@w3-commons/js-build-resources 0.0.1-security → 1.0.4

package/settings-service/src/__tests__/unit/controller/UserSettingsController.spec.ts

@@ -0,0 +1,328 @@
+import { Request, Response } from 'restify';
+import { settings } from '../../../config/config';
+import {
+  deleteUserSettings,
+  getUserSettings,
+  postUserSettings,
+} from '../../../controller/UserSettingsController';
+import { cassandraDBHelpers } from '../../../repo/cassandraDBHelpers';
+import { SettingsRepoCassandra } from '../../../repo/settingsRepo';
+import { INVALID_APP_ID, TEST_APP_ID } from '../../utils/test-utils';
+
+settings.settingsAppIds = ['w3notifications-test', 'general'];
+
+jest.mock('../../../unified-profile/unifiedProfileUtils');
+
+const USER_ID = 'AAABBBCCC';
+const INVALID_USER_ID = 'BBBCCCDDD';
+
+function test_send(code?: number | undefined): any {
+  return code;
+}
+
+function test_send_with_body(code?: number | undefined, body?: any): any {
+  return { code, body };
+}
+
+describe('get settings using userID and appID', () => {
+  const request: Request = {} as Request;
+  const response: Response = {} as Response;
+
+  request.params = { userID: USER_ID, appID: TEST_APP_ID };
+  request.query = {};
+  request.username = USER_ID;
+
+  it('should return 200 set while getting data', async () => {
+    const mockResultSet1: any = {
+      rows: [{ setting_name: 'theme', setting_default: null, setting_options: ['darkmode'] }],
+    };
+    const mockResultSet2: any = {
+      rows: [
+        { setting_name: 'theme', setting_value: 'darkmode' },
+        { setting_name: 'primary-language', setting_value: 'english' },
+      ],
+    };
+
+    cassandraDBHelpers.execute = jest
+      .fn()
+      .mockReturnValueOnce(
+        new Promise((resolve) => {
+          resolve(mockResultSet1);
+        }),
+      )
+      .mockReturnValueOnce(
+        new Promise((resolve) => {
+          resolve(mockResultSet2);
+        }),
+      )
+      .mockReturnValueOnce(
+        new Promise((resolve) => {
+          resolve(mockResultSet1);
+        }),
+      )
+      .mockReturnValueOnce(
+        new Promise((resolve) => {
+          resolve(mockResultSet2);
+        }),
+      );
+    response.send = test_send;
+    expect(await getUserSettings(request, response)).toEqual(200);
+
+    cassandraDBHelpers.execute = jest
+      .fn()
+      .mockReturnValueOnce(
+        new Promise((resolve) => {
+          resolve(mockResultSet1);
+        }),
+      )
+      .mockReturnValue(
+        new Promise((resolve) => {
+          resolve(mockResultSet2);
+        }),
+      );
+    request.params.appID = 'general';
+    expect(await getUserSettings(request, response)).toEqual(200);
+  });
+  it('user requesting other user resource should result in 403 error', async () => {
+    request.username = INVALID_USER_ID;
+    response.send = test_send;
+    expect(await getUserSettings(request, response)).toEqual(403);
+  });
+  it('invalid appID should return 400 error', async () => {
+    request.params.appID = INVALID_APP_ID;
+    response.send = test_send;
+    expect(await getUserSettings(request, response)).toEqual(400);
+  });
+  it('internal server error should return 500 error', async () => {
+    request.params = undefined;
+    response.send = test_send;
+    expect(await getUserSettings(request, response)).toEqual(500);
+  });
+});
+
+describe('post settings', () => {
+  const request: Request = {} as Request;
+  const response: Response = {} as Response;
+
+  request.params = { userID: USER_ID, appID: 'general' };
+  request.query = {};
+  request.username = USER_ID;
+  request.body = { theme: 'darkmode' };
+
+  it('should return 200 set while setting data', async () => {
