feat(rest-express): create mfa endpoints (#1047)

Author: pradel

packages/rest-express/__tests__/endpoints/mfa/associate.ts

@@ -0,0 +1,140 @@
+import { associate, associateByMfaToken } from '../../../src/endpoints/mfa/associate';
+
+const res: any = {
+  json: jest.fn(),
+  status: jest.fn(() => res),
+};
+
+const mfaService = {
+  associate: jest.fn(() => ({ mfaService: 'mfaServiceTest' })),
+  associateByMfaToken: jest.fn(() => ({ mfaService: 'mfaServiceTest' })),
+};
+
+describe('associate', () => {
+  beforeEach(() => {
+    jest.clearAllMocks();
+  });
+
+  it('should return an error if user is not logged in', async () => {
+    const middleware = associate({} as any);
+    await middleware({} as any, res);
+    expect(res.status).toBeCalledWith(401);
+    expect(res.json).toBeCalledWith({ message: 'Unauthorized' });
+  });
+
+  it('should call mfa associate method', async () => {
+    const req = {
+      userId: 'userIdTest',
+      body: {
+        type: 'typeBody',
+        params: 'paramsBody',
+      },
+      infos: {
+        ip: 'ipTest',
+        userAgent: 'userAgentTest',
+      },
+    };
+    const middleware = associate({
+      getService: () => mfaService,
+    } as any);
+    await middleware(req as any, res);
+    expect(mfaService.associate).toBeCalledWith(
+      'userIdTest',
+      req.body.type,
+      req.body.params,
+      req.infos
+    );
+    expect(res.json).toBeCalledWith({ mfaService: 'mfaServiceTest' });
+  });
+
+  it('Sends error if it was thrown', async () => {
+    const error = { message: 'Error' };
+    mfaService.associate.mockImplementationOnce(() => {
+      throw error;
+    });
+    const req = {
+      userId: 'userIdTest',
+      body: {
+        type: 'typeBody',
+        params: 'paramsBody',
+      },
+      infos: {
+        ip: 'ipTest',
+        userAgent: 'userAgentTest',
+      },
+    };
+    const middleware = associate({
+      getService: () => mfaService,
+    } as any);
+    await middleware(req as any, res);
+    expect(mfaService.associate).toBeCalledWith(
+      'userIdTest',
+      req.body.type,
+      req.body.params,
+      req.infos
+    );
+    expect(res.status).toHaveBeenCalledWith(400);
+    expect(res.json).toHaveBeenCalledWith(error);
+  });
+});
+
+describe('associateByMfaToken', () => {
+  beforeEach(() => {
+    jest.clearAllMocks();
+  });
+
+  it('should call mfa associateByMfaToken method', async () => {
+    const req = {
+      body: {
+        mfaToken: 'mfaTokenBody',
+        type: 'typeBody',
+        params: 'paramsBody',
+      },
+      infos: {
+        ip: 'ipTest',
+        userAgent: 'userAgentTest',
+      },
+    };
+    const middleware = associateByMfaToken({
+      getService: () => mfaService,
+    } as any);
+    await middleware(req as any, res);
+    expect(mfaService.associateByMfaToken).toBeCalledWith(
+      req.body.mfaToken,
+      req.body.type,
+      req.body.params,
+      req.infos
+    );
+    expect(res.json).toBeCalledWith({ mfaService: 'mfaServiceTest' });
+  });
+
+  it('Sends error if it was thrown', async () => {
+    const error = { message: 'Error' };
+    mfaService.associateByMfaToken.mockImplementationOnce(() => {
+      throw error;
+    });
+    const req = {
+      body: {
+        mfaToken: 'mfaTokenBody',
+        type: 'typeBody',
+        params: 'paramsBody',
+      },
+      infos: {
+        ip: 'ipTest',
+        userAgent: 'userAgentTest',
+      },
+    };
+    const middleware = associateByMfaToken({
+      getService: () => mfaService,
+    } as any);
+    await middleware(req as any, res);
+    expect(mfaService.associateByMfaToken).toBeCalledWith(
+      req.body.mfaToken,
+      req.body.type,
+      req.body.params,
+      req.infos
+    );
+    expect(res.status).toHaveBeenCalledWith(400);
+    expect(res.json).toHaveBeenCalledWith(error);
+  });
+});

