node-red/test/red/api/auth/index_spec.js

/**
 * Copyright 2015 IBM Corp.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 **/

var should = require("should");
var when = require("when");
var sinon = require("sinon");

var passport = require("passport");

var auth = require("../../../../red/api/auth");
var Users = require("../../../../red/api/auth/users");
var Tokens = require("../../../../red/api/auth/tokens");

describe("api auth middleware",function() {


    describe("ensureClientSecret", function() {
        before(function() {
            auth.init({settings:{},log:{audit:function(){}}})
        });
        it("leaves client_secret alone if not present",function(done) {
            var req = {
                body: {
                    client_secret: "test_value"
                }
            };
            auth.ensureClientSecret(req,null,function() {
                req.body.should.have.a.property("client_secret","test_value");
                done();
            })
        });
        it("applies a default client_secret if not present",function(done) {
            var req = {
                body: { }
            };
            auth.ensureClientSecret(req,null,function() {
                req.body.should.have.a.property("client_secret","not_available");
                done();
            })
        });
    });

    describe("revoke", function() {
        it("revokes a token", function(done) {
            var revokeToken = sinon.stub(Tokens,"revoke",function() {
                return when.resolve();
            });

            var req = { body: { token: "abcdef" } };

            var res = { status: function(resp) {
                revokeToken.restore();

                resp.should.equal(200);
                return {
                    end: done
                }
            }};

            auth.revoke(req,res);
        });
    });

    describe("login", function() {
        beforeEach(function() {
            sinon.stub(Tokens,"init",function(){});
            sinon.stub(Users,"init",function(){});
        });
        afterEach(function() {
            Tokens.init.restore();
            Users.init.restore();
        });
        it("returns login details - credentials", function(done) {
            auth.init({settings:{adminAuth:{}},log:{audit:function(){}}})
            auth.login(null,{json: function(resp) {
                resp.should.have.a.property("type","credentials");
                resp.should.have.a.property("prompts");
                resp.prompts.should.have.a.lengthOf(2);
                done();
            }});
        });
        it("returns login details - none", function(done) {
            auth.init({settings:{},log:{audit:function(){}}})
            auth.login(null,{json: function(resp) {
                resp.should.eql({});
                done();
            }});
        });

    });

});
Add oauth grant 2014-11-06 23:59:48 +01:00			`/**`
Increase unit test coverage of auth code 2015-01-28 23:41:13 +01:00			`* Copyright 2015 IBM Corp.`
Add oauth grant 2014-11-06 23:59:48 +01:00			`*`
			`* Licensed under the Apache License, Version 2.0 (the "License");`
			`* you may not use this file except in compliance with the License.`
			`* You may obtain a copy of the License at`
			`*`
			`* http://www.apache.org/licenses/LICENSE-2.0`
			`*`
			`* Unless required by applicable law or agreed to in writing, software`
			`* distributed under the License is distributed on an "AS IS" BASIS,`
			`* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`* See the License for the specific language governing permissions and`
			`* limitations under the License.`
			`**/`
Move to express 4.x 2015-07-15 23:43:24 +02:00
Add oauth grant 2014-11-06 23:59:48 +01:00			`var should = require("should");`
Increase unit test coverage of auth code 2015-01-28 23:41:13 +01:00			`var when = require("when");`
Add oauth grant 2014-11-06 23:59:48 +01:00			`var sinon = require("sinon");`

			`var passport = require("passport");`

			`var auth = require("../../../../red/api/auth");`
auth/login should return empty object when insecure 2015-03-25 21:32:40 +01:00			`var Users = require("../../../../red/api/auth/users");`
Increase unit test coverage of auth code 2015-01-28 23:41:13 +01:00			`var Tokens = require("../../../../red/api/auth/tokens");`
Add oauth grant 2014-11-06 23:59:48 +01:00
WIP: separate runtime and api components 2015-11-11 23:11:02 +01:00			`describe("api auth middleware",function() {`
Add oauth grant 2014-11-06 23:59:48 +01:00

