks/quarks-iam
Version:
A modern authorization server built to authenticate your users and protect your APIs
457 lines (314 loc) • 11.5 kB
text/coffeescript
# Test dependencies
chai = require 'chai'
sinon = require 'sinon'
sinonChai = require 'sinon-chai'
supertest = require 'supertest'
expect = chai.expect
# Assertions
chai.use sinonChai
chai.should()
# Code under test
server = require '../../../../server'
Scope = require '../../../../models/Scope'
AccessToken = require '../../../../models/AccessToken'
request = supertest(server)
describe 'RESTful Scope Routes', ->
{err, res} = {}
describe 'GET /v1/scopes', ->
describe 'without valid token', ->
before (done) ->
request
.get('/v1/scopes')
.end (error, response) ->
err = error
res = response
done()
return
it 'should respond 40x', ->
res.statusCode.should.equal 400
it 'should respond with error', ->
res.body.error.should.equal 'invalid_request'
it 'should respond with error_description', ->
res.body.error_description.should.equal 'An access token is required'
describe 'with valid token', ->
before (done) ->
sinon.stub(AccessToken, 'verify').callsArgWith(2, null, {})
sinon.stub(Scope, 'list').callsArgWith 1, null, []
request
.get('/v1/scopes')
.set('Authorization', 'Bearer valid.signed.token')
.end (error, response) ->
err = error
res = response
done()
return
after ->
AccessToken.verify.restore()
Scope.list.restore()
it 'should respond 200', ->
res.statusCode.should.equal 200
it 'should respond with JSON', ->
res.headers['content-type'].should.contain 'application/json'
it 'should respond with a list of scopes', ->
res.body.should.be.an 'array'
describe 'GET /v1/scopes/:id', ->
describe 'without valid token', ->
before (done) ->
request
.get('/v1/scopes/uuid')
.end (error, response) ->
err = error
res = response
done()
return
it 'should respond 400', ->
res.statusCode.should.equal 400
it 'should respond with error', ->
res.body.error.should.equal 'invalid_request'
it 'should respond with error_description', ->
res.body.error_description.should.equal 'An access token is required'
describe 'with unknown scope id', ->
before (done) ->
sinon.stub(AccessToken, 'verify').callsArgWith(2, null, {})
sinon.stub(Scope, 'get').callsArgWith(1, null, null)
request
.get('/v1/scopes/uuid')
.set('Authorization', 'Bearer valid.signed.token')
.end (error, response) ->
err = error
res = response
done()
return
after ->
AccessToken.verify.restore()
Scope.get.restore()
it 'should respond 404', ->
res.statusCode.should.equal 404
it 'should respond with JSON', ->
res.headers['content-type'].should.contain 'text/html'
it 'should respond with "Not found."', ->
res.text.should.contain 'Not found.'
describe 'with valid token and known scope id', ->
scope = new Scope name: 'custom'
before (done) ->
sinon.stub(AccessToken, 'verify').callsArgWith(2, null, {})
sinon.stub(Scope, 'get').callsArgWith(1, null, scope)
request
.get('/v1/scopes/uuid')
.set('Authorization', 'Bearer valid.signed.token')
.end (error, response) ->
err = error
res = response
done()
return
after ->
AccessToken.verify.restore()
Scope.get.restore()
it 'should respond 200', ->
res.statusCode.should.equal 200
it 'should respond with JSON', ->
res.headers['content-type'].should.contain 'application/json'
it 'should respond with a resource', ->
res.body.name.should.equal scope.name
describe 'POST /v1/scopes', ->
describe 'without valid token', ->
before (done) ->
request
.post('/v1/scopes')
.end (error, response) ->
err = error
res = response
done()
return
it 'should respond 40x', ->
res.statusCode.should.equal 400
it 'should respond with error', ->
res.body.error.should.equal 'invalid_request'
it 'should respond with error_description', ->
res.body.error_description.should.equal 'An access token is required'
describe 'with valid data', ->
scope = new Scope name: 'custom'
before (done) ->
sinon.stub(AccessToken, 'verify').callsArgWith(2, null, {})
sinon.stub(Scope, 'insert').callsArgWith(1, null, scope)
request
.post("/v1/scopes")
.set('Authorization', 'Bearer valid.signed.token')
.send({ name: 'custom' })
.end (error, response) ->
err = error
res = response
done()
return
after ->
AccessToken.verify.restore()
Scope.insert.restore()
it 'should respond 201', ->
res.statusCode.should.equal 201
it 'should respond with JSON', ->
res.headers['content-type'].should.contain 'application/json'
it 'should respond with the resource', ->
res.body.should.have.property 'name'
describe 'with invalid data', ->
scope = new Scope name: false
validation = scope.validate()
before (done) ->
