node-red/test/unit/@node-red/editor-api/lib/auth/index_spec.js

/**
 * Copyright JS Foundation and other contributors, http://js.foundation
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 **/

var should = require("should");
var when = require("when");
var sinon = require("sinon");

var passport = require("passport");

var NR_TEST_UTILS = require("nr-test-utils");

var auth = NR_TEST_UTILS.require("@node-red/editor-api/lib/auth");
var Users = NR_TEST_UTILS.require("@node-red/editor-api/lib/auth/users");
var Tokens = NR_TEST_UTILS.require("@node-red/editor-api/lib/auth/tokens");
var Permissions = NR_TEST_UTILS.require("@node-red/editor-api/lib/auth/permissions");

describe("api/auth/index",function() {


    describe("ensureClientSecret", function() {
        before(function() {
            auth.init({},{})
        });
        it("leaves client_secret alone if not present",function(done) {
            var req = {
                body: {
                    client_secret: "test_value"
                }
            };
            auth.ensureClientSecret(req,null,function() {
                req.body.should.have.a.property("client_secret","test_value");
                done();
            })
        });
        it("applies a default client_secret if not present",function(done) {
            var req = {
                body: { }
            };
            auth.ensureClientSecret(req,null,function() {
                req.body.should.have.a.property("client_secret","not_available");
                done();
            })
        });
    });

    describe("revoke", function() {
        it("revokes a token", function(done) {
            var revokeToken = sinon.stub(Tokens,"revoke",function() {
                return when.resolve();
            });

            var req = { body: { token: "abcdef" } };

            var res = { status: function(resp) {
                revokeToken.restore();

                resp.should.equal(200);
                return {
                    end: done
                }
            }};

            auth.revoke(req,res);
        });
    });

    describe("login", function() {
        beforeEach(function() {
            sinon.stub(Tokens,"init",function(){});
            sinon.stub(Users,"init",function(){});
        });
        afterEach(function() {
            Tokens.init.restore();
            Users.init.restore();
        });
        it("returns login details - credentials", function(done) {
            auth.init({adminAuth:{type:"credentials"}},{})
            auth.login(null,{json: function(resp) {
                resp.should.have.a.property("type","credentials");
                resp.should.have.a.property("prompts");
                resp.prompts.should.have.a.lengthOf(2);
                done();
            }});
        });
        it("returns login details - none", function(done) {
            auth.init({},{})
            auth.login(null,{json: function(resp) {
                resp.should.eql({});
                done();
            }});
        });
        it("returns login details - strategy", function(done) {
            auth.init({adminAuth:{type:"strategy",strategy:{label:"test-strategy",icon:"test-icon"}}},{})
            auth.login(null,{json: function(resp) {
                resp.should.have.a.property("type","strategy");
                resp.should.have.a.property("prompts");
                resp.prompts.should.have.a.lengthOf(1);
                resp.prompts[0].should.have.a.property("type","button");
                resp.prompts[0].should.have.a.property("label","test-strategy");
                resp.prompts[0].should.have.a.property("icon","test-icon");

                done();
            }});
        });

    });
    describe("needsPermission", function() {
        beforeEach(function() {
            sinon.stub(Tokens,"init",function(){});
            sinon.stub(Users,"init",function(){});
        });
        afterEach(function() {
            Tokens.init.restore();
            Users.init.restore();
            if (passport.authenticate.restore) {
                passport.authenticate.restore();
            }
            if (Permissions.hasPermission.restore) {
                Permissions.hasPermission.restore();
            }
        });


        it('no-ops if adminAuth not set', function(done) {
            sinon.stub(passport,"authenticate",function(scopes,opts) {
                return function(req,res,next) {
                }
            });
            auth.init({});
            var func = auth.needsPermission("foo");
            func({},{},function() {
                passport.authenticate.called.should.be.false();
                done();
            })
        });
        it('skips auth if req.user undefined', function(done) {
            sinon.stub(passport,"authenticate",function(scopes,opts) {
                return function(req,res,next) {
                    next();
                }
            });
            sinon.stub(Permissions,"hasPermission",function(perm) { return true });
            auth.init({adminAuth:{}});
            var func = auth.needsPermission("foo");
            func({user:null},{},function() {
                try {
                    passport.authenticate.called.should.be.true();
                    Permissions.hasPermission.called.should.be.false();
                    done();
                } catch(err) {
                    done(err);
                }
            })
        });

