added authorization
This commit is contained in:
VLE2FE
@@ -26,14 +26,16 @@ describe('/', () => {
|
||||
supertest(server)
|
||||
.get('/')
|
||||
.expect('Content-type', /json/)
|
||||
.expect(200, (err, res) => {
|
||||
.expect(200)
|
||||
.end((err, res) => {
|
||||
if (err) done (err);
|
||||
should(res.body).be.eql({status: 'API server up and running!'});
|
||||
done();
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
describe('Testing unknown routes', () => {
|
||||
describe('Unknown routes', () => {
|
||||
let server;
|
||||
|
||||
before(done => {
|
||||
@@ -50,10 +52,94 @@ describe('Testing unknown routes', () => {
|
||||
afterEach(done => {
|
||||
server.close(done);
|
||||
});
|
||||
it('returns a 404 message', done => {
|
||||
it('return a 404 message', done => {
|
||||
supertest(server)
|
||||
.get('/unknownroute')
|
||||
.expect(404);
|
||||
done();
|
||||
.expect(404)
|
||||
.end((err, res) => {
|
||||
if (err) done (err);
|
||||
should(res.body).be.eql({status: 'Not found'});
|
||||
done();
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
describe('An unauthorized request', () => {
|
||||
let server;
|
||||
|
||||
before(done => {
|
||||
db.connect('test', done);
|
||||
});
|
||||
beforeEach(done => {
|
||||
delete require.cache[require.resolve('../index')]; // prevent loading from cache
|
||||
server = require('../index');
|
||||
db.drop(err => { // reset database
|
||||
if (err) return done(err);
|
||||
db.loadJson(require('../test/db.json'), done);
|
||||
});
|
||||
});
|
||||
afterEach(done => {
|
||||
server.close(done);
|
||||
});
|
||||
it('returns a 401 message', done => {
|
||||
supertest(server)
|
||||
.get('/authorized')
|
||||
.expect(401)
|
||||
.end((err, res) => {
|
||||
if (err) done (err);
|
||||
should(res.body).be.eql({status: 'Unauthorized'});
|
||||
done();
|
||||
});
|
||||
});
|
||||
it('does not work with correct username', done => {
|
||||
supertest(server)
|
||||
.get('/authorized')
|
||||
.auth('admin', 'Abc123!!')
|
||||
.expect(401)
|
||||
.end((err, res) => {
|
||||
if (err) done (err);
|
||||
should(res.body).be.eql({status: 'Unauthorized'});
|
||||
done();
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
describe('An authorized request', () => {
|
||||
let server;
|
||||
|
||||
before(done => {
|
||||
db.connect('test', done);
|
||||
});
|
||||
beforeEach(done => {
|
||||
delete require.cache[require.resolve('../index')]; // prevent loading from cache
|
||||
server = require('../index');
|
||||
db.drop(err => { // reset database
|
||||
if (err) return done(err);
|
||||
db.loadJson(require('../test/db.json'), done);
|
||||
});
|
||||
});
|
||||
afterEach(done => {
|
||||
server.close(done);
|
||||
});
|
||||
it('works with an API key', done => {
|
||||
supertest(server)
|
||||
.get('/authorized?key=5ea131671feb9c2ee0aafc9a')
|
||||
.expect(200)
|
||||
.end((err, res) => {
|
||||
if (err) done (err);
|
||||
should(res.body).be.eql({status: 'Authorization successful', method: 'key'});
|
||||
done();
|
||||
});
|
||||
});
|
||||
it('works with basic auth', done => {
|
||||
supertest(server)
|
||||
.get('/authorized')
|
||||
.auth('admin', 'Abc123!#')
|
||||
.expect(200)
|
||||
.end((err, res) => {
|
||||
if (err) done (err);
|
||||
should(res.body).be.eql({status: 'Authorization successful', method: 'basic'});
|
||||
done();
|
||||
});
|
||||
});
|
||||
});
|
||||
@@ -1,4 +1,5 @@
|
||||
import express from 'express';
|
||||
import globals from '../globals';
|
||||
|
||||
const router = express.Router();
|
||||
|
||||
@@ -6,4 +7,9 @@ router.get('/', (req, res) => {
|
||||
res.json({status: 'API server up and running!'});
|
||||
});
|
||||
|
||||
router.get('/authorized', (req, res) => {
|
||||
if (!req.auth(res, globals.levels)) return;
|
||||
res.json({status: 'Authorization successful', method: req.authDetails.method});
|
||||
});
|
||||
|
||||
module.exports = router;
|
||||
|
||||
@@ -26,10 +26,12 @@ describe('/user/new', () => {
|
||||
it('returns the added user data', done => {
|
||||
supertest(server)
|
||||
.post('/user/new')
|
||||
.auth('admin', 'Abc123!#')
|
||||
.send({email: 'john.doe@bosch.com', name: 'johndoe', pass: 'Abc123!#', level: 'read', location: 'Rng', device_name: 'Alpha II'})
|
||||
.expect('Content-type', /json/)
|
||||
.expect(200, (err, res) => {
|
||||
if (err) return done(err);
|
||||
.expect(200)
|
||||
.end((err, res) => {
|
||||
if (err) done (err);
|
||||
should(res.body).have.property('_id').be.type('string');
|
||||
should(res.body).have.property('email', 'john.doe@bosch.com');
|
||||
should(res.body).have.property('name', 'johndoe');
|
||||
@@ -42,9 +44,11 @@ describe('/user/new', () => {
|
||||
it('stores the data', done => {
|
||||
supertest(server)
|
||||
.post('/user/new')
|
||||
.auth('admin', 'Abc123!#')
|
||||
.send({email: 'john.doe@bosch.com', name: 'johndoe', pass: 'Abc123!#', level: 'read', location: 'Rng', device_name: 'Alpha II'})
|
||||
.expect(200, err => {
|
||||
if (err) return done(err);
|
||||
.expect(200)
|
||||
.end(err => {
|
||||
if (err) done (err);
|
||||
UserModel.find({name: 'johndoe'}).lean().exec( 'find', (err, data) => {
|
||||
if (err) return done(err);
|
||||
should(data).have.lengthOf(1);
|
||||
@@ -63,9 +67,11 @@ describe('/user/new', () => {
|
||||
it('rejects a username already in use', done => {
|
||||
supertest(server)
|
||||
.post('/user/new')
|
||||
.auth('admin', 'Abc123!#')