sinon.stub(AccessToken, 'verify').callsArgWith(2, null, {})
sinon.stub(Scope, 'insert').callsArgWith(1, validation, undefined)
request
.post("/v1/scopes")
.set('Authorization', 'Bearer valid.signed.token')
.send({ application_type: false })
.end (error, response) ->
err = error
res = response
done()
return
after ->
AccessToken.verify.restore()
Scope.insert.restore()
it 'should respond 400', ->
res.statusCode.should.equal 400
it 'should respond with JSON', ->
res.headers['content-type'].should.contain 'application/json'
it 'should respond with an error', ->
res.body.error.should.contain 'validation_error'
describe 'PATCH /v1/scopes/:id', ->
describe 'without valid token', ->
before (done) ->
request
.patch('/v1/scopes/uuid')
.end (error, response) ->
err = error
res = response
done()
return
it 'should respond 40x', ->
res.statusCode.should.equal 400
it 'should respond with error', ->
res.body.error.should.equal 'invalid_request'
it 'should respond with error_description', ->
res.body.error_description.should.equal 'An access token is required'
describe 'with unknown scope id', ->
before (done) ->
sinon.stub(AccessToken, 'verify').callsArgWith(2, null, {})
sinon.stub(Scope, 'patch').callsArgWith(2, null, null)
request
.patch('/v1/scopes/uuid')
.set('Authorization', 'Bearer valid.signed.token')
.end (error, response) ->
err = error
res = response
done()
return
after ->
AccessToken.verify.restore()
Scope.patch.restore()
it 'should respond 404', ->
res.statusCode.should.equal 404
it 'should respond with JSON', ->
res.headers['content-type'].should.contain 'text/html'
it 'should respond with "Not found."', ->
res.text.should.contain 'Not found.'
describe 'with valid data', ->
scope = new Scope name: 'custom'
before (done) ->
sinon.stub(AccessToken, 'verify').callsArgWith(2, null, {})
sinon.stub(Scope, 'patch').callsArgWith(2, null, scope)
request
.patch("/v1/scopes/uuid")
.set('Authorization', 'Bearer valid.signed.token')
.send({ name: 'custom' })
.end (error, response) ->
err = error
res = response
done()
return
after ->
AccessToken.verify.restore()
Scope.patch.restore()
it 'should respond 200', ->
res.statusCode.should.equal 200
it 'should respond with JSON', ->
res.headers['content-type'].should.contain 'application/json'
it 'should respond with the resource', ->
res.body.name.should.equal scope.name
describe 'with invalid data', ->
scope = new Scope name: false
validation = scope.validate()
before (done) ->
sinon.stub(AccessToken, 'verify').callsArgWith(2, null, {})
sinon.stub(Scope, 'patch').callsArgWith(2, validation, undefined)
request
.patch("/v1/scopes/uuid")
.set('Authorization', 'Bearer valid.signed.token')
.send({ name: false })
.end (error, response) ->
err = error
res = response
done()
return
after ->
AccessToken.verify.restore()
Scope.patch.restore()
it 'should respond 400', ->
res.statusCode.should.equal 400
it 'should respond with JSON', ->
res.headers['content-type'].should.contain 'application/json'
it 'should respond with an error', ->
res.body.error.should.contain 'validation_error'
describe 'DELETE /v1/scopes/:id', ->
describe 'without valid token', ->
before (done) ->
request
.del('/v1/scopes/uuid')
.end (error, response) ->
err = error
res = response
done()
return
it 'should respond 40x', ->
res.statusCode.should.equal 400
it 'should respond with error', ->
res.body.error.should.equal 'invalid_request'
it 'should respond with error_description', ->
res.body.error_description.should.equal 'An access token is required'
describe 'with unknown scope id', ->
before (done) ->
sinon.stub(AccessToken, 'verify').callsArgWith(2, null, {})
sinon.stub(Scope, 'delete').callsArgWith(1, null, null)
request
.del('/v1/scopes/uuid')
.set('Authorization', 'Bearer valid.signed.token')
.end (error, response) ->
err = error
res = response
done()
return
after ->
AccessToken.verify.restore()
Scope.delete.restore()
it 'should respond 404', ->
res.statusCode.should.equal 404
it 'should respond with JSON', ->
res.headers['content-type'].should.contain 'text/html'
it 'should respond with "Not found."', ->
res.text.should.contain 'Not found.'
describe 'with valid request', ->
scope = new Scope name: 'Joe'
before (done) ->
sinon.stub(AccessToken, 'verify').callsArgWith(2, null, {})
sinon.stub(Scope, 'delete').callsArgWith(1, null, scope)
request
.del('/v1/scopes/uuid')
.set('Authorization', 'Bearer valid.signed.token')
.end (error, response) ->
err = error
res = response
done()
return
after ->
AccessToken.verify.restore()
Scope.delete.restore()
it 'should respond 204', ->
res.statusCode.should.equal 204