        it('passes for valid user permission', function(done) {
            sinon.stub(passport,"authenticate",function(scopes,opts) {
                return function(req,res,next) {
                    next();
                }
            });
            sinon.stub(Permissions,"hasPermission",function(perm) { return true });
            auth.init({adminAuth:{}});
            var func = auth.needsPermission("foo");
            func({user:true,authInfo: { scope: "read"}},{},function() {
                try {
                    passport.authenticate.called.should.be.true();
                    Permissions.hasPermission.called.should.be.true();
                    Permissions.hasPermission.lastCall.args[0].should.eql("read");
                    Permissions.hasPermission.lastCall.args[1].should.eql("foo");
                    done();
                } catch(err) {
                    done(err);
                }
            })
        });

        it('rejects for invalid user permission', function(done) {
            sinon.stub(passport,"authenticate",function(scopes,opts) {
                return function(req,res,next) {
                    next();
                }
            });
            sinon.stub(Permissions,"hasPermission",function(perm) { return false });
            auth.init({adminAuth:{}});
            var func = auth.needsPermission("foo");
            func({user:true,authInfo: { scope: "read"}},{
                status: function(status) {
                    return { end: function() {
                        try {
                            status.should.eql(401);
                            done();
                        } catch(err) {
                            done(err);
                        }
                    }}
                }
            },function() {
                done(new Error("hasPermission unexpected passed"))
            });
        });
    });
});
Add oauth grant 2014-11-06 23:59:48 +01:00			`/**`
Update copyright header for JS Foundation 2017-01-11 16:24:33 +01:00			`* Copyright JS Foundation and other contributors, http://js.foundation`
Add oauth grant 2014-11-06 23:59:48 +01:00			`*`
			`* Licensed under the Apache License, Version 2.0 (the "License");`
			`* you may not use this file except in compliance with the License.`
			`* You may obtain a copy of the License at`
			`*`
			`* http://www.apache.org/licenses/LICENSE-2.0`
			`*`
			`* Unless required by applicable law or agreed to in writing, software`
			`* distributed under the License is distributed on an "AS IS" BASIS,`
			`* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`* See the License for the specific language governing permissions and`
			`* limitations under the License.`
			`**/`
Move to express 4.x 2015-07-15 23:43:24 +02:00
Add oauth grant 2014-11-06 23:59:48 +01:00			`var should = require("should");`
Increase unit test coverage of auth code 2015-01-28 23:41:13 +01:00			`var when = require("when");`
Add oauth grant 2014-11-06 23:59:48 +01:00			`var sinon = require("sinon");`

			`var passport = require("passport");`

Fixup all the tests 2018-08-20 17:17:24 +02:00			`var NR_TEST_UTILS = require("nr-test-utils");`

			`var auth = NR_TEST_UTILS.require("@node-red/editor-api/lib/auth");`
			`var Users = NR_TEST_UTILS.require("@node-red/editor-api/lib/auth/users");`
			`var Tokens = NR_TEST_UTILS.require("@node-red/editor-api/lib/auth/tokens");`
			`var Permissions = NR_TEST_UTILS.require("@node-red/editor-api/lib/auth/permissions");`
Add oauth grant 2014-11-06 23:59:48 +01:00
Initial projects implementation 2017-09-20 11:30:07 +02:00			`describe("api/auth/index",function() {`
Add oauth grant 2014-11-06 23:59:48 +01:00

