1
0
mirror of https://github.com/bpatrik/pigallery2.git synced 2024-12-25 02:04:15 +02:00
pigallery2/test/backend/unit/middlewares/user/AuthenticationMWs.ts

316 lines
8.7 KiB
TypeScript
Raw Normal View History

/* tslint:disable:no-unused-expression */
2018-03-30 21:30:30 +02:00
import {expect} from 'chai';
2019-12-10 11:44:35 +02:00
import {AuthenticationMWs} from '../../../../../src/backend/middlewares/user/AuthenticationMWs';
import {ErrorCodes, ErrorDTO} from '../../../../../src/common/entities/Error';
import {UserDTO, UserRoles} from '../../../../../src/common/entities/UserDTO';
import {ObjectManagers} from '../../../../../src/backend/model/ObjectManagers';
import {UserManager} from '../../../../../src/backend/model/database/memory/UserManager';
2019-12-10 11:44:35 +02:00
import {Config} from '../../../../../src/common/config/private/Config';
import {IUserManager} from '../../../../../src/backend/model/database/interfaces/IUserManager';
2019-02-23 00:39:01 +02:00
import * as path from 'path';
2016-05-25 20:17:42 +02:00
2019-02-23 00:39:01 +02:00
declare const describe: any;
declare const it: any;
declare const beforeEach: any;
2016-05-25 20:17:42 +02:00
describe('Authentication middleware', () => {
2017-07-03 19:17:49 +02:00
beforeEach(() => {
ObjectManagers.reset();
2017-07-03 19:17:49 +02:00
});
describe('authenticate', () => {
2019-02-23 00:39:01 +02:00
it('should call next on authenticated', (done: () => void) => {
2018-11-29 00:49:33 +02:00
const req: any = {
2017-07-03 19:17:49 +02:00
session: {
2018-03-30 21:30:30 +02:00
user: 'A user'
2017-07-03 20:33:10 +02:00
},
2017-07-19 10:37:00 +02:00
sessionOptions: {},
2017-07-03 20:33:10 +02:00
query: {},
params: {}
2017-07-03 19:17:49 +02:00
};
2021-01-04 12:11:55 +02:00
const next: any = (err: ErrorDTO) => {
2017-07-03 19:17:49 +02:00
expect(err).to.be.undefined;
done();
};
AuthenticationMWs.authenticate(req, null, next);
});
2019-02-23 00:39:01 +02:00
it('should call next with error on not authenticated', (done: () => void) => {
2018-11-29 00:49:33 +02:00
const req: any = {
2017-07-03 20:33:10 +02:00
session: {},
2017-07-19 10:37:00 +02:00
sessionOptions: {},
2017-07-03 20:33:10 +02:00
query: {},
params: {}
2017-07-03 19:17:49 +02:00
};
Config.Client.authenticationRequired = true;
2021-01-04 12:11:55 +02:00
const next: any = (err: ErrorDTO) => {
2017-07-03 19:17:49 +02:00
expect(err).not.to.be.undefined;
expect(err.code).to.be.eql(ErrorCodes.NOT_AUTHENTICATED);
done();
};
AuthenticationMWs.authenticate(req, {
status: () => {
}
} as any, next);
2017-07-03 19:17:49 +02:00
});
});
2019-02-23 00:39:01 +02:00
describe('authorisePath', () => {
const req = {
session: {
user: {permissions: null as string[]}
},
2019-02-23 00:39:01 +02:00
sessionOptions: {},
query: {},
params: {
path: '/test'
}
};
const authoriseDirPath = AuthenticationMWs.authorisePath('path', true);
const test = (relativePath: string): Promise<string | number> => {
return new Promise((resolve) => {
req.params.path = path.normalize(relativePath);
authoriseDirPath(req as any, {sendStatus: resolve} as any, () => {
2019-02-23 00:39:01 +02:00
resolve('ok');
});
});
};
it('should catch unauthorized path usage', async () => {
req.session.user.permissions = [path.normalize('/sub/subsub')];
2019-02-23 00:39:01 +02:00
expect(await test('/sub/subsub')).to.be.eql('ok');
expect(await test('/test')).to.be.eql(403);
expect(await test('/')).to.be.eql(403);
expect(await test('/sub/test')).to.be.eql(403);
expect(await test('/sub/subsub/test')).to.be.eql(403);
expect(await test('/sub/subsub/test/test2')).to.be.eql(403);
req.session.user.permissions = [path.normalize('/sub/subsub'), path.normalize('/sub/subsub2')];
