@sync-in/server/server/authentication/guards/auth-basic.guard.spec.js

The secure, open-source platform for file storage, sharing, collaboration, and sync

/*
 * Copyright (C) 2012-2025 Johan Legrand <johan.legrand@sync-in.com>
 * This file is part of Sync-in | The open source file sync and share solution
 * See the LICENSE file for licensing details
 */ "use strict";
Object.defineProperty(exports, "__esModule", {
    value: true
});
const _tsjest = require("@golevelup/ts-jest");
const _testing = require("@nestjs/testing");
const _nestjspino = require("nestjs-pino");
const _usermodel = require("../../applications/users/models/user.model");
const _test = require("../../applications/users/utils/test");
const _routes = require("../../applications/webdav/constants/routes");
const _cacheservice = require("../../infrastructure/cache/services/cache.service");
const _authmethod = require("../models/auth-method");
const _authbasicguard = require("./auth-basic.guard");
const _authbasicstrategy = require("./auth-basic.strategy");
describe(_authbasicguard.AuthBasicGuard.name, ()=>{
    let authBasicGuard;
    let authMethod;
    let cache;
    let userTest;
    let encodedAuth;
    let context;
    beforeAll(async ()=>{
        const module = await _testing.Test.createTestingModule({
            providers: [
                _authbasicguard.AuthBasicGuard,
                _authbasicstrategy.AuthBasicStrategy,
                {
                    provide: _authmethod.AuthMethod,
                    useValue: {
                        validateUser: async ()=>null
                    }
                },
                {
                    provide: _nestjspino.PinoLogger,
                    useValue: {
                        assign: ()=>undefined
                    }
                },
                {
                    provide: _cacheservice.Cache,
                    useValue: {
                        get: (_key)=>undefined,
                        set: async (_key, _value, _ttl)=>undefined,
                        genSlugKey: ()=>'test'
                    }
                }
            ]
        }).compile();
        authBasicGuard = module.get(_authbasicguard.AuthBasicGuard);
        authMethod = module.get(_authmethod.AuthMethod);
        cache = module.get(_cacheservice.Cache);
        userTest = new _usermodel.UserModel((0, _test.generateUserTest)(), false);
        encodedAuth = Buffer.from(`${userTest.login}:${userTest.password}`).toString('base64');
        context = (0, _tsjest.createMock)();
    });
    it('should be defined', ()=>{
        expect(authBasicGuard).toBeDefined();
        expect(authMethod).toBeDefined();
        expect(cache).toBeDefined();
        expect(userTest).toBeDefined();
        expect(encodedAuth).toBeDefined();
    });
    it('should validate the user authentication', async ()=>{
        authMethod.validateUser = jest.fn().mockReturnValueOnce(userTest);
        context.switchToHttp().getRequest.mockReturnValue({
            raw: {
                user: ''
            },
            headers: {
                authorization: `Basic ${encodedAuth}`
            }
        });
        expect(await authBasicGuard.canActivate(context)).toBe(true);
    });
    it('should validate the user authentication with cache', async ()=>{
        cache.get = jest.fn().mockReturnValueOnce(userTest);
        context.switchToHttp().getRequest.mockReturnValue({
            raw: {
                user: ''
            },
            headers: {
                authorization: `Basic ${encodedAuth}`
            }
        });
        expect(await authBasicGuard.canActivate(context)).toBe(true);
    });
    it('should not validate the user authentication', async ()=>{
        context.switchToHttp().getRequest.mockReturnValue({
            raw: {
                user: ''
            },
            headers: {
                authorization: `Basic ${encodedAuth}`
            }
        });
        await expect(authBasicGuard.canActivate(context)).rejects.toThrow();
    });
    it('should throw error due to malformed authorization header', async ()=>{
        // headers with capitals not working
        context.switchToHttp().getRequest.mockReturnValueOnce({
            raw: {
                user: ''
            },
            headers: {
                AUTHORIZATION: 'Basic foo'
            }
        });
        await expect(authBasicGuard.canActivate(context)).rejects.toThrow();
        context.switchToHttp().getRequest.mockReturnValueOnce({
            raw: {
                user: ''
            }
        });
        await expect(authBasicGuard.canActivate(context)).rejects.toThrow();
    });
    it(`should valid OPTIONS method without authentication header on "/" and "/${_routes.WEBDAV_BASE_PATH}/*" paths `, async ()=>{
        for (const url of [
            '',
            `/${_routes.WEBDAV_BASE_PATH}`,
            `/${_routes.WEBDAV_BASE_PATH}/foo/bar`
        ]){
            context.switchToHttp().getRequest.mockReturnValueOnce({
                method: 'OPTIONS',
                originalUrl: url,
                raw: {
                    user: ''
                }
            });
            expect(await authBasicGuard.canActivate(context)).toBe(true);
        }
    });
    it('should not valid OPTIONS method with other paths', async ()=>{
        context.switchToHttp().getRequest.mockReturnValueOnce({
            method: 'OPTIONS',
            originalUrl: '/foo',
            raw: {
                user: ''
            }
        });
        await expect(authBasicGuard.canActivate(context)).rejects.toThrow();
    });
});

//# sourceMappingURL=auth-basic.guard.spec.js.map