diff --git a/package.json b/package.json index 6ce8497..730cc15 100644 --- a/package.json +++ b/package.json @@ -9,7 +9,7 @@ "lint": "eslint", "lint:fix": "eslint --fix", "test": "npm run test:unit", - "test:unit": "tap", + "test:unit": "c8 --100 node --test", "test:typescript": "tsd" }, "repository": { @@ -40,12 +40,12 @@ "@fastify/secure-session": "^8.0.0", "@fastify/session": "^11.0.0", "@types/node": "^22.0.0", + "c8": "^10.1.3", "eslint": "^9.17.0", "fastify": "^5.0.0", "neostandard": "^0.12.0", "proxyquire": "^2.1.3", "sinon": "^19.0.2", - "tap": "^18.7.2", "tsd": "^0.31.0" }, "pre-commit": [ diff --git a/test/basic.test.js b/test/basic.test.js index e00f32a..cb122d8 100644 --- a/test/basic.test.js +++ b/test/basic.test.js @@ -1,6 +1,6 @@ 'use strict' -const { test } = require('tap') +const { test } = require('node:test') const Fastify = require('fastify') const fastifyCookie = require('@fastify/cookie') const fastifySession = require('@fastify/session') @@ -13,7 +13,7 @@ const sodium = require('sodium-native') const key = Buffer.alloc(sodium.crypto_secretbox_KEYBYTES) sodium.randombytes_buf(key) -test('Cookies', t => { +test('Cookies', async t => { async function load () { const fastify = Fastify() await fastify.register(fastifyCookie) @@ -21,14 +21,14 @@ test('Cookies', t => { fastify.decorate('testType', 'fastify-cookie') return fastify } - runTest(t, load, { property: '_csrf', place: 'body' }, 'preValidation') - runTest(t, load, { property: 'csrf-token', place: 'headers' }) - runTest(t, load, { property: 'xsrf-token', place: 'headers' }) - runTest(t, load, { property: 'x-csrf-token', place: 'headers' }) - runTest(t, load, { property: 'x-xsrf-token', place: 'headers' }) - runCookieOpts(t, load) - - t.test('Default cookie options', async t => { + await runtTest(t, load, { property: '_csrf', place: 'body' }, 'preValidation') + await runtTest(t, load, { property: 'csrf-token', place: 'headers' }) + await runtTest(t, load, { property: 'xsrf-token', place: 'headers' }) + await runtTest(t, load, { property: 'x-csrf-token', place: 'headers' }) + await runtTest(t, load, { property: 'x-xsrf-token', place: 'headers' }) + await runCookieOpts(t, load) + + await t.test('Default cookie options', async t => { const fastify = await load() fastify.get('/', async (req, reply) => { @@ -42,13 +42,11 @@ test('Cookies', t => { }) const cookie = response.cookies[0] - t.match(cookie, { path: '/', sameSite: 'Strict', httpOnly: true }) + t.assert.deepStrictEqual({ path: cookie.path, sameSite: cookie.sameSite, httpOnly: cookie.httpOnly }, { path: '/', sameSite: 'Strict', httpOnly: true }) }) - - t.end() }) -test('Cookies signed', t => { +test('Cookies signed', async t => { async function load () { const fastify = Fastify() await fastify.register(fastifyCookie, { secret: 'supersecret' }) @@ -56,16 +54,15 @@ test('Cookies signed', t => { fastify.decorate('testType', 'fastify-cookie') return fastify } - runTest(t, load, { property: '_csrf', place: 'body' }, 'preValidation') - runTest(t, load, { property: 'csrf-token', place: 'headers' }) - runTest(t, load, { property: 'xsrf-token', place: 'headers' }) - runTest(t, load, { property: 'x-csrf-token', place: 'headers' }) - runTest(t, load, { property: 'x-xsrf-token', place: 'headers' }) - runCookieOpts(t, load) - t.end() + await runtTest(t, load, { property: '_csrf', place: 'body' }, 'preValidation') + await runtTest(t, load, { property: 'csrf-token', place: 'headers' }) + await runtTest(t, load, { property: 'xsrf-token', place: 'headers' }) + await runtTest(t, load, { property: 'x-csrf-token', place: 'headers' }) + await runtTest(t, load, { property: 'x-xsrf-token', place: 'headers' }) + await runCookieOpts(t, load) }) -test('Fastify Session', t => { +test('Fastify Session', async t => { async function load () { const fastify = Fastify() await fastify.register(fastifyCookie) @@ -77,15 +74,14 @@ test('Fastify Session', t => { fastify.decorate('testType', 'fastify-session') return fastify } - runTest(t, load, { property: '_csrf', place: 'body' }, 'preValidation') - runTest(t, load, { property: 'csrf-token', place: 'headers' }, 'preValidation') - runTest(t, load, { property: 'xsrf-token', place: 'headers' }, 