API Authentication mocks

api/helpers/security-handlers.js

@@ -0,0 +1,26 @@
+module.exports = {
+  appid: (req, authOrSecDef, scopesOrApiKey, cb) => {
+    const appid = req.headers[authOrSecDef.name];
+    if (appid !== 'social-safety-net') {
+      cb({
+        message: `Invalid header "${authOrSecDef.name}"`,
+        statusCode: 401,
+      });
+    }
+    else {
+      cb();
+    }
+  },
+  appkey: (req, authOrSecDef, scopesOrApiKey, cb) => {
+    const appkey = req.headers[authOrSecDef.name];
+    if (appkey !== 'alohomora') {
+      cb({
+        message: `Invalid header "${authOrSecDef.name}"`,
+        statusCode: 401,
+      });
+    }
+    else {
+      cb();
+    }
+  }
+};

api/swagger/swagger.yaml

@@ -87,9 +87,9 @@ paths:
               lastName:
                 type: string
             # $ref: '#/definitions/contact'
-      # security:
-      #   - appid: []
-      #   - appkey: []
+      security:
+        - appid: []
+        - appkey: []
       responses:
         '200':
           description: Contact Response

index.js

@@ -3,16 +3,13 @@
 var SwaggerRestify = require('swagger-restify-mw');
 var restify = require('restify');
 var app = restify.createServer();
+const securityHandlers = require('./api/helpers/security-handlers');
 
 module.exports = app; // for testing
 
 var config = {
   appRoot: __dirname, // required config
-  swaggerSecurityHandlers: {
-  	appid: function appidSecurityHandler(req, authOrSecDef, scopesOrApiKey, cb) {
-  		cb();
-  	}
-  }
+  swaggerSecurityHandlers: securityHandlers,
 };
 
 SwaggerRestify.create(config, function(err, swaggerRestify) {

package.json

@@ -14,11 +14,15 @@
     "swagger-restify-mw": "^0.7.0"
   },
   "devDependencies": {
+    "nodemon": "^2.0.7",
     "should": "^7.1.0",
     "supertest": "^1.0.0"
   },
   "scripts": {
-    "start": "node index.js",
+    "start": "nodemon index.js",
     "test": "swagger project test"
+  },
+  "nodemonConfig": {
+    "ext": "js,json,yaml"
   }
 }

test/api/controllers/hello_world.js

@@ -1,7 +1,7 @@
+/*
 var should = require('should');
 var request = require('supertest');
-var server = require('../../../app');
-
+var server = require('../../../index');
 describe('controllers', function() {
 
   describe('hello_world', function() {
@@ -46,3 +46,4 @@ describe('controllers', function() {
   });
 
 });
+*/

test/api/helpers/security-handlers.js

@@ -0,0 +1,149 @@
+const request = require('supertest');
+const should = require('should');
+const server = require('../../../index');
+const securityHandlers = require('../../../api/helpers/security-handlers');
+
+describe('securityHandlers', function() {
+  describe('appid', function() {
+    it('should pass authenticate', function(done) {
+      securityHandlers.appid(
+        {
+          headers: {
+            'x-appid': 'social-safety-net',
+          }
+        },
+        {
+          type: 'apikey',
+          in: 'header',
+          name: 'x-appid',
+        },
+        null,
+        (args) => {
+          if (args != null) {
+            throw new Error(`Authentication didn't succeed`);
+          }
+          done();
+        }
+      );
+    });
+
+    it('should fail authentication', function(done) {
+      securityHandlers.appid(
+        {
+          headers: {
+            'x-appid': null,
+          }
+        },
+        {
+          type: 'apikey',
+          in: 'header',
+          name: 'x-appid',
+        },
+        null,
+        (args) => {
+          if (args == null) {
+            throw new Error(`Authentication didn't fail`);
+          }
+          done();
+        }
+      );
+    });
+  });
+
+  describe('appkey', function() {
+    it('should pass authenticate', function(done) {
+      securityHandlers.appkey(
+        {
+          headers: {
+            'x-appkey': 'alohomora',
+          }
+        },
+        {
+          type: 'apikey',
+          in: 'header',
+          name: 'x-appkey',
+        },
+        null,
+        (args) => {
+          if (args != null) {
+            throw new Error(`Authentication didn't succeed`);
+          }
+          done();
+        }
+      );
+    });
+
+    it('should fail authentication', function(done) {
+      securityHandlers.appkey(
+        {
+          headers: {
+            'x-appkey': null,
+          }
+        },
+        {
+          type: 'apikey',
+          in: 'header',
+          name: 'x-appkey',
+        },
+        null,
+        (args) => {
+          if (args == null) {
+            throw new Error(`Authentication didn't fail`);
+          }
+          done();
+        }
+      );
+    });
+  });
+
+  describe('api test', function() {
+    it('should pass authenticate with appkey', function(done) {
+      request(server)
+        .post('/contacts')
+        .send({ firstName: 'Jane', lastName: 'Doe'})
+        .set('Content-Type', 'application/json')
+        .set('X-APPKEY', 'alohomora')
+        .expect('Content-Type', /json/)
+        .expect(200, done);
+    });
+
+    it('should pass authenticate with appid', function(done) {
+      request(server)
+        .post('/contacts')
+        .send({ firstName: 'Jane', lastName: 'Doe'})
+        .set('Content-Type', 'application/json')
+        .set('X-APPID', 'social-safety-net')
+        .expect('Content-Type', /json/)
+        .expect(200, done);
+    });
+
+    it('should fail authenticate with wrong appkey', function(done) {
+      request(server)
+        .post('/contacts')
+        .send({ firstName: 'Jane', lastName: 'Doe'})
+        .set('Content-Type', 'application/json')
+        .set('X-APPKEY', 'BAD-APPKEY')
+        .expect('Content-Type', /json/)
+        .expect(401, done);
+    });
+
+    it('should fail authenticate with wrong appid', function(done) {
+      request(server)
+        .post('/contacts')
+        .send({ firstName: 'Jane', lastName: 'Doe'})
+        .set('Content-Type', 'application/json')
+        .set('X-APPID', 'BAD-APPID')
+        .expect('Content-Type', /json/)
+        .expect(401, done);
+    });
+
+    it('should fail authenticate with no security headers passed', function(done) {
+      request(server)
+        .post('/contacts')
+        .send({ firstName: 'Jane', lastName: 'Doe'})
+        .set('Content-Type', 'application/json')
+        .expect('Content-Type', /json/)
+        .expect(401, done);
+    });
+  });
+});