Move to express 4.x 2015-07-15 23:43:24 +02:00
Add oauth grant 2014-11-06 23:59:48 +01:00			`describe("ensureClientSecret", function() {`
WIP: separate runtime and api components 2015-11-11 23:11:02 +01:00			`before(function() {`
Fixup all the tests 2018-04-24 16:01:49 +02:00			`auth.init({},{})`
WIP: separate runtime and api components 2015-11-11 23:11:02 +01:00			`});`
Add oauth grant 2014-11-06 23:59:48 +01:00			`it("leaves client_secret alone if not present",function(done) {`
			`var req = {`
			`body: {`
			`client_secret: "test_value"`
			`}`
			`};`
			`auth.ensureClientSecret(req,null,function() {`
			`req.body.should.have.a.property("client_secret","test_value");`
			`done();`
			`})`
			`});`
			`it("applies a default client_secret if not present",function(done) {`
			`var req = {`
			`body: { }`
			`};`
			`auth.ensureClientSecret(req,null,function() {`
			`req.body.should.have.a.property("client_secret","not_available");`
			`done();`
			`})`
			`});`
			`});`
Move to express 4.x 2015-07-15 23:43:24 +02:00
Increase unit test coverage of auth code 2015-01-28 23:41:13 +01:00			`describe("revoke", function() {`
			`it("revokes a token", function(done) {`
			`var revokeToken = sinon.stub(Tokens,"revoke",function() {`
			`return when.resolve();`
			`});`
Move to express 4.x 2015-07-15 23:43:24 +02:00
Increase unit test coverage of auth code 2015-01-28 23:41:13 +01:00			`var req = { body: { token: "abcdef" } };`
Move to express 4.x 2015-07-15 23:43:24 +02:00
			`var res = { status: function(resp) {`
Increase unit test coverage of auth code 2015-01-28 23:41:13 +01:00			`revokeToken.restore();`

			`resp.should.equal(200);`
Update auth revoke test for express 4 2015-10-03 21:32:24 +02:00			`return {`
			`end: done`
			`}`
Increase unit test coverage of auth code 2015-01-28 23:41:13 +01:00			`}};`
Move to express 4.x 2015-07-15 23:43:24 +02:00
Increase unit test coverage of auth code 2015-01-28 23:41:13 +01:00			`auth.revoke(req,res);`
			`});`
			`});`
Move to express 4.x 2015-07-15 23:43:24 +02:00
Increase unit test coverage of auth code 2015-01-28 23:41:13 +01:00			`describe("login", function() {`
auth/login should return empty object when insecure 2015-03-25 21:32:40 +01:00			`beforeEach(function() {`
			`sinon.stub(Tokens,"init",function(){});`
			`sinon.stub(Users,"init",function(){});`
			`});`
			`afterEach(function() {`
			`Tokens.init.restore();`
			`Users.init.restore();`
			`});`
			`it("returns login details - credentials", function(done) {`
Fixup all the tests 2018-04-24 16:01:49 +02:00			`auth.init({adminAuth:{type:"credentials"}},{})`
Increase unit test coverage of auth code 2015-01-28 23:41:13 +01:00			`auth.login(null,{json: function(resp) {`
			`resp.should.have.a.property("type","credentials");`
			`resp.should.have.a.property("prompts");`
			`resp.prompts.should.have.a.lengthOf(2);`
			`done();`
			`}});`
			`});`
auth/login should return empty object when insecure 2015-03-25 21:32:40 +01:00			`it("returns login details - none", function(done) {`
Fixup all the tests 2018-04-24 16:01:49 +02:00			`auth.init({},{})`
auth/login should return empty object when insecure 2015-03-25 21:32:40 +01:00			`auth.login(null,{json: function(resp) {`
			`resp.should.eql({});`
			`done();`
			`}});`
			`});`
Update tests for oauth -> strategy rename 2017-04-21 23:06:12 +02:00			`it("returns login details - strategy", function(done) {`
Fixup all the tests 2018-04-24 16:01:49 +02:00			`auth.init({adminAuth:{type:"strategy",strategy:{label:"test-strategy",icon:"test-icon"}}},{})`
Add support for oauth adminAuth configs 2017-04-12 11:09:03 +02:00			`auth.login(null,{json: function(resp) {`
Update tests for oauth -> strategy rename 2017-04-21 23:06:12 +02:00			`resp.should.have.a.property("type","strategy");`
Add support for oauth adminAuth configs 2017-04-12 11:09:03 +02:00			`resp.should.have.a.property("prompts");`
			`resp.prompts.should.have.a.lengthOf(1);`
			`resp.prompts[0].should.have.a.property("type","button");`
Update tests for oauth -> strategy rename 2017-04-21 23:06:12 +02:00			`resp.prompts[0].should.have.a.property("label","test-strategy");`
Add support for oauth adminAuth configs 2017-04-12 11:09:03 +02:00			`resp.prompts[0].should.have.a.property("icon","test-icon");`

