@leisurelink/trusted-endpoint/test/remote-endpoint-authority.tests.js

'use strict';

var expect = require('chai').expect;
var winston = require('winston');
var cache = require('../lib/cache');
var errors = require('@leisurelink/http-equiv-errors');

var RemoteEndpointAuthority = require('../lib/remote-endpoint-authority');

describe('RemoteEndpointAuthority', function(){
  var authority, mockAuthentic, mockAuthScope;
  var sig, endpointClaims, context;

  beforeEach(function(){
    cache.disable();
    mockAuthScope = { verify: function(_, cb) { cb(null, context); } };

    sig = { params: { keyId: 'some-endpoint/some-key' } };
    endpointClaims = { response: {statusCode: 200}, token: {result:{}} };
    mockAuthentic = {
      getEndpointClaims: function(_, __, cb) {
        cb(null, endpointClaims.response, endpointClaims.token);
      }
    };
    context = {verified: true, isExpired:false};

    authority = RemoteEndpointAuthority(mockAuthScope, mockAuthentic, winston, 0);
  });

  describe('#create', function(){
    it('should return verified auth context', function(){
      return authority.create(sig).then(function(val){
        expect(val).to.eql(context);
      });
    });
    it('should return null when sig is missing', function(){
      return authority.create(null).then(function(val){
        expect(val).to.be.null;
      });
    });
    it('should return service unavailable error when endpoint response has bad status code', function(){
      endpointClaims.response.statusCode = 500;
      return authority.create(sig).then(function(){
        throw new Error('Expected failure, got success');
      }).catch(errors.ServiceUnavailableError, function(err){
        expect(err).to.be.ok;
      });
    });
    it('should return service unavailable error when endpoint claims is missing a token', function(){
      endpointClaims.token = undefined;
      return authority.create(sig).then(function(){
        throw new Error('Expected failure, got success');
      }).catch(errors.ServiceUnavailableError, function(err){
        expect(err).to.be.ok;
      });
    });
    it('should return service unavailable error when endpoint claims is missing a token result', function(){
      endpointClaims.token.result = undefined;
      return authority.create(sig).then(function(){
        throw new Error('Expected failure, got success');
      }).catch(errors.ServiceUnavailableError, function(err){
        expect(err).to.be.ok;
      });
    });
    it('should return UnauthorizedError when context is not verified', function(){
      context.verified = false;
      return authority.create(sig).then(function(){
        throw new Error('Expected failure, got success');
      }).catch(errors.UnauthorizedError, function(err){
        expect(err).to.be.ok;
        expect(err.message).to.eql('trusted-endpoint:unverifiable-auth-token');
      });
    });
    it('should return undefined when context is expired', function(){
      context.isExpired = true;
      return authority.create(sig).then(function(val){
        expect(val).to.be.undefined;
      });
    });
  });
});