1 | var should = require('chai').Should(),
|
2 | LdapStrategy = require('passport-ldapauth').Strategy,
|
3 | request = require('supertest'),
|
4 | ldapserver = require('./ldapserver'),
|
5 | appserver = require('./appserver');
|
6 |
|
7 | var LDAP_PORT = 1389;
|
8 |
|
9 | var expressapp = null;
|
10 |
|
11 |
|
12 | var BASE_OPTS = {
|
13 | server: {
|
14 | url: 'ldap://localhost:' + LDAP_PORT.toString(),
|
15 | adminDn: 'cn=root',
|
16 | adminPassword: 'secret',
|
17 | searchBase: 'ou=passport-ldapauth',
|
18 | searchFilter: '(uid={{username}})'
|
19 | }
|
20 | },
|
21 | BASE_TEST_OPTS = {
|
22 | no_callback: false
|
23 | };
|
24 |
|
25 | var start_servers = function(opts, test_opts) {
|
26 | return function(cb) {
|
27 | ldapserver.start(LDAP_PORT, function() {
|
28 | appserver.start(opts, test_opts, function(app) {
|
29 | expressapp = app;
|
30 | cb();
|
31 | });
|
32 | });
|
33 | }
|
34 | }
|
35 |
|
36 | var stop_servers = function(cb) {
|
37 | appserver.close(function() {
|
38 | ldapserver.close(function() {
|
39 | cb();
|
40 | });
|
41 | });
|
42 | };
|
43 |
|
44 | describe("LDAP authentication strategy", function() {
|
45 |
|
46 | describe("by itself", function() {
|
47 |
|
48 | it("should throw an error if no arguments are provided", function(cb) {
|
49 | (function() {
|
50 | new LdapStrategy();
|
51 | }).should.throw(Error);
|
52 | cb();
|
53 | });
|
54 |
|
55 | it("should throw an error if options are not provided", function(cb) {
|
56 | (function() {
|
57 | new LdapStrategy(function() {});
|
58 | }).should.throw(Error);
|
59 | cb();
|
60 | });
|
61 |
|
62 | it("should throw an error if options are not accepted by ldapauth", function(cb) {
|
63 | var s = new LdapStrategy({}, function() {});
|
64 | (function() {
|
65 | s.authenticate({body: {username: 'valid', password: 'valid'}});
|
66 | }).should.throw(Error);
|
67 | cb();
|
68 | });
|
69 |
|
70 | it("should initialize without a verify callback", function(cb) {
|
71 | (function() {
|
72 | new LdapStrategy({server: {}})
|
73 | }).should.not.throw(Error);
|
74 | cb();
|
75 | });
|
76 |
|
77 | });
|
78 |
|
79 | describe("with basic settings", function() {
|
80 |
|
81 | before(start_servers(BASE_OPTS, BASE_TEST_OPTS));
|
82 |
|
83 | after(stop_servers);
|
84 |
|
85 | it("should return unauthorized if credentials are not given", function(cb) {
|
86 | request(expressapp)
|
87 | .post('/login')
|
88 | .send({})
|
89 | .expect(401)
|
90 | .end(cb);
|
91 | });
|
92 |
|
93 | it("should allow access with valid credentials", function(cb) {
|
94 | request(expressapp)
|
95 | .post('/login')
|
96 | .send({username: 'valid', password: 'valid'})
|
97 | .expect(200)
|
98 | .end(cb);
|
99 | });
|
100 |
|
101 | it("should allow access with valid credentials in query string", function(cb) {
|
102 | request(expressapp)
|
103 | .post('/login?username=valid&password=valid')
|
104 | .expect(200)
|
105 | .end(cb);
|
106 | });
|
107 |
|
108 | it("should return unauthorized with invalid credentials", function(cb) {
|
109 | request(expressapp)
|
110 | .post('/login')
|
111 | .send({username: 'valid', password: 'invvalid'})
|
112 | .expect(401)
|
113 | .end(cb);
|
114 | });
|
115 |
|
116 | it("should return unauthorized with non-existing user", function(cb) {
|
117 | request(expressapp)
|
118 | .post('/login')
|
119 | .send({username: 'nonexisting', password: 'invvalid'})
|
120 | .expect(401)
|
121 | .end(cb);
|
122 | });
|
123 | });
|
124 |
|
125 | describe("without a verify callback", function() {
|
126 | before(start_servers(BASE_OPTS, {no_callback: true}));
|
127 |
|
128 | after(stop_servers);
|
129 |
|
130 | it("should still authenticate", function(cb) {
|
131 | request(expressapp)
|
132 | .post('/login')
|
133 | .send({username: 'valid', password: 'valid'})
|
134 | .expect(200)
|
135 | .end(cb);
|
136 | });
|
137 |
|
138 | it("should reject invalid event", function(cb) {
|
139 | request(expressapp)
|
140 | .post('/login')
|
141 | .send({username: 'valid', password: 'invalid'})
|
142 | .expect(401)
|
143 | .end(cb);
|
144 | });
|
145 | });
|
146 |
|
147 | describe("with optional options", function() {
|
148 |
|
149 | afterEach(stop_servers);
|
150 |
|
151 | it("should read given fields instead of defaults", function(cb) {
|
152 | var OPTS = JSON.parse(JSON.stringify(BASE_OPTS));
|
153 | OPTS.usernameField = 'ldapuname';
|
154 | OPTS.passwordField = 'ldappwd';
|
155 |
|
156 | start_servers(OPTS, BASE_TEST_OPTS)(function() {
|
157 | request(expressapp)
|
158 | .post('/login')
|
159 | .send({ldapuname: 'valid', ldappwd: 'valid'})
|
160 | .expect(200)
|
161 | .end(cb);
|
162 | });
|
163 | });
|
164 |
|
165 | it("should pass request to verify callback if defined so", function(cb) {
|
166 | var OPTS = JSON.parse(JSON.stringify(BASE_OPTS));
|
167 | OPTS.passReqToCallback = true;
|
168 |
|
169 | start_servers(OPTS, BASE_TEST_OPTS)(function() {
|
170 | var req = {body: {username: 'valid', password: 'valid', testkey: 1}},
|
171 | s = new LdapStrategy(OPTS, function(req, user, done) {
|
172 | req.should.have.keys('body');
|
173 | req.body.should.have.keys(['username', 'password', 'testkey']);
|
174 | done(null, user);
|
175 | });
|
176 |
|
177 | s.success = function(user) {
|
178 | should.exist(user);
|
179 | user.uid.should.equal('valid');
|
180 | cb();
|
181 | };
|
182 |
|
183 | s.authenticate(req);
|
184 | });
|
185 | });
|
186 | });
|
187 | });
|