'preValidation') - runTest(t, load, { property: 'x-csrf-token', place: 'headers' }, 'preValidation') - runTest(t, load, { property: 'x-xsrf-token', place: 'headers' }, 'preValidation') - t.end() + await runtTest(t, load, { property: '_csrf', place: 'body' }, 'preValidation') + await runtTest(t, load, { property: 'csrf-token', place: 'headers' }, 'preValidation') + await runtTest(t, load, { property: 'xsrf-token', place: 'headers' }, 'preValidation') + await runtTest(t, load, { property: 'x-csrf-token', place: 'headers' }, 'preValidation') + await runtTest(t, load, { property: 'x-xsrf-token', place: 'headers' }, 'preValidation') }) -test('Fastify Secure Session', t => { +test('Fastify Secure Session', async t => { async function load () { const fastify = Fastify() await fastify.register(fastifySecureSession, { key, cookie: { path: '/', secure: false } }) @@ -93,67 +89,74 @@ test('Fastify Secure Session', t => { fastify.decorate('testType', 'fastify-secure-session') return fastify } - runTest(t, load, { property: '_csrf', place: 'body' }, 'preValidation') - runTest(t, load, { property: 'csrf-token', place: 'headers' }) - runTest(t, load, { property: 'xsrf-token', place: 'headers' }) - runTest(t, load, { property: 'x-csrf-token', place: 'headers' }) - runTest(t, load, { property: 'x-xsrf-token', place: 'headers' }) - runCookieOpts(t, load) - t.end() + await runtTest(t, load, { property: '_csrf', place: 'body' }, 'preValidation') + await runtTest(t, load, { property: 'csrf-token', place: 'headers' }) + await runtTest(t, load, { property: 'xsrf-token', place: 'headers' }) + await runtTest(t, load, { property: 'x-csrf-token', place: 'headers' }) + await runtTest(t, load, { property: 'x-xsrf-token', place: 'headers' }) + await runCookieOpts(t, load) }) -test('Validation', t => { - t.test('cookieKey', t => { +test('Validation', async t => { + await t.test('cookieKey', async t => { t.plan(1) - const fastify = Fastify() - fastify.register(fastifyCookie) - fastify.register(fastifyCsrf, { cookieKey: 42 }) - fastify.ready(err => { - t.equal(err.message, 'cookieKey should be a string') - }) + try { + const fastify = Fastify() + await fastify.register(fastifyCookie) + await fastify.register(fastifyCsrf, { cookieKey: 42 }) + await fastify.ready() + } catch (err) { + t.assert.strictEqual(err.message, 'cookieKey should be a string') + } }) - t.test('sessionKey', t => { + await t.test('sessionKey', async t => { t.plan(1) const fastify = Fastify() - fastify.register(fastifyCookie) - fastify.register(fastifyCsrf, { sessionKey: 42 }) - fastify.ready(err => { - t.equal(err.message, 'sessionKey should be a string') - }) + try { + await fastify.register(fastifyCookie) + await fastify.register(fastifyCsrf, { sessionKey: 42 }) + await fastify.ready() + } catch (err) { + t.assert.strictEqual(err.message, 'sessionKey should be a string') + } }) - t.test('getToken', t => { + await t.test('getToken', async t => { t.plan(1) - const fastify = Fastify() - fastify.register(fastifyCookie) - fastify.register(fastifyCsrf, { getToken: 42 }) - fastify.ready(err => { - t.equal(err.message, 'getToken should be a function') - }) + try { + const fastify = Fastify() + await fastify.register(fastifyCookie) + await fastify.register(fastifyCsrf, { getToken: 42 }) + await fastify.ready() + } catch (err) { + t.assert.strictEqual(err.message, 'getToken should be a function') + } }) - t.test('cookieOpts', t => { + await t.test('cookieOpts', async t => { t.plan(1) - const fastify = Fastify() - fastify.register(fastifyCookie) - fastify.register(fastifyCsrf, { cookieOpts: 42 }) - fastify.ready(err => { - t.equal(err.message, 'cookieOpts should be a object') - }) + try { + const fastify = Fastify() + await fastify.register(fastifyCookie) + await fastify.register(fastifyCsrf, { cookieOpts: 42 }) + await fastify.ready() + } catch (err) { + t.assert.strictEqual(err.message, 'cookieOpts should be a object') + } }) - t.test('sessionPlugin', t => { + await t.test('sessionPlugin', async t => { t.plan(1) - const fastify = Fastify() - fastify.register(fastifyCookie) - fastify.register(fastifyCsrf, { sessionPlugin: 42 }) - fastify.ready(err => { - t.equal(err.message, "sessionPlugin should