mirror of
https://github.com/node-red/node-red.git
synced 2023-10-10 13:36:53 +02:00
Authenticate websocket comms using user-provided token if present
Fixes #2642
This commit is contained in:
parent
0243a902b2
commit
57154b2853
@ -129,11 +129,19 @@ function CommsConnection(ws) {
|
||||
completeConnection(null,null,false);
|
||||
}
|
||||
});
|
||||
} else {
|
||||
Users.tokens(msg.auth).then(function(user) {
|
||||
if (user) {
|
||||
self.user = user;
|
||||
log.audit({event: "comms.auth",user:self.user});
|
||||
completeConnection(user.permissions,msg.auth,true);
|
||||
} else {
|
||||
log.audit({event: "comms.auth.fail"});
|
||||
completeConnection(null,null,false);
|
||||
}
|
||||
});
|
||||
}
|
||||
});
|
||||
} else {
|
||||
if (anonymousUser) {
|
||||
log.audit({event: "comms.auth",user:anonymousUser});
|
||||
|
@ -343,6 +343,7 @@ describe("api/editor/comms", function() {
|
||||
var getDefaultUser;
|
||||
var getUser;
|
||||
var getToken;
|
||||
var getUserToken;
|
||||
before(function(done) {
|
||||
getDefaultUser = sinon.stub(Users,"default",function() { return when.resolve(null);});
|
||||
getUser = sinon.stub(Users,"get", function(username) {
|
||||
@ -352,6 +353,13 @@ describe("api/editor/comms", function() {
|
||||
return when.resolve(null);
|
||||
}
|
||||
});
|
||||
getUserToken = sinon.stub(Users,"tokens", function(token) {
|
||||
if (token == "abcde") {
|
||||
return when.resolve({user:"wilma", permissions:"*"})
|
||||
} else {
|
||||
return when.resolve(null);
|
||||
}
|
||||
});
|
||||
getToken = sinon.stub(Tokens,"get",function(token) {
|
||||
if (token == "1234") {
|
||||
return when.resolve({user:"fred",scope:["*"]});
|
||||
@ -377,6 +385,7 @@ describe("api/editor/comms", function() {
|
||||
getDefaultUser.restore();
|
||||
getUser.restore();
|
||||
getToken.restore();
|
||||
getUserToken.restore();
|
||||
comms.stop();
|
||||
server.stop(done);
|
||||
});
|
||||
@ -420,7 +429,33 @@ describe("api/editor/comms", function() {
|
||||
}
|
||||
});
|
||||
});
|
||||
it('allows connections that do authenticate - user-provided-token',function(done) {
|
||||
var ws = new WebSocket(url);
|
||||
var received = 0;
|
||||
ws.on('open', function() {
|
||||
ws.send('{"auth":"abcde"}');
|
||||
});
|
||||
ws.on('message', function(msg) {
|
||||
received++;
|
||||
if (received == 1) {
|
||||
msg.should.equal('{"auth":"ok"}');
|
||||
ws.send('{"subscribe":"foo"}');
|
||||
connections[0].send('foo', 'correct');
|
||||
} else {
|
||||
msg.should.equal('[{"topic":"foo","data":"correct"}]');
|
||||
ws.close();
|
||||
}
|
||||
});
|
||||
|
||||
ws.on('close', function() {
|
||||
try {
|
||||
received.should.equal(2);
|
||||
done();
|
||||
} catch(err) {
|
||||
done(err);
|
||||
}
|
||||
});
|
||||
});
|
||||
it('rejects connections for non-existant token',function(done) {
|
||||
var ws = new WebSocket(url);
|
||||
var received = 0;
|
||||
|
Loading…
Reference in New Issue
Block a user