X-Git-Url: https://git.squeep.com/?a=blobdiff_plain;f=test%2Flib%2Fcommunication.js;h=f544d80f67304ce8e47468623368b635e487e1a7;hb=cf9590ecbcd4b0a7c01f153cacade619518f84f0;hp=9a6056db723093696e4e4cc7f72561c3c3b9b54a;hpb=e648aedc1c912cd07da0b1dad7be3910248b25c9;p=squeep-indieauth-helper diff --git a/test/lib/communication.js b/test/lib/communication.js index 9a6056d..f544d80 100644 --- a/test/lib/communication.js +++ b/test/lib/communication.js @@ -7,6 +7,8 @@ const assert = require('assert'); const sinon = require('sinon'); // eslint-disable-line node/no-unpublished-require const Communication = require('../../lib/communication'); +const { ValidationError } = require('../../lib/errors'); +const dns = require('dns'); const stubLogger = require('../stub-logger'); const testData = require('../test-data/communication'); @@ -477,6 +479,204 @@ describe('Communication', function () { }); }); // fetchMicroformat + describe('fetchJSON', function () { + let expected, response, result, urlObj; + beforeEach(function () { + expected = undefined; + result = undefined; + urlObj = new URL('https://thuza.ratfeathers.com/'); + response = { + headers: Object.assign({}, testData.linkHeaders), + data: testData.hCardHtml, + }; + }); + it('covers', async function () { + communication.axios.resolves(response); + expected = { foo: 'bar', baz: 123 }; + response.data = JSON.stringify(expected); + + result = await communication.fetchJSON(urlObj); + assert.deepStrictEqual(result, expected); + }); + it('covers axios error', async function () { + communication.axios.rejects(new Error('blah')); + expected = undefined; + + result = await communication.fetchJSON(urlObj); + + assert.deepStrictEqual(result, expected); + }); + it('covers non-parsable content', async function () { + response.data = 'some bare text'; + response.headers = {}; + communication.axios.resolves(response); + expected = undefined; + + result = await communication.fetchJSON(urlObj); + + assert.deepStrictEqual(result, expected); + }); + }); // fetchJSON + + describe('validateProfile', function () { + let url, validationOptions; + beforeEach(function () { + url = 'https://example.com/'; + options = {}; + sinon.stub(dns, 'lookupAsync').resolves([{ family: 4, address: '10.11.12.14' }]); + }); + it('rejects invalid url', async function () { + url = 'bad url'; + await assert.rejects(() => communication.validateProfile(url, validationOptions), ValidationError); + }); + it('covers success', async function () { + const result = await communication.validateProfile(url, validationOptions); + assert.strictEqual(result.isLoopback, false); + }); + it('rejects invalid', async function () { + url = 'ftp://example.com/'; + await assert.rejects(() => communication.validateProfile(url, validationOptions), ValidationError); + }); + + }); // validateProfile + + describe('validateClientIdentifier', function () { + let url, validationOptions; + beforeEach(function () { + url = 'https://example.com/'; + options = {}; + sinon.stub(dns, 'lookupAsync').resolves([{ family: 4, address: '10.11.12.13' }]); + }); + it('rejects invalid url', async function () { + try { + await communication.validateClientIdentifier('bad url'); + assert.fail(noExpectedException); + } catch (e) { + assert(e instanceof ValidationError); + } + }); + it('rejects invalid scheme', async function () { + url = 'ftp://example.com/'; + try { + await communication.validateClientIdentifier(url, validationOptions); + assert.fail(noExpectedException); + } catch (e) { + assert(e instanceof ValidationError); + } + }); + it('rejects fragment', async function () { + url = 'https://example.com/#foo'; + try { + await communication.validateClientIdentifier(url, validationOptions); + assert.fail(noExpectedException); + } catch (e) { + assert(e instanceof ValidationError); + } + }); + it('rejects username', async function () { + url = 'https://user@example.com/'; + try { + await communication.validateClientIdentifier(url, validationOptions); + assert.fail(noExpectedException); + } catch (e) { + assert(e instanceof ValidationError); + } + }); + it('rejects password', async function () { + url = 'https://:foo@example.com/'; + try { + await communication.validateClientIdentifier(url, validationOptions); + assert.fail(noExpectedException); + } catch (e) { + assert(e instanceof ValidationError); + } + }); + it('rejects relative path', async function () { + url = 'https://example.com/client/../sneaky'; + try { + await communication.validateClientIdentifier(url, validationOptions); + assert.fail(noExpectedException); + } catch (e) { + assert(e instanceof ValidationError); + } + }); + it('rejects ipv4', async function () { + url = 'https://10.11.12.13/'; + try { + await communication.validateClientIdentifier(url, validationOptions); + assert.fail(noExpectedException); + } catch (e) { + assert(e instanceof ValidationError); + } + }); + it('rejects ipv6', async function () { + url = 'https://[fd64:defa:00e5:caf4:0dff::ad39]/'; + try { + await communication.validateClientIdentifier(url, validationOptions); + assert.fail(noExpectedException); + } catch (e) { + assert(e instanceof ValidationError); + } + }); + it('accepts ipv4 loopback', async function () { + url = 'https://127.0.0.1/'; + const result = await communication.validateClientIdentifier(url, validationOptions); + assert.strictEqual(result.isLoopback, true); + }); + it('accepts ipv6 loopback', async function () { + url = 'https://[::1]/'; + const result = await communication.validateClientIdentifier(url, validationOptions); + assert.strictEqual(result.isLoopback, true); + }); + it('accepts resolved ipv4 loopback', async function () { + dns.lookupAsync.resolves([{ family: 4, address: '127.0.0.1' }]); + const result = await communication.validateClientIdentifier(url, validationOptions); + assert.strictEqual(result.isLoopback, true); + }); + it('accepts resolved ipv6 loopback', async function () { + dns.lookupAsync.resolves([{ family: 6, address: '::1' }]); + const result = await communication.validateClientIdentifier(url, validationOptions); + assert.strictEqual(result.isLoopback, true); + }); + it('covers success', async function () { + const result = await communication.validateClientIdentifier(url, validationOptions); + assert.strictEqual(result.isLoopback, false); + }); + it('rejects resolution failure', async function () { + dns.lookupAsync.rejects(new Error('oh no')); + try { + await communication.validateClientIdentifier(url, validationOptions); + assert.fail(noExpectedException); + } catch (e) { + assert(e instanceof ValidationError); + } + }); + it('rejects mismatched resolutions', async function () { + dns.lookupAsync.onCall(1).resolves([{ family: 4, address: '10.9.8.7' }]); + try { + await communication.validateClientIdentifier(url, validationOptions); + assert.fail(noExpectedException); + } catch (e) { + assert(e instanceof ValidationError); + } + }); + it('ignores unknown dns family', async function () { + dns.lookupAsync.resolves([{ family: 5, address: '10.9.8.7' }]); + const result = await communication.validateClientIdentifier(url, validationOptions); + assert.strictEqual(result.isLoopback, false); + }); + it('covers rooted hostname', async function() { + url = 'https://example.com./'; + const result = await communication.validateClientIdentifier(url, validationOptions); + assert.strictEqual(result.isLoopback, false); + }); + it('covers unresolved', async function () { + dns.lookupAsync.resolves(); + const result = await communication.validateClientIdentifier(url, validationOptions); + assert.strictEqual(result.isLoopback, false); + }); + }); // validateClientIdentifier + describe('fetchClientIdentifier', function () { let expected, response, result, urlObj; beforeEach(function () { @@ -553,6 +753,17 @@ describe('Communication', function () { result = await communication.fetchClientIdentifier(urlObj); assert.deepStrictEqual(result, expected); }); + it('covers loopback', async function () { + sinon.spy(communication, 'fetchMicroformat'); + urlObj.isLoopback = true; + expected = { + rels: {}, + items: [], + }; + result = await communication.fetchClientIdentifier(urlObj); + assert.deepStrictEqual(result, expected); + assert(communication.fetchMicroformat.notCalled); + }); }); // fetchClientIdentifier describe('fetchProfile', function () { @@ -565,43 +776,141 @@ describe('Communication', function () { headers: {}, data: testData.hCardHtml, }; + sinon.stub(communication, 'fetchJSON'); + }); + describe('legacy without indieauth-metadata', function () { + it('covers', async function () { + communication.axios.resolves(response); + expected = { + name: 'Thuza', + photo: 'https://thuza.ratfeathers.com/image.png', + url: 'https://thuza.ratfeathers.com/', + email: undefined, + authorizationEndpoint: 'https://ia.squeep.com/auth', + tokenEndpoint: 'https://ia.squeep.com/token', + metadata: { + authorizationEndpoint: 'https://ia.squeep.com/auth', + tokenEndpoint: 'https://ia.squeep.com/token', + }, + }; + result = await communication.fetchProfile(urlObj); + assert.deepStrictEqual(result, expected); + }); + it('covers multiple hCards', async