Ghost/test/unit/server/services/auth/members/index.test.js

const jwt = require('jsonwebtoken');
const should = require('should');
const {UnauthorizedError} = require('@tryghost/errors');
const members = require('../../../../../../core/server/services/auth/members');

describe('Auth Service - Members', function () {
    it('exports an authenticateMembersToken method', function () {
        const actual = typeof members.authenticateMembersToken;
        const expected = 'function';
        should.equal(actual, expected);
    });

    describe('authenticateMembersToken', function () {
        it('calls next without an error if there is no authorization header', function () {
            members.authenticateMembersToken({
                get() {
                    return null;
                }
            }, {}, function next(err) {
                const actual = err;
                const expected = undefined;

                should.equal(actual, expected);
            });
        });

        it('calls next without an error if the authorization header does not match the GhostMembers scheme', function () {
            members.authenticateMembersToken({
                get() {
                    return 'DodgyScheme credscredscreds';
                }
            }, {}, function next(err) {
                const actual = err;
                const expected = undefined;

                should.equal(actual, expected);
            });
        });
        describe('attempts to verify the credentials as a JWT, not allowing the "NONE" algorithm', function () {
            it('calls next with an UnauthorizedError if the verification fails', function () {
                members.authenticateMembersToken({
                    get() {
                        return 'GhostMembers notafuckentoken';
                    }
                }, {}, function next(err) {
                    const actual = err instanceof UnauthorizedError;
                    const expected = true;

                    should.equal(actual, expected);
                });
            });
            it('calls next with an error if the token is using the "none" algorithm', function () {
                const claims = {
                    rumpel: 'stiltskin'
                };
                const token = jwt.sign(claims, null, {
                    algorithm: 'none'
                });
                const req = {
                    get() {
                        return `GhostMembers ${token}`;
                    }
                };
                members.authenticateMembersToken(req, {}, function next(err) {
                    const actual = err instanceof UnauthorizedError;
                    const expected = true;

                    should.equal(actual, expected);
                });
            });
        });
    });
});
🚧 Created members auth middleware closes #10110 2018-11-07 13:10:07 +03:00			`const jwt = require('jsonwebtoken');`
			`const should = require('should');`
Remove common errors (#11848) * refactored core/frontend/services/proxy to import common dependency like a normal person * removed all imports of `common/errors` * :fire: removed common/errors module Co-authored-by: Vikas Potluri <vikaspotluri123.github@gmail.com> 2020-05-26 21:10:29 +03:00			`const {UnauthorizedError} = require('@tryghost/errors');`
Moved server unit tests into the server folder - this is a small part of a bit of cleanup of our test files - the goal is to make the existing tests clearer with a view to making it easier to write more tests - this makes the test structure follow the codebase structure more closely - eventually we will colocate the tests as we break the codebase down further 2021-10-06 13:12:21 +03:00			`const members = require('../../../../../../core/server/services/auth/members');`
🚧 Created members auth middleware closes #10110 2018-11-07 13:10:07 +03:00
Fixed tests for auth service mmbers auth no-issue These tests were previously skipped due to the NONE algorithm tests failing. These were failing for good reason, we do NOT want the none algorithm to be accepted. The tests have been updated to reflect that, and unskipped. 2021-05-24 13:36:35 +03:00			`describe('Auth Service - Members', function () {`
🚧 Created members auth middleware closes #10110 2018-11-07 13:10:07 +03:00			`it('exports an authenticateMembersToken method', function () {`
			`const actual = typeof members.authenticateMembersToken;`
			`const expected = 'function';`
			`should.equal(actual, expected);`
			`});`

			`describe('authenticateMembersToken', function () {`
			`it('calls next without an error if there is no authorization header', function () {`
			`members.authenticateMembersToken({`
Update Test & linting packages (major) (#10858) no issue - Updated Test & linting packages - Updated use of hasOwnProperty - Using Object.prototype.hasOwnProperty instead (ref. eslint.org/docs/rules/no-prototype-builtins) - Removed already defined built-in global variable Intl - Applied `--fix` with lint command on `core/test` folder - The rules were broken because some of them were made stricter for `eslint: recommended` ruleset (ref. https://eslint.org/docs/user-guide/migrating-to-6.0.0#eslint-recommended-changes) - Removed redundant global variable declarations to pass linting 2019-07-05 14:40:43 +03:00			`get() {`
			`return null;`
			`}`
🚧 Created members auth middleware closes #10110 2018-11-07 13:10:07 +03:00			`}, {}, function next(err) {`
			`const actual = err;`
			`const expected = undefined;`

