ghost/test/unit/services/auth/members/index_spec.js

const jwt = require('jsonwebtoken');
const should = require('should');
const {UnauthorizedError} = require('@tryghost/errors');
const members = require('../../../../../core/server/services/auth/members');

describe.skip('Auth Service - Members', function () {
    it('exports an authenticateMembersToken method', function () {
        const actual = typeof members.authenticateMembersToken;
        const expected = 'function';
        should.equal(actual, expected);
    });

    describe('authenticateMembersToken', function () {
        it('calls next without an error if there is no authorization header', function () {
            members.authenticateMembersToken({
                get() {
                    return null;
                }
            }, {}, function next(err) {
                const actual = err;
                const expected = undefined;

                should.equal(actual, expected);
            });
        });

        it('calls next without an error if the authorization header does not match the GhostMembers scheme', function () {
            members.authenticateMembersToken({
                get() {
                    return 'DodgyScheme credscredscreds';
                }
            }, {}, function next(err) {
                const actual = err;
                const expected = undefined;

                should.equal(actual, expected);
            });
        });
        describe('attempts to verify the credentials as a JWT, allowing the "NONE" algorithm', function () {
            it('calls next with an UnauthorizedError if the verification fails', function () {
                members.authenticateMembersToken({
                    get() {
                        return 'GhostMembers notafuckentoken';
                    }
                }, {}, function next(err) {
                    const actual = err instanceof UnauthorizedError;
                    const expected = true;

                    should.equal(actual, expected);
                });
            });
            it('calls next without an error after attaching the JWT claims to req.member if the verification suceeds', function () {
                const claims = {
                    rumpel: 'stiltskin'
                };
                const token = jwt.sign(claims, null, {
                    algorithm: 'none'
                });
                const req = {
                    get() {
                        return `GhostMembers ${token}`;
                    }
                };
                members.authenticateMembersToken(req, {}, function next(err) {
                    should.equal(err, undefined);

                    const actual = req.member.rumpel;
                    const expected = claims.rumpel;

                    should.deepEqual(actual, expected);
                });
            });
        });
    });
});
🚧 Created members auth middleware closes #10110 2018-11-07 17:10:07 +07:00			`const jwt = require('jsonwebtoken');`
			`const should = require('should');`
Remove common errors (#11848) * refactored core/frontend/services/proxy to import common dependency like a normal person * removed all imports of `common/errors` * :fire: removed common/errors module Co-authored-by: Vikas Potluri <vikaspotluri123.github@gmail.com> 2020-05-26 19:10:29 +01:00			`const {UnauthorizedError} = require('@tryghost/errors');`
Move tests from core to root (#11700) - move all test files from core/test to test/ - updated all imports and other references - all code inside of core/ is then application code - tests are correctly at the root level - consistent with other repos/projects Co-authored-by: Kevin Ansfield <kevin@lookingsideways.co.uk> 2020-03-30 16:26:47 +01:00			`const members = require('../../../../../core/server/services/auth/members');`
🚧 Created members auth middleware closes #10110 2018-11-07 17:10:07 +07:00
Wired members service up to api and app (#10262) * Updated auth service members middleware refs #10213 * Wired up members api router to the ghost api endpoints refs #10213 * Created members app for the static pages refs #10213 * Wired up the members app refs #10213 2018-12-11 15:18:07 +07:00			`describe.skip('Auth Service - Members', function () {`
🚧 Created members auth middleware closes #10110 2018-11-07 17:10:07 +07:00			`it('exports an authenticateMembersToken method', function () {`
			`const actual = typeof members.authenticateMembersToken;`
			`const expected = 'function';`
			`should.equal(actual, expected);`
			`});`