+    const mockResultSet1: any = {
+      rows: [{ setting_name: 'theme', setting_options: ['darkmode'] }],
+    };
+    const mockResultSet2: any = {
+      rows: [],
+    };
+    cassandraDBHelpers.execute = jest.fn().mockReturnValueOnce(
+      new Promise((resolve) => {
+        resolve(mockResultSet1);
+      }),
+    );
+    cassandraDBHelpers.batch = jest.fn().mockResolvedValueOnce(mockResultSet2);
+    response.send = test_send;
+    expect(await postUserSettings(request, response)).toEqual(200);
+  });
+  it('invalid input should return 400 error', async () => {
+    request.params.appID = INVALID_APP_ID;
+    response.send = test_send;
+    expect(await postUserSettings(request, response)).toEqual(400);
+    request.params.appID = null;
+    expect(await postUserSettings(request, response)).toEqual(400);
+  });
+  it('internal server error should return 500 error', async () => {
+    request.params = undefined;
+    response.send = test_send;
+    expect(await postUserSettings(request, response)).toEqual(500);
+  });
+  it('should be able to post a setting that has an array value', async () => {
+    const mockAppResults: any = {
+      rows: [
+        { setting_name: 'secondaryLanguages', setting_options: ['fr', 'en', 'sk'], setting_type: 'array' },
+      ],
+    };
+    const mockUpdateSetting: any = {
+      rows: [{ setting_name: 'secondaryLanguages', setting_value: 'sk,fr' }],
+    };
+    request.params = { userID: USER_ID, appID: 'general' };
+    request.query = {};
+    request.username = USER_ID;
+    request.body = { secondaryLanguages: ['sk', 'en'] };
+    cassandraDBHelpers.execute = jest.fn().mockResolvedValueOnce(mockAppResults);
+    cassandraDBHelpers.batch = jest.fn().mockResolvedValueOnce(mockUpdateSetting);
+    response.send = test_send_with_body;
+
+    const resp: any = await postUserSettings(request, response);
+
+    expect(resp.code).toBe(200);
+    expect(resp.body).toEqual({ secondaryLanguages: ['sk', 'en'] });
+  });
+
+  it('should return an error if array value not provided', async () => {
+    const mockAppResults: any = {
+      rows: [
+        { setting_name: 'secondaryLanguages', setting_options: ['fr', 'en', 'sk'], setting_type: 'array' },
+      ],
+    };
+    request.params = { userID: USER_ID, appID: 'general' };
+    request.query = {};
+    request.username = USER_ID;
+    request.body = { secondaryLanguages: 'sk' };
+    cassandraDBHelpers.execute = jest.fn().mockResolvedValueOnce(mockAppResults);
+    response.send = test_send_with_body;
+
+    const resp: any = await postUserSettings(request, response);
+
+    expect(resp.code).toBe(400);
+    expect(resp.body.message).toEqual('secondaryLanguages expects to receive an array value');
+  });
+
+  it('should return an error if array value provided for a non-array type setting', async () => {
+    const mockAppResults: any = {
+      rows: [{ setting_name: 'theme', setting_options: ['dark', 'light', 'auto'], setting_type: 'string' }],
+    };
+    request.params = { userID: USER_ID, appID: 'general' };
+    request.query = {};
+    request.username = USER_ID;
+    request.body = { theme: ['dark', 'light'] };
+    cassandraDBHelpers.execute = jest.fn().mockResolvedValueOnce(mockAppResults);
+    response.send = test_send_with_body;
+
+    const resp: any = await postUserSettings(request, response);
+    expect(resp.code).toBe(400);
+    expect(resp.body.message).toEqual('theme should not be an array value');
+  });
+
+  it('should not update a setting that includes an invalid option', async () => {
+    const mockAppResults: any = {
+      rows: [{ setting_name: 'secondaryLanguages', setting_options: ['fr', 'en', 'sk'] }],
+    };