Move to express 4.x 2015-07-15 23:43:24 +02:00
Add oauth grant 2014-11-06 23:59:48 +01:00			`describe("ensureClientSecret", function() {`
WIP: separate runtime and api components 2015-11-11 23:11:02 +01:00			`before(function() {`
			`auth.init({settings:{},log:{audit:function(){}}})`
			`});`
Add oauth grant 2014-11-06 23:59:48 +01:00			`it("leaves client_secret alone if not present",function(done) {`
			`var req = {`
			`body: {`
			`client_secret: "test_value"`
			`}`
			`};`
			`auth.ensureClientSecret(req,null,function() {`
			`req.body.should.have.a.property("client_secret","test_value");`
			`done();`
			`})`
			`});`
			`it("applies a default client_secret if not present",function(done) {`
			`var req = {`
			`body: { }`
			`};`
			`auth.ensureClientSecret(req,null,function() {`
			`req.body.should.have.a.property("client_secret","not_available");`
			`done();`
			`})`
			`});`
			`});`
Move to express 4.x 2015-07-15 23:43:24 +02:00
Increase unit test coverage of auth code 2015-01-28 23:41:13 +01:00			`describe("revoke", function() {`
			`it("revokes a token", function(done) {`
			`var revokeToken = sinon.stub(Tokens,"revoke",function() {`
			`return when.resolve();`
			`});`
Move to express 4.x 2015-07-15 23:43:24 +02:00
Increase unit test coverage of auth code 2015-01-28 23:41:13 +01:00			`var req = { body: { token: "abcdef" } };`
Move to express 4.x 2015-07-15 23:43:24 +02:00
			`var res = { status: function(resp) {`
Increase unit test coverage of auth code 2015-01-28 23:41:13 +01:00			`revokeToken.restore();`

			`resp.should.equal(200);`
Update auth revoke test for express 4 2015-10-03 21:32:24 +02:00			`return {`
			`end: done`
			`}`
Increase unit test coverage of auth code 2015-01-28 23:41:13 +01:00			`}};`
Move to express 4.x 2015-07-15 23:43:24 +02:00
Increase unit test coverage of auth code 2015-01-28 23:41:13 +01:00			`auth.revoke(req,res);`
			`});`
			`});`
Move to express 4.x 2015-07-15 23:43:24 +02:00
Increase unit test coverage of auth code 2015-01-28 23:41:13 +01:00			`describe("login", function() {`
auth/login should return empty object when insecure 2015-03-25 21:32:40 +01:00			`beforeEach(function() {`
			`sinon.stub(Tokens,"init",function(){});`
			`sinon.stub(Users,"init",function(){});`
			`});`
			`afterEach(function() {`
			`Tokens.init.restore();`
			`Users.init.restore();`
			`});`
			`it("returns login details - credentials", function(done) {`
WIP: separate runtime and api components 2015-11-11 23:11:02 +01:00			`auth.init({settings:{adminAuth:{}},log:{audit:function(){}}})`
Increase unit test coverage of auth code 2015-01-28 23:41:13 +01:00			`auth.login(null,{json: function(resp) {`
			`resp.should.have.a.property("type","credentials");`
			`resp.should.have.a.property("prompts");`
			`resp.prompts.should.have.a.lengthOf(2);`
			`done();`
			`}});`
			`});`
auth/login should return empty object when insecure 2015-03-25 21:32:40 +01:00			`it("returns login details - none", function(done) {`
WIP: separate runtime and api components 2015-11-11 23:11:02 +01:00			`auth.init({settings:{},log:{audit:function(){}}})`
auth/login should return empty object when insecure 2015-03-25 21:32:40 +01:00			`auth.login(null,{json: function(resp) {`
			`resp.should.eql({});`
			`done();`
			`}});`
			`});`
Move to express 4.x 2015-07-15 23:43:24 +02:00
Increase unit test coverage of auth code 2015-01-28 23:41:13 +01:00			`});`
Move to express 4.x 2015-07-15 23:43:24 +02:00
Add oauth grant 2014-11-06 23:59:48 +01:00			`});`