it('relies SAML invalidate call even if access token is presented.', async () => { const request = requestFixture({ search: '?SAMLRequest=xxx%20yyy' }); callWithInternalUser.withArgs('shield.samlInvalidate').resolves({ redirect: null }); const authenticationResult = await provider.deauthenticate(request, { accessToken: 'x-saml-token', refreshToken: 'x-saml-refresh-token', }); sinon.assert.calledOnce(callWithInternalUser); sinon.assert.calledWithExactly(callWithInternalUser, 'shield.samlInvalidate', { body: { queryString: 'SAMLRequest=xxx%20yyy', acs: 'test-protocol://test-hostname:1234/test-base-path/api/security/v1/saml', }, }); expect(authenticationResult.redirected()).toBe(true); expect(authenticationResult.redirectURL).toBe('/logged_out'); });
promizr.reduceRight(list, reduceTotal, iterator).then(result => { sinon.assert.calledThrice(spy); spy.getCall(0).args[0].should.equal(reduceTotal); spy.getCall(0).args[1].should.equal(list[2]); spy.getCall(1).args[0].should.equal(reduceTotal - list[2]); spy.getCall(1).args[1].should.equal(list[1]); spy.getCall(2).args[0].should.equal(reduceTotal - list[2] - list[1]); spy.getCall(2).args[1].should.equal(list[0]); }).then(done, done);
it('fails if SAML logout call fails.', async () => { const request = requestFixture(); const accessToken = 'x-saml-token'; const refreshToken = 'x-saml-refresh-token'; const failureReason = new Error('Realm is misconfigured!'); callWithInternalUser.withArgs('shield.samlLogout').rejects(failureReason); const authenticationResult = await provider.deauthenticate(request, { accessToken, refreshToken, }); sinon.assert.calledOnce(callWithInternalUser); sinon.assert.calledWithExactly(callWithInternalUser, 'shield.samlLogout', { body: { token: accessToken, refresh_token: refreshToken }, }); expect(authenticationResult.failed()).toBe(true); expect(authenticationResult.error).toBe(failureReason); });
it('does not handle `authorization` header with unsupported schema even if state contains a valid token.', async () => { const request = requestFixture({ headers: { authorization: 'Basic some:credentials' } }); const authenticationResult = await provider.authenticate(request, { accessToken: 'some-valid-token', refreshToken: 'some-valid-refresh-token', }); sinon.assert.notCalled(callWithRequest); expect(request.headers.authorization).toBe('Basic some:credentials'); expect(authenticationResult.notHandled()).toBe(true); });
it('succeeds if only `authorization` header is available.', async () => { const request = BasicCredentials.decorateRequest(requestFixture(), 'user', 'password'); const user = { username: '******' }; callWithRequest.withArgs(request, 'shield.authenticate').resolves(user); const authenticationResult = await provider.authenticate(request); expect(authenticationResult.succeeded()).toBe(true); expect(authenticationResult.user).toEqual(user); sinon.assert.calledOnce(callWithRequest); });
it('predicates are called with the same context and proper arguments', function () { const exampleContext = {some: 'context'}, structure = { key0: sinon.stub().returns(true), key1: sinon.stub().returns(true) }, exampleObject = { key0: 1, key1: 'string' }; const extraArgs = [2, 3]; const args = [exampleObject, ...extraArgs]; isValidStructure.call(exampleContext, structure, ...args); isValidStructure(structure).call(exampleContext, ...args); sinon.assert.calledTwice(structure.key0); sinon.assert.calledTwice(structure.key1); sinon.assert.alwaysCalledOn(structure.key0, exampleContext); sinon.assert.alwaysCalledOn(structure.key1, exampleContext); sinon.assert.calledWith(structure.key0, 1, ...extraArgs); sinon.assert.calledWith(structure.key1, 'string', ...extraArgs); });
