2022-04-04 19:37:31 +02:00
|
|
|
/* eslint-disable no-unused-expressions,@typescript-eslint/no-unused-expressions */
|
2018-03-30 15:30:30 -04:00
|
|
|
import {expect} from 'chai';
|
2019-12-10 10:44:35 +01:00
|
|
|
import {AuthenticationMWs} from '../../../../../src/backend/middlewares/user/AuthenticationMWs';
|
|
|
|
|
import {ErrorCodes, ErrorDTO} from '../../../../../src/common/entities/Error';
|
|
|
|
|
import {UserDTO, UserRoles} from '../../../../../src/common/entities/UserDTO';
|
|
|
|
|
import {ObjectManagers} from '../../../../../src/backend/model/ObjectManagers';
|
|
|
|
|
import {Config} from '../../../../../src/common/config/private/Config';
|
2019-02-22 23:39:01 +01:00
|
|
|
import * as path from 'path';
|
2023-01-05 23:11:58 +01:00
|
|
|
import {UserManager} from '../../../../../src/backend/model/database/UserManager';
|
2025-08-14 16:59:07 +02:00
|
|
|
import {SearchQueryTypes, TextSearchQueryMatchTypes} from '../../../../../src/common/entities/SearchQueryDTO';
|
2016-05-25 20:17:42 +02:00
|
|
|
|
|
|
|
|
|
2019-02-22 23:39:01 +01:00
|
|
|
declare const describe: any;
|
|
|
|
|
declare const it: any;
|
|
|
|
|
declare const beforeEach: any;
|
|
|
|
|
|
2016-05-25 20:17:42 +02:00
|
|
|
describe('Authentication middleware', () => {
|
|
|
|
|
|
2017-07-03 19:17:49 +02:00
|
|
|
beforeEach(() => {
|
2019-02-15 11:47:09 -05:00
|
|
|
ObjectManagers.reset();
|
2017-07-03 19:17:49 +02:00
|
|
|
});
|
|
|
|
|
|
|
|
|
|
describe('authenticate', () => {
|
2023-03-11 22:42:46 +01:00
|
|
|
it('should call next on authenticated', (done: (err?: any) => void) => {
|
2018-11-28 23:49:33 +01:00
|
|
|
const req: any = {
|
2017-07-03 19:17:49 +02:00
|
|
|
session: {
|
2025-08-14 16:59:07 +02:00
|
|
|
context: {
|
|
|
|
|
user: 'A user'
|
|
|
|
|
}
|
2017-07-03 20:33:10 +02:00
|
|
|
},
|
2017-07-19 10:37:00 +02:00
|
|
|
sessionOptions: {},
|
2017-07-03 20:33:10 +02:00
|
|
|
query: {},
|
|
|
|
|
params: {}
|
2017-07-03 19:17:49 +02:00
|
|
|
};
|
2021-01-04 11:11:55 +01:00
|
|
|
const next: any = (err: ErrorDTO) => {
|
2023-03-11 22:42:46 +01:00
|
|
|
try {
|
|
|
|
|
expect(err).to.be.undefined;
|
|
|
|
|
done();
|
|
|
|
|
} catch (err) {
|
|
|
|
|
done(err);
|
|
|
|
|
}
|
2017-07-03 19:17:49 +02:00
|
|
|
};
|
|
|
|
|
AuthenticationMWs.authenticate(req, null, next);
|
|
|
|
|
|
|
|
|
|
});
|
|
|
|
|
|
2023-03-11 22:42:46 +01:00
|
|
|
it('should call next with error on not authenticated', (done: (err?: any) => void) => {
|
2018-11-28 23:49:33 +01:00
|
|
|
const req: any = {
|
2017-07-03 20:33:10 +02:00
|
|
|
session: {},
|
2017-07-19 10:37:00 +02:00
|
|
|
sessionOptions: {},
|
2017-07-03 20:33:10 +02:00
|
|
|
query: {},
|
|
|
|
|
params: {}
|
2017-07-03 19:17:49 +02:00
|
|
|
};
|
2022-12-28 19:12:18 +01:00
|
|
|
Config.Users.authenticationRequired = true;
