frodovdr
/
node-red
mirror of https://github.com/node-red/node-red.git
1
0
Fork 0
Code Issues Releases Wiki Activity

few more tests for permissions and strategies 

reset log flags at end of log test
This commit is contained in:
dceejay 2015-03-07 13:22:21 +00:00
parent 69f85bd688
commit acc0e0875b
6 changed files with 72 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
red/api/auth/permissions.js
View File

@ -29,6 +29,9 @@ function hasPermission(user,permission) {
if (user.permissions == "read") { if (user.permissions == "read") {
return readRE.test(permission); return readRE.test(permission);
} }
else {
return false; // anything not allowed is disallowed
}
} }
module.exports = { module.exports = {

7
red/api/auth/strategies.js
View File

@ -61,11 +61,12 @@ var loginSignUpWindow = 36000000; // 10 minutes
var passwordTokenExchange = function(client, username, password, scope, done) { var passwordTokenExchange = function(client, username, password, scope, done) {
var now = Date.now(); var now = Date.now();
loginAttempts = loginAttempts.filter(function(logEntry) { loginAttempts = loginAttempts.filter(function(logEntry) {
return logEntry.time + loginSignUpWindow > now; return logEntry.time + loginSignUpWindow > now;
}); });
loginAttempts.push({time:now, user:username}); loginAttempts.push({time:now, user:username});
var attemptCount = 0; var attemptCount = 0;
loginAttempts.forEach(function(logEntry) { loginAttempts.forEach(function(logEntry) {
/* istanbul ignore else */
if (logEntry.user == username) { if (logEntry.user == username) {
attemptCount++; attemptCount++;
} }
@ -75,11 +76,11 @@ var passwordTokenExchange = function(client, username, password, scope, done) {
done(new Error("Too many login attempts. Wait 10 minutes and try again"),false); done(new Error("Too many login attempts. Wait 10 minutes and try again"),false);
return; return;
} }
Users.authenticate(username,password).then(function(user) { Users.authenticate(username,password).then(function(user) {
if (user) { if (user) {
loginAttempts = loginAttempts.filter(function(logEntry) { loginAttempts = loginAttempts.filter(function(logEntry) {
return logEntry.user !== username; return logEntry.user !== username;
}); });
Tokens.create(username,client.id,scope).then(function(tokens) { Tokens.create(username,client.id,scope).then(function(tokens) {
// TODO: audit log // TODO: audit log

5
test/red/api/auth/permissions_spec.js
View File

@ -15,10 +15,8 @@
**/ **/
var should = require("should"); var should = require("should");
var permissions = require("../../../../red/api/auth/permissions"); var permissions = require("../../../../red/api/auth/permissions");
describe("Auth permissions", function() { describe("Auth permissions", function() {
describe("hasPermission", function() { describe("hasPermission", function() {
it('a user with no permissions',function() { it('a user with no permissions',function() {
@ -34,5 +32,8 @@ describe("Auth permissions", function() {
permissions.hasPermission({permissions:"read"},"write").should.be.false; permissions.hasPermission({permissions:"read"},"write").should.be.false;
permissions.hasPermission({permissions:"read"},"node.write").should.be.false; permissions.hasPermission({permissions:"read"},"node.write").should.be.false;
}); });
it('a user with foo permissions',function() {
permissions.hasPermission({permissions:"foo"},"foo").should.be.false;
});
}); });
}); });

