@auth0/auth0-checkmate 1.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (114) hide show
  1. package/.github/CODEOWNERS +1 -0
  2. package/.github/workflows/npm-release.yml +77 -0
  3. package/.github/workflows/sca_scan.yml +10 -0
  4. package/.github/workflows/test.yml +48 -0
  5. package/AUTHORS +5 -0
  6. package/LICENSE +203 -0
  7. package/README.md +166 -0
  8. package/THIRD-PARTY-NOTICES +226 -0
  9. package/analyzer/lib/actions/checkActionsHardCodedValues.js +151 -0
  10. package/analyzer/lib/actions/checkActionsRuntime.js +105 -0
  11. package/analyzer/lib/actions/checkDependencies.js +111 -0
  12. package/analyzer/lib/attack_protection/checkBotDetectionSetting.js +76 -0
  13. package/analyzer/lib/attack_protection/checkBreachedPassword.js +140 -0
  14. package/analyzer/lib/attack_protection/checkBruteForce.js +89 -0
  15. package/analyzer/lib/attack_protection/checkSuspiciousIPThrottling.js +89 -0
  16. package/analyzer/lib/canonical_domain/checkCanonicalDomain.js +63 -0
  17. package/analyzer/lib/clients/checkAllowedCallbacks.js +122 -0
  18. package/analyzer/lib/clients/checkAllowedLogoutUrl.js +124 -0
  19. package/analyzer/lib/clients/checkApplicationLoginUri.js +125 -0
  20. package/analyzer/lib/clients/checkCrossOriginAuthentication.js +91 -0
  21. package/analyzer/lib/clients/checkGrantTypes.js +138 -0
  22. package/analyzer/lib/clients/checkJWTSignAlg.js +118 -0
  23. package/analyzer/lib/clients/checkRefreshToken.js +108 -0
  24. package/analyzer/lib/clients/checkWebOrigins.js +55 -0
  25. package/analyzer/lib/constants.js +63 -0
  26. package/analyzer/lib/custom_domain/checkCustomDomain.js +53 -0
  27. package/analyzer/lib/databases/checkAuthenticationMethods.js +98 -0
  28. package/analyzer/lib/databases/checkDASHardCodedValues.js +163 -0
  29. package/analyzer/lib/databases/checkEmailAttributeVerification.js +114 -0
  30. package/analyzer/lib/databases/checkEnabledDatabaseCustomization.js +83 -0
  31. package/analyzer/lib/databases/checkPasswordComplexity.js +100 -0
  32. package/analyzer/lib/databases/checkPasswordHistory.js +92 -0
  33. package/analyzer/lib/databases/checkPasswordNoPersonalInfo.js +91 -0
  34. package/analyzer/lib/databases/checkPasswordPolicy.js +95 -0
  35. package/analyzer/lib/databases/checkPromotedDBConnection.js +96 -0
  36. package/analyzer/lib/email_provider/checkEmailProvider.js +37 -0
  37. package/analyzer/lib/email_templates/checkEmailTemplates.js +71 -0
  38. package/analyzer/lib/error_page_template/checkErrorPageTemplate.js +153 -0
  39. package/analyzer/lib/event_streams/checkEventStreams.js +71 -0
  40. package/analyzer/lib/executeCheck.js +12 -0
  41. package/analyzer/lib/hooks/checkHooks.js +43 -0
  42. package/analyzer/lib/listOfAnalyser.js +24 -0
  43. package/analyzer/lib/log_streams/checkLogStream.js +60 -0
  44. package/analyzer/lib/logger.js +16 -0
  45. package/analyzer/lib/multifactor/checkGuardianFactors.js +72 -0
  46. package/analyzer/lib/multifactor/checkGuardianPolicy.js +40 -0
  47. package/analyzer/lib/network_acl/checkNetworkACL.js +35 -0
  48. package/analyzer/lib/rules/checkRules.js +102 -0
  49. package/analyzer/lib/tenant_settings/checkDefaultAudience.js +53 -0
