PageRenderTime 43ms CodeModel.GetById 8ms app.highlight 28ms RepoModel.GetById 2ms app.codeStats 0ms

/server/test/security.js

https://github.com/debdayal/TestApp
JavaScript | 171 lines | 143 code | 20 blank | 8 comment | 0 complexity | cbf1ec590ec32c68382d44e93a8abf2e MD5 | raw file
  1var rewire = require('rewire');
  2var security = rewire('../lib/security');
  3
  4var config = {
  5  dbUrl: 'https://api.mongolab.com/api/1/databases',
  6  apiKey: '4fb51e55e4b02e56a67b0b66',
  7  dbName: 'ascrum',
  8  usersCollection: 'users'
  9};
 10
 11function mockUpUser(isAdmin) {
 12  return {
 13    _id : { $oid: '1234567' },
 14    email: 'email',
 15    password: 'password',
 16    firstName: 'firstName',
 17    lastName: 'lastName',
 18    admin: !!isAdmin
 19  };
 20}
 21
 22function mockUpPassport(test, authenticated) {
 23  var spies = { };
 24  security.__set__('passport', {
 25    use: function(fn) {
 26      spies.useCalled = true;
 27    },
 28    authenticate: function(strategy, callback) {
 29      spies.authenticateCalled = true;
 30      return function() { callback(); };
 31    }
 32  });
 33  return spies;
 34}
 35
 36function mockUpMongoStrategy(test) {
 37  var strategy = function(dbUrl, apiKey, dbName, usersCollection) {
 38    test.equal(dbUrl, config.dbUrl);
 39    test.equal(apiKey, config.apiKey);
 40    test.equal(dbName, config.dbName);
 41    test.equal(usersCollection, config.usersCollection);
 42  };
 43  strategy.name = 'mongo';
 44  security.__set__('MongoStrategy', strategy);
 45}
 46
 47module.exports = {
 48  initialize: function(test) {
 49    mockUpMongoStrategy(test);
 50    var passportSpy = mockUpPassport(test);
 51    security.initialize(config.dbUrl, config.apiKey, config.dbName, config.usersCollection);
 52    test.ok(passportSpy.useCalled);
 53    test.done();
 54  },
 55
 56  authenticationRequired: function(test) {
 57    // Setup mocks
 58    var req = {};
 59    var res = {
 60      json: function() { jsonCalled = true; }
 61    };
 62    var nextCalled = false;
 63    var jsonCalled = false;
 64    var next = function() { nextCalled = true; };
 65
 66    // Test when user is unauthenticated
 67    req.isAuthenticated = function() { return false; };
 68    security.authenticationRequired(req, res, next);
 69    test.ok(jsonCalled);
 70
 71    // Test when user is authenticated
 72    req.isAuthenticated = function() { return true; };
 73    security.authenticationRequired(req, res, next);
 74    test.ok(nextCalled);
 75
 76    test.done();
 77  },
 78
 79  adminRequired: function(test) {
 80    // Setup mocks
 81    var nextCalled = false;
 82    var jsonCalled = false;
 83    var req = {};
 84    var res = {
 85      json: function(status) {
 86        test.equal(status, 401);
 87        jsonCalled = true;
 88      }
 89    };
 90    var next = function() {
 91      nextCalled = true;
 92    };
 93
 94    // Test when user is unauthenticated
 95    req.user = null;
 96    security.adminRequired(req, res, next);
 97    test.ok(jsonCalled);
 98
 99    // Test when user is authenticated but not admin
100    req.user = mockUpUser(false);
101    security.adminRequired(req, res, next);
102    test.ok(jsonCalled);
103
104    // Test when user is admin
105    req.user = mockUpUser(true);
106    security.adminRequired(req, res, next);
107    test.ok(nextCalled);
108
109    test.done();
110  },
111
112  sendCurrentUser: function(test) {
113    var jsonCalled = false;
114    var req = { user : mockUpUser(false) };
115    var res = {
116      json: function(status, userInfo) {
117        test.equal(status, 200);
118        test.equal(userInfo.user.id, req.user._id.$oid);
119        jsonCalled = true;
120      },
121      end: function() {}
122    };
123    security.sendCurrentUser(req, res, null);
124    test.ok(jsonCalled);
125    test.done();
126  },
127
128  login: function(test) {
129    var req = {};
130
131    var jsonCalled = false;
132    var res = {
133      json: function() { jsonCalled = true; }
134    };
135
136    var nextCalled = false;
137    var next = function() { nextCalled = true; };
138
139    var spies = mockUpPassport(test);
140    security.login(req, res, next);
141    test.ok(spies.authenticateCalled);
142    test.ok(jsonCalled);
143    test.done();
144  },
145
146  logoutPOST: function(test) {
147    var logoutCalled = false;
148    var req = {
149      method: 'POST',
150      logout: function() {
151        logoutCalled = true;
152      }
153    };
154    var redirectCalled = false;
155    var sendCalled = false;
156    var res = {
157      redirect: function() {
158        redirectCalled = true;
159      },
160      send: function() {
161        sendCalled = true;
162      }
163    };
164    // Test without POST
165    security.logout(req, res);
166    test.ok(logoutCalled);
167    test.ok(!redirectCalled);
168    test.ok(sendCalled);
169    test.done();
170  }
171};