update devDependencies, clean up lint issues

[squeep-authentication-module] / test / lib / authenticator.js

diff --git a/test/lib/authenticator.js b/test/lib/authenticator.js
index 71420810f3e878edc841c7c243976fc19e24b677..0e55094603e4e9eac0d718c8244633f56ba27891 100644 (file)
--- a/test/lib/authenticator.js
+++ b/test/lib/authenticator.js
@@ -1,9 +1,6 @@
-/* eslint-env mocha */
-/* eslint-disable sonarjs/no-duplicate-string */
-/* eslint-disable jsdoc/require-jsdoc */
 'use strict';
 
-const assert = require('assert');
+const assert = require('node:assert');
 const sinon = require('sinon');
 const Authenticator = require('../../lib/authenticator');
 const stubLogger = require('../stub-logger');
@@ -53,6 +50,11 @@ describe('Authenticator', function () {
     authenticator = new Authenticator(stubLogger, stubDb, options);
   });
 
+  it('covers invalid sameSite', function () {
+    options.authenticator.sessionCookieSameSite = 'Sometimes';
+    assert.throws(() => new Authenticator(stubLogger, stubDb, options), RangeError);
+  });
+
   describe('createIdentifier', function () {
     let dbCtx;
     beforeEach(function () {
@@ -140,13 +142,14 @@ describe('Authenticator', function () {
   }); // _validateAuthDataCredential
 
   describe('isValidBasic', function () {
+    const b64 = (x) => Buffer.from(x).toString('base64');
     it('succeeds', async function () {
       _authMechanismRequired(authenticator, 'argon2');
       authenticator.db.authenticationGet.resolves({
         identifier,
         credential,
       });
-      const authString = `${identifier}:${password}`;
+      const authString = b64(`${identifier}:${password}`);
       const result = await authenticator.isValidBasic(authString, ctx);
       assert.strictEqual(result, true);
       assert.strictEqual(ctx.authenticationId, identifier);
@@ -157,14 +160,14 @@ describe('Authenticator', function () {
         identifier,
         credential,
       });
-      const authString = `${identifier}:wrongPassword}`;
+      const authString = b64(`${identifier}:wrongPassword}`);
       const result = await authenticator.isValidBasic(authString, ctx);
       assert.strictEqual(result, false);
       assert.strictEqual(ctx.authenticationId, undefined);
     });
     it('covers no entry', async function() {
       authenticator.db.authenticationGet.resolves();
-      const authString = `${identifier}:wrongPassword}`;
+      const authString = b64(`${identifier}:wrongPassword}`);
       const result = await authenticator.isValidBasic(authString, ctx);
       assert.strictEqual(result, false);
       assert.strictEqual(ctx.authenticationId, undefined);
@@ -174,7 +177,7 @@ describe('Authenticator', function () {
         identifier,
         credential: '$other$kind_of_credential',
       });
-      const authString = `${identifier}:wrongPassword}`;
+      const authString = b64(`${identifier}:wrongPassword}`);
       const result = await authenticator.isValidBasic(authString, ctx);
       assert.strictEqual(result, false);
       assert.strictEqual(ctx.authenticationId, undefined);
@@ -577,7 +580,7 @@ describe('Authenticator', function () {
     it('covers missing basic auth, ignores session', async function () {
       req.getHeader.returns();
       sinon.stub(authenticator, 'isValidAuthorization').resolves(true);
-      assert.rejects(authenticator.apiRequiredLocal(req, res, ctx, false), {
+      assert.rejects(() => authenticator.apiRequiredLocal(req, res, ctx, false), {
         name: 'ResponseError',
         statusCode: 401,
       });
@@ -585,6 +588,11 @@ describe('Authenticator', function () {
       assert(!authenticator.isValidAuthorization.called);
       assert(res.setHeader.called);
     });
+    it('covers errors', async function () {
+      sinon.stub(authenticator, 'isValidAuthorization').rejects();
+      req.getHeader.returns('Basic Zm9vOmJhcg==');
+      assert.rejects(() => authenticator.apiRequiredLocal(req, res, ctx));
+    });
   }); // apiRequiredLocal
 
 }); // Authenticator