realm-object-server
Version:
393 lines • 19.7 kB
JavaScript
;
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
return new (P || (P = Promise))(function (resolve, reject) {
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
function step(result) { result.done ? resolve(result.value) : new P(function (resolve) { resolve(result.value); }).then(fulfilled, rejected); }
step((generator = generator.apply(thisArg, _arguments || [])).next());
});
};
Object.defineProperty(exports, "__esModule", { value: true });
const TestServer_1 = require("../TestServer");
const auth_1 = require("../auth");
const chai_1 = require("chai");
const chai = require("chai");
chai.use(require("chai-as-promised"));
const superagent = require("superagent");
const faker = require("faker");
describe("Password Auth Provider Integration Tests", function () {
let server;
let provider;
before(() => __awaiter(this, void 0, void 0, function* () {
server = new TestServer_1.TestServer();
provider = new auth_1.PasswordAuthProvider({
autoCreateAdminUser: true,
iterations: 1
});
yield server.start({
authProviders: [provider]
});
}));
after(() => __awaiter(this, void 0, void 0, function* () {
yield server.shutdown().catch((err) => {
console.log(err);
});
}));
describe("POST /auth (authenticateOrCreateUser)", () => {
describe("when username is undefined", () => {
it("should reject with an error", () => __awaiter(this, void 0, void 0, function* () {
yield chai_1.assert.isRejected(superagent.post(`${server.url}/auth`).send({
provider: "password",
password: "some password",
}), "Bad Request");
}));
});
describe("when password is undefined", () => {
it("should reject with an error", () => __awaiter(this, void 0, void 0, function* () {
yield chai_1.assert.isRejected(superagent.post(`${server.url}/auth`).send({
provider: "password",
username: "Emmanuel.Sanders",
}), "Bad Request");
}));
});
describe("when register is undefined", () => {
describe("without an existing user", () => {
it("should create a user", () => __awaiter(this, void 0, void 0, function* () {
const username = faker.internet.userName();
const password = faker.internet.password();
const response = yield chai_1.assert.isFulfilled(superagent.post(`${server.url}/auth`).send({
provider: "password",
username, password
}));
const refreshToken = response.body.refresh_token;
chai_1.assert.isDefined(refreshToken);
chai_1.assert.isString(refreshToken.token);
yield chai_1.assert.isFulfilled(superagent.post(`${server.url}/auth`).send({
provider: "password",
username, password
}));
}));
});
describe("with an existing user", () => {
let username;
let password;
beforeEach(() => __awaiter(this, void 0, void 0, function* () {
username = faker.internet.userName();
password = faker.internet.password();
yield superagent.post(`${server.url}/auth`).send({
provider: "password",
username, password,
register: true
});
}));
describe("with bad password", () => {
it("should reject with an error", () => __awaiter(this, void 0, void 0, function* () {
const error = yield chai_1.assert.isRejected(superagent.post(`${server.url}/auth`).send({
provider: "password",
username,
password: "tombrady",
}), "Unauthorized");
const response = error.response;
chai_1.assert.equal(response.status, 401);
chai_1.assert.equal(response.body.code, 611);
}));
});
describe("with correct password", () => {
it("should succeed", () => __awaiter(this, void 0, void 0, function* () {
const response = yield chai_1.assert.isFulfilled(superagent.post(`${server.url}/auth`).send({
provider: "password",
username, password,
}));
chai_1.assert.equal(response.status, 200);
const refreshToken = response.body.refresh_token;
chai_1.assert.isDefined(refreshToken);
chai_1.assert.isString(refreshToken.token);
const data = refreshToken.token_data;
chai_1.assert.isFalse(data.is_admin);
chai_1.assert.isDefined(data.identity);
chai_1.assert.deepEqual(data.access, ["refresh"]);
chai_1.assert.isNumber(data.expires);
chai_1.assert.isDefined(data.app_id);
}));
});
});
});
describe("when register = true", () => {
describe("with an existing user", () => {
let username;
let password;
beforeEach(() => __awaiter(this, void 0, void 0, function* () {
username = faker.internet.userName();
password = faker.internet.password();
yield superagent.post(`${server.url}/auth`).send({
provider: "password",
username, password,
register: true
});
}));
it("should reject with an error", () => __awaiter(this, void 0, void 0, function* () {
const error = yield chai_1.assert.isRejected(superagent.post(`${server.url}/auth`).send({