packages/rest-express/__tests__/endpoints/mfa/authenticators.ts

@@ -0,0 +1,111 @@
+import {
+  authenticators,
+  authenticatorsByMfaToken,
+} from '../../../src/endpoints/mfa/authenticators';
+
+const res: any = {
+  json: jest.fn(),
+  status: jest.fn(() => res),
+};
+
+const mfaService = {
+  findUserAuthenticators: jest.fn(() => ({ mfaService: 'mfaServiceTest' })),
+  findUserAuthenticatorsByMfaToken: jest.fn(() => ({ mfaService: 'mfaServiceTest' })),
+};
+
+describe('authenticators', () => {
+  beforeEach(() => {
+    jest.clearAllMocks();
+  });
+
+  it('should return an error if user is not logged in', async () => {
+    const middleware = authenticators({} as any);
+    await middleware({} as any, res);
+    expect(res.status).toBeCalledWith(401);
+    expect(res.json).toBeCalledWith({ message: 'Unauthorized' });
+  });
+
+  it('should call mfa findUserAuthenticators method', async () => {
+    const req = {
+      userId: 'userIdTest',
+      infos: {
+        ip: 'ipTest',
+        userAgent: 'userAgentTest',
+      },
+    };
+    const middleware = authenticators({
+      getService: () => mfaService,
+    } as any);
+    await middleware(req as any, res);
+    expect(mfaService.findUserAuthenticators).toBeCalledWith('userIdTest');
+    expect(res.json).toBeCalledWith({ mfaService: 'mfaServiceTest' });
+  });
+
+  it('Sends error if it was thrown', async () => {
+    const error = { message: 'Error' };
+    mfaService.findUserAuthenticators.mockImplementationOnce(() => {
+      throw error;
+    });
+    const req = {
+      userId: 'userIdTest',
+      infos: {
+        ip: 'ipTest',
+        userAgent: 'userAgentTest',
+      },
+    };
+    const middleware = authenticators({
+      getService: () => mfaService,
+    } as any);
+    await middleware(req as any, res);
+    expect(mfaService.findUserAuthenticators).toBeCalledWith('userIdTest');
+    expect(res.status).toHaveBeenCalledWith(400);
+    expect(res.json).toHaveBeenCalledWith(error);
+  });
+});
+
+describe('authenticatorsByMfaToken', () => {
+  beforeEach(() => {
+    jest.clearAllMocks();
+  });
+
+  it('should call mfa findUserAuthenticatorsByMfaToken method', async () => {
+    const req = {
+      query: {
+        mfaToken: 'mfaTokenBody',
+      },
+      infos: {
+        ip: 'ipTest',
+        userAgent: 'userAgentTest',
+      },
+    };
+    const middleware = authenticatorsByMfaToken({
+      getService: () => mfaService,
+    } as any);
+    await middleware(req as any, res);
+    expect(mfaService.findUserAuthenticatorsByMfaToken).toBeCalledWith(req.query.mfaToken);
+    expect(res.json).toBeCalledWith({ mfaService: 'mfaServiceTest' });
+  });
+
+  it('Sends error if it was thrown', async () => {
+    const error = { message: 'Error' };
+    mfaService.findUserAuthenticatorsByMfaToken.mockImplementationOnce(() => {
+      throw error;
+    });
+    const req = {
+      query: {
+        mfaToken: 'mfaTokenBody',
+      },
+      infos: {
+        ip: 'ipTest',
+        userAgent: 'userAgentTest',
+      },
+    };
+    const middleware = authenticatorsByMfaToken({
+      getService: () => mfaService,
+    } as any);
+    await middleware(req as any, res);
+    expect(mfaService.findUserAuthenticatorsByMfaToken).toBeCalledWith(req.query.mfaToken);
+    expect(res.status).toHaveBeenCalledWith(400);
+    expect(res.json).toHaveBeenCalledWith(error);
+  });
+});

