socketio-jwt/test/authorizer.test.js

const Q = require('q')
const fixture = require('./fixture')
const request = require('request')
const io = require('socket.io-client')

describe('authorizer', () => {
  //start and stop the server
  before((done) => {
    fixture.start({}, done)
  })
  after(fixture.stop)

  describe('when the user is not logged in', () => {
    it('should emit error with unauthorized handshake', (done) => {
      const socket = io.connect('http://localhost:9000?token=boooooo', {
        forceNew: true
      })

      socket.on('error', (err) => {
        err.message.should.eql('jwt malformed')
        err.code.should.eql('invalid_token')
        socket.close()
        done()
      })
    })
  })

  describe('when the user is logged in', () => {
    before((done) => {
      request.post(
        {
          url: 'http://localhost:9000/login',
          form: { username: 'jose', password: 'Pa123' },
          json: true
        },
        (err, resp, body) => {
          this.token = body.token
          done()
        }
      )
    })

    describe('authorizer disallows query string token when specified in startup options', () => {
      before((done) => {
        Q.ninvoke(fixture, 'stop')
          .then(() =>
            Q.ninvoke(fixture, 'start', { auth_header_required: true })
          )
          .done(done)
      })

      after((done) => {
        Q.ninvoke(fixture, 'stop')
          .then(() => Q.ninvoke(fixture, 'start', {}))
          .done(done)
      })

      it('auth headers are supported', (done) => {
        const socket = io.connect('http://localhost:9000', {
          forceNew: true,
          extraHeaders: { Authorization: 'Bearer ' + this.token }
        })

        socket
          .on('connect', () => {
            socket.close()
            done()
          })
          .on('error', done)
      })

      it('auth token in query string is disallowed', (done) => {
        const socket = io.connect('http://localhost:9000', {
          forceNew: true,
          query: 'token=' + this.token
        })

        socket.on('error', (err) => {
          err.message.should.eql('Server requires Authorization Header')
          err.code.should.eql('missing_authorization_header')
          socket.close()
          done()
        })
      })
    })

    describe('authorizer all auth types allowed', () => {
      before((done) => {
        Q.ninvoke(fixture, 'stop')
          .then(() => Q.ninvoke(fixture, 'start', {}))
          .done(done)
      })

      it('auth headers are supported', (done) => {
        const socket = io.connect('http://localhost:9000', {
          forceNew: true,
          extraHeaders: { Authorization: 'Bearer ' + this.token }
        })

        socket
          .on('connect', () => {
            socket.close()
            done()
          })
          .on('error', done)
      })

      it('should do the handshake and connect', (done) => {
        const socket = io.connect('http://localhost:9000', {
          forceNew: true,
          query: 'token=' + this.token
        })

        socket
          .on('connect', () => {
            socket.close()
            done()
          })
          .on('error', done)
      })
    })
  })

  describe('unsigned token', () => {
    beforeEach(() => {
      this.token =
        'eyJhbGciOiJub25lIiwiY3R5IjoiSldUIn0.eyJuYW1lIjoiSm9obiBGb28ifQ.'
    })

    it('should not do the handshake and connect', (done) => {
      const socket = io.connect('http://localhost:9000', {
        forceNew: true,
        query: 'token=' + this.token
      })

