This repository has been archived on 2024-11-11. You can view files and clone it, but cannot push or open issues or pull requests.
socketio-jwt/test/authorizer.test.js

149 lines
3.8 KiB
JavaScript
Raw Normal View History

2020-12-27 17:25:44 +01:00
const Q = require('q')
const fixture = require('./fixture')
const request = require('request')
const io = require('socket.io-client')
2012-11-16 16:43:12 +01:00
describe('authorizer', () => {
//start and stop the server
2020-12-27 17:25:44 +01:00
before((done) => {
fixture.start({}, done)
})
after(fixture.stop)
2012-11-16 16:43:12 +01:00
describe('when the user is not logged in', () => {
it('should emit error with unauthorized handshake', (done) => {
const socket = io.connect('http://localhost:9000?token=boooooo', {
forceNew: true
2020-12-27 17:25:44 +01:00
})
socket.on('error', (err) => {
2020-12-27 17:25:44 +01:00
err.message.should.eql('jwt malformed')
err.code.should.eql('invalid_token')
socket.close()
done()
})
})
})
describe('when the user is logged in', () => {
before((done) => {
2020-12-27 17:25:44 +01:00
request.post(
{
url: 'http://localhost:9000/login',
form: { username: 'jose', password: 'Pa123' },
json: true
},
(err, resp, body) => {
this.token = body.token
done()
}
)
})
2012-11-16 16:43:12 +01:00
describe('authorizer disallows query string token when specified in startup options', () => {
before((done) => {
Q.ninvoke(fixture, 'stop')
2020-12-27 17:25:44 +01:00
.then(() =>
Q.ninvoke(fixture, 'start', { auth_header_required: true })
)
.done(done)
})
after((done) => {
Q.ninvoke(fixture, 'stop')
2020-12-27 17:25:44 +01:00
.then(() => Q.ninvoke(fixture, 'start', {}))
.done(done)
})
2012-11-16 16:43:12 +01:00
it('auth headers are supported', (done) => {
const socket = io.connect('http://localhost:9000', {
forceNew: true,
2020-12-27 17:25:44 +01:00
extraHeaders: { Authorization: 'Bearer ' + this.token }
})
socket
.on('connect', () => {
2020-12-27 17:25:44 +01:00
socket.close()
done()
})
2020-12-27 17:25:44 +01:00
.on('error', done)
})
it('auth token in query string is disallowed', (done) => {
const socket = io.connect('http://localhost:9000', {
forceNew: true,
query: 'token=' + this.token
2020-12-27 17:25:44 +01:00
})
socket.on('error', (err) => {
2020-12-27 17:25:44 +01:00
err.message.should.eql('Server requires Authorization Header')
err.code.should.eql('missing_authorization_header')
socket.close()
done()
})
})
})
2012-11-16 16:43:12 +01:00
describe('authorizer all auth types allowed', () => {
before((done) => {
Q.ninvoke(fixture, 'stop')
.then(() => Q.ninvoke(fixture, 'start', {}))
2020-12-27 17:25:44 +01:00
.done(done)
})
it('auth headers are supported', (done) => {
const socket = io.connect('http://localhost:9000', {
forceNew: true,
extraHeaders: { Authorization: 'Bearer ' + this.token }
2020-12-27 17:25:44 +01:00
})
socket
.on('connect', () => {
2020-12-27 17:25:44 +01:00
socket.close()
done()
})
2020-12-27 17:25:44 +01:00
.on('error', done)
})
it('should do the handshake and connect', (done) => {
const socket = io.connect('http://localhost:9000', {
forceNew: true,
query: 'token=' + this.token
2020-12-27 17:25:44 +01:00
})
socket
.on('connect', () => {
2020-12-27 17:25:44 +01:00
socket.close()
done()
})
2020-12-27 17:25:44 +01:00
.on('error', done)
})
})
})
describe('unsigned token', () => {
beforeEach(() => {
2020-12-27 17:25:44 +01:00
this.token =
'eyJhbGciOiJub25lIiwiY3R5IjoiSldUIn0.eyJuYW1lIjoiSm9obiBGb28ifQ.'
})
it('should not do the handshake and connect', (done) => {
const socket = io.connect('http://localhost:9000', {
forceNew: true,
query: 'token=' + this.token
2020-12-27 17:25:44 +01:00
})
socket
.on('connect', () => {
2020-12-27 17:25:44 +01:00
socket.close()
done(new Error('this shouldnt happen'))
})
.on('error', (err) => {
2020-12-27 17:25:44 +01:00
socket.close()
err.message.should.eql('jwt signature is required')
done()
})
})
})
})