packages/rest-express/__tests__/endpoints/mfa/challenge.ts

@@ -0,0 +1,67 @@
+import { challenge } from '../../../src/endpoints/mfa/challenge';
+
+const res: any = {
+  json: jest.fn(),
+  status: jest.fn(() => res),
+};
+
+const mfaService = {
+  challenge: jest.fn(() => ({ mfaService: 'mfaServiceTest' })),
+};
+
+describe('challenge', () => {
+  beforeEach(() => {
+    jest.clearAllMocks();
+  });
+
+  it('should call mfa associateByMfaToken method', async () => {
+    const req = {
+      body: {
+        mfaToken: 'mfaTokenBody',
+        authenticatorId: 'authenticatorIdBody',
+      },
+      infos: {
+        ip: 'ipTest',
+        userAgent: 'userAgentTest',
+      },
+    };
+    const middleware = challenge({
+      getService: () => mfaService,
+    } as any);
+    await middleware(req as any, res);
+    expect(mfaService.challenge).toBeCalledWith(
+      req.body.mfaToken,
+      req.body.authenticatorId,
+      req.infos
+    );
+    expect(res.json).toBeCalledWith({ mfaService: 'mfaServiceTest' });
+  });
+
+  it('Sends error if it was thrown', async () => {
+    const error = { message: 'Error' };
+    mfaService.challenge.mockImplementationOnce(() => {
+      throw error;
+    });
+    const req = {
+      body: {
+        mfaToken: 'mfaTokenBody',
+        authenticatorId: 'authenticatorIdBody',
+      },
+      infos: {
+        ip: 'ipTest',
+        userAgent: 'userAgentTest',
+      },
+    };
+    const middleware = challenge({
+      getService: () => mfaService,
+    } as any);
+    await middleware(req as any, res);
+    expect(mfaService.challenge).toBeCalledWith(
+      req.body.mfaToken,
+      req.body.authenticatorId,
+      req.infos
+    );
+    expect(res.status).toHaveBeenCalledWith(400);
+    expect(res.json).toHaveBeenCalledWith(error);
+  });
+});

packages/rest-express/__tests__/express-middleware.ts

@@ -36,6 +36,31 @@ describe('express middleware', () => {
     expect((router.get as jest.Mock).mock.calls[0][0]).toBe('test/user');
   });
 
+  it('Defines password endpoints when mfa service is present', () => {
+    accountsExpress(
+      {
+        getServices: () => ({
+          mfa: {},
+        }),
+      } as any,
+      { path: 'test' }
+    );
+    expect((router.post as jest.Mock).mock.calls[0][0]).toBe('test/impersonate');
+    expect((router.post as jest.Mock).mock.calls[1][0]).toBe('test/user');
+    expect((router.post as jest.Mock).mock.calls[2][0]).toBe('test/refreshTokens');
+    expect((router.post as jest.Mock).mock.calls[3][0]).toBe('test/logout');
+    expect((router.post as jest.Mock).mock.calls[4][0]).toBe('test/:service/verifyAuthentication');
+    expect((router.post as jest.Mock).mock.calls[5][0]).toBe('test/:service/authenticate');
+
+    expect((router.post as jest.Mock).mock.calls[6][0]).toBe('test/mfa/associate');
+    expect((router.post as jest.Mock).mock.calls[7][0]).toBe('test/mfa/associateByMfaToken');
+    expect((router.post as jest.Mock).mock.calls[8][0]).toBe('test/mfa/challenge');
+
+    expect((router.get as jest.Mock).mock.calls[0][0]).toBe('test/user');
+    expect((router.get as jest.Mock).mock.calls[1][0]).toBe('test/mfa/authenticators');
+    expect((router.get as jest.Mock).mock.calls[2][0]).toBe('test/mfa/authenticatorsByMfaToken');
+  });
+
   it('Defines password endpoints when password service is present', () => {
     accountsExpress(
       {
@@ -51,6 +76,7 @@ describe('express middleware', () => {
     expect((router.post as jest.Mock).mock.calls[3][0]).toBe('test/logout');
     expect((router.post as jest.Mock).mock.calls[4][0]).toBe('test/:service/verifyAuthentication');
     expect((router.post as jest.Mock).mock.calls[5][0]).toBe('test/:service/authenticate');
+
     expect((router.post as jest.Mock).mock.calls[6][0]).toBe('test/password/register');
     expect((router.post as jest.Mock).mock.calls[7][0]).toBe('test/password/verifyEmail');
     expect((router.post as jest.Mock).mock.calls[8][0]).toBe('test/password/resetPassword');

packages/rest-express/package.json

@@ -39,6 +39,7 @@
   "author": "Tim Mikeladze",
   "license": "MIT",
   "devDependencies": {
+    "@accounts/mfa": "^0.29.0",
     "@accounts/password": "^0.29.0",
     "@accounts/server": "^0.29.0",
     "@types/express": "4.17.7",