      socket
        .on('connect', () => {
          socket.close()
          done(new Error('this shouldnt happen'))
        })
        .on('error', (err) => {
          socket.close()
          err.message.should.eql('jwt signature is required')
          done()
        })
    })
  })
})
chore: initial commit 2020-12-27 17:25:44 +01:00			`const Q = require('q')`
			`const fixture = require('./fixture')`
			`const request = require('request')`
			`const io = require('socket.io-client')`
add basic integration tests 2012-11-16 16:43:12 +01:00
Fixed travis - Tests against Node 4, 8, 10, 12 and newest Modernized: - Use arrow functions - Use string templates in examples and some code - Use single quote for strings 2019-10-14 01:46:30 +02:00			`describe('authorizer', () => {`
added ability to enforce only header authorization versus query string authorization - DK/MW 2016-10-20 18:13:23 +02:00			`//start and stop the server`
chore: initial commit 2020-12-27 17:25:44 +01:00			`before((done) => {`
			`fixture.start({}, done)`
			`})`
			`after(fixture.stop)`
add basic integration tests 2012-11-16 16:43:12 +01:00
Fixed travis - Tests against Node 4, 8, 10, 12 and newest Modernized: - Use arrow functions - Use string templates in examples and some code - Use single quote for strings 2019-10-14 01:46:30 +02:00			`describe('when the user is not logged in', () => {`
			`it('should emit error with unauthorized handshake', (done) => {`
Fixed auth.required Misc: - Resolved conflicts - Added test case, to fail if server grants prohibited admin access - Simplified test logic - Prevented usage of "var" (used const / let instead) - Formatting - Cleanup - Typos 2019-10-13 15:52:14 +02:00			`const socket = io.connect('http://localhost:9000?token=boooooo', {`
			`forceNew: true`
chore: initial commit 2020-12-27 17:25:44 +01:00			`})`
added ability to enforce only header authorization versus query string authorization - DK/MW 2016-10-20 18:13:23 +02:00
Fixed travis - Tests against Node 4, 8, 10, 12 and newest Modernized: - Use arrow functions - Use string templates in examples and some code - Use single quote for strings 2019-10-14 01:46:30 +02:00			`socket.on('error', (err) => {`
chore: initial commit 2020-12-27 17:25:44 +01:00			`err.message.should.eql('jwt malformed')`
			`err.code.should.eql('invalid_token')`
			`socket.close()`
			`done()`
			`})`
			`})`
			`})`
initial commit after fork of passport-socketio 2014-01-13 20:00:21 +01:00
Fixed travis - Tests against Node 4, 8, 10, 12 and newest Modernized: - Use arrow functions - Use string templates in examples and some code - Use single quote for strings 2019-10-14 01:46:30 +02:00			`describe('when the user is logged in', () => {`
			`before((done) => {`
chore: initial commit 2020-12-27 17:25:44 +01:00			`request.post(`
			`{`
			`url: 'http://localhost:9000/login',`
			`form: { username: 'jose', password: 'Pa123' },`
			`json: true`
			`},`
			`(err, resp, body) => {`
			`this.token = body.token`
			`done()`
			`}`
			`)`
			`})`
add basic integration tests 2012-11-16 16:43:12 +01:00
Fixed travis - Tests against Node 4, 8, 10, 12 and newest Modernized: - Use arrow functions - Use string templates in examples and some code - Use single quote for strings 2019-10-14 01:46:30 +02:00			`describe('authorizer disallows query string token when specified in startup options', () => {`
			`before((done) => {`
added ability to enforce only header authorization versus query string authorization - DK/MW 2016-10-20 18:13:23 +02:00			`Q.ninvoke(fixture, 'stop')`
chore: initial commit 2020-12-27 17:25:44 +01:00			`.then(() =>`
			`Q.ninvoke(fixture, 'start', { auth_header_required: true })`
			`)`
			`.done(done)`
			`})`
Fixed auth.required Misc: - Resolved conflicts - Added test case, to fail if server grants prohibited admin access - Simplified test logic - Prevented usage of "var" (used const / let instead) - Formatting - Cleanup - Typos 2019-10-13 15:52:14 +02:00
Fixed travis - Tests against Node 4, 8, 10, 12 and newest Modernized: - Use arrow functions - Use string templates in examples and some code - Use single quote for strings 2019-10-14 01:46:30 +02:00			`after((done) => {`
added ability to enforce only header authorization versus query string authorization - DK/MW 2016-10-20 18:13:23 +02:00			`Q.ninvoke(fixture, 'stop')`
chore: initial commit 2020-12-27 17:25:44 +01:00			`.then(() => Q.ninvoke(fixture, 'start', {}))`
			`.done(done)`
			`})`
add basic integration tests 2012-11-16 16:43:12 +01:00
Fixed travis - Tests against Node 4, 8, 10, 12 and newest Modernized: - Use arrow functions - Use string templates in examples and some code - Use single quote for strings 2019-10-14 01:46:30 +02:00			`it('auth headers are supported', (done) => {`
