2
1
mirror of https://github.com/Thream/socketio-jwt.git synced 2024-11-09 22:20:08 +01:00
socketio-jwt/test/authorizer.test.js

142 lines
3.7 KiB
JavaScript
Raw Normal View History

const Q = require('q');
const fixture = require('./fixture');
const request = require('request');
const io = require('socket.io-client');
2012-11-16 16:43:12 +01:00
describe('authorizer', () => {
//start and stop the server
before((done) => { fixture.start({ }, done) });
after(fixture.stop);
2012-11-16 16:43:12 +01:00
describe('when the user is not logged in', () => {
it('should emit error with unauthorized handshake', (done) => {
const socket = io.connect('http://localhost:9000?token=boooooo', {
forceNew: true
});
socket.on('error', (err) => {
err.message.should.eql('jwt malformed');
err.code.should.eql('invalid_token');
socket.close();
done();
});
});
});
describe('when the user is logged in', () => {
before((done) => {
request.post({
url: 'http://localhost:9000/login',
form: { username: 'jose', password: 'Pa123' },
json: true
}, (err, resp, body) => {
this.token = body.token;
done();
});
2012-11-16 16:43:12 +01:00
});
describe('authorizer disallows query string token when specified in startup options', () => {
before((done) => {
Q.ninvoke(fixture, 'stop')
.then(() => Q.ninvoke(fixture, 'start', { auth_header_required: true }))
.done(done);
});
after((done) => {
Q.ninvoke(fixture, 'stop')
.then(() => Q.ninvoke(fixture, 'start', { }))
.done(done);
});
2012-11-16 16:43:12 +01:00
it('auth headers are supported', (done) => {
const socket = io.connect('http://localhost:9000', {
forceNew: true,
extraHeaders: { Authorization: 'Bearer ' + this.token}
});
socket
.on('connect', () => {
socket.close();
done();
})
.on('error', done);
});
it('auth token in query string is disallowed', (done) => {
const socket = io.connect('http://localhost:9000', {
forceNew: true,
query: 'token=' + this.token
});
socket.on('error', (err) => {
err.message.should.eql('Server requires Authorization Header');
err.code.should.eql('missing_authorization_header');
socket.close();
done();
});
});
})
2012-11-16 16:43:12 +01:00
describe('authorizer all auth types allowed', () => {
before((done) => {
Q.ninvoke(fixture, 'stop')
.then(() => Q.ninvoke(fixture, 'start', {}))
.done(done);
})
it('auth headers are supported', (done) => {
const socket = io.connect('http://localhost:9000', {
forceNew: true,
extraHeaders: { Authorization: 'Bearer ' + this.token }
});
socket
.on('connect', () => {
socket.close();
done();
})
.on('error', done);
});
it('should do the handshake and connect', (done) => {
const socket = io.connect('http://localhost:9000', {
forceNew: true,
query: 'token=' + this.token
});
socket
.on('connect', () => {
socket.close();
done();
})
.on('error', done);
});
});
});
describe('unsigned token', () => {
beforeEach(() => {
this.token = 'eyJhbGciOiJub25lIiwiY3R5IjoiSldUIn0.eyJuYW1lIjoiSm9obiBGb28ifQ.';
});
it('should not do the handshake and connect', (done) => {
const socket = io.connect('http://localhost:9000', {
forceNew: true,
query: 'token=' + this.token
});
socket
.on('connect', () => {
socket.close();
done(new Error('this shouldnt happen'));
})
.on('error', (err) => {
socket.close();
err.message.should.eql('jwt signature is required');
done();
});
});
});
2014-07-17 03:14:07 +02:00
});