handle undefined credential more gracefully

[squeep-authentication-module] / test / lib / authenticator.js

diff --git a/test/lib/authenticator.js b/test/lib/authenticator.js
index 3ab6fb34653d0189e5066c44ec4188c4544015bb..5da64397118439ff57cff5e414a83c8bfb3d6da7 100644 (file)
--- a/test/lib/authenticator.js
+++ b/test/lib/authenticator.js
@@ -18,7 +18,7 @@ describe('Authenticator', function () {
     if (!a.authn[m]) { // eslint-disable-line security/detect-object-injection
       this.skip();
     }
-  };
+  }
 
   beforeEach(function () {
     options = Config('test');
@@ -117,6 +117,12 @@ describe('Authenticator', function () {
       assert.strictEqual(result, false);
       assert.strictEqual(ctx.authenticationId, undefined);
     });
+    it('covers non-string credential', async function () {
+      credential = '$argon2id$v=19$m=4096,t=3,p=1$SbAlHo5x2HM0PvMAWYHqww$gNn/o+B6+IWsnrVupPkTAiiK9tvwV+eM/HoXG41bnzM';
+      const result = await authenticator.isValidIdentifierCredential(identifier, undefined, ctx);
+      assert.strictEqual(result, false);
+      assert.strictEqual(ctx.authenticationId, undefined);
+    });
     it('covers unknown password hash', async function () {
       authenticator.db.authenticationGet.resolves({
         identifier,
@@ -407,7 +413,7 @@ describe('Authenticator', function () {
   }); // sessionCheck
 
   describe('apiRequiredLocal', function () {
-    let req, res, ctx;
+    let req, res;
     beforeEach(function () {
       ctx = {};
       req = {
@@ -423,18 +429,39 @@ describe('Authenticator', function () {
       sinon.stub(authenticator, 'sessionCheck').resolves(false);
       sinon.stub(authenticator, 'isValidAuthorization').resolves(true);
       const result = await authenticator.apiRequiredLocal(req, res, ctx);
-      assert(authenticator.sessionCheck.called);
+      assert.strictEqual(result, true);
       assert(authenticator.isValidAuthorization.called);
+      assert(!authenticator.sessionCheck.called);
+    });
+    it('covers invalid basic auth', async function () {
+      req.getHeader.returns('Basic Zm9vOmJhcg==');
+      sinon.stub(authenticator, 'sessionCheck').resolves(false);
+      sinon.stub(authenticator, 'isValidAuthorization').resolves(false);
+      try {
+        await authenticator.apiRequiredLocal(req, res, ctx);
+        assert.fail(noExpectedException);
+      } catch (e) {
+        assert.strictEqual(e.statusCode, 401);
+        assert(!authenticator.sessionCheck.called);
+        assert(authenticator.isValidAuthorization.called);
+      }
+    });
+    it('covers missing basic auth, valid session', async function () {
+      req.getHeader.returns();
+      sinon.stub(authenticator, 'sessionCheck').resolves(true);
+      sinon.stub(authenticator, 'isValidAuthorization').resolves(false);
+      const result = await authenticator.apiRequiredLocal(req, res, ctx);
       assert.strictEqual(result, true);
+      assert(!authenticator.isValidAuthorization.called);
+      assert(authenticator.sessionCheck.called);
     });
-    it('requests basic auth when missing, ignores session', async function () {
+    it('covers missing basic auth, ignores session', async function () {
       req.getHeader.returns();
       sinon.stub(authenticator, 'isValidAuthorization').resolves(true);
       try {
         await authenticator.apiRequiredLocal(req, res, ctx, false);
         assert.fail(noExpectedException);
       } catch (e) {
-        console.log(e);
         assert.strictEqual(e.statusCode, 401);
         assert(!authenticator.sessionCheck.called);
         assert(!authenticator.isValidAuthorization.called);