+    const mockUpdateSetting: any = {
+      rows: [{ setting_name: 'secondaryLanguages', setting_value: 'sk,fr' }],
+    };
+    request.params = { userID: USER_ID, appID: 'general' };
+    request.query = {};
+    request.username = USER_ID;
+    request.body = { secondaryLanguages: ['en', 'br'] };
+    cassandraDBHelpers.execute = jest
+      .fn()
+      .mockResolvedValueOnce(mockAppResults)
+      .mockResolvedValueOnce(mockUpdateSetting);
+    response.send = test_send_with_body;
+
+    const resp: any = await postUserSettings(request, response);
+
+    expect(resp.code).toBe(400);
+    expect(resp.body.message).toEqual('Provided value includes an invalid option');
+  });
+
+  it('should not update a setting when an error is thrown from db', async () => {
+    const mockAppResults: any = {
+      rows: [
+        { setting_name: 'secondaryLanguages', setting_options: ['fr', 'en', 'sk'], setting_type: 'array' },
+      ],
+    };
+    request.params = { userID: USER_ID, appID: 'general' };
+    request.query = {};
+    request.username = USER_ID;
+    request.body = { secondaryLanguages: ['en', 'fr'] };
+    cassandraDBHelpers.execute = jest.fn().mockResolvedValueOnce(mockAppResults);
+    cassandraDBHelpers.batch = jest.fn().mockImplementationOnce(() => {
+      throw new Error('Error while updating UserSettings');
+    });
+    response.send = test_send_with_body;
+
+    const resp: any = await postUserSettings(request, response);
+    expect(resp.code).toBe(500);
+    expect(resp.body.message).toEqual(
+      'Unable to update user settings: Error: Error while updating UserSettings ',
+    );
+  });
+
+  it('should update a setting with a string value', async () => {
+    const mockAppResults: any = {
+      rows: [{ setting_name: 'secondaryLanguages', setting_options: ['fr', 'en', 'sk'] }],
+    };
+    const mockUpdateSetting: any = {
+      rows: [{ setting_name: 'secondaryLanguages', setting_value: null }],
+    };
+    request.params = { userID: USER_ID, appID: 'general' };
+    request.query = {};
+    request.username = USER_ID;
+    request.body = { secondaryLanguages: null };
+    cassandraDBHelpers.execute = jest.fn().mockResolvedValueOnce(mockAppResults);
+    cassandraDBHelpers.batch = jest.fn().mockResolvedValueOnce(mockUpdateSetting);
+    response.send = test_send_with_body;
+
+    const resp: any = await postUserSettings(request, response);
+
+    expect(resp.code).toBe(200);
+    expect(resp.body).toEqual({ secondaryLanguages: null });
+  });
+
+  it('should update multiple settings', async () => {
+    const mockAppResults: any = {
+      rows: [
+        { setting_name: 'secondaryLanguages', setting_options: ['fr', 'en', 'sk'] },
+        { setting_name: 'theme', setting_options: ['light', 'dark', 'auto'] },
+      ],
+    };
+    const mockUpdateSetting1: any = {
+      rows: [{ setting_name: 'secondaryLanguages', setting_value: 'fr' }],
+    };
+    const mockUpdateSetting2: any = {
+      rows: [{ setting_name: 'theme', setting_value: 'dark' }],
+    };
+    request.params = { userID: USER_ID, appID: 'general' };
+    request.query = {};
+    request.username = USER_ID;
+    request.body = { secondaryLanguages: 'fr', theme: 'light' };
+    cassandraDBHelpers.execute = jest.fn().mockResolvedValueOnce(mockAppResults);
+    cassandraDBHelpers.batch = jest
+      .fn()
+      .mockResolvedValueOnce(mockUpdateSetting1)
+      .mockResolvedValueOnce(mockUpdateSetting2);
+    response.send = test_send_with_body;
+
+    const resp: any = await postUserSettings(request, response);
+
+    expect(resp.code).toBe(200);
+    expect(resp.body.secondaryLanguages).toEqual('fr');
+    expect(resp.body.theme).toBe('light');
+  });
+});
