mirror of
https://github.com/node-red/node-red.git
synced 2023-10-10 13:36:53 +02:00
auth/login should return empty object when insecure
This commit is contained in:
parent
fcc6943f98
commit
2a57d0b6d0
@ -74,10 +74,13 @@ function getToken(req,res,next) {
|
||||
}
|
||||
|
||||
function login(req,res) {
|
||||
var response = {
|
||||
var response = {};
|
||||
if (settings.adminAuth) {
|
||||
response = {
|
||||
"type":"credentials",
|
||||
"prompts":[{id:"username",type:"text",label:"Username"},{id:"password",type:"password",label:"Password"}]
|
||||
}
|
||||
}
|
||||
res.json(response);
|
||||
}
|
||||
|
||||
|
@ -52,6 +52,8 @@ function init(adminApp,storage) {
|
||||
adminApp.use(express.json());
|
||||
adminApp.use(express.urlencoded());
|
||||
|
||||
adminApp.get("/auth/login",auth.login);
|
||||
|
||||
if (settings.adminAuth) {
|
||||
//TODO: all passport references ought to be in ./auth
|
||||
adminApp.use(passport.initialize());
|
||||
@ -61,7 +63,6 @@ function init(adminApp,storage) {
|
||||
auth.getToken,
|
||||
auth.errorHandler
|
||||
);
|
||||
adminApp.get("/auth/login",auth.login);
|
||||
adminApp.post("/auth/revoke",auth.revoke);
|
||||
}
|
||||
|
||||
|
@ -21,6 +21,7 @@ var sinon = require("sinon");
|
||||
var passport = require("passport");
|
||||
|
||||
var auth = require("../../../../red/api/auth");
|
||||
var Users = require("../../../../red/api/auth/users");
|
||||
var Tokens = require("../../../../red/api/auth/tokens");
|
||||
|
||||
var settings = require("../../../../red/settings");
|
||||
@ -71,7 +72,16 @@ describe("api auth middleware",function() {
|
||||
});
|
||||
|
||||
describe("login", function() {
|
||||
it("returns login details", function(done) {
|
||||
beforeEach(function() {
|
||||
sinon.stub(Tokens,"init",function(){});
|
||||
sinon.stub(Users,"init",function(){});
|
||||
});
|
||||
afterEach(function() {
|
||||
Tokens.init.restore();
|
||||
Users.init.restore();
|
||||
});
|
||||
it("returns login details - credentials", function(done) {
|
||||
auth.init({adminAuth:{}},null);
|
||||
auth.login(null,{json: function(resp) {
|
||||
resp.should.have.a.property("type","credentials");
|
||||
resp.should.have.a.property("prompts");
|
||||
@ -79,6 +89,13 @@ describe("api auth middleware",function() {
|
||||
done();
|
||||
}});
|
||||
});
|
||||
it("returns login details - none", function(done) {
|
||||
auth.init({},null);
|
||||
auth.login(null,{json: function(resp) {
|
||||
resp.should.eql({});
|
||||
done();
|
||||
}});
|
||||
});
|
||||
|
||||
});
|
||||
|
||||
|
@ -51,11 +51,6 @@ describe("api index", function() {
|
||||
.get("/settings")
|
||||
.expect(200,done)
|
||||
});
|
||||
it('does not serve auth', function(done) {
|
||||
request(app)
|
||||
.get("/auth/login")
|
||||
.expect(404,done)
|
||||
});
|
||||
});
|
||||
|
||||
describe("can serve auth", function() {
|
||||
|
Loading…
Reference in New Issue
Block a user