|
2021-01-04 11:11:55 +01:00
|
|
|
const next: any = (err: ErrorDTO) => {
|
2023-03-11 22:42:46 +01:00
|
|
|
try {
|
|
|
|
|
expect(err).not.to.be.undefined;
|
|
|
|
|
expect(err.code).to.be.eql(ErrorCodes.NOT_AUTHENTICATED);
|
|
|
|
|
done();
|
|
|
|
|
} catch (err) {
|
|
|
|
|
done(err);
|
|
|
|
|
}
|
2017-07-03 19:17:49 +02:00
|
|
|
};
|
2021-04-18 15:48:35 +02:00
|
|
|
AuthenticationMWs.authenticate(req, {
|
2020-01-07 22:28:59 +01:00
|
|
|
status: () => {
|
2023-01-05 23:11:58 +01:00
|
|
|
// empty
|
2020-01-07 22:28:59 +01:00
|
|
|
}
|
2021-04-18 15:48:35 +02:00
|
|
|
} as any, next);
|
2017-07-03 19:17:49 +02:00
|
|
|
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
2019-02-22 23:39:01 +01:00
|
|
|
|
|
|
|
|
describe('authorisePath', () => {
|
|
|
|
|
|
|
|
|
|
const req = {
|
2020-01-07 22:28:59 +01:00
|
|
|
session: {
|
2025-08-14 16:59:07 +02:00
|
|
|
context: {
|
|
|
|
|
user: {permissions: null as string[]}
|
|
|
|
|
}
|
2020-01-07 22:28:59 +01:00
|
|
|
},
|
2019-02-22 23:39:01 +01:00
|
|
|
sessionOptions: {},
|
|
|
|
|
query: {},
|
|
|
|
|
params: {
|
|
|
|
|
path: '/test'
|
|
|
|
|
}
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
const authoriseDirPath = AuthenticationMWs.authorisePath('path', true);
|
|
|
|
|
const test = (relativePath: string): Promise<string | number> => {
|
|
|
|
|
return new Promise((resolve) => {
|
|
|
|
|
req.params.path = path.normalize(relativePath);
|
2021-04-18 15:48:35 +02:00
|
|
|
authoriseDirPath(req as any, {sendStatus: resolve} as any, () => {
|
2019-02-22 23:39:01 +01:00
|
|
|
resolve('ok');
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
it('should catch unauthorized path usage', async () => {
|
2025-08-14 16:59:07 +02:00
|
|
|
req.session.context.user.permissions = [path.normalize('/sub/subsub')];
|
2019-02-22 23:39:01 +01:00
|
|
|
expect(await test('/sub/subsub')).to.be.eql('ok');
|
|
|
|
|
expect(await test('/test')).to.be.eql(403);
|
|
|
|
|
expect(await test('/')).to.be.eql(403);
|
|
|
|
|
expect(await test('/sub/test')).to.be.eql(403);
|
|
|
|
|
expect(await test('/sub/subsub/test')).to.be.eql(403);
|
|
|
|
|
expect(await test('/sub/subsub/test/test2')).to.be.eql(403);
|
2025-08-14 16:59:07 +02:00
|
|
|
req.session.context.user.permissions = [path.normalize('/sub/subsub'), path.normalize('/sub/subsub2')];
|
2019-02-22 23:39:01 +01:00
|
|
|
expect(await test('/sub/subsub2')).to.be.eql('ok');
|
|
|
|
|
expect(await test('/sub/subsub')).to.be.eql('ok');
|
|
|
|
|
expect(await test('/test')).to.be.eql(403);
|
|
|
|
|
expect(await test('/')).to.be.eql(403);
|
|
|
|
|
expect(await test('/sub/test')).to.be.eql(403);
|
|
|
|
|
expect(await test('/sub/subsub/test')).to.be.eql(403);
|
|
|
|
|
expect(await test('/sub/subsub2/test')).to.be.eql(403);
|
