auth/login should return empty object when insecure

2015-03-25 20:32:40 +00:00 · 2015-03-25 20:32:40 +00:00 · 2a57d0b6d0
parent fcc6943f98
commit 2a57d0b6d0
4 changed files with 26 additions and 10 deletions
--- a/red/api/auth/index.js
+++ b/red/api/auth/index.js
@ -74,9 +74,12 @@ function getToken(req,res,next) {
 }

 function login(req,res) {
-    var response = {
-        "type":"credentials",
-        "prompts":[{id:"username",type:"text",label:"Username"},{id:"password",type:"password",label:"Password"}]
+    var response = {};
+    if (settings.adminAuth) {
+        response = {
+            "type":"credentials",
+            "prompts":[{id:"username",type:"text",label:"Username"},{id:"password",type:"password",label:"Password"}]
+        }
    }
    res.json(response);
 }
--- a/red/api/index.js
+++ b/red/api/index.js
@ -51,6 +51,8 @@ function init(adminApp,storage) {

    adminApp.use(express.json());
    adminApp.use(express.urlencoded());
+
+    adminApp.get("/auth/login",auth.login);
    
    if (settings.adminAuth) {
        //TODO: all passport references ought to be in ./auth
@ -61,7 +63,6 @@ function init(adminApp,storage) {
            auth.getToken,
            auth.errorHandler
        );
-        adminApp.get("/auth/login",auth.login);
        adminApp.post("/auth/revoke",auth.revoke);
    }

--- a/test/red/api/auth/index_spec.js
+++ b/test/red/api/auth/index_spec.js
@ -21,6 +21,7 @@ var sinon = require("sinon");
 var passport = require("passport");

 var auth = require("../../../../red/api/auth");
+var Users = require("../../../../red/api/auth/users");
 var Tokens = require("../../../../red/api/auth/tokens");

 var settings = require("../../../../red/settings");
@ -71,7 +72,16 @@ describe("api auth middleware",function() {
    });
    
    describe("login", function() {
-        it("returns login details", function(done) {
+        beforeEach(function() {
+            sinon.stub(Tokens,"init",function(){});
+            sinon.stub(Users,"init",function(){});
+        });
+        afterEach(function() {
+            Tokens.init.restore();
+            Users.init.restore();
+        });
+        it("returns login details - credentials", function(done) {
+            auth.init({adminAuth:{}},null);
            auth.login(null,{json: function(resp) {
                resp.should.have.a.property("type","credentials");
                resp.should.have.a.property("prompts");
@ -79,6 +89,13 @@ describe("api auth middleware",function() {
                done();
            }});
        });
+        it("returns login details - none", function(done) {
+            auth.init({},null);
+            auth.login(null,{json: function(resp) {
+                resp.should.eql({});
+                done();
+            }});
+        });
            
    });
    
--- a/test/red/api/index_spec.js
+++ b/test/red/api/index_spec.js
@ -51,11 +51,6 @@ describe("api index", function() {
                .get("/settings")
                .expect(200,done)
        });
-        it('does not serve auth', function(done) {
-            request(app)
-                .get("/auth/login")
-                .expect(404,done)
-        });
    });

    describe("can serve auth", function() {