1 | var jwt = require('jsonwebtoken');
|
2 | var assert = require('assert');
|
3 |
|
4 | var expressjwt = require('../lib');
|
5 | var UnauthorizedError = require('../lib/errors/UnauthorizedError');
|
6 |
|
7 | describe('multitenancy', function(){
|
8 | var req = {};
|
9 | var res = {};
|
10 |
|
11 | var tenants = {
|
12 | 'a': {
|
13 | secret: 'secret-a'
|
14 | }
|
15 | };
|
16 |
|
17 | var secretCallback = function(req, payload, cb){
|
18 | var issuer = payload.iss;
|
19 | if (tenants[issuer]){
|
20 | return cb(null, tenants[issuer].secret);
|
21 | }
|
22 |
|
23 | return cb(new UnauthorizedError('missing_secret',
|
24 | { message: 'Could not find secret for issuer.' }));
|
25 | };
|
26 |
|
27 | var middleware = expressjwt({
|
28 | secret: secretCallback
|
29 | });
|
30 |
|
31 | it ('should retrieve secret using callback', function(){
|
32 | var token = jwt.sign({ iss: 'a', foo: 'bar'}, tenants.a.secret);
|
33 |
|
34 | req.headers = {};
|
35 | req.headers.authorization = 'Bearer ' + token;
|
36 |
|
37 | middleware(req, res, function() {
|
38 | assert.equal('bar', req.user.foo);
|
39 | });
|
40 | });
|
41 |
|
42 | it ('should throw if an error ocurred when retrieving the token', function(){
|
43 | var secret = 'shhhhhh';
|
44 | var token = jwt.sign({ iss: 'inexistent', foo: 'bar'}, secret);
|
45 |
|
46 | req.headers = {};
|
47 | req.headers.authorization = 'Bearer ' + token;
|
48 |
|
49 | middleware(req, res, function(err) {
|
50 | assert.ok(err);
|
51 | assert.equal(err.code, 'missing_secret');
|
52 | assert.equal(err.message, 'Could not find secret for issuer.');
|
53 | });
|
54 | });
|
55 |
|
56 | it ('should fail if token is revoked', function(){
|
57 | var token = jwt.sign({ iss: 'a', foo: 'bar'}, tenants.a.secret);
|
58 |
|
59 | req.headers = {};
|
60 | req.headers.authorization = 'Bearer ' + token;
|
61 |
|
62 | var middleware = expressjwt({
|
63 | secret: secretCallback,
|
64 | isRevoked: function(req, payload, done){
|
65 | done(null, true);
|
66 | }
|
67 | })(req, res, function(err) {
|
68 | assert.ok(err);
|
69 | assert.equal(err.code, 'revoked_token');
|
70 | assert.equal(err.message, 'The token has been revoked.');
|
71 | });
|
72 | });
|
73 | });
|
74 |
|