Fixed auth.required Misc: - Resolved conflicts - Added test case, to fail if server grants prohibited admin access - Simplified test logic - Prevented usage of "var" (used const / let instead) - Formatting - Cleanup - Typos 2019-10-13 15:52:14 +02:00			`const socket = io.connect('http://localhost:9000', {`
			`forceNew: true,`
chore: initial commit 2020-12-27 17:25:44 +01:00			`extraHeaders: { Authorization: 'Bearer ' + this.token }`
			`})`
Fixed auth.required Misc: - Resolved conflicts - Added test case, to fail if server grants prohibited admin access - Simplified test logic - Prevented usage of "var" (used const / let instead) - Formatting - Cleanup - Typos 2019-10-13 15:52:14 +02:00
			`socket`
Fixed travis - Tests against Node 4, 8, 10, 12 and newest Modernized: - Use arrow functions - Use string templates in examples and some code - Use single quote for strings 2019-10-14 01:46:30 +02:00			`.on('connect', () => {`
chore: initial commit 2020-12-27 17:25:44 +01:00			`socket.close()`
			`done()`
Fixed auth.required Misc: - Resolved conflicts - Added test case, to fail if server grants prohibited admin access - Simplified test logic - Prevented usage of "var" (used const / let instead) - Formatting - Cleanup - Typos 2019-10-13 15:52:14 +02:00			`})`
chore: initial commit 2020-12-27 17:25:44 +01:00			`.on('error', done)`
			`})`
going to be adding new options but want it within the same general authorizer test suite - DK/MW 2016-10-20 17:38:43 +02:00
Fixed travis - Tests against Node 4, 8, 10, 12 and newest Modernized: - Use arrow functions - Use string templates in examples and some code - Use single quote for strings 2019-10-14 01:46:30 +02:00			`it('auth token in query string is disallowed', (done) => {`
Fixed auth.required Misc: - Resolved conflicts - Added test case, to fail if server grants prohibited admin access - Simplified test logic - Prevented usage of "var" (used const / let instead) - Formatting - Cleanup - Typos 2019-10-13 15:52:14 +02:00			`const socket = io.connect('http://localhost:9000', {`
			`forceNew: true,`
			`query: 'token=' + this.token`
chore: initial commit 2020-12-27 17:25:44 +01:00			`})`
Fixed auth.required Misc: - Resolved conflicts - Added test case, to fail if server grants prohibited admin access - Simplified test logic - Prevented usage of "var" (used const / let instead) - Formatting - Cleanup - Typos 2019-10-13 15:52:14 +02:00
Fixed travis - Tests against Node 4, 8, 10, 12 and newest Modernized: - Use arrow functions - Use string templates in examples and some code - Use single quote for strings 2019-10-14 01:46:30 +02:00			`socket.on('error', (err) => {`
chore: initial commit 2020-12-27 17:25:44 +01:00			`err.message.should.eql('Server requires Authorization Header')`
			`err.code.should.eql('missing_authorization_header')`
			`socket.close()`
			`done()`
			`})`
			`})`
added ability to enforce only header authorization versus query string authorization - DK/MW 2016-10-20 18:13:23 +02:00			`})`
add basic integration tests 2012-11-16 16:43:12 +01:00
Fixed travis - Tests against Node 4, 8, 10, 12 and newest Modernized: - Use arrow functions - Use string templates in examples and some code - Use single quote for strings 2019-10-14 01:46:30 +02:00			`describe('authorizer all auth types allowed', () => {`
			`before((done) => {`
added ability to enforce only header authorization versus query string authorization - DK/MW 2016-10-20 18:13:23 +02:00			`Q.ninvoke(fixture, 'stop')`
Fixed travis - Tests against Node 4, 8, 10, 12 and newest Modernized: - Use arrow functions - Use string templates in examples and some code - Use single quote for strings 2019-10-14 01:46:30 +02:00			`.then(() => Q.ninvoke(fixture, 'start', {}))`
chore: initial commit 2020-12-27 17:25:44 +01:00			`.done(done)`
added ability to enforce only header authorization versus query string authorization - DK/MW 2016-10-20 18:13:23 +02:00			`})`
testing lines of code that are not documented...and documenting them - DK/MW 2016-10-20 17:22:11 +02:00
Fixed travis - Tests against Node 4, 8, 10, 12 and newest Modernized: - Use arrow functions - Use string templates in examples and some code - Use single quote for strings 2019-10-14 01:46:30 +02:00			`it('auth headers are supported', (done) => {`
Fixed auth.required Misc: - Resolved conflicts - Added test case, to fail if server grants prohibited admin access - Simplified test logic - Prevented usage of "var" (used const / let instead) - Formatting - Cleanup - Typos 2019-10-13 15:52:14 +02:00			`const socket = io.connect('http://localhost:9000', {`
			`forceNew: true,`
			`extraHeaders: { Authorization: 'Bearer ' + this.token }`
chore: initial commit 2020-12-27 17:25:44 +01:00			`})`
Fixed auth.required Misc: - Resolved conflicts - Added test case, to fail if server grants prohibited admin access - Simplified test logic - Prevented usage of "var" (used const / let instead) - Formatting - Cleanup - Typos 2019-10-13 15:52:14 +02:00
			`socket`