2025-08-14 16:59:07 +02:00
|
|
|
req.session.context.user.permissions = [path.normalize('/sub/subsub*')];
|
2019-02-22 23:39:01 +01:00
|
|
|
expect(await test('/b')).to.be.eql(403);
|
|
|
|
|
expect(await test('/sub')).to.be.eql(403);
|
|
|
|
|
expect(await test('/sub/subsub2')).to.be.eql(403);
|
|
|
|
|
expect(await test('/sub/subsub2/test')).to.be.eql(403);
|
|
|
|
|
expect(await test('/sub/subsub')).to.be.eql('ok');
|
|
|
|
|
expect(await test('/sub/subsub/test')).to.be.eql('ok');
|
|
|
|
|
expect(await test('/sub/subsub/test/two')).to.be.eql('ok');
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
});
|
|
|
|
|
|
2017-07-03 19:17:49 +02:00
|
|
|
describe('inverseAuthenticate', () => {
|
|
|
|
|
|
2023-03-11 22:42:46 +01:00
|
|
|
it('should call next with error on authenticated', (done: (err?: any) => void) => {
|
2018-11-28 23:49:33 +01:00
|
|
|
const req: any = {
|
2017-07-19 10:37:00 +02:00
|
|
|
session: {},
|
|
|
|
|
sessionOptions: {},
|
2017-07-03 19:17:49 +02:00
|
|
|
};
|
2018-11-28 23:49:33 +01:00
|
|
|
const res: any = {};
|
2019-02-22 23:39:01 +01:00
|
|
|
const next: any = (err: ErrorDTO) => {
|
2023-03-11 22:42:46 +01:00
|
|
|
try {
|
|
|
|
|
expect(err).to.be.undefined;
|
|
|
|
|
done();
|
|
|
|
|
} catch (err) {
|
|
|
|
|
done(err);
|
|
|
|
|
}
|
2017-07-03 19:17:49 +02:00
|
|
|
};
|
|
|
|
|
AuthenticationMWs.inverseAuthenticate(req, null, next);
|
|
|
|
|
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
2023-03-11 22:42:46 +01:00
|
|
|
it('should call next error on authenticated', (done: (err?: any) => void) => {
|
2018-11-28 23:49:33 +01:00
|
|
|
const req: any = {
|
2017-07-03 19:17:49 +02:00
|
|
|
session: {
|
2025-08-14 16:59:07 +02:00
|
|
|
context: {
|
|
|
|
|
user: 'A user'
|
|
|
|
|
}
|
2017-07-19 10:37:00 +02:00
|
|
|
},
|
|
|
|
|
sessionOptions: {},
|
2017-07-03 19:17:49 +02:00
|
|
|
};
|
2021-01-04 11:11:55 +01:00
|
|
|
const next: any = (err: ErrorDTO) => {
|
2017-07-03 19:17:49 +02:00
|
|
|
expect(err).not.to.be.undefined;
|
|
|
|
|
expect(err.code).to.be.eql(ErrorCodes.ALREADY_AUTHENTICATED);
|
|
|
|
|
done();
|
|
|
|
|
};
|
|
|
|
|
AuthenticationMWs.inverseAuthenticate(req, null, next);
|
|
|
|
|
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
describe('authorise', () => {
|
2023-03-11 22:42:46 +01:00
|
|
|
it('should call next on authorised', (done: (err?: any) => void) => {
|
2018-11-28 23:49:33 +01:00
|
|
|
const req: any = {
|
2017-07-03 19:17:49 +02:00
|
|
|
session: {
|
2025-08-14 16:59:07 +02:00
|
|
|
context: {
|
|
|
|
|
user: {
|
|
|
|
|
role: UserRoles.LimitedGuest
|
|
|
|
|
}
|
2017-07-03 19:17:49 +02:00
|
|
|
}
|
2017-07-19 10:37:00 +02:00
|
|
|
},
|
|
|
|
|
sessionOptions: {}
|
2017-07-03 19:17:49 +02:00
|
|
|
};
|
2021-01-04 11:11:55 +01:00
|
|
|
const next: any = (err: ErrorDTO) => {
