balena-supervisor/test/27-supervisor-api-auth.spec.ts

101 lines
2.4 KiB
TypeScript
Raw Normal View History

import * as supertest from 'supertest';
import SupervisorAPI from '../src/supervisor-api';
import mockedAPI = require('./lib/mocked-device-api');
const mockedOptions = {
listenPort: 12345,
timeout: 30000,
};
const VALID_SECRET = mockedAPI.STUBBED_VALUES.config.apiSecret;
const INVALID_SECRET = 'bad_api_secret';
const ALLOWED_INTERFACES = ['lo']; // Only need loopback since this is for testing
describe('SupervisorAPI authentication', () => {
let api: SupervisorAPI;
const request = supertest(`http://127.0.0.1:${mockedOptions.listenPort}`);
before(async () => {
// Create test API
api = await mockedAPI.create();
// Start test API
return api.listen(
ALLOWED_INTERFACES,
mockedOptions.listenPort,
mockedOptions.timeout,
);
});
after(async () => {
try {
await api.stop();
} catch (e) {
if (e.message !== 'Server is not running.') {
throw e;
}
}
// Remove any test data generated
await mockedAPI.cleanUp();
});
it('finds no apiKey and rejects', async () => {
return request.post('/v1/blink').expect(401);
});
it('finds apiKey from query', async () => {
return request.post(`/v1/blink?apikey=${VALID_SECRET}`).expect(200);
});
it('finds apiKey from Authorization header (ApiKey scheme)', async () => {
return request
.post('/v1/blink')
.set('Authorization', `ApiKey ${VALID_SECRET}`)
.expect(200);
});
it('finds apiKey from Authorization header (Bearer scheme)', async () => {
return request
.post('/v1/blink')
.set('Authorization', `Bearer ${VALID_SECRET}`)
.expect(200);
});
it('finds apiKey from Authorization header (case insensitive)', async () => {
const randomCases = [
'Bearer',
'bearer',
'BEARER',
'BeAReR',
'ApiKey',
'apikey',
'APIKEY',
'ApIKeY',
];
for (const scheme of randomCases) {
return request
.post('/v1/blink')
.set('Authorization', `${scheme} ${VALID_SECRET}`)
.expect(200);
}
});
it('rejects invalid apiKey from query', async () => {
return request.post(`/v1/blink?apikey=${INVALID_SECRET}`).expect(401);
});
it('rejects invalid apiKey from Authorization header (ApiKey scheme)', async () => {
return request
.post('/v1/blink')
.set('Authorization', `ApiKey ${INVALID_SECRET}`)
.expect(401);
});
it('rejects invalid apiKey from Authorization header (Bearer scheme)', async () => {
return request
.post('/v1/blink')
.set('Authorization', `Bearer ${INVALID_SECRET}`)
.expect(401);
});
});