Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
it('protects an endpoint (token with iron settings)', async () => {
const server = Hapi.server();
server.auth.scheme('custom', internals.implementation);
server.auth.strategy('default', 'custom');
server.auth.default('default');
await server.register({ plugin: Nes, options: { auth: { type: 'token', password, iron: Iron.defaults } } });
server.route({
method: 'GET',
path: '/',
handler: () => 'hello'
});
await server.start();
const res = await server.inject({ url: '/nes/auth', headers: { authorization: 'Custom john' } });
expect(res.result.status).to.equal('authenticated');
expect(res.result.token).to.exist();
const client = new Nes.Client('http://localhost:' + server.info.port);
await client.connect({ auth: res.result.token });
const { payload, statusCode } = await client.request('/');
expect(payload).to.equal('hello');
it('parses cookie (signed form integrity settings)', async () => {
const definitions = new Statehood.Definitions();
definitions.add('sid', { encoding: 'form', sign: { password, integrity: Iron.defaults.integrity } });
const { states, failed } = await definitions.parse('sid=a=1&b=2&c=3%20x.2d75635d74c1a987f84f3ee7f3113b9a2ff71f89d6692b1089f19d5d11d140f8*anm-37hjjRC3eY7Mcv4gP7gXgXBKTtUz9fNFWnetEZo');
expect(failed).to.have.length(0);
expect(states.sid).to.equal({ a: '1', b: '2', c: '3 x' });
expect(states).to.equal({ sid: { a: '1', b: '2', c: '3 x' } });
});
it('parses cookie (iron settings)', async () => {
const definitions = new Statehood.Definitions();
definitions.add('key', { encoding: 'iron', password, iron: Iron.defaults });
const { states, failed } = await definitions.parse('key=Fe26.2**8ec29d2e64ab19a0429faab76c46167c933b7c2c94dac8022bb4c97de0fc359d*O2aDw2nk5Svfc4xiuatycw*DWWOPpI3-B6Bb4oOOuNxGT8v9S4jZ_hpQZaaeYREvuk**34d98c193fd2048b40655966115d75dae62aab96cd1f5b374908b86fc47a61d3*H_zsHSt6UoOj3QgBIuNMrNHAUosM6Sp51uLKak0ZUjg');
expect(failed).to.have.length(0);
expect(states).to.equal({ key: { a: 1, b: 2, c: 3 } });
});
static async signup(name, email, remoteAuth) {
const user = await User.objects.create({
name,
email
});
if (remoteAuth) {
await Authentication.objects.create({
user,
remote_identity: remoteAuth.id,
provider: remoteAuth.provider,
access_token_enc: await iron.seal(
remoteAuth.token,
process.env.OAUTH_PASSWORD,
iron.defaults
),
metadata: {}
});
}
const host = await Host.objects.get({ id: 1 });
const namespace = await Namespace.objects.create({ name, host });
await NamespaceMember.objects.create({
accepted: true,
namespace,
user
});
return user;
}
};