0.2.9 • Published 4 years ago
demo-auth v0.2.9
Routes
ALL routes don't need parameters ALL routes return true if authorization successful
GET /user
Needed permissions: 'VIEW_USER'
POST /user
Needed permissions: 'CREATE_USER'
DELETE /user
Needed permissions: 'DELETE_USER' AND 'VIEW_USER'
POST /drop/db
Needed permissions: 'ADMIN' OR 'SUPERADMIN'
GET /ignored
Needed NO permissions and NO tokens. Completely public.
Scenarios
Incorrect Jwt.
STATE: any
✓ should return 401 if JWT is missing. (140ms)
✓ should return 200 with any JWT if route is set in IGNORE_ROUTES
✓ should return 401 if JWT signature is incorrect (114ms)
✓ should return 444 if JWT is expired
✓ should return 401 if JWT payload can`t be parsed (106ms)
Correct Jwt.
STATE: no session.
X-Csrf-Token header exists.
✓ should return 401 if Csrf token EXISTS. (145ms)
X-Csrf-Token header NOT exists.
State: auth-server UNREACHABLE
✓ should return 500
STATE: auth-server returns 401
✓ should return 401 (108ms)
STATE: auth-server provides SUFFICIENT permissions
✓ should return 200
STATE: auth-server provides INSUFFICIENT permissions
✓ should return 403 (110ms)
STATE: session exists.
Csrf valid.
STATE: SUFFICIENT permissions
✓ should return 200
STATE: INSUFFICIENT permissions
✓ should return 403 (218ms)
Csrf invalid.
✓ should return 401 if Csrf is MISSING (121ms)
✓ should return 401 if Csrf is WRONG (121ms)