Skip to content

Instantly share code, notes, and snippets.

@plroebuck

plroebuck/superagent_with_credentials.md

Last active March 9, 2019 16:05
Show Gist options
  • Save plroebuck/fd85ed3bfd2c2ad49eff4f4e7c633d91 to your computer and use it in GitHub Desktop.
Save plroebuck/fd85ed3bfd2c2ad49eff4f4e7c633d91 to your computer and use it in GitHub Desktop.
Download ZIP
SuperAgent & Mocha - external authorization credentials
Raw
superagent_with_credentials.md

"test/check-limits.spec.js"

const assert = require('assert');
const fs = require('fs');
const path = require('path');
const URL = require('url').URL;
const request = require('superagent');

const projdir = '..';
const CRLF = '\r\n';
let agent;
let authfile;
let serverURL;

before(() => {
  const envvar = 'SERVER_URL';
  if (!process.env[envvar]) {
    throw new Error(`environment variable "${envvar}" must be set`);
  }
  serverURL = new URL(process.env[envvar]);
  authfile = path.join(projdir, 'auth', serverURL.hostname + '.json');
  if (!fs.existsSync(authfile)) {
    throw new Error(`credentials file "${authfile}" does not exist`);
  }
});

before(async () => { 
  console.log(`Running test using server URL: "${serverURL.href}"`);
  agent = await request.agent(serverURL.href);
  const credentials = require(authfile);
  await agent
    .post('/login')
    // :TBD: Why using `.send` rather than `.auth`?
    // .auth(credentials.username, credentials.password);
    .send(credentials);
});

describe('Check limit', () => {
  it('should respond with "Limit Exceeded" for more than 10 Products', async () => {
    const products = [
      'asdfasdfad',
      'asdfasdf',
      'asdf',
      'asdf',
      'asdf',
      'asdf',
      'asdf',
      'asd',
      'fas',
      'df',
      'asdf',
      'asd',
      'fasd',
      'f',
      'asdfasdf'
    ];
    assert.ok(products.length > 10);
    await agent
      .get('/org')
      .query({ products: encodeURIComponent(products.join(CRLF)) })
      .accept('application/json')
      .timeout(5000)
      .ok(res => res.error)
      .then(res => {
        if (!res.text.includes('Limit exceeded')) {
          throw new Error('Product limit failed');
        }
      });
  });
});

Once.

$ cd /path/to/project
## Create authentication credentials directory
$ mkdir auth
$ chmod 700 auth
$ cat << EOF >> "auth/blahblah.com.json"
{
  "username": "xxx",
  "password": "yyy"
}
EOF
## Make sure credentials are **never** added to source control
$ echo "auth/" >> .gitignore
$ git add .gitignore
$ git commit -m "Prevent credentials directory from being committed"

Test.

$ SERVER_URL='https://blahblah.com' npm test
# -or-
$ SERVER_URL='https://blahblah.com' mocha
@plroebuck
Copy link
Author

plroebuck commented Mar 1, 2019
edited

Based on VenPot's question here and here. The SO answers all suck to varying degrees, encouraging bad security habits...
Untested.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment