Software zum Installieren eines Smart-Mirror Frameworks , zum Nutzen von hochschulrelevanten Informationen, auf einem Raspberry-Pi.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

test.js 9.2KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318
  1. const should = require('should')
  2. const express = require('express')
  3. const supertest = require('supertest')
  4. const basicAuth = require('./index.js')
  5. var app = express()
  6. //Requires basic auth with username 'Admin' and password 'secret1234'
  7. var staticUserAuth = basicAuth({
  8. users: {
  9. 'Admin': 'secret1234'
  10. },
  11. challenge: false
  12. })
  13. //Uses a custom (synchronous) authorizer function
  14. var customAuthorizerAuth = basicAuth({
  15. authorizer: myAuthorizer
  16. })
  17. //Uses a custom (synchronous) authorizer function
  18. var customCompareAuth = basicAuth({
  19. authorizer: myComparingAuthorizer
  20. })
  21. //Same, but sends a basic auth challenge header when authorization fails
  22. var challengeAuth = basicAuth({
  23. authorizer: myAuthorizer,
  24. challenge: true
  25. })
  26. //Uses a custom asynchronous authorizer function
  27. var asyncAuth = basicAuth({
  28. authorizer: myAsyncAuthorizer,
  29. authorizeAsync: true
  30. })
  31. //Uses a custom response body function
  32. var customBodyAuth = basicAuth({
  33. users: { 'Foo': 'bar' },
  34. unauthorizedResponse: getUnauthorizedResponse
  35. })
  36. //Uses a static response body
  37. var staticBodyAuth = basicAuth({
  38. unauthorizedResponse: 'Haaaaaha'
  39. })
  40. //Uses a JSON response body
  41. var jsonBodyAuth = basicAuth({
  42. unauthorizedResponse: { foo: 'bar' }
  43. })
  44. //Uses a custom realm
  45. var realmAuth = basicAuth({
  46. challenge: true,
  47. realm: 'test'
  48. })
  49. //Uses a custom realm function
  50. var realmFunctionAuth = basicAuth({
  51. challenge: true,
  52. realm: function (req) {
  53. return 'bla'
  54. }
  55. })
  56. app.get('/static', staticUserAuth, function(req, res) {
  57. res.status(200).send('You passed')
  58. })
  59. app.get('/custom', customAuthorizerAuth, function(req, res) {
  60. res.status(200).send('You passed')
  61. })
  62. app.get('/custom-compare', customCompareAuth, function(req, res) {
  63. res.status(200).send('You passed')
  64. })
  65. app.get('/challenge', challengeAuth, function(req, res) {
  66. res.status(200).send('You passed')
  67. })
  68. app.get('/async', asyncAuth, function(req, res) {
  69. res.status(200).send('You passed')
  70. })
  71. app.get('/custombody', customBodyAuth, function(req, res) {
  72. res.status(200).send('You passed')
  73. })
  74. app.get('/staticbody', staticBodyAuth, function(req, res) {
  75. res.status(200).send('You passed')
  76. })
  77. app.get('/jsonbody', jsonBodyAuth, function(req, res) {
  78. res.status(200).send('You passed')
  79. })
  80. app.get('/realm', realmAuth, function(req, res) {
  81. res.status(200).send('You passed')
  82. })
  83. app.get('/realmfunction', realmFunctionAuth, function(req, res) {
  84. res.status(200).send('You passed')
  85. })
  86. //Custom authorizer checking if the username starts with 'A' and the password with 'secret'
  87. function myAuthorizer(username, password) {
  88. return username.startsWith('A') && password.startsWith('secret')
  89. }
  90. //Same but asynchronous
  91. function myAsyncAuthorizer(username, password, cb) {
  92. if(username.startsWith('A') && password.startsWith('secret'))
  93. return cb(null, true)
  94. else
  95. return cb(null, false)
  96. }
  97. function myComparingAuthorizer(username, password) {
  98. return basicAuth.safeCompare(username, 'Testeroni') & basicAuth.safeCompare(password, 'testsecret')
  99. }
  100. function getUnauthorizedResponse(req) {
  101. return req.auth ? ('Credentials ' + req.auth.user + ':' + req.auth.password + ' rejected') : 'No credentials provided'
  102. }
  103. describe('express-basic-auth', function() {
  104. describe('safe compare', function() {
  105. const safeCompare = basicAuth.safeCompare
  106. it('should return false on different inputs', function() {
  107. (!!safeCompare('asdf', 'rftghe')).should.be.false()
  108. })
  109. it('should return false on prefix inputs', function() {
  110. (!!safeCompare('some', 'something')).should.be.false()
  111. })
  112. it('should return false on different inputs', function() {
  113. (!!safeCompare('anothersecret', 'anothersecret')).should.be.true()
  114. })
  115. })
  116. describe('static users', function() {
  117. const endpoint = '/static'
