const Q = require('q') const fixture = require('./fixture') const request = require('request') const io = require('socket.io-client') describe('authorizer', () => { //start and stop the server before((done) => { fixture.start({}, done) }) after(fixture.stop) describe('when the user is not logged in', () => { it('should emit error with unauthorized handshake', (done) => { const socket = io.connect('http://localhost:9000?token=boooooo', { forceNew: true }) socket.on('error', (err) => { err.message.should.eql('jwt malformed') err.code.should.eql('invalid_token') socket.close() done() }) }) }) describe('when the user is logged in', () => { before((done) => { request.post( { url: 'http://localhost:9000/login', form: { username: 'jose', password: 'Pa123' }, json: true }, (err, resp, body) => { this.token = body.token done() } ) }) describe('authorizer disallows query string token when specified in startup options', () => { before((done) => { Q.ninvoke(fixture, 'stop') .then(() => Q.ninvoke(fixture, 'start', { auth_header_required: true }) ) .done(done) }) after((done) => { Q.ninvoke(fixture, 'stop') .then(() => Q.ninvoke(fixture, 'start', {})) .done(done) }) it('auth headers are supported', (done) => { const socket = io.connect('http://localhost:9000', { forceNew: true, extraHeaders: { Authorization: 'Bearer ' + this.token } }) socket .on('connect', () => { socket.close() done() }) .on('error', done) }) it('auth token in query string is disallowed', (done) => { const socket = io.connect('http://localhost:9000', { forceNew: true, query: 'token=' + this.token }) socket.on('error', (err) => { err.message.should.eql('Server requires Authorization Header') err.code.should.eql('missing_authorization_header') socket.close() done() }) }) }) describe('authorizer all auth types allowed', () => { before((done) => { Q.ninvoke(fixture, 'stop') .then(() => Q.ninvoke(fixture, 'start', {})) .done(done) }) it('auth headers are supported', (done) => { const socket = io.connect('http://localhost:9000', { forceNew: true, extraHeaders: { Authorization: 'Bearer ' + this.token } }) socket .on('connect', () => { socket.close() done() }) .on('error', done) }) it('should do the handshake and connect', (done) => { const socket = io.connect('http://localhost:9000', { forceNew: true, query: 'token=' + this.token }) socket .on('connect', () => { socket.close() done() }) .on('error', done) }) }) }) describe('unsigned token', () => { beforeEach(() => { this.token = 'eyJhbGciOiJub25lIiwiY3R5IjoiSldUIn0.eyJuYW1lIjoiSm9obiBGb28ifQ.' }) it('should not do the handshake and connect', (done) => { const socket = io.connect('http://localhost:9000', { forceNew: true, query: 'token=' + this.token }) socket .on('connect', () => { socket.close() done(new Error('this shouldnt happen')) }) .on('error', (err) => { socket.close() err.message.should.eql('jwt signature is required') done() }) }) }) })