  50. package/analyzer/lib/tenant_settings/checkDefaultDirectory.js +48 -0
  51. package/analyzer/lib/tenant_settings/checkEnabledDynamicClientRegistration.js +60 -0
  52. package/analyzer/lib/tenant_settings/checkSandboxVersion.js +37 -0
  53. package/analyzer/lib/tenant_settings/checkSessionLifetime.js +95 -0
  54. package/analyzer/lib/tenant_settings/checkSupportEmail.js +61 -0
  55. package/analyzer/lib/tenant_settings/checkSupportUrl.js +61 -0
  56. package/analyzer/lib/tenant_settings/checkTenantLoginUrl.js +71 -0
  57. package/analyzer/lib/tenant_settings/checkTenantLogoutUrl.js +60 -0
  58. package/analyzer/report.js +404 -0
  59. package/analyzer/tools/auth0.js +443 -0
  60. package/analyzer/tools/helpers.js +71 -0
  61. package/analyzer/tools/summary.js +84 -0
  62. package/analyzer/tools/utils.js +72 -0
  63. package/bin/index.js +393 -0
  64. package/eslint.config.mjs +16 -0
  65. package/images/auth0.png +0 -0
  66. package/images/okta.png +0 -0
  67. package/locales/en.json +1417 -0
  68. package/package.json +66 -0
  69. package/tests/actions/checkActionsHardCodedValues.test.js +106 -0
  70. package/tests/actions/checkActionsRuntime.test.js +102 -0
  71. package/tests/actions/checkDependencies.test.js +131 -0
  72. package/tests/attack_protection/checkBreachedPassword.test.js +253 -0
  73. package/tests/attack_protection/checkBruteForce.test.js +181 -0
  74. package/tests/attack_protection/checkSuspiciousIPThrottling.test.js +222 -0
  75. package/tests/canonical_domain/checkCanonicalDomain.test.js +94 -0
  76. package/tests/clients/checkAllowedCallbacks.test.js +149 -0
  77. package/tests/clients/checkAllowedLogoutUrl.test.js +149 -0
  78. package/tests/clients/checkApplicationLoginUri.test.js +180 -0
  79. package/tests/clients/checkCrossOriginAuthentication.test.js +99 -0
  80. package/tests/clients/checkGrantTypes.test.js +154 -0
  81. package/tests/clients/checkJWTSignAlg.test.js +121 -0
  82. package/tests/clients/checkRefreshToken.test.js +63 -0
  83. package/tests/clients/checkWebOrigins.test.js +140 -0
  84. package/tests/custom_domain/checkCustomDomain.test.js +73 -0
  85. package/tests/databases/checkAuthenticationMethods.test.js +124 -0
  86. package/tests/databases/checkDASHardCodedValues.test.js +77 -0
  87. package/tests/databases/checkEmailAttributeVerification.test.js +79 -0
  88. package/tests/databases/checkEnabledDatabaseCustomization.test.js +68 -0
  89. package/tests/databases/checkPasswordComplexity.test.js +127 -0
  90. package/tests/databases/checkPasswordHistory.test.js +100 -0
  91. package/tests/databases/checkPasswordNoPersonalInfo.test.js +94 -0
  92. package/tests/databases/checkPasswordPolicy.test.js +161 -0
  93. package/tests/databases/checkPromotedDBConnection.test.js +62 -0
  94. package/tests/email_provider/checkEmailProvider.test.js +58 -0
  95. package/tests/email_templates/checkEmailTemplates.test.js +120 -0
  96. package/tests/error_page_template/checkErrorPageTemplate.test.js +315 -0
  97. package/tests/event_streams/checkEventStreams.test.js +118 -0
  98. package/tests/hooks/checkHooks.test.js +112 -0
  99. package/tests/log_streams/checkLogStream.test.js +140 -0
  100. package/tests/multifactor/checkGuardianFactors.test.js +94 -0
