forked from assaf/zombie
/
authentication_test.coffee
126 lines (100 loc) · 4.08 KB
/
authentication_test.coffee
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
{ assert, brains, Browser } = require("./helpers")
describe "Authentication", ->
describe "basic", ->
before (done)->
brains.get "/auth/basic", (req, res) ->
if auth = req.headers.authorization
if auth == "Basic dXNlcm5hbWU6cGFzczEyMw=="
res.send "<html><body>#{req.headers["authorization"]}</body></html>"
else
res.send "Invalid credentials", 401
else
res.send "Missing credentials", 401
brains.ready done
describe "without credentials", ->
before (done)->
@browser = new Browser()
@browser.visit("http://localhost:3003/auth/basic").
finally(done)
it "should return status code 401", ->
assert.equal @browser.statusCode, 401
describe "with invalid credentials", ->
before (done)->
@browser = new Browser()
@browser.authenticate("localhost:3003").basic("username", "wrong")
@browser.visit("http://localhost:3003/auth/basic")
.finally(done)
it "should return status code 401", ->
assert.equal @browser.statusCode, 401
describe "with valid credentials", ->
before (done)->
@browser = new Browser()
@browser.authenticate("localhost:3003").basic("username", "pass123")
@browser.visit "http://localhost:3003/auth/basic", done
it "should have the authentication header", ->
assert.equal @browser.text("body"), "Basic dXNlcm5hbWU6cGFzczEyMw=="
describe "legacy credentials", ->
before (done)->
@browser = new Browser()
credentials = { scheme: "basic", user: "username", password: "pass123" }
@browser.visit "http://localhost:3003/auth/basic", credentials: credentials, done
it "should have the authentication header", ->
assert.equal @browser.text("body"), "Basic dXNlcm5hbWU6cGFzczEyMw=="
describe "OAuth bearer", ->
before (done)->
brains.get "/auth/oauth2", (req, res) ->
if auth = req.headers.authorization
if auth == "Bearer 12345"
res.send "<html><body>#{req.headers["authorization"]}</body></html>"
else
res.send "Invalid token", 401
else
res.send "Missing token", 401
brains.ready done
describe "without credentials", ->
before (done)->
@browser = new Browser()
@browser.visit("http://localhost:3003/auth/oauth2")
.finally(done)
it "should return status code 401", ->
assert.equal @browser.statusCode, 401
describe "with invalid credentials", ->
before (done)->
@browser = new Browser()
@browser.authenticate("localhost:3003").bearer("wrong")
@browser.visit("http://localhost:3003/auth/oauth2")
.finally(done)
it "should return status code 401", ->
assert.equal @browser.statusCode, 401
describe "with valid credentials", ->
before (done)->
@browser = new Browser()
@browser.authenticate("localhost:3003").bearer("12345")
@browser.visit "http://localhost:3003/auth/oauth2", done
it "should have the authentication header", ->
assert.equal @browser.text("body"), "Bearer 12345"
describe "Scripts on secure pages", ->
before (done) ->
brains.get "/auth/script", (req, res) ->
if auth = req.headers.authorization
res.send """
<html>
<head>
<title>Zero</title>
<script src="/auth/script.js"></script>
</head>
<body></body>
</html>
"""
else
res.send "No Credentials on the html page", 401
brains.get "/auth/script.js", (req, res) ->
if auth = req.headers.authorization
res.send "document.title = document.title + 'One'"
else
res.send "No Credentials on the javascript", 401
@browser = new Browser()
@browser.authenticate("localhost:3003").basic("username", "pass123")
@browser.visit "http://localhost:3003/auth/script", done
it "should download the script", ->
assert.equal @browser.text("title"), "ZeroOne"