drop.chapril.org-firefoxsend/test/backend/owner-tests.js

const assert = require('assert');
const sinon = require('sinon');
const proxyquire = require('proxyquire').noCallThru();

const storage = {
  metadata: sinon.stub()
};

function request(id, owner_token) {
  return {
    params: { id },
    body: { owner_token }
  };
}

function response() {
  return {
    sendStatus: sinon.stub()
  };
}

const ownerMiddleware = proxyquire('../../server/middleware/auth', {
  '../storage': storage
}).owner;

describe('Owner Middleware', function() {
  afterEach(function() {
    storage.metadata.reset();
  });

  it('sends a 404 when the id is not found', async function() {
    const next = sinon.stub();
    storage.metadata.returns(Promise.resolve(null));
    const res = response();
    await ownerMiddleware(request('a', 'y'), res, next);
    sinon.assert.notCalled(next);
    sinon.assert.calledWith(res.sendStatus, 404);
  });

  it('sends a 401 when the owner_token is missing', async function() {
    const next = sinon.stub();
    const meta = { owner: 'y' };
    storage.metadata.returns(Promise.resolve(meta));
    const res = response();
    await ownerMiddleware(request('b', null), res, next);
    sinon.assert.notCalled(next);
    sinon.assert.calledWith(res.sendStatus, 401);
  });

  it('sends a 401 when the owner_token does not match', async function() {
    const next = sinon.stub();
    const meta = { owner: 'y' };
    storage.metadata.returns(Promise.resolve(meta));
    const res = response();
    await ownerMiddleware(request('c', 'z'), res, next);
    sinon.assert.notCalled(next);
    sinon.assert.calledWith(res.sendStatus, 401);
  });

  it('sends a 401 if the metadata call fails', async function() {
    const next = sinon.stub();
    storage.metadata.returns(Promise.reject(new Error()));
    const res = response();
    await ownerMiddleware(request('d', 'y'), res, next);
    sinon.assert.notCalled(next);
    sinon.assert.calledWith(res.sendStatus, 401);
  });

  it('sets req.meta and req.authorized on successful auth', async function() {
    const next = sinon.stub();
    const meta = { owner: 'y' };
    storage.metadata.returns(Promise.resolve(meta));
    const req = request('e', 'y');
    const res = response();
    await ownerMiddleware(req, res, next);
    assert.equal(req.meta, meta);
    assert.equal(req.authorized, true);
    sinon.assert.notCalled(res.sendStatus);
    sinon.assert.calledOnce(next);
  });
});
refactored server 2018-02-06 23:31:18 +01:00			`const assert = require('assert');`
			`const sinon = require('sinon');`
			`const proxyquire = require('proxyquire').noCallThru();`

			`const storage = {`
			`metadata: sinon.stub()`
			`};`

			`function request(id, owner_token) {`
			`return {`
			`params: { id },`
			`body: { owner_token }`
			`};`
			`}`

			`function response() {`
			`return {`
			`sendStatus: sinon.stub()`
			`};`
			`}`

Implemented FxA 2018-08-08 00:40:17 +02:00			`const ownerMiddleware = proxyquire('../../server/middleware/auth', {`
refactored server 2018-02-06 23:31:18 +01:00			`'../storage': storage`
Implemented FxA 2018-08-08 00:40:17 +02:00			`}).owner;`
refactored server 2018-02-06 23:31:18 +01:00
			`describe('Owner Middleware', function() {`
			`afterEach(function() {`
			`storage.metadata.reset();`
			`});`

			`it('sends a 404 when the id is not found', async function() {`
			`const next = sinon.stub();`
			`storage.metadata.returns(Promise.resolve(null));`
			`const res = response();`
use crypto.timingSafeEqual in hmac and ownerToken authentication 2019-03-15 05:33:18 +01:00			`await ownerMiddleware(request('a', 'y'), res, next);`
refactored server 2018-02-06 23:31:18 +01:00			`sinon.assert.notCalled(next);`
			`sinon.assert.calledWith(res.sendStatus, 404);`
			`});`

			`it('sends a 401 when the owner_token is missing', async function() {`
			`const next = sinon.stub();`
			`const meta = { owner: 'y' };`
			`storage.metadata.returns(Promise.resolve(meta));`
			`const res = response();`
use crypto.timingSafeEqual in hmac and ownerToken authentication 2019-03-15 05:33:18 +01:00			`await ownerMiddleware(request('b', null), res, next);`
refactored server 2018-02-06 23:31:18 +01:00			`sinon.assert.notCalled(next);`
			`sinon.assert.calledWith(res.sendStatus, 401);`
			`});`

			`it('sends a 401 when the owner_token does not match', async function() {`
			`const next = sinon.stub();`
			`const meta = { owner: 'y' };`
			`storage.metadata.returns(Promise.resolve(meta));`
			`const res = response();`
use crypto.timingSafeEqual in hmac and ownerToken authentication 2019-03-15 05:33:18 +01:00			`await ownerMiddleware(request('c', 'z'), res, next);`
refactored server 2018-02-06 23:31:18 +01:00			`sinon.assert.notCalled(next);`
			`sinon.assert.calledWith(res.sendStatus, 401);`
			`});`

			`it('sends a 401 if the metadata call fails', async function() {`
			`const next = sinon.stub();`
			`storage.metadata.returns(Promise.reject(new Error()));`
			`const res = response();`
use crypto.timingSafeEqual in hmac and ownerToken authentication 2019-03-15 05:33:18 +01:00			`await ownerMiddleware(request('d', 'y'), res, next);`
refactored server 2018-02-06 23:31:18 +01:00			`sinon.assert.notCalled(next);`
			`sinon.assert.calledWith(res.sendStatus, 401);`
			`});`

			`it('sets req.meta and req.authorized on successful auth', async function() {`
			`const next = sinon.stub();`
			`const meta = { owner: 'y' };`
			`storage.metadata.returns(Promise.resolve(meta));`
use crypto.timingSafeEqual in hmac and ownerToken authentication 2019-03-15 05:33:18 +01:00			`const req = request('e', 'y');`
refactored server 2018-02-06 23:31:18 +01:00			`const res = response();`
			`await ownerMiddleware(req, res, next);`
			`assert.equal(req.meta, meta);`
			`assert.equal(req.authorized, true);`
			`sinon.assert.notCalled(res.sendStatus);`
			`sinon.assert.calledOnce(next);`
			`});`
			`});`