add tests

cdimascio · Dec 4, 2019 · caa4235 · caa4235
1 parent 7ca92d1
commit caa4235
Show file tree

Hide file tree

Showing 4 changed files with 532 additions and 0 deletions.
diff --git a/test/install.spec.ts b/test/install.spec.ts
@@ -0,0 +1,40 @@
+import * as path from 'path';
+import * as express from 'express';
+import { expect } from 'chai';
+import { OpenApiValidator } from '../src';
+
+describe('install', () => {
+  it('should succeed when spec exists and is valid', async () => {
+    const apiSpec = path.join('test', 'resources', 'openapi.yaml');
+    const oam = new OpenApiValidator({ apiSpec });
+
+    expect(oam)
+      .to.have.property('install')
+      .that.is.a('function');
+  });
+
+  it('should throw when spec is missing', async () => {
+    try {
+      await new OpenApiValidator({
+        apiSpec: './not-found.yaml',
+      }).install(express());
+    } catch (e) {
+      expect(e.message).to.contain(
+        'spec could not be read at ./not-found.yaml',
+      );
+    }
+  });
+
+  it('should throw when security handlers are specified in new and old', async () => {
+    const apiSpec = path.join('test', 'resources', 'openapi.yaml');
+    expect(function() {
+      return new OpenApiValidator({
+        apiSpec,
+        validateSecurity: {},
+        securityHandlers: {},
+      });
+    }).to.throw(
+      'securityHandlers and validateSecurity may not be used together. Use validateSecurities.handlers to specify handlers.',
+    );
+  });
+});
diff --git a/test/security.defaults.spec.ts b/test/security.defaults.spec.ts
@@ -0,0 +1,56 @@
+import * as path from 'path';
+import * as express from 'express';
+import { expect } from 'chai';
+import * as request from 'supertest';
+import { createApp } from './common/app';
+
+describe('security.defaults', () => {
+  let app = null;
+  let basePath = null;
+
+  before(async () => {
+    const apiSpec = path.join('test', 'resources', 'security.yaml');
+    app = await createApp({ apiSpec }, 3005);
+    basePath = app.basePath;
+
+    app.use(
+      `${basePath}`,
+      express
+        .Router()
+        .get(`/api_key`, (req, res) => res.json({ logged_in: true }))
+        .get(`/bearer`, (req, res) => res.json({ logged_in: true }))
+        .get(`/basic`, (req, res) => res.json({ logged_in: true }))
+        .get('/no_security', (req, res) => res.json({ logged_in: true })),
+    );
+  });
+
+  after(() => {
+    app.server.close();
+  });
+
+  it('should return 200 if no security', async () =>
+    request(app)
+      .get(`${basePath}/no_security`)
+      .expect(200));
+
+  it('should skip validation, even if auth header is missing for basic auth', async () => {
+    return request(app)
+      .get(`${basePath}/basic`)
+      .expect(401)
+      .then(r => {
+        expect(r.body)
+          .to.have.property('message')
+          .that.equals('Authorization header required');
+      });
+  });
+
+  it('should skip security validation, even if auth header is missing for bearer auth', async () => {
+    return request(app)
+      .get(`${basePath}/bearer`)
+      .expect(401).then(r => {
+        expect(r.body)
+          .to.have.property('message')
+          .that.equals('Authorization header required');
+      })
+  });
+});
diff --git a/test/security.disabled.spec.ts b/test/security.disabled.spec.ts
@@ -0,0 +1,47 @@
+import * as path from 'path';
+import * as express from 'express';
+import * as request from 'supertest';
+import { createApp } from './common/app';
+
+// NOTE/TODO: These tests modify eovConf.validateSecurity.handlers
+// Thus test execution order matters :-(
+describe('security.disabled', () => {
+  let app = null;
+  let basePath = null;
+  before(async () => {
+    // Set up the express app
+    const apiSpec = path.join('test', 'resources', 'security.yaml');
+    app = await createApp({ apiSpec, validateSecurity: false }, 3005);
+    basePath = app.basePath;
+    app.use(
+      `${basePath}`,
+      express
+        .Router()
+        .get(`/api_key`, (req, res) => res.json({ logged_in: true }))
+        .get(`/bearer`, (req, res) => res.json({ logged_in: true }))
+        .get(`/basic`, (req, res) => res.json({ logged_in: true }))
+        .get('/no_security', (req, res) => res.json({ logged_in: true })),
+    );
+  });
+
+  after(() => {
+    app.server.close();
+  });
+
+  it('should return 200 if no security', async () =>
+    request(app)
+      .get(`${basePath}/no_security`)
+      .expect(200));
+
+  it('should skip validation, even if auth header is missing for basic auth', async () => {
+    return request(app)
+      .get(`${basePath}/basic`)
+      .expect(200);
+  });
+
+  it('should skip security validation, even if auth header is missing for bearer auth', async () => {
+    return request(app)
+      .get(`${basePath}/bearer`)
+      .expect(200);
+  });
+});