accounts-frontend/packages/app/services/api/authentication.test.ts

267 lines
8.9 KiB
TypeScript
Raw Normal View History

import expect from 'app/test/unexpected';
import sinon, { SinonFakeServer } from 'sinon';
2016-11-05 12:11:41 +02:00
import request from 'app/services/request';
import * as authentication from 'app/services/api/authentication';
import * as accounts from 'app/services/api/accounts';
2016-11-05 12:11:41 +02:00
describe('authentication api', () => {
2020-05-24 02:08:24 +03:00
let server: SinonFakeServer;
2019-02-04 23:14:58 +02:00
beforeEach(() => {
2020-05-24 02:08:24 +03:00
server = sinon.fakeServer.create({
autoRespond: true,
});
2019-02-04 23:14:58 +02:00
});
afterEach(() => {
2020-05-24 02:08:24 +03:00
server.restore();
2019-02-04 23:14:58 +02:00
});
2020-05-24 02:08:24 +03:00
describe('#login', () => {
const params = {
login: 'foo',
password: 'secret',
rememberMe: false,
};
2020-05-24 02:08:24 +03:00
beforeEach(() => {
sinon.stub(request, 'post').named('request.post');
2020-05-24 02:08:24 +03:00
(request.post as any).returns(Promise.resolve());
});
2020-05-24 02:08:24 +03:00
afterEach(() => {
(request.post as any).restore();
});
2020-05-24 02:08:24 +03:00
it('should post to login api', () => {
authentication.login(params);
2020-05-24 02:08:24 +03:00
expect(request.post, 'to have a call satisfying', ['/api/authentication/login', params, {}]);
});
2016-11-05 12:11:41 +02:00
2020-05-24 02:08:24 +03:00
it('should disable any token', () => {
authentication.login(params);
2016-11-05 12:11:41 +02:00
2020-05-24 02:08:24 +03:00
expect(request.post, 'to have a call satisfying', ['/api/authentication/login', params, { token: null }]);
});
});
2016-11-05 12:11:41 +02:00
2020-05-24 02:08:24 +03:00
describe('#validateToken()', () => {
const validToken = 'foo';
const validRefreshToken = 'bar';
const user = { id: 1 };
const validateTokenArgs: [number, string, string] = [user.id, validToken, validRefreshToken];
beforeEach(() => {
sinon.stub(accounts, 'getInfo');
(accounts.getInfo as any).returns(Promise.resolve(user));
});
afterEach(() => {
(accounts.getInfo as any).restore();
});
it('should request accounts.getInfo', () =>
expect(authentication.validateToken(...validateTokenArgs), 'to be fulfilled').then(() => {
expect(accounts.getInfo, 'to have a call satisfying', [user.id, validToken]);
}));
it('should resolve with both tokens and user object', () =>
expect(authentication.validateToken(...validateTokenArgs), 'to be fulfilled with', {
token: validToken,
refreshToken: validRefreshToken,
user,
}));
it('rejects if token has a bad type', () =>
expect(authentication.validateToken(user.id, {} as any), 'to be rejected with', 'token must be a string'));
it('should allow empty refreshToken', () =>
expect(authentication.validateToken(user.id, 'foo', null), 'to be fulfilled'));
it('rejects if accounts.getInfo request is unexpectedly failed', () => {
const error = 'Something wrong';
(accounts.getInfo as any).returns(Promise.reject(error));
return expect(authentication.validateToken(...validateTokenArgs), 'to be rejected with', error);
});
describe('when token is expired', () => {
const expiredResponse = {
name: 'Unauthorized',
message: 'Token expired',
code: 0,
status: 401,
type: 'yii\\web\\UnauthorizedHttpException',
};
const newToken = 'baz';
beforeEach(() => {
sinon.stub(authentication, 'requestToken');
(accounts.getInfo as any).onCall(0).returns(Promise.reject(expiredResponse));
(authentication.requestToken as any).returns(Promise.resolve(newToken));
});
afterEach(() => {
(authentication.requestToken as any).restore();
});
it('resolves with new token and user object', async () => {
server.respondWith(
'POST',
'/api/authentication/refresh-token',
JSON.stringify({
access_token: newToken,
refresh_token: validRefreshToken,
success: true,
expires_in: 50000,
}),
);
await expect(authentication.validateToken(...validateTokenArgs), 'to be fulfilled with', {
