jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
59c9e5397ef757f6aca534035119c2f90eaccc0f
cloudron-box/src/test/tokens-test.js
T
Girish Ramakrishnan d0a66f1701 Back to mocha! 
sorry i ever left you dear mocha

node:test has two major issues:
* --bail does not work and requires strange modules and incantations.
I was able to work around this with a custom module.

* the test reporter reports _after_ the suite is run. this makes debugging
really hard. the debugs that we print all happen before the test suite summary.
poor design overall.
2026-02-19 13:24:14 +01:00

181 lines
6.0 KiB
JavaScript
Raw Blame History

import { describe, it, before, after } from 'mocha';
import BoxError from '../boxerror.js';
import common from './common.js';
import assert from 'node:assert/strict';
import oidcClients from '../oidcclients.js';
import safe from 'safetydance';
import tokens from '../tokens.js';
describe('Tokens', function () {
const { setup, cleanup } = common;
before(setup);
after(cleanup);
const TOKEN_0 = {
id: null,
name: 'token0',
accessToken: null,
identifier: '0',
clientId: 'clientid-0',
expires: Date.now() + 60 * 60000,
lastUsedTime: null,
scope: { '*': 'rw' },
allowedIpRanges: '#this is our server\n3.4.5.6\nfe80::42:5ff:fe1b:2d9e/64\n\n172.17.0.1/16\nfe80::ec78:50ff:fecc:50a4/64'
};
it('add fails with bad name', async function () {
const badToken = Object.assign({}, TOKEN_0);
badToken.name = new Array(100).fill('x').join('');
const [error] = await safe(tokens.add(badToken));
assert.equal(error.reason, BoxError.BAD_FIELD);
});
it('add fails with unknown scope', async function () {
const badToken = Object.assign({}, TOKEN_0);
badToken.scope = { 'foobar': 'rw', '*': 'r' };
const [error] = await safe(tokens.add(badToken));
assert.equal(error.reason, BoxError.BAD_FIELD);
});
it('add fails with invalid scope rule', async function () {
const badToken = Object.assign({}, TOKEN_0);
badToken.scope = { '*': 'rw ' };
const [error] = await safe(tokens.add(badToken));
assert.equal(error.reason, BoxError.BAD_FIELD);
});
it('add fails with bad name', async function () {
const badToken = Object.assign({}, TOKEN_0);
badToken.name = new Array(100).fill('x').join('');
const [error] = await safe(tokens.add(badToken));
assert.equal(error.reason, BoxError.BAD_FIELD);
});
it('add fails for bad allowed ips', async function () {
const badToken = Object.assign({}, TOKEN_0);
badToken.allowedIpRanges = '1.2.3./4';
const [error] = await safe(tokens.add(badToken));
assert.equal(error.reason, BoxError.BAD_FIELD);
});
it('add succeeds', async function () {
const { id, accessToken } = await tokens.add(TOKEN_0);
TOKEN_0.id = id;
TOKEN_0.accessToken = accessToken;
});
it('get succeeds', async function () {
const result = await tokens.get(TOKEN_0.id);
assert.deepEqual(result, TOKEN_0);
});
it('getByAccessToken succeeds', async function () {
const result = await tokens.getByAccessToken(TOKEN_0.accessToken);
assert.deepEqual(result, TOKEN_0);
});
it('get of nonexisting token fails', async function () {
const result = await tokens.getByAccessToken('somerandomaccesstoken');
assert.equal(result, null);
});
it('listByUserId succeeds', async function () {
const result = await tokens.listByUserId(TOKEN_0.identifier);
assert.ok(Array.isArray(result));
assert.equal(result.length, 1);
assert.equal(typeof result[0], 'object');
assert.deepEqual(result[0], TOKEN_0);
});
it('delete fails', async function () {
const [error] = await safe(tokens.del(TOKEN_0.id + 'x'));
assert.ok((error) instanceof (BoxError));
assert.equal(error.reason, BoxError.NOT_FOUND);
});
it('delete succeeds', async function () {
await tokens.del(TOKEN_0.id);
});
it('get returns null after token deletion', async function () {
const result = await tokens.get(TOKEN_0.id);
assert.equal(result, null);
});
it('cannot delete previously delete record', async function () {
const [error] = await safe(tokens.del(TOKEN_0.id));
assert.ok((error) instanceof (BoxError));
assert.equal(error.reason, BoxError.NOT_FOUND);
});
it('delExpired succeeds', async function () {
const token1 = {
name: 'token1',
identifier: '1',
clientId: 'clientid-1',
expires: Number.MAX_SAFE_INTEGER,
lastUsedTime: null,
scope: { '*': 'rw' },
allowedIpRanges: '#this is our server\n3.4.5.6'
};
const token2 = {
name: 'token2',
identifier: '2',
clientId: 'clientid-2',
expires: Date.now(),
lastUsedTime: null,
allowedIpRanges: '#this'
};
let result = await tokens.add(token1);
token1.id = result.id;
token1.accessToken = result.accessToken;
result = await tokens.add(token2);
token2.id = result.id;
token2.accessToken = result.accessToken;
await tokens.delExpired();
result = await tokens.getByAccessToken(token2.accessToken);
assert.equal(result, null);
result = await tokens.getByAccessToken(token1.accessToken);
assert.deepEqual(result, token1);
});
it('delByUserIdAndType succeeds', async function () {
const token1 = {
name: 'token1',
identifier: 'user1',
clientId: oidcClients.ID_WEBADMIN,
expires: Number.MAX_SAFE_INTEGER,
lastUsedTime: null,
scope: { '*': 'rw' },
allowedIpRanges: '#this is our server\n3.4.5.6'
};
const token2 = {
name: 'token2',
identifier: 'user1',
clientId: oidcClients.ID_SDK,
expires: Date.now(),
lastUsedTime: null,
allowedIpRanges: '#this'
};
await tokens.add(token1);
await tokens.add(token2);
await tokens.delByUserIdAndType('user2', oidcClients.ID_WEBADMIN);
let result = await tokens.listByUserId('user1');
assert.equal(result.length, 2); // should not have deleted user1 tokens
await tokens.delByUserIdAndType('user1', oidcClients.ID_WEBADMIN);
result = await tokens.listByUserId('user1');
assert.equal(result.length, 1);
assert.equal(result[0].name, token2.name);
});
});
Reference in New Issue View Git Blame Copy Permalink