UNPKG

jwt-couchdb

Version:

JWT endpoint to authenticate users and create JSON Web Tokens out of the CouchDB's session API

github.com/UXtemple/jwt-couchdb

UXtemple/jwt-couchdb

153 lines (129 loc) 4.94 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
import { spy, stub } from 'sinon'; import proxyquire from 'proxyquire'; import test from 'tape'; const authHeaderTest = stub(); authHeaderTest.withArgs('valid').returns(true); authHeaderTest.withArgs('valid token but wrong user').returns(true); authHeaderTest.returns(false); const userCtx = {'name': 'name', 'roles': ['role1']}; const userCtx2 = {'name': 'name', 'roles': ['role1', 'role2']}; const endpoint = 'endpoint'; const endpointSession = `${endpoint}/_session`; const endpointUser = `${endpoint}/_users/org.couchdb.user:${userCtx.name}`; const fetchAuth = stub(); fetchAuth.withArgs(endpointSession, 'valid').returns({userCtx}); fetchAuth.withArgs(endpointUser, 'valid').returns(userCtx2); fetchAuth.withArgs(endpointSession, 'valid token but wrong user').throws(); const url = 'url'; const urlRefreshRoles = 'url-refresh-roles'; const needsToRefreshRolesTest = stub(); needsToRefreshRolesTest.withArgs(urlRefreshRoles).returns(true); needsToRefreshRolesTest.returns(false); const options = 'options'; const secret = 'secret'; const token = 'token'; const tokenRefreshedRoles = 'token-refreshed-roles'; const sign = stub(); sign.withArgs(userCtx2, secret, options).returns(tokenRefreshedRoles); sign.returns(token); const createHandler = proxyquire.noCallThru()('../create-handler', { 'fetch-auth-node': fetchAuth, './has-valid-authorisation-header': { test: authHeaderTest }, './needs-to-refresh-roles': { test: needsToRefreshRolesTest }, jsonwebtoken: { sign } }).default; test('#createHandler', t => { t.equals(typeof createHandler(), 'function', 'returns a thunk'); t.end(); }); const methods = ['CONNECT', 'DELETE', 'GET', 'HEAD', 'OPTIONS', 'PUT', 'TRACE']; test(`#handler doesn't handle ${methods.join(', ')}`, async t => { const handler = createHandler(); const res = { end: spy(), writeHead: spy() }; try { await Promise.all(methods.map(method => handler({method, url}, res))); t.deepEquals(res.writeHead.args, methods.map(m => [404]), 'responds with 404'); t.equals(res.end.callCount, methods.length, 'ends the responses'); t.end(); } catch(e) { console.log(e); } }); test(`#handler fails with POST and an invalid auth header`, async t => { const handler = createHandler(); const res = { end: spy(), writeHead: spy() }; try { await handler({method: 'POST', headers: {authorization: 'invalid'}, url}, res); t.equals(res.writeHead.args[0][0], 404, 'responds with 404'); t.ok(res.end.called, 'ends the response'); t.end(); } catch(e) { console.log(e); } }); test('#handler handles POST with valid auth header returns token', async t => { const handler = createHandler({endpoint, options, secret}); const res = { end: spy(), writeHead: spy() }; try { await handler({method: 'POST', headers: {authorization: 'valid'}, url}, res); t.ok(fetchAuth.args[0], [endpointSession, 'valid'], 'authorises user'); t.deepEquals(sign.args[0], [userCtx, secret, options], 'creates a token'); t.deepEquals(res.writeHead.args[0], [200, {'Content-Type': 'application/json'}], 'responds with 200 and content-type application/json'); t.ok(res.end.args[0][0], `"${token}"`, 'ends the response with the token as a JSON string'); t.end(); } catch(e) { console.log(e); } }); test('#handler handles POST with valid auth header but invalid credentials ends up in 401', async t => { const handler = createHandler({endpoint, options, secret}); const res = { end: spy(), writeHead: spy() }; spy(console, 'error'); try { await handler({method: 'POST', headers: {authorization: 'valid token but wrong user'}, url}, res); t.ok(fetchAuth.args[1], [endpointSession, 'valid token but wrong user'], 'tries to authorise user'); t.ok(console.error.called, 'logs the error'); t.equals(res.writeHead.args[0][0], 401, 'responds with 401'); t.ok(res.end.called, 'ends the response'); console.error.restore(); t.end(); } catch(e) { console.log(e); } }); test('#handler handles POST with valid auth header that needs to refresh roles returns token with new roles', async t => { const handler = createHandler({endpoint, options, secret}); const res = { end: spy(), writeHead: spy() }; try { await handler({method: 'POST', headers: {authorization: 'valid'}, url: urlRefreshRoles}, res); t.ok(fetchAuth.args[2], [endpointSession, 'valid'], 'authorises user'); t.ok(fetchAuth.args[3], [endpointUser, 'valid'], 'fetches user'); t.deepEquals(sign.args[1], [userCtx2, secret, options], 'creates a token'); t.deepEquals(res.writeHead.args[0], [200, {'Content-Type': 'application/json'}], 'responds with 200 and content-type application/json'); t.ok(res.end.args[0][0], `"${tokenRefreshedRoles}"`, 'ends the response with the token as a JSON string'); t.end(); } catch(e) { console.log(e); } });