2019-02-23 00:39:01 +02:00
expect(await test('/sub/subsub2')).to.be.eql('ok');
expect(await test('/sub/subsub')).to.be.eql('ok');
expect(await test('/test')).to.be.eql(403);
expect(await test('/')).to.be.eql(403);
expect(await test('/sub/test')).to.be.eql(403);
expect(await test('/sub/subsub/test')).to.be.eql(403);
expect(await test('/sub/subsub2/test')).to.be.eql(403);
req.session.user.permissions = [path.normalize('/sub/subsub*')];
2019-02-23 00:39:01 +02:00
expect(await test('/b')).to.be.eql(403);
expect(await test('/sub')).to.be.eql(403);
expect(await test('/sub/subsub2')).to.be.eql(403);
expect(await test('/sub/subsub2/test')).to.be.eql(403);
expect(await test('/sub/subsub')).to.be.eql('ok');
expect(await test('/sub/subsub/test')).to.be.eql('ok');
expect(await test('/sub/subsub/test/two')).to.be.eql('ok');
});
});
2017-07-03 19:17:49 +02:00
describe('inverseAuthenticate', () => {
2019-02-23 00:39:01 +02:00
it('should call next with error on authenticated', (done: () => void) => {
2018-11-29 00:49:33 +02:00
const req: any = {
2017-07-19 10:37:00 +02:00
session: {},
sessionOptions: {},
2017-07-03 19:17:49 +02:00
};
2018-11-29 00:49:33 +02:00
const res: any = {};
2019-02-23 00:39:01 +02:00
const next: any = (err: ErrorDTO) => {
2017-07-03 19:17:49 +02:00
expect(err).to.be.undefined;
done();
};
AuthenticationMWs.inverseAuthenticate(req, null, next);
});
2019-02-23 00:39:01 +02:00
it('should call next error on authenticated', (done: () => void) => {
2018-11-29 00:49:33 +02:00
const req: any = {
2017-07-03 19:17:49 +02:00
session: {
2018-03-30 21:30:30 +02:00
user: 'A user'
2017-07-19 10:37:00 +02:00
},
sessionOptions: {},
2017-07-03 19:17:49 +02:00
};
2021-01-04 12:11:55 +02:00
const next: any = (err: ErrorDTO) => {
2017-07-03 19:17:49 +02:00
expect(err).not.to.be.undefined;
expect(err.code).to.be.eql(ErrorCodes.ALREADY_AUTHENTICATED);
done();
};
AuthenticationMWs.inverseAuthenticate(req, null, next);
});
});
describe('authorise', () => {
2019-02-23 00:39:01 +02:00
it('should call next on authorised', (done: () => void) => {
2018-11-29 00:49:33 +02:00
const req: any = {
2017-07-03 19:17:49 +02:00
session: {
user: {
2017-07-09 12:03:17 +02:00
role: UserRoles.LimitedGuest
2017-07-03 19:17:49 +02:00
}
2017-07-19 10:37:00 +02:00
},
sessionOptions: {}
2017-07-03 19:17:49 +02:00
};
2021-01-04 12:11:55 +02:00
const next: any = (err: ErrorDTO) => {
2017-07-03 19:17:49 +02:00
expect(err).to.be.undefined;
done();
};
2017-07-09 12:03:17 +02:00
AuthenticationMWs.authorise(UserRoles.LimitedGuest)(req, null, next);
2017-07-03 19:17:49 +02:00
2016-05-25 20:17:42 +02:00
});
2019-02-23 00:39:01 +02:00
it('should call next with error on not authorised', (done: () => void) => {
2018-11-29 00:49:33 +02:00
const req: any = {
2017-07-03 19:17:49 +02:00
session: {
user: {
2017-07-09 12:03:17 +02:00
role: UserRoles.LimitedGuest
2017-07-03 19:17:49 +02:00
}
2017-07-19 10:37:00 +02:00
},
sessionOptions: {}
2017-07-03 19:17:49 +02:00
};
2021-01-04 12:11:55 +02:00
const next: any = (err: ErrorDTO) => {
2017-07-03 19:17:49 +02:00
expect(err).not.to.be.undefined;
expect(err.code).to.be.eql(ErrorCodes.NOT_AUTHORISED);
done();
};
AuthenticationMWs.authorise(UserRoles.Developer)(req, null, next);
2016-05-25 20:17:42 +02:00
});
2017-07-03 19:17:49 +02:00
});
2016-05-25 20:17:42 +02:00
2017-07-03 19:17:49 +02:00
describe('login', () => {
beforeEach(() => {
ObjectManagers.reset();
2016-05-25 20:17:42 +02:00
});
2017-07-15 12:47:11 +02:00
describe('should call input ErrorDTO next on missing...', () => {
2019-02-23 00:39:01 +02:00
it('body', (done: () => void) => {
2018-11-29 00:49:33 +02:00
const req: any = {
2017-07-03 20:33:10 +02:00