+
+describe('delete user settings', () => {
+  afterEach(() => {
+    jest.clearAllMocks();
+  });
+  const request: Request = {} as Request;
+  const response: Response = {} as Response;
+  response.send = test_send;
+
+  const deleteSpy = jest.spyOn(SettingsRepoCassandra.prototype, 'deleteUserSettings');
+
+  it('should return 200 after deleting data', async () => {
+    request.params = { userId: USER_ID };
+    deleteSpy.mockResolvedValueOnce(true);
+    expect(await deleteUserSettings(request, response)).toEqual(200);
+    expect(deleteSpy).toHaveBeenCalled();
+  });
+  it('should return 400 if no userId', async () => {
+    request.params = {};
+    response.send = test_send;
+    expect(await deleteUserSettings(request, response)).toEqual(400);
+    expect(deleteSpy).not.toHaveBeenCalled();
+  });
+  it('internal server error should return 500 error', async () => {
+    request.params = { userId: USER_ID };
+    deleteSpy.mockImplementationOnce(() => {
+      throw new Error('Error in delete settings tests');
+    });
+    response.send = test_send;
+    expect(await deleteUserSettings(request, response)).toEqual(500);
+    expect(deleteSpy).toHaveBeenCalled();
+  });
+});

package/settings-service/src/__tests__/unit/controller/getAllSettings.spec.ts

@@ -0,0 +1,83 @@
+import { Request, Response } from 'restify';
+import { getAllSettings } from '../../../controller/UserSettingsController';
+import { SettingsRepoCassandra } from '../../../repo/settingsRepo';
+import { TEST_APP_ID } from '../../utils/test-utils';
+
+const mockAllSettingsResponse = {
+  settings: [
+    {
+      app_id: 'general',
+      setting_name: 'tags',
+      user_id: 'ABCDEFGHI',
+      setting_value: 'AI,IBM Consulting',
+    },
+  ],
+  pageState: null,
+};
+
+function test_send_with_body(code?: number | undefined, body?: any): any {
+  return { code, body };
+}
+
+afterEach(() => {
+  jest.resetAllMocks();
+});
+
+describe('getAllSettings controller tests', () => {
+  // tslint:disable-next-line
+  const request: Request = {} as Request;
+  // tslint:disable
+  const response: Response = {} as Response;
+  response.send = test_send_with_body;
+
+  it('should return 200 after sucessfully retrieving data', async () => {
+    request.query = {};
+    const getAllSettingsSpy = jest
+      .spyOn(SettingsRepoCassandra.prototype, 'getAllSettings')
+      .mockResolvedValueOnce(mockAllSettingsResponse);
+    const resp = await getAllSettings(request, response);
+
+    expect(resp.code).toEqual(200);
+    expect(getAllSettingsSpy).toHaveBeenCalledTimes(1);
+  });
+  it('should return 400 if settingName but no appId', async () => {
+    request.query = { settingName: 'theme' };
+    const getAllSettingsSpy = jest
+      .spyOn(SettingsRepoCassandra.prototype, 'getAllSettings')
+      .mockResolvedValueOnce(mockAllSettingsResponse);
+    const resp = await getAllSettings(request, response);
+
+    expect(resp.code).toEqual(400);
+    expect(getAllSettingsSpy).not.toHaveBeenCalled();
+  });
+  it('should return 500 if error thrown in settingsRepo method', async () => {
+    request.query = {};
+    const getAllSettingsSpy = jest
+      .spyOn(SettingsRepoCassandra.prototype, 'getAllSettings')
+      .mockImplementationOnce(() => {
+        throw new Error('error from db');
+      });
+    const resp = await getAllSettings(request, response);
+
+    expect(resp.code).toEqual(500);
+    expect(getAllSettingsSpy).toHaveBeenCalledTimes(1);
+  });
+
+  it('should call getAllSettings method with query params from request', async () => {
+    const queryParams = {
+      pageState: 'test page state',
+      appId: TEST_APP_ID,
+      settingName: 'theme',
+      fetchSize: 10,
