Xinwen Deng / aem-src

csrf.test.js 4.04 KB
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 
/*
 * ADOBE CONFIDENTIAL
 * __________________
 *
 *  Copyright 2015 Adobe Systems Incorporated
 *  All Rights Reserved.
 *
 * NOTICE:  All information contained herein is, and remains
 * the property of Adobe Systems Incorporated and its suppliers,
 * if any.  The intellectual and technical concepts contained
 * herein are proprietary to Adobe Systems Incorporated and its
 * suppliers and are protected by trade secret or copyright law.
 * Dissemination of this information or reproduction of this material
 * is strictly forbidden unless prior written permission is obtained
 * from Adobe Systems Incorporated.
 */

/* eslint max-nested-callbacks: [2, 10]*/

/* globals describe, expect, beforeEach, afterEach, it, xit, sinon */
define(['screens/player/shared/csrf'], function(CSRFSupport) {
    'use strict';

    var server;

    var fakeServerURL = 'http://fake.server.com';

    var fakeData = {
        token: 'test-token-1234'
    };

    var fakeResponse = [200, { 'Content-Type': 'application/json'}, JSON.stringify(fakeData)];

    function validateToken(token) {
        expect(token).equals(fakeData.token);
    }

    beforeEach(function() {
        server = sinon.fakeServer.create();
        server.autoRespond = true;
        server.numRequests = 0;
        server.respondWith(
            'GET',
            fakeServerURL + '/libs/granite/csrf/token.json',
            function(request) {
                server.numRequests++;
                request.respond.apply(request, fakeResponse);
            }
        );

    });

    afterEach(function() {
        server.restore();
    });

    describe('screens/player/shared/csrf', function() {

        it('should be defined', function() {
            // noinspection BadExpressionStatementJS
            expect(CSRFSupport).to.exist;
        });

        it('should retrieve the token', function(done) {
            var csrf = new CSRFSupport({
                serverURL: fakeServerURL
            });
            csrf.getToken()
                .then(validateToken)
                .then(done)
                .catch(done);
        });

        it('should use the cached token', function(done) {
            var csrf = new CSRFSupport({
                serverURL: fakeServerURL
            });
            csrf.getToken()
                .then(validateToken)
                .then(function() {
                    return csrf.getToken();
                })
                .then(validateToken)
                .then(function() {
                    if (server.numRequests > 1) {
                        done(new Error('server should only be requested once. ' + server.numRequests + ' requests'));
                    } else {
                        done();
                    }
                })
                .catch(done);
            server.respond();
        });

        it('should refetch the token after it is expired', function(done) {
            var csrf = new CSRFSupport({
                serverURL: fakeServerURL,
                expirationTime: -1000 // compensate for fast running tests.
            });
            csrf.getToken()
                .then(validateToken)
                .then(function() {
                    return csrf.getToken();
                })
                .then(validateToken)
                .then(function() {
                    if (server.numRequests < 2) {
                        done(new Error('token should be refetched. ' + server.numRequests + ' requests'));
                    } else {
                        done();
                    }
                })
                .catch(done);
            server.respond();
        });

        xit('prepareXHR()', function() {
            var FAKE_TOKEN = 'FOO';
            var spy = sinon.spy();

            new CSRFSupport({
                serverURL: fakeServerURL
            }).prepareXHR.call({
                getToken: function() {
                    return Promise.resolve(FAKE_TOKEN);
                }
            }, {
                setRequestHeader: spy
            });
            spy.should.have.been.calledOnce;
        });

    });
});