  101. package/tests/multifactor/checkGuardianPolicy.test.js +49 -0
  102. package/tests/rules/checkRules.test.js +102 -0
  103. package/tests/tenant_settings/checkDefaultAudience.test.js +62 -0
  104. package/tests/tenant_settings/checkDefaultDirectory.test.js +62 -0
  105. package/tests/tenant_settings/checkEnabledDynamicClientRegistration.test.js +97 -0
  106. package/tests/tenant_settings/checkSandboxVersion.test.js +50 -0
  107. package/tests/tenant_settings/checkSessionLifetime.test.js +108 -0
  108. package/tests/tenant_settings/checkSupportEmail.test.js +77 -0
  109. package/tests/tenant_settings/checkSupportUrl.test.js +77 -0
  110. package/tests/tenant_settings/checkTenantLoginUri.test.js +82 -0
  111. package/tests/tenant_settings/checkTenantLogoutUrl.test.js +108 -0
  112. package/tests/tools/auth0.test.js +833 -0
  113. package/tests/tools/helpers.test.js +692 -0
  114. package/views/pdf_cli_report.handlebars +571 -0
package/tests/log_streams/checkLogStream.test.js ADDED
@@ -0,0 +1,140 @@
1
+ const chai = require("chai");
2
+ const expect = chai.expect;
3
+
4
+ const checkLogStream = require("../../analyzer/lib/log_streams/checkLogStream");
5
+ const CONSTANTS = require("../../analyzer/lib/constants");
6
+
7
+ // Mock the CONSTANTS values
8
+ CONSTANTS.SUCCESS = "success";
9
+ CONSTANTS.FAIL = "fail";
10
+
11
+ describe("checkLogStream", function () {
12
+ it("should return fail when logStreams is empty", function () {
13
+ const options = { logStreams: [] };
14
+
15
+ checkLogStream(options, (report) => {
16
+ expect(report).to.deep.equal([
17
+ {
18
+ field: "log_stream_not_configured",
19
+ status: CONSTANTS.FAIL,
20
+ },
21
+ ]);
22
+ });
23
+ });
24
+
25
+ it("should return success when a log stream is active", function () {
26
+ const options = {
27
+ logStreams: [
28
+ {
29
+ id: "lst_0001",
30
+ name: "Auth0 Logstream",
31
+ type: "http",
32
+ status: "active",
33
+ filters: [],
34
+ isPriority: false,
35
+ },
36
+ ],
37
+ };
38
+
39
+ checkLogStream(options, (report) => {
40
+ expect(report).to.deep.equal([
41
+ {
42
+ field: "log_stream_active",
43
+ name: "Auth0 Logstream",
44
+ type: "http",
45
+ stream_status: "active",
46
+ status: CONSTANTS.SUCCESS,
47
+ },
48
+ ]);
49
+ });
50
+ });
51
+
52
+ it("should return fail when a log stream is inactive", function () {
53
+ const options = {
54
+ logStreams: [
55
+ {
56
+ id: "lst_0001",
57
+ name: "Auth0 Logstream",
58
+ type: "http",
59
+ status: "inactive",
60
+ filters: [],
61
+ isPriority: false,
62
+ },
63
+ ],
64
+ };
65
+
66
+ checkLogStream(options, (report) => {
67
+ expect(report).to.deep.equal([
68
+ {
69
+ field: "log_stream_inactive",
70
+ name: "Auth0 Logstream",
71
+ type: "http",
72
+ stream_status: "inactive",
73
+ status: CONSTANTS.FAIL,
74
+ },
75
+ ]);
76
+ });
77
+ });
78
+
79
+ it('should return an empty report if errorCode "insufficient_scope" is present', function () {
80
+ const options = {
81
+ logStreams: [
82
+ {
83
+ id: "lst_0001",
84
+ name: "Auth0 Logstream",
85
+ type: "http",
86
+ status: "active",
87
+ errorCode: "insufficient_scope",
88
+ filters: [],
89
+ isPriority: false,
90
+ },
91
+ ],
92
+ };
93
+
94
