Skip to content

Commit

Permalink
unit tests add for coverage
Browse files Browse the repository at this point in the history 
Issue: ARSN-469
  • Loading branch information
@benzekrimaha
benzekrimaha committed Feb 19, 2025
1 parent 1cb06ed commit bf4fe75
Show file tree
Hide file tree
Showing 3 changed files with 248 additions and 1 deletion.
2 changes: 1 addition & 1 deletion lib/auth/auth.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -124,7 +124,7 @@ function doAuth(
requestContexts: any[] | null,
options: any = {},
) {
const res = extractParams(request, log, awsService, request.query);
const res = exports.server.extractParams(request, log, awsService, request.query);
if (res.err) {
return cb(res.err);
} else if (res.params instanceof AuthInfo) {
Expand Down
35 changes: 35 additions & 0 deletions tests/unit/auth/Vault.spec.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -225,5 +225,40 @@ describe('Vault class', () => {
done();
});
});

it('should handle authentication with additional options', done => {
const mockOptions = {
get: true,
};

const mockResponse = {
message: {
message: 'Success',
body: {
userInfo: mockUserInfo,
authorizationResults: [{
isAllowed: true,
isImplicit: false,
arn: mockUserInfo.arn,
action: 'testAction',
}],
},
},
};

mockClient.verifySignatureV4.callsFake(
(_stringToSign, _signature, _accessKey, _region, _scopeDate,
_options, callback) => {
assert.strictEqual(_options.get, true);
callback(null, mockResponse);
},
);

vault.authenticateV4Request(mockParams, [], (err, data) => {
assert.strictEqual(err, null);
assert(data instanceof AuthInfo);
done();
}, mockOptions);
});
});
});
212 changes: 212 additions & 0 deletions tests/unit/auth/auth.spec.js
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,212 @@
const Logger = require('werelogs').Logger;
const { server: authServer, setHandler, doAuth } = require('../../../lib/auth/auth');
const AuthInfo = require('../../../lib/auth/AuthInfo').default;
const Vault = require('../../../lib/auth/Vault').default;
const assert = require('assert');
const sinon = require('sinon');

describe.only('auth.doAuth', () => {
let request;
let log;
let cb;
let vault;
let mockClient;
let sandbox;

beforeEach(() => {
sandbox = sinon.createSandbox();
request = {
headers: {},
query: {},
_headers: {},
setHeader: function(name, value) {
this._headers[name] = value;
this.headers[name] = value;
}
};
log = new Logger('test:auth');
cb = sandbox.spy();
mockClient = {
verifySignatureV4: sandbox.stub(),
verifySignatureV2: sandbox.stub(),
};
vault = new Vault(mockClient, 'mockImpl');
setHandler(vault);
});

afterEach(() => {
sandbox.restore();
});

it('should return AccessDenied error for invalid authorization header', () => {
const request = {
headers: {
authorization: 'Invalid Auth Header'
},
query: {}
};
const log = { trace: sinon.spy() };

const cb = sinon.spy();
authServer.doAuth(request, log, cb, 'service', null);

sinon.assert.calledOnce(cb);
sinon.assert.calledWith(cb, sinon.match.instanceOf(Error));
const error = cb.firstCall.args[0];
assert.strictEqual(error.code, 403);
});

it('should return public user info for requests without auth info', () => {
authServer.doAuth(request, log, cb, 's3', null);

sinon.assert.calledWith(cb, null, sinon.match.instanceOf(AuthInfo));
});

it('should call authenticateV2Request for version 2 auth', () => {
const mockParams = {
version: 2,
data: {
accessKey: 'testKey',
signatureFromRequest: 'testSignature',
stringToSign: 'testStringToSign',
algo: 'sha1',
authType: 'header',
signatureVersion: '2',
securityToken: undefined
},
log
};

console.log(authServer);
// Create a stub for extractParams
const extractParamsStub = sandbox.stub(authServer, 'extractParams');
extractParamsStub.returns({ err: null, params: mockParams });

extractParamsStub.callsFake((request, log, awsService, data) => {
console.log('extractParams called with:', { request, log, awsService, data });
return { err: null, params: mockParams };
});

const authenticateV2RequestStub = sandbox.stub(vault, 'authenticateV2Request');
authenticateV2RequestStub.callsFake((params, requestContexts, callback) => {
console.log('authenticateV2Request called with params:', params);
callback(null, new AuthInfo({ canonicalID: 'testCanonicalID' }));
});

const requestContext = {
setAuthType: sandbox.stub(),
setSignatureVersion: sandbox.stub(),
setSecurityToken: sandbox.stub(),
setSignatureAge: sandbox.stub()
};

