/server/test/security.js
JavaScript | 171 lines | 143 code | 20 blank | 8 comment | 0 complexity | cbf1ec590ec32c68382d44e93a8abf2e MD5 | raw file
1var rewire = require('rewire'); 2var security = rewire('../lib/security'); 3 4var config = { 5 dbUrl: 'https://api.mongolab.com/api/1/databases', 6 apiKey: '4fb51e55e4b02e56a67b0b66', 7 dbName: 'ascrum', 8 usersCollection: 'users' 9}; 10 11function mockUpUser(isAdmin) { 12 return { 13 _id : { $oid: '1234567' }, 14 email: 'email', 15 password: 'password', 16 firstName: 'firstName', 17 lastName: 'lastName', 18 admin: !!isAdmin 19 }; 20} 21 22function mockUpPassport(test, authenticated) { 23 var spies = { }; 24 security.__set__('passport', { 25 use: function(fn) { 26 spies.useCalled = true; 27 }, 28 authenticate: function(strategy, callback) { 29 spies.authenticateCalled = true; 30 return function() { callback(); }; 31 } 32 }); 33 return spies; 34} 35 36function mockUpMongoStrategy(test) { 37 var strategy = function(dbUrl, apiKey, dbName, usersCollection) { 38 test.equal(dbUrl, config.dbUrl); 39 test.equal(apiKey, config.apiKey); 40 test.equal(dbName, config.dbName); 41 test.equal(usersCollection, config.usersCollection); 42 }; 43 strategy.name = 'mongo'; 44 security.__set__('MongoStrategy', strategy); 45} 46 47module.exports = { 48 initialize: function(test) { 49 mockUpMongoStrategy(test); 50 var passportSpy = mockUpPassport(test); 51 security.initialize(config.dbUrl, config.apiKey, config.dbName, config.usersCollection); 52 test.ok(passportSpy.useCalled); 53 test.done(); 54 }, 55 56 authenticationRequired: function(test) { 57 // Setup mocks 58 var req = {}; 59 var res = { 60 json: function() { jsonCalled = true; } 61 }; 62 var nextCalled = false; 63 var jsonCalled = false; 64 var next = function() { nextCalled = true; }; 65 66 // Test when user is unauthenticated 67 req.isAuthenticated = function() { return false; }; 68 security.authenticationRequired(req, res, next); 69 test.ok(jsonCalled); 70 71 // Test when user is authenticated 72 req.isAuthenticated = function() { return true; }; 73 security.authenticationRequired(req, res, next); 74 test.ok(nextCalled); 75 76 test.done(); 77 }, 78 79 adminRequired: function(test) { 80 // Setup mocks 81 var nextCalled = false; 82 var jsonCalled = false; 83 var req = {}; 84 var res = { 85 json: function(status) { 86 test.equal(status, 401); 87 jsonCalled = true; 88 } 89 }; 90 var next = function() { 91 nextCalled = true; 92 }; 93 94 // Test when user is unauthenticated 95 req.user = null; 96 security.adminRequired(req, res, next); 97 test.ok(jsonCalled); 98 99 // Test when user is authenticated but not admin 100 req.user = mockUpUser(false); 101 security.adminRequired(req, res, next); 102 test.ok(jsonCalled); 103 104 // Test when user is admin 105 req.user = mockUpUser(true); 106 security.adminRequired(req, res, next); 107 test.ok(nextCalled); 108 109 test.done(); 110 }, 111 112 sendCurrentUser: function(test) { 113 var jsonCalled = false; 114 var req = { user : mockUpUser(false) }; 115 var res = { 116 json: function(status, userInfo) { 117 test.equal(status, 200); 118 test.equal(userInfo.user.id, req.user._id.$oid); 119 jsonCalled = true; 120 }, 121 end: function() {} 122 }; 123 security.sendCurrentUser(req, res, null); 124 test.ok(jsonCalled); 125 test.done(); 126 }, 127 128 login: function(test) { 129 var req = {}; 130 131 var jsonCalled = false; 132 var res = { 133 json: function() { jsonCalled = true; } 134 }; 135 136 var nextCalled = false; 137 var next = function() { nextCalled = true; }; 138 139 var spies = mockUpPassport(test); 140 security.login(req, res, next); 141 test.ok(spies.authenticateCalled); 142 test.ok(jsonCalled); 143 test.done(); 144 }, 145 146 logoutPOST: function(test) { 147 var logoutCalled = false; 148 var req = { 149 method: 'POST', 150 logout: function() { 151 logoutCalled = true; 152 } 153 }; 154 var redirectCalled = false; 155 var sendCalled = false; 156 var res = { 157 redirect: function() { 158 redirectCalled = true; 159 }, 160 send: function() { 161 sendCalled = true; 162 } 163 }; 164 // Test without POST 165 security.logout(req, res); 166 test.ok(logoutCalled); 167 test.ok(!redirectCalled); 168 test.ok(sendCalled); 169 test.done(); 170 } 171};