UNPKG

hapi-auth-jwt2

Version:

Hapi.js Authentication Plugin/Scheme using JSON Web Tokens (JWT)

github.com/dwyl/hapi-auth-jwt2

dwyl/hapi-auth-jwt2

141 lines (118 loc) 5.06 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
const test = require('tape'); const JWT = require('jsonwebtoken'); const secret = 'NeverShareYourSecret'; const server = require('./scheme-response-server.cjs'); // test server which in turn loads our module test("Attempt to access restricted content (without auth token)", async function(t) { const options = { method: "POST", url: "/privado" }; const response = await server.inject(options); t.equal(response.statusCode, 401, "No Token should fail"); t.equal(response.headers.authorization, undefined, 'Invalid requests should not be calling the response function'); t.end(); }); test("Attempt to access restricted content (with an INVALID Token)", async function(t) { const options = { method: "POST", url: "/privado", headers: { authorization: "Bearer fails.validation" } }; const response = await server.inject(options); t.equal(response.statusCode, 401, "INVALID Token should fail"); t.equal(response.headers.authorization, undefined, 'Invalid requests should not be calling the response function'); t.end(); }); test("Access restricted content (with VALID Token)", async function(t) { // use the token as the 'authorization' header in requests const token = JWT.sign({ id: 123, "name": "Charlie" }, secret); const options = { method: "POST", url: "/privado", headers: { authorization: "Bearer " + token } }; const response = await server.inject(options); t.equal(response.statusCode, 200, "VALID Token should succeed!"); t.equal(response.headers.authorization, 'from scheme response function', 'Valid request should finish by calling response function'); t.end(); }); test("Auth mode 'required' should require authentication header", async function(t) { const options = { method: "POST", url: "/required" }; const response = await server.inject(options); t.equal(response.statusCode, 401, "No token header should fail in auth 'required' mode"); t.equal(response.headers.authorization, undefined, 'Invalid requests should not be calling the response function'); t.end(); }); test("Auth mode 'required' should should pass with valid token", async function(t) { // use the token as the 'authorization' header in requests const token = JWT.sign({ id: 123, "name": "Charlie" }, secret); const options = { method: "POST", url: "/required", headers: { authorization: "Bearer " + token } }; const response = await server.inject(options); t.equal(response.statusCode, 200, "Valid token should succeed!"); t.equal(response.headers.authorization, 'from scheme response function', 'Valid request should finish by calling response function'); t.end(); }); test("Scheme should set token in request.auth.token", async function(t) { // use the token as the 'authorization' header in requests const token = JWT.sign({ id: 123, "name": "Charlie" }, secret); const options = { method: "GET", url: "/token", headers: { authorization: "Bearer " + token } }; const response = await server.inject(options); t.equal(response.result, token, 'Token is accesible from handler'); t.equal(response.headers.authorization, 'from scheme response function', 'Valid request should finish by calling response function'); t.end(); }); test("Testing an error thrown from the scheme\'s response function", async function(t) { // use the token as the 'authorization' header in requests const token = JWT.sign({ id: 123, "name": "Charlie" }, secret); const options = { method: "GET", url: "/token", headers: { authorization: "Bearer " + token, error: 'true' } }; // server.inject lets us simulate an http request const response = await server.inject(options); t.equal(response.statusCode, 500, 'A server error happens in the scheme\'s response function'); t.end(); }); test("Access restricted content (with VALID Token) and async response function", async function(t) { // use the token as the 'authorization' header in requests const token = JWT.sign({ id: 123, "name": "Charlie" }, secret); const options = { method: "POST", url: "/async", headers: { authorization: "Bearer " + token } }; const response = await server.inject(options); t.equal(response.statusCode, 200, "VALID Token should succeed!"); t.equal(response.headers.authorization, 'from scheme response function', 'Valid request should finish by calling async response function'); t.end(); }); test("Testing an error thrown from the scheme\'s async response function", async function(t) { // use the token as the 'authorization' header in requests const token = JWT.sign({ id: 123, "name": "Charlie" }, secret); const options = { method: "POST", url: "/async", headers: { authorization: "Bearer " + token, error: 'true' } }; const response = await server.inject(options); t.equal(response.statusCode, 500, 'A server error happens in the scheme\'s response function'); t.end(); });