it('should give 200 when authorized by credentials', function (done) {
var isOk = 'body ok'
app.get('/auth/orized', function (req, res) {
assert.ok(req.user)
assert.ok(req.user.roles)
res.end(isOk)
})
var session = new Session(app)
async.waterfall([
bind(session.post('/auth/token').send({
client_id: '0',
grant_type: 'password',
username: userId2,
password: userId2
}).set('content-type', 'application/x-www-form-urlencoded')
.set('Accept', 'application/json').expect(200), 'end'),
function (res, cb) {
assert.ok(res.body.access_token)
cb(null, res.body)
}
],
function (err, token) {
assert.ifError(err)
session.get('/auth/orized').set('authorization',
'Bearer ' + token.access_token).expect(200,
function (err, res) {
assert.ifError(err)
assert.equal(res.text, isOk)
done()
})
})
})
it('should give 403 when forbidden', function (done) {
var session = new Session(app)
async.waterfall([
bind(session.post('/auth/token').send({
client_id: '0',
grant_type: 'password',
username: userId,
password: userId
}).set('content-type', 'application/x-www-form-urlencoded')
.set('Accept', 'application/json').expect(200), 'end'),
function (res, cb) {
assert.ok(res.body.access_token)
cb(null, res.body)
}
],
function (err, token) {
assert.ifError(err)
session.get('/auth/orized').set('authorization',
'Bearer ' + token.access_token).expect(403,
function (err, res) {
assert.ifError(err)
done()
})
})
})
function (token, cb) {
assert.ok(token.refresh_token)
session.post('/auth/token').send({
client_id: '0',
grant_type: 'refresh_token',
refresh_token: token.refresh_token
}).set('content-type', 'application/x-www-form-urlencoded')
.set('Accept', 'application/json').expect(200).end(cb)
},
it('should give 401 with bad credentials while authenticating', function (done) {
var session = new Session(app)
session.post('/auth/token').send({
client_id: '0',
grant_type: 'password',
username: userId,
password: '******'
}).set('content-type', 'application/x-www-form-urlencoded')
.set('Accept', 'application/json').expect(401).end(done)
})
function (done) {
var session = new Session(app)
var rootToken = null
async.waterfall([
bind(session.post('/auth/token').send({
client_id: '0',
grant_type: 'password',
username: userId,
password: userId
}).set('content-type', 'application/x-www-form-urlencoded')
.set('Accept', 'application/json').expect(200), 'end'),
function (res, cb) {
assert.ok(res.body.access_token)
rootToken = res.body.access_token
cb(null, res.body)
},
function (token, cb) {
session.get('/auth/test').set('authorization',
'Bearer ' + token.access_token).expect(200,
function (err, res) {
assert.ifError(err)
cb(null, token)
})
},
function (token, cb) {
assert.ok(token.refresh_token)
session.post('/auth/token').send({
client_id: '0',
grant_type: 'refresh_token',
refresh_token: token.refresh_token
}).set('content-type', 'application/x-www-form-urlencoded')
.set('Accept', 'application/json').expect(200).end(cb)
},
function (res, cb) {
assert.ok(res.body.access_token)
cb(null, res.body)
},
function (token, cb) {
session.get('/auth/test').set('authorization',
'Bearer ' + token.access_token).expect(200,
function (err, res) {
cb(err, token)
})
},
function (token, cb) {
assert.ok(token.access_token)
var tokenId = token.access_token
mongoose.model('AccessToken').findOne({
_id: tokenId
}, cb)
},
function (lastToken, cb) {
assert.ok(lastToken)
assert.equal(lastToken.root, rootToken)
async.parallel([ function (cb) {
mongoose.model('AccessToken').find({
root: lastToken.root
}, function (err, tokens) {
assert.ifError(err)
assert.equal(tokens.length, 1)
cb()
})
}, function (cb) {
mongoose.model('RefreshToken').find({
root: lastToken.root
}, function (err, tokens) {
assert.ifError(err)
assert.equal(tokens.length, 1)
cb()
})
} ], cb)
}
], done)
})