Thream/socketio-jwt
2
1
Fork 0
mirror of https://github.com/Thream/socketio-jwt.git synced 2024-07-21 09:38:31 +02:00
Code Issues Releases Activity
27c59c3b0f
socketio-jwt/test/authorizer.test.js
Fabian Arndt 27c59c3b0f Fixed auth.required 
Misc:
- Resolved conflicts
- Added test case, to fail if server grants prohibited admin access
- Simplified test logic
- Prevented usage of "var" (used const / let instead)
- Formatting
- Cleanup
- Typos
2019-10-13 15:52:14 +02:00

142 lines
3.9 KiB
JavaScript
Raw Blame History

const Q = require('q');
const fixture = require('./fixture');
const request = require('request');
const io = require('socket.io-client');
describe('authorizer', function() {
//start and stop the server
before(function(done) { fixture.start({ }, done) });
after(fixture.stop);
describe('when the user is not logged in', function () {
it('should emit error with unauthorized handshake', function (done) {
const socket = io.connect('http://localhost:9000?token=boooooo', {
forceNew: true
});
socket.on('error', function(err) {
err.message.should.eql("jwt malformed");
err.code.should.eql("invalid_token");
socket.close();
done();
});
});
});
describe('when the user is logged in', function() {
before(function (done) {
request.post({
url: 'http://localhost:9000/login',
form: { username: 'jose', password: 'Pa123' },
json: true
}, function (err, resp, body) {
this.token = body.token;
done();
}.bind(this));
});
describe('authorizer disallows query string token when specified in startup options', function() {
before(function(done) {
Q.ninvoke(fixture, 'stop')
.then(function() { return Q.ninvoke(fixture, 'start', { auth_header_required: true })})
.done(done);
});
after(function(done) {
Q.ninvoke(fixture, 'stop')
.then(function() { return Q.ninvoke(fixture, 'start', { })})
.done(done);
});
it('auth headers are supported', function (done) {
const socket = io.connect('http://localhost:9000', {
forceNew: true,
extraHeaders: { Authorization: 'Bearer ' + this.token}
});
socket
.on('connect', function() {
socket.close();
done();
})
.on('error', done);
});
it('auth token in query string is disallowed', function (done) {
const socket = io.connect('http://localhost:9000', {
forceNew: true,
query: 'token=' + this.token
});
socket.on('error', function(err) {
err.message.should.eql("Server requires Authorization Header");
err.code.should.eql("missing_authorization_header");
socket.close();
done();
});
});
})
describe('authorizer all auth types allowed', function() {
before(function(done) {
Q.ninvoke(fixture, 'stop')
.then(function() { return Q.ninvoke(fixture, 'start', {})})
.done(done);
})
it('auth headers are supported', function (done) {
const socket = io.connect('http://localhost:9000', {
forceNew: true,
extraHeaders: { Authorization: 'Bearer ' + this.token }
});
socket
.on('connect', function() {
socket.close();
done();
})
.on('error', done);
});
it('should do the handshake and connect', function (done) {
const socket = io.connect('http://localhost:9000', {
forceNew: true,
query: 'token=' + this.token
});
socket
.on('connect', function() {
socket.close();
done();
})
.on('error', done);
});
});
});
describe('unsigned token', function() {
beforeEach(function () {
this.token = 'eyJhbGciOiJub25lIiwiY3R5IjoiSldUIn0.eyJuYW1lIjoiSm9obiBGb28ifQ.';
});
it('should not do the handshake and connect', function (done) {
const socket = io.connect('http://localhost:9000', {
forceNew: true,
query: 'token=' + this.token
});
socket
.on('connect', function () {
socket.close();
done(new Error('this shouldnt happen'));
})
.on('error', function (err) {
socket.close();
err.message.should.eql("jwt signature is required");
done();
});
});
});
});
Reference in New Issue View Git Blame Copy Permalink