2020-08-27 02:08:07 +00:00
|
|
|
function m(mod) { return __dirname + '/../../../src/' + mod; }
|
|
|
|
|
|
|
|
const assert = require('assert').strict;
|
|
|
|
const log4js = require(m('node_modules/log4js'));
|
|
|
|
const plugins = require(m('static/js/pluginfw/plugin_defs'));
|
|
|
|
const server = require(m('node/server'));
|
|
|
|
const settings = require(m('node/utils/Settings'));
|
|
|
|
const supertest = require(m('node_modules/supertest'));
|
2020-08-23 20:56:28 +00:00
|
|
|
const webaccess = require(m('node/hooks/express/webaccess'));
|
2020-08-27 02:08:07 +00:00
|
|
|
|
|
|
|
let agent;
|
|
|
|
const logger = log4js.getLogger('test');
|
2020-08-23 20:56:28 +00:00
|
|
|
let authnFailureDelayMsBackup;
|
2020-08-27 02:08:07 +00:00
|
|
|
|
|
|
|
before(async function() {
|
2020-08-23 20:56:28 +00:00
|
|
|
authnFailureDelayMsBackup = webaccess.authnFailureDelayMs;
|
|
|
|
webaccess.authnFailureDelayMs = 0; // Speed up tests.
|
2020-08-27 02:08:07 +00:00
|
|
|
settings.port = 0;
|
|
|
|
settings.ip = 'localhost';
|
|
|
|
const httpServer = await server.start();
|
|
|
|
const baseUrl = `http://localhost:${httpServer.address().port}`;
|
|
|
|
logger.debug(`HTTP server at ${baseUrl}`);
|
|
|
|
agent = supertest(baseUrl);
|
|
|
|
});
|
|
|
|
|
|
|
|
after(async function() {
|
2020-08-23 20:56:28 +00:00
|
|
|
webaccess.authnFailureDelayMs = authnFailureDelayMsBackup;
|
2020-08-27 02:08:07 +00:00
|
|
|
await server.stop();
|
|
|
|
});
|
|
|
|
|
2020-08-23 20:56:28 +00:00
|
|
|
describe('webaccess: without plugins', function() {
|
2020-08-27 02:08:07 +00:00
|
|
|
const backup = {};
|
|
|
|
|
|
|
|
before(async function() {
|
|
|
|
Object.assign(backup, settings);
|
|
|
|
settings.users = {
|
|
|
|
admin: {password: 'admin-password', is_admin: true},
|
|
|
|
user: {password: 'user-password'},
|
|
|
|
};
|
|
|
|
});
|
|
|
|
|
|
|
|
after(async function() {
|
|
|
|
Object.assign(settings, backup);
|
|
|
|
});
|
|
|
|
|
|
|
|
it('!authn !authz anonymous / -> 200', async function() {
|
|
|
|
settings.requireAuthentication = false;
|
|
|
|
settings.requireAuthorization = false;
|
|
|
|
await agent.get('/').expect(200);
|
|
|
|
});
|
|
|
|
it('!authn !authz anonymous /admin/ -> 401', async function() {
|
|
|
|
settings.requireAuthentication = false;
|
|
|
|
settings.requireAuthorization = false;
|
|
|
|
await agent.get('/admin/').expect(401);
|
|
|
|
});
|
|
|
|
it('authn !authz anonymous / -> 401', async function() {
|
|
|
|
settings.requireAuthentication = true;
|
|
|
|
settings.requireAuthorization = false;
|
|
|
|
await agent.get('/').expect(401);
|
|
|
|
});
|
|
|
|
it('authn !authz user / -> 200', async function() {
|
|
|
|
settings.requireAuthentication = true;
|
|
|
|
settings.requireAuthorization = false;
|
|
|
|
await agent.get('/').auth('user', 'user-password').expect(200);
|
|
|
|
});
|
|
|
|
it('authn !authz user /admin/ -> 403', async function() {
