add api key tests

felixheck · felixheck · commit 7e0544213650 · 2017-12-01T16:53:14.000+01:00
diff --git a/test/apiKey.init.spec.js b/test/apiKey.init.spec.js
@@ -0,0 +1,86 @@
+const test = require('ava')
+const helpers = require('./_helpers')
+const fixtures = require('./fixtures')
+const apiKey = require('../src/apiKey')
+
+const cfg = helpers.getOptions({ publicKey: fixtures.common.publicKeyJwk })
+const mockResponse = {
+  access_token: 'barfoo'
+}
+const defaults = {
+  url: 'http://barfoo.com/foo/bar',
+  in: 'headers',
+  prefix: 'Api-Key ',
+  name: 'authorization',
+  request: {},
+  tokenPath: 'access_token'
+}
+
+test('Do not replace api key with bearer token because of missing options', async (t) => {
+  const server = await helpers.getServer(cfg, false)
+
+  apiKey.init(server, cfg)
+
+  const { result } = await server.inject({
+    url: '/proxy',
+    headers: {
+      authorization: 'Api-Key foobar'
+    }
+  })
+
+  t.is(result.headers.authorization, 'Api-Key foobar')
+  t.is(Object.keys(result.query).length, 0)
+})
+
+test('Do not replace api key with bearer token because of missing api key', async (t) => {
+  const server = await helpers.getServer(cfg, false)
+
+  apiKey.init(server, Object.assign({
+    apiKey: defaults
+  }, cfg))
+
+  const { result } = await server.inject({
+    url: '/proxy'
+  })
+
+  t.falsy(result.headers.authorization)
+  t.is(Object.keys(result.query).length, 0)
+})
+
+test('Do not replace api key with bearer token because of failing request', async (t) => {
+  helpers.mockApiKey(401, mockResponse, false)
+  const server = await helpers.getServer(cfg, false)
+
+  apiKey.init(server, Object.assign({
+    apiKey: defaults
+  }, cfg))
+
+  const res = await server.inject({
+    url: '/proxy',
+    headers: {
+      authorization: 'Api-Key foobar'
+    }
+  })
+
+  t.is(res.statusCode, 401)
+  t.truthy(res.result.attributes.reason)
+})
+
+test('Replace api key with bearer token', async (t) => {
+  helpers.mockApiKey(200, mockResponse, false)
+  const server = await helpers.getServer(cfg, false)
+
+  apiKey.init(server, Object.assign({
+    apiKey: defaults
+  }, cfg))
+
+  const { result } = await server.inject({
+    url: '/proxy',
+    headers: {
+      authorization: 'Api-Key foobar'
+    }
+  })
+
+  t.is(result.headers.authorization, 'Bearer barfoo')
+  t.is(Object.keys(result.query).length, 0)
+})
diff --git a/test/apiKey.spec.js b/test/apiKey.spec.js
@@ -0,0 +1,210 @@
+const test = require('ava')
+const apiKey = require('../src/apiKey')
+
+test('Get endpoint url without any changes', (t) => {
+  t.is(apiKey.parseUrl({
+    apiKey: { url: 'http://barfoo.com/foo/bar' },
+    clientId: 'bar',
+    realmUrl: 'http://foobar.com/foo/bar'
+  }), 'http://barfoo.com/foo/bar')
+})
+
+test('Get endpoint url with replaced `clientId`', (t) => {
+  t.is(apiKey.parseUrl({
+    apiKey: { url: 'http://barfoo.com/foo/{clientId}' },
+    clientId: 'bar',
+    realmUrl: 'http://foobar.com/foo/bar'
+  }), 'http://barfoo.com/foo/bar')
+})
+
+test('Get endpoint url with replaced `realm`', (t) => {
+  t.is(apiKey.parseUrl({
+    apiKey: { url: 'http://barfoo.com/foo/{realm}' },
+    clientId: 'bar',
+    realmUrl: 'http://foobar.com/foo/bar'
+  }), 'http://barfoo.com/foo/bar')
+})
+
+test('Get endpoint url with replaced unknown placeholder', (t) => {
+  t.is(apiKey.parseUrl({
