frodovdr/node-red
1
0
Fork 0
mirror of https://github.com/node-red/node-red.git synced 2025-03-01 10:36:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

Tie auth middleware to needsPermission api

Browse Source
This commit is contained in:
Nick O'Leary
2015-02-05 23:43:35 +00:00
parent 3ef6f29d6e
commit c31ffb98b0
11 changed files with 36 additions and 135 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
test/red/api/auth/index_spec.js
View File

@@ -27,59 +27,6 @@ var settings = require("../../../../red/settings");
describe("api auth middleware",function() {
describe("authenticate",function() {
it("does not trigger on auth paths", sinon.test(function(done) {
this.stub(passport,"authenticate",function() {
return function() {
settings.reset();
done(new Error("authentication not applied to auth path"));
}
});
settings.init({adminAuth:{}});
var req = {
originalUrl: "/auth/token"
};
auth.authenticate(req,null,function() {
settings.reset();
done();
});
}));
it("does trigger on non-auth paths", sinon.test(function(done) {
this.stub(passport,"authenticate",function() {
return function() {
settings.reset();
done();
}
});
settings.init({adminAuth:{}});
var req = {
originalUrl: "/"
};
auth.authenticate(req,null,function() {
settings.reset();
done(new Error("authentication applied to non-auth path"));
});
}));
it("does not trigger on non-auth paths with auth disabled", sinon.test(function(done) {
this.stub(passport,"authenticate",function() {
return function() {
settings.reset();
done(new Error("authentication applied when disabled"));
}
});
settings.init({});
var req = {
originalUrl: "/"
};
auth.authenticate(req,null,function() {
settings.reset();
done();
});
}));
});
describe("ensureClientSecret", function() {
it("leaves client_secret alone if not present",function(done) {

23
test/red/api/auth/permissions_spec.js
View File

@@ -35,27 +35,4 @@ describe("Auth permissions", function() {
permissions.hasPermission({permissions:"read"},"node.write").should.be.false;
});
});
describe("needsPermission middleware", function() {
it('passes if no user on request',function(done) {
var needsPermission = permissions.needsPermission("*");
needsPermission({},null,function() {
done();
});
});
it('passes if user has required permission',function(done) {
var needsPermission = permissions.needsPermission("read");
needsPermission({user:{permissions:"read"}},null,function() {
done();
});
});
it('rejects if user does not have required permission',function(done) {
var needsPermission = permissions.needsPermission("write");
needsPermission({user:{permissions:"read"}},{send: function(code) {
code.should.equal(401);
done();
}},null);
});
});
});

3
test/red/api/auth/users_spec.js
View File

@@ -27,7 +27,8 @@ describe("Users", function() {
type:"credentials",
users:[{
username:"fred",
password:"5f4dcc3b5aa765d61d8327deb882cf99", // 'password'
password:'$2a$08$LpYMefvGZ3MjAfZGzcoyR.1BcfHh4wy4NpbN.cEny5aHnWOqjKOXK',
// 'password' -> require('bcryptjs').hashSync('password', 8);
permissions:"*"
}]
});

2
test/red/api/library_spec.js
View File

@@ -24,6 +24,7 @@ var app = express();
var RED = require("../../../red/red.js");
var storage = require("../../../red/storage");
var library = require("../../../red/api/library");
var auth = require("../../../red/api/auth");
describe("library api", function() {
@@ -166,6 +167,7 @@ describe("library api", function() {
app = express();
app.use(express.json());
library.init(app);
auth.init({});
RED.library.register("test");
});