if (!a.authn[m]) { // eslint-disable-line security/detect-object-injection
this.skip();
}
- };
+ }
beforeEach(function () {
options = Config('test');
assert.strictEqual(result, false);
assert.strictEqual(ctx.authenticationId, undefined);
});
+ it('covers non-string credential', async function () {
+ credential = '$argon2id$v=19$m=4096,t=3,p=1$SbAlHo5x2HM0PvMAWYHqww$gNn/o+B6+IWsnrVupPkTAiiK9tvwV+eM/HoXG41bnzM';
+ const result = await authenticator.isValidIdentifierCredential(identifier, undefined, ctx);
+ assert.strictEqual(result, false);
+ assert.strictEqual(ctx.authenticationId, undefined);
+ });
it('covers unknown password hash', async function () {
authenticator.db.authenticationGet.resolves({
identifier,
const result = await authenticator.sessionCheck(req, res, ctx, loginPath, required, profilesAllowed);
assert.strictEqual(result, true);
});
+ it('covers valid insecure cookie session', async function () {
+ authenticator.secureAuthOnly = false;
+ req.getHeader.returns(cookie);
+ sinon.stub(authenticator, 'isValidCookieAuth').resolves(true);
+ ctx.session = {
+ authenticatedIdentifier: 'user',
+ };
+ const result = await authenticator.sessionCheck(req, res, ctx, loginPath, required, profilesAllowed);
+ assert.strictEqual(result, true);
+ });
it('rejects insecure connection', async function () {
ctx.clientProtocol = 'http';
try {