realm-object-server/dist/integration-tests/auth-service-integration-tests.spec.js

Realm Object Server

"use strict";
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
    return new (P || (P = Promise))(function (resolve, reject) {
        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
        function step(result) { result.done ? resolve(result.value) : new P(function (resolve) { resolve(result.value); }).then(fulfilled, rejected); }
        step((generator = generator.apply(thisArg, _arguments || [])).next());
    });
};
Object.defineProperty(exports, "__esModule", { value: true });
const TestServer_1 = require("../TestServer");
const auth_1 = require("../auth");
const Token_1 = require("../shared/Token");
const chai_1 = require("chai");
const chai = require("chai");
chai.use(require("chai-as-promised"));
const uuid = require("uuid");
const superagent = require("superagent");
const AdminRealm_1 = require("../realms/AdminRealm");
describe("Auth Service Integration Tests", function () {
    let server;
    let provider;
    before(() => __awaiter(this, void 0, void 0, function* () {
        server = new TestServer_1.TestServer();
        provider = new auth_1.NicknameAuthProvider();
        yield server.start({
            authProviders: [provider]
        });
    }));
    after(() => __awaiter(this, void 0, void 0, function* () {
        yield server.shutdown();
    }));
    describe("POST /auth (authenticate)", () => {
        describe("without provider", () => {
            it("should reject with an error", () => __awaiter(this, void 0, void 0, function* () {
                yield chai_1.assert.isRejected(superagent.post(`${server.url}/auth`).send({}), "Bad Request");
            }));
        });
        describe("with unknown provider", () => {
            it("should reject with an error", () => __awaiter(this, void 0, void 0, function* () {
                yield chai_1.assert.isRejected(superagent.post(`${server.url}/auth`).send({
                    provider: "snapchat",
                }), "Bad Request");
            }));
        });
        describe("without data", () => {
            it("should reject with an error", () => __awaiter(this, void 0, void 0, function* () {
                yield chai_1.assert.isRejected(superagent.post(`${server.url}/auth`).send({
                    provider: "nickname",
                }), "Bad Request");
            }));
        });
        describe("with data = 'admin' (nickname provider)", () => {
            it("should return a regular user refresh token", () => __awaiter(this, void 0, void 0, function* () {
                const response = yield chai_1.assert.isFulfilled(superagent.post(`${server.url}/auth`).send({
                    provider: "nickname",
                    data: "admin"
                }));
                const refreshToken = response.body.refresh_token;
                chai_1.assert.isString(refreshToken.token);
                chai_1.assert.isFalse(refreshToken.token_data.is_admin);
            }));
        });
        describe("with data = 'not-an-admin' (nickname provider)", () => {
            it("should return a regular user refresh token", () => __awaiter(this, void 0, void 0, function* () {
                const response = yield chai_1.assert.isFulfilled(superagent.post(`${server.url}/auth`).send({
                    provider: "nickname",
                    data: "not-an-admin"
                }));
                const refreshToken = response.body.refresh_token;
                chai_1.assert.isString(refreshToken.token);
                chai_1.assert.isFalse(refreshToken.token_data.is_admin);
            }));
        });
    });
    describe("OPTIONS /auth (CORS pre-flight)", () => {
        it("should respond with CORS headers", () => __awaiter(this, void 0, void 0, function* () {
            const response = yield superagent.options(`${server.url}/auth`);
            chai_1.assert.equal(response.header["access-control-allow-origin"], "*");
            const allowMethods = response.header["access-control-allow-methods"] || "";
            chai_1.assert(allowMethods.indexOf("POST") >= 0, "Missing the POST method");
        }));
    });
    describe("POST /auth/revoke (revokeToken)", () => {
        describe("with regular user refresh token", () => {
            let token;
            beforeEach(() => {
                token = new Token_1.RefreshToken({
                    isAdmin: false,
                    identity: "some-identity",
                    appId: "io.realm.Test",
                    expires: Math.round(Date.now() / 1000) + 60,
                });
            });
            describe("without a token field", () => {
                it("should reject with an error", () => __awaiter(this, void 0, void 0, function* () {
                    yield chai_1.assert.isRejected(superagent.post(`${server.url}/auth/revoke`).set({
                        Authorization: token.sign(server.privateKey),
                    }).send({}), "Bad Request");
                }));
            });
            it("should revoke a token", () => __awaiter(this, void 0, void 0, function* () {
                yield chai_1.assert.isFulfilled(superagent.post(`${server.url}/auth/revoke`).set({
                    Authorization: token.sign(server.privateKey),
                }).send({
                    token: token.sign(server.privateKey),
                }));
                yield chai_1.assert.isRejected(superagent.post(`${server.url}/auth/revoke`).set({
                    Authorization: token.sign(server.privateKey),
                }).send({
                    token: token.sign(server.privateKey),
                }), "Forbidden");
