Add integration test to test authorization

twistedstream · twistedstream · commit 0952f08fcbe1 · 2015-04-08T00:43:46.000-05:00
expecting some failures since we haven't implemented the Lua script change yet
diff --git a/hosts/backend/server.js b/hosts/backend/server.js
@@ -16,6 +16,14 @@ app.get('/secure', function (req, res) {
     });
 });
 
+app.get('/secure/admin', function (req, res) {
+    console.log('Authorization header:', req.get('Authorization'));
+
+    res.json({
+        message: 'This endpoint needs to be secure for an admin.'
+    });
+});
+
 var server = app.listen(5000, function () {
     var host = server.address().address;
     var port = server.address().port;
diff --git a/hosts/proxy/normal-secret/nginx/conf/nginx.conf b/hosts/proxy/normal-secret/nginx/conf/nginx.conf
@@ -23,5 +23,14 @@ http {
 
             proxy_pass http://backend_host:5000/secure;
         }
+
+        location /secure/admin {
+            access_by_lua '
+                local jwt = require("nginx-jwt")
+                jwt.auth({roles="admin"})
+            ';
+
+            proxy_pass http://backend_host:5000/secure/admin;
+        }
     }
 }
diff --git a/test/test_integration.js b/test/test_integration.js
@@ -56,6 +56,37 @@ describe('proxy', function () {
                     .end();
             });
         });
+
+        describe("GET /secure/admin", function () {
+            it("should return 401 when an authenticated user still isn't authorized via claims", function () {
+                var token = jwt.sign(
+                    { sub: 'foo-user', roles: 'customer' },
+                    secret
+                );
+
+                return request(url)
+                    .get('/secure/admin')
+                    .headers({'Authorization': 'Bearer ' + token})
+                    .expect(401)
+                    .end();
+            });
+
+            it("should return 200 when an authenticated user is authorized via claims", function () {
+                var token = jwt.sign(
+                    { sub: 'foo-user', roles: 'customer admin' },
+                    secret
+                );
+
+                return request(url)
+                    .get('/secure/admin')
+                    .headers({'Authorization': 'Bearer ' + token})
+                    .expect(200)
+                    .expect('Content-Type', /json/)
+                    .expect({ message: 'This endpoint needs to be secure for an admin.' })
+                    .expect('X-Auth-UserId', 'foo-user')
+                    .end();
+            });
+        });
     });
 
     describe("configured with URL-safe base-64 encoded secret", function () {

Original file line number	Diff line number	Diff line change
`@@ -23,5 +23,14 @@ http {`
`23`	`23`
`24`	`24`	`proxy_pass http://backend_host:5000/secure;`
`25`	`25`	`}`
	`26`	`+`
	`27`	`+ location /secure/admin {`
	`28`	`+ access_by_lua '`
	`29`	`+ local jwt = require("nginx-jwt")`
	`30`	`+ jwt.auth({roles="admin"})`
	`31`	`+ ';`
	`32`	`+`
	`33`	`+ proxy_pass http://backend_host:5000/secure/admin;`
	`34`	`+ }`
`26`	`35`	`}`
`27`	`36`	`}`