Test for authorizer callbacks

thenikso · thenikso · commit 79cbdf017ee4 · 2016-08-24T21:00:19.000+02:00
diff --git a/lib/authorizer-callbacks.js b/lib/authorizer-callbacks.js
@@ -71,6 +71,7 @@ module.exports.authorizerCheckCallback = function(
   getCacheEntry,
   cacheEntryTtl
 ) {
+  const defaultCacheFunc = function(i, cb) { cb() };
   return function(req, res, next) {
     if (!authorizer) {
       return next();
@@ -94,7 +95,7 @@ module.exports.authorizerCheckCallback = function(
     }
 
     const cacheKey = req.lambda.authorizer.event.authorizationToken;
-    (getCacheEntry || function(i, cb) { cb() })(
+    (getCacheEntry || defaultCacheFunc)(
       cacheKey,
       function(err, cachedAuthorization) {
         if (cachedAuthorization) {
@@ -104,7 +105,7 @@ module.exports.authorizerCheckCallback = function(
             req.lambda.authorizer.event,
             req.lambda.context,
             function(innerErr, awsAuthDocument) {
-              (setCacheEntry || function(i, cb) { cb() })({
+              (setCacheEntry || defaultCacheFunc)({
                 key: cacheKey,
                 value: awsAuthDocument,
                 ttl: cacheEntryTtl || 300,
diff --git a/tests/authorizer-callbacks.test.js b/tests/authorizer-callbacks.test.js
@@ -106,10 +106,139 @@ describe('authorizer-callbacks', () => {
       expect(res.sendStatus).to.not.have.been.calledWith(403);
       expect(next).to.have.callCount(1);
     });
+
+    it('should accept arn options', () => {
+      const req = {
+        method: 'get',
+        path: '/test',
+        headers: {
+          auth: 'Bearer test',
+        },
+      };
+      const opts = {
+        regionId: 'test-region',
+        accountId: 'test-account',
+        apiId: 'test-app',
+      };
+      subject.authorizerValidationCallback(null, null, opts)(req, null, next);
+      expect(req.lambda).to.eql({
+        authorizer: {
+          event: {
+            type: 'TOKEN',
+            authorizationToken: 'Bearer test',
+            methodArn: 'arn:serverlessify:execute-api:test-region:test-account:test-app/GET/test'
+          },
+        },
+      });
+    });
   });
 
   describe('authorizerCheckCallback', () => {
+    const req = {
+      lambda: {
+        authorizer: {
+          event: {
+            authorizationToken: 'test token',
+          },
+        },
+        context: 'test context',
+      },
+    };
+    const res = {
+      send: sinon.spy(),
+      sendStatus: sinon.spy(),
+    };
+    res.status = sinon.stub().returns(res);
+    const next = sinon.spy();
 
+    beforeEach(() => {
+      next.reset();
+      res.send.reset();
+      res.status.reset();
+      res.sendStatus.reset();
+    });
+
+    it('should skip if no authorizer is specified', () => {
+      subject.authorizerCheckCallback()(null, null, next);
+      expect(next).to.have.callCount(1);
+    });
+
+    it('should authorize if authorizer allow', () => {
+      const doc = {
+        policyDocument: {
+          Statement: [{ Effect: 'Allow' }],
+        },
+      };
+      const authorizer = sinon.spy((e, c, cb) => cb(null, doc));
+      subject.authorizerCheckCallback(authorizer)(req, res, next);
+      expect(authorizer).to.have.been.calledWithMatch(
+        {
+          authorizationToken: 'test token',
+        },
+        'test context'
+      );
+      expect(next).to.have.callCount(1);
+    });
+
+    it('should not authorize if authorizer deny', () => {
+      const doc = {
+        policyDocument: {
+          Statement: [{ Effect: 'Deny' }],
+        },
+      };
+      const authorizer = sinon.spy((e, c, cb) => cb(null, doc));
+      subject.authorizerCheckCallback(authorizer)(req, res, next);
+      expect(res.sendStatus).to.have.been.calledWith(401);
+      expect(next).to.have.callCount(0);
+    });
+
+    it('should 500 if authorizer fails', () => {
+      const authorizer = sinon.spy((e, c, cb) => cb('err'));
+      subject.authorizerCheckCallback(authorizer)(req, res, next);
+      expect(res.status).to.have.been.calledWith(500);
+      expect(res.send).to.have.been.calledWith('err');
+      expect(next).to.have.callCount(0);
+    });
+
+    it('should get authorization from cache', () => {
+      const doc = {
+        policyDocument: {
+          Statement: [{ Effect: 'Allow' }],
+        },
+      };
+      const authorizer = sinon.spy((e, c, cb) => cb(null, 'nope'));
+      const getCache = sinon.spy((i, cb) => cb(null, doc));
+      subject.authorizerCheckCallback(authorizer, null, getCache)(req, res, next);
+      expect(getCache).to.have.callCount(1);
+      expect(authorizer).to.have.callCount(0);
+    });
+
+    it('should save authorization to cache', () => {
+      const doc = {
+        policyDocument: {
+          Statement: [{ Effect: 'Allow' }],
+        },
+      };
+      const authorizer = sinon.spy((e, c, cb) => cb(null, doc));
+      const setCache = sinon.spy((i, cb) => cb());
+      subject.authorizerCheckCallback(authorizer, setCache)(req, res, next);
+      expect(setCache).to.have.been.calledWithMatch(
+        {
+          key: 'test token',
+          value: doc,
+          ttl: 300,
+        }
+      );
+
+      subject.authorizerCheckCallback(authorizer, setCache, null, 123)(req, res, next);
+      expect(setCache).to.have.been.calledWithMatch(
+        {
+          key: 'test token',
+          value: doc,
+          ttl: 123,
+        }
+      );
+    });
   });
 });
 