+    apiKey: { url: 'http://barfoo.com/foo/{foobar}' },
+    clientId: 'bar',
+    realmUrl: 'http://foobar.com/foo/bar'
+  }), 'http://barfoo.com/foo/')
+})
+
+test('Get no api key if there is neither header nor query', (t) => {
+  const req = {
+    headers: {},
+    query: {}
+  }
+
+  const options = {
+    in: 'headers',
+    name: 'authorization',
+    prefix: 'Api-Key '
+  }
+
+  t.false(apiKey.getApiKey(req, options))
+})
+
+test('Get no api key if value is not prefixed', (t) => {
+  const req = {
+    headers: {
+      authorization: 'foobar'
+    },
+    query: {}
+  }
+
+  const options = {
+    in: 'headers',
+    name: 'authorization',
+    prefix: 'Api-Key '
+  }
+
+  t.false(apiKey.getApiKey(req, options))
+})
+
+test('Get api key if there is there is a prefixed value', (t) => {
+  const req = {
+    headers: {
+      authorization: 'Api-Key foobar'
+    },
+    query: {}
+  }
+
+  const options = {
+    in: 'headers',
+    name: 'authorization',
+    prefix: 'Api-Key '
+  }
+
+  const result = apiKey.getApiKey(req, options)
+
+  t.truthy(result)
+  t.is(result, 'Api-Key foobar')
+})
+
+test('Get no request options because of missing api key', (t) => {
+  const req = {
+    headers: {},
+    query: {}
+  }
+
+  const options = {
+    in: 'headers',
+    name: 'authorization',
+    prefix: 'Api-Key ',
+    request: {}
+  }
+
+  t.false(apiKey.getRequestOptions(req, options))
+})
+
+test('Get request options with updated header', (t) => {
+  const req = {
+    headers: {
+      authorization: 'Api-Key foobar'
+    },
+    query: {}
+  }
+
+  const options = {
+    in: 'headers',
+    name: 'authorization',
+    prefix: 'Api-Key ',
+    request: {
+      foo: 'bar'
+    }
+  }
+
+  t.deepEqual(apiKey.getRequestOptions(req, options), {
+    foo: 'bar',
+    headers: {
+      authorization: 'Api-Key foobar'
+    }
+  })
+})
+
+test('Get request options with updated query', (t) => {
+  const req = {
+    query: {
+      authorization: 'Api-Key foobar'
+    },
+    headers: {}
+  }
+
+  const options = {
+    in: 'query',
+    name: 'authorization',
+    prefix: 'Api-Key ',
+    request: {
+      foo: 'bar'
+    }
+  }
+
+  t.deepEqual(apiKey.getRequestOptions(req, options), {
+    foo: 'bar',
+    query: {
+      authorization: 'Api-Key foobar'
+    }
+  })
+})
+
+test('Get request options with deeply updated header', (t) => {
+  const req = {
+    headers: {
+      authorization: 'Api-Key foobar'
+    },
+    query: {}
+  }
+
+  const options = {
+    in: 'headers',
+    name: 'authorization',
+    prefix: 'Api-Key ',
+    request: {
+      foo: 'bar',
+      headers: {
+        'x-foo': 'bar'
+      }
+    }
+  }
+
+  t.deepEqual(apiKey.getRequestOptions(req, options), {
+    foo: 'bar',
+    headers: {
+      authorization: 'Api-Key foobar',
+      'x-foo': 'bar'
+    }
+  })
+})
+
+test('Get request options with deeply updated query', (t) => {
+  const req = {
+    query: {
+      authorization: 'Api-Key foobar'
+    },
+    headers: {}
+  }
+
+  const options = {
+    in: 'query',
+    name: 'authorization',
+    prefix: 'Api-Key ',
+    request: {
+      foo: 'bar',
+      query: {
+        'x-foo': 'bar'
+      }
+    }
+  }
+
+  t.deepEqual(apiKey.getRequestOptions(req, options), {
+    foo: 'bar',
+    query: {
+      authorization: 'Api-Key foobar',
+      'x-foo': 'bar'
+    }
+  })
+})
