frodovdr
/
node-red
mirror of https://github.com/node-red/node-red.git
1
0
Fork 0
Code Issues Releases Wiki Activity

auth/login should return empty object when insecure

This commit is contained in:
Nick O'Leary 2015-03-25 20:32:40 +00:00
parent fcc6943f98
commit 2a57d0b6d0
4 changed files with 26 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
red/api/auth/index.js
View File

@ -74,9 +74,12 @@ function getToken(req,res,next) {
} }
function login(req,res) { function login(req,res) {
var response = { var response = {};
"type":"credentials", if (settings.adminAuth) {
"prompts":[{id:"username",type:"text",label:"Username"},{id:"password",type:"password",label:"Password"}] response = {
"type":"credentials",
"prompts":[{id:"username",type:"text",label:"Username"},{id:"password",type:"password",label:"Password"}]
}
} }
res.json(response); res.json(response);
} }

3
red/api/index.js
View File

@ -51,6 +51,8 @@ function init(adminApp,storage) {
adminApp.use(express.json()); adminApp.use(express.json());
adminApp.use(express.urlencoded()); adminApp.use(express.urlencoded());
adminApp.get("/auth/login",auth.login);
if (settings.adminAuth) { if (settings.adminAuth) {
//TODO: all passport references ought to be in ./auth //TODO: all passport references ought to be in ./auth
@ -61,7 +63,6 @@ function init(adminApp,storage) {
auth.getToken, auth.getToken,
auth.errorHandler auth.errorHandler
); );
adminApp.get("/auth/login",auth.login);
adminApp.post("/auth/revoke",auth.revoke); adminApp.post("/auth/revoke",auth.revoke);
} }

19
test/red/api/auth/index_spec.js
View File

@ -21,6 +21,7 @@ var sinon = require("sinon");
var passport = require("passport"); var passport = require("passport");
var auth = require("../../../../red/api/auth"); var auth = require("../../../../red/api/auth");
var Users = require("../../../../red/api/auth/users");
var Tokens = require("../../../../red/api/auth/tokens"); var Tokens = require("../../../../red/api/auth/tokens");
var settings = require("../../../../red/settings"); var settings = require("../../../../red/settings");
@ -71,7 +72,16 @@ describe("api auth middleware",function() {
}); });
describe("login", function() { describe("login", function() {
it("returns login details", function(done) { beforeEach(function() {
sinon.stub(Tokens,"init",function(){});
sinon.stub(Users,"init",function(){});
});
afterEach(function() {
Tokens.init.restore();
Users.init.restore();
});
it("returns login details - credentials", function(done) {
auth.init({adminAuth:{}},null);
auth.login(null,{json: function(resp) { auth.login(null,{json: function(resp) {
resp.should.have.a.property("type","credentials"); resp.should.have.a.property("type","credentials");
resp.should.have.a.property("prompts"); resp.should.have.a.property("prompts");
@ -79,6 +89,13 @@ describe("api auth middleware",function() {
done(); done();
}}); }});
}); });
it("returns login details - none", function(done) {
auth.init({},null);
auth.login(null,{json: function(resp) {
resp.should.eql({});
done();
}});
});
}); });

5
test/red/api/index_spec.js
View File

@ -51,11 +51,6 @@ describe("api index", function() {
.get("/settings") .get("/settings")
.expect(200,done) .expect(200,done)
}); });
it('does not serve auth', function(done) {
request(app)
.get("/auth/login")
.expect(404,done)
});
}); });
describe("can serve auth", function() { describe("can serve auth", function() {