            }));
        });
        describe("with admin user refresh token", () => {
            let adminToken;
            let token;
            beforeEach(() => __awaiter(this, void 0, void 0, function* () {
                adminToken = yield server.createSignedAdminToken();
                token = yield server.createSignedAdminToken();
            }));
            it("should revoke a token", () => __awaiter(this, void 0, void 0, function* () {
                yield chai_1.assert.isFulfilled(superagent.post(`${server.url}/auth/revoke`).set({
                    Authorization: adminToken,
                }).send({
                    token,
                }));
                yield chai_1.assert.isRejected(superagent.post(`${server.url}/auth/revoke`).set({
                    Authorization: token,
                }).send({
                    token,
                }), "Forbidden");
            }));
        });
    });
    describe("PATCH /auth/users/userId", () => {
        let user;
        let nickname;
        const updateStatus = (status, userId, expectSuccess = true) => {
            return (expectSuccess ? chai_1.assert.isFulfilled : chai_1.assert.isRejected)(superagent.patch(`${server.url}/auth/users/${userId || user.identity}`).send({
                status
            }).set({
                Authorization: server.adminToken,
            }));
        };
        beforeEach(() => __awaiter(this, void 0, void 0, function* () {
            nickname = uuid.v4();
            const credentials = Realm.Sync.Credentials.nickname(nickname);
            user = yield Realm.Sync.User.login(server.url, credentials);
        }));
        describe("when status is valid", () => {
            it("updates the status", () => __awaiter(this, void 0, void 0, function* () {
                let response = yield updateStatus(AdminRealm_1.UserStatus.suspended);
                chai_1.assert.equal(response.body.status, AdminRealm_1.UserStatus.suspended);
                chai_1.assert.equal(response.body.user_id, user.identity);
                response = yield updateStatus(AdminRealm_1.UserStatus.active);
                chai_1.assert.equal(response.body.status, AdminRealm_1.UserStatus.active);
                chai_1.assert.equal(response.body.user_id, user.identity);
            }));
        });
        describe("when status is invalid", () => {
            it("throws an error", () => __awaiter(this, void 0, void 0, function* () {
                const response = yield updateStatus("some-invalid-value", user.identity, false);
                chai_1.assert.equal(response.status, 400);
                chai_1.assert.exists(response.response.body.invalid_params[0]);
                chai_1.assert.equal(response.response.body.invalid_params[0].name, "status");
            }));
        });
        describe("when user doesn't exist", () => {
            it("throws an error", () => __awaiter(this, void 0, void 0, function* () {
                const response = yield updateStatus(AdminRealm_1.UserStatus.active, "123", false);
                chai_1.assert.equal(response.status, 404);
                chai_1.assert.equal(response.response.body.title, "The user does not exist.");
            }));
        });
        describe("suspension tests", () => {
            describe("when user is blocked", () => {
                beforeEach(() => __awaiter(this, void 0, void 0, function* () {
                    yield updateStatus(AdminRealm_1.UserStatus.suspended);
                }));
                it("they can't login", () => __awaiter(this, void 0, void 0, function* () {
                    const response = yield chai_1.assert.isRejected(Realm.Sync.User.login(server.url, Realm.Sync.Credentials.nickname(nickname)));
                    chai_1.assert.equal(response.status, 403);
                    chai_1.assert.isTrue(response.title.startsWith("User account has been suspended."));
                }));
                it("they can't refresh token", () => __awaiter(this, void 0, void 0, function* () {
                    const response = yield chai_1.assert.isRejected(superagent.post(`${server.url}/auth`).send({
                        provider: "realm",
                        data: user.token,
                    }));
                    chai_1.assert.equal(response.status, 403);
                    chai_1.assert.isTrue(response.response.body.title.startsWith("User account has been suspended."));
                }));
            });
            describe("when they are activated after being suspended", () => {
                beforeEach(() => __awaiter(this, void 0, void 0, function* () {
                    yield updateStatus(AdminRealm_1.UserStatus.suspended);
                    yield updateStatus(AdminRealm_1.UserStatus.active);
                }));
                it("they can login", () => __awaiter(this, void 0, void 0, function* () {
                    const user = yield Realm.Sync.User.login(server.url, Realm.Sync.Credentials.nickname(nickname));
                    chai_1.assert.exists(user.token);
                }));
                it("they can refresh token", () => __awaiter(this, void 0, void 0, function* () {
                    const response = yield chai_1.assert.isFulfilled(superagent.post(`${server.url}/auth`).send({
                        provider: "realm",
                        data: user.token,
                    }));
                    chai_1.assert.equal(response.status, 200);
                    chai_1.assert.exists(response.body.user_token.token);
                }));
            });
        });
    });
});
//# sourceMappingURL=auth-service-integration-tests.spec.js.map