mirror of
https://github.com/TryGhost/Ghost.git
synced 2025-03-11 02:12:21 -05:00
b3aff29a3e
no-issue These tests were previously skipped due to the NONE algorithm tests failing. These were failing for good reason, we do NOT want the none algorithm to be accepted. The tests have been updated to reflect that, and unskipped.
73 lines
2.7 KiB
JavaScript
73 lines
2.7 KiB
JavaScript
const jwt = require('jsonwebtoken');
|
|
const should = require('should');
|
|
const {UnauthorizedError} = require('@tryghost/errors');
|
|
const members = require('../../../../../core/server/services/auth/members');
|
|
|
|
describe('Auth Service - Members', function () {
|
|
it('exports an authenticateMembersToken method', function () {
|
|
const actual = typeof members.authenticateMembersToken;
|
|
const expected = 'function';
|
|
should.equal(actual, expected);
|
|
});
|
|
|
|
describe('authenticateMembersToken', function () {
|
|
it('calls next without an error if there is no authorization header', function () {
|
|
members.authenticateMembersToken({
|
|
get() {
|
|
return null;
|
|
}
|
|
}, {}, function next(err) {
|
|
const actual = err;
|
|
const expected = undefined;
|
|
|
|
should.equal(actual, expected);
|
|
});
|
|
});
|
|
|
|
it('calls next without an error if the authorization header does not match the GhostMembers scheme', function () {
|
|
members.authenticateMembersToken({
|
|
get() {
|
|
return 'DodgyScheme credscredscreds';
|
|
}
|
|
}, {}, function next(err) {
|
|
const actual = err;
|
|
const expected = undefined;
|
|
|
|
should.equal(actual, expected);
|
|
});
|
|
});
|
|
describe('attempts to verify the credentials as a JWT, not allowing the "NONE" algorithm', function () {
|
|
it('calls next with an UnauthorizedError if the verification fails', function () {
|
|
members.authenticateMembersToken({
|
|
get() {
|
|
return 'GhostMembers notafuckentoken';
|
|
}
|
|
}, {}, function next(err) {
|
|
const actual = err instanceof UnauthorizedError;
|
|
const expected = true;
|
|
|
|
should.equal(actual, expected);
|
|
});
|
|
});
|
|
it('calls next with an error if the token is using the "none" algorithm', function () {
|
|
const claims = {
|
|
rumpel: 'stiltskin'
|
|
};
|
|
const token = jwt.sign(claims, null, {
|
|
algorithm: 'none'
|
|
});
|
|
const req = {
|
|
get() {
|
|
return `GhostMembers ${token}`;
|
|
}
|
|
};
|
|
members.authenticateMembersToken(req, {}, function next(err) {
|
|
const actual = err instanceof UnauthorizedError;
|
|
const expected = true;
|
|
|
|
should.equal(actual, expected);
|
|
});
|
|
});
|
|
});
|
|
});
|
|
});
|