76
test/red/api/auth/strategies_spec.js
View File

@ -18,28 +18,26 @@ var should = require("should");
var when = require('when'); var when = require('when');
var sinon = require('sinon'); var sinon = require('sinon');
var strategies = require("../../../../red/api/auth/strategies"); var strategies = require("../../../../red/api/auth/strategies");
var Users = require("../../../../red/api/auth/users"); var Users = require("../../../../red/api/auth/users");
var Tokens = require("../../../../red/api/auth/tokens"); var Tokens = require("../../../../red/api/auth/tokens");
var Clients = require("../../../../red/api/auth/clients"); var Clients = require("../../../../red/api/auth/clients");
describe("Auth strategies", function() { describe("Auth strategies", function() {
describe("Password Token Exchange", function() { describe("Password Token Exchange", function() {
var userAuthentication; var userAuthentication;
afterEach(function() { afterEach(function() {
if (userAuthentication) { if (userAuthentication) {
userAuthentication.restore(); userAuthentication.restore();
} }
}); });
it('Handles authentication failure',function(done) { it('Handles authentication failure',function(done) {
userAuthentication = sinon.stub(Users,"authenticate",function(username,password) { userAuthentication = sinon.stub(Users,"authenticate",function(username,password) {
return when.resolve(null); return when.resolve(null);
}); });
strategies.passwordTokenExchange({},"user","password","scope",function(err,token) { strategies.passwordTokenExchange({},"user","password","scope",function(err,token) {
try { try {
should.not.exist(err); should.not.exist(err);
@ -50,7 +48,7 @@ describe("Auth strategies", function() {
} }
}); });
}); });
it('Creates new token on authentication success',function(done) { it('Creates new token on authentication success',function(done) {
userAuthentication = sinon.stub(Users,"authenticate",function(username,password) { userAuthentication = sinon.stub(Users,"authenticate",function(username,password) {
return when.resolve({username:"user"}); return when.resolve({username:"user"});
@ -62,7 +60,7 @@ describe("Auth strategies", function() {
tokenDetails.scope = scope; tokenDetails.scope = scope;
return when.resolve({accessToken: "123456"}); return when.resolve({accessToken: "123456"});
}); });
strategies.passwordTokenExchange({id:"myclient"},"user","password","scope",function(err,token) { strategies.passwordTokenExchange({id:"myclient"},"user","password","scope",function(err,token) {
try { try {
should.not.exist(err); should.not.exist(err);
@ -77,10 +75,10 @@ describe("Auth strategies", function() {
tokenCreate.restore(); tokenCreate.restore();
} }
}); });
}); });
}); });
describe("Anonymous Strategy", function() { describe("Anonymous Strategy", function() {
it('Succeeds if anon user enabled',function(done) { it('Succeeds if anon user enabled',function(done) {
var userDefault = sinon.stub(Users,"default",function() { var userDefault = sinon.stub(Users,"default",function() {
@ -111,13 +109,13 @@ describe("Auth strategies", function() {
strategies.anonymousStrategy.authenticate({}); strategies.anonymousStrategy.authenticate({});
}); });
}); });
describe("Bearer Strategy", function() { describe("Bearer Strategy", function() {
it('Rejects invalid token',function(done) { it('Rejects invalid token',function(done) {
var getToken = sinon.stub(Tokens,"get",function(token) { var getToken = sinon.stub(Tokens,"get",function(token) {
return when.resolve(null); return when.resolve(null);
}); });
strategies.bearerStrategy("1234",function(err,user) { strategies.bearerStrategy("1234",function(err,user) {
try { try {
should.not.exist(err); should.not.exist(err);
@ -137,7 +135,7 @@ describe("Auth strategies", function() {
var getUser = sinon.stub(Users,"get",function(username) { var getUser = sinon.stub(Users,"get",function(username) {
return when.resolve("aUser"); return when.resolve("aUser");
}); });
strategies.bearerStrategy("1234",function(err,user,opts) { strategies.bearerStrategy("1234",function(err,user,opts) {
try { try {
should.not.exist(err); should.not.exist(err);
@ -152,15 +150,37 @@ describe("Auth strategies", function() {
} }
}); });
}); });
it('Fail if no user for token',function(done) {
var getToken = sinon.stub(Tokens,"get",function(token) {
return when.resolve({user:"user",scope:"scope"});
});
var getUser = sinon.stub(Users,"get",function(username) {
return when.resolve(null);
});
strategies.bearerStrategy("1234",function(err,user,opts) {
try {
should.not.exist(err);
user.should.equal(false);
should.not.exist(opts);
done();
} catch(e) {
done(e);
} finally {
getToken.restore();
getUser.restore();
}
});
});
}); });
describe("Client Password Strategy", function() { describe("Client Password Strategy", function() {
it('Accepts valid client',function(done) { it('Accepts valid client',function(done) {
var testClient = {id:"node-red-editor",secret:"not_available"}; var testClient = {id:"node-red-editor",secret:"not_available"};
var getClient = sinon.stub(Clients,"get",function(client) { var getClient = sinon.stub(Clients,"get",function(client) {
return when.resolve(testClient); return when.resolve(testClient);
}); });
strategies.clientPasswordStrategy(testClient.id,testClient.secret,function(err,client) { strategies.clientPasswordStrategy(testClient.id,testClient.secret,function(err,client) {
try { try {
should.not.exist(err); should.not.exist(err);
@ -178,7 +198,7 @@ describe("Auth strategies", function() {
var getClient = sinon.stub(Clients,"get",function(client) { var getClient = sinon.stub(Clients,"get",function(client) {
return when.resolve(testClient); return when.resolve(testClient);
}); });
strategies.clientPasswordStrategy(testClient.id,"invalid_secret",function(err,client) { strategies.clientPasswordStrategy(testClient.id,"invalid_secret",function(err,client) {
try { try {
should.not.exist(err); should.not.exist(err);
@ -192,11 +212,9 @@ describe("Auth strategies", function() {
}); });
}); });
it('Rejects invalid client id',function(done) { it('Rejects invalid client id',function(done) {
var testClient = {id:"node-red-editor",secret:"not_available"};
var getClient = sinon.stub(Clients,"get",function(client) { var getClient = sinon.stub(Clients,"get",function(client) {
return when.resolve(null); return when.resolve(null);
}); });
strategies.clientPasswordStrategy("invalid_id","invalid_secret",function(err,client) { strategies.clientPasswordStrategy("invalid_id","invalid_secret",function(err,client) {
try { try {
should.not.exist(err); should.not.exist(err);
@ -209,6 +227,28 @@ describe("Auth strategies", function() {
} }
}); });
}); });
var userAuthentication;
it('Blocks after 5 failures',function(done) {
userAuthentication = sinon.stub(Users,"authenticate",function(username,password) {
return when.resolve(null);
});
for (var z=0; z<5; z++) {
strategies.passwordTokenExchange({},"user","badpassword","scope",function(err,token) {
});
}
strategies.passwordTokenExchange({},"user","badpassword","scope",function(err,token) {
try {
err.toString().should.equal("Error: Too many login attempts. Wait 10 minutes and try again");
token.should.be.false;
done();
} catch(e) {
done(e);
} finally {
userAuthentication.restore();
}
});
});
}); });
}); });

