mirror of
https://github.com/balena-os/balena-supervisor.git
synced 2024-12-25 00:11:06 +00:00
8295858b32
Change-type: minor Signed-off-by: Miguel Casqueira <miguel@balena.io>
101 lines
2.4 KiB
TypeScript
101 lines
2.4 KiB
TypeScript
import * as supertest from 'supertest';
|
|
|
|
import SupervisorAPI from '../src/supervisor-api';
|
|
import mockedAPI = require('./lib/mocked-device-api');
|
|
|
|
const mockedOptions = {
|
|
listenPort: 12345,
|
|
timeout: 30000,
|
|
};
|
|
|
|
const VALID_SECRET = mockedAPI.DEFAULT_SECRET;
|
|
const INVALID_SECRET = 'bad_api_secret';
|
|
const ALLOWED_INTERFACES = ['lo']; // Only need loopback since this is for testing
|
|
|
|
describe('SupervisorAPI authentication', () => {
|
|
let api: SupervisorAPI;
|
|
const request = supertest(`http://127.0.0.1:${mockedOptions.listenPort}`);
|
|
|
|
before(async () => {
|
|
// Create test API
|
|
api = await mockedAPI.create();
|
|
// Start test API
|
|
return api.listen(
|
|
ALLOWED_INTERFACES,
|
|
mockedOptions.listenPort,
|
|
mockedOptions.timeout,
|
|
);
|
|
});
|
|
|
|
after(async () => {
|
|
try {
|
|
await api.stop();
|
|
} catch (e) {
|
|
if (e.message !== 'Server is not running.') {
|
|
throw e;
|
|
}
|
|
}
|
|
// Remove any test data generated
|
|
await mockedAPI.cleanUp();
|
|
});
|
|
|
|
it('finds no apiKey and rejects', async () => {
|
|
return request.post('/v1/blink').expect(401);
|
|
});
|
|
|
|
it('finds apiKey from query', async () => {
|
|
return request.post(`/v1/blink?apikey=${VALID_SECRET}`).expect(200);
|
|
});
|
|
|
|
it('finds apiKey from Authorization header (ApiKey scheme)', async () => {
|
|
return request
|
|
.post('/v1/blink')
|
|
.set('Authorization', `ApiKey ${VALID_SECRET}`)
|
|
.expect(200);
|
|
});
|
|
|
|
it('finds apiKey from Authorization header (Bearer scheme)', async () => {
|
|
return request
|
|
.post('/v1/blink')
|
|
.set('Authorization', `Bearer ${VALID_SECRET}`)
|
|
.expect(200);
|
|
});
|
|
|
|
it('finds apiKey from Authorization header (case insensitive)', async () => {
|
|
const randomCases = [
|
|
'Bearer',
|
|
'bearer',
|
|
'BEARER',
|
|
'BeAReR',
|
|
'ApiKey',
|
|
'apikey',
|
|
'APIKEY',
|
|
'ApIKeY',
|
|
];
|
|
for (const scheme of randomCases) {
|
|
return request
|
|
.post('/v1/blink')
|
|
.set('Authorization', `${scheme} ${VALID_SECRET}`)
|
|
.expect(200);
|
|
}
|
|
});
|
|
|
|
it('rejects invalid apiKey from query', async () => {
|
|
return request.post(`/v1/blink?apikey=${INVALID_SECRET}`).expect(401);
|
|
});
|
|
|
|
it('rejects invalid apiKey from Authorization header (ApiKey scheme)', async () => {
|
|
return request
|
|
.post('/v1/blink')
|
|
.set('Authorization', `ApiKey ${INVALID_SECRET}`)
|
|
.expect(401);
|
|
});
|
|
|
|
it('rejects invalid apiKey from Authorization header (Bearer scheme)', async () => {
|
|
return request
|
|
.post('/v1/blink')
|
|
.set('Authorization', `Bearer ${INVALID_SECRET}`)
|
|
.expect(401);
|
|
});
|
|
});
|