it('clears session if provider failed to authenticate request with 401 with active session.', async () => { const systemAPIRequest = requestFixture({ headers: { xCustomHeader: 'xxx' } }); const notSystemAPIRequest = requestFixture({ headers: { xCustomHeader: 'yyy' } }); session.get.withArgs(systemAPIRequest).resolves({ state: { authorization: 'Basic xxx' }, provider: 'basic', }); session.get.withArgs(notSystemAPIRequest).resolves({ state: { authorization: 'Basic yyy' }, provider: 'basic', }); session.clear.resolves(); server.plugins.kibana.systemApi.isSystemApiRequest .withArgs(systemAPIRequest) .returns(true) .withArgs(notSystemAPIRequest) .returns(false); cluster.callWithRequest .withArgs(systemAPIRequest) .rejects(Boom.unauthorized('token expired')) .withArgs(notSystemAPIRequest) .rejects(Boom.unauthorized('invalid token')); const systemAPIAuthenticationResult = await authenticate(systemAPIRequest); expect(systemAPIAuthenticationResult.failed()).toBe(true); sinon.assert.calledOnce(session.clear); sinon.assert.calledWithExactly(session.clear, systemAPIRequest); const notSystemAPIAuthenticationResult = await authenticate(notSystemAPIRequest); expect(notSystemAPIAuthenticationResult.failed()).toBe(true); sinon.assert.calledTwice(session.clear); sinon.assert.calledWithExactly(session.clear, notSystemAPIRequest); });
it('should not create unnecessary subscriptions with computeds', function() { const kObsA = ko.observable("a"); const kObsB = ko.observable("b"); const spyA = sinon.spy((a: any) => a); const spyB = sinon.spy((a: any) => a); const gObsA = computed((use) => spyA(use(kObsA))); const gObsB = pureComputed((use) => spyB(use(kObsB))); // A computed notices a change immediately. assertResetSingleCall(spyA, undefined, "a"); assert.equal(gObsA.get(), "a"); kObsA("A"); assertResetSingleCall(spyA, undefined, "A"); assert.equal(gObsA.get(), "A"); sinon.assert.notCalled(spyA); // pureComputed notices a change only when looked at. sinon.assert.notCalled(spyB); assert.equal(gObsB.get(), "b"); assertResetSingleCall(spyB, undefined, "b"); kObsB("B"); sinon.assert.notCalled(spyB); assert.equal(gObsB.get(), "B"); assertResetSingleCall(spyB, undefined, "B"); // This is the crux of the matter: kObsB does not have a subscription. assert.equal(kObsA.getSubscriptionsCount(), 1); assert.equal(kObsB.getSubscriptionsCount(), 0); // pureComputed doesn't subscribe when inactive // Now subscribe to both gObs computeds. const spyA2 = sinon.spy((a: any) => a); const spyB2 = sinon.spy((a: any) => a); const lisA = gObsA.addListener(spyA2); const lisB = gObsB.addListener(spyB2); assertResetSingleCall(spyB, undefined, "B"); // Now pureComputed acts as computed and subscribes too. assert.equal(kObsA.getSubscriptionsCount(), 1); assert.equal(kObsB.getSubscriptionsCount(), 1); kObsA("aa"); assertResetSingleCall(spyA, undefined, "aa"); assertResetSingleCall(spyA2, undefined, "aa", "A"); kObsB("bb"); assertResetSingleCall(spyB, undefined, "bb"); assertResetSingleCall(spyB2, undefined, "bb", "B"); // When we unsubscribe, count should go back to 0. lisA.dispose(); lisB.dispose(); assert.equal(kObsA.getSubscriptionsCount(), 1); assert.equal(kObsB.getSubscriptionsCount(), 0); kObsA("AA"); assertResetSingleCall(spyA, undefined, "AA"); sinon.assert.notCalled(spyA2); kObsB("bb"); sinon.assert.notCalled(spyB); sinon.assert.notCalled(spyB2); });
it('should work with nulls', function() { let f: Foo|null; let g: Foo|null; const obs = observable(""); const comp = computed(obs, (use, val) => val ? Foo.create(use.owner, val) : null); f = comp.get(); assert.strictEqual(f, null); sinon.assert.notCalled(fooConstruct); sinon.assert.notCalled(fooDispose); obs.set("b"); // This should trigger a re-evaluation of comp. g = comp.get(); assertResetSingleCall(fooConstruct, g, "b"); sinon.assert.notCalled(fooDispose); obs.set(""); // Triggers another reevaluation. f = comp.get(); assert.strictEqual(f, null); sinon.assert.notCalled(fooConstruct); assertResetSingleCall(fooDispose, g); assert.isTrue(g && g.isDisposed()); comp.dispose(); sinon.assert.notCalled(fooConstruct); sinon.assert.notCalled(fooDispose); });
test('validates various props', () => { const validators = { a: sinon.stub(), b: sinon.stub(), c: sinon.stub(), }; docValidator(validators)({ type: 'a', b: 'foo' }); sinon.assert.notCalled(validators.c); expect(validators.a.args).toEqual([[{ type: 'a', b: 'foo' }]]); expect(validators.b.args).toEqual([[{ type: 'a', b: 'foo' }]]); });