|
2023-03-11 22:42:46 +01:00
|
|
|
try {
|
|
|
|
|
expect(err).to.be.undefined;
|
|
|
|
|
done();
|
|
|
|
|
} catch (err) {
|
|
|
|
|
done(err);
|
|
|
|
|
}
|
2017-07-03 19:17:49 +02:00
|
|
|
};
|
2017-07-09 12:03:17 +02:00
|
|
|
AuthenticationMWs.authorise(UserRoles.LimitedGuest)(req, null, next);
|
2017-07-03 19:17:49 +02:00
|
|
|
|
2016-05-25 20:17:42 +02:00
|
|
|
});
|
|
|
|
|
|
2023-03-11 22:42:46 +01:00
|
|
|
it('should call next with error on not authorised', (done: (err?: any) => void) => {
|
2018-11-28 23:49:33 +01:00
|
|
|
const req: any = {
|
2017-07-03 19:17:49 +02:00
|
|
|
session: {
|
2025-08-14 16:59:07 +02:00
|
|
|
context: {
|
|
|
|
|
user: {
|
|
|
|
|
role: UserRoles.LimitedGuest
|
|
|
|
|
}
|
2017-07-03 19:17:49 +02:00
|
|
|
}
|
2017-07-19 10:37:00 +02:00
|
|
|
},
|
|
|
|
|
sessionOptions: {}
|
2017-07-03 19:17:49 +02:00
|
|
|
};
|
2021-01-04 11:11:55 +01:00
|
|
|
const next: any = (err: ErrorDTO) => {
|
2017-07-03 19:17:49 +02:00
|
|
|
expect(err).not.to.be.undefined;
|
|
|
|
|
expect(err.code).to.be.eql(ErrorCodes.NOT_AUTHORISED);
|
|
|
|
|
done();
|
|
|
|
|
};
|
|
|
|
|
AuthenticationMWs.authorise(UserRoles.Developer)(req, null, next);
|
|
|
|
|
|
2016-05-25 20:17:42 +02:00
|
|
|
});
|
2017-07-03 19:17:49 +02:00
|
|
|
});
|
2016-05-25 20:17:42 +02:00
|
|
|
|
2017-07-03 19:17:49 +02:00
|
|
|
describe('login', () => {
|
2025-08-14 16:59:07 +02:00
|
|
|
beforeEach(async () => {
|
|
|
|
|
await ObjectManagers.reset();
|
2016-05-25 20:17:42 +02:00
|
|
|
});
|
|
|
|
|
|
2017-07-15 12:47:11 +02:00
|
|
|
describe('should call input ErrorDTO next on missing...', () => {
|
2023-03-11 22:42:46 +01:00
|
|
|
it('body', (done: (err?: any) => void) => {
|
2018-11-28 23:49:33 +01:00
|
|
|
const req: any = {
|
2017-07-03 20:33:10 +02:00
|
|
|
query: {},
|
|
|
|
|
params: {}
|
|
|
|
|
};
|
2021-01-04 11:11:55 +01:00
|
|
|
const next: any = (err: ErrorDTO) => {
|
2017-07-03 20:33:10 +02:00
|
|
|
expect(err).not.to.be.undefined;
|
|
|
|
|
expect(err.code).to.be.eql(ErrorCodes.INPUT_ERROR);
|
2017-07-03 19:17:49 +02:00
|
|
|
done();
|
|
|
|
|
};
|
|
|
|
|
AuthenticationMWs.login(req, null, next);
|
|
|
|
|
|
|
|
|
|
});
|
|
|
|
|
|
2023-03-11 22:42:46 +01:00
|
|
|
it('loginCredential', (done: (err?: any) => void) => {
|
2018-11-28 23:49:33 +01:00
|
|
|
const req: any = {
|
2017-07-03 20:33:10 +02:00
|
|
|
body: {},
|
|
|
|
|
query: {},
|
|
|
|
|
params: {}
|
2017-07-03 19:17:49 +02:00
|
|
|
};
|
2021-01-04 11:11:55 +01:00
|
|
|
const next: any = (err: ErrorDTO) => {
|
2023-03-11 22:42:46 +01:00
|
|
|
try {
|
|
|
|
|
expect(err).not.to.be.undefined;
|
|
|
|
|
expect(err.code).to.be.eql(ErrorCodes.INPUT_ERROR);
|
|
|
|
|
done();
|
|
|
|
|
} catch (err) {
|
|
|
|
|
done(err);
|
|
|
|
|
}
|
2017-07-03 19:17:49 +02:00
|
|
|
};
|
|
|
|
