mirror of
https://github.com/TryGhost/Ghost.git
synced 2024-12-21 18:01:36 +03:00
c86933f44f
* refactored core/frontend/services/proxy to import common dependency like a normal person
* removed all imports of `common/errors`
* 🔥 removed common/errors module
Co-authored-by: Vikas Potluri <vikaspotluri123.github@gmail.com>
76 lines
2.8 KiB
JavaScript
76 lines
2.8 KiB
JavaScript
const jwt = require('jsonwebtoken');
|
|
const should = require('should');
|
|
const {UnauthorizedError} = require('@tryghost/errors');
|
|
const members = require('../../../../../core/server/services/auth/members');
|
|
|
|
describe.skip('Auth Service - Members', function () {
|
|
it('exports an authenticateMembersToken method', function () {
|
|
const actual = typeof members.authenticateMembersToken;
|
|
const expected = 'function';
|
|
should.equal(actual, expected);
|
|
});
|
|
|
|
describe('authenticateMembersToken', function () {
|
|
it('calls next without an error if there is no authorization header', function () {
|
|
members.authenticateMembersToken({
|
|
get() {
|
|
return null;
|
|
}
|
|
}, {}, function next(err) {
|
|
const actual = err;
|
|
const expected = undefined;
|
|
|
|
should.equal(actual, expected);
|
|
});
|
|
});
|
|
|
|
it('calls next without an error if the authorization header does not match the GhostMembers scheme', function () {
|
|
members.authenticateMembersToken({
|
|
get() {
|
|
return 'DodgyScheme credscredscreds';
|
|
}
|
|
}, {}, function next(err) {
|
|
const actual = err;
|
|
const expected = undefined;
|
|
|
|
should.equal(actual, expected);
|
|
});
|
|
});
|
|
describe('attempts to verify the credentials as a JWT, allowing the "NONE" algorithm', function () {
|
|
it('calls next with an UnauthorizedError if the verification fails', function () {
|
|
members.authenticateMembersToken({
|
|
get() {
|
|
return 'GhostMembers notafuckentoken';
|
|
}
|
|
}, {}, function next(err) {
|
|
const actual = err instanceof UnauthorizedError;
|
|
const expected = true;
|
|
|
|
should.equal(actual, expected);
|
|
});
|
|
});
|
|
it('calls next without an error after attaching the JWT claims to req.member if the verification suceeds', function () {
|
|
const claims = {
|
|
rumpel: 'stiltskin'
|
|
};
|
|
const token = jwt.sign(claims, null, {
|
|
algorithm: 'none'
|
|
});
|
|
const req = {
|
|
get() {
|
|
return `GhostMembers ${token}`;
|
|
}
|
|
};
|
|
members.authenticateMembersToken(req, {}, function next(err) {
|
|
should.equal(err, undefined);
|
|
|
|
const actual = req.member.rumpel;
|
|
const expected = claims.rumpel;
|
|
|
|
should.deepEqual(actual, expected);
|
|
});
|
|
});
|
|
});
|
|
});
|
|
});
|