3
test/red/log_spec.js
View File

@ -51,5 +51,8 @@ describe("red/log", function() {
it('it checks level of metrics', function() { it('it checks level of metrics', function() {
log.metric().should.equal(true); log.metric().should.equal(true);
var sett = {logging: { console: { level: 'info', metrics: false } } };
log.init(sett);
}); });
}); });

5
test/red/nodes/Node_spec.js
View File

@ -19,7 +19,6 @@ var sinon = require('sinon');
var RedNode = require("../../../red/nodes/Node"); var RedNode = require("../../../red/nodes/Node");
var Log = require("../../../red/log"); var Log = require("../../../red/log");
var flows = require("../../../red/nodes/flows"); var flows = require("../../../red/nodes/flows");
var comms = require('../../../red/comms'); var comms = require('../../../red/comms');
describe('Node', function() { describe('Node', function() {
@ -359,8 +358,6 @@ describe('Node', function() {
var receiver2 = new RedNode({id:'n3',type:'abc'}); var receiver2 = new RedNode({id:'n3',type:'abc'});
sender.send({"some": "message"}); sender.send({"some": "message"});
}) })
}); });
@ -457,7 +454,7 @@ describe('Node', function() {
}); });
var msg = {payload:"foo", _msgid:"987654321"}; var msg = {payload:"foo", _msgid:"987654321"};
var m = n.metric(undefined,msg,"15mb"); var m = n.metric(undefined,msg,"15mb");
m.should.equal(true); m.should.be.a.boolean;
Log.log.restore(); Log.log.restore();
done(); done();
}); });