|
AuthenticationMWs.login(req, null, next);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
2023-03-11 22:42:46 +01:00
|
|
|
it('loginCredential content', (done: (err?: any) => void) => {
|
2018-11-28 23:49:33 +01:00
|
|
|
const req: any = {
|
2017-07-03 20:33:10 +02:00
|
|
|
body: {loginCredential: {}},
|
|
|
|
|
query: {},
|
|
|
|
|
params: {}
|
2017-07-03 19:17:49 +02:00
|
|
|
};
|
2021-01-04 11:11:55 +01:00
|
|
|
const next: any = (err: ErrorDTO) => {
|
2023-03-11 22:42:46 +01:00
|
|
|
try {
|
|
|
|
|
expect(err).not.to.be.undefined;
|
|
|
|
|
expect(err.code).to.be.eql(ErrorCodes.INPUT_ERROR);
|
|
|
|
|
done();
|
|
|
|
|
} catch (err) {
|
|
|
|
|
done(err);
|
|
|
|
|
}
|
2017-07-03 19:17:49 +02:00
|
|
|
};
|
|
|
|
|
AuthenticationMWs.login(req, null, next);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
});
|
|
|
|
|
|
2016-05-25 20:17:42 +02:00
|
|
|
});
|
2023-03-11 22:42:46 +01:00
|
|
|
it('should call next with error on not finding user', (done: (err?: any) => void) => {
|
2018-11-28 23:49:33 +01:00
|
|
|
const req: any = {
|
2017-07-03 19:17:49 +02:00
|
|
|
body: {
|
|
|
|
|
loginCredential: {
|
2018-03-30 15:30:30 -04:00
|
|
|
username: 'aa',
|
|
|
|
|
password: 'bb'
|
2017-07-03 19:17:49 +02:00
|
|
|
}
|
2017-07-03 20:33:10 +02:00
|
|
|
},
|
|
|
|
|
query: {},
|
|
|
|
|
params: {}
|
2017-07-03 19:17:49 +02:00
|
|
|
};
|
2021-01-04 11:11:55 +01:00
|
|
|
const next: any = (err: ErrorDTO) => {
|
2023-03-11 22:42:46 +01:00
|
|
|
try {
|
|
|
|
|
expect(err).not.to.be.undefined;
|
|
|
|
|
expect(err.code).to.be.eql(ErrorCodes.CREDENTIAL_NOT_FOUND);
|
|
|
|
|
done();
|
|
|
|
|
} catch (err) {
|
|
|
|
|
done(err);
|
|
|
|
|
}
|
2017-07-03 19:17:49 +02:00
|
|
|
};
|
2021-04-18 15:48:35 +02:00
|
|
|
ObjectManagers.getInstance().UserManager = {
|
2023-01-05 23:11:58 +01:00
|
|
|
findOne: (_: never): Promise<UserDTO> => {
|
2017-07-03 20:33:10 +02:00
|
|
|
return Promise.reject(null);
|
2017-07-03 19:17:49 +02:00
|
|
|
}
|
2021-04-18 15:48:35 +02:00
|
|
|
} as UserManager;
|
2017-07-03 19:17:49 +02:00
|
|
|
AuthenticationMWs.login(req, null, next);
|
|
|
|
|
|
2016-05-25 20:17:42 +02:00
|
|
|
|
|
|
|
|
});
|
|
|
|
|
|
2025-08-14 16:59:07 +02:00
|
|
|
it('should call next with user on the session on finding user', (done: (err?: any) => void) => {
|
2018-11-28 23:49:33 +01:00
|
|
|
const req: any = {
|
2017-07-03 19:17:49 +02:00
|
|
|
session: {},
|
|
|
|
|
body: {
|
|
|
|
|
loginCredential: {
|
2018-03-30 15:30:30 -04:00
|
|
|
username: 'aa',
|
|
|
|
|
password: 'bb'
|
2017-07-03 19:17:49 +02:00
|
|
|
}
|
2017-07-03 20:33:10 +02:00
|
|
|
},
|
|
|
|
|
query: {},
|
|
|
|
|
params: {}
|
2017-07-03 19:17:49 +02:00
|
|
|
};
|
2025-08-14 16:59:07 +02:00
|
|
|
const testUser = 'test user' as any;
|
|
|
|
|
const testContext = {user: testUser};
