UNPKG

@quarks/quarks-iam

Version:

A modern authorization server built to authenticate your users and protect your APIs

github.com/anvilresearch/connect

anvilresearch/connect

144 lines (84 loc) 2.81 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
chai = require 'chai' sinon = require 'sinon' sinonChai = require 'sinon-chai' expect = chai.expect chai.use sinonChai chai.should() settings = require '../../../boot/settings' AccessToken = require '../../../models/AccessToken' verifyClientReg = require('../../../oidc').verifyClientRegistration describe 'Verify Dynamic Client Registration', -> {req,res,next,err} = {} {client_registration,trusted_registration_scope} = {} before -> client_registration = settings.client_registration trusted_registration_scope = settings.trusted_registration_scope settings.client_registration = 'dynamic' settings.trusted_registration_scope = 'realm' after -> settings.client_registration = client_registration settings.trusted_registration_scope = trusted_registration_scope describe 'without bearer token', -> before (done) -> req = { headers: {}, body: {} } res = {} next = sinon.spy (error) -> err = error done() verifyClientReg req, res, next it 'should not provide an error', -> expect(err).to.be.undefined it 'should continue', -> next.should.have.been.called describe 'with insufficient trusted scope', -> before (done) -> req = bearer: 'valid.jwt' claims: sub: 'uuid1' body: { trusted: true } res = {} verifyClientReg req, res, (error) -> err = error done() it 'should provide an UnauthorizedError', -> err.name.should.equal 'UnauthorizedError' it 'should provide a realm', -> err.realm.should.equal 'user' it 'should provide an error code', -> err.error.should.equal 'insufficient_scope' it 'should provide an error description', -> err.error_description.should.equal 'User does not have permission' it 'should provide a status code', -> err.statusCode.should.equal 403 describe 'with sufficient trusted scope', -> before (done) -> req = bearer: 'valid.jwt' claims: sub: 'uuid1' scope: 'realm other' body: { trusted: true } res = {} next = sinon.spy (error) -> err = error done() verifyClientReg req, res, next it 'should not provide an error', -> expect(err).to.be.undefined it 'should continue', -> next.should.have.been.called describe 'with valid token', -> before (done) -> req = bearer: 'valid.jwt' body: {} res = {} next = sinon.spy (error) -> err = error done() verifyClientReg req, res, next it 'should not provide an error', -> expect(err).to.be.undefined it 'should continue', -> next.should.have.been.called