Fix auth on comms link and for anon user

The move to honour scope level of token broke the comms link checking as well as the permissions checking for anon users.
2025-03-01 10:36:34 +00:00 · 2015-03-29 22:27:07 +01:00
parent c8d6dc2531
commit f967a5ecdc
7 changed files with 49 additions and 15 deletions
--- a/test/red/api/auth/permissions_spec.js
+++ b/test/red/api/auth/permissions_spec.js
@@ -38,6 +38,7 @@ describe("Auth permissions", function() {
        it('an array of permissions', function() {
            permissions.hasPermission(["*"],["foo.read","foo.write"]).should.be.true;
            permissions.hasPermission("read",["foo.read","foo.write"]).should.be.false;
+            permissions.hasPermission("read",["foo.read","bar.read"]).should.be.true;
        });
    });
 });
--- a/test/red/api/auth/strategies_spec.js
+++ b/test/red/api/auth/strategies_spec.js
@@ -30,6 +30,7 @@ describe("Auth strategies", function() {
        afterEach(function() {
            if (userAuthentication) {
                userAuthentication.restore();
+                userAuthentication = null;
            }
        });

@@ -48,10 +49,26 @@ describe("Auth strategies", function() {
                }
            });
        });
+        
+        it('Handles scope overreach',function(done) {
+            userAuthentication = sinon.stub(Users,"authenticate",function(username,password) {
+                return when.resolve({username:"user",permissions:"read"});
+            });
+
+            strategies.passwordTokenExchange({},"user","password","*",function(err,token) {
+                try {
+                    should.not.exist(err);
+                    token.should.be.false;
+                    done();
+                } catch(e) {
+                    done(e);
+                }
+            });
+        });

        it('Creates new token on authentication success',function(done) {
            userAuthentication = sinon.stub(Users,"authenticate",function(username,password) {
-                return when.resolve({username:"user"});
+                return when.resolve({username:"user",permissions:"*"});
            });
            var tokenDetails = {};
            var tokenCreate = sinon.stub(Tokens,"create",function(username,client,scope) {
@@ -61,13 +78,13 @@ describe("Auth strategies", function() {
                return when.resolve({accessToken: "123456"});
            });

-            strategies.passwordTokenExchange({id:"myclient"},"user","password","scope",function(err,token) {
+            strategies.passwordTokenExchange({id:"myclient"},"user","password","read",function(err,token) {
                try {
                    should.not.exist(err);
                    token.should.equal("123456");
                    tokenDetails.should.have.property("username","user");
                    tokenDetails.should.have.property("client","myclient");
-                    tokenDetails.should.have.property("scope","scope");
+                    tokenDetails.should.have.property("scope","read");
                    done();
                } catch(e) {
                    done(e);