1 | var Strategy = require('../lib/strategy')
|
2 | , chai = require('chai')
|
3 | , test_data = require('./testdata')
|
4 | , sinon = require('sinon')
|
5 | , extract_jwt = require('../lib/extract_jwt');
|
6 |
|
7 | describe('Strategy', function() {
|
8 |
|
9 | describe('calling JWT validation function', function() {
|
10 | var strategy;
|
11 |
|
12 | before(function(done) {
|
13 | verifyStub = sinon.stub();
|
14 | verifyStub.callsArgWith(1, null, {}, {});
|
15 | options = {};
|
16 | options.issuer = "TestIssuer";
|
17 | options.audience = "TestAudience";
|
18 | options.secretOrKey = 'secret';
|
19 | options.algorithms = ["HS256", "HS384"];
|
20 | options.ignoreExpiration = false;
|
21 | options.jwtFromRequest = extract_jwt.fromAuthHeader();
|
22 | strategy = new Strategy(options, verifyStub);
|
23 |
|
24 | Strategy.JwtVerifier = sinon.stub();
|
25 | Strategy.JwtVerifier.callsArgWith(3, null, test_data.valid_jwt.payload);
|
26 |
|
27 | chai.passport.use(strategy)
|
28 | .success(function(u, i) {
|
29 | done();
|
30 | })
|
31 | .req(function(req) {
|
32 | req.headers['authorization'] = "JWT " + test_data.valid_jwt.token;
|
33 | })
|
34 | .authenticate();
|
35 | });
|
36 |
|
37 |
|
38 | it('should call with the right secret as an argument', function() {
|
39 | expect(Strategy.JwtVerifier.args[0][1]).to.equal('secret');
|
40 | });
|
41 |
|
42 |
|
43 | it('should call with the right issuer option', function() {
|
44 | expect(Strategy.JwtVerifier.args[0][2]).to.be.an.object;
|
45 | expect(Strategy.JwtVerifier.args[0][2].issuer).to.equal('TestIssuer');
|
46 | });
|
47 |
|
48 |
|
49 | it('should call with the right audience option', function() {
|
50 | expect(Strategy.JwtVerifier.args[0][2]).to.be.an.object;
|
51 | expect(Strategy.JwtVerifier.args[0][2].audience).to.equal('TestAudience');
|
52 | });
|
53 |
|
54 | it('should call with the right algorithms option', function() {
|
55 | expect(Strategy.JwtVerifier.args[0][2]).to.be.an.object;
|
56 | expect(Strategy.JwtVerifier.args[0][2].algorithms).to.eql(["HS256", "HS384"]);
|
57 | });
|
58 |
|
59 | it('should call with the right ignoreExpiration option', function() {
|
60 | expect(Strategy.JwtVerifier.args[0][2]).to.be.an.object;
|
61 | expect(Strategy.JwtVerifier.args[0][2].ignoreExpiration).to.be.false;
|
62 | });
|
63 |
|
64 | });
|
65 |
|
66 |
|
67 | describe('handling valid jwt', function() {
|
68 | var strategy, payload;
|
69 |
|
70 | before(function(done) {
|
71 | strategy = new Strategy({jwtFromRequest: extract_jwt.fromAuthHeader(), secretOrKey: 'secret'}, function(jwt_payload, next) {
|
72 | payload = jwt_payload;
|
73 | next(null, {}, {});
|
74 | });
|
75 |
|
76 |
|
77 | Strategy.JwtVerifier = sinon.stub();
|
78 | Strategy.JwtVerifier.callsArgWith(3, null, test_data.valid_jwt.payload);
|
79 |
|
80 | chai.passport.use(strategy)
|
81 | .success(function(u, i) {
|
82 | done();
|
83 | })
|
84 | .req(function(req) {
|
85 | req.headers['authorization'] = "JWT " + test_data.valid_jwt.token;
|
86 | })
|
87 | .authenticate();
|
88 | });
|
89 |
|
90 |
|
91 | it('should call verify with the correct payload', function() {
|
92 | expect(payload).to.deep.equal(test_data.valid_jwt.payload);
|
93 | });
|
94 |
|
95 |
|
96 | });
|
97 |
|
98 |
|
99 | describe('handling failing jwt', function() {
|
100 | var strategy, info;
|
101 | var verify_spy = sinon.spy();
|
102 |
|
103 | before(function(done) {
|
104 |
|
105 | strategy = new Strategy({jwtFromRequest: extract_jwt.fromAuthHeader(), secretOrKey: 'secret'}, verify_spy);
|
106 |
|
107 |
|
108 | Strategy.JwtVerifier = sinon.stub();
|
109 | Strategy.JwtVerifier.callsArgWith(3, new Error("jwt expired"), false);
|
110 |
|
111 | chai.passport.use(strategy)
|
112 | .fail(function(i) {
|
113 | info = i;
|
114 | done();
|
115 | })
|
116 | .req(function(req) {
|
117 | req.headers['authorization'] = "JWT " + test_data.valid_jwt.token;
|
118 | })
|
119 | .authenticate();
|
120 | });
|
121 |
|
122 |
|
123 | it('should not call verify', function() {
|
124 | sinon.assert.notCalled(verify_spy);
|
125 | });
|
126 |
|
127 |
|
128 | it('should fail with error message.', function() {
|
129 | expect(info).to.be.an.object;
|
130 | expect(info.message).to.equal('jwt expired');
|
131 | });
|
132 |
|
133 | });
|
134 |
|
135 |
|
136 | describe('handling an invalid authentication header', function() {
|
137 | var strategy, info;
|
138 | var verify_spy = sinon.spy();
|
139 |
|
140 | before(function(done) {
|
141 |
|
142 | strategy = new Strategy({jwtFromRequest: extract_jwt.fromAuthHeader(), secretOrKey: 'secret'}, verify_spy);
|
143 |
|
144 | chai.passport.use(strategy)
|
145 | .fail(function(i) {
|
146 | info = i;
|
147 | done();
|
148 | })
|
149 | .req(function(req) {
|
150 | req.headers['authorization'] = "malformed";
|
151 | })
|
152 | .authenticate();
|
153 | });
|
154 |
|
155 |
|
156 | it('should not call verify', function() {
|
157 | sinon.assert.notCalled(verify_spy);
|
158 | });
|
159 |
|
160 |
|
161 | it('should fail with error message.', function() {
|
162 | expect(info).to.be.an.object;
|
163 | expect(info).to.be.an.instanceof(Error);
|
164 | });
|
165 |
|
166 | });
|
167 |
|
168 | });
|