+    };
+    request.query = queryParams;
+    const getAllSettingsSpy = jest
+      .spyOn(SettingsRepoCassandra.prototype, 'getAllSettings')
+      .mockResolvedValueOnce(mockAllSettingsResponse);
+    const resp = await getAllSettings(request, response);
+
+    expect(resp.code).toEqual(200);
+    expect(getAllSettingsSpy).toHaveBeenCalledTimes(1);
+    expect(getAllSettingsSpy).toHaveBeenCalledWith(queryParams);
+  });
+});

package/settings-service/src/__tests__/unit/middleware/AuthMiddlewareNextGenSSO.spec.ts

@@ -0,0 +1,282 @@
+import requestPromise from 'request-promise';
+import { Next, Response } from 'restify';
+import { AuthenticationMiddleware } from '../../../middleware/AuthenticationMiddleware';
+import { TEST_APP_ID } from '../../utils/test-utils';
+
+jest.mock('axios');
+jest.mock('request-promise');
+
+const jwtResponseNextGenSSO = {
+  lastName: 'Kemp',
+  uniqueSecurityName: '5j1218897',
+  token_type: 'Bearer',
+  uid: '5j1218897',
+  emailAddress: 'Ann-Marie.Kemp@IBM.com',
+  grant_type: 'authorization_code',
+  scope: 'openid',
+  exp: 1607015356,
+  iat: 1607008156,
+  active: true,
+  firstName: 'Ann-Marie',
+  grant_id: '1e104aca-5c78-4c9b-b55a-1427e39b20da',
+  userType: 'federated',
+  category: 'application',
+};
+
+const JWT_TOKEN = `eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZ
+CI6Im55ZW51bXVsQHVzLmlibS5jb20iLCJjbiI6Ik5hcmFzaW1oYSBSZWRkeSBZZW51bXVsYSIsInVpZCI6IkMtTDNDVjg5NyIsImlzVzNIb21lc`;
+
+const W3ID_TOKEN = `Bearer Q3ccWQ4TZxK3bm6vnuOk5kQ9JApv7PCr8aLFxtKf`;
+
+const API_KEY = `apiKey bm90aWZpY2F0aW9uX3Rlc3Q6NlhLY0pmZVpHQ2prczBXRFFwRzNYRHN3R0VySzlhTVRHT0dvZmZKcVhQa1dDZ1RZ`;
+
+/**
+ * Below are the test cases for Authentication Middleware NextGen SSO (ISV)
+ */
+describe('requestHandler', () => {
+  const route = { path: 'settings', spec: { authRequired: true } };
+  const req = {
+    getRoute: jest.fn().mockReturnValue(route) as any,
+  } as any;
+  const res = {} as any;
+  let respObj = {} as any;
+  let statusCode = 0;
+  res.send = (code: number, obj: any) => {
+    statusCode = code;
+    respObj = obj;
+    return obj;
+  };
+  const next = jest.fn() as Next;
+
+  afterEach(() => {
+    process.env.APP_ENVIRONMENT = 'dev';
+    jest.clearAllMocks();
+  });
+
+  /**
+   * This test case checks for valid test token in the headers present in the
+   * incoming request.
+   */
+  it('authRequired is enabled and should call ensureAuthenticated', async () => {
+    req.headers = { authorization: W3ID_TOKEN };
+    const spy = jest.spyOn(AuthenticationMiddleware, 'ensureAuthenticated');
+
+    await AuthenticationMiddleware.checkAuthentication(req, res, next);
+    expect(spy).toHaveBeenCalled();
+  });
+
+  /**
+   * This test case handles the missing token in header scenario.
+   */
+  it('missing authorization token in header', async () => {
+    req.headers = { authorization: 'Bearer' };
+
+    await AuthenticationMiddleware.checkAuthentication(req, res, next);
+    expect(statusCode).toEqual(401);
+    expect(respObj.code).toEqual(401);
+    expect(respObj.message).toEqual('Missing required authentication token');
+    expect(next).toHaveBeenCalled();
+  });
+
+  /**
+   * Test case which covers success behavior from JWT introspect.
+   */
+  it('success response case from JWT introspect', async () => {
+    (requestPromise.post as jest.Mock).mockResolvedValue(JSON.stringify(jwtResponseNextGenSSO));
+
+    const response = await AuthenticationMiddleware.introspectISV(res, JWT_TOKEN);
+    expect(response).not.toBeNull();
+    expect(JSON.parse(response).uid).toEqual(jwtResponseNextGenSSO.uid);
+  });
+
+  /**
+   * Test case which covers behavior when exception occurs while validating JWT token.
