X-Git-Url: https://git.squeep.com/?a=blobdiff_plain;f=test%2Flib%2Fauthenticator.js;h=0e55094603e4e9eac0d718c8244633f56ba27891;hb=HEAD;hp=341bc9bfb52d8bc16df7e3d7bab5ab9937a9b4ce;hpb=786f4aa122c3c3a1c1c8224abacd12d0ca079cd0;p=squeep-authentication-module diff --git a/test/lib/authenticator.js b/test/lib/authenticator.js index 341bc9b..0e55094 100644 --- a/test/lib/authenticator.js +++ b/test/lib/authenticator.js @@ -1,8 +1,7 @@ -/* eslint-env mocha */ 'use strict'; -const assert = require('assert'); -const sinon = require('sinon'); // eslint-disable-line node/no-unpublished-require +const assert = require('node:assert'); +const sinon = require('sinon'); const Authenticator = require('../../lib/authenticator'); const stubLogger = require('../stub-logger'); const stubDb = require('../stub-db'); @@ -51,6 +50,11 @@ describe('Authenticator', function () { authenticator = new Authenticator(stubLogger, stubDb, options); }); + it('covers invalid sameSite', function () { + options.authenticator.sessionCookieSameSite = 'Sometimes'; + assert.throws(() => new Authenticator(stubLogger, stubDb, options), RangeError); + }); + describe('createIdentifier', function () { let dbCtx; beforeEach(function () { @@ -73,7 +77,7 @@ describe('Authenticator', function () { assert.deepStrictEqual(e, expected); assert(authenticator.db.authenticationUpsert.called); assert(authenticator.logger.error.called); - } + } }); }); // createIdentifier @@ -138,13 +142,14 @@ describe('Authenticator', function () { }); // _validateAuthDataCredential describe('isValidBasic', function () { + const b64 = (x) => Buffer.from(x).toString('base64'); it('succeeds', async function () { _authMechanismRequired(authenticator, 'argon2'); authenticator.db.authenticationGet.resolves({ identifier, credential, }); - const authString = `${identifier}:${password}`; + const authString = b64(`${identifier}:${password}`); const result = await authenticator.isValidBasic(authString, ctx); assert.strictEqual(result, true); assert.strictEqual(ctx.authenticationId, identifier); @@ -155,14 +160,14 @@ describe('Authenticator', function () { identifier, credential, }); - const authString = `${identifier}:wrongPassword}`; + const authString = b64(`${identifier}:wrongPassword}`); const result = await authenticator.isValidBasic(authString, ctx); assert.strictEqual(result, false); assert.strictEqual(ctx.authenticationId, undefined); }); it('covers no entry', async function() { authenticator.db.authenticationGet.resolves(); - const authString = `${identifier}:wrongPassword}`; + const authString = b64(`${identifier}:wrongPassword}`); const result = await authenticator.isValidBasic(authString, ctx); assert.strictEqual(result, false); assert.strictEqual(ctx.authenticationId, undefined); @@ -172,7 +177,7 @@ describe('Authenticator', function () { identifier, credential: '$other$kind_of_credential', }); - const authString = `${identifier}:wrongPassword}`; + const authString = b64(`${identifier}:wrongPassword}`); const result = await authenticator.isValidBasic(authString, ctx); assert.strictEqual(result, false); assert.strictEqual(ctx.authenticationId, undefined); @@ -575,7 +580,7 @@ describe('Authenticator', function () { it('covers missing basic auth, ignores session', async function () { req.getHeader.returns(); sinon.stub(authenticator, 'isValidAuthorization').resolves(true); - assert.rejects(authenticator.apiRequiredLocal(req, res, ctx, false), { + assert.rejects(() => authenticator.apiRequiredLocal(req, res, ctx, false), { name: 'ResponseError', statusCode: 401, }); @@ -583,6 +588,11 @@ describe('Authenticator', function () { assert(!authenticator.isValidAuthorization.called); assert(res.setHeader.called); }); + it('covers errors', async function () { + sinon.stub(authenticator, 'isValidAuthorization').rejects(); + req.getHeader.returns('Basic Zm9vOmJhcg=='); + assert.rejects(() => authenticator.apiRequiredLocal(req, res, ctx)); + }); }); // apiRequiredLocal }); // Authenticator