2020-05-08 16:04:21 -04:00
|
|
|
import * as supertest from 'supertest';
|
2020-04-27 22:21:03 -04:00
|
|
|
|
2020-04-27 21:20:50 -04:00
|
|
|
import SupervisorAPI from '../src/supervisor-api';
|
2020-05-08 16:04:21 -04:00
|
|
|
import mockedAPI = require('./lib/mocked-device-api');
|
2020-09-16 14:19:23 +00:00
|
|
|
import { cloudApiKey } from '../src/lib/api-keys';
|
2020-04-27 21:20:50 -04:00
|
|
|
|
|
|
|
const mockedOptions = {
|
2020-04-27 22:21:03 -04:00
|
|
|
listenPort: 12345,
|
2020-04-27 21:20:50 -04:00
|
|
|
timeout: 30000,
|
|
|
|
};
|
|
|
|
|
|
|
|
const INVALID_SECRET = 'bad_api_secret';
|
|
|
|
|
|
|
|
describe('SupervisorAPI authentication', () => {
|
|
|
|
let api: SupervisorAPI;
|
2020-05-08 16:04:21 -04:00
|
|
|
const request = supertest(`http://127.0.0.1:${mockedOptions.listenPort}`);
|
2020-04-27 21:20:50 -04:00
|
|
|
|
2020-04-27 22:21:03 -04:00
|
|
|
before(async () => {
|
2020-05-08 16:04:21 -04:00
|
|
|
// Create test API
|
|
|
|
api = await mockedAPI.create();
|
|
|
|
// Start test API
|
2020-06-15 17:46:33 +01:00
|
|
|
return api.listen(mockedOptions.listenPort, mockedOptions.timeout);
|
2020-04-27 21:20:50 -04:00
|
|
|
});
|
|
|
|
|
2020-04-27 22:21:03 -04:00
|
|
|
after(async () => {
|
|
|
|
try {
|
2020-05-08 16:04:21 -04:00
|
|
|
await api.stop();
|
2020-04-27 22:21:03 -04:00
|
|
|
} catch (e) {
|
2020-05-08 16:04:21 -04:00
|
|
|
if (e.message !== 'Server is not running.') {
|
|
|
|
throw e;
|
|
|
|
}
|
2020-04-27 22:21:03 -04:00
|
|
|
}
|
2020-05-08 16:04:21 -04:00
|
|
|
// Remove any test data generated
|
|
|
|
await mockedAPI.cleanUp();
|
2020-04-27 21:20:50 -04:00
|
|
|
});
|
|
|
|
|
|
|
|
it('finds no apiKey and rejects', async () => {
|
2020-05-08 16:04:21 -04:00
|
|
|
return request.post('/v1/blink').expect(401);
|
2020-04-27 21:20:50 -04:00
|
|
|
});
|
|
|
|
|
|
|
|
it('finds apiKey from query', async () => {
|
2020-09-16 14:19:23 +00:00
|
|
|
return request.post(`/v1/blink?apikey=${cloudApiKey}`).expect(200);
|
2020-04-27 21:20:50 -04:00
|
|
|
});
|
|
|
|
|
|
|
|
it('finds apiKey from Authorization header (ApiKey scheme)', async () => {
|
2020-05-08 16:04:21 -04:00
|
|
|
return request
|
|
|
|
.post('/v1/blink')
|
2020-09-16 14:19:23 +00:00
|
|
|
.set('Authorization', `ApiKey ${cloudApiKey}`)
|
2020-05-08 16:04:21 -04:00
|
|
|
.expect(200);
|
2020-04-27 21:20:50 -04:00
|
|
|
});
|
|
|
|
|
2020-04-27 22:21:03 -04:00
|
|
|
it('finds apiKey from Authorization header (Bearer scheme)', async () => {
|
2020-05-08 16:04:21 -04:00
|
|
|
return request
|
|
|
|
.post('/v1/blink')
|
2020-09-16 14:19:23 +00:00
|
|
|
.set('Authorization', `Bearer ${cloudApiKey}`)
|
2020-05-08 16:04:21 -04:00
|
|
|
.expect(200);
|
2020-04-27 22:21:03 -04:00
|
|
|
});
|
|
|
|
|
|
|
|
it('finds apiKey from Authorization header (case insensitive)', async () => {
|
|
|
|
const randomCases = [
|
|
|
|
'Bearer',
|
|
|
|
'bearer',
|
|
|
|
'BEARER',
|
|
|
|
'BeAReR',
|
|
|
|
'ApiKey',
|
|
|
|
'apikey',
|
|
|
|
'APIKEY',
|
|
|
|
'ApIKeY',
|
|
|
|
];
|
|
|
|
for (const scheme of randomCases) {
|
2020-05-08 16:04:21 -04:00
|
|
|
return request
|
|
|
|
.post('/v1/blink')
|
2020-09-16 14:19:23 +00:00
|
|
|
.set('Authorization', `${scheme} ${cloudApiKey}`)
|
2020-05-08 16:04:21 -04:00
|
|
|
.expect(200);
|
2020-04-27 22:21:03 -04:00
|
|
|
}
|
|
|
|
});
|
|
|
|
|
2020-04-27 21:20:50 -04:00
|
|
|
it('rejects invalid apiKey from query', async () => {
|
2020-05-08 16:04:21 -04:00
|
|
|
return request.post(`/v1/blink?apikey=${INVALID_SECRET}`).expect(401);
|
2020-04-27 21:20:50 -04:00
|
|
|
});
|
|
|
|
|
2020-04-27 22:21:03 -04:00
|
|
|
it('rejects invalid apiKey from Authorization header (ApiKey scheme)', async () => {
|
2020-05-08 16:04:21 -04:00
|
|
|
return request
|
|
|
|
.post('/v1/blink')
|
|
|
|
.set('Authorization', `ApiKey ${INVALID_SECRET}`)
|
|
|
|
.expect(401);
|
2020-04-27 21:20:50 -04:00
|
|
|
});
|
2020-04-27 22:21:03 -04:00
|
|
|
|
|
|
|
it('rejects invalid apiKey from Authorization header (Bearer scheme)', async () => {
|
2020-05-08 16:04:21 -04:00
|
|
|
return request
|
|
|
|
.post('/v1/blink')
|
|
|
|
.set('Authorization', `Bearer ${INVALID_SECRET}`)
|
|
|
|
.expect(401);
|
2020-04-27 22:21:03 -04:00
|
|
|
});
|
2020-04-27 21:20:50 -04:00
|
|
|
});
|