Fixed travis - Tests against Node 4, 8, 10, 12 and newest Modernized: - Use arrow functions - Use string templates in examples and some code - Use single quote for strings 2019-10-14 01:46:30 +02:00			`.on('connect', () => {`
chore: initial commit 2020-12-27 17:25:44 +01:00			`socket.close()`
			`done()`
Fixed auth.required Misc: - Resolved conflicts - Added test case, to fail if server grants prohibited admin access - Simplified test logic - Prevented usage of "var" (used const / let instead) - Formatting - Cleanup - Typos 2019-10-13 15:52:14 +02:00			`})`
chore: initial commit 2020-12-27 17:25:44 +01:00			`.on('error', done)`
			`})`
initial commit after fork of passport-socketio 2014-01-13 20:00:21 +01:00
Fixed travis - Tests against Node 4, 8, 10, 12 and newest Modernized: - Use arrow functions - Use string templates in examples and some code - Use single quote for strings 2019-10-14 01:46:30 +02:00			`it('should do the handshake and connect', (done) => {`
Fixed auth.required Misc: - Resolved conflicts - Added test case, to fail if server grants prohibited admin access - Simplified test logic - Prevented usage of "var" (used const / let instead) - Formatting - Cleanup - Typos 2019-10-13 15:52:14 +02:00			`const socket = io.connect('http://localhost:9000', {`
			`forceNew: true,`
			`query: 'token=' + this.token`
chore: initial commit 2020-12-27 17:25:44 +01:00			`})`
Fixed auth.required Misc: - Resolved conflicts - Added test case, to fail if server grants prohibited admin access - Simplified test logic - Prevented usage of "var" (used const / let instead) - Formatting - Cleanup - Typos 2019-10-13 15:52:14 +02:00
			`socket`
Fixed travis - Tests against Node 4, 8, 10, 12 and newest Modernized: - Use arrow functions - Use string templates in examples and some code - Use single quote for strings 2019-10-14 01:46:30 +02:00			`.on('connect', () => {`
chore: initial commit 2020-12-27 17:25:44 +01:00			`socket.close()`
			`done()`
Fixed auth.required Misc: - Resolved conflicts - Added test case, to fail if server grants prohibited admin access - Simplified test logic - Prevented usage of "var" (used const / let instead) - Formatting - Cleanup - Typos 2019-10-13 15:52:14 +02:00			`})`
chore: initial commit 2020-12-27 17:25:44 +01:00			`.on('error', done)`
			`})`
			`})`
			`})`
update jsonwebtoken module to fix security issue 2014-07-17 01:29:39 +02:00
Fixed travis - Tests against Node 4, 8, 10, 12 and newest Modernized: - Use arrow functions - Use string templates in examples and some code - Use single quote for strings 2019-10-14 01:46:30 +02:00			`describe('unsigned token', () => {`
			`beforeEach(() => {`
chore: initial commit 2020-12-27 17:25:44 +01:00			`this.token =`
			`'eyJhbGciOiJub25lIiwiY3R5IjoiSldUIn0.eyJuYW1lIjoiSm9obiBGb28ifQ.'`
			`})`
going to be adding new options but want it within the same general authorizer test suite - DK/MW 2016-10-20 17:38:43 +02:00
Fixed travis - Tests against Node 4, 8, 10, 12 and newest Modernized: - Use arrow functions - Use string templates in examples and some code - Use single quote for strings 2019-10-14 01:46:30 +02:00			`it('should not do the handshake and connect', (done) => {`
Fixed auth.required Misc: - Resolved conflicts - Added test case, to fail if server grants prohibited admin access - Simplified test logic - Prevented usage of "var" (used const / let instead) - Formatting - Cleanup - Typos 2019-10-13 15:52:14 +02:00			`const socket = io.connect('http://localhost:9000', {`
			`forceNew: true,`
			`query: 'token=' + this.token`
chore: initial commit 2020-12-27 17:25:44 +01:00			`})`
Fixed auth.required Misc: - Resolved conflicts - Added test case, to fail if server grants prohibited admin access - Simplified test logic - Prevented usage of "var" (used const / let instead) - Formatting - Cleanup - Typos 2019-10-13 15:52:14 +02:00
			`socket`
Fixed travis - Tests against Node 4, 8, 10, 12 and newest Modernized: - Use arrow functions - Use string templates in examples and some code - Use single quote for strings 2019-10-14 01:46:30 +02:00			`.on('connect', () => {`
chore: initial commit 2020-12-27 17:25:44 +01:00			`socket.close()`
			`done(new Error('this shouldnt happen'))`
Fixed auth.required Misc: - Resolved conflicts - Added test case, to fail if server grants prohibited admin access - Simplified test logic - Prevented usage of "var" (used const / let instead) - Formatting - Cleanup - Typos 2019-10-13 15:52:14 +02:00			`})`
Fixed travis - Tests against Node 4, 8, 10, 12 and newest Modernized: - Use arrow functions - Use string templates in examples and some code - Use single quote for strings 2019-10-14 01:46:30 +02:00			`.on('error', (err) => {`
chore: initial commit 2020-12-27 17:25:44 +01:00			`socket.close()`
			`err.message.should.eql('jwt signature is required')`
			`done()`
			`})`
			`})`
			`})`
			`})`