token: newToken,
refreshToken: validRefreshToken,
user,
});
expect(server.requests[0].requestBody, 'to equal', `refresh_token=${validRefreshToken}`);
});
it('rejects if token request failed', () => {
const error = { error: 'Unexpected error example' };
server.respondWith('POST', '/api/authentication/refresh-token', [500, [], JSON.stringify(error)]);
return expect(authentication.validateToken(...validateTokenArgs), 'to be rejected with', error);
});
});
describe('when token is incorrect', () => {
const expiredResponse = {
name: 'Unauthorized',
message: 'Incorrect token',
code: 0,
status: 401,
type: 'yii\\web\\UnauthorizedHttpException',
};
const newToken = 'baz';
beforeEach(() => {
(accounts.getInfo as any).onCall(0).returns(Promise.reject(expiredResponse));
});
it('resolves with new token and user object', async () => {
server.respondWith(
'POST',
'/api/authentication/refresh-token',
JSON.stringify({
access_token: newToken,
refresh_token: validRefreshToken,
success: true,
expires_in: 50000,
}),
);
await expect(authentication.validateToken(...validateTokenArgs), 'to be fulfilled with', {
token: newToken,
refreshToken: validRefreshToken,
user,
});
expect(server.requests[0].requestBody, 'to equal', `refresh_token=${validRefreshToken}`);
});
it('rejects if token request failed', () => {
const error = { error: 'Unexpected error example' };
server.respondWith('POST', '/api/authentication/refresh-token', [500, [], JSON.stringify(error)]);
return expect(authentication.validateToken(...validateTokenArgs), 'to be rejected with', error);
});
});
2016-11-05 12:11:41 +02:00
});
2020-05-24 02:08:24 +03:00
describe('#logout', () => {
beforeEach(() => {
sinon.stub(request, 'post').named('request.post');
});
2020-05-24 02:08:24 +03:00
afterEach(() => {
(request.post as any).restore();
});
2020-05-24 02:08:24 +03:00
it('should request logout api', () => {
authentication.logout();
2020-05-24 02:08:24 +03:00
expect(request.post, 'to have a call satisfying', ['/api/authentication/logout', {}, {}]);
});
2020-05-24 02:08:24 +03:00
it('returns a promise', () => {
(request.post as any).returns(Promise.resolve());
2020-05-24 02:08:24 +03:00
return expect(authentication.logout(), 'to be fulfilled');
});
2020-05-24 02:08:24 +03:00
it('overrides token if provided', () => {
const token = 'foo';
2020-05-24 02:08:24 +03:00
authentication.logout(token);
2020-05-24 02:08:24 +03:00
expect(request.post, 'to have a call satisfying', ['/api/authentication/logout', {}, { token }]);
});
});
2020-05-24 02:08:24 +03:00
describe('#requestToken', () => {
const refreshToken = 'refresh-token';
2020-05-24 02:08:24 +03:00
beforeEach(() => {
sinon.stub(request, 'post').named('request.post');
});
2020-05-24 02:08:24 +03:00
afterEach(() => {
(request.post as any).restore();
});
2020-05-24 02:08:24 +03:00
it('should request refresh-token api', () => {
(request.post as any).returns(Promise.resolve({}));
2020-05-24 02:08:24 +03:00
authentication.requestToken(refreshToken);
2020-05-24 02:08:24 +03:00
expect(request.post, 'to have a call satisfying', [
'/api/authentication/refresh-token',
{
refresh_token: refreshToken, // eslint-disable-line
},
{},
]);
});
2020-05-24 02:08:24 +03:00
it('should disable bearer auth for request', () => {
(request.post as any).returns(Promise.resolve({}));
2020-05-24 02:08:24 +03:00
authentication.requestToken(refreshToken);
2020-05-24 02:08:24 +03:00
expect(request.post, 'to have a call satisfying', [
'/api/authentication/refresh-token',
{
refresh_token: refreshToken, // eslint-disable-line
},
{ token: null },
]);
});
2020-05-24 02:08:24 +03:00
it('should resolve with token', () => {
const token = 'token';
2020-05-24 02:08:24 +03:00
(request.post as any).returns(
Promise.resolve({
access_token: token, // eslint-disable-line
}),
);
2020-05-24 02:08:24 +03:00
return expect(authentication.requestToken(refreshToken), 'to be fulfilled with', token);
});
});
2016-11-05 12:11:41 +02:00
});