|
|
|
|
|
|
2021-01-04 11:11:55 +01:00
|
|
|
const next: any = (err: ErrorDTO) => {
|
2017-07-03 19:17:49 +02:00
|
|
|
expect(err).to.be.undefined;
|
2025-08-14 16:59:07 +02:00
|
|
|
expect(req.session.context).to.be.eql(testContext);
|
2017-07-03 19:17:49 +02:00
|
|
|
done();
|
|
|
|
|
};
|
2025-08-14 16:59:07 +02:00
|
|
|
|
|
|
|
|
ObjectManagers.getInstance().UserManager = {
|
|
|
|
|
findOne: (filter: never) => {
|
|
|
|
|
return Promise.resolve(testUser);
|
|
|
|
|
}
|
|
|
|
|
} as UserManager;
|
|
|
|
|
|
|
|
|
|
// Add SearchManager mock to avoid errors in buildContext
|
|
|
|
|
ObjectManagers.getInstance().SearchManager = {
|
|
|
|
|
prepareAndBuildWhereQuery: (query: any) => {
|
|
|
|
|
return Promise.resolve(null);
|
|
|
|
|
}
|
|
|
|
|
} as any;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
AuthenticationMWs.login(req, null, next);
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('should create context with allowQuery', (done: (err?: any) => void) => {
|
|
|
|
|
const req: any = {
|
|
|
|
|
session: {},
|
|
|
|
|
body: {
|
|
|
|
|
loginCredential: {
|
|
|
|
|
username: 'aa',
|
|
|
|
|
password: 'bb'
|
|
|
|
|
}
|
|
|
|
|
},
|
|
|
|
|
query: {},
|
|
|
|
|
params: {}
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
const testUser = {
|
|
|
|
|
name: 'testuser',
|
|
|
|
|
role: UserRoles.Admin,
|
|
|
|
|
allowQuery: {
|
|
|
|
|
type: SearchQueryTypes.directory,
|
|
|
|
|
text: '/allowed/path',
|
|
|
|
|
matchType: TextSearchQueryMatchTypes.exact_match
|
|
|
|
|
}
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
const projectionQuery = {someQueryObject: true};
|
|
|
|
|
const testContext = {
|
|
|
|
|
user: testUser,
|
|
|
|
|
projectionQuery: projectionQuery
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
const next: any = (err: ErrorDTO) => {
|
|
|
|
|
try {
|
|
|
|
|
expect(err).to.be.undefined;
|
|
|
|
|
expect(req.session?.context).to.be.eql(testContext);
|
|
|
|
|
done();
|
|
|
|
|
}catch (e){
|
|
|
|
|
done(e);
|
|
|
|
|
}
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
ObjectManagers.getInstance().UserManager = {
|
|
|
|
|
findOne: (filter: never) => {
|
|
|
|
|
return Promise.resolve(testUser);
|
|
|
|
|
}
|
|
|
|
|
} as any;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// @ts-ignore
|
|
|
|
|
ObjectManagers.getInstance().buildContext = async (user: any) => {
|
|
|
|
|
expect(user).to.be.eql(testUser);
|
|
|
|
|
return testContext;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
AuthenticationMWs.login(req, null, next);
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('should create context with blockQuery', (done: (err?: any) => void) => {
|
|
|
|
|
const req: any = {
|
|
|
|
|
session: {},
|
|
|
|
|
body: {
|
|
|
|
|
loginCredential: {
|
|
|
|
|