query: {},
params: {}
};
2021-01-04 12:11:55 +02:00
const next: any = (err: ErrorDTO) => {
2017-07-03 20:33:10 +02:00
expect(err).not.to.be.undefined;
expect(err.code).to.be.eql(ErrorCodes.INPUT_ERROR);
2017-07-03 19:17:49 +02:00
done();
};
AuthenticationMWs.login(req, null, next);
});
2019-02-23 00:39:01 +02:00
it('loginCredential', (done: () => void) => {
2018-11-29 00:49:33 +02:00
const req: any = {
2017-07-03 20:33:10 +02:00
body: {},
query: {},
params: {}
2017-07-03 19:17:49 +02:00
};
2021-01-04 12:11:55 +02:00
const next: any = (err: ErrorDTO) => {
2017-07-03 20:33:10 +02:00
expect(err).not.to.be.undefined;
expect(err.code).to.be.eql(ErrorCodes.INPUT_ERROR);
2017-07-03 19:17:49 +02:00
done();
};
AuthenticationMWs.login(req, null, next);
});
2019-02-23 00:39:01 +02:00
it('loginCredential content', (done: () => void) => {
2018-11-29 00:49:33 +02:00
const req: any = {
2017-07-03 20:33:10 +02:00
body: {loginCredential: {}},
query: {},
params: {}
2017-07-03 19:17:49 +02:00
};
2021-01-04 12:11:55 +02:00
const next: any = (err: ErrorDTO) => {
2017-07-03 20:33:10 +02:00
expect(err).not.to.be.undefined;
expect(err.code).to.be.eql(ErrorCodes.INPUT_ERROR);
2017-07-03 19:17:49 +02:00
done();
};
AuthenticationMWs.login(req, null, next);
});
2016-05-25 20:17:42 +02:00
});
2019-02-23 00:39:01 +02:00
it('should call next with error on not finding user', (done: () => void) => {
2018-11-29 00:49:33 +02:00
const req: any = {
2017-07-03 19:17:49 +02:00
body: {
loginCredential: {
2018-03-30 21:30:30 +02:00
username: 'aa',
password: 'bb'
2017-07-03 19:17:49 +02:00
}
2017-07-03 20:33:10 +02:00
},
query: {},
params: {}
2017-07-03 19:17:49 +02:00
};
2021-01-04 12:11:55 +02:00
const next: any = (err: ErrorDTO) => {
2017-07-03 19:17:49 +02:00
expect(err).not.to.be.undefined;
expect(err.code).to.be.eql(ErrorCodes.CREDENTIAL_NOT_FOUND);
done();
};
ObjectManagers.getInstance().UserManager = {
2017-07-03 20:33:10 +02:00
findOne: (filter): Promise<UserDTO> => {
return Promise.reject(null);
2017-07-03 19:17:49 +02:00
}
} as UserManager;
2017-07-03 19:17:49 +02:00
AuthenticationMWs.login(req, null, next);
2016-05-25 20:17:42 +02:00
});
2019-02-23 00:39:01 +02:00
it('should call next with user on the session on finding user', (done: () => void) => {
2018-11-29 00:49:33 +02:00
const req: any = {
2017-07-03 19:17:49 +02:00
session: {},
body: {
loginCredential: {
2018-03-30 21:30:30 +02:00
username: 'aa',
password: 'bb'
2017-07-03 19:17:49 +02:00
}
2017-07-03 20:33:10 +02:00
},
query: {},
params: {}
2017-07-03 19:17:49 +02:00
};
2021-01-04 12:11:55 +02:00
const next: any = (err: ErrorDTO) => {
2017-07-03 19:17:49 +02:00
expect(err).to.be.undefined;
expect(req.session.user).to.be.eql('test user');
2017-07-03 19:17:49 +02:00
done();
};
ObjectManagers.getInstance().UserManager = {
2017-07-03 20:33:10 +02:00
findOne: (filter) => {
return Promise.resolve('test user' as any);
2017-07-03 19:17:49 +02:00
}
} as IUserManager;
2017-07-03 19:17:49 +02:00
AuthenticationMWs.login(req, null, next);
2016-05-25 20:17:42 +02:00
});
2017-07-03 19:17:49 +02:00
});
describe('logout', () => {
2019-02-23 00:39:01 +02:00
it('should call next on logout', (done: () => void) => {
2018-11-29 00:49:33 +02:00
const req: any = {
2017-07-03 19:17:49 +02:00
session: {
user: {
2017-07-09 12:03:17 +02:00
role: UserRoles.LimitedGuest
2017-07-03 19:17:49 +02:00
}
}
};
2019-02-23 00:39:01 +02:00
const next: any = (err: ErrorDTO) => {
2017-07-03 19:17:49 +02:00
expect(err).to.be.undefined;
2020-01-07 23:17:54 +02:00
expect(req.user).to.be.undefined;
2017-07-03 19:17:49 +02:00
done();
};
AuthenticationMWs.logout(req, null, next);
});
});
2016-05-25 20:17:42 +02:00
});