|
|
|
|
settings.requireAuthentication = true;
|
|
|
|
settings.requireAuthorization = false;
|
|
|
|
await agent.get('/admin/').auth('user', 'user-password').expect(403);
|
|
|
|
});
|
|
|
|
it('authn !authz admin / -> 200', async function() {
|
|
|
|
settings.requireAuthentication = true;
|
|
|
|
settings.requireAuthorization = false;
|
|
|
|
await agent.get('/').auth('admin', 'admin-password').expect(200);
|
|
|
|
});
|
|
|
|
it('authn !authz admin /admin/ -> 200', async function() {
|
|
|
|
settings.requireAuthentication = true;
|
|
|
|
settings.requireAuthorization = false;
|
|
|
|
await agent.get('/admin/').auth('admin', 'admin-password').expect(200);
|
|
|
|
});
|
|
|
|
it('authn authz user / -> 403', async function() {
|
|
|
|
settings.requireAuthentication = true;
|
|
|
|
settings.requireAuthorization = true;
|
|
|
|
await agent.get('/').auth('user', 'user-password').expect(403);
|
|
|
|
});
|
|
|
|
it('authn authz user /admin/ -> 403', async function() {
|
|
|
|
settings.requireAuthentication = true;
|
|
|
|
settings.requireAuthorization = true;
|
|
|
|
await agent.get('/admin/').auth('user', 'user-password').expect(403);
|
|
|
|
});
|
|
|
|
it('authn authz admin / -> 200', async function() {
|
|
|
|
settings.requireAuthentication = true;
|
|
|
|
settings.requireAuthorization = true;
|
|
|
|
await agent.get('/').auth('admin', 'admin-password').expect(200);
|
|
|
|
});
|
|
|
|
it('authn authz admin /admin/ -> 200', async function() {
|
|
|
|
settings.requireAuthentication = true;
|
|
|
|
settings.requireAuthorization = true;
|
|
|
|
await agent.get('/admin/').auth('admin', 'admin-password').expect(200);
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
2020-08-23 20:56:28 +00:00
|
|
|
describe('webaccess: preAuthorize, authenticate, and authorize hooks', function() {
|
|
|
|
let callOrder;
|
|
|
|
const Handler = class {
|
|
|
|
constructor(hookName, suffix) {
|
|
|
|
this.called = false;
|
|
|
|
this.hookName = hookName;
|
|
|
|
this.innerHandle = () => [];
|
|
|
|
this.id = hookName + suffix;
|
|
|
|
this.checkContext = () => {};
|
|
|
|
}
|
|
|
|
handle(hookName, context, cb) {
|
|
|
|
assert.equal(hookName, this.hookName);
|
|
|
|
assert(context != null);
|
|
|
|
assert(context.req != null);
|
|
|
|
assert(context.res != null);
|
|
|
|
assert(context.next != null);
|
|
|
|
this.checkContext(context);
|
|
|
|
assert(!this.called);
|
|
|
|
this.called = true;
|
|
|
|
callOrder.push(this.id);
|
|
|
|
return cb(this.innerHandle(context.req));
|
|
|
|
}
|
|
|
|
};
|
|
|
|
const handlers = {};
|
|
|
|
const hookNames = ['preAuthorize', 'authenticate', 'authorize'];
|
|
|
|
const hooksBackup = {};
|
|
|
|
const settingsBackup = {};
|
|
|
|
|
|
|
|
beforeEach(async function() {
|
|
|
|
callOrder = [];
|
|
|
|
hookNames.forEach((hookName) => {
|
|
|
|
// Create two handlers for each hook to test deferral to the next function.
