HEX
Server: nginx/1.24.0
System: Linux nowruzgan 6.8.0-57-generic #59-Ubuntu SMP PREEMPT_DYNAMIC Sat Mar 15 17:40:59 UTC 2025 x86_64
User: babak (1000)
PHP: 8.3.6
Disabled: NONE
$ pwd: /var/dev/farhangmoaser/web/test/
Upload Files
File: /var/dev/farhangmoaser/web/test/01-auth.js
global.env = 'test';
var request = require('supertest');
var redis = require('../connectors/redis');
var app = require('../app');
global.testtoken = '';

before(function(done) {
	redis.connect(function() {
		request(app)
			.get('/api/1.0/auth/app?key=testkey')
			.end(function(err, res) {
				testtoken = res.body.token;
				done();
			});
	});
});

describe('Authentication', function(){
	describe('API Key', function(){
		var response;

		it('have successful authentication request', function(done){
			request(app)
				.get('/api/1.0/auth/app?key=testkey')
				.end(function(err, res) {
					response = res;
					if(err) throw err;
					if(res.status == 200)
						done();
					else
						throw(new Error('Status code expected to be 200 but it\'s ' +res.status));
				});
		});

		it('have successful authentication result', function(){
			response.body.hasOwnProperty('err').should.equal(false);
			response.body.hasOwnProperty('token').should.equal(true);
			testtoken = response.body.token;
		});

		it('hide critical fields', function(){
			response.body.hasOwnProperty('password').should.equal(false);
			response.body.hasOwnProperty('searchable').should.equal(false);
			response.body.hasOwnProperty('sortable').should.equal(false);
		});
	});

	describe('Local User/Pass', function(){
		var response;

		it('have successful authentication request', function(done){
			request(app)
				.get('/api/1.0/auth/Local?email=test@mail.com&password=testpass')
				.end(function(err, res) {
					response = res;
					if(err) throw err;
					if(res.status == 200)
						done();
					else
						throw(new Error('Status code expected to be 200 but it\'s ' +res.status));
				});
		});

		it('have successful authentication result', function(){
			response.body.hasOwnProperty('err').should.equal(false);
			response.body.hasOwnProperty('token').should.equal(true);
			testtoken = response.body.token;
		});
	})

	describe('Ping Test', function(){
		it('ping with query string', function(done){
			testtoken = 'app-54bc841a568eedbf582161693999d4a2';
			request(app)
				.get('/api/1.0/ping?token='+testtoken)
				.end(function(err, res){
					if(err) throw err;
					if(res.body.ping && res.body.name && res.body.name=='tester')
						done();
					else
						throw(new Error('unsuccessful ping'));
				});
		});

		it('ping with x-token', function(done){
			request(app)
				.get('/api/1.0/ping')
				.set('x-token', testtoken)
				.end(function(err, res){
					if(err) throw err;
					if(res.body.ping && res.body.name && res.body.name=='tester')
						done();
					else
						throw(new Error('unsuccessful ping'));
				});
		});
	})

	describe('IP Range', function(){
		var auth = require('../helpers/auth.js');
		it('match single ip', function(){
			auth.ipcheck('127.0.0.1', '127.0.0.1').should.equal(true);
		});
		it('match ip range', function(){
			auth.ipcheck('127.0.0.14', '127.0.0.1-127.0.0.20').should.equal(true);
		});
		it('match both', function(){
			auth.ipcheck('192.168.1.20', '127.0.0.1-127.0.0.20;192.168.1.20').should.equal(true);
			auth.ipcheck('192.168.1.20', '127.0.0.1-127.0.0.20;192.168.1.2-192.168.1.30').should.equal(true);
			auth.ipcheck('192.168.1.20', '127.0.0.1-127.0.0.20;192.168.1.2-192.168.1.30;128.0.0.8').should.equal(true);
		});
	});
});
@ Telegram