			`should.equal(actual, expected);`
			`});`
			`});`

			`it('calls next without an error if the authorization header does not match the GhostMembers scheme', function () {`
			`members.authenticateMembersToken({`
Update Test & linting packages (major) (#10858) no issue - Updated Test & linting packages - Updated use of hasOwnProperty - Using Object.prototype.hasOwnProperty instead (ref. eslint.org/docs/rules/no-prototype-builtins) - Removed already defined built-in global variable Intl - Applied `--fix` with lint command on `core/test` folder - The rules were broken because some of them were made stricter for `eslint: recommended` ruleset (ref. https://eslint.org/docs/user-guide/migrating-to-6.0.0#eslint-recommended-changes) - Removed redundant global variable declarations to pass linting 2019-07-05 14:40:43 +03:00			`get() {`
			`return 'DodgyScheme credscredscreds';`
			`}`
🚧 Created members auth middleware closes #10110 2018-11-07 13:10:07 +03:00			`}, {}, function next(err) {`
			`const actual = err;`
			`const expected = undefined;`

			`should.equal(actual, expected);`
			`});`
			`});`
Fixed tests for auth service mmbers auth no-issue These tests were previously skipped due to the NONE algorithm tests failing. These were failing for good reason, we do NOT want the none algorithm to be accepted. The tests have been updated to reflect that, and unskipped. 2021-05-24 13:36:35 +03:00			`describe('attempts to verify the credentials as a JWT, not allowing the "NONE" algorithm', function () {`
🚧 Created members auth middleware closes #10110 2018-11-07 13:10:07 +03:00			`it('calls next with an UnauthorizedError if the verification fails', function () {`
			`members.authenticateMembersToken({`
Update Test & linting packages (major) (#10858) no issue - Updated Test & linting packages - Updated use of hasOwnProperty - Using Object.prototype.hasOwnProperty instead (ref. eslint.org/docs/rules/no-prototype-builtins) - Removed already defined built-in global variable Intl - Applied `--fix` with lint command on `core/test` folder - The rules were broken because some of them were made stricter for `eslint: recommended` ruleset (ref. https://eslint.org/docs/user-guide/migrating-to-6.0.0#eslint-recommended-changes) - Removed redundant global variable declarations to pass linting 2019-07-05 14:40:43 +03:00			`get() {`
			`return 'GhostMembers notafuckentoken';`
			`}`
🚧 Created members auth middleware closes #10110 2018-11-07 13:10:07 +03:00			`}, {}, function next(err) {`
			`const actual = err instanceof UnauthorizedError;`
			`const expected = true;`

			`should.equal(actual, expected);`
			`});`
			`});`
Fixed tests for auth service mmbers auth no-issue These tests were previously skipped due to the NONE algorithm tests failing. These were failing for good reason, we do NOT want the none algorithm to be accepted. The tests have been updated to reflect that, and unskipped. 2021-05-24 13:36:35 +03:00			`it('calls next with an error if the token is using the "none" algorithm', function () {`
🚧 Created members auth middleware closes #10110 2018-11-07 13:10:07 +03:00			`const claims = {`
			`rumpel: 'stiltskin'`
			`};`
			`const token = jwt.sign(claims, null, {`
			`algorithm: 'none'`
			`});`
			`const req = {`
Update Test & linting packages (major) (#10858) no issue - Updated Test & linting packages - Updated use of hasOwnProperty - Using Object.prototype.hasOwnProperty instead (ref. eslint.org/docs/rules/no-prototype-builtins) - Removed already defined built-in global variable Intl - Applied `--fix` with lint command on `core/test` folder - The rules were broken because some of them were made stricter for `eslint: recommended` ruleset (ref. https://eslint.org/docs/user-guide/migrating-to-6.0.0#eslint-recommended-changes) - Removed redundant global variable declarations to pass linting 2019-07-05 14:40:43 +03:00			`get() {`
			return `GhostMembers ${token}`;
			`}`
🚧 Created members auth middleware closes #10110 2018-11-07 13:10:07 +03:00			`};`
			`members.authenticateMembersToken(req, {}, function next(err) {`
Fixed tests for auth service mmbers auth no-issue These tests were previously skipped due to the NONE algorithm tests failing. These were failing for good reason, we do NOT want the none algorithm to be accepted. The tests have been updated to reflect that, and unskipped. 2021-05-24 13:36:35 +03:00			`const actual = err instanceof UnauthorizedError;`
			`const expected = true;`
🚧 Created members auth middleware closes #10110 2018-11-07 13:10:07 +03:00
Fixed tests for auth service mmbers auth no-issue These tests were previously skipped due to the NONE algorithm tests failing. These were failing for good reason, we do NOT want the none algorithm to be accepted. The tests have been updated to reflect that, and unskipped. 2021-05-24 13:36:35 +03:00			`should.equal(actual, expected);`
🚧 Created members auth middleware closes #10110 2018-11-07 13:10:07 +03:00			`});`
			`});`
			`});`
			`});`
			`});`