partoschph68073
/
SmartMirror-Projektarbeit
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Software zum Installieren eines Smart-Mirror Frameworks , zum Nutzen von hochschulrelevanten Informationen, auf einem Raspberry-Pi.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
SmartMirror-Projektarbeit/node_modules/express-basic-auth/test.js

test.js 9.2KB
Raw Permalink Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318 
  1. const should = require('should')

  2. const express = require('express')

  3. const supertest = require('supertest')

  4. 

  5. const basicAuth = require('./index.js')

  6. 

  7. var app = express()

  8. 

  9. //Requires basic auth with username 'Admin' and password 'secret1234'

  10. var staticUserAuth = basicAuth({

  11.     users: {

  12.         'Admin': 'secret1234'

  13.     },

  14.     challenge: false

  15. })

  16. 

  17. //Uses a custom (synchronous) authorizer function

  18. var customAuthorizerAuth = basicAuth({

  19.     authorizer: myAuthorizer

  20. })

  21. 

  22. //Uses a custom (synchronous) authorizer function

  23. var customCompareAuth = basicAuth({

  24.     authorizer: myComparingAuthorizer

  25. })

  26. 

  27. //Same, but sends a basic auth challenge header when authorization fails

  28. var challengeAuth = basicAuth({

  29.     authorizer: myAuthorizer,

  30.     challenge: true

  31. })

  32. 

  33. //Uses a custom asynchronous authorizer function

  34. var asyncAuth = basicAuth({

  35.     authorizer: myAsyncAuthorizer,

  36.     authorizeAsync: true

  37. })

  38. 

  39. //Uses a custom response body function

  40. var customBodyAuth = basicAuth({

  41.     users: { 'Foo': 'bar' },

  42.     unauthorizedResponse: getUnauthorizedResponse

  43. })

  44. 

  45. //Uses a static response body

  46. var staticBodyAuth = basicAuth({

  47.     unauthorizedResponse: 'Haaaaaha'

  48. })

  49. 

  50. //Uses a JSON response body

  51. var jsonBodyAuth = basicAuth({

  52.     unauthorizedResponse: { foo: 'bar' }

  53. })

  54. 

  55. //Uses a custom realm

  56. var realmAuth = basicAuth({

  57.     challenge: true,

  58.     realm: 'test'

  59. })

  60. 

  61. //Uses a custom realm function

  62. var realmFunctionAuth = basicAuth({

  63.     challenge: true,

  64.     realm: function (req) {

  65.         return 'bla'

  66.     }

  67. })

  68. 

  69. app.get('/static', staticUserAuth, function(req, res) {

  70.     res.status(200).send('You passed')

  71. })

  72. 

  73. app.get('/custom', customAuthorizerAuth, function(req, res) {

  74.     res.status(200).send('You passed')

  75. })

  76. 

  77. app.get('/custom-compare', customCompareAuth, function(req, res) {

  78.     res.status(200).send('You passed')

  79. })

  80. 

  81. app.get('/challenge', challengeAuth, function(req, res) {

  82.     res.status(200).send('You passed')

  83. })

  84. 

  85. app.get('/async', asyncAuth, function(req, res) {

  86.     res.status(200).send('You passed')

  87. })

  88. 

  89. app.get('/custombody', customBodyAuth, function(req, res) {

  90.     res.status(200).send('You passed')

  91. })

  92. 

  93. app.get('/staticbody', staticBodyAuth, function(req, res) {

  94.     res.status(200).send('You passed')

  95. })

  96. 

  97. app.get('/jsonbody', jsonBodyAuth, function(req, res) {

  98.     res.status(200).send('You passed')

  99. })

  100. 

  101. app.get('/realm', realmAuth, function(req, res) {

  102.     res.status(200).send('You passed')

  103. })

  104. 

  105. app.get('/realmfunction', realmFunctionAuth, function(req, res) {

  106.     res.status(200).send('You passed')

  107. })

  108. 

  109. //Custom authorizer checking if the username starts with 'A' and the password with 'secret'

  110. function myAuthorizer(username, password) {

  111.     return username.startsWith('A') && password.startsWith('secret')

  112. }

  113. 

  114. //Same but asynchronous

  115. function myAsyncAuthorizer(username, password, cb) {

  116.     if(username.startsWith('A') && password.startsWith('secret'))

  117.         return cb(null, true)

  118.     else

  119.         return cb(null, false)

  120. }

  121. 

  122. function myComparingAuthorizer(username, password) {

  123.     return basicAuth.safeCompare(username, 'Testeroni') & basicAuth.safeCompare(password, 'testsecret')

  124. }

  125. 

  126. function getUnauthorizedResponse(req) {

  127.     return req.auth ? ('Credentials ' + req.auth.user + ':' + req.auth.password + ' rejected') : 'No credentials provided'

  128. }

  129. 

  130. describe('express-basic-auth', function() {

  131.     describe('safe compare', function() {

  132.         const safeCompare = basicAuth.safeCompare

  133. 

  134.         it('should return false on different inputs', function() {

  135.             (!!safeCompare('asdf', 'rftghe')).should.be.false()

  136.         })

  137. 

  138.         it('should return false on prefix inputs', function() {

  139.             (!!safeCompare('some', 'something')).should.be.false()

  140.         })

  141. 

  142.         it('should return false on different inputs', function() {

  143.             (!!safeCompare('anothersecret', 'anothersecret')).should.be.true()

  144.         })

  145.     })

  146. 

  147.     describe('static users', function() {

  148.         const endpoint = '/static'

  149. 

  150.         it('should reject on missing header', function(done) {

  151.             supertest(app)

  152.                 .get(endpoint)

  153.                 .expect(401, done)

  154.         })

  155. 

