mirror of
https://github.com/node-red/node-red.git
synced 2023-10-10 13:36:53 +02:00
auth/login should return empty object when insecure
This commit is contained in:
parent
fcc6943f98
commit
2a57d0b6d0
@ -74,9 +74,12 @@ function getToken(req,res,next) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
function login(req,res) {
|
function login(req,res) {
|
||||||
var response = {
|
var response = {};
|
||||||
"type":"credentials",
|
if (settings.adminAuth) {
|
||||||
"prompts":[{id:"username",type:"text",label:"Username"},{id:"password",type:"password",label:"Password"}]
|
response = {
|
||||||
|
"type":"credentials",
|
||||||
|
"prompts":[{id:"username",type:"text",label:"Username"},{id:"password",type:"password",label:"Password"}]
|
||||||
|
}
|
||||||
}
|
}
|
||||||
res.json(response);
|
res.json(response);
|
||||||
}
|
}
|
||||||
|
@ -51,6 +51,8 @@ function init(adminApp,storage) {
|
|||||||
|
|
||||||
adminApp.use(express.json());
|
adminApp.use(express.json());
|
||||||
adminApp.use(express.urlencoded());
|
adminApp.use(express.urlencoded());
|
||||||
|
|
||||||
|
adminApp.get("/auth/login",auth.login);
|
||||||
|
|
||||||
if (settings.adminAuth) {
|
if (settings.adminAuth) {
|
||||||
//TODO: all passport references ought to be in ./auth
|
//TODO: all passport references ought to be in ./auth
|
||||||
@ -61,7 +63,6 @@ function init(adminApp,storage) {
|
|||||||
auth.getToken,
|
auth.getToken,
|
||||||
auth.errorHandler
|
auth.errorHandler
|
||||||
);
|
);
|
||||||
adminApp.get("/auth/login",auth.login);
|
|
||||||
adminApp.post("/auth/revoke",auth.revoke);
|
adminApp.post("/auth/revoke",auth.revoke);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -21,6 +21,7 @@ var sinon = require("sinon");
|
|||||||
var passport = require("passport");
|
var passport = require("passport");
|
||||||
|
|
||||||
var auth = require("../../../../red/api/auth");
|
var auth = require("../../../../red/api/auth");
|
||||||
|
var Users = require("../../../../red/api/auth/users");
|
||||||
var Tokens = require("../../../../red/api/auth/tokens");
|
var Tokens = require("../../../../red/api/auth/tokens");
|
||||||
|
|
||||||
var settings = require("../../../../red/settings");
|
var settings = require("../../../../red/settings");
|
||||||
@ -71,7 +72,16 @@ describe("api auth middleware",function() {
|
|||||||
});
|
});
|
||||||
|
|
||||||
describe("login", function() {
|
describe("login", function() {
|
||||||
it("returns login details", function(done) {
|
beforeEach(function() {
|
||||||
|
sinon.stub(Tokens,"init",function(){});
|
||||||
|
sinon.stub(Users,"init",function(){});
|
||||||
|
});
|
||||||
|
afterEach(function() {
|
||||||
|
Tokens.init.restore();
|
||||||
|
Users.init.restore();
|
||||||
|
});
|
||||||
|
it("returns login details - credentials", function(done) {
|
||||||
|
auth.init({adminAuth:{}},null);
|
||||||
auth.login(null,{json: function(resp) {
|
auth.login(null,{json: function(resp) {
|
||||||
resp.should.have.a.property("type","credentials");
|
resp.should.have.a.property("type","credentials");
|
||||||
resp.should.have.a.property("prompts");
|
resp.should.have.a.property("prompts");
|
||||||
@ -79,6 +89,13 @@ describe("api auth middleware",function() {
|
|||||||
done();
|
done();
|
||||||
}});
|
}});
|
||||||
});
|
});
|
||||||
|
it("returns login details - none", function(done) {
|
||||||
|
auth.init({},null);
|
||||||
|
auth.login(null,{json: function(resp) {
|
||||||
|
resp.should.eql({});
|
||||||
|
done();
|
||||||
|
}});
|
||||||
|
});
|
||||||
|
|
||||||
});
|
});
|
||||||
|
|
||||||
|
@ -51,11 +51,6 @@ describe("api index", function() {
|
|||||||
.get("/settings")
|
.get("/settings")
|
||||||
.expect(200,done)
|
.expect(200,done)
|
||||||
});
|
});
|
||||||
it('does not serve auth', function(done) {
|
|
||||||
request(app)
|
|
||||||
.get("/auth/login")
|
|
||||||
.expect(404,done)
|
|
||||||
});
|
|
||||||
});
|
});
|
||||||
|
|
||||||
describe("can serve auth", function() {
|
describe("can serve auth", function() {
|
||||||
|
Loading…
Reference in New Issue
Block a user