1
0
mirror of https://github.com/node-red/node-red.git synced 2023-10-10 13:36:53 +02:00

Authenticate websocket comms using user-provided token if present

Fixes #2642
This commit is contained in:
Nick O'Leary 2020-07-06 20:45:07 +01:00
parent 0243a902b2
commit 57154b2853
No known key found for this signature in database
GPG Key ID: 4F2157149161A6C9
2 changed files with 45 additions and 2 deletions

View File

@ -130,8 +130,16 @@ function CommsConnection(ws) {
} }
}); });
} else { } else {
log.audit({event: "comms.auth.fail"}); Users.tokens(msg.auth).then(function(user) {
completeConnection(null,null,false); if (user) {
self.user = user;
log.audit({event: "comms.auth",user:self.user});
completeConnection(user.permissions,msg.auth,true);
} else {
log.audit({event: "comms.auth.fail"});
completeConnection(null,null,false);
}
});
} }
}); });
} else { } else {

View File

@ -343,6 +343,7 @@ describe("api/editor/comms", function() {
var getDefaultUser; var getDefaultUser;
var getUser; var getUser;
var getToken; var getToken;
var getUserToken;
before(function(done) { before(function(done) {
getDefaultUser = sinon.stub(Users,"default",function() { return when.resolve(null);}); getDefaultUser = sinon.stub(Users,"default",function() { return when.resolve(null);});
getUser = sinon.stub(Users,"get", function(username) { getUser = sinon.stub(Users,"get", function(username) {
@ -352,6 +353,13 @@ describe("api/editor/comms", function() {
return when.resolve(null); return when.resolve(null);
} }
}); });
getUserToken = sinon.stub(Users,"tokens", function(token) {
if (token == "abcde") {
return when.resolve({user:"wilma", permissions:"*"})
} else {
return when.resolve(null);
}
});
getToken = sinon.stub(Tokens,"get",function(token) { getToken = sinon.stub(Tokens,"get",function(token) {
if (token == "1234") { if (token == "1234") {
return when.resolve({user:"fred",scope:["*"]}); return when.resolve({user:"fred",scope:["*"]});
@ -377,6 +385,7 @@ describe("api/editor/comms", function() {
getDefaultUser.restore(); getDefaultUser.restore();
getUser.restore(); getUser.restore();
getToken.restore(); getToken.restore();
getUserToken.restore();
comms.stop(); comms.stop();
server.stop(done); server.stop(done);
}); });
@ -420,7 +429,33 @@ describe("api/editor/comms", function() {
} }
}); });
}); });
it('allows connections that do authenticate - user-provided-token',function(done) {
var ws = new WebSocket(url);
var received = 0;
ws.on('open', function() {
ws.send('{"auth":"abcde"}');
});
ws.on('message', function(msg) {
received++;
if (received == 1) {
msg.should.equal('{"auth":"ok"}');
ws.send('{"subscribe":"foo"}');
connections[0].send('foo', 'correct');
} else {
msg.should.equal('[{"topic":"foo","data":"correct"}]');
ws.close();
}
});
ws.on('close', function() {
try {
received.should.equal(2);
done();
} catch(err) {
done(err);
}
});
});
it('rejects connections for non-existant token',function(done) { it('rejects connections for non-existant token',function(done) {
var ws = new WebSocket(url); var ws = new WebSocket(url);
var received = 0; var received = 0;