mirror of
https://github.com/zebrajr/express.git
synced 2025-12-06 12:19:51 +01:00
17bf04d1ef
Passwords in basic auth can contain colons (as per RFC2617), while usernames cannot, so assume everything after the colon is a password. This makes req.auth return the correct value if the user uses a colon in his password.
95 lines
2.3 KiB
JavaScript
95 lines
2.3 KiB
JavaScript
|
|
var express = require('../')
|
|
, request = require('./support/http');
|
|
|
|
describe('req', function(){
|
|
describe('.auth', function(){
|
|
describe('when Authorization is missing', function(){
|
|
it('should return undefined', function(done){
|
|
var app = express();
|
|
|
|
app.get('/', function(req, res){
|
|
res.send(req.auth || 'none');
|
|
});
|
|
|
|
request(app)
|
|
.get('/')
|
|
.expect('none', done)
|
|
})
|
|
})
|
|
|
|
describe('when Authorization is malformed', function(){
|
|
it('should return undefined', function(done){
|
|
var app = express();
|
|
|
|
app.get('/', function(req, res){
|
|
res.send(req.auth || 'none');
|
|
});
|
|
|
|
request(app)
|
|
.get('/')
|
|
.set('Authorization', 'meow')
|
|
.expect('none', done)
|
|
})
|
|
})
|
|
|
|
describe('when Authorization is not Basic', function(){
|
|
it('should return undefined', function(done){
|
|
var app = express();
|
|
|
|
app.get('/', function(req, res){
|
|
res.send(req.auth || 'none');
|
|
});
|
|
|
|
request(app)
|
|
.get('/')
|
|
.set('Authorization', 'Meow dG9iaTpmZXJyZXQ')
|
|
.expect('none', done)
|
|
})
|
|
})
|
|
|
|
describe('when encoded string is malformed', function(){
|
|
it('should return undefined', function(done){
|
|
var app = express();
|
|
|
|
app.get('/', function(req, res){
|
|
res.send(req.auth || 'none');
|
|
});
|
|
|
|
request(app)
|
|
.get('/')
|
|
.set('Authorization', 'Basic Z21ldGh2aW4=')
|
|
.expect('none', done)
|
|
})
|
|
})
|
|
|
|
describe('when password contains a colon', function(){
|
|
it('should return .username and .password', function(done){
|
|
var app = express();
|
|
|
|
app.get('/', function(req, res){
|
|
res.send(req.auth || 'none');
|
|
});
|
|
|
|
request(app)
|
|
.get('/')
|
|
.set('Authorization', 'Basic dG9iaTpmZXJyZXQ6ZmVycmV0')
|
|
.expect('{"username":"tobi","password":"ferret:ferret"}', done)
|
|
})
|
|
})
|
|
|
|
it('should return .username and .password', function(done){
|
|
var app = express();
|
|
|
|
app.get('/', function(req, res){
|
|
res.send(req.auth || 'none');
|
|
});
|
|
|
|
request(app)
|
|
.get('/')
|
|
.set('Authorization', 'Basic dG9iaTpmZXJyZXQ=')
|
|
.expect('{"username":"tobi","password":"ferret"}', done)
|
|
})
|
|
})
|
|
})
|