mirror of
https://github.com/node-red/node-red.git
synced 2023-10-10 13:36:53 +02:00
Authenticate websocket comms using user-provided token if present
Fixes #2642
This commit is contained in:
parent
0243a902b2
commit
57154b2853
@ -129,11 +129,19 @@ function CommsConnection(ws) {
|
|||||||
completeConnection(null,null,false);
|
completeConnection(null,null,false);
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
} else {
|
||||||
|
Users.tokens(msg.auth).then(function(user) {
|
||||||
|
if (user) {
|
||||||
|
self.user = user;
|
||||||
|
log.audit({event: "comms.auth",user:self.user});
|
||||||
|
completeConnection(user.permissions,msg.auth,true);
|
||||||
} else {
|
} else {
|
||||||
log.audit({event: "comms.auth.fail"});
|
log.audit({event: "comms.auth.fail"});
|
||||||
completeConnection(null,null,false);
|
completeConnection(null,null,false);
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
}
|
||||||
|
});
|
||||||
} else {
|
} else {
|
||||||
if (anonymousUser) {
|
if (anonymousUser) {
|
||||||
log.audit({event: "comms.auth",user:anonymousUser});
|
log.audit({event: "comms.auth",user:anonymousUser});
|
||||||
|
@ -343,6 +343,7 @@ describe("api/editor/comms", function() {
|
|||||||
var getDefaultUser;
|
var getDefaultUser;
|
||||||
var getUser;
|
var getUser;
|
||||||
var getToken;
|
var getToken;
|
||||||
|
var getUserToken;
|
||||||
before(function(done) {
|
before(function(done) {
|
||||||
getDefaultUser = sinon.stub(Users,"default",function() { return when.resolve(null);});
|
getDefaultUser = sinon.stub(Users,"default",function() { return when.resolve(null);});
|
||||||
getUser = sinon.stub(Users,"get", function(username) {
|
getUser = sinon.stub(Users,"get", function(username) {
|
||||||
@ -352,6 +353,13 @@ describe("api/editor/comms", function() {
|
|||||||
return when.resolve(null);
|
return when.resolve(null);
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
getUserToken = sinon.stub(Users,"tokens", function(token) {
|
||||||
|
if (token == "abcde") {
|
||||||
|
return when.resolve({user:"wilma", permissions:"*"})
|
||||||
|
} else {
|
||||||
|
return when.resolve(null);
|
||||||
|
}
|
||||||
|
});
|
||||||
getToken = sinon.stub(Tokens,"get",function(token) {
|
getToken = sinon.stub(Tokens,"get",function(token) {
|
||||||
if (token == "1234") {
|
if (token == "1234") {
|
||||||
return when.resolve({user:"fred",scope:["*"]});
|
return when.resolve({user:"fred",scope:["*"]});
|
||||||
@ -377,6 +385,7 @@ describe("api/editor/comms", function() {
|
|||||||
getDefaultUser.restore();
|
getDefaultUser.restore();
|
||||||
getUser.restore();
|
getUser.restore();
|
||||||
getToken.restore();
|
getToken.restore();
|
||||||
|
getUserToken.restore();
|
||||||
comms.stop();
|
comms.stop();
|
||||||
server.stop(done);
|
server.stop(done);
|
||||||
});
|
});
|
||||||
@ -420,7 +429,33 @@ describe("api/editor/comms", function() {
|
|||||||
}
|
}
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
it('allows connections that do authenticate - user-provided-token',function(done) {
|
||||||
|
var ws = new WebSocket(url);
|
||||||
|
var received = 0;
|
||||||
|
ws.on('open', function() {
|
||||||
|
ws.send('{"auth":"abcde"}');
|
||||||
|
});
|
||||||
|
ws.on('message', function(msg) {
|
||||||
|
received++;
|
||||||
|
if (received == 1) {
|
||||||
|
msg.should.equal('{"auth":"ok"}');
|
||||||
|
ws.send('{"subscribe":"foo"}');
|
||||||
|
connections[0].send('foo', 'correct');
|
||||||
|
} else {
|
||||||
|
msg.should.equal('[{"topic":"foo","data":"correct"}]');
|
||||||
|
ws.close();
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
|
ws.on('close', function() {
|
||||||
|
try {
|
||||||
|
received.should.equal(2);
|
||||||
|
done();
|
||||||
|
} catch(err) {
|
||||||
|
done(err);
|
||||||
|
}
|
||||||
|
});
|
||||||
|
});
|
||||||
it('rejects connections for non-existant token',function(done) {
|
it('rejects connections for non-existant token',function(done) {
|
||||||
var ws = new WebSocket(url);
|
var ws = new WebSocket(url);
|
||||||
var received = 0;
|
var received = 0;
|
||||||
|
Loading…
Reference in New Issue
Block a user