git.squeep.com Git - squeep-authentication-module/blob - test/lib/session-manager.js

   1 /* eslint-env mocha */
   2 /* eslint-disable capitalized-comments, sonarjs/no-duplicate-string, sonarjs/no-identical-functions */
   3
   4 'use strict';
   5
   6 const assert = require('assert');
   7 const sinon = require('sinon'); // eslint-disable-line node/no-unpublished-require
   8
   9 const SessionManager = require('../../lib/session-manager');
  10 const Config = require('../stub-config');
  11 const stubLogger = require('../stub-logger');
  12
  13 describe('SessionManager', function () {
  14   let manager, options, stubAuthenticator;
  15   let res, ctx;
  16
  17   beforeEach(function () {
  18     options = new Config('test');
  19     res = {
  20       end: sinon.stub(),
  21       setHeader: sinon.stub(),
  22     };
  23     ctx = {
  24       cookie: '',
  25       params: {},
  26       queryParams: {},
  27       parsedBody: {},
  28     };
  29     stubAuthenticator = {
  30       isValidIdentifierCredential: sinon.stub(),
  31     };
  32     manager = new SessionManager(stubLogger, stubAuthenticator, options);
  33     sinon.stub(manager.indieAuthCommunication);
  34     stubLogger._reset();
  35   });
  36   afterEach(function () {
  37     sinon.restore();
  38   });
  39
  40   describe('_sessionCookieSet', function () {
  41     let session, maxAge;
  42     beforeEach(function () {
  43       session = {};
  44       maxAge = 86400;
  45     });
  46     it('covers', async function () {
  47       await manager._sessionCookieSet(res, session, maxAge);
  48       assert(res.setHeader.called);
  49     });
  50     it('covers reset', async function () {
  51       session = undefined;
  52       maxAge = 0;
  53       await manager._sessionCookieSet(res, session, maxAge);
  54       assert(res.setHeader.called);
  55     });
  56     it('covers options', async function() {
  57       options.authenticator.secureAuthOnly = false;
  58       await manager._sessionCookieSet(res, session, undefined, '');
  59       assert(res.setHeader.called);
  60     });
  61   }); // _sessionCookieSet
  62
  63   describe('getAdminLogin', function () {
  64     it('covers', async function () {
  65       await manager.getAdminLogin(res, ctx);
  66     });
  67   }); // getAdminLogin
  68
  69   describe('postAdminLogin', function () {
  70     it('covers valid local', async function () {
  71       ctx.parsedBody.identifier = 'user';
  72       ctx.parsedBody.credential = 'password';
  73       manager.authenticator.isValidIdentifierCredential.resolves(true);
  74       await manager.postAdminLogin(res, ctx);
  75       assert.strictEqual(res.statusCode, 302);
  76     });
  77     it('covers invalid local', async function () {
  78       ctx.parsedBody.identifier = 'user';
  79       ctx.parsedBody.credential = 'password';
  80       manager.authenticator.isValidIdentifierCredential.resolves(false);
  81       await manager.postAdminLogin(res, ctx);
  82       assert(!res.setHeader.called);
  83     });
  84     it('covers valid profile', async function () {
  85       ctx.parsedBody.me = 'https://example.com/profile';
  86       manager.indieAuthCommunication.fetchProfile.resolves({
  87         authorizationEndpoint: 'https://example.com/auth',
  88       });
  89       await manager.postAdminLogin(res, ctx);
  90       assert.strictEqual(res.statusCode, 302);
  91     });
  92     it('covers invalid profile', async function () {
  93       ctx.parsedBody.me = 'not a profile';
  94       manager.indieAuthCommunication.fetchProfile.resolves();
  95       await manager.postAdminLogin(res, ctx);
  96       assert(!res.setHeader.called);
  97     });
  98     it('covers invalid profile response', async function () {
  99       ctx.parsedBody.me = 'https://example.com/profile';
 100       manager.indieAuthCommunication.fetchProfile.resolves();
 101       await manager.postAdminLogin(res, ctx);
 102       assert(!res.setHeader.called);
 103     });
 104     it('covers invalid profile response endpoint', async function () {
 105       ctx.parsedBody.me = 'https://example.com/profile';
 106       manager.indieAuthCommunication.fetchProfile.resolves({
 107         authorizationEndpoint: 'not an auth endpoint',
 108       });
 109       await manager.postAdminLogin(res, ctx);
 110       assert(!res.setHeader.called);
 111     });
 112   }); // postAdminLogin
 113
 114   describe('getAdminLogout', function () {
 115     it('covers', async function () {
 116       await manager.getAdminLogout(res, ctx);
 117     });
 118   }); // getAdminLogout
 119
 120   describe('getAdminIA', function () {
 121     let state, me, authorizationEndpoint;
 122     beforeEach(function () {
 123       state = '4ea7e936-3427-11ec-9f4b-0025905f714a';
 124       me = 'https://example.com/profile';
 125       authorizationEndpoint = 'https://example.com/auth'