// Create a special callback that will help us debug
const debugCb = (err, data) => {
console.log('Authentication result:', { err, data });
cb(err, data);
};

authServer.doAuth(request, log, debugCb, 's3', [requestContext]);

sinon.assert.calledOnce(extractParamsStub);
sinon.assert.calledOnce(authenticateV2RequestStub);

sinon.assert.calledWith(
authenticateV2RequestStub,
sinon.match({
version: 2,
data: {
accessKey: 'testKey',
signatureFromRequest: 'testSignature',
stringToSign: 'testStringToSign',
algo: 'sha1',
authType: 'header',
signatureVersion: '2',
securityToken: undefined
},
log: sinon.match.object
}),
sinon.match.array,
sinon.match.func
);
});


it('should call authenticateV4Request for version 4 auth', () => {
const mockParams = {
version: 4,
data: {
authType: 'v4',
signatureVersion: '4',
securityToken: 'token',
signatureAge: 100
},
log
};

const extractParamsStub = sandbox.stub(authServer, 'extractParams');
extractParamsStub.returns({ err: null, params: mockParams });

const authenticateV4RequestStub = sandbox.stub(vault, 'authenticateV4Request');
authenticateV4RequestStub.callsFake((params, requestContexts, callback, options) => {
callback(null, new AuthInfo({ canonicalID: 'testCanonicalID' }));
});

const requestContext = {
setAuthType: sandbox.stub(),
setSignatureVersion: sandbox.stub(),
setSecurityToken: sandbox.stub(),
setSignatureAge: sandbox.stub()
};

authServer.doAuth(request, log, cb, 's3', [requestContext]);

sinon.assert.calledOnce(authenticateV4RequestStub);
sinon.assert.calledWith(cb, null, sinon.match.instanceOf(AuthInfo));
sinon.assert.calledWith(requestContext.setAuthType, 'v4');
sinon.assert.calledWith(requestContext.setSignatureVersion, '4');
sinon.assert.calledWith(requestContext.setSecurityToken, 'token');
sinon.assert.calledWith(requestContext.setSignatureAge, 100);
});

it('should handle options parameter in authenticateV4Request', () => {
const mockParams = {
version: 4,
data: {
authType: 'v4',
signatureVersion: '4'
},
log
};
const mockOptions = { get: true };

const extractParamsStub = sandbox.stub(authServer, 'extractParams');
extractParamsStub.returns({ err: null, params: mockParams });

const authenticateV4RequestStub = sandbox.stub(vault, 'authenticateV4Request');
authenticateV4RequestStub.callsFake((params, requestContexts, callback, options) => {
sinon.assert.match(options, mockOptions);
callback(null, new AuthInfo({ canonicalID: 'testCanonicalID' }));
});

authServer.doAuth(request, log, cb, 's3', [{
setAuthType: sandbox.stub(),
setSignatureVersion: sandbox.stub(),
setSecurityToken: sandbox.stub(),
setSignatureAge: sandbox.stub()
}], mockOptions);

sinon.assert.calledOnce(authenticateV4RequestStub);
sinon.assert.calledWith(cb, null, sinon.match.instanceOf(AuthInfo));
});

it('should return InternalError for unknown version', () => {
const mockParams = { version: 3, data: {}, log };
const extractParamsStub = sandbox.stub(authServer, 'extractParams');
extractParamsStub.returns({ err: null, params: mockParams });

authServer.doAuth(request, log, cb, 's3', null);

sinon.assert.calledWith(cb, sinon.match(err => err.code === 500));
});
});

0 comments on commit bf4fe75

Please sign in to comment.