1 | 'use strict';
|
2 |
|
3 | var expect = require('chai').expect;
|
4 | var winston = require('winston');
|
5 | var cache = require('../lib/cache');
|
6 | var errors = require('@leisurelink/http-equiv-errors');
|
7 |
|
8 | var RemoteEndpointAuthority = require('../lib/remote-endpoint-authority');
|
9 |
|
10 | describe('RemoteEndpointAuthority', function(){
|
11 | var authority, mockAuthentic, mockAuthScope;
|
12 | var sig, endpointClaims, context;
|
13 |
|
14 | beforeEach(function(){
|
15 | cache.disable();
|
16 | mockAuthScope = { verify: function(_, cb) { cb(null, context); } };
|
17 |
|
18 | sig = { params: { keyId: 'some-endpoint/some-key' } };
|
19 | endpointClaims = { response: {statusCode: 200}, token: {result:{}} };
|
20 | mockAuthentic = {
|
21 | getEndpointClaims: function(_, __, cb) {
|
22 | cb(null, endpointClaims.response, endpointClaims.token);
|
23 | }
|
24 | };
|
25 | context = {verified: true, isExpired:false};
|
26 |
|
27 | authority = RemoteEndpointAuthority(mockAuthScope, mockAuthentic, winston, 0);
|
28 | });
|
29 |
|
30 | describe('#create', function(){
|
31 | it('should return verified auth context', function(){
|
32 | return authority.create(sig).then(function(val){
|
33 | expect(val).to.eql(context);
|
34 | });
|
35 | });
|
36 | it('should return null when sig is missing', function(){
|
37 | return authority.create(null).then(function(val){
|
38 | expect(val).to.be.null;
|
39 | });
|
40 | });
|
41 | it('should return service unavailable error when endpoint response has bad status code', function(){
|
42 | endpointClaims.response.statusCode = 500;
|
43 | return authority.create(sig).then(function(){
|
44 | throw new Error('Expected failure, got success');
|
45 | }).catch(errors.ServiceUnavailableError, function(err){
|
46 | expect(err).to.be.ok;
|
47 | });
|
48 | });
|
49 | it('should return service unavailable error when endpoint claims is missing a token', function(){
|
50 | endpointClaims.token = undefined;
|
51 | return authority.create(sig).then(function(){
|
52 | throw new Error('Expected failure, got success');
|
53 | }).catch(errors.ServiceUnavailableError, function(err){
|
54 | expect(err).to.be.ok;
|
55 | });
|
56 | });
|
57 | it('should return service unavailable error when endpoint claims is missing a token result', function(){
|
58 | endpointClaims.token.result = undefined;
|
59 | return authority.create(sig).then(function(){
|
60 | throw new Error('Expected failure, got success');
|
61 | }).catch(errors.ServiceUnavailableError, function(err){
|
62 | expect(err).to.be.ok;
|
63 | });
|
64 | });
|
65 | it('should return UnauthorizedError when context is not verified', function(){
|
66 | context.verified = false;
|
67 | return authority.create(sig).then(function(){
|
68 | throw new Error('Expected failure, got success');
|
69 | }).catch(errors.UnauthorizedError, function(err){
|
70 | expect(err).to.be.ok;
|
71 | expect(err.message).to.eql('trusted-endpoint:unverifiable-auth-token');
|
72 | });
|
73 | });
|
74 | it('should return undefined when context is expired', function(){
|
75 | context.isExpired = true;
|
76 | return authority.create(sig).then(function(val){
|
77 | expect(val).to.be.undefined;
|
78 | });
|
79 | });
|
80 | });
|
81 | });
|