|
|
@@ -173,6 +173,45 @@ describe('Strategy', function() {
|
|
|
.authenticate();
|
|
|
}); // should fail when message is not yet valid
|
|
|
|
|
|
+ it('should fail when nonce is invalid', function(done) {
|
|
|
+ clock = sinon.useFakeTimers(1654640839635);
|
|
|
+
|
|
|
+ chai.passport.use(new Strategy(function(address, cb) {
|
|
|
+ expect(address).to.equal('0xCC6F4DF4B758C4DE3203e8842E2d8CAc564D7758');
|
|
|
+ return cb(null, { id: '248289761001' });
|
|
|
+ }))
|
|
|
+ .request(function(req) {
|
|
|
+ req.connection = {};
|
|
|
+ req.headers.host = 'localhost:3000';
|
|
|
+ req.body = {
|
|
|
+ message: 'localhost:3000 wants you to sign in with your Ethereum account:\n' +
|
|
|
+ '0xCC6F4DF4B758C4DE3203e8842E2d8CAc564D7758\n' +
|
|
|
+ '\n' +
|
|
|
+ 'Sign in with Ethereum to the app.\n' +
|
|
|
+ '\n' +
|
|
|
+ 'URI: http://localhost:3000\n' +
|
|
|
+ 'Version: 1\n' +
|
|
|
+ 'Chain ID: 1\n' +
|
|
|
+ 'Nonce: VjglqeaSMDbPSYe0K\n' +
|
|
|
+ 'Issued At: 2022-06-07T16:28:10.957Z',
|
|
|
+ signature: '0xb303d03782c532e2371e3d75a8b2b093c2dceb5faed5d07d6506be96be783245515db6ad55ad6d598ebdf1f7e1c5cb0d24e7147bbad47d3b9d8dfbcfab2ddcc71b'
|
|
|
+ };
|
|
|
+ req.session = {
|
|
|
+ messages: [],
|
|
|
+ 'ethereum:siwe': {
|
|
|
+ nonce: 'Xri9Uq8fydQXUDHx'
|
|
|
+ }
|
|
|
+ };
|
|
|
+ })
|
|
|
+ .fail(function(challenge, status) {
|
|
|
+ expect(challenge).to.deep.equal({ message: 'Invalid nonce.' });
|
|
|
+ expect(status).to.equal(403);
|
|
|
+ done();
|
|
|
+ })
|
|
|
+ .error(done)
|
|
|
+ .authenticate();
|
|
|
+ }); // should fail when message is invalid
|
|
|
+
|
|
|
it('should fail when signature is invalid', function(done) {
|
|
|
chai.passport.use(new Strategy(function(address, cb) {
|
|
|
expect(address).to.equal('0xCC6F4DF4B758C4DE3203e8842E2d8CAc564D7758');
|
Jared Hanson