function () { + response.data = testData.multiMF2Html; + communication.axios.resolves(response); + expected = { + email: undefined, + name: 'Thuza', + photo: 'https://thuza.ratfeathers.com/image.png', + url: 'https://thuza.ratfeathers.com/', + authorizationEndpoint: 'https://ia.squeep.com/auth', + tokenEndpoint: 'https://ia.squeep.com/token', + metadata: { + authorizationEndpoint: 'https://ia.squeep.com/auth', + tokenEndpoint: 'https://ia.squeep.com/token', + }, + }; + result = await communication.fetchProfile(urlObj); + assert.deepStrictEqual(result, expected); + }); + it('covers failed fetch', async function () { + communication.axios.rejects(); + expected = { + email: undefined, + name: undefined, + photo: undefined, + url: undefined, + metadata: {}, + }; + result = await communication.fetchProfile(urlObj); + assert.deepStrictEqual(result, expected); + }); }); it('covers', async function () { + response.data = testData.hCardMetadataHtml; communication.axios.resolves(response); + communication.fetchJSON.resolves({ + 'issuer': 'https://ia.squeep.com/', + 'authorization_endpoint': 'https://ia.squeep.com/auth', + 'token_endpoint': 'https://ia.squeep.com/token', + 'introspection_endpoint': 'https://ia.squeep.com/introspect', + 'introspection_endpoint_auth_methods_supported': [ '' ], + 'revocation_endpoint': 'https://ia.squeep.com/revoke', + 'revocation_endpoint_auth_methods_supported': [ 'none' ], + 'scopes_supported': [ 'profile', 'email' ], + 'service_documentation': 'https://indieauth.spec.indieweb.org/', + 'code_challenge_methods_supported': [ 'S256', 'SHA256' ], + 'authorization_response_iss_parameter_supported': true, + 'userinfo_endpoint': 'https://ia.squeep.com/userinfo', + }); expected = { name: 'Thuza', photo: 'https://thuza.ratfeathers.com/image.png', url: 'https://thuza.ratfeathers.com/', email: undefined, + metadata: { + authorizationEndpoint: 'https://ia.squeep.com/auth', + tokenEndpoint: 'https://ia.squeep.com/token', + issuer: 'https://ia.squeep.com/', + introspectionEndpoint: 'https://ia.squeep.com/introspect', + introspectionEndpointAuthMethodsSupported: [ '' ], + revocationEndpoint: 'https://ia.squeep.com/revoke', + revocationEndpointAuthMethodsSupported: [ 'none' ], + scopesSupported: [ 'profile', 'email' ], + serviceDocumentation: 'https://indieauth.spec.indieweb.org/', + codeChallengeMethodsSupported: [ 'S256', 'SHA256' ], + authorizationResponseIssParameterSupported: true, + userinfoEndpoint: 'https://ia.squeep.com/userinfo', + }, authorizationEndpoint: 'https://ia.squeep.com/auth', tokenEndpoint: 'https://ia.squeep.com/token', + indieauthMetadata: 'https://ia.squeep.com/meta', }; + result = await communication.fetchProfile(urlObj); + assert.deepStrictEqual(result, expected); }); - it('covers multiple hCards', async function () { - response.data = testData.multiMF2Html; + it('covers metadata missing fields', async function () { + response.data = testData.hCardMetadataHtml; communication.axios.resolves(response); + communication.fetchJSON.resolves({ + 'issuer': 'https://ia.squeep.com/', + }); expected = { - email: undefined, name: 'Thuza', photo: 'https://thuza.ratfeathers.com/image.png', url: 'https://thuza.ratfeathers.com/', - authorizationEndpoint: 'https://ia.squeep.com/auth', - tokenEndpoint: 'https://ia.squeep.com/token', + email: undefined, + metadata: { + issuer: 'https://ia.squeep.com/', + }, + indieauthMetadata: 'https://ia.squeep.com/meta', }; + result = await communication.fetchProfile(urlObj); + assert.deepStrictEqual(result, expected); }); - it('covers failed fetch', async function () { - communication.axios.rejects(); + it('covers metadata response failure', async function () { + const jsonError = new Error('oh no'); + response.data = testData.hCardMetadataHtml; + communication.axios + .onCall(0).resolves(response) + .onCall(1).rejects(jsonError); + communication.fetchJSON.restore(); expected = { + name: 'Thuza', + photo: 'https://thuza.ratfeathers.com/image.png', + url: 'https://thuza.ratfeathers.com/', email: undefined, - name: undefined, - photo: undefined, - url: undefined, + metadata: {}, + indieauthMetadata: 'https://ia.squeep.com/meta', }; + result = await communication.fetchProfile(urlObj); + assert.deepStrictEqual(result, expected); }); }); // fetchProfile @@ -617,7 +926,7 @@ describe('Communication', function () { }); it('covers', async function () { communication.axios.resolves({ - data: '{"me":"https://profile.example.com/"}' + data: '{"me":"https://profile.example.com/"}', }); expected = { me: 'https://profile.example.com/',