Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Added tests for content api brute force protection (#10344)
no-issue
- Loading branch information
Showing
3 changed files
with
61 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| const should = require('should'); | ||
| const middleware = require('../../../../../../server/web/api/v2/content/middleware'); | ||
|
|
||
| describe('Content Api v2 middleware', function () { | ||
| it('exports an authenticatePublic middleware', function () { | ||
| should.exist(middleware.authenticatePublic); | ||
| }); | ||
|
|
||
| describe('authenticatePublic', function () { | ||
| it('uses brute content api middleware as the first middleware in the chain', function () { | ||
| const firstMiddleware = middleware.authenticatePublic[0]; | ||
| const brute = require('../../../../../../server/web/shared/middlewares/brute'); | ||
|
|
||
| should.equal(firstMiddleware, brute.contentApiKey); | ||
| }); | ||
| }); | ||
| }); |
17 changes: 17 additions & 0 deletions
17
core/test/unit/web/shared/middleware/api/spam-prevention_spec.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| const should = require('should'); | ||
| const spamPrevention = require('../../../../../../server/web/shared/middlewares/api/spam-prevention'); | ||
|
|
||
| describe('Spam Prevention', function () { | ||
| it('exports a contentApiKey method', function () { | ||
| should.equal(typeof spamPrevention.contentApiKey, 'function'); | ||
| }); | ||
|
|
||
| describe('contentApiKey method', function () { | ||
| it('returns an instance of express-brute', function () { | ||
| const ExpressBrute = require('express-brute'); | ||
| const result = spamPrevention.contentApiKey(); | ||
|
|
||
| should.equal(result instanceof ExpressBrute, true); | ||
| }); | ||
| }); | ||
| }); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,27 @@ | ||
| const should = require('should'); | ||
| const sinon = require('sinon'); | ||
| const brute = require('../../../../../server/web/shared/middlewares/brute'); | ||
|
|
||
| describe('brute middleware', function () { | ||
| it('exports a contentApiKey method', function () { | ||
| should.equal(typeof brute.contentApiKey, 'function'); | ||
| }); | ||
|
|
||
| describe('contentApiKey', function () { | ||
| it('calls the contentApiKey method of spam prevention', function () { | ||
| const spamPrevention = require('../../../../../server/web/shared/middlewares/api/spam-prevention'); | ||
| const contentApiKeyStub = sinon.stub(spamPrevention, 'contentApiKey'); | ||
|
|
||
| // CASE: we don't care about what params it takes | ||
| // just whether it calls the spam prevention stuff | ||
| try { | ||
| brute.contentApiKey(); | ||
| } catch (err) { | ||
| // I don't care | ||
| } finally { | ||
| should.equal(contentApiKeyStub.called, true); | ||
| contentApiKeyStub.reset(); | ||
| } | ||
| }); | ||
| }); | ||
| }); |