 126       ctx.cookie = 'squeepSession=sessionCookie';
 127       manager.indieAuthCommunication.redeemProfileCode.resolves({
 128         me,
 129       });
 130       manager.indieAuthCommunication.fetchProfile.resolves({
 131         authorizationEndpoint,
 132       });
 133       sinon.stub(manager.mysteryBox, 'unpack').resolves({
 134         authorizationEndpoint,
 135         state,
 136         me,
 137       });
 138     });
 139     it('covers valid', async function () {
 140       ctx.queryParams['state'] = state;
 141       ctx.queryParams['code'] = 'codeCodeCode';
 142
 143       await manager.getAdminIA(res, ctx);
 144
 145       assert.strictEqual(res.statusCode, 302);
 146     });
 147     it('covers missing cookie', async function () {
 148       delete ctx.cookie;
 149
 150       await manager.getAdminIA(res, ctx);
 151
 152       assert(ctx.errors.length);
 153     });
 154     it('covers invalid cookie', async function () {
 155       manager.mysteryBox.unpack.restore();
 156       sinon.stub(manager.mysteryBox, 'unpack').rejects();
 157
 158       await manager.getAdminIA(res, ctx);
 159
 160       assert(ctx.errors.length);
 161     });
 162     it('covers mis-matched state', async function () {
 163       ctx.queryParams['state'] = 'incorrect-state';
 164       ctx.queryParams['code'] = 'codeCodeCode';
 165
 166       await manager.getAdminIA(res, ctx);
 167
 168       assert(ctx.errors.length);
 169     });
 170     it('relays auth endpoint errors', async function () {
 171       ctx.queryParams['state'] = state;
 172       ctx.queryParams['code'] = 'codeCodeCode';
 173       ctx.queryParams['error'] = 'error_code';
 174       ctx.queryParams['error_description'] = 'something went wrong';
 175
 176       await manager.getAdminIA(res, ctx);
 177
 178       assert(ctx.errors.length);
 179     });
 180     it('covers empty error_description', async function () {
 181       ctx.queryParams['state'] = state;
 182       ctx.queryParams['code'] = 'codeCodeCode';
 183       ctx.queryParams['error'] = 'error_code';
 184
 185       await manager.getAdminIA(res, ctx);
 186
 187       assert(ctx.errors.length);
 188     });
 189     it('covers invalid restored session', async function () {
 190       manager.mysteryBox.unpack.restore();
 191       sinon.stub(manager.mysteryBox, 'unpack').resolves({
 192         authorizationEndpoint: 'not a url',
 193         state,
 194         me,
 195       });
 196       ctx.queryParams['state'] = state;
 197       ctx.queryParams['code'] = 'codeCodeCode';
 198
 199       await manager.getAdminIA(res, ctx);
 200
 201       assert(ctx.errors.length);
 202     });
 203     it('covers empty profile redemption response', async function () {
 204       ctx.queryParams['state'] = state;
 205       ctx.queryParams['code'] = 'codeCodeCode';
 206       manager.indieAuthCommunication.redeemProfileCode.restore();
 207       sinon.stub(manager.indieAuthCommunication, 'redeemProfileCode').resolves();
 208
 209       await manager.getAdminIA(res, ctx);
 210
 211       assert(ctx.errors.length);
 212     });
 213     it('covers missing profile in redemption response', async function () {
 214       ctx.queryParams['state'] = state;
 215       ctx.queryParams['code'] = 'codeCodeCode';
 216       manager.indieAuthCommunication.redeemProfileCode.restore();
 217       sinon.stub(manager.indieAuthCommunication, 'redeemProfileCode').resolves({
 218       });
 219
 220       await manager.getAdminIA(res, ctx);
 221
 222       assert(ctx.errors.length);
 223     });
 224     it('covers different canonical profile response', async function () {
 225       ctx.queryParams['state'] = state;
 226       ctx.queryParams['code'] = 'codeCodeCode';
 227       manager.indieAuthCommunication.redeemProfileCode.restore();
 228       sinon.stub(manager.indieAuthCommunication, 'redeemProfileCode').resolves({
 229         me: 'https://different.example.com/profile',
 230       });
 231
 232       await manager.getAdminIA(res, ctx);
 233
 234       assert.strictEqual(res.statusCode, 302);
 235     });
 236     it('covers different canonical profile response mis-matched endpoint', async function () {
 237       ctx.queryParams['state'] = state;
 238       ctx.queryParams['code'] = 'codeCodeCode';
 239       manager.indieAuthCommunication.redeemProfileCode.restore();
 240       sinon.stub(manager.indieAuthCommunication, 'redeemProfileCode').resolves({
 241         me: 'https://different.example.com/profile',
 242       });
 243       manager.indieAuthCommunication.fetchProfile.restore();
 244       sinon.stub(manager.indieAuthCommunication, 'fetchProfile').resolves({
 245         authorizationEndpoint: 'https://elsewhere.example.com/auth',
 246       });
 247
 248       await manager.getAdminIA(res, ctx);
 249
 250       assert(ctx.errors.length);
 251     });
 252   }); // getAdminIA
 253
 254 }); // SessionManager