  118. it('should reject on missing header', function(done) {
  119. supertest(app)
  120. .get(endpoint)
  121. .expect(401, done)
  122. })
  123. it('should reject on wrong credentials', function(done) {
  124. supertest(app)
  125. .get(endpoint)
  126. .auth('dude', 'stuff')
  127. .expect(401, done)
  128. })
  129. it('should reject on shorter prefix', function(done) {
  130. supertest(app)
  131. .get(endpoint)
  132. .auth('Admin', 'secret')
  133. .expect(401, done)
  134. })
  135. it('should reject without challenge', function(done) {
  136. supertest(app)
  137. .get(endpoint)
  138. .auth('dude', 'stuff')
  139. .expect(function (res) {
  140. if(res.headers['WWW-Authenticate'])
  141. throw new Error('Response should not have a challenge')
  142. })
  143. .expect(401, done)
  144. })
  145. it('should accept correct credentials', function(done) {
  146. supertest(app)
  147. .get(endpoint)
  148. .auth('Admin', 'secret1234')
  149. .expect(200, 'You passed', done)
  150. })
  151. })
  152. describe('custom authorizer', function() {
  153. const endpoint = '/custom'
  154. it('should reject on missing header', function(done) {
  155. supertest(app)
  156. .get(endpoint)
  157. .expect(401, done)
  158. })
  159. it('should reject on wrong credentials', function(done) {
  160. supertest(app)
  161. .get(endpoint)
  162. .auth('dude', 'stuff')
  163. .expect(401, done)
  164. })
  165. it('should accept fitting credentials', function(done) {
  166. supertest(app)
  167. .get(endpoint)
  168. .auth('Aloha', 'secretverymuch')
  169. .expect(200, 'You passed', done)
  170. })
  171. describe('with safe compare', function() {
  172. const endpoint = '/custom-compare'
  173. it('should reject wrong credentials', function(done) {
  174. supertest(app)
  175. .get(endpoint)
  176. .auth('bla', 'blub')
  177. .expect(401, done)
  178. })
  179. it('should reject prefix credentials', function(done) {
  180. supertest(app)
  181. .get(endpoint)
  182. .auth('Test', 'test')
  183. .expect(401, done)
  184. })
  185. it('should accept fitting credentials', function(done) {
  186. supertest(app)
  187. .get(endpoint)
  188. .auth('Testeroni', 'testsecret')
  189. .expect(200, 'You passed', done)
  190. })
  191. })
  192. })
  193. describe('async authorizer', function() {
  194. const endpoint = '/async'
  195. it('should reject on missing header', function(done) {
  196. supertest(app)
  197. .get(endpoint)
  198. .expect(401, done)
  199. })
  200. it('should reject on wrong credentials', function(done) {
  201. supertest(app)
  202. .get(endpoint)
  203. .auth('dude', 'stuff')
  204. .expect(401, done)
  205. })
  206. it('should accept fitting credentials', function(done) {
  207. supertest(app)
  208. .get(endpoint)
  209. .auth('Aererer', 'secretiveStuff')
  210. .expect(200, 'You passed', done)
  211. })
  212. })
  213. describe('custom response body', function() {
  214. it('should reject on missing header and generate resposne message', function(done) {
  215. supertest(app)
  216. .get('/custombody')
  217. .expect(401, 'No credentials provided', done)
  218. })
  219. it('should reject on wrong credentials and generate response message', function(done) {
  220. supertest(app)
  221. .get('/custombody')
  222. .auth('dude', 'stuff')
  223. .expect(401, 'Credentials dude:stuff rejected', done)
  224. })
  225. it('should accept fitting credentials', function(done) {
  226. supertest(app)
  227. .get('/custombody')
  228. .auth('Foo', 'bar')
  229. .expect(200, 'You passed', done)
  230. })
  231. it('should reject and send static custom resposne message', function(done) {
  232. supertest(app)
  233. .get('/staticbody')
  234. .expect(401, 'Haaaaaha', done)
  235. })
  236. it('should reject and send static custom json resposne message', function(done) {
  237. supertest(app)
  238. .get('/jsonbody')
  239. .expect(401, { foo: 'bar' }, done)
  240. })
  241. })
  242. describe('challenge', function() {
  243. it('should reject with blank challenge', function(done) {
  244. supertest(app)
  245. .get('/challenge')
  246. .expect('WWW-Authenticate', 'Basic')
  247. .expect(401, done)
  248. })
  249. it('should reject with custom realm challenge', function(done) {
  250. supertest(app)
  251. .get('/realm')
  252. .expect('WWW-Authenticate', 'Basic realm="test"')
  253. .expect(401, done)
  254. })
  255. it('should reject with custom generated realm challenge', function(done) {
  256. supertest(app)
  257. .get('/realmfunction')
  258. .expect('WWW-Authenticate', 'Basic realm="bla"')
  259. .expect(401, done)
  260. })
  261. })
  262. })