0

我正在尝试使用 hapi 服务器测试身份验证方案。我在放置身份验证方案的同一个文件中有两个辅助函数。我想测试何时成功验证用户身份。但在我的测试用例中,我总是得到 401,这是未经身份验证的消息。

export const hasLegitItemUser = async (request, email, id) => {
  const {
    status,
    payload: {users}
  } = await svc.getRel(request, email);
  if (status !== STATUS.OK) {
    return false;
  }

  return users.includes(user) 
};

export const getUser = async request => {
  const token = request.state._token;
  const res = await svc.validateToken({request, token});
  const {
    userInfo: {email}
  } = res;
  const id = extractId(request.path);
  const isLetgitUser = await hasLegitItemUser(
    request,
    email,
    id
  );
  res.isLegitUser = isLegitUser;
  return res;
};


const scheme = (server, options) => {
  server.state("my_sso", options.cookie);

  server.ext("onPostAuth", (request, h) => {
    return h.continue;
  });

  return {
    async authenticate(request, h) {
      try {
        const {
          tokenValid,
          isLegitUser,
          userInfo
        } = await getUser(request);
        if (tokenValid && isLegitUser) {
          request.state["SSO"] = {
            TOKEN: request.state._token
          };

          return h.authenticated({
            credentials: {
              userInfo
            }
          });
        } else {
          throw Boom.unauthorized(null,"my_auth");
        }
      } catch (err) {
        throw Boom.unauthorized(null, "my_auth");
      }
    }
  };
};

我的测试文件:

import Hapi from "hapi";
import sinon from "sinon";
import auth, * as authHelpers from "server/auth";
import {expect} from "chai";
import pcSvc from "server/plugins/services/pc-svc";

describe("Authentication Plugin", () => {
const sandbox = sinon.createSandbox();
  const server = new Hapi.Server();
  const authHandler = request => ({
    credentials: request.auth.credentials,
    artifacts: "boom"
  });
before(() => {
    server.register({
      plugin: auth,
    });
const route = ["/mypage/{id}/home"];
    route.forEach(path => {
      server.route({
        method: "GET",
        path,
        options: {
          auth: auth,
          handler:{}
        }
      });
    });
  });

  afterEach(() => {
    sandbox.restore();
  });

it("should authorize user if it is a validated user", async () => {
    sandbox
      .stub(authHelpers, "getUser")
      .withArgs(request)
      .resolves({
        tokenValid: true,
        isLegitUser: true,
        userInfo: {}
      });

    return server
      .inject({
        method: "GET",
        url:
          "/mypage/888/home"
      })
      .then(res => {
        expect(res.statusCode).to.equal(200);
        expect(res.result).to.eql({
          userInfo: {
            email: "abc@gmail.com",
            rlUserId: "abc",
            userId: "abc@gmail.com"
          }
        });
      });
  });
});

我总是收到未经身份验证的 401 错误。似乎我的测试中的“getUser”函​​数由于某种原因没有触发,它直接进入我代码中 catch 阶段的 throw 语句。请帮忙。

4

0 回答 0