require 'spec_helper' require 'rack' require 'rack/test' describe SoarAuthenticationToken::RackMiddleware do include Rack::Test::Methods def create_valid_token_generator keypair_generator = SoarAuthenticationToken::KeypairGenerator.new private_key, public_key = keypair_generator.generate configuration = { 'mode' => 'remote', 'generator-url' => 'http://authentication-token-generator-service:9393/generate', 'generator-client-auth-token' => 'test_ecosystem_token_for_auth_token_aaapi_authenticator_service' } generator = SoarAuthenticationToken::TokenGenerator.new(configuration) generator.inject_store_provider(get_store) [ generator, private_key, public_key ] end def create_invalid_token_generator keypair_generator = SoarAuthenticationToken::KeypairGenerator.new private_key, public_key = keypair_generator.generate configuration = { 'mode' => 'local', 'private_key' => private_key, 'public_key' => public_key } generator = SoarAuthenticationToken::TokenGenerator.new(configuration) generator.inject_store_provider(get_store) [ generator, private_key, public_key ] end def get_store AuthTokenStoreProvider::Client.new({ 'service_url' => 'http://authentication-token-store:9393/'}) end before :all do @local_valid_generator, @valid_private_key, @valid_public_key = create_valid_token_generator @local_invalid_generator, @imvalid_private_key, @invalid_public_key = create_invalid_token_generator end before :each do @test_app = lambda do |env| request = Rack::Request.new env session = request.session test_app_response_data = { 'message' => "tested with authenticated user #{session['user']}", 'user' => session['user'], 'auth_token_meta' => session['auth_token_meta'] } [200, {"Content-Type"=>"text/html"}, test_app_response_data ] end @iut_configuration = { 'mode' => 'remote', 'generator-url' => 'http://authentication-token-generator-service:9393/generate', 'validator-url' => 'http://authentication-token-validator-service:9393/validate' } @iut = SoarAuthenticationToken::RackMiddleware.new(@test_app, @iut_configuration) end it 'has a version number' do expect(SoarAuthenticationToken::VERSION).not_to be nil end context "when initialized" do it 'remembers the app provided' do expect(@iut.instance_variable_get("@app")).to eq(@test_app) end it 'remembers the configuration provided' do expect(@iut.instance_variable_get("@configuration")).to eq(@iut_configuration) end end context "when called with a request environment" do context 'with no authentication token' do it "return with 401" do opts = { } code, env, body = @iut.call Rack::MockRequest.env_for('http://service', opts) expect([code, env, body]).to eq([401, {"Content-Type" => "text/html"}, ["401 - Not authenticated"]]) end end context 'with an invalid authentication token' do it "return with 401" do opts = { 'HTTP_AUTHORIZATION' => @local_invalid_generator.generate(authenticated_identifier: 'a@b.com') } code, env, body = @iut.call Rack::MockRequest.env_for('http://service', opts) expect([code, env, body]).to eq([401, {"Content-Type" => "text/html"}, ["401 - Not authenticated"]]) end end context 'with a valid authentiation token' do it "pass requests to the application" do opts = { 'HTTP_AUTHORIZATION' => @local_valid_generator.generate(authenticated_identifier: 'a@b.com') } code, env, body = @iut.call Rack::MockRequest.env_for('http://service', opts) expect([code, env, body['message']]).to eq([200, {"Content-Type"=>"text/html"}, "tested with authenticated user a@b.com" ]) end it "populate the 'user' key in the rack session with the authenticated user" do opts = { 'HTTP_AUTHORIZATION' => @local_valid_generator.generate(authenticated_identifier: 'a@b.com') } code, env, body = @iut.call Rack::MockRequest.env_for('http://service', opts) expect(body['user']).to eq('a@b.com') end it "populate the 'auth_token_meta' key in the rack session with the hash containing the token meta" do opts = { 'HTTP_AUTHORIZATION' => @local_valid_generator.generate(authenticated_identifier: 'a@b.com') } code, env, body = @iut.call Rack::MockRequest.env_for('http://service', opts) expect(body['auth_token_meta']['authenticated_identifier']).to eq('a@b.com') end end end end