|
|
|
|
const h0 = new Handler(hookName, '_0');
|
|
|
|
const h1 = new Handler(hookName, '_1');
|
|
|
|
handlers[hookName] = [h0, h1];
|
|
|
|
hooksBackup[hookName] = plugins.hooks[hookName] || [];
|
|
|
|
plugins.hooks[hookName] = [{hook_fn: h0.handle.bind(h0)}, {hook_fn: h1.handle.bind(h1)}];
|
|
|
|
});
|
|
|
|
hooksBackup.preAuthzFailure = plugins.hooks.preAuthzFailure || [];
|
|
|
|
Object.assign(settingsBackup, settings);
|
|
|
|
settings.users = {
|
|
|
|
admin: {password: 'admin-password', is_admin: true},
|
|
|
|
user: {password: 'user-password'},
|
|
|
|
};
|
|
|
|
});
|
|
|
|
afterEach(async function() {
|
|
|
|
Object.assign(plugins.hooks, hooksBackup);
|
|
|
|
Object.assign(settings, settingsBackup);
|
|
|
|
});
|
|
|
|
|
|
|
|
describe('preAuthorize', function() {
|
|
|
|
beforeEach(async function() {
|
|
|
|
settings.requireAuthentication = false;
|
|
|
|
settings.requireAuthorization = false;
|
|
|
|
});
|
|
|
|
|
|
|
|
it('defers if it returns []', async function() {
|
|
|
|
await agent.get('/').expect(200);
|
|
|
|
// Note: The preAuthorize hook always runs even if requireAuthorization is false.
|
|
|
|
assert.deepEqual(callOrder, ['preAuthorize_0', 'preAuthorize_1']);
|
|
|
|
});
|
|
|
|
it('bypasses authenticate and authorize hooks when true is returned', async function() {
|
|
|
|
settings.requireAuthentication = true;
|
|
|
|
settings.requireAuthorization = true;
|
|
|
|
handlers.preAuthorize[0].innerHandle = () => [true];
|
|
|
|
await agent.get('/').expect(200);
|
|
|
|
assert.deepEqual(callOrder, ['preAuthorize_0']);
|
|
|
|
});
|
|
|
|
it('bypasses authenticate and authorize hooks when false is returned', async function() {
|
|
|
|
settings.requireAuthentication = true;
|
|
|
|
settings.requireAuthorization = true;
|
|
|
|
handlers.preAuthorize[0].innerHandle = () => [false];
|
|
|
|
await agent.get('/').expect(403);
|
|
|
|
assert.deepEqual(callOrder, ['preAuthorize_0']);
|
|
|
|
});
|
|
|
|
it('bypasses authenticate and authorize hooks for static content, defers', async function() {
|
|
|
|
settings.requireAuthentication = true;
|
|
|
|
settings.requireAuthorization = true;
|
|
|
|
await agent.get('/static/robots.txt').expect(200);
|
|
|
|
assert.deepEqual(callOrder, ['preAuthorize_0', 'preAuthorize_1']);
|
|
|
|
});
|
|
|
|
it('cannot grant access to /admin', async function() {
|
|
|
|
handlers.preAuthorize[0].innerHandle = () => [true];
|
|
|
|
await agent.get('/admin/').expect(401);
|
|
|
|
// Notes:
|
|
|
|
// * preAuthorize[1] is called despite preAuthorize[0] returning a non-empty list because
|
|
|
|
// 'true' entries are ignored for /admin/* requests.
|
|
|
|
// * The authenticate hook always runs for /admin/* requests even if
|
|
|
|
// settings.requireAuthentication is false.