be one of the following: '@fastify/cookie', '@fastify/session', '@fastify/secure-session'") - }) + try { + const fastify = Fastify() + await fastify.register(fastifyCookie) + await fastify.register(fastifyCsrf, { sessionPlugin: 42 }) + await fastify.ready() + } catch (err) { + t.assert.strictEqual(err.message, "sessionPlugin should be one of the following: '@fastify/cookie', '@fastify/session', '@fastify/secure-session'") + } }) - - t.end() }) test('csrf options', async () => { @@ -174,8 +177,8 @@ test('csrf options', async () => { sinon.assert.calledWith(csrf, csrfOpts) }) -function runTest (t, load, tkn, hook = 'onRequest') { - t.test(`Token in ${tkn.place}`, async t => { +async function runtTest (t, load, tkn, hook = 'onRequest') { + await t.test(`Token in ${tkn.place}`, async t => { const fastify = await load() fastify.get('/', async (req, reply) => { @@ -192,7 +195,7 @@ function runTest (t, load, tkn, hook = 'onRequest') { path: '/' }) - t.equal(response.statusCode, 200) + t.assert.strictEqual(response.statusCode, 200) const cookie = response.cookies[0] const tokenFirst = response.json().token @@ -204,18 +207,18 @@ function runTest (t, load, tkn, hook = 'onRequest') { } }) - t.equal(response.statusCode, 200) + t.assert.strictEqual(response.statusCode, 200) const cookieSecond = response.cookies[0] const token = response.json().token if (fastify.testType === 'fastify-session') { - t.same(cookie, cookieSecond) + t.assert.deepStrictEqual(cookie, cookieSecond) } else if (fastify.testType === 'fastify-secure-session') { - t.not(cookie, cookieSecond) + t.assert.notStrictEqual(cookie, cookieSecond) } else { - t.equal(cookieSecond, undefined) + t.assert.strictEqual(cookieSecond, undefined) } - t.not(tokenFirst, token) + t.assert.notStrictEqual(tokenFirst, token) if (tkn.place === 'body') { response = await fastify.inject({ @@ -243,8 +246,8 @@ function runTest (t, load, tkn, hook = 'onRequest') { }) } - t.equal(response.statusCode, 200) - t.match(response.json(), { hello: 'world' }) + t.assert.strictEqual(response.statusCode, 200) + t.assert.strictEqual(response.json().hello, 'world') response = await fastify.inject({ method: 'POST', @@ -252,8 +255,8 @@ function runTest (t, load, tkn, hook = 'onRequest') { payload: { hello: 'world' } }) - t.equal(response.statusCode, 403) - t.match(response.json(), { message: 'Missing csrf secret' }) + t.assert.strictEqual(response.statusCode, 403) + t.assert.strictEqual(response.json().message, 'Missing csrf secret') response = await fastify.inject({ method: 'POST', @@ -264,13 +267,13 @@ function runTest (t, load, tkn, hook = 'onRequest') { } }) - t.equal(response.statusCode, 403) - t.match(response.json(), { message: 'Invalid csrf token' }) + t.assert.strictEqual(response.statusCode, 403) + t.assert.strictEqual(response.json().message, 'Invalid csrf token') }) } -function runCookieOpts (t, load) { - t.test('Custom cookie options', async t => { +async function runCookieOpts (t, load) { + await t.test('Custom cookie options', async t => { const fastify = await load() fastify.get('/', async (req, reply) => { @@ -284,6 +287,6 @@ function runCookieOpts (t, load) { }) const cookie = response.cookies[0] - t.match(cookie, { path: '/hello' }) + t.assert.strictEqual(cookie.path, '/hello') }) } diff --git a/test/user-info.test.js b/test/user-info.test.js index 9178ce7..3d4fcef 100644 --- a/test/user-info.test.js +++ b/test/user-info.test.js @@ -1,6 +1,6 @@ 'use strict' -const { test } = require('tap') +const { test } = require('node:test') const Fastify = require('fastify') const fastifyCookie = require('@fastify/cookie') const fastifySession = require('@fastify/session') @@ -45,7 +45,7 @@ test('Cookies with User-Info', async t => { } }) - t.equal(response1.statusCode, 200) + t.assert.strictEqual(response1.statusCode, 200) const cookie1 = response1.cookies[0] const { token } = response1.json() @@ -62,7 +62,7 @@ test('Cookies with User-Info', async t => { } }) - t.equal(response2.statusCode, 200) + t.assert.strictEqual(response2.statusCode, 200) }) test('Session with User-Info', async t => { @@ -101,7 +101,7 @@ test('Session with User-Info', async t => { } }) - t.equal(response1.statusCode, 