UNPKG

hapi-auth-jwt2

Version:

Hapi.js Authentication Plugin/Scheme using JSON Web Tokens (JWT)

github.com/dwyl/hapi-auth-jwt2

dwyl/hapi-auth-jwt2

96 lines (85 loc) 3.69 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
const test = require('tape'); const JWT = require('jsonwebtoken'); const server = require('./multiple_key_server.cjs'); // test server which in turn loads our module test("Access restricted content with multiple valid tokens for a valid tenant", async function(t) { let testsOutstanding = 2; const finishTest = function() { testsOutstanding--; if (testsOutstanding <= 0) { t.end(); } } // use the token as the 'authorization' header in requests const token1 = JWT.sign({ id: 123, "name": "Charlie", "tenant": "dunderMifflin" }, 'michaelscott'); const options1 = { method: "POST", url: "/privado", headers: { authorization: "Bearer " + token1 } }; const response = await server.inject(options1); t.equal(response.statusCode, 200, "VALID Token with 1st key should succeed!"); t.equal(response.result.data.additional, 'something extra here if needed', 'extraInfo should be passed through'); finishTest(); const token2 = JWT.sign({ id: 123, "name": "Charlie", "tenant": "dunderMifflin" }, 'jimhalpert'); const options2 = { method: "POST", url: "/privado", headers: { authorization: "Bearer " + token2 } }; const response2 = await server.inject(options2); t.equal(response2.statusCode, 200, "VALID Token with 2nd key should succeed!"); t.equal(response2.result.data.additional, 'something extra here if needed', 'extraInfo should be passed through'); finishTest(); }); test("Access restricted content with an invalid token and tenant", async function(t) { // use the token as the 'authorization' header in requests const token = JWT.sign({ id: 123, "name": "Charlie", "tenant": "dunderMifflin" }, 'dwightschrute'); const options = { method: "POST", url: "/privado", headers: { authorization: "Bearer " + token } }; // server.inject lets us simulate an http request const response = await server.inject(options); t.equal(response.statusCode, 401, "INVALID Token should fail!"); t.end(); }); test("Access restricted content with a valid token and tenant but user is not allowed", async function(t) { // use the token as the 'authorization' header in requests const token = JWT.sign({ id: 321, "name": "Old Gregg", "tenant": "wernhamHogg" }, 'davidbrent'); const options = { method: "POST", url: "/privado", headers: { authorization: "Bearer " + token } }; // server.inject lets us simulate an http request const response = await server.inject(options); t.equal(response.statusCode, 401, "Not allowed user should fail!"); t.end(); }); test("Access restricted content without tenant specified in token", async function(t) { // use the token as the 'authorization' header in requests const token = JWT.sign({ id: 123, "name": "Charlie" }, 'michaelscott'); const options = { method: "POST", url: "/privado", headers: { authorization: "Bearer " + token } }; // server.inject lets us simulate an http request const response = await server.inject(options); t.equal(response.statusCode, 400, "No tenant specified should fail!"); t.end(); }); test("Access restricted content with non-existent tenant specified", async function(t) { // use the token as the 'authorization' header in requests const token = JWT.sign({ id: 123, "name": "Charlie", "tenant": "princeFamilyPaper" }, 'michaelscott'); const options = { method: "POST", url: "/privado", headers: { authorization: "Bearer " + token } }; // server.inject lets us simulate an http request const response = await server.inject(options); t.equal(response.statusCode, 401, "No tentant found should fail!"); t.end(); });