@sync-in/server
Version:
The secure, open-source platform for file storage, sharing, collaboration, and sync
189 lines (188 loc) • 7.21 kB
JavaScript
/*
* Copyright (C) 2012-2025 Johan Legrand <johan.legrand@sync-in.com>
* This file is part of Sync-in | The open source file sync and share solution
* See the LICENSE file for licensing details
*/ "use strict";
Object.defineProperty(exports, "__esModule", {
value: true
});
const _cookie = require("@fastify/cookie");
const _tsjest = require("@golevelup/ts-jest");
const _config = require("@nestjs/config");
const _jwt = require("@nestjs/jwt");
const _passport = require("@nestjs/passport");
const _testing = require("@nestjs/testing");
const _nestjspino = require("nestjs-pino");
const _nodecrypto = /*#__PURE__*/ _interop_require_default(require("node:crypto"));
const _usersmanagerservice = require("../../applications/users/services/users-manager.service");
const _configenvironment = require("../../configuration/config.environment");
const _auth = require("../constants/auth");
const _tokeninterface = require("../interfaces/token.interface");
const _authmanagerservice = require("../services/auth-manager.service");
const _authtokenrefreshguard = require("./auth-token-refresh.guard");
const _authtokenrefreshstrategy = require("./auth-token-refresh.strategy");
function _interop_require_default(obj) {
return obj && obj.__esModule ? obj : {
default: obj
};
}
describe(_authtokenrefreshguard.AuthTokenRefreshGuard.name, ()=>{
const csrfToken = _nodecrypto.default.randomUUID();
let authConfig;
let jwtService;
let authRefreshGuard;
let refreshToken;
let refreshTokenWithoutCSRF;
let context;
beforeAll(async ()=>{
const module = await _testing.Test.createTestingModule({
imports: [
await _config.ConfigModule.forRoot({
load: [
_configenvironment.exportConfiguration
],
isGlobal: true
}),
_jwt.JwtModule.register({
global: true
}),
_passport.PassportModule
],
providers: [
_authtokenrefreshguard.AuthTokenRefreshGuard,
_authtokenrefreshstrategy.AuthTokenRefreshStrategy,
_authmanagerservice.AuthManager,
{
provide: _usersmanagerservice.UsersManager,
useValue: {}
},
{
provide: _nestjspino.PinoLogger,
useValue: {
assign: ()=>undefined
}
}
]
}).compile();
authConfig = module.get(_config.ConfigService).get('auth');
jwtService = module.get(_jwt.JwtService);
authRefreshGuard = module.get(_authtokenrefreshguard.AuthTokenRefreshGuard);
refreshToken = await jwtService.signAsync({
identity: {
id: 1,
login: 'foo'
},
[_tokeninterface.TOKEN_TYPE.CSRF]: csrfToken
}, {
secret: authConfig.token.refresh.secret,
expiresIn: 30
});
refreshTokenWithoutCSRF = await jwtService.signAsync({
identity: {
id: 1,
login: 'foo'
}
}, {
secret: authConfig.token.refresh.secret,
expiresIn: 30
});
context = (0, _tsjest.createMock)();
});
it('should be defined', ()=>{
expect(authConfig).toBeDefined();
expect(jwtService).toBeDefined();
expect(authRefreshGuard).toBeDefined();
expect(refreshToken).toBeDefined();
expect(refreshTokenWithoutCSRF).toBeDefined();
expect(csrfToken).toBeDefined();
});
it('should pass with a valid refresh token in cookies with CSRF', async ()=>{
context.switchToHttp().getRequest.mockReturnValue({
raw: {
user: ''
},
headers: {
[authConfig.token.csrf.name]: (0, _cookie.sign)(csrfToken, authConfig.token.csrf.secret)
},
cookies: {
[authConfig.token.refresh.name]: refreshToken
}
});
expect(await authRefreshGuard.canActivate(context)).toBe(true);
});
it('should pass with a valid refresh token in request header with no CSRF', async ()=>{
context.switchToHttp().getRequest.mockReturnValue({
raw: {
user: ''
},
headers: {
authorization: `Bearer ${refreshToken}`
}
});
expect(await authRefreshGuard.canActivate(context)).toBe(true);
});
it('should throw an error with an invalid refresh token in cookies', async ()=>{
context.switchToHttp().getRequest.mockReturnValue({
raw: {
user: ''
},
headers: {},
cookies: {
[authConfig.token.refresh.name]: 'bar'
}
});
await expect(authRefreshGuard.canActivate(context)).rejects.toThrow('Unauthorized');
});
it('should throw an error with an invalid refresh token in request header', async ()=>{
context.switchToHttp().getRequest.mockReturnValue({
raw: {
user: ''
},
headers: {
authorization: `Bearer bar`
}
});
await expect(authRefreshGuard.canActivate(context)).rejects.toThrow('Unauthorized');
});
it('should throw an error with a valid refresh token in cookies and a missing CSRF in request header', async ()=>{
context.switchToHttp().getRequest.mockReturnValue({
raw: {
user: ''
},
headers: {},
cookies: {
[authConfig.token.refresh.name]: refreshToken
}
});
await expect(authRefreshGuard.canActivate(context)).rejects.toThrow(new RegExp(_auth.CSRF_ERROR.MISSING_HEADERS));
});
it('should throw an error with a valid refresh token in cookies and a missing CSRF claim in the refresh token', async ()=>{
context.switchToHttp().getRequest.mockReturnValue({
raw: {
user: ''
},
headers: {
[authConfig.token.csrf.name]: csrfToken
},
cookies: {
[authConfig.token.refresh.name]: refreshTokenWithoutCSRF
}
});
await expect(authRefreshGuard.canActivate(context)).rejects.toThrow(new RegExp(_auth.CSRF_ERROR.MISSING_JWT));
});
it('should throw an error with a valid refresh token in cookies and a mismatch CSRF', async ()=>{
context.switchToHttp().getRequest.mockReturnValue({
raw: {
user: ''
},
headers: {
[authConfig.token.csrf.name]: csrfToken + '*'
},
cookies: {
[authConfig.token.refresh.name]: refreshToken
}
});
await expect(authRefreshGuard.canActivate(context)).rejects.toThrow(new RegExp(_auth.CSRF_ERROR.MISMATCH));
});
});
//# sourceMappingURL=auth-token-refresh.guard.spec.js.map