Newer
Older
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
require('./lib/test_env.js');
const assert = require('assert'),
vows = require('vows'),
start_stop = require('./lib/start-stop.js'),
wsapi = require('./lib/wsapi.js'),
Lloyd Hilaiel
committed
email = require('../lib/email.js'),
ca = require('../lib/keysigner/ca.js'),
Lloyd Hilaiel
committed
jwk = require('jwcrypto/jwk'),
jwt = require('jwcrypto/jwt');
Lloyd Hilaiel
committed
var token = undefined;
// disable vows (often flakey?) async error behavior
suite.options.error = false;
start_stop.addStartupBatches(suite);
// INFO: some of these tests are repeat of sync-emails... to set
// things up properly for key certification
// create a new account via the api with (first address)
suite.addBatch({
"staging an account": {
topic: wsapi.post('/wsapi/stage_user', {
email: 'syncer@somehost.com',
Shane Tomlinson
committed
pass: 'fakepass',
Ben Adida
committed
site:'http://fakesite.com'
Lloyd Hilaiel
committed
"succeeds": function(err, r) {
assert.strictEqual(r.code, 200);
}
}
});
// wait for the token
suite.addBatch({
"a token": {
topic: function() {
Lloyd Hilaiel
committed
start_stop.waitForToken(this.callback);
},
"is obtained": function (t) {
assert.strictEqual(typeof t, 'string');
Lloyd Hilaiel
committed
token = t;
}
}
});
suite.addBatch({
"verifying account ownership": {
topic: function() {
Shane Tomlinson
committed
wsapi.post('/wsapi/complete_user_creation', { token: token }).call(this);
Lloyd Hilaiel
committed
"works": function(err, r) {
Lloyd Hilaiel
committed
assert.strictEqual(true, JSON.parse(r.body).success);
Ben Adida
committed
// generate a keypair, we'll use this to sign assertions, as if
// this keypair is stored in the browser localStorage
"check the public key": {
topic: wsapi.get("/pk"),
Lloyd Hilaiel
committed
"returns a 200": function(err, r) {
Lloyd Hilaiel
committed
"returns the right public key": function(err, r) {
var pk = jwk.PublicKey.deserialize(r.body);
assert.ok(pk);
}
},
"cert key with no parameters": {
topic: wsapi.post(cert_key_url, {}),
Lloyd Hilaiel
committed
"fails with HTTP 400" : function(err, r) {
"cert key invoked with just an email": {
topic: wsapi.post(cert_key_url, { email: 'syncer@somehost.com' }),
Lloyd Hilaiel
committed
"returns a 400" : function(err, r) {
"cert key invoked with proper argument": {
topic: wsapi.post(cert_key_url, {
email: 'syncer@somehost.com',
pubkey: kp.publicKey.serialize(),
ephemeral: false
}),
Lloyd Hilaiel
committed
"returns a response with a proper content-type" : function(err, r) {
Lloyd Hilaiel
committed
"returns a proper cert": function(err, r) {
ca.verifyChain('127.0.0.1', [r.body], function(pk) {
},
"generate an assertion": {
Lloyd Hilaiel
committed
topic: function(err, r) {
var serializedCert = r.body.toString();
Lloyd Hilaiel
committed
var expiration = new Date(new Date().getTime() + (2 * 60 * 1000));
var assertion = new jwt.JWT(null, expiration, "rp.com");
var full_assertion = {
certificates: [serializedCert],
assertion: assertion.sign(kp.secretKey)
};
return full_assertion;
},
"full assertion looks good": function(full_assertion) {
assert.equal(full_assertion.certificates[0].split(".").length, 3);
assert.equal(full_assertion.assertion.split(".").length, 3);
},
"assertion verifies": {
// extract public key at the tail of the chain
ca.verifyChain('127.0.0.1', full_assertion.certificates, function(pk) {
Lloyd Hilaiel
committed
var assertion = new jwt.JWT();
assertion.parse(full_assertion.assertion);
cb(assertion.verify(pk));
});
assert.isTrue(result);
Lloyd Hilaiel
committed
"cert key invoked proper arguments but incorrect email address": {
topic: wsapi.post(cert_key_url, {
email: 'syncer2@somehost.com',
pubkey: kp.publicKey.serialize(),
ephemeral: false
}),
Lloyd Hilaiel
committed
"returns a response with a proper error content-type" : function(err, r) {
assert.strictEqual(r.code, 400);
}