			`describe('authenticateMembersToken', function () {`
			`it('calls next without an error if there is no authorization header', function () {`
			`members.authenticateMembersToken({`
Update Test & linting packages (major) (#10858) no issue - Updated Test & linting packages - Updated use of hasOwnProperty - Using Object.prototype.hasOwnProperty instead (ref. eslint.org/docs/rules/no-prototype-builtins) - Removed already defined built-in global variable Intl - Applied `--fix` with lint command on `core/test` folder - The rules were broken because some of them were made stricter for `eslint: recommended` ruleset (ref. https://eslint.org/docs/user-guide/migrating-to-6.0.0#eslint-recommended-changes) - Removed redundant global variable declarations to pass linting 2019-07-05 13:40:43 +02:00			`get() {`
			`return null;`
			`}`
🚧 Created members auth middleware closes #10110 2018-11-07 17:10:07 +07:00			`}, {}, function next(err) {`
			`const actual = err;`
			`const expected = undefined;`

			`should.equal(actual, expected);`
			`});`
			`});`

			`it('calls next without an error if the authorization header does not match the GhostMembers scheme', function () {`
			`members.authenticateMembersToken({`
Update Test & linting packages (major) (#10858) no issue - Updated Test & linting packages - Updated use of hasOwnProperty - Using Object.prototype.hasOwnProperty instead (ref. eslint.org/docs/rules/no-prototype-builtins) - Removed already defined built-in global variable Intl - Applied `--fix` with lint command on `core/test` folder - The rules were broken because some of them were made stricter for `eslint: recommended` ruleset (ref. https://eslint.org/docs/user-guide/migrating-to-6.0.0#eslint-recommended-changes) - Removed redundant global variable declarations to pass linting 2019-07-05 13:40:43 +02:00			`get() {`
			`return 'DodgyScheme credscredscreds';`
			`}`
🚧 Created members auth middleware closes #10110 2018-11-07 17:10:07 +07:00			`}, {}, function next(err) {`
			`const actual = err;`
			`const expected = undefined;`

			`should.equal(actual, expected);`
			`});`
			`});`
			`describe('attempts to verify the credentials as a JWT, allowing the "NONE" algorithm', function () {`
			`it('calls next with an UnauthorizedError if the verification fails', function () {`
			`members.authenticateMembersToken({`
Update Test & linting packages (major) (#10858) no issue - Updated Test & linting packages - Updated use of hasOwnProperty - Using Object.prototype.hasOwnProperty instead (ref. eslint.org/docs/rules/no-prototype-builtins) - Removed already defined built-in global variable Intl - Applied `--fix` with lint command on `core/test` folder - The rules were broken because some of them were made stricter for `eslint: recommended` ruleset (ref. https://eslint.org/docs/user-guide/migrating-to-6.0.0#eslint-recommended-changes) - Removed redundant global variable declarations to pass linting 2019-07-05 13:40:43 +02:00			`get() {`
			`return 'GhostMembers notafuckentoken';`
			`}`
🚧 Created members auth middleware closes #10110 2018-11-07 17:10:07 +07:00			`}, {}, function next(err) {`
			`const actual = err instanceof UnauthorizedError;`
			`const expected = true;`

			`should.equal(actual, expected);`
			`});`
			`});`
			`it('calls next without an error after attaching the JWT claims to req.member if the verification suceeds', function () {`
			`const claims = {`
			`rumpel: 'stiltskin'`
			`};`
			`const token = jwt.sign(claims, null, {`
			`algorithm: 'none'`
			`});`
			`const req = {`
Update Test & linting packages (major) (#10858) no issue - Updated Test & linting packages - Updated use of hasOwnProperty - Using Object.prototype.hasOwnProperty instead (ref. eslint.org/docs/rules/no-prototype-builtins) - Removed already defined built-in global variable Intl - Applied `--fix` with lint command on `core/test` folder - The rules were broken because some of them were made stricter for `eslint: recommended` ruleset (ref. https://eslint.org/docs/user-guide/migrating-to-6.0.0#eslint-recommended-changes) - Removed redundant global variable declarations to pass linting 2019-07-05 13:40:43 +02:00			`get() {`
			return `GhostMembers ${token}`;
			`}`
🚧 Created members auth middleware closes #10110 2018-11-07 17:10:07 +07:00			`};`
			`members.authenticateMembersToken(req, {}, function next(err) {`
			`should.equal(err, undefined);`

			`const actual = req.member.rumpel;`
			`const expected = claims.rumpel;`

			`should.deepEqual(actual, expected);`
			`});`
			`});`
			`});`
			`});`
			`});`