mirror of
https://github.com/n8n-io/n8n.git
synced 2025-01-04 09:27:28 -08:00
48 lines
1.7 KiB
TypeScript
48 lines
1.7 KiB
TypeScript
|
import express from 'express';
|
||
|
import request from 'supertest';
|
||
|
import createJWKSMock from 'mock-jwks';
|
||
|
import config from '@/config';
|
||
|
import { setupExternalJWTAuth } from '@/middlewares/externalJWTAuth';
|
||
|
|
||
|
const testJWKUri = 'https://n8n.test/';
|
||
|
const jwksMock = createJWKSMock(testJWKUri);
|
||
|
|
||
|
describe('External JWT Auth Middleware', () => {
|
||
|
let app: express.Application;
|
||
|
|
||
|
beforeAll(() => {
|
||
|
app = express();
|
||
|
config.set('security.jwtAuth.jwtHeader', 'Authorization');
|
||
|
config.set('security.jwtAuth.jwtHeaderValuePrefix', 'Bearer');
|
||
|
config.set('security.jwtAuth.jwtIssuer', 'n8n');
|
||
|
config.set('security.jwtAuth.jwksUri', `${testJWKUri}.well-known/jwks.json`);
|
||
|
setupExternalJWTAuth(app, config, new RegExp('^/skip-auth'));
|
||
|
app.get('/test', (req, res) => res.send({ auth: true }));
|
||
|
app.get('/skip-auth', (req, res) => res.send({ auth: false }));
|
||
|
|
||
|
jwksMock.start();
|
||
|
});
|
||
|
|
||
|
it('should not block calls to /skip-auth', async () => {
|
||
|
const response = await request(app).get('/skip-auth');
|
||
|
expect(response.statusCode).toEqual(200);
|
||
|
expect(response.body).toEqual({ auth: false });
|
||
|
});
|
||
|
|
||
|
it('should block calls to /test if auth is absent', async () =>
|
||
|
request(app).get('/test').expect(403));
|
||
|
|
||
|
it('should block calls to /test if auth is invalid', async () => {
|
||
|
const token = jwksMock.token({ iss: 'invalid' });
|
||
|
const response = await request(app).get('/test').set('Authorization', `Bearer ${token}`);
|
||
|
expect(response.statusCode).toEqual(403);
|
||
|
});
|
||
|
|
||
|
it('should allow access to /test if JWT auth header is valid', async () => {
|
||
|
const token = jwksMock.token({ iss: 'n8n' });
|
||
|
const response = await request(app).get('/test').set('Authorization', `Bearer ${token}`);
|
||
|
expect(response.statusCode).toEqual(200);
|
||
|
expect(response.body).toEqual({ auth: true });
|
||
|
});
|
||
|
});
|