provider: "password",
username, password,
register: true,
}), "Unauthorized");
const response = error.response;
chai_1.assert.equal(response.status, 401);
chai_1.assert.equal(response.body.code, 611);
}));
});
describe("without an existing user", () => {
it("should create a user", () => __awaiter(this, void 0, void 0, function* () {
const username = faker.internet.userName();
const password = faker.internet.password();
const response = yield chai_1.assert.isFulfilled(superagent.post(`${server.url}/auth`).send({
provider: "password",
username, password,
register: true,
}));
const refreshToken = response.body.refresh_token;
chai_1.assert.isDefined(refreshToken);
chai_1.assert.isString(refreshToken.token);
yield chai_1.assert.isFulfilled(superagent.post(`${server.url}/auth`).send({
provider: "password",
username, password
}));
}));
});
});
});
describe("PUT /auth/password (update)", () => {
let existingUsername;
let existingPassword;
let existingUserToken;
let existingUserId;
beforeEach(() => __awaiter(this, void 0, void 0, function* () {
existingUsername = faker.internet.userName();
existingPassword = faker.internet.password();
const response = yield superagent.post(`${server.url}/auth`).send({
provider: "password",
username: existingUsername,
password: existingPassword,
register: true
});
existingUserToken = response.body.refresh_token.token;
existingUserId = response.body.refresh_token.token_data.identity;
}));
describe("as an existing user", () => {
describe("when data is not defined", () => {
it("should reject with an error", () => __awaiter(this, void 0, void 0, function* () {
yield chai_1.assert.isRejected(superagent.put(`${server.url}/auth/password`).set({
Authorization: existingUserToken,
}).send({}), "Bad Request");
}));
});
describe("when data.new_password is not defined", () => {
it("should reject with an error", () => __awaiter(this, void 0, void 0, function* () {
yield chai_1.assert.isRejected(superagent.put(`${server.url}/auth/password`).set({
Authorization: existingUserToken,
}).send({
data: {}
}), "Bad Request");
}));
});
describe("when using data.new_password", () => {
it("should set the password", () => __awaiter(this, void 0, void 0, function* () {
yield chai_1.assert.isFulfilled(superagent.put(`${server.url}/auth/password`).set({
Authorization: existingUserToken,
}).send({
data: {
new_password: "new-password",
}
}));
yield chai_1.assert.isFulfilled(superagent.post(`${server.url}/auth`).send({
provider: "password",
username: existingUsername,
password: "new-password",
register: false
}));
}));
});
describe("when using another user", () => {
let secondUserToken;
beforeEach(() => __awaiter(this, void 0, void 0, function* () {
const secondResponse = yield superagent.post(`${server.url}/auth`).send({
provider: "password",
username: "test-user",
password: "test-password",
register: true,
});
secondUserToken = secondResponse.body.refresh_token.token;
}));
it("should throw an error", () => __awaiter(this, void 0, void 0, function* () {
yield chai_1.assert.isRejected(superagent.put(`${server.url}/auth/password`).set({
Authorization: secondUserToken,
}).send({
user_id: existingUserId,
data: {
new_password: "new-password",
}
}), "Forbidden");
}));
});
});
describe("as an admin", () => {
let adminUserToken;
beforeEach(() => __awaiter(this, void 0, void 0, function* () {
const response = yield superagent.post(`${server.url}/auth`).send({
provider: "password",
username: "realm-admin",
password: "",
});
adminUserToken = response.body.refresh_token.token;
}));
it("should set the password", () => __awaiter(this, void 0, void 0, function* () {
yield chai_1.assert.isFulfilled(superagent.put(`${server.url}/auth/password`).set({
Authorization: adminUserToken,
}).send({
user_id: existingUserId,
data: {
new_password: "new-password",
}
}));
yield chai_1.assert.isFulfilled(superagent.post(`${server.url}/auth`).send({
provider: "password",
username: existingUsername,
password: "new-password",
register: false
}));
}));
});
describe("without a token", () => {
it("should reject with an error", () => __awaiter(this, void 0, void 0, function* () {
yield chai_1.assert.isRejected(superagent.put(`${server.url}/auth/password`).send({
user_id: existingUserId,
data: {
new_password: "new-password",
}
}), "Unauthorized");
}));
});
});
describe("with the existing realm-admin user", () => {
it("should login", () => __awaiter(this, void 0, void 0, function* () {
const response = yield chai_1.assert.isFulfilled(superagent.post(`${server.url}/auth`).send({