+ checkLogStream(options, (report) => {
95
+ expect(report).to.deep.equal([]); // The report should be empty for insufficient scope
96
+ });
97
+ });
98
+
99
+ it("should handle multiple log streams with mixed statuses", function () {
100
+ const options = {
101
+ logStreams: [
102
+ {
103
+ id: "lst_0001",
104
+ name: "Auth0 Logstream",
105
+ type: "http",
106
+ status: "active",
107
+ filters: [],
108
+ isPriority: false,
109
+ },
110
+ {
111
+ id: "lst_0000000000014672",
112
+ name: "Another Logstream",
113
+ type: "http",
114
+ status: "inactive",
115
+ filters: [],
116
+ isPriority: true,
117
+ },
118
+ ],
119
+ };
120
+
121
+ checkLogStream(options, (report) => {
122
+ expect(report).to.deep.equal([
123
+ {
124
+ field: "log_stream_active",
125
+ name: "Auth0 Logstream",
126
+ type: "http",
127
+ stream_status: "active",
128
+ status: CONSTANTS.SUCCESS,
129
+ },
130
+ {
131
+ field: "log_stream_inactive",
132
+ name: "Another Logstream",
133
+ type: "http",
134
+ stream_status: "inactive",
135
+ status: CONSTANTS.FAIL,
136
+ },
137
+ ]);
138
+ });
139
+ });
140
+ });
package/tests/multifactor/checkGuardianFactors.test.js ADDED
@@ -0,0 +1,94 @@
1
+ const chai = require("chai");
2
+ const expect = chai.expect;
3
+
4
+ const checkGuardianFactors = require("../../analyzer/lib/multifactor/checkGuardianFactors");
5
+ const CONSTANTS = require("../../analyzer/lib/constants");
6
+
7
+ describe("checkGuardianFactors", function () {
8
+ it("should return fail when no MFA factors are enabled", function () {
9
+ const options = {
10
+ guardianFactors: [
11
+ { name: "sms", enabled: false, trial_expired: false },
12
+ { name: "push-notification", enabled: false, trial_expired: false },
13
+ { name: "otp", enabled: false, trial_expired: false },
14
+ { name: "email", enabled: false, trial_expired: false },
15
+ { name: "duo", enabled: false, trial_expired: false },
16
+ { name: "webauthn-roaming", enabled: false, trial_expired: false },
17
+ { name: "webauthn-platform", enabled: false, trial_expired: false },
18
+ { name: "recovery-code", enabled: false, trial_expired: false },
19
+ ],
20
+ };
21
+
22
+ checkGuardianFactors(options, (report) => {
23
+ expect(report).to.deep.equal([
24
+ {
25
+ field: "mfa_factors_not_enabled",
26
+ status: CONSTANTS.FAIL,
27
+ },
28
+ ]);
29
+ });
30
+ });
31
+
32
+ it("should return success when one MFA factor is enabled", function () {
33
+ const options = {
34
+ guardianFactors: [
35
+ { name: "sms", enabled: false, trial_expired: false },
36
+ { name: "push-notification", enabled: false, trial_expired: false },
37
+ { name: "otp", enabled: true, trial_expired: false }, // enabled factor
38
+ { name: "email", enabled: false, trial_expired: false },
39
+ { name: "duo", enabled: false, trial_expired: false },
40
+ { name: "webauthn-roaming", enabled: false, trial_expired: false },
41
+ { name: "webauthn-platform", enabled: false, trial_expired: false },
42
+ { name: "recovery-code", enabled: false, trial_expired: false },
43
+ ],
44
+ };
45
+
46
+ checkGuardianFactors(options, (report) => {
47
+ expect(report).to.deep.equal([
48
+ {
49
+ field: "mfa_factors_enabled",
50
+ value: "otp",
51
+ status: CONSTANTS.SUCCESS,
52
+ },
53
+ ]);
54
+ });