  156.         it('should reject on wrong credentials', function(done) {

  157.             supertest(app)

  158.                 .get(endpoint)

  159.                 .auth('dude', 'stuff')

  160.                 .expect(401, done)

  161.         })

  162. 

  163.         it('should reject on shorter prefix', function(done) {

  164.             supertest(app)

  165.                 .get(endpoint)

  166.                 .auth('Admin', 'secret')

  167.                 .expect(401, done)

  168.         })

  169. 

  170.         it('should reject without challenge', function(done) {

  171.             supertest(app)

  172.                 .get(endpoint)

  173.                 .auth('dude', 'stuff')

  174.                 .expect(function (res) {

  175.                     if(res.headers['WWW-Authenticate'])

  176.                         throw new Error('Response should not have a challenge')

  177.                 })

  178.                 .expect(401, done)

  179.         })

  180. 

  181.         it('should accept correct credentials', function(done) {

  182.             supertest(app)

  183.                 .get(endpoint)

  184.                 .auth('Admin', 'secret1234')

  185.                 .expect(200, 'You passed', done)

  186.         })

  187.     })

  188. 

  189.     describe('custom authorizer', function() {

  190.         const endpoint = '/custom'

  191. 

  192.         it('should reject on missing header', function(done) {

  193.             supertest(app)

  194.                 .get(endpoint)

  195.                 .expect(401, done)

  196.         })

  197. 

  198.         it('should reject on wrong credentials', function(done) {

  199.             supertest(app)

  200.                 .get(endpoint)

  201.                 .auth('dude', 'stuff')

  202.                 .expect(401, done)

  203.         })

  204. 

  205.         it('should accept fitting credentials', function(done) {

  206.             supertest(app)

  207.                 .get(endpoint)

  208.                 .auth('Aloha', 'secretverymuch')

  209.                 .expect(200, 'You passed', done)

  210.         })

  211. 

  212.         describe('with safe compare', function() {

  213.             const endpoint = '/custom-compare'

  214.             

  215.             it('should reject wrong credentials', function(done) {

  216.                 supertest(app)

  217.                     .get(endpoint)

  218.                     .auth('bla', 'blub')

  219.                     .expect(401, done)

  220.             })

  221. 

  222.             it('should reject prefix credentials', function(done) {

  223.                 supertest(app)

  224.                     .get(endpoint)

  225.                     .auth('Test', 'test')

  226.                     .expect(401, done)

  227.             })

  228. 

  229.             it('should accept fitting credentials', function(done) {

  230.                 supertest(app)

  231.                     .get(endpoint)

  232.                     .auth('Testeroni', 'testsecret')

  233.                     .expect(200, 'You passed', done)

  234.             })

  235.         })

  236.     })

  237. 

  238.     describe('async authorizer', function() {

  239.         const endpoint = '/async'

  240. 

  241.         it('should reject on missing header', function(done) {

  242.             supertest(app)

  243.                 .get(endpoint)

  244.                 .expect(401, done)

  245.         })

  246. 

  247.         it('should reject on wrong credentials', function(done) {

  248.             supertest(app)

  249.                 .get(endpoint)

  250.                 .auth('dude', 'stuff')

  251.                 .expect(401, done)

  252.         })

  253. 

  254.         it('should accept fitting credentials', function(done) {

  255.             supertest(app)

  256.                 .get(endpoint)

  257.                 .auth('Aererer', 'secretiveStuff')

  258.                 .expect(200, 'You passed', done)

  259.         })

  260.     })

  261. 

  262.     describe('custom response body', function() {

  263.         it('should reject on missing header and generate resposne message', function(done) {

  264.             supertest(app)

  265.                 .get('/custombody')

  266.                 .expect(401, 'No credentials provided', done)

  267.         })

  268. 

  269.         it('should reject on wrong credentials and generate response message', function(done) {

  270.             supertest(app)

  271.                 .get('/custombody')

  272.                 .auth('dude', 'stuff')

  273.                 .expect(401, 'Credentials dude:stuff rejected', done)

  274.         })

  275. 

  276.         it('should accept fitting credentials', function(done) {

  277.             supertest(app)

  278.                 .get('/custombody')

  279.                 .auth('Foo', 'bar')

  280.                 .expect(200, 'You passed', done)

  281.         })

  282. 

  283.         it('should reject and send static custom resposne message', function(done) {

  284.             supertest(app)

  285.             .get('/staticbody')

  286.             .expect(401, 'Haaaaaha', done)

  287.         })

  288. 

  289.         it('should reject and send static custom json resposne message', function(done) {

  290.             supertest(app)

  291.             .get('/jsonbody')

  292.             .expect(401, { foo: 'bar' }, done)

  293.         })

  294.     })

  295. 

  296.     describe('challenge', function() {

  297.         it('should reject with blank challenge', function(done) {

  298.             supertest(app)

  299.                 .get('/challenge')

  300.                 .expect('WWW-Authenticate', 'Basic')

  301.                 .expect(401, done)

  302.         })

  303. 

  304.         it('should reject with custom realm challenge', function(done) {

  305.             supertest(app)

  306.                 .get('/realm')

  307.                 .expect('WWW-Authenticate', 'Basic realm="test"')

  308.                 .expect(401, done)

  309.         })

  310. 

  311.         it('should reject with custom generated realm challenge', function(done) {

  312.             supertest(app)

  313.                 .get('/realmfunction')

  314.                 .expect('WWW-Authenticate', 'Basic realm="bla"')

  315.                 .expect(401, done)

  316.         })

  317.     })

  318. })