|
|
|
|
assert.deepEqual(callOrder, ['preAuthorize_0', 'preAuthorize_1',
|
|
|
|
'authenticate_0', 'authenticate_1']);
|
|
|
|
});
|
|
|
|
it('can deny access to /admin', async function() {
|
|
|
|
handlers.preAuthorize[0].innerHandle = () => [false];
|
|
|
|
await agent.get('/admin/').auth('admin', 'admin-password').expect(403);
|
|
|
|
assert.deepEqual(callOrder, ['preAuthorize_0']);
|
|
|
|
});
|
|
|
|
it('runs preAuthzFailure hook when access is denied', async function() {
|
|
|
|
handlers.preAuthorize[0].innerHandle = () => [false];
|
|
|
|
let called = false;
|
|
|
|
plugins.hooks.preAuthzFailure = [{hook_fn: (hookName, {req, res}, cb) => {
|
|
|
|
assert.equal(hookName, 'preAuthzFailure');
|
|
|
|
assert(req != null);
|
|
|
|
assert(res != null);
|
|
|
|
assert(!called);
|
|
|
|
called = true;
|
|
|
|
res.status(200).send('injected');
|
|
|
|
return cb([true]);
|
|
|
|
}}];
|
|
|
|
await agent.get('/admin/').auth('admin', 'admin-password').expect(200, 'injected');
|
|
|
|
assert(called);
|
|
|
|
});
|
|
|
|
it('returns 500 if an exception is thrown', async function() {
|
|
|
|
handlers.preAuthorize[0].innerHandle = () => { throw new Error('exception test'); };
|
|
|
|
await agent.get('/').expect(500);
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
describe('authenticate', function() {
|
|
|
|
beforeEach(async function() {
|
|
|
|
settings.requireAuthentication = true;
|
|
|
|
settings.requireAuthorization = false;
|
|
|
|
});
|
|
|
|
|
|
|
|
it('is not called if !requireAuthentication and not /admin/*', async function() {
|
|
|
|
settings.requireAuthentication = false;
|
|
|
|
await agent.get('/').expect(200);
|
|
|
|
assert.deepEqual(callOrder, ['preAuthorize_0', 'preAuthorize_1']);
|
|
|
|
});
|
|
|
|
it('is called if !requireAuthentication and /admin/*', async function() {
|
|
|
|
settings.requireAuthentication = false;
|
|
|
|
await agent.get('/admin/').expect(401);
|
|
|
|
assert.deepEqual(callOrder, ['preAuthorize_0', 'preAuthorize_1',
|
|
|
|
'authenticate_0', 'authenticate_1']);
|
|
|
|
});
|
|
|
|
it('defers if empty list returned', async function() {
|
|
|
|
await agent.get('/').expect(401);
|
|
|
|
assert.deepEqual(callOrder, ['preAuthorize_0', 'preAuthorize_1',
|
|
|
|
'authenticate_0', 'authenticate_1']);
|
|
|
|
});
|
|
|
|
it('does not defer if return [true], 200', async function() {
|
|
|
|
handlers.authenticate[0].innerHandle = (req) => { req.session.user = {}; return [true]; };
|
|
|
|
await agent.get('/').expect(200);
|
|
|
|
// Note: authenticate_1 was not called because authenticate_0 handled it.
|
|
|
|
assert.deepEqual(callOrder, ['preAuthorize_0', 'preAuthorize_1', 'authenticate_0']);
|
|
|
|
});
|
|
|
|
it('does not defer if return [false], 401', async function() {
|
|
|
|
handlers.authenticate[0].innerHandle = (req) => [false];
|
|
|
|
await agent.get('/').expect(401);
|
|
|
|
// Note: authenticate_1 was not called because authenticate_0 handled it.
|
|
|
|
assert.deepEqual(callOrder, ['preAuthorize_0', 'preAuthorize_1', 'authenticate_0']);
|
|
|
|
});
|
|
|
|
it('falls back to HTTP basic auth', async function() {
|
|
|
|
await agent.get('/').auth('user', 'user-password').expect(200);
|
|
|
|
assert.deepEqual(callOrder, ['preAuthorize_0', 'preAuthorize_1',
|
|
|
|
'authenticate_0', 'authenticate_1']);
|
|
|
|
});
|
|
|
|
it('passes settings.users in context', async function() {
|
|
|
|
handlers.authenticate[0].checkContext = ({users}) => {
|
|
|
|
assert.equal(users, settings.users);
|
|
|
|
};
|
|
|
|
await agent.get('/').expect(401);
