1
0
mirror of https://github.com/node-red/node-red.git synced 2023-10-10 13:36:53 +02:00

auth/login should return empty object when insecure

This commit is contained in:
Nick O'Leary 2015-03-25 20:32:40 +00:00
parent fcc6943f98
commit 2a57d0b6d0
4 changed files with 26 additions and 10 deletions

View File

@ -74,9 +74,12 @@ function getToken(req,res,next) {
}
function login(req,res) {
var response = {
"type":"credentials",
"prompts":[{id:"username",type:"text",label:"Username"},{id:"password",type:"password",label:"Password"}]
var response = {};
if (settings.adminAuth) {
response = {
"type":"credentials",
"prompts":[{id:"username",type:"text",label:"Username"},{id:"password",type:"password",label:"Password"}]
}
}
res.json(response);
}

View File

@ -52,6 +52,8 @@ function init(adminApp,storage) {
adminApp.use(express.json());
adminApp.use(express.urlencoded());
adminApp.get("/auth/login",auth.login);
if (settings.adminAuth) {
//TODO: all passport references ought to be in ./auth
adminApp.use(passport.initialize());
@ -61,7 +63,6 @@ function init(adminApp,storage) {
auth.getToken,
auth.errorHandler
);
adminApp.get("/auth/login",auth.login);
adminApp.post("/auth/revoke",auth.revoke);
}

View File

@ -21,6 +21,7 @@ var sinon = require("sinon");
var passport = require("passport");
var auth = require("../../../../red/api/auth");
var Users = require("../../../../red/api/auth/users");
var Tokens = require("../../../../red/api/auth/tokens");
var settings = require("../../../../red/settings");
@ -71,7 +72,16 @@ describe("api auth middleware",function() {
});
describe("login", function() {
it("returns login details", function(done) {
beforeEach(function() {
sinon.stub(Tokens,"init",function(){});
sinon.stub(Users,"init",function(){});
});
afterEach(function() {
Tokens.init.restore();
Users.init.restore();
});
it("returns login details - credentials", function(done) {
auth.init({adminAuth:{}},null);
auth.login(null,{json: function(resp) {
resp.should.have.a.property("type","credentials");
resp.should.have.a.property("prompts");
@ -79,6 +89,13 @@ describe("api auth middleware",function() {
done();
}});
});
it("returns login details - none", function(done) {
auth.init({},null);
auth.login(null,{json: function(resp) {
resp.should.eql({});
done();
}});
});
});

View File

@ -51,11 +51,6 @@ describe("api index", function() {
.get("/settings")
.expect(200,done)
});
it('does not serve auth', function(done) {
request(app)
.get("/auth/login")
.expect(404,done)
});
});
describe("can serve auth", function() {