1 | const nock = require('nock')
|
2 | const test = require('ava')
|
3 | const helpers = require('./_helpers')
|
4 | const fixtures = require('./fixtures')
|
5 |
|
6 | const cfg = helpers.getOptions({ entitlement: true })
|
7 | const targetScope = [...fixtures.targetScope, 'scope:foo.READ', 'scope:foo.WRITE']
|
8 |
|
9 | test.afterEach.always('reset instances and prototypes', () => {
|
10 | nock.cleanAll()
|
11 | })
|
12 |
|
13 | test('authentication does succeed', async (t) => {
|
14 | const mockReq = helpers.mockRequest(`bearer ${fixtures.composeJwt('rpt')}`)
|
15 |
|
16 | helpers.mockEntitlement(200, fixtures.content.rpt)
|
17 |
|
18 | const server = await helpers.getServer(cfg)
|
19 | const res = await server.inject(mockReq)
|
20 |
|
21 | t.truthy(res)
|
22 | t.is(res.statusCode, 200)
|
23 | t.deepEqual(JSON.parse(res.payload).sort(), targetScope)
|
24 | })
|
25 |
|
26 | test('authentication does succeed – cached', async (t) => {
|
27 | const mockReq = helpers.mockRequest(`bearer ${fixtures.composeJwt('rpt')}`)
|
28 |
|
29 | helpers.mockEntitlement(200, fixtures.content.rpt)
|
30 |
|
31 | const server = await helpers.getServer(Object.assign({ cache: true }, cfg))
|
32 | const res = await server.inject(mockReq)
|
33 |
|
34 | t.truthy(res)
|
35 | t.is(res.statusCode, 200)
|
36 | t.deepEqual(JSON.parse(res.payload).sort(), targetScope)
|
37 | })
|
38 |
|
39 | test('authentication does success – valid roles', async (t) => {
|
40 | const mockReq = helpers.mockRequest(`bearer ${fixtures.composeJwt('rpt')}`, '/role')
|
41 |
|
42 | helpers.mockEntitlement(200, fixtures.content.rpt)
|
43 |
|
44 | const server = await helpers.getServer(cfg)
|
45 | const res = await server.inject(mockReq)
|
46 |
|
47 | t.truthy(res)
|
48 | t.is(res.statusCode, 200)
|
49 | t.deepEqual(JSON.parse(res.payload).sort(), targetScope)
|
50 | })
|
51 |
|
52 | test('authentication does success – valid roles – rpt', async (t) => {
|
53 | const mockReq = helpers.mockRequest(`bearer ${fixtures.composeJwt('rpt')}`, '/role/rpt')
|
54 |
|
55 | helpers.mockEntitlement(200, fixtures.content.rpt)
|
56 |
|
57 | const server = await helpers.getServer(cfg)
|
58 | const res = await server.inject(mockReq)
|
59 |
|
60 | t.truthy(res)
|
61 | t.is(res.statusCode, 200)
|
62 | t.deepEqual(JSON.parse(res.payload).sort(), targetScope)
|
63 | })
|
64 |
|
65 | test('authentication does fail – invalid roles', async (t) => {
|
66 | const mockReq = helpers.mockRequest(`bearer ${fixtures.composeJwt('rpt')}`, '/role/guest')
|
67 |
|
68 | helpers.mockEntitlement(200, fixtures.content.rpt)
|
69 |
|
70 | const server = await helpers.getServer(cfg)
|
71 | const res = await server.inject(mockReq)
|
72 |
|
73 | t.truthy(res)
|
74 | t.is(res.statusCode, 403)
|
75 | })
|
76 |
|
77 | test('authentication does fail – invalid token', async (t) => {
|
78 | const mockReq = helpers.mockRequest(`bearer ${fixtures.composeJwt('rpt')}`)
|
79 |
|
80 | helpers.mockEntitlement(400, fixtures.content.rpt)
|
81 |
|
82 | const server = await helpers.getServer(cfg)
|
83 | const res = await server.inject(mockReq)
|
84 |
|
85 | t.truthy(res)
|
86 | t.is(res.statusCode, 401)
|
87 | t.is(res.headers['www-authenticate'], 'Bearer strategy="keycloak-jwt", reason="Retrieving the RPT failed", error="Invalid credentials"')
|
88 | })
|
89 |
|
90 | test('authentication does fail – invalid header', async (t) => {
|
91 | const mockReq = helpers.mockRequest(fixtures.common.token)
|
92 |
|
93 | const server = await helpers.getServer(cfg)
|
94 | const res = await server.inject(mockReq)
|
95 |
|
96 | t.truthy(res)
|
97 | t.is(res.statusCode, 401)
|
98 | t.is(res.headers['www-authenticate'], 'Bearer strategy="keycloak-jwt", error="Invalid credentials"')
|
99 | })
|