|
|
|
|
assert.deepEqual(callOrder, ['preAuthorize_0', 'preAuthorize_1',
|
|
|
|
'authenticate_0', 'authenticate_1']);
|
|
|
|
});
|
|
|
|
it('passes user, password in context if provided', async function() {
|
|
|
|
handlers.authenticate[0].checkContext = ({username, password}) => {
|
|
|
|
assert.equal(username, 'user');
|
|
|
|
assert.equal(password, 'user-password');
|
|
|
|
};
|
|
|
|
await agent.get('/').auth('user', 'user-password').expect(200);
|
|
|
|
assert.deepEqual(callOrder, ['preAuthorize_0', 'preAuthorize_1',
|
|
|
|
'authenticate_0', 'authenticate_1']);
|
|
|
|
});
|
|
|
|
it('does not pass user, password in context if not provided', async function() {
|
|
|
|
handlers.authenticate[0].checkContext = ({username, password}) => {
|
|
|
|
assert(username == null);
|
|
|
|
assert(password == null);
|
|
|
|
};
|
|
|
|
await agent.get('/').expect(401);
|
|
|
|
assert.deepEqual(callOrder, ['preAuthorize_0', 'preAuthorize_1',
|
|
|
|
'authenticate_0', 'authenticate_1']);
|
|
|
|
});
|
|
|
|
it('errors if req.session.user is not created', async function() {
|
|
|
|
handlers.authenticate[0].innerHandle = () => [true];
|
|
|
|
await agent.get('/').expect(500);
|
|
|
|
assert.deepEqual(callOrder, ['preAuthorize_0', 'preAuthorize_1', 'authenticate_0']);
|
|
|
|
});
|
|
|
|
it('returns 500 if an exception is thrown', async function() {
|
|
|
|
handlers.authenticate[0].innerHandle = () => { throw new Error('exception test'); };
|
|
|
|
await agent.get('/').expect(500);
|
|
|
|
assert.deepEqual(callOrder, ['preAuthorize_0', 'preAuthorize_1', 'authenticate_0']);
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
describe('authorize', function() {
|
|
|
|
beforeEach(async function() {
|
|
|
|
settings.requireAuthentication = true;
|
|
|
|
settings.requireAuthorization = true;
|
|
|
|
});
|
|
|
|
|
|
|
|
it('is not called if !requireAuthorization (non-/admin)', async function() {
|
|
|
|
settings.requireAuthorization = false;
|
|
|
|
await agent.get('/').auth('user', 'user-password').expect(200);
|
|
|
|
assert.deepEqual(callOrder, ['preAuthorize_0', 'preAuthorize_1',
|
|
|
|
'authenticate_0', 'authenticate_1']);
|
|
|
|
});
|
|
|
|
it('is not called if !requireAuthorization (/admin)', async function() {
|
|
|
|
settings.requireAuthorization = false;
|
|
|
|
await agent.get('/admin/').auth('admin', 'admin-password').expect(200);
|
|
|
|
assert.deepEqual(callOrder, ['preAuthorize_0', 'preAuthorize_1',
|
|
|
|
'authenticate_0', 'authenticate_1']);
|
|
|
|
});
|
|
|
|
it('defers if empty list returned', async function() {
|
|
|
|
await agent.get('/').auth('user', 'user-password').expect(403);
|
|
|
|
assert.deepEqual(callOrder, ['preAuthorize_0', 'preAuthorize_1',
|
|
|
|
'authenticate_0', 'authenticate_1',
|
|
|
|
'authorize_0', 'authorize_1']);
|
|
|
|
});
|
|
|
|
it('does not defer if return [true], 200', async function() {
|
|
|
|
handlers.authorize[0].innerHandle = () => [true];
|
|
|
|
await agent.get('/').auth('user', 'user-password').expect(200);
|
|
|
|
// Note: authorize_1 was not called because authorize_0 handled it.
|
|
|
|
assert.deepEqual(callOrder, ['preAuthorize_0', 'preAuthorize_1',
|
|
|
|
'authenticate_0', 'authenticate_1',
|
|
|
|
'authorize_0']);
|
|
|
|
});
|
|
|
|
it('does not defer if return [false], 403', async function() {
|
|
|
|
handlers.authorize[0].innerHandle = (req) => [false];
|
|
|
|
await agent.get('/').auth('user', 'user-password').expect(403);
|
|
|
|
// Note: authorize_1 was not called because authorize_0 handled it.