55
+ });
56
+
57
+ it("should return success when multiple MFA factors are enabled", function () {
58
+ const options = {
59
+ guardianFactors: [
60
+ { name: "sms", enabled: true, trial_expired: false },
61
+ { name: "push-notification", enabled: false, trial_expired: false },
62
+ { name: "otp", enabled: true, trial_expired: false }, // enabled factor
63
+ { name: "email", enabled: false, trial_expired: false },
64
+ { name: "duo", enabled: false, trial_expired: false },
65
+ { name: "webauthn-roaming", enabled: false, trial_expired: false },
66
+ { name: "webauthn-platform", enabled: false, trial_expired: false },
67
+ { name: "recovery-code", enabled: false, trial_expired: false },
68
+ ],
69
+ };
70
+
71
+ checkGuardianFactors(options, (report) => {
72
+ expect(report).to.deep.equal([
73
+ {
74
+ field: "mfa_factors_enabled",
75
+ value: "smsotp", // concatenated list of enabled factors
76
+ status: CONSTANTS.SUCCESS,
77
+ },
78
+ ]);
79
+ });
80
+ });
81
+
82
+ it("should return fail when no guardianFactors are provided", function () {
83
+ const options = {};
84
+
85
+ checkGuardianFactors(options, (report) => {
86
+ expect(report).to.deep.equal([
87
+ {
88
+ field: "mfa_factors_not_enabled",
89
+ status: CONSTANTS.FAIL,
90
+ },
91
+ ]);
92
+ });
93
+ });
94
+ });
package/tests/multifactor/checkGuardianPolicy.test.js ADDED
@@ -0,0 +1,49 @@
1
+ const chai = require("chai");
2
+ const expect = chai.expect;
3
+
4
+ const checkGuardianPolicy = require("../../analyzer/lib/multifactor/checkGuardianPolicy");
5
+ const CONSTANTS = require("../../analyzer/lib/constants");
6
+
7
+ describe("checkGuardianPolicy", function () {
8
+ it("should return fail when guardianPolicies.policies is empty", function () {
9
+ const options = { guardianPolicies: { policies: [] } };
10
+
11
+ checkGuardianPolicy(options, (report) => {
12
+ expect(report).to.deep.equal([
13
+ {
14
+ field: "mfa_policy_set_to_never",
15
+ value: "never",
16
+ status: CONSTANTS.FAIL,
17
+ },
18
+ ]);
19
+ });
20
+ });
21
+
22
+ it("should return success when guardianPolicies.policies has a value", function () {
23
+ const options = { guardianPolicies: { policies: ["all-applications"] } };
24
+
25
+ checkGuardianPolicy(options, (report) => {
26
+ expect(report).to.deep.equal([
27
+ {
28
+ field: "mfa_policy_set",
29
+ value: "enabled",
30
+ status: CONSTANTS.SUCCESS,
31
+ },
32
+ ]);
33
+ });
34
+ });
35
+
36
+ it("should return fail when guardianPolicies is not provided", function () {
37
+ const options = {};
38
+
39
+ checkGuardianPolicy(options, (report) => {
40
+ expect(report).to.deep.equal([
41
+ {
42
+ field: "mfa_policy_set_to_never",
43
+ value: "never",
44
+ status: CONSTANTS.FAIL,
45
+ },
46
+ ]);
47
+ });
48
+ });
49
+ });
package/tests/rules/checkRules.test.js ADDED
@@ -0,0 +1,102 @@
1
+ const chai = require("chai");
2
+ const expect = chai.expect;
3
+
4
+ const checkRules = require("../../analyzer/lib/rules/checkRules");
5
+ const CONSTANTS = require("../../analyzer/lib/constants");
6
+
7
+ describe("checkRules", function () {
8
+ it("should return success when no rules are provided", function () {
9
+ const options = {};
10
+
11
+ checkRules(options, (report) => {
12
