Fixed tests for auth service mmbers auth

no-issue These tests were previously skipped due to the NONE algorithm tests failing. These were failing for good reason, we do NOT want the none algorithm to be accepted. The tests have been updated to reflect that, and unskipped.
2024-12-01 05:50:35 +03:00 · 2021-05-24 11:36:35 +01:00 · 2021-05-24 11:36:35 +01:00 · b3aff29a3e
commit b3aff29a3e
parent f4c40249ce
1 changed files with 6 additions and 8 deletions
--- a/test/unit/services/auth/members/index_spec.js
+++ b/test/unit/services/auth/members/index_spec.js
@ -3,7 +3,7 @@ const should = require('should');
 const {UnauthorizedError} = require('@tryghost/errors');
 const members = require('../../../../../core/server/services/auth/members');

-describe.skip('Auth Service - Members', function () {
+describe('Auth Service - Members', function () {
    it('exports an authenticateMembersToken method', function () {
        const actual = typeof members.authenticateMembersToken;
        const expected = 'function';
@ -36,7 +36,7 @@ describe.skip('Auth Service - Members', function () {
                should.equal(actual, expected);
            });
        });
-        describe('attempts to verify the credentials as a JWT, allowing the "NONE" algorithm', function () {
+        describe('attempts to verify the credentials as a JWT, not allowing the "NONE" algorithm', function () {
            it('calls next with an UnauthorizedError if the verification fails', function () {
                members.authenticateMembersToken({
                    get() {
@ -49,7 +49,7 @@ describe.skip('Auth Service - Members', function () {
                    should.equal(actual, expected);
                });
            });
-            it('calls next without an error after attaching the JWT claims to req.member if the verification suceeds', function () {
+            it('calls next with an error if the token is using the "none" algorithm', function () {
                const claims = {
                    rumpel: 'stiltskin'
                };
@ -62,12 +62,10 @@ describe.skip('Auth Service - Members', function () {
                    }
                };
                members.authenticateMembersToken(req, {}, function next(err) {
-                    should.equal(err, undefined);
+                    const actual = err instanceof UnauthorizedError;
+                    const expected = true;

-                    const actual = req.member.rumpel;
-                    const expected = claims.rumpel;
-
-                    should.deepEqual(actual, expected);
+                    should.equal(actual, expected);
                });
            });
        });