forked from remotestorage/armadietto
-
Notifications
You must be signed in to change notification settings - Fork 0
/
oauth_spec.js
171 lines (148 loc) · 5.66 KB
/
oauth_spec.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
/* eslint-env mocha, chai, node */
const chai = require('chai');
const chaiHttp = require('chai-http');
const spies = require('chai-spies');
const expect = chai.expect;
const Armadietto = require('../../lib/armadietto');
chai.use(chaiHttp);
chai.use(spies);
const req = chai.request('http://localhost:4567');
const get = async (path, params) => {
const ret = await req.get(path)
.redirects(0)
.query(params)
.send();
return ret;
};
const post = async (path, params) => {
const ret = await req.post(path)
.redirects(0)
.type('form')
.send(params);
return ret;
};
const store = {
authorize (clientId, username, permissions) {
return 'a_token';
},
authenticate (params) {
}
};
const sandbox = chai.spy.sandbox();
describe('OAuth', async () => {
before((done) => {
(async () => {
this._server = new Armadietto({
store,
http: { port: 4567 },
logging: { log_dir: './test-log', stdout: [], log_files: ['error'] }
});
await this._server.boot();
done();
})();
});
after((done) => {
(async () => {
await this._server.stop();
done();
})();
});
beforeEach(() => {
this.auth_params = {
username: 'zebcoe',
password: 'locog',
client_id: 'the_client_id',
redirect_uri: 'http://example.com/cb',
response_type: 'token',
scope: 'the_scope',
state: 'the_state'
};
sandbox.on(store, ['authorize', 'authenticate']);
});
afterEach(() => {
sandbox.restore();
});
describe('with invalid client input', () => {
beforeEach(() => {
delete this.auth_params.state;
});
it('returns an error if redirect_uri is missing', async () => {
delete this.auth_params.redirect_uri;
const res = await get('/oauth/me', this.auth_params);
expect(res).to.have.status(400);
expect(res.text).to.have.been.equal('error=invalid_request&error_description=Required%20parameter%20%22redirect_uri%22%20is%20missing');
});
it('returns an error if client_id is missing', async () => {
delete this.auth_params.client_id;
const res = await get('/oauth/me', this.auth_params);
expect(res).to.redirectTo('http://example.com/cb#error=invalid_request&error_description=Required%20parameter%20%22client_id%22%20is%20missing');
});
it('returns an error if response_type is missing', async () => {
delete this.auth_params.response_type;
const res = await get('/oauth/me', this.auth_params);
expect(res).to.redirectTo('http://example.com/cb#error=invalid_request&error_description=Required%20parameter%20%22response_type%22%20is%20missing');
});
it('returns an error if response_type is not recognized', async () => {
this.auth_params.response_type = 'wrong';
const res = await get('/oauth/me', this.auth_params);
expect(res).to.redirectTo('http://example.com/cb#error=unsupported_response_type&error_description=Response%20type%20%22wrong%22%20is%20not%20supported');
});
it('returns an error if scope is missing', async () => {
delete this.auth_params.scope;
const res = await get('/oauth/me', this.auth_params);
expect(res).to.redirectTo('http://example.com/cb#error=invalid_scope&error_description=Parameter%20%22scope%22%20is%20invalid');
});
it('returns an error if username is missing', async () => {
delete this.auth_params.username;
const res = await post('/oauth', this.auth_params);
expect(res).to.have.status(400);
});
});
describe('with valid login credentials', async () => {
describe('without explicit read/write permissions', async () => {
it('authorizes the client to read and write', async () => {
await post('/oauth', this.auth_params);
expect(store.authorize).to.be.called.with('the_client_id', 'zebcoe', { the_scope: ['r', 'w'] });
});
});
describe('with explicit read permission', async () => {
it('authorizes the client to read', async () => {
this.auth_params.scope = 'the_scope:r';
await post('/oauth', this.auth_params);
expect(store.authorize).to.be.called.with('the_client_id', 'zebcoe', { the_scope: ['r'] });
});
});
describe('with explicit read/write permission', async () => {
it('authorizes the client to read and write', async () => {
this.auth_params.scope = 'the_scope:rw';
await post('/oauth', this.auth_params);
expect(store.authorize).to.be.called.with('the_client_id', 'zebcoe', { the_scope: ['r', 'w'] });
});
});
it('redirects with an access token', async () => {
const res = await post('/oauth', this.auth_params);
expect(res).to.redirectTo('http://example.com/cb#access_token=a_token&token_type=bearer&state=the_state');
});
});
describe('with invalid login credentials', async () => {
it('does not authorize the client', async () => {
store.authenticate = (params) => {
throw new Error();
};
await post('/oauth', this.auth_params);
expect(store.authorize).to.be.called.exactly(0);
});
it('returns a 401 response with the login form', async () => {
store.authenticate = (params) => {
throw new Error();
};
const res = await post('/oauth', this.auth_params);
expect(res).to.have.status(401);
expect(res).to.have.header('Content-Type', 'text/html; charset=utf8');
expect(res).to.have.header('Content-Security-Policy', /sandbox.*default-src 'self'/);
expect(res).to.have.header('Referrer-Policy', 'no-referrer');
expect(res).to.have.header('X-Content-Type-Options', 'nosniff');
expect(res.text).to.contain('application <em>the_client_id</em> hosted');
});
});
});