+ expect(report).to.deep.equal([
13
+ {
14
+ field: "no_enabled_rules",
15
+ status: CONSTANTS.SUCCESS,
16
+ },
17
+ ]);
18
+ });
19
+ });
20
+
21
+ it("should return fail for an enabled rule", function () {
22
+ const options = {
23
+ rules: [
24
+ {
25
+ id: "rul_YFDdYGJSIwMPzsZR",
26
+ enabled: true,
27
+ name: "Override SAML Certificate",
28
+ order: 14,
29
+ stage: "login_success",
30
+ },
31
+ ],
32
+ };
33
+
34
+ checkRules(options, (report) => {
35
+ expect(report).to.deep.equal([
36
+ {
37
+ name: "Override SAML Certificate",
38
+ value: "rul_YFDdYGJSIwMPzsZR",
39
+ field: "enabled_rules",
40
+ status: CONSTANTS.FAIL,
41
+ },
42
+ ]);
43
+ });
44
+ });
45
+
46
+ it("should return empty for disabled rules", function () {
47
+ const options = {
48
+ rules: [
49
+ {
50
+ id: "rul_IYlu62iBa6K52fBi",
51
+ enabled: false,
52
+ name: "Dump Rule",
53
+ order: 1,
54
+ stage: "login_success",
55
+ },
56
+ {
57
+ id: "rul_RFtsxXcHptdfNytp",
58
+ enabled: false,
59
+ name: "auth0-account-link-extension",
60
+ order: 7,
61
+ stage: "login_success",
62
+ },
63
+ ],
64
+ };
65
+
66
+ checkRules(options, (report) => {
67
+ expect(report).to.deep.equal([]);
68
+ });
69
+ });
70
+
71
+ it("should return fail for only rules with enabled state", function () {
72
+ const options = {
73
+ rules: [
74
+ {
75
+ id: "rul_YFDdYGJSIwMPzsZR",
76
+ enabled: true,
77
+ name: "Override SAML Certificate",
78
+ order: 14,
79
+ stage: "login_success",
80
+ },
81
+ {
82
+ id: "rul_IYlu62iBa6K52fBi",
83
+ enabled: false,
84
+ name: "Dump Rule",
85
+ order: 1,
86
+ stage: "login_success",
87
+ },
88
+ ],
89
+ };
90
+
91
+ checkRules(options, (report) => {
92
+ expect(report).to.deep.equal([
93
+ {
94
+ name: "Override SAML Certificate",
95
+ value: "rul_YFDdYGJSIwMPzsZR",
96
+ field: "enabled_rules",
97
+ status: CONSTANTS.FAIL,
98
+ },
99
+ ]);
100
+ });
101
+ });
102
+ });
package/tests/tenant_settings/checkDefaultAudience.test.js ADDED
@@ -0,0 +1,62 @@
1
+ const chai = require("chai");
2
+ const expect = chai.expect;
3
+
4
+ const checkDefaultAudience = require("../../analyzer/lib/tenant_settings/checkDefaultAudience");
5
+ const CONSTANTS = require("../../analyzer/lib/constants");
6
+
7
+ describe("checkDefaultAudience", function () {
8
+ it("should return an info report when default_audience is not set (null or empty)", function () {
9
+ const options = {
10
+ tenant: {
11
+ default_audience: null, // default_audience is null
12
+ },
13
+ };
14
+
15
+ checkDefaultAudience(options, (report) => {
16
+ expect(report).to.deep.equal([
17
+ {
18
+ field: "no_default_audience",
19
+ attr: "default_audience",
20
+ status: CONSTANTS.INFO,
21
+ },
22
+ ]);
23
+ });
24
+ });
25
+
26
+ it("should return an info report when default_audience is an empty string", function () {
27
+ const options = {
28
+ tenant: {
29
+ default_audience: "", // default_audience is an empty string
30
+ },
31
+ };
32
+
33
+ checkDefaultAudience(options, (report) => {
34
+ expect(report).to.deep.equal([
35
+ {
36
+ field: "no_default_audience",
37
+ attr: "default_audience",
38
+ status: CONSTANTS.INFO,
39
+ },
40
+ ]);
41
+ });
42
+ });
43
+
44
+ it("should return a fail report when default_audience is set to a non-empty value", function () {
