Routes

ALL routes don't need parameters ALL routes return true if authorization successful

GET /user

Needed permissions: 'VIEW_USER'

POST /user

Needed permissions: 'CREATE_USER'

DELETE /user

Needed permissions: 'DELETE_USER' AND 'VIEW_USER'

POST /drop/db

Needed permissions: 'ADMIN' OR 'SUPERADMIN'

GET /ignored

Needed NO permissions and NO tokens. Completely public.

Scenarios

Incorrect Jwt.
  STATE: any
    ✓ should return 401 if JWT is missing. (140ms)
    ✓ should return 200 with any JWT if route is set in IGNORE_ROUTES
    ✓ should return 401 if JWT signature is incorrect (114ms)
    ✓ should return 444 if JWT is expired
    ✓ should return 401 if JWT payload can`t be parsed (106ms)
Correct Jwt.
  STATE: no session.
    X-Csrf-Token header exists.
      ✓ should return 401 if Csrf token EXISTS. (145ms)
    X-Csrf-Token header NOT exists.
      State: auth-server UNREACHABLE
        ✓ should return 500
      STATE: auth-server returns 401
        ✓ should return 401 (108ms)
      STATE: auth-server provides SUFFICIENT permissions
        ✓ should return 200
      STATE: auth-server provides INSUFFICIENT permissions
        ✓ should return 403 (110ms)
  STATE: session exists.
    Csrf valid.
      STATE: SUFFICIENT permissions
        ✓ should return 200
      STATE: INSUFFICIENT permissions
        ✓ should return 403 (218ms)
    Csrf invalid.
      ✓ should return 401 if Csrf is MISSING (121ms)
      ✓ should return 401 if Csrf is WRONG (121ms)