Add tests for userIdFromRequest()

Author: dmitrizagidulin

lib/handlers/allow.js

@@ -1,4 +1,7 @@
-module.exports.allow = allow
+module.exports = {
+  allow,
+  userIdFromRequest
+}
 
 var ACL = require('../acl-checker')
 var $rdf = require('rdflib')
@@ -93,15 +96,29 @@ function fetchDocument (host, ldp, baseUri) {
   }
 }
 
-function getUserId (req, callback) {
+/**
+ * Extracts the Web ID from the request object (for purposes of access control).
+ *
+ * @param req {IncomingRequest}
+ *
+ * @return {string|null} Web ID
+ */
+function userIdFromRequest (req) {
   let userId
+  let locals = req.app.locals
 
   if (req.session.userId) {
     userId = req.session.userId
-  } else if (req.claims) {
-    userId = req.claims.sub
+  } else if (locals.authMethod === 'oidc') {
+    userId = locals.oidc.webIdFromClaims(req.claims)
   }
 
+  return userId
+}
+
+function getUserId (req, callback) {
+  let userId = userIdFromRequest(req)
+
   callback(null, userId)
   // var onBehalfOf = req.get('On-Behalf-Of')
   // if (!onBehalfOf) {

package.json

@@ -58,7 +58,7 @@
     "node-forge": "^0.6.38",
     "nodemailer": "^3.1.4",
     "nomnom": "^1.8.1",
-    "oidc-auth-manager": "^0.4.1",
+    "oidc-auth-manager": "^0.5.0",
     "oidc-op-express": "^0.0.3",
     "rdflib": "^0.15.0",
     "recursive-readdir": "^2.1.0",
@@ -77,6 +77,7 @@
   },
   "devDependencies": {
     "chai": "^3.5.0",
+    "dirty-chai": "^1.2.2",
     "hippie": "^0.5.0",
     "mocha": "^3.2.0",
     "nock": "^9.0.2",

test/unit/acl-checker.js

@@ -1,7 +1,15 @@
 'use strict'
 const proxyquire = require('proxyquire')
-const assert = require('chai').assert
+const chai = require('chai')
+const { assert, expect } = chai
+const dirtyChai = require('dirty-chai')
+chai.use(dirtyChai)
+const sinon = require('sinon')
+const sinonChai = require('sinon-chai')
+chai.use(sinonChai)
+chai.should()
 const debug = require('../../lib/debug').ACL
+const { userIdFromRequest } = require('../../lib/handlers/allow')
 
 class PermissionSetAlwaysGrant {
   checkAccess () {
@@ -19,6 +27,44 @@ class PermissionSetAlwaysError {
   }
 }
 
+describe('Allow handler', () => {
+  let req
+  let aliceWebId = 'https://alice.example.com/#me'
+
+  beforeEach(() => {
+    req = { app: { locals: {} }, session: {} }
+  })
+
+  describe('userIdFromRequest()', () => {
+    it('should first look in session.userId', () => {
+      req.session.userId = aliceWebId
+
+      let userId = userIdFromRequest(req)
+
+      expect(userId).to.equal(aliceWebId)
+    })
+
+    it('should use webIdFromClaims() if applicable', () => {
+      req.app.locals.authMethod = 'oidc'
+      req.claims = {}
+
+      let webIdFromClaims = sinon.stub().returns(aliceWebId)
+      req.app.locals.oidc = { webIdFromClaims }
+
+      let userId = userIdFromRequest(req)
+
+      expect(userId).to.equal(aliceWebId)
+      expect(webIdFromClaims).to.have.been.calledWith(req.claims)
+    })
+
+    it('should return falsy if all else fails', () => {
+      let userId = userIdFromRequest(req)
+
+      expect(userId).to.not.be.ok()
+    })
+  })
+})
+
 describe('ACLChecker unit test', () => {
   it('should callback with null on grant success', done => {
     let ACLChecker = proxyquire('../../lib/acl-checker', {