1 | var extract_jwt = require('../lib/extract_jwt'),
|
2 | Request = require('./mock_request');
|
3 |
|
4 | describe('Token extractor', function() {
|
5 |
|
6 | describe('fromHeader', function() {
|
7 |
|
8 | var extractor = extract_jwt.fromHeader('test_header');
|
9 |
|
10 | it('should return null no when token is present', function() {
|
11 | var req = new Request();
|
12 |
|
13 | var token = extractor(req);
|
14 |
|
15 | expect(token).to.be.null;
|
16 | });
|
17 |
|
18 |
|
19 | it('should return the value from the specified header', function() {
|
20 | var req = new Request();
|
21 | req.headers['test_header'] = 'abcd123'
|
22 |
|
23 | var token = extractor(req)
|
24 |
|
25 | expect(token).to.equal('abcd123');
|
26 | });
|
27 | });
|
28 |
|
29 |
|
30 | describe('fromBodyField', function() {
|
31 |
|
32 | var extractor = extract_jwt.fromBodyField('test_field');
|
33 |
|
34 | it('should return null when no body is present', function() {
|
35 | var req = new Request();
|
36 |
|
37 | var token = extractor(req);
|
38 |
|
39 | expect(token).to.be.null;
|
40 | });
|
41 |
|
42 |
|
43 | it('should return null when the specified body field is not present', function() {
|
44 | var req = new Request();
|
45 | req.body = {};
|
46 |
|
47 | var token = extractor(req);
|
48 |
|
49 | expect(token).to.be.null;
|
50 | });
|
51 |
|
52 |
|
53 | it('should return the value from the specified body field', function() {
|
54 | var req = new Request();
|
55 | req.body = {};
|
56 | req.body.test_field = 'abcd123';
|
57 |
|
58 | var token = extractor(req);
|
59 |
|
60 | expect(token).to.equal('abcd123');
|
61 | });
|
62 |
|
63 |
|
64 | it('should work properly with querystring', function() {
|
65 | var req = new Request();
|
66 | const querystring = require('querystring');
|
67 | req.body = querystring.parse('test_field=abcd123')
|
68 |
|
69 | var token = extractor(req);
|
70 |
|
71 | expect(token).to.equal('abcd123')
|
72 | });
|
73 | });
|
74 |
|
75 |
|
76 | describe('fromUrlQueryParameter', function() {
|
77 |
|
78 | var extractor = extract_jwt.fromUrlQueryParameter('test_param');
|
79 |
|
80 |
|
81 | it('should return null when the specified paramter is not present', function() {
|
82 | var req = new Request();
|
83 |
|
84 | var token = extractor(req);
|
85 |
|
86 | expect(token).to.be.null;
|
87 | });
|
88 |
|
89 |
|
90 | it('should return the value from the specified parameter', function() {
|
91 | var req = new Request();
|
92 | req.url += '?test_param=abcd123';
|
93 |
|
94 | var token = extractor(req);
|
95 |
|
96 | expect(token).to.equal('abcd123');
|
97 | });
|
98 | });
|
99 |
|
100 |
|
101 | describe('fromAuthHeaderWithScheme', function() {
|
102 |
|
103 | var extractor = extract_jwt.fromAuthHeaderWithScheme('TEST_SCHEME');
|
104 |
|
105 | it('should return null when no auth header is present', function() {
|
106 | var req = new Request();
|
107 |
|
108 | var token = extractor(req);
|
109 |
|
110 | expect(token).to.be.null;
|
111 | });
|
112 |
|
113 |
|
114 | it('should return null when the auth header is present but the auth scheme doesnt match', function() {
|
115 | var req = new Request()
|
116 | req.headers['authorization'] = "NOT_TEST_SCHEME abcd123";
|
117 |
|
118 | var token = extractor(req);
|
119 |
|
120 | expect(token).to.be.null;
|
121 | });
|
122 |
|
123 |
|
124 | it('should return the value from the authorization header with specified auth scheme', function() {
|
125 | var req = new Request()
|
126 | req.headers['authorization'] = "TEST_SCHEME abcd123";
|
127 |
|
128 | var token = extractor(req);
|
129 |
|
130 | expect(token).to.equal('abcd123');
|
131 | });
|
132 |
|
133 | });
|
134 |
|
135 |
|
136 | describe('fromAuthHeader', function() {
|
137 |
|
138 | var extractor = extract_jwt.fromAuthHeader();
|
139 |
|
140 | it('should return the value from the authorization header with default JWT auth scheme', function() {
|
141 | var req = new Request()
|
142 | req.headers['authorization'] = "JWT abcd123";
|
143 |
|