+   */
+  it('calls next with false when exception occurs while validating JWT token in ensureAuthenticated()', async () => {
+    req.headers = { authorization: `Bearer ${JWT_TOKEN}` };
+    AuthenticationMiddleware.introspectISV = jest.fn().mockRejectedValueOnce(new Error('Invalid JWT token'));
+
+    await AuthenticationMiddleware.ensureAuthenticated(req, res, next);
+    expect(next).toHaveBeenCalledWith(false);
+  });
+
+  /**
+   * Test case which covers behavior userId not found in  JWT response.
+   */
+  it('Expired JWT token - ensureAuthenticated()', async () => {
+    req.headers = { authorization: `Bearer ${JWT_TOKEN}` };
+    AuthenticationMiddleware.introspectISV = jest.fn().mockResolvedValueOnce('{ "active": false }');
+
+    await AuthenticationMiddleware.ensureAuthenticated(req, res, next);
+    expect(statusCode).toEqual(401);
+    expect(respObj.code).toEqual(401);
+    expect(respObj.message).toEqual('User token is expired or is invalid');
+    expect(next).toHaveBeenCalled();
+  });
+
+  /**
+   * Test case for userId not found in  JWT response.
+   */
+  it('success case validation of JWT token- ensureAuthenticated()', async () => {
+    req.headers = { authorization: `Bearer ${JWT_TOKEN}` };
+    AuthenticationMiddleware.introspectISV = jest
+      .fn()
+      .mockResolvedValueOnce(JSON.stringify(jwtResponseNextGenSSO));
+
+    await AuthenticationMiddleware.ensureAuthenticated(req, res, next);
+    expect(req.username).toEqual(jwtResponseNextGenSSO.uid);
+    expect(req.isAuthenticated).toEqual(true);
+    expect(next).toHaveBeenCalled();
+  });
+
+  /**
+   * Test case which covers error thrown in  from JWT introspect v1.
+   */
+  it('Error thrown from introspect endpoint invocation', async () => {
+    (requestPromise.post as jest.Mock).mockRejectedValueOnce('Error from unit tests');
+    try {
+      await AuthenticationMiddleware.introspectISV(res, JWT_TOKEN);
+    } catch (err) {
+      expect(err).toBe('Unable to authenticate the user');
+    }
+  });
+});
+
+describe('requestHandler with header regression tests', () => {
+  const route = { path: 'settings', spec: { authRequired: true } };
+  const req = {
+    getRoute: jest.fn().mockReturnValue(route) as any,
+  } as any;
+  const res = {} as any;
+  let respObj = {} as any;
+  let statusCode = 0;
+  res.send = (code: number, obj: any) => {
+    statusCode = code;
+    respObj = obj;
+    return obj;
+  };
+  const next = jest.fn() as Next;
+
+  afterEach(() => {
+    process.env.APP_ENVIRONMENT = 'dev';
+    jest.clearAllMocks();
+  });
+
+  /**
+   * This test case checks for valid test token in the headers present in the
+   * incoming request.
+   */
+  it('authRequired is enabled and should call ensureAuthenticated', async () => {
+    req.headers = { authorization: W3ID_TOKEN, nextgen_sso: true };
+    const spy = jest.spyOn(AuthenticationMiddleware, 'ensureAuthenticated');
+
+    await AuthenticationMiddleware.checkAuthentication(req, res, next);
+    expect(spy).toHaveBeenCalled();
+  });
+
+  /**
+   * This test case handles the missing token in header scenario.
+   */
+  it('missing authorization token in header', async () => {
+    req.headers = { authorization: 'Bearer', nextgen_sso: true };
+
+    await AuthenticationMiddleware.checkAuthentication(req, res, next);
+    expect(statusCode).toEqual(401);
+    expect(respObj.code).toEqual(401);
+    expect(respObj.message).toEqual('Missing required authentication token');
+    expect(next).toHaveBeenCalled();
+  });
+
+  /**
+   * Test case which covers behavior when exception occurs while validating JWT token.