45
+ const options = {
46
+ tenant: {
47
+ default_audience: "audience1", // default_audience is set to a non-empty string
48
+ },
49
+ };
50
+
51
+ checkDefaultAudience(options, (report) => {
52
+ expect(report).to.deep.equal([
53
+ {
54
+ field: "default_audience",
55
+ attr: "default_audience",
56
+ value: "audience1",
57
+ status: CONSTANTS.FAIL,
58
+ },
59
+ ]);
60
+ });
61
+ });
62
+ });
package/tests/tenant_settings/checkDefaultDirectory.test.js ADDED
@@ -0,0 +1,62 @@
1
+ const chai = require("chai");
2
+ const expect = chai.expect;
3
+
4
+ const checkDefaultDirectory = require("../../analyzer/lib/tenant_settings/checkDefaultDirectory");
5
+ const CONSTANTS = require("../../analyzer/lib/constants");
6
+
7
+ describe("checkDefaultDirectory", function () {
8
+ it("should return an info report when default_directory is not set (null or empty)", function () {
9
+ const options = {
10
+ tenant: {
11
+ default_directory: null, // default_directory is null
12
+ },
13
+ };
14
+
15
+ checkDefaultDirectory(options, (report) => {
16
+ expect(report).to.deep.equal([
17
+ {
18
+ field: "no_default_directory",
19
+ attr: "default_directory",
20
+ status: CONSTANTS.INFO,
21
+ },
22
+ ]);
23
+ });
24
+ });
25
+
26
+ it("should return an info report when default_directory is an empty string", function () {
27
+ const options = {
28
+ tenant: {
29
+ default_directory: "", // default_directory is an empty string
30
+ },
31
+ };
32
+
33
+ checkDefaultDirectory(options, (report) => {
34
+ expect(report).to.deep.equal([
35
+ {
36
+ field: "no_default_directory",
37
+ attr: "default_directory",
38
+ status: CONSTANTS.INFO,
39
+ },
40
+ ]);
41
+ });
42
+ });
43
+
44
+ it("should return an info report when default_directory is set to a non-empty value", function () {
45
+ const options = {
46
+ tenant: {
47
+ default_directory: "my-directory", // default_directory is set to a non-empty string
48
+ },
49
+ };
50
+
51
+ checkDefaultDirectory(options, (report) => {
52
+ expect(report).to.deep.equal([
53
+ {
54
+ field: "default_directory",
55
+ attr: "default_directory",
56
+ value: "my-directory",
57
+ status: CONSTANTS.INFO,
58
+ },
59
+ ]);
60
+ });
61
+ });
62
+ });
package/tests/tenant_settings/checkEnabledDynamicClientRegistration.test.js ADDED
@@ -0,0 +1,97 @@
1
+ const chai = require("chai");
2
+ const expect = chai.expect;
3
+
4
+ const checkReg = require("../../analyzer/lib/tenant_settings/checkEnabledDynamicClientRegistration");
5
+ const CONSTANTS = require("../../analyzer/lib/constants");
6
+
7
+ describe("checkReg", function () {
8
+ it("should return fail when input is not set (null or empty)", function () {
9
+ const options = {
10
+ tenant: {
11
+ },
12
+ };
13
+
14
+ checkReg(options, (report) => {
15
+ expect(report).to.deep.equal([
16
+ {
17
+ field: "tenant_setting_missing",
18
+ status: CONSTANTS.FAIL,
19
+ },
20
+ ]);
21
+ });
22
+ });
23
+
24
+ it("should return fail when flag.enable_dynamic_client_registration attribute not present", function () {
25
+ const options = {
26
+ tenant: {
27
+ "flags": {
28
+ "allow_changing_enable_sso": true,
29
+ "disable_impersonation": true,
30
+ "enable_sso": true,
31
+ "universal_login": true,
