-
Notifications
You must be signed in to change notification settings - Fork 199
/
auth.e2e-spec.ts
109 lines (98 loc) · 3.46 KB
/
auth.e2e-spec.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
import { SecRunner } from '@sectester/runner';
import { TestType } from '@sectester/scan';
import axios from 'axios';
const generateToken = async (jwtType) => {
const { headers } = await axios.post(
`${process.env.SEC_TESTER_TARGET}/api/auth/jwt/${jwtType}/login`,
{
user: 'admin',
password: 'admin',
op: 'basic'
}
);
return headers.authorization;
};
describe('/api', () => {
const timeout = 600000;
jest.setTimeout(timeout);
let runner: SecRunner;
beforeEach(async () => {
runner = new SecRunner({ hostname: process.env.BRIGHT_CLUSTER });
await runner.init();
});
afterEach(() => runner.clear());
describe('GET /auth/jwt/{jwtType}/validate', () => {
it('should contain secure implementation of JSON Web Token (JWT)', async () => {
const jwtType = 'kid-sql';
const token = await generateToken(jwtType);
await runner
.createScan({ tests: [TestType.JWT], name: `JWT ${jwtType}` })
.timeout(timeout)
.run({
method: 'GET',
headers: { authorization: token },
url: `${process.env.SEC_TESTER_TARGET}/api/auth/jwt/${jwtType}/validate`
});
});
it('should contain secure implementation of JSON Web Token (JWT)', async () => {
const jwtType = 'weak-key';
const token = await generateToken(jwtType);
await runner
.createScan({ tests: [TestType.JWT], name: `JWT ${jwtType}` })
.timeout(timeout)
.run({
method: 'GET',
headers: { authorization: token },
url: `${process.env.SEC_TESTER_TARGET}/api/auth/jwt/${jwtType}/validate`
});
});
it('should contain secure implementation of JSON Web Token (JWT)', async () => {
const jwtType = 'jku';
const token = await generateToken(jwtType);
await runner
.createScan({ tests: [TestType.JWT], name: `JWT ${jwtType}` })
.timeout(timeout)
.run({
method: 'GET',
headers: { authorization: token },
url: `${process.env.SEC_TESTER_TARGET}/api/auth/jwt/${jwtType}/validate`
});
});
it('should contain secure implementation of JSON Web Token (JWT)', async () => {
const jwtType = 'jwk';
const token = await generateToken(jwtType);
await runner
.createScan({ tests: [TestType.JWT], name: `JWT ${jwtType}` })
.timeout(timeout)
.run({
method: 'GET',
headers: { authorization: token },
url: `${process.env.SEC_TESTER_TARGET}/api/auth/jwt/${jwtType}/validate`
});
});
it('should contain secure implementation of JSON Web Token (JWT)', async () => {
const jwtType = 'x5c';
const token = await generateToken(jwtType);
await runner
.createScan({ tests: [TestType.JWT], name: `JWT ${jwtType}` })
.timeout(timeout)
.run({
method: 'GET',
headers: { authorization: token },
url: `${process.env.SEC_TESTER_TARGET}/api/auth/jwt/${jwtType}/validate`
});
});
it('should contain secure implementation of JSON Web Token (JWT)', async () => {
const jwtType = 'x5u';
const token = await generateToken(jwtType);
await runner
.createScan({ tests: [TestType.JWT], name: `JWT ${jwtType}` })
.timeout(timeout)
.run({
method: 'GET',
headers: { authorization: token },
url: `${process.env.SEC_TESTER_TARGET}/api/auth/jwt/${jwtType}/validate`
});
});
});
});