+   */
+  it('calls next with false when exception occurs while validating JWT token in ensureAuthenticated()', async () => {
+    req.headers = { authorization: `Bearer ${JWT_TOKEN}`, nextgen_sso: true };
+    AuthenticationMiddleware.introspectISV = jest.fn().mockRejectedValueOnce(new Error('Invalid JWT token'));
+
+    await AuthenticationMiddleware.ensureAuthenticated(req, res, next);
+    expect(next).toHaveBeenCalledWith(false);
+  });
+
+  /**
+   * Test case which covers behavior userId not found in  JWT response.
+   */
+  it('Expired JWT token - ensureAuthenticated()', async () => {
+    req.headers = { authorization: `Bearer ${JWT_TOKEN}`, nextgen_sso: true };
+    AuthenticationMiddleware.introspectISV = jest.fn().mockResolvedValueOnce('{ "active": false }');
+
+    await AuthenticationMiddleware.ensureAuthenticated(req, res, next);
+    expect(statusCode).toEqual(401);
+    expect(respObj.code).toEqual(401);
+    expect(respObj.message).toEqual('User token is expired or is invalid');
+    expect(next).toHaveBeenCalled();
+  });
+
+  /**
+   * Test case for userId not found in  JWT response.
+   */
+  it('success case validation of JWT token- ensureAuthenticated()', async () => {
+    req.headers = { authorization: `Bearer ${JWT_TOKEN}`, nextgen_sso: true };
+    AuthenticationMiddleware.introspectISV = jest
+      .fn()
+      .mockResolvedValueOnce(JSON.stringify(jwtResponseNextGenSSO));
+
+    await AuthenticationMiddleware.ensureAuthenticated(req, res, next);
+    expect(req.username).toEqual(jwtResponseNextGenSSO.uid);
+    expect(req.isAuthenticated).toEqual(true);
+    expect(next).toHaveBeenCalled();
+  });
+});
+
+describe('api key tests - regression tests', () => {
+  const req = {} as any;
+  const res: Response = {} as any;
+  let statusCode = 0;
+  res.send = (code: number, obj) => {
+    statusCode = code;
+    return obj;
+  };
+  const next = jest.fn() as Next;
+  req.params = { appID: TEST_APP_ID };
+
+  /**
+   * Below test case checks for the successful api key verification from ensureAuthenticated method
+   */
+  it('ensureAuthenticated with right API key', async () => {
+    req.headers = { authorization: API_KEY, nextgen_sso: true, appId: 'w3notifications-test' };
+    AuthenticationMiddleware.verifyApiKeyWithAppId = jest.fn().mockReturnValue(true);
+
+    await AuthenticationMiddleware.ensureAuthenticated(req, res, next);
+    expect(req.username).toBeUndefined();
+    expect(req.isAuthenticated).toEqual(true);
+    expect(req.auth_policy).toEqual(AuthenticationMiddleware.AUTH_POLICY_API_KEY);
+    expect(next).toHaveBeenCalled();
+  });
+
+  /**
+   * Below test case checks for the invalid api key verification from ensureAuthenticated
+   */
+  it('ensureAuthenticated with invalid API key', async () => {
+    req.headers = { authorization: API_KEY, nextgen_sso: true };
+    AuthenticationMiddleware.verifyApiKeyWithAppId = jest.fn().mockReturnValue(false);
+
+    await AuthenticationMiddleware.ensureAuthenticated(req, res, next);
+    expect(req.username).toBeUndefined();
+    expect(statusCode).toEqual(401);
+    expect(next).toHaveBeenCalled();
+  });
+
+  /**
+   * Below test case checks for the case of invalid api key from ensureAuthenticated method
+   */
+  it('failure case validation of API key', async () => {
+    req.headers = { authorization: API_KEY, nextgen_sso: true };
+    AuthenticationMiddleware.verifyApiKeyWithAppId = jest.fn().mockImplementation(() => {
+      throw new Error('Unable to verify API key');
+    });
+
+    await AuthenticationMiddleware.ensureAuthenticated(req, res, next);
+    expect(next).toHaveBeenCalledWith(false);
+    jest.clearAllMocks();
+  });
+});