mirror of
https://github.com/TryGhost/Ghost.git
synced 2024-12-22 10:21:36 +03:00
7f1d3ebc07
- move all test files from core/test to test/ - updated all imports and other references - all code inside of core/ is then application code - tests are correctly at the root level - consistent with other repos/projects Co-authored-by: Kevin Ansfield <kevin@lookingsideways.co.uk>
76 lines
2.8 KiB
JavaScript
76 lines
2.8 KiB
JavaScript
const jwt = require('jsonwebtoken');
|
|
const should = require('should');
|
|
const {UnauthorizedError} = require('../../../../../core/server/lib/common/errors');
|
|
const members = require('../../../../../core/server/services/auth/members');
|
|
|
|
describe.skip('Auth Service - Members', function () {
|
|
it('exports an authenticateMembersToken method', function () {
|
|
const actual = typeof members.authenticateMembersToken;
|
|
const expected = 'function';
|
|
should.equal(actual, expected);
|
|
});
|
|
|
|
describe('authenticateMembersToken', function () {
|
|
it('calls next without an error if there is no authorization header', function () {
|
|
members.authenticateMembersToken({
|
|
get() {
|
|
return null;
|
|
}
|
|
}, {}, function next(err) {
|
|
const actual = err;
|
|
const expected = undefined;
|
|
|
|
should.equal(actual, expected);
|
|
});
|
|
});
|
|
|
|
it('calls next without an error if the authorization header does not match the GhostMembers scheme', function () {
|
|
members.authenticateMembersToken({
|
|
get() {
|
|
return 'DodgyScheme credscredscreds';
|
|
}
|
|
}, {}, function next(err) {
|
|
const actual = err;
|
|
const expected = undefined;
|
|
|
|
should.equal(actual, expected);
|
|
});
|
|
});
|
|
describe('attempts to verify the credentials as a JWT, allowing the "NONE" algorithm', function () {
|
|
it('calls next with an UnauthorizedError if the verification fails', function () {
|
|
members.authenticateMembersToken({
|
|
get() {
|
|
return 'GhostMembers notafuckentoken';
|
|
}
|
|
}, {}, function next(err) {
|
|
const actual = err instanceof UnauthorizedError;
|
|
const expected = true;
|
|
|
|
should.equal(actual, expected);
|
|
});
|
|
});
|
|
it('calls next without an error after attaching the JWT claims to req.member if the verification suceeds', function () {
|
|
const claims = {
|
|
rumpel: 'stiltskin'
|
|
};
|
|
const token = jwt.sign(claims, null, {
|
|
algorithm: 'none'
|
|
});
|
|
const req = {
|
|
get() {
|
|
return `GhostMembers ${token}`;
|
|
}
|
|
};
|
|
members.authenticateMembersToken(req, {}, function next(err) {
|
|
should.equal(err, undefined);
|
|
|
|
const actual = req.member.rumpel;
|
|
const expected = claims.rumpel;
|
|
|
|
should.deepEqual(actual, expected);
|
|
});
|
|
});
|
|
});
|
|
});
|
|
});
|