username: 'aa',
|
|
|
|
|
password: 'bb'
|
|
|
|
|
}
|
|
|
|
|
},
|
|
|
|
|
query: {},
|
|
|
|
|
params: {}
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
const testUser = {
|
|
|
|
|
name: 'testuser',
|
|
|
|
|
role: UserRoles.Admin,
|
|
|
|
|
blockQuery: {
|
|
|
|
|
type: SearchQueryTypes.directory,
|
|
|
|
|
text: '/blocked/path',
|
|
|
|
|
matchType: TextSearchQueryMatchTypes.exact_match
|
|
|
|
|
}
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
const projectionQuery = {someQueryObject: true};
|
|
|
|
|
const testContext = {
|
|
|
|
|
user: testUser,
|
|
|
|
|
projectionQuery: projectionQuery
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
const next: any = (err: ErrorDTO) => {
|
|
|
|
|
try {
|
|
|
|
|
expect(err).to.be.undefined;
|
|
|
|
|
expect(req.session?.context).to.be.eql(testContext);
|
|
|
|
|
done();
|
|
|
|
|
}catch (e){
|
|
|
|
|
done(e);
|
|
|
|
|
}
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
// @ts-ignore
|
2021-04-18 15:48:35 +02:00
|
|
|
ObjectManagers.getInstance().UserManager = {
|
2023-01-05 23:11:58 +01:00
|
|
|
findOne: (filter: never) => {
|
2025-08-14 16:59:07 +02:00
|
|
|
return Promise.resolve(testUser);
|
2017-07-03 19:17:49 +02:00
|
|
|
}
|
2023-01-05 23:11:58 +01:00
|
|
|
} as UserManager;
|
2025-08-14 16:59:07 +02:00
|
|
|
|
|
|
|
|
ObjectManagers.getInstance().SearchManager = {
|
|
|
|
|
prepareAndBuildWhereQuery: (query: any) => {
|
|
|
|
|
// In real code, the blockQuery would be negated first
|
|
|
|
|
expect(query).not.to.be.undefined;
|
|
|
|
|
return Promise.resolve(projectionQuery);
|
|
|
|
|
}
|
|
|
|
|
} as any;
|
|
|
|
|
|
|
|
|
|
// @ts-ignore
|
|
|
|
|
ObjectManagers.getInstance().buildContext = async (user: any) => {
|
|
|
|
|
expect(user).to.be.eql(testUser);
|
|
|
|
|
return testContext;
|
|
|
|
|
};
|
|
|
|
|
|
2017-07-03 19:17:49 +02:00
|
|
|
AuthenticationMWs.login(req, null, next);
|
2025-08-14 16:59:07 +02:00
|
|
|
});
|
2016-05-25 20:17:42 +02:00
|
|
|
|
2025-08-14 16:59:07 +02:00
|
|
|
it('should create context with both allowQuery and blockQuery', (done: (err?: any) => void) => {
|
|
|
|
|
const req: any = {
|
|
|
|
|
session: {},
|
|
|
|
|
body: {
|
|
|
|
|
loginCredential: {
|
|
|
|
|
username: 'aa',
|
|
|
|
|
password: 'bb'
|
|
|
|
|
}
|
|
|
|
|
},
|
|
|
|
|
query: {},
|
|
|
|
|
params: {}
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
const testUser = {
|
|
|
|
|
name: 'testuser',
|
|
|
|
|
role: UserRoles.Admin,
|
|
|
|
|
allowQuery: {
|
|
|
|
|
type: SearchQueryTypes.directory,
|
|
|
|
|
text: '/allowed/path',
|
|
|
|
|
matchType: TextSearchQueryMatchTypes.exact_match
|
|
|
|
|
},
|
|
|
|
|
blockQuery: {
|
|
|
|
|
type: SearchQueryTypes.directory,
|
|
|
|
|
text: '/blocked/path',
|
|
|
|
|
matchType: TextSearchQueryMatchTypes.exact_match
|
|