200) + t.assert.strictEqual(response1.statusCode, 200) const cookie1 = response1.cookies[0] const { token } = response1.json() @@ -118,7 +118,7 @@ test('Session with User-Info', async t => { } }) - t.equal(response2.statusCode, 200) + t.assert.strictEqual(response2.statusCode, 200) }) test('SecureSession with User-Info', async t => { @@ -153,7 +153,7 @@ test('SecureSession with User-Info', async t => { } }) - t.equal(response1.statusCode, 200) + t.assert.strictEqual(response1.statusCode, 200) const cookie1 = response1.cookies[0] const { token } = response1.json() @@ -170,14 +170,14 @@ test('SecureSession with User-Info', async t => { } }) - t.equal(response2.statusCode, 200) + t.assert.strictEqual(response2.statusCode, 200) }) test('Validate presence of hmac key with User-Info /1', async (t) => { const fastify = Fastify() await fastify.register(fastifyCookie) - await t.rejects(new Promise((resolve, reject) => { + await t.assert.rejects(new Promise((resolve, reject) => { fastify.register(fastifyCsrf, { getUserInfo (req) { return req.session.get('username') @@ -187,14 +187,20 @@ test('Validate presence of hmac key with User-Info /1', async (t) => { }).catch(err => { reject(err) }) - }), Error('csrfOpts.hmacKey is required')) + }), + (err) => { + t.assert.strictEqual(err.name, 'AssertionError') + t.assert.strictEqual(err.message, 'csrfOpts.hmacKey is required') + return true + } + ) }) test('Validate presence of hmac key with User-Info /2', async (t) => { const fastify = Fastify() await fastify.register(fastifyCookie) - await t.rejects(new Promise((resolve, reject) => { + await t.assert.rejects(new Promise((resolve, reject) => { fastify.register(fastifyCsrf, { getUserInfo (req) { return req.session.get('username') @@ -205,14 +211,21 @@ test('Validate presence of hmac key with User-Info /2', async (t) => { }).catch(err => { reject(err) }) - }), Error('csrfOpts.hmacKey is required')) + }), + (err) => { + t.assert.strictEqual(err.name, 'AssertionError') + t.assert.strictEqual(err.message, 'csrfOpts.hmacKey is required') + return true + } + + ) }) test('Validate presence of hmac key with User-Info /3', async (t) => { const fastify = Fastify() await fastify.register(fastifyCookie) - await t.rejects(new Promise((resolve, reject) => { + await t.assert.rejects(new Promise((resolve, reject) => { fastify.register(fastifyCsrf, { getUserInfo (req) { return req.session.get('username') @@ -225,14 +238,20 @@ test('Validate presence of hmac key with User-Info /3', async (t) => { }).catch(err => { reject(err) }) - }), Error('csrfOpts.hmacKey is required')) + }), + (err) => { + t.assert.strictEqual(err.name, 'AssertionError') + t.assert.strictEqual(err.message, 'csrfOpts.hmacKey is required') + return true + } + ) }) test('Validate presence of hmac key with User-Info /4', async (t) => { const fastify = Fastify() await fastify.register(fastifyCookie) - await t.rejects(new Promise((resolve, reject) => { + await t.assert.rejects(new Promise((resolve, reject) => { fastify.register(fastifyCsrf, { getUserInfo (req) { return req.session.get('username') @@ -246,14 +265,20 @@ test('Validate presence of hmac key with User-Info /4', async (t) => { }).catch(err => { reject(err) }) - }), Error('csrfOpts.hmacKey is required')) + }), + (err) => { + t.assert.strictEqual(err.name, 'AssertionError') + t.assert.strictEqual(err.message, 'csrfOpts.hmacKey is required') + return true + } + ) }) test('Validate presence of hmac key with User-Info /5', async (t) => { const fastify = Fastify() await fastify.register(fastifySecureSession, { key, cookie: { path: '/', secure: false } }) - await t.resolves(new Promise((resolve, reject) => { + await t.assert.doesNotReject(new Promise((resolve, reject) => { fastify.register(fastifyCsrf, { getUserInfo (req) { return req.session.get('username') @@ -271,7 +296,7 @@ test('Validate presence of hmac key with User-Info /6', async (t) => { const fastify = Fastify() await fastify.register(fastifySecureSession, { key, cookie: { path: '/', secure: false } }) - await t.resolves(new Promise((resolve, reject) => { + await t.assert.doesNotReject(new Promise((resolve, reject) => { fastify.register(fastifyCsrf, { getUserInfo (req) { return req.session.get('username')