Exemplo n.º 1
0
			it('should return a 400', function (done) {
				request(app)
					.post('/api/users')
					.set('3day-app', 'test')
					.send({username: 'ian', password: 'isGoodenough123!' })
					.expect(400, done);
			});
Exemplo n.º 2
0
  describe('Flag is set', function() {
    var app = koa();

    app.use(enforce({ trustProtoHeader: true }));

    app.use(function * (next) {
      this.response.status = 200;
      yield next;
    });

    var subject = agent(app);

    it('should accept request if flag set and activated', function (done) {
      subject
        .get('/ssl')
          .set('x-forwarded-proto', 'https')
        .expect(200, 'OK', done);
    });

    it('should redirect if activated but flag not set', function (done) {
      subject
        .get('/ssl')
        .expect(301)
        .expect('location', new RegExp('^https://[\\S]*/ssl$'), done);
    });

    it('should redirect if activated but wrong flag set', function (done) {
      subject
        .get('/ssl')
          .set('x-arr-ssl', 'https')
        .expect(301)
        .expect('location', new RegExp('^https://[\\S]*/ssl$'), done);
    });
  });
Exemplo n.º 3
0
			it('should return a 400', function (done) {
				request(app)
					.post('/api/users')
					.set('3day-app', 'test')
					.send({username: 'iandotkelly'})
					.expect(400, done);
			});
Exemplo n.º 4
0
			it('should return a 400', function (done) {
				request(app)
					.post('/api/users')
					.auth('updateuser', 'catsss')
					.set('3day-app', 'test')
					.expect(400, done);
			});
Exemplo n.º 5
0
			it('should return a 201', function (done) {
				request(app)
					.post('/api/users')
					.set('3day-app', 'test')
					.send({username: 'integrationtest', password: 'catsss'})
					.expect(201, done);
			});
Exemplo n.º 6
0
			it('should update the user', function (done) {
				request(app)
					.post('/api/users')
					.auth('updateuser', 'catsss')
					.set('3day-app', 'test')
					.send({username: 'updatedusername', password: 'freddy'})
					.end(function (err, res) {
						should.not.exist(err);
						res.body.should.be.an.Object();
						should.exist(res.body.message);
						res.body.message.should.be.equal('Updated');
						User.findOne({username: 'updateuser'}, function (err, user) {
							// we expect to not find this user
							should.not.exist(err);
							should.not.exist(user);
							// but we should find the new user - and validate its password
							User.findOne({username: 'updatedusername'}, function (err, user) {
								user.username.should.equal('updatedusername');
								user.validatePassword('freddy')
									.then(isMatch => {
										isMatch.should.be.true();
										done();
									})
									.catch(err => done(err));
							});
						});
					});
			});
Exemplo n.º 7
0
describe('HTTPS not enforced', function () {

  var app = koa();

  app.use(function * (next) {
    this.response.status = 200;
    yield next;
  });

  var subject =  agent(app);

  it('should accept non-ssl requests', function (done) {
    subject
      .get('/non-ssl')
      .expect(200, 'OK', done);
  });

  it('should accept non-ssl HEAD requests', function (done) {
    subject
      .head('/non-ssl')
      .expect(200, done);
  });

  it('should accept non-ssl POST requests', function (done) {
    subject
      .post('/non-ssl')
      .expect(200, 'OK', done);
  });
});
Exemplo n.º 8
0
			it('should return a 400', function (done) {
				request(app)
					.post('/api/users')
					.set('3day-app', 'test')
					.send({password: 'catsss'})
					.expect(400, done);
			});
Exemplo n.º 9
0
describe('HTTPS enforced', function() {

  var app = koa();

  app.use(enforce());

  app.use(function * (next) {
    this.response.status = 200;

    yield next;
  });

  var subject = agent (app);

  it('should redirect non-SSL GET requests to HTTPS', function (done) {
    subject
      .get('/ssl')
      .expect(301)
      .expect('location', new RegExp('^https://[\\S]*/ssl$'), done);
  });

  it('should redirect non-SSL HEAD requests to HTTPS', function (done) {
    subject
      .head('/ssl')
      .expect(301)
      .expect('location', new RegExp('^https://[\\S]*/ssl$'), done);
  });

  it('should send error for non-SSL POST requests', function (done) {
    subject
      .post('/non-ssl-post')
      .expect(403, done);
  });
});
Exemplo n.º 10
0
			it('should return a 401', function (done) {
				request(app)
					.post('/api/users')
					.auth('updateuser', 'catzss')
					.set('3day-app', 'test')
					.send({username: 'updatedusername', password: 'fred'})
					.expect(401, done);
			});
Exemplo n.º 11
0
  it('should be temporary redirected', function (done) {
    var app = koa();
    app.use(enforce({ temporary: true }));

    agent(app)
      .get('/ssl')
      .expect(302, done);
  });
Exemplo n.º 12
0
 it('should inject owner into request body', function(done) {
  request(app)
   .get('/api/users?id=tonton')
   .expect(200)
   .end(function(err, res) {
    expect(res.body).to.contain({});
    done();
   });
 });
Exemplo n.º 13
0
  it('should redirect to specified host', function (done) {
    var app = koa();
    app.use(enforce({ hostname: 'github.com' }));

