/server/test/security.js

https://github.com/debdayal/TestApp · JavaScript · 171 lines · 143 code · 20 blank · 8 comment · 0 complexity · cbf1ec590ec32c68382d44e93a8abf2e MD5 · raw file

  1. var rewire = require('rewire');
  2. var security = rewire('../lib/security');
  3. var config = {
  4. dbUrl: 'https://api.mongolab.com/api/1/databases',
  5. apiKey: '4fb51e55e4b02e56a67b0b66',
  6. dbName: 'ascrum',
  7. usersCollection: 'users'
  8. };
  9. function mockUpUser(isAdmin) {
  10. return {
  11. _id : { $oid: '1234567' },
  12. email: 'email',
  13. password: 'password',
  14. firstName: 'firstName',
  15. lastName: 'lastName',
  16. admin: !!isAdmin
  17. };
  18. }
  19. function mockUpPassport(test, authenticated) {
  20. var spies = { };
  21. security.__set__('passport', {
  22. use: function(fn) {
  23. spies.useCalled = true;
  24. },
  25. authenticate: function(strategy, callback) {
  26. spies.authenticateCalled = true;
  27. return function() { callback(); };
  28. }
  29. });
  30. return spies;
  31. }
  32. function mockUpMongoStrategy(test) {
  33. var strategy = function(dbUrl, apiKey, dbName, usersCollection) {
  34. test.equal(dbUrl, config.dbUrl);
  35. test.equal(apiKey, config.apiKey);
  36. test.equal(dbName, config.dbName);
  37. test.equal(usersCollection, config.usersCollection);
  38. };
  39. strategy.name = 'mongo';
  40. security.__set__('MongoStrategy', strategy);
  41. }
  42. module.exports = {
  43. initialize: function(test) {
  44. mockUpMongoStrategy(test);
  45. var passportSpy = mockUpPassport(test);
  46. security.initialize(config.dbUrl, config.apiKey, config.dbName, config.usersCollection);
  47. test.ok(passportSpy.useCalled);
  48. test.done();
  49. },
  50. authenticationRequired: function(test) {
  51. // Setup mocks
  52. var req = {};
  53. var res = {
  54. json: function() { jsonCalled = true; }
  55. };
  56. var nextCalled = false;
  57. var jsonCalled = false;
  58. var next = function() { nextCalled = true; };
  59. // Test when user is unauthenticated
  60. req.isAuthenticated = function() { return false; };
  61. security.authenticationRequired(req, res, next);
  62. test.ok(jsonCalled);
  63. // Test when user is authenticated
  64. req.isAuthenticated = function() { return true; };
  65. security.authenticationRequired(req, res, next);
  66. test.ok(nextCalled);
  67. test.done();
  68. },
  69. adminRequired: function(test) {
  70. // Setup mocks
  71. var nextCalled = false;
  72. var jsonCalled = false;
  73. var req = {};
  74. var res = {
  75. json: function(status) {
  76. test.equal(status, 401);
  77. jsonCalled = true;
  78. }
  79. };
  80. var next = function() {
  81. nextCalled = true;
  82. };
  83. // Test when user is unauthenticated
  84. req.user = null;
  85. security.adminRequired(req, res, next);
  86. test.ok(jsonCalled);
  87. // Test when user is authenticated but not admin
  88. req.user = mockUpUser(false);
  89. security.adminRequired(req, res, next);
  90. test.ok(jsonCalled);
  91. // Test when user is admin
  92. req.user = mockUpUser(true);
  93. security.adminRequired(req, res, next);
  94. test.ok(nextCalled);
  95. test.done();
  96. },
  97. sendCurrentUser: function(test) {
  98. var jsonCalled = false;
  99. var req = { user : mockUpUser(false) };
  100. var res = {
  101. json: function(status, userInfo) {
  102. test.equal(status, 200);
  103. test.equal(userInfo.user.id, req.user._id.$oid);
  104. jsonCalled = true;
  105. },
  106. end: function() {}
  107. };
  108. security.sendCurrentUser(req, res, null);
  109. test.ok(jsonCalled);
  110. test.done();
  111. },
  112. login: function(test) {
  113. var req = {};
  114. var jsonCalled = false;
  115. var res = {
  116. json: function() { jsonCalled = true; }
  117. };
  118. var nextCalled = false;
  119. var next = function() { nextCalled = true; };
  120. var spies = mockUpPassport(test);
  121. security.login(req, res, next);
  122. test.ok(spies.authenticateCalled);
  123. test.ok(jsonCalled);
  124. test.done();
  125. },
  126. logoutPOST: function(test) {
  127. var logoutCalled = false;
  128. var req = {
  129. method: 'POST',
  130. logout: function() {
  131. logoutCalled = true;
  132. }
  133. };
  134. var redirectCalled = false;
  135. var sendCalled = false;
  136. var res = {
  137. redirect: function() {
  138. redirectCalled = true;
  139. },
  140. send: function() {
  141. sendCalled = true;
  142. }
  143. };
  144. // Test without POST
  145. security.logout(req, res);
  146. test.ok(logoutCalled);
  147. test.ok(!redirectCalled);
  148. test.ok(sendCalled);
  149. test.done();
  150. }
  151. };