|
|
|
}
|
|
|
|
|
};
|
2016-05-25 20:17:42 +02:00
|
|
|
|
2025-08-14 16:59:07 +02:00
|
|
|
const projectionQuery = {someQueryObject: true};
|
|
|
|
|
const testContext = {
|
|
|
|
|
user: {
|
|
|
|
|
...testUser,
|
|
|
|
|
projectionKey: 'some-hash-value'
|
|
|
|
|
},
|
|
|
|
|
projectionQuery: projectionQuery
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
const next: any = (err: ErrorDTO) => {
|
|
|
|
|
try {
|
|
|
|
|
expect(err).to.be.undefined;
|
|
|
|
|
expect(req.session.context).to.be.eql(testContext);
|
|
|
|
|
expect(req.session.context.user.projectionKey).not.to.be.undefined;
|
|
|
|
|
done();
|
|
|
|
|
}catch (e){
|
|
|
|
|
done(e);
|
|
|
|
|
}
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
// @ts-ignore
|
|
|
|
|
ObjectManagers.getInstance().UserManager = {
|
|
|
|
|
findOne: (filter: never) => {
|
|
|
|
|
return Promise.resolve({...testUser});
|
|
|
|
|
}
|
|
|
|
|
} as UserManager;
|
|
|
|
|
|
|
|
|
|
ObjectManagers.getInstance().SearchManager = {
|
|
|
|
|
prepareAndBuildWhereQuery: (query: any) => {
|
|
|
|
|
// In the real code, this would be an AND query combining allowQuery and negated blockQuery
|
|
|
|
|
expect(query.type).to.be.eql(SearchQueryTypes.AND);
|
|
|
|
|
expect(query.list).to.have.lengthOf(2);
|
|
|
|
|
return Promise.resolve(projectionQuery);
|
|
|
|
|
}
|
|
|
|
|
} as any;
|
|
|
|
|
|
|
|
|
|
// @ts-ignore
|
|
|
|
|
ObjectManagers.getInstance().buildContext = async (user: any) => {
|
|
|
|
|
expect(user).to.deep.include({
|
|
|
|
|
name: testUser.name,
|
|
|
|
|
role: testUser.role
|
|
|
|
|
});
|
|
|
|
|
return testContext;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
AuthenticationMWs.login(req, null, next);
|
2016-05-25 20:17:42 +02:00
|
|
|
});
|
2017-07-03 19:17:49 +02:00
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
describe('logout', () => {
|
2023-03-11 22:42:46 +01:00
|
|
|
it('should call next on logout', (done: (err?: any) => void) => {
|
2018-11-28 23:49:33 +01:00
|
|
|
const req: any = {
|
2017-07-03 19:17:49 +02:00
|
|
|
session: {
|
2025-08-14 16:59:07 +02:00
|
|
|
context: {
|
|
|
|
|
user: {
|
|
|
|
|
role: UserRoles.LimitedGuest
|
|
|
|
|
}
|
2017-07-03 19:17:49 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
};
|
2019-02-22 23:39:01 +01:00
|
|
|
const next: any = (err: ErrorDTO) => {
|
2023-03-11 22:42:46 +01:00
|
|
|
try {
|
|
|
|
|
expect(err).to.be.undefined;
|
2025-08-14 16:59:07 +02:00
|
|
|
expect(req.session.context).to.be.undefined;
|
2023-03-11 22:42:46 +01:00
|
|
|
done();
|
|
|
|
|
} catch (err) {
|
|
|
|
|
done(err);
|
|
|
|
|
}
|
2017-07-03 19:17:49 +02:00
|
|
|
};
|
|
|
|
|
AuthenticationMWs.logout(req, null, next);
|
|
|
|
|
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
});
|
2016-05-25 20:17:42 +02:00
|
|
|
|
|
|
|
|
});
|