144 | var token = extractor(req);
|
145 |
|
146 | expect(token).to.equal('abcd123');
|
147 | });
|
148 |
|
149 |
|
150 | });
|
151 |
|
152 | describe('fromExtractors', function() {
|
153 |
|
154 | it('should raise a type error when the extractor is constructed with a non-array argument', function() {
|
155 | this_should_throw = function() {
|
156 | var extractor = extract_jwt.fromExtractors({})
|
157 | }
|
158 |
|
159 | expect(this_should_throw).to.throw(TypeError)
|
160 | });
|
161 |
|
162 |
|
163 | var extractor = extract_jwt.fromExtractors([extract_jwt.fromAuthHeader(), extract_jwt.fromHeader('authorization')]);
|
164 |
|
165 | it('should return null when no extractor extracts token', function() {
|
166 | var req = new Request();
|
167 |
|
168 | var token = extractor(req);
|
169 |
|
170 | expect(token).to.be.null;
|
171 | });
|
172 |
|
173 |
|
174 | it('should return token found by least extractor', function() {
|
175 | var req = new Request()
|
176 | req.headers['authorization'] = "abcd123";
|
177 |
|
178 | var token = extractor(req);
|
179 |
|
180 | expect(token).to.equal('abcd123');
|
181 | });
|
182 |
|
183 |
|
184 | it('should return token found by first extractor', function() {
|
185 | var req = new Request()
|
186 | req.headers['authorization'] = "JWT abcd123";
|
187 |
|
188 | var token = extractor(req);
|
189 |
|
190 | expect(token).to.equal('abcd123');
|
191 | });
|
192 |
|
193 | });
|
194 |
|
195 |
|
196 | describe('versionOneCompatibility', function () {
|
197 |
|
198 | describe('default behavior', function() {
|
199 |
|
200 | var extractor = extract_jwt.versionOneCompatibility({});
|
201 |
|
202 | it('should return the token in the default "JWT" auth header', function () {
|
203 | var req = new Request();
|
204 | req.headers['authorization'] = "JWT abcd123";
|
205 |
|
206 | var token = extractor(req);
|
207 |
|
208 | expect(token).to.equal('abcd123');
|
209 | });
|
210 |
|
211 |
|
212 | it('should return the token in the default "auth_token" body field', function () {
|
213 | var req = new Request();
|
214 | req.body = {};
|
215 | req.body['auth_token'] = 'xyzabcd';
|
216 |
|
217 | var token = extractor(req);
|
218 |
|
219 | expect(token).to.equal('xyzabcd');
|
220 | });
|
221 |
|
222 |
|
223 | it('should return then token in the default "auth_token" query parameter', function () {
|
224 | var req = new Request();
|
225 | req.url += '?auth_token=abcd123';
|
226 |
|
227 | var token = extractor(req);
|
228 |
|
229 | expect(token).to.equal('abcd123');
|
230 | });
|
231 | });
|
232 |
|
233 |
|
234 | describe('user supplied parameters', function() {
|
235 |
|
236 | it('should return the token in an auth header with a user specified auth scheme', function() {
|
237 | var opts = { authScheme: 'MY_CUSTOM_AUTH_SCHEME' };
|
238 | var extractor = extract_jwt.versionOneCompatibility(opts);
|
239 | var req = new Request();
|
240 | req.headers['authorization'] = 'MY_CUSTOM_AUTH_SCHEME deadbeef';
|
241 |
|
242 | var token = extractor(req);
|
243 |
|
244 | expect(token).to.equal('deadbeef');
|
245 | });
|
246 |
|
247 |
|
248 | it('should return the token in a user supplied body field', function () {
|
249 | var opts = { tokenBodyField: 'CUSTOM_BODY_FIELD' };
|
250 | var extractor = extract_jwt.versionOneCompatibility(opts);
|
251 | var req = new Request();
|
252 | req.body = {};
|
253 | req.body['CUSTOM_BODY_FIELD'] = 'badbeef';
|
254 |
|
255 | var token = extractor(req);
|
256 |
|
257 | expect(token).to.equal('badbeef');
|
258 | });
|
259 |
|
260 |
|
261 | it('should return the token in a user specified query parameter', function () {
|
262 | var opts = { tokenQueryParameterName: 'CustomQueryParam' };
|
263 | var extractor = extract_jwt.versionOneCompatibility(opts);
|
264 | var req = new Request();
|
265 | req.url += '?CustomQueryParam=deadbeef';
|
266 |
|
267 | var token = extractor(req);
|
268 |
|
269 | expect(token).to.equal('deadbeef');
|
270 | });
|
271 |
|
272 | });
|
273 |
|
274 |
|
275 | });
|
276 |
|
277 | });
|
278 |
|