provider: "password",
username: "realm-admin",
password: "",
register: false,
}));
const refreshToken = response.body.refresh_token;
chai_1.assert.isDefined(refreshToken);
chai_1.assert.isString(refreshToken.token);
}));
it("should support revoke", () => __awaiter(this, void 0, void 0, function* () {
const response = yield chai_1.assert.isFulfilled(superagent.post(`${server.url}/auth`).send({
provider: "password",
username: "realm-admin",
password: "",
register: false,
}));
const refreshToken = response.body.refresh_token;
chai_1.assert.isDefined(refreshToken);
chai_1.assert.isString(refreshToken.token);
yield chai_1.assert.isFulfilled(superagent.post(`${server.url}/auth/revoke`).set({
Authorization: refreshToken.token,
}).send({
token: refreshToken.token,
}));
yield chai_1.assert.isRejected(superagent.post(`${server.url}/auth/revoke`).set({
Authorization: refreshToken.token,
}).send({
token: refreshToken.token,
}), "Forbidden");
}));
it("should support revoke and re-login", () => __awaiter(this, void 0, void 0, function* () {
const response = yield chai_1.assert.isFulfilled(superagent.post(`${server.url}/auth`).send({
provider: "password",
username: "realm-admin",
password: "",
register: false,
}));
const refreshToken = response.body.refresh_token;
chai_1.assert.isDefined(refreshToken);
chai_1.assert.isString(refreshToken.token);
yield chai_1.assert.isFulfilled(superagent.post(`${server.url}/auth/revoke`).set({
Authorization: refreshToken.token,
}).send({
token: refreshToken.token,
}));
const secondResponse = yield chai_1.assert.isFulfilled(superagent.post(`${server.url}/auth`).send({
provider: "password",
username: "realm-admin",
password: "",
register: false,
}));
const secondRefreshToken = secondResponse.body.refresh_token;
chai_1.assert.isDefined(secondRefreshToken);
chai_1.assert.isString(secondRefreshToken.token);
chai_1.assert.notEqual(refreshToken.token, secondRefreshToken.token);
}));
it("should support revoke, login, and access token acquisition", () => __awaiter(this, void 0, void 0, function* () {
const response = yield chai_1.assert.isFulfilled(superagent.post(`${server.url}/auth`).send({
provider: "password",
username: "realm-admin",
password: "",
register: false,
}));
const refreshTokenA = response.body.refresh_token;
chai_1.assert.isDefined(refreshTokenA);
chai_1.assert.isString(refreshTokenA.token);
yield chai_1.assert.isFulfilled(superagent.post(`${server.url}/auth/revoke`).set({
Authorization: refreshTokenA.token,
}).send({
token: refreshTokenA.token,
}));
const username = faker.internet.userName();
const password = faker.internet.password();
const userBResponse = yield chai_1.assert.isFulfilled(superagent.post(`${server.url}/auth`).send({
provider: "password",
username, password,
register: true,
}));
const userBRefreshToken = userBResponse.body.refresh_token;
chai_1.assert.isDefined(userBRefreshToken);
chai_1.assert.isString(userBRefreshToken.token);
yield chai_1.assert.isFulfilled(superagent.post(`${server.url}/auth`).send({
provider: "password",
username: username,
password: password
}));
const userBAccessTokenResponse = yield chai_1.assert.isFulfilled(superagent.post(`${server.url}/auth`).send({
path: "/~/myRealm",
data: userBRefreshToken.token,
provider: "realm",
}));
const accessToken = userBAccessTokenResponse.body.access_token.token;
const accessTokenData = userBAccessTokenResponse.body.access_token.token_data;
const userBRealmPath = accessTokenData.path;
chai_1.assert.isString(accessToken);
chai_1.assert.equal(`/${accessTokenData.identity}/myRealm`, userBRealmPath);
const secondResponse = yield chai_1.assert.isFulfilled(superagent.post(`${server.url}/auth`).send({
provider: "password",
username: "realm-admin",
password: "",
register: false,
}));
const refreshTokenB = secondResponse.body.refresh_token;
chai_1.assert.isDefined(refreshTokenB);
chai_1.assert.isString(refreshTokenB.token);
chai_1.assert.notEqual(refreshTokenA.token, refreshTokenB.token);
const adminAccessTokenResponse = yield chai_1.assert.isFulfilled(superagent.post(`${server.url}/auth`).send({
path: userBRealmPath,
data: refreshTokenB.token,
provider: "realm",
}));
const adminAccessToken = adminAccessTokenResponse.body.access_token.token;
const adminAccessTokenData = adminAccessTokenResponse.body.access_token.token_data;
const adminAccessTokenPath = adminAccessTokenData.path;
chai_1.assert.isString(adminAccessToken);
chai_1.assert.equal(adminAccessTokenPath, userBRealmPath);
}));
});
});
//# sourceMappingURL=password-auth-integration-tests.spec.js.map