32
+ "revoke_refresh_token_grant": false,
33
+ "disable_clickjack_protection_headers": false
34
+ },
35
+ },
36
+ };
37
+
38
+ checkReg(options, (report) => {
39
+ expect(report).to.deep.equal([
40
+ {
41
+ field: "enable_dynamic_client_registration",
42
+ status: CONSTANTS.FAIL,
43
+ },
44
+ ]);
45
+ });
46
+ });
47
+
48
+ it("should return fail when flag.enable_dynamic_client_registration attribute is present with false ", function () {
49
+ const options = {
50
+ tenant: {
51
+ "flags": {
52
+ "allow_changing_enable_sso": true,
53
+ "disable_impersonation": true,
54
+ "enable_sso": true,
55
+ "universal_login": true,
56
+ "enable_dynamic_client_registration": false,
57
+ "revoke_refresh_token_grant": false,
58
+ "disable_clickjack_protection_headers": false
59
+ },
60
+ },
61
+ };
62
+
63
+ checkReg(options, (report) => {
64
+ expect(report).to.deep.equal([
65
+ {
66
+ field: "enable_dynamic_client_registration",
67
+ status: CONSTANTS.FAIL,
68
+ },
69
+ ]);
70
+ });
71
+ });
72
+
73
+ it("should return success when flag.enable_dynamic_client_registration attribute is present with true", function () {
74
+ const options = {
75
+ tenant: {
76
+ "flags": {
77
+ "allow_changing_enable_sso": true,
78
+ "disable_impersonation": true,
79
+ "enable_sso": true,
80
+ "universal_login": true,
81
+ "enable_dynamic_client_registration": true,
82
+ "revoke_refresh_token_grant": false,
83
+ "disable_clickjack_protection_headers": false
84
+ },
85
+ },
86
+ };
87
+
88
+ checkReg(options, (report) => {
89
+ expect(report).to.deep.equal([
90
+ {
91
+ field: "enabled_dynamic_client_registration",
92
+ status: CONSTANTS.SUCCESS,
93
+ },
94
+ ]);
95
+ });
96
+ });
97
+ });
package/tests/tenant_settings/checkSandboxVersion.test.js ADDED
@@ -0,0 +1,50 @@
1
+ const chai = require("chai");
2
+ const expect = chai.expect;
3
+
4
+ const checkSandboxVersion = require("../../analyzer/lib/tenant_settings/checkSandboxVersion");
5
+ const CONSTANTS = require("../../analyzer/lib/constants");
6
+
7
+ describe("checkSandboxVersion", function () {
8
+ it("should return a failure report for sandbox version below minimum required version", function () {
9
+ const options = {
10
+ tenant: {
11
+ sandbox_version: "16", // Below the minimum required version
12
+ },
13
+ };
14
+
15
+ checkSandboxVersion(options, (report) => {
16
+ expect(report).to.deep.equal([
17
+ {
18
+ field: "sandbox_version",
19
+ attr: "sandbox_version",
20
+ value: 16,
21
+ status: CONSTANTS.FAIL,
22
+ },
23
+ ]);
24
+ });
25
+ });
26
+
27
+ it("should not return a report for sandbox version equal to or above the minimum required version", function () {
28
+ const options = {
29
+ tenant: {
30
+ sandbox_version: "18", // Minimum required version
31
+ },
32
+ };
33
+
34
+ checkSandboxVersion(options, (report) => {
35
+ expect(report).to.deep.equal([]);
36
+ });
37
+ });
38
+
39
+ it("should not return a report for sandbox version above the minimum required version", function () {
40
+ const options = {
41
+ tenant: {
42
+ sandbox_version: "22", // Above the minimum required version
43
+ },
44
+ };
45
+
46
+ checkSandboxVersion(options, (report) => {
47
+ expect(report).to.deep.equal([]);
48
+ });
49
+ });
50
+ });