			`done();`
			`}});`
			`});`
Move to express 4.x 2015-07-15 23:43:24 +02:00
Increase unit test coverage of auth code 2015-01-28 23:41:13 +01:00			`});`
Fixup all the tests 2018-04-24 16:01:49 +02:00			`describe("needsPermission", function() {`
			`beforeEach(function() {`
			`sinon.stub(Tokens,"init",function(){});`
			`sinon.stub(Users,"init",function(){});`
			`});`
			`afterEach(function() {`
			`Tokens.init.restore();`
			`Users.init.restore();`
			`if (passport.authenticate.restore) {`
			`passport.authenticate.restore();`
			`}`
			`if (Permissions.hasPermission.restore) {`
			`Permissions.hasPermission.restore();`
			`}`
			`});`


			`it('no-ops if adminAuth not set', function(done) {`
			`sinon.stub(passport,"authenticate",function(scopes,opts) {`
			`return function(req,res,next) {`
			`}`
			`});`
			`auth.init({});`
			`var func = auth.needsPermission("foo");`
			`func({},{},function() {`
			`passport.authenticate.called.should.be.false();`
			`done();`
			`})`
			`});`
			`it('skips auth if req.user undefined', function(done) {`
			`sinon.stub(passport,"authenticate",function(scopes,opts) {`
			`return function(req,res,next) {`
			`next();`
			`}`
			`});`
			`sinon.stub(Permissions,"hasPermission",function(perm) { return true });`
			`auth.init({adminAuth:{}});`
			`var func = auth.needsPermission("foo");`
			`func({user:null},{},function() {`
			`try {`
			`passport.authenticate.called.should.be.true();`
			`Permissions.hasPermission.called.should.be.false();`
			`done();`
			`} catch(err) {`
			`done(err);`
			`}`
			`})`
			`});`

			`it('passes for valid user permission', function(done) {`
			`sinon.stub(passport,"authenticate",function(scopes,opts) {`
			`return function(req,res,next) {`
			`next();`
			`}`
			`});`
			`sinon.stub(Permissions,"hasPermission",function(perm) { return true });`
			`auth.init({adminAuth:{}});`
			`var func = auth.needsPermission("foo");`
			`func({user:true,authInfo: { scope: "read"}},{},function() {`
			`try {`
			`passport.authenticate.called.should.be.true();`
			`Permissions.hasPermission.called.should.be.true();`
			`Permissions.hasPermission.lastCall.args[0].should.eql("read");`
			`Permissions.hasPermission.lastCall.args[1].should.eql("foo");`
			`done();`
			`} catch(err) {`
			`done(err);`
			`}`
			`})`
			`});`
Move to express 4.x 2015-07-15 23:43:24 +02:00
Fixup all the tests 2018-04-24 16:01:49 +02:00			`it('rejects for invalid user permission', function(done) {`
			`sinon.stub(passport,"authenticate",function(scopes,opts) {`
			`return function(req,res,next) {`
			`next();`
			`}`
			`});`
			`sinon.stub(Permissions,"hasPermission",function(perm) { return false });`
			`auth.init({adminAuth:{}});`
			`var func = auth.needsPermission("foo");`
			`func({user:true,authInfo: { scope: "read"}},{`
			`status: function(status) {`
			`return { end: function() {`
			`try {`
			`status.should.eql(401);`
			`done();`
			`} catch(err) {`
			`done(err);`
			`}`
			`}}`
			`}`
			`},function() {`
			`done(new Error("hasPermission unexpected passed"))`
			`});`
			`});`
			`});`
Add oauth grant 2014-11-06 23:59:48 +01:00			`});`