mirror of
https://github.com/TryGhost/Ghost.git
synced 2025-02-10 23:36:14 -05:00
f08a55c21f
refs: https://github.com/TryGhost/Team/issues/856 refs: https://github.com/TryGhost/Team/issues/756 - The .test.js extension is better than _spec.js as it's more obvious that it's an extension - It also meaans we can use the --extension parameter in mocha, which should result in a better default behaviour for `yarn test` - It also highlights that some of our tests were named incorrectly and were not (and still will not be) run (see https://github.com/TryGhost/Team/issues/856) - Note: even with this change, `yarn test` is throwing errors, I believe because of this issue https://github.com/TryGhost/Team/issues/756
73 lines
2.7 KiB
JavaScript
73 lines
2.7 KiB
JavaScript
const jwt = require('jsonwebtoken');
|
|
const should = require('should');
|
|
const {UnauthorizedError} = require('@tryghost/errors');
|
|
const members = require('../../../../../core/server/services/auth/members');
|
|
|
|
describe('Auth Service - Members', function () {
|
|
it('exports an authenticateMembersToken method', function () {
|
|
const actual = typeof members.authenticateMembersToken;
|
|
const expected = 'function';
|
|
should.equal(actual, expected);
|
|
});
|
|
|
|
describe('authenticateMembersToken', function () {
|
|
it('calls next without an error if there is no authorization header', function () {
|
|
members.authenticateMembersToken({
|
|
get() {
|
|
return null;
|
|
}
|
|
}, {}, function next(err) {
|
|
const actual = err;
|
|
const expected = undefined;
|
|
|
|
should.equal(actual, expected);
|
|
});
|
|
});
|
|
|
|
it('calls next without an error if the authorization header does not match the GhostMembers scheme', function () {
|
|
members.authenticateMembersToken({
|
|
get() {
|
|
return 'DodgyScheme credscredscreds';
|
|
}
|
|
}, {}, function next(err) {
|
|
const actual = err;
|
|
const expected = undefined;
|
|
|
|
should.equal(actual, expected);
|
|
});
|
|
});
|
|
describe('attempts to verify the credentials as a JWT, not allowing the "NONE" algorithm', function () {
|
|
it('calls next with an UnauthorizedError if the verification fails', function () {
|
|
members.authenticateMembersToken({
|
|
get() {
|
|
return 'GhostMembers notafuckentoken';
|
|
}
|
|
}, {}, function next(err) {
|
|
const actual = err instanceof UnauthorizedError;
|
|
const expected = true;
|
|
|
|
should.equal(actual, expected);
|
|
});
|
|
});
|
|
it('calls next with an error if the token is using the "none" algorithm', function () {
|
|
const claims = {
|
|
rumpel: 'stiltskin'
|
|
};
|
|
const token = jwt.sign(claims, null, {
|
|
algorithm: 'none'
|
|
});
|
|
const req = {
|
|
get() {
|
|
return `GhostMembers ${token}`;
|
|
}
|
|
};
|
|
members.authenticateMembersToken(req, {}, function next(err) {
|
|
const actual = err instanceof UnauthorizedError;
|
|
const expected = true;
|
|
|
|
should.equal(actual, expected);
|
|
});
|
|
});
|
|
});
|
|
});
|
|
});
|