Fix auth using header

2018-09-01 09:36:48 -07:00
parent 41c3b1fa5f
commit e04db2c49c
11 changed files with 435 additions and 349 deletions
--- a/modules/tests/api-auth-test.js
+++ b/modules/tests/api-auth-test.js
@ -0,0 +1,89 @@
+const request = require("supertest");
+
+const createServer = require("../createServer");
+const withAuthHeader = require("./utils/withAuthHeader");
+const withRevokedToken = require("./utils/withRevokedToken");
+const withToken = require("./utils/withToken");
+
+describe("The /api/auth endpoint", () => {
+  let server;
+  beforeEach(() => {
+    server = createServer();
+  });
+
+  describe("POST /api/auth", () => {
+    it("creates a new auth token", done => {
+      request(server)
+        .post("/api/auth")
+        .end((err, res) => {
+          expect(res.body).toHaveProperty("token");
+          done();
+        });
+    });
+  });
+
+  describe("GET /api/auth", () => {
+    describe("with no auth", () => {
+      it("echoes back null", done => {
+        request(server)
+          .get("/api/auth")
+          .end((err, res) => {
+            expect(res.body).toHaveProperty("auth");
+            expect(res.body.auth).toBe(null);
+            done();
+          });
+      });
+    });
+
+    describe("with a revoked auth token", () => {
+      it("echoes back null", done => {
+        withRevokedToken({ some: { scope: true } }, token => {
+          request(server)
+            .get("/api/auth?token=" + token)
+            .end((err, res) => {
+              expect(res.body).toHaveProperty("auth");
+              expect(res.body.auth).toBe(null);
+              done();
+            });
+        });
+      });
+    });
+
+    describe("with a valid auth token", () => {
+      describe("in the query string", () => {
+        it("echoes back the auth payload", done => {
+          const scopes = { some: { scope: true } };
+
+          withToken(scopes, token => {
+            request(server)
+              .get("/api/auth?token=" + token)
+              .end((err, res) => {
+                expect(res.body).toHaveProperty("auth");
+                expect(res.body.auth).toBeDefined();
+                expect(res.body.auth.scopes).toMatchObject(scopes);
+                done();
+              });
+          });
+        });
+      });
+
+      describe("in the Authorization header", () => {
+        it.only("echoes back the auth payload", done => {
+          const scopes = { some: { scope: true } };
+
+          withAuthHeader(scopes, header => {
+            request(server)
+              .get("/api/auth")
+              .set({ Authorization: header })
+              .end((err, res) => {
+                expect(res.body).toHaveProperty("auth");
+                expect(res.body.auth).toBeDefined();
+                expect(res.body.auth.scopes).toMatchObject(scopes);
+                done();
+              });
+          });
+        });
+      });
+    });
+  });
+});