function tokenRequest(app) { return request(app) .post('/token') .type('form') .expect('Cache-Control', 'no-store') .expect('Pragma', 'no-cache'); }
it('should receive an SMS message', () => { const {supertest, mocks} = getSample(); return supertest .post('/sms/receive') .send({From: 'Bob', Body: 'hi'}) .type('form') .expect(200) .expect(() => { assert(mocks.twilio.message.calledWith('Hello, Bob, you said: hi')); }); });
it('should expose the revoke endpoint', async () => { const res = await request(service.requestHandler) .post('/revoke') .type('form') .set('authorization', `Basic ${Buffer.from('dummy_client_id:dummy_client_secret').toString('base64')}`) .send({ token: 'authorization_code', token_type_hint: 'refresh_token', }) .expect(200); expect(res.body).toEqual(null); });
it('should allow customizing the revoke response through a beforeRevoke event', async () => { service.once('beforeRevoke', (revokeResponse, req) => { expect(req).toBeInstanceOf(IncomingMessage); /* eslint-disable no-param-reassign */ revokeResponse.body = ''; revokeResponse.statusCode = 204; /* eslint-enable no-param-reassign */ }); const res = await request(service.requestHandler) .post('/revoke') .type('form') .set('authorization', `Basic ${Buffer.from('dummy_client_id:dummy_client_secret').toString('base64')}`) .send({ token: 'authorization_code', token_type_hint: 'refresh_token', }) .expect(204); expect(res.text).toBeFalsy(); });
.type('form') .send({ password: 'passowrd\' OR 1=1'
it('should expose a token endpoint that handles Resource Owner Password Credentials grants', async () => { const res = await request(service.requestHandler) .post('/token') .type('form') .send({ grant_type: 'password', username: 'the-resource-owner@example.com', scope: 'urn:first-scope urn:second-scope', }) .expect(200); expect(res.body).toMatchObject({ access_token: expect.any(String), token_type: 'Bearer', expires_in: 3600, scope: 'urn:first-scope urn:second-scope', refresh_token: expect.any(String), }); const key = service.issuer.keys.get('test-rsa-key'); const decoded = jwt.verify(res.body.access_token, key.toPEM(false)); expect(decoded).toMatchObject({ iss: service.issuer.url, scope: res.body.scope, sub: 'the-resource-owner@example.com', amr: ['pwd'], }); });
request(app) .post('/login') .type('json') .send('{"username":"bad","password":"wrong"}') .expect(401) request(app) .post('/login') .type('json') .send('{"username":"admin","password":"admin"}') .expect(200) request(app) .post('/login') .type('json') .send('{"username":"admin","password":"admin"}') .end(function(err, res) {
.type('form') .send({ password: 'passowrd\' OR 1=1'
await request .get('/diagram.png') .type('text') .expect(400) .expect('Content-Type', errorContentType) await request .get('/diagram.png') .type('text') .query({dot: ''}) .expect(400) await request .get(`/diagram.png`) .type('text') .query({dot: `digraph`}) .expect(400) await request .get(`/diagram.png`) .type(`text`) .query({dot: `digraph G { A -> {B, C, D} -> {F} }`}) .expect(200)
.type('form') .set('authorization', `Basic ${Buffer.from('dummy_client_id:dummy_client_secret').toString('base64')}`) .send({
it('should expose a token endpoint that handles authorization_code grants without the basic authorization', async () => { const res = await request(service.requestHandler) .post('/token') .type('form') .send({ grant_type: 'authorization_code',
await request(server) .post('/posts') .type('form') .send({ body: 'foo', booleanValue: true, integerValue: 1 }) .expect('Content-Type', /json/)
it('should expose a token endpoint that handles refresh_token grants', async () => { const res = await request(service.requestHandler) .post('/token') .type('form') .set('authorization', `Basic ${Buffer.from('dummy_client_id:dummy_client_secret').toString('base64')}`) .send({
it('should expose a token endpoint that handles authorization_code grants', async () => { const res = await request(service.requestHandler) .post('/token') .type('form') .set('authorization', `Basic ${Buffer.from('dummy_client_id:dummy_client_secret').toString('base64')}`) .send({