    agent(app)
      .get('/ssl')
      .expect(301)
      .expect('location', new RegExp('^https://github.com[\\S]*/ssl$'), done);
  });
Exemplo n.º 14
0
 it('should be fail', function(done) {
  request(app)
   .post('/api/users?id=jackong')
   .send({
    balance: '$1'
   })
   .expect(403)
   .end(done);
 });
Exemplo n.º 15
0
 it('updates Ernie\'s name', done=>{
   agent(app)
   .put(`/api/dogs/${ernie._id}`)
   .send({name: 'Ernie the dog'})
   .expect((res)=>{
     assert.equal(res.body.name, 'Ernie the dog');
   })
   .end(done);
 });
Exemplo n.º 16
0
 it('returns all dogs', done=>{
   agent(app)
     .get('/api/dogs')
     .expect((res)=>{
       assert.equal(res.body.length, 2);
       assert.deepEqual(res.body, [ernie, buster]);
     })
     .end(done);
 });
Exemplo n.º 17
0
  it('shold redirect to same host by default', function (done) {
    var app = koa();
    app.use(enforce());

    agent(app)
      .get('/ssl')
      .expect(301)
      .expect('location', new RegExp('^https://127.0.0.1[\\S]*/ssl$'), done);
  });
Exemplo n.º 18
0
  it('should redirect to specified port', function (done) {
    var app = koa();
    app.use(enforce({ port: 3001 }));

    agent(app)
      .get('/ssl')
      .expect(301)
      .expect('location', new RegExp('^https://[\\S]*\:3001/ssl$'), done);
  });
Exemplo n.º 19
0
  it('should not skip port', function (done) {
    var app = koa();
    app.use(enforce({ skipDefaultPort: false }));

    agent(app)
      .get('/ssl')
      .expect(301)
      .expect('location', new RegExp('^https:[\\S]*:443/ssl$'), done);
  });
Exemplo n.º 20
0
  it('should ignore url', function (done) {
    var app = koa();
    app.use(enforce({ ignoreUrl: true }));

    agent(app)
      .get('/ssl')
      .expect(301)
      .expect('location', new RegExp('^https:[\\S]*$'), done);
  });
Exemplo n.º 21
0
 it('should inject owner into request body', function(done) {
  request(app)
   .get('/api/users?id=jackong')
   .expect(200)
   .end(function(err, res) {
    expect(res.body).to.deep.equal({
     owner: 'jackong'
    });
    done();
   });
 });
Exemplo n.º 22
0
 it('creates a dog', done=>{
   agent(app)
     .post('/api/dogs')
     .send(ernie)
     .expect(200)
     .end((err, res)=>{
       const id = res.body._id;
       ernie.__v = 0;
       ernie._id = id;
       done();
     });
 });
Exemplo n.º 23
0
			it('should return the expected error body', function (done) {
				request(app)
					.post('/api/users')
					.set('3day-app', 'test')
					.end(function (err, res) {
						should.not.exist(err);
						res.body.should.be.an.Object();
						should.exist(res.body.message);
						res.body.message.should.be.equal('Bad request');
						done();
					});
			});
Exemplo n.º 24
0
 it('creates a second dog', done=>{
   agent(app)
     .post('/api/dogs')
     .send(buster)
     .expect(200)
     .end((err, res)=>{
       const id = res.body._id;
       buster.__v = 0;
       buster._id = id;
       done();
     });
 });
Exemplo n.º 25
0
			it('should not return a response with WWW-Authenticate header', function (done) {
				request(app)
					.post('/api/users')
					.auth('updateuser', 'catzss')
					.set('3day-app', 'test')
					.send({username: 'updatedusername', password: 'fred'})
					.end(function (err, res) {
						should.not.exist(err);
						var header = res.headers['www-authenticate'];
						should(header).be.undefined;
						done();
					});
			});
Exemplo n.º 26
0
			it('should return contain the expected error body', function (done) {
				request(app)
					.post('/api/users')
					.set('3day-app', 'test')
					.send({username: 'iandotkelly', password: '   ' })
					.end(function (err, res) {
						should.not.exist(err);
						res.body.should.be.an.Object();
						should.exist(res.body.message);
						res.body.message.should.be.equal('Password does not meet minimum standards');
						res.body.reason.should.be.equal(15002);
						done();
					});
			});
Exemplo n.º 27
0
			it('should return contain the expected error body', function (done) {
				request(app)
					.post('/api/users')
					.set('3day-app', 'test')
					.send({username: 'preexisting', password: 'catsss'})
					.end(function (err, res) {
						should.not.exist(err);
						res.body.should.be.an.Object();
						should.exist(res.body.message);
						res.body.message.should.be.equal('Username not unique');
						res.body.reason.should.be.equal(15000);
						done();
					});
			});
Exemplo n.º 28
0
			it('should return containing the expected error body', function (done) {
				request(app)
					.post('/api/users')
					.auth('updateuser', 'catsss')
					.set('3day-app', 'test')
					.end(function (err, res) {
						should.not.exist(err);
						res.body.should.be.an.Object();
						should.exist(res.body.message);
						res.body.message.should.be.equal('Bad request');
						res.body.reason.should.be.equal(10000);
						done();
					});
			});
Exemplo n.º 29
0
			it('should return a 400 error', function (done) {
				request(app)
					.post('/api/users')
					.auth('updatedusername', 'freddy')
					.set('3day-app', 'test')
					.send({username: 'duplicateuser', password: 'freddy'})
					.end(function (err, res) {
						should.not.exist(err);
						res.body.should.be.an.Object();
						should.exist(res.body.reason);
						res.body.reason.should.be.equal(15000);
						res.body.message.should.be.equal('Username not unique');
						done();
					});
			});
Exemplo n.º 30
0
		it('should have the report count of 1', function (done) {

			request(app)
				.get('/api/users')
				.set('3day-app', 'test')
				.auth('iankelly', 'greatpassword')
				.end(function (err, res) {
					should.not.exist(err);
					res.body.should.be.an.Object();
					should.exist(res.body.id);
					res.body.id.should.be.equal(user._id.toString());
					res.body.username.should.be.equal('iankelly');
					res.body.reportCount.should.be.equal(1);
					done();
				});
		});