|
|
|
|
assert.deepEqual(callOrder, ['preAuthorize_0', 'preAuthorize_1',
|
|
|
|
'authenticate_0', 'authenticate_1',
|
|
|
|
'authorize_0']);
|
|
|
|
});
|
|
|
|
it('passes req.path in context', async function() {
|
|
|
|
handlers.authorize[0].checkContext = ({resource}) => {
|
|
|
|
assert.equal(resource, '/');
|
|
|
|
};
|
|
|
|
await agent.get('/').auth('user', 'user-password').expect(403);
|
|
|
|
assert.deepEqual(callOrder, ['preAuthorize_0', 'preAuthorize_1',
|
|
|
|
'authenticate_0', 'authenticate_1',
|
|
|
|
'authorize_0', 'authorize_1']);
|
|
|
|
});
|
|
|
|
it('returns 500 if an exception is thrown', async function() {
|
|
|
|
handlers.authorize[0].innerHandle = () => { throw new Error('exception test'); };
|
|
|
|
await agent.get('/').auth('user', 'user-password').expect(500);
|
|
|
|
assert.deepEqual(callOrder, ['preAuthorize_0', 'preAuthorize_1',
|
|
|
|
'authenticate_0', 'authenticate_1',
|
|
|
|
'authorize_0']);
|
|
|
|
});
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
describe('webaccess: authnFailure, authzFailure, authFailure hooks', function() {
|
2020-08-27 18:33:58 +00:00
|
|
|
const Handler = class {
|
|
|
|
constructor(hookName) {
|
|
|
|
this.hookName = hookName;
|
|
|
|
this.shouldHandle = false;
|
|
|
|
this.called = false;
|
|
|
|
}
|
|
|
|
handle(hookName, context, cb) {
|
|
|
|
assert.equal(hookName, this.hookName);
|
|
|
|
assert(context != null);
|
|
|
|
assert(context.req != null);
|
|
|
|
assert(context.res != null);
|
|
|
|
assert(!this.called);
|
|
|
|
this.called = true;
|
|
|
|
if (this.shouldHandle) {
|
|
|
|
context.res.status(200).send(this.hookName);
|
|
|
|
return cb([true]);
|
|
|
|
}
|
|
|
|
return cb([]);
|
2020-08-27 02:08:07 +00:00
|
|
|
}
|
|
|
|
};
|
2020-08-27 18:33:58 +00:00
|
|
|
const handlers = {};
|
|
|
|
const hookNames = ['authnFailure', 'authzFailure', 'authFailure'];
|
2020-08-27 02:08:07 +00:00
|
|
|
const settingsBackup = {};
|
2020-08-27 18:33:58 +00:00
|
|
|
const hooksBackup = {};
|
|
|
|
|
|
|
|
beforeEach(function() {
|
2020-08-27 02:08:07 +00:00
|
|
|
Object.assign(settingsBackup, settings);
|
2020-08-27 18:33:58 +00:00
|
|
|
hookNames.forEach((hookName) => {
|
|
|
|
if (plugins.hooks[hookName] == null) plugins.hooks[hookName] = [];
|
|
|
|
});
|
|
|
|
Object.assign(hooksBackup, plugins.hooks);
|
|
|
|
hookNames.forEach((hookName) => {
|
|
|
|
const handler = new Handler(hookName);
|
|
|
|
handlers[hookName] = handler;
|
|
|
|
plugins.hooks[hookName] = [{hook_fn: handler.handle.bind(handler)}];
|
|
|
|
});
|
2020-08-27 02:08:07 +00:00
|
|
|
settings.requireAuthentication = true;
|
|
|
|
settings.requireAuthorization = true;
|
|
|
|
settings.users = {
|
|
|
|
admin: {password: 'admin-password', is_admin: true},
|
|
|
|
user: {password: 'user-password'},
|
|
|
|
};
|
|
|
|
});
|
|
|
|
afterEach(function() {
|
2020-08-27 18:33:58 +00:00
|
|
|
Object.assign(settings, settingsBackup);
|
|
|
|
Object.assign(plugins.hooks, hooksBackup);
|
2020-08-27 02:08:07 +00:00
|
|
|
