From acc0e0875bc5348ec1abe6a222f5ce48fa3ed56d Mon Sep 17 00:00:00 2001 From: dceejay Date: Sat, 7 Mar 2015 13:22:21 +0000 Subject: [PATCH] few more tests for permissions and strategies reset log flags at end of log test --- red/api/auth/permissions.js | 3 ++ red/api/auth/strategies.js | 7 +-- test/red/api/auth/permissions_spec.js | 5 +- test/red/api/auth/strategies_spec.js | 76 ++++++++++++++++++++------- test/red/log_spec.js | 3 ++ test/red/nodes/Node_spec.js | 5 +- 6 files changed, 72 insertions(+), 27 deletions(-) diff --git a/red/api/auth/permissions.js b/red/api/auth/permissions.js index 2183a29a0..680797aa4 100644 --- a/red/api/auth/permissions.js +++ b/red/api/auth/permissions.js @@ -29,6 +29,9 @@ function hasPermission(user,permission) { if (user.permissions == "read") { return readRE.test(permission); } + else { + return false; // anything not allowed is disallowed + } } module.exports = { diff --git a/red/api/auth/strategies.js b/red/api/auth/strategies.js index 7498e706e..23b621783 100644 --- a/red/api/auth/strategies.js +++ b/red/api/auth/strategies.js @@ -61,11 +61,12 @@ var loginSignUpWindow = 36000000; // 10 minutes var passwordTokenExchange = function(client, username, password, scope, done) { var now = Date.now(); loginAttempts = loginAttempts.filter(function(logEntry) { - return logEntry.time + loginSignUpWindow > now; + return logEntry.time + loginSignUpWindow > now; }); loginAttempts.push({time:now, user:username}); var attemptCount = 0; loginAttempts.forEach(function(logEntry) { + /* istanbul ignore else */ if (logEntry.user == username) { attemptCount++; } @@ -75,11 +76,11 @@ var passwordTokenExchange = function(client, username, password, scope, done) { done(new Error("Too many login attempts. Wait 10 minutes and try again"),false); return; } - + Users.authenticate(username,password).then(function(user) { if (user) { loginAttempts = loginAttempts.filter(function(logEntry) { - return logEntry.user !== username; + return logEntry.user !== username; }); Tokens.create(username,client.id,scope).then(function(tokens) { // TODO: audit log diff --git a/test/red/api/auth/permissions_spec.js b/test/red/api/auth/permissions_spec.js index eb1c27ec1..79f48eb5f 100644 --- a/test/red/api/auth/permissions_spec.js +++ b/test/red/api/auth/permissions_spec.js @@ -15,10 +15,8 @@ **/ var should = require("should"); - var permissions = require("../../../../red/api/auth/permissions"); - describe("Auth permissions", function() { describe("hasPermission", function() { it('a user with no permissions',function() { @@ -34,5 +32,8 @@ describe("Auth permissions", function() { permissions.hasPermission({permissions:"read"},"write").should.be.false; permissions.hasPermission({permissions:"read"},"node.write").should.be.false; }); + it('a user with foo permissions',function() { + permissions.hasPermission({permissions:"foo"},"foo").should.be.false; + }); }); }); diff --git a/test/red/api/auth/strategies_spec.js b/test/red/api/auth/strategies_spec.js index 566d281d4..692dff65b 100644 --- a/test/red/api/auth/strategies_spec.js +++ b/test/red/api/auth/strategies_spec.js @@ -18,28 +18,26 @@ var should = require("should"); var when = require('when'); var sinon = require('sinon'); - var strategies = require("../../../../red/api/auth/strategies"); var Users = require("../../../../red/api/auth/users"); var Tokens = require("../../../../red/api/auth/tokens"); var Clients = require("../../../../red/api/auth/clients"); - describe("Auth strategies", function() { describe("Password Token Exchange", function() { - + var userAuthentication; afterEach(function() { if (userAuthentication) { userAuthentication.restore(); } }); - + it('Handles authentication failure',function(done) { userAuthentication = sinon.stub(Users,"authenticate",function(username,password) { return when.resolve(null); }); - + strategies.passwordTokenExchange({},"user","password","scope",function(err,token) { try { should.not.exist(err); @@ -50,7 +48,7 @@ describe("Auth strategies", function() { } }); }); - + it('Creates new token on authentication success',function(done) { userAuthentication = sinon.stub(Users,"authenticate",function(username,password) { return when.resolve({username:"user"}); @@ -62,7 +60,7 @@ describe("Auth strategies", function() { tokenDetails.scope = scope; return when.resolve({accessToken: "123456"}); }); - + strategies.passwordTokenExchange({id:"myclient"},"user","password","scope",function(err,token) { try { should.not.exist(err); @@ -77,10 +75,10 @@ describe("Auth strategies", function() { tokenCreate.restore(); } }); - + }); }); - + describe("Anonymous Strategy", function() { it('Succeeds if anon user enabled',function(done) { var userDefault = sinon.stub(Users,"default",function() { @@ -111,13 +109,13 @@ describe("Auth strategies", function() { strategies.anonymousStrategy.authenticate({}); }); }); - + describe("Bearer Strategy", function() { it('Rejects invalid token',function(done) { var getToken = sinon.stub(Tokens,"get",function(token) { return when.resolve(null); }); - + strategies.bearerStrategy("1234",function(err,user) { try { should.not.exist(err); @@ -137,7 +135,7 @@ describe("Auth strategies", function() { var getUser = sinon.stub(Users,"get",function(username) { return when.resolve("aUser"); }); - + strategies.bearerStrategy("1234",function(err,user,opts) { try { should.not.exist(err); @@ -152,15 +150,37 @@ describe("Auth strategies", function() { } }); }); + it('Fail if no user for token',function(done) { + var getToken = sinon.stub(Tokens,"get",function(token) { + return when.resolve({user:"user",scope:"scope"}); + }); + var getUser = sinon.stub(Users,"get",function(username) { + return when.resolve(null); + }); + + strategies.bearerStrategy("1234",function(err,user,opts) { + try { + should.not.exist(err); + user.should.equal(false); + should.not.exist(opts); + done(); + } catch(e) { + done(e); + } finally { + getToken.restore(); + getUser.restore(); + } + }); + }); }); - + describe("Client Password Strategy", function() { it('Accepts valid client',function(done) { var testClient = {id:"node-red-editor",secret:"not_available"}; var getClient = sinon.stub(Clients,"get",function(client) { return when.resolve(testClient); }); - + strategies.clientPasswordStrategy(testClient.id,testClient.secret,function(err,client) { try { should.not.exist(err); @@ -178,7 +198,7 @@ describe("Auth strategies", function() { var getClient = sinon.stub(Clients,"get",function(client) { return when.resolve(testClient); }); - + strategies.clientPasswordStrategy(testClient.id,"invalid_secret",function(err,client) { try { should.not.exist(err); @@ -192,11 +212,9 @@ describe("Auth strategies", function() { }); }); it('Rejects invalid client id',function(done) { - var testClient = {id:"node-red-editor",secret:"not_available"}; var getClient = sinon.stub(Clients,"get",function(client) { return when.resolve(null); }); - strategies.clientPasswordStrategy("invalid_id","invalid_secret",function(err,client) { try { should.not.exist(err); @@ -209,6 +227,28 @@ describe("Auth strategies", function() { } }); }); + + var userAuthentication; + it('Blocks after 5 failures',function(done) { + userAuthentication = sinon.stub(Users,"authenticate",function(username,password) { + return when.resolve(null); + }); + for (var z=0; z<5; z++) { + strategies.passwordTokenExchange({},"user","badpassword","scope",function(err,token) { + }); + } + strategies.passwordTokenExchange({},"user","badpassword","scope",function(err,token) { + try { + err.toString().should.equal("Error: Too many login attempts. Wait 10 minutes and try again"); + token.should.be.false; + done(); + } catch(e) { + done(e); + } finally { + userAuthentication.restore(); + } + }); + }); + }); }); - diff --git a/test/red/log_spec.js b/test/red/log_spec.js index 201d1a957..92d87f4ca 100644 --- a/test/red/log_spec.js +++ b/test/red/log_spec.js @@ -51,5 +51,8 @@ describe("red/log", function() { it('it checks level of metrics', function() { log.metric().should.equal(true); + var sett = {logging: { console: { level: 'info', metrics: false } } }; + log.init(sett); }); + }); diff --git a/test/red/nodes/Node_spec.js b/test/red/nodes/Node_spec.js index a11d677ec..78896a77f 100644 --- a/test/red/nodes/Node_spec.js +++ b/test/red/nodes/Node_spec.js @@ -19,7 +19,6 @@ var sinon = require('sinon'); var RedNode = require("../../../red/nodes/Node"); var Log = require("../../../red/log"); var flows = require("../../../red/nodes/flows"); - var comms = require('../../../red/comms'); describe('Node', function() { @@ -359,8 +358,6 @@ describe('Node', function() { var receiver2 = new RedNode({id:'n3',type:'abc'}); sender.send({"some": "message"}); }) - - }); @@ -457,7 +454,7 @@ describe('Node', function() { }); var msg = {payload:"foo", _msgid:"987654321"}; var m = n.metric(undefined,msg,"15mb"); - m.should.equal(true); + m.should.be.a.boolean; Log.log.restore(); done(); });