dergeorg/SmartShopper
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
SmartShopper/express-server/node_modules/express-basic-auth/test.js
Lukas Nowy fd947bd852 https 
express server läuft jetzt mit https
2018-12-16 19:08:08 +01:00

257 lines
7.2 KiB
JavaScript
Raw Blame History

const should = require('should')
const basicAuth = require('./index.js')
const express = require('express')
const supertest = require('supertest');
var app = express()
//Requires basic auth with username 'Admin' and password 'secret1234'
var staticUserAuth = basicAuth({
users: {
'Admin': 'secret1234'
},
challenge: false
})
//Uses a custom (synchronous) authorizer function
var customAuthorizerAuth = basicAuth({
authorizer: myAuthorizer
})
//Same, but sends a basic auth challenge header when authorization fails
var challengeAuth = basicAuth({
authorizer: myAuthorizer,
challenge: true
})
//Uses a custom asynchronous authorizer function
var asyncAuth = basicAuth({
authorizer: myAsyncAuthorizer,
authorizeAsync: true
})
//Uses a custom response body function
var customBodyAuth = basicAuth({
users: { 'Foo': 'bar' },
unauthorizedResponse: getUnauthorizedResponse
})
//Uses a static response body
var staticBodyAuth = basicAuth({
unauthorizedResponse: 'Haaaaaha'
})
//Uses a JSON response body
var jsonBodyAuth = basicAuth({
unauthorizedResponse: { foo: 'bar' }
})
//Uses a custom realm
var realmAuth = basicAuth({
challenge: true,
realm: 'test'
})
//Uses a custom realm function
var realmFunctionAuth = basicAuth({
challenge: true,
realm: function (req) {
return 'bla'
}
})
app.get('/static', staticUserAuth, function(req, res) {
res.status(200).send('You passed')
})
app.get('/custom', customAuthorizerAuth, function(req, res) {
res.status(200).send('You passed')
})
app.get('/challenge', challengeAuth, function(req, res) {
res.status(200).send('You passed')
})
app.get('/async', asyncAuth, function(req, res) {
res.status(200).send('You passed')
})
app.get('/custombody', customBodyAuth, function(req, res) {
res.status(200).send('You passed')
})
app.get('/staticbody', staticBodyAuth, function(req, res) {
res.status(200).send('You passed')
})
app.get('/jsonbody', jsonBodyAuth, function(req, res) {
res.status(200).send('You passed')
})
app.get('/realm', realmAuth, function(req, res) {
res.status(200).send('You passed')
})
app.get('/realmfunction', realmFunctionAuth, function(req, res) {
res.status(200).send('You passed')
})
//Custom authorizer checking if the username starts with 'A' and the password with 'secret'
function myAuthorizer(username, password) {
return username.startsWith('A') && password.startsWith('secret')
}
//Same but asynchronous
function myAsyncAuthorizer(username, password, cb) {
if(username.startsWith('A') && password.startsWith('secret'))
return cb(null, true)
else
return cb(null, false)
}
function getUnauthorizedResponse(req) {
return req.auth ? ('Credentials ' + req.auth.user + ':' + req.auth.password + ' rejected') : 'No credentials provided'
}
describe('express-basic-auth', function() {
describe('static users', function() {
const endpoint = '/static'
it('should reject on missing header', function(done) {
supertest(app)
.get(endpoint)
.expect(401, done)
})
it('should reject on wrong credentials', function(done) {
supertest(app)
.get(endpoint)
.auth('dude', 'stuff')
.expect(401, done)
})
it('should reject without challenge', function(done) {
supertest(app)
.get(endpoint)
.auth('dude', 'stuff')
.expect(function (res) {
if(res.headers['WWW-Authenticate'])
throw new Error('Response should not have a challenge')
})
.expect(401, done)
})
it('should accept correct credentials', function(done) {
supertest(app)
.get(endpoint)
.auth('Admin', 'secret1234')
.expect(200, 'You passed', done)
})
})
describe('custom authorizer', function() {
const endpoint = '/custom'
it('should reject on missing header', function(done) {
supertest(app)
.get(endpoint)
.expect(401, done)
})
it('should reject on wrong credentials', function(done) {
supertest(app)
.get(endpoint)
.auth('dude', 'stuff')
.expect(401, done)
})
it('should accept fitting credentials', function(done) {
supertest(app)
.get(endpoint)
.auth('Aloha', 'secretverymuch')
.expect(200, 'You passed', done)
})
})
describe('async authorizer', function() {
const endpoint = '/async'
it('should reject on missing header', function(done) {
supertest(app)
.get(endpoint)
.expect(401, done)
})
it('should reject on wrong credentials', function(done) {
supertest(app)
.get(endpoint)
.auth('dude', 'stuff')
.expect(401, done)
})
it('should accept fitting credentials', function(done) {
supertest(app)
.get(endpoint)
.auth('Aererer', 'secretiveStuff')
.expect(200, 'You passed', done)
})
})
describe('custom response body', function() {
it('should reject on missing header and generate resposne message', function(done) {
supertest(app)
.get('/custombody')
.expect(401, 'No credentials provided', done)
})
it('should reject on wrong credentials and generate response message', function(done) {
supertest(app)
.get('/custombody')
.auth('dude', 'stuff')
.expect(401, 'Credentials dude:stuff rejected', done)
})
it('should accept fitting credentials', function(done) {
supertest(app)
.get('/custombody')
.auth('Foo', 'bar')
.expect(200, 'You passed', done)
})
it('should reject and send static custom resposne message', function(done) {
supertest(app)
.get('/staticbody')
.expect(401, 'Haaaaaha', done)
})
it('should reject and send static custom json resposne message', function(done) {
supertest(app)
.get('/jsonbody')
.expect(401, { foo: 'bar' }, done)
})
})
describe('challenge', function() {
it('should reject with blank challenge', function(done) {
supertest(app)
.get('/challenge')
.expect('WWW-Authenticate', 'Basic')
.expect(401, done)
})
it('should reject with custom realm challenge', function(done) {
supertest(app)
.get('/realm')
.expect('WWW-Authenticate', 'Basic realm="test"')
.expect(401, done)
})
it('should reject with custom generated realm challenge', function(done) {
supertest(app)
.get('/realmfunction')
.expect('WWW-Authenticate', 'Basic realm="bla"')
.expect(401, done)
})
})
})
Reference in New Issue View Git Blame Copy Permalink