});
|
|
|
|
|
2020-08-27 18:33:58 +00:00
|
|
|
// authn failure tests
|
|
|
|
it('authn fail, no hooks handle -> 401', async function() {
|
2020-08-27 02:08:07 +00:00
|
|
|
await agent.get('/').expect(401);
|
2020-08-27 18:33:58 +00:00
|
|
|
assert(handlers['authnFailure'].called);
|
|
|
|
assert(!handlers['authzFailure'].called);
|
|
|
|
assert(handlers['authFailure'].called);
|
|
|
|
});
|
|
|
|
it('authn fail, authnFailure handles', async function() {
|
|
|
|
handlers['authnFailure'].shouldHandle = true;
|
|
|
|
await agent.get('/').expect(200, 'authnFailure');
|
|
|
|
assert(handlers['authnFailure'].called);
|
|
|
|
assert(!handlers['authzFailure'].called);
|
|
|
|
assert(!handlers['authFailure'].called);
|
|
|
|
});
|
|
|
|
it('authn fail, authFailure handles', async function() {
|
|
|
|
handlers['authFailure'].shouldHandle = true;
|
|
|
|
await agent.get('/').expect(200, 'authFailure');
|
|
|
|
assert(handlers['authnFailure'].called);
|
|
|
|
assert(!handlers['authzFailure'].called);
|
|
|
|
assert(handlers['authFailure'].called);
|
|
|
|
});
|
|
|
|
it('authnFailure trumps authFailure', async function() {
|
|
|
|
handlers['authnFailure'].shouldHandle = true;
|
|
|
|
handlers['authFailure'].shouldHandle = true;
|
|
|
|
await agent.get('/').expect(200, 'authnFailure');
|
|
|
|
assert(handlers['authnFailure'].called);
|
|
|
|
assert(!handlers['authFailure'].called);
|
2020-08-27 02:08:07 +00:00
|
|
|
});
|
2020-08-27 18:33:58 +00:00
|
|
|
|
|
|
|
// authz failure tests
|
|
|
|
it('authz fail, no hooks handle -> 403', async function() {
|
2020-08-27 02:08:07 +00:00
|
|
|
await agent.get('/').auth('user', 'user-password').expect(403);
|
2020-08-27 18:33:58 +00:00
|
|
|
assert(!handlers['authnFailure'].called);
|
|
|
|
assert(handlers['authzFailure'].called);
|
|
|
|
assert(handlers['authFailure'].called);
|
|
|
|
});
|
|
|
|
it('authz fail, authzFailure handles', async function() {
|
|
|
|
handlers['authzFailure'].shouldHandle = true;
|
|
|
|
await agent.get('/').auth('user', 'user-password').expect(200, 'authzFailure');
|
|
|
|
assert(!handlers['authnFailure'].called);
|
|
|
|
assert(handlers['authzFailure'].called);
|
|
|
|
assert(!handlers['authFailure'].called);
|
|
|
|
});
|
|
|
|
it('authz fail, authFailure handles', async function() {
|
|
|
|
handlers['authFailure'].shouldHandle = true;
|
|
|
|
await agent.get('/').auth('user', 'user-password').expect(200, 'authFailure');
|
|
|
|
assert(!handlers['authnFailure'].called);
|
|
|
|
assert(handlers['authzFailure'].called);
|
|
|
|
assert(handlers['authFailure'].called);
|
|
|
|
});
|
|
|
|
it('authzFailure trumps authFailure', async function() {
|
|
|
|
handlers['authzFailure'].shouldHandle = true;
|
|
|
|
handlers['authFailure'].shouldHandle = true;
|
|
|
|
await agent.get('/').auth('user', 'user-password').expect(200, 'authzFailure');
|
|
|
|
assert(handlers['authzFailure'].called);
|
|
|
|
assert(!handlers['authFailure'].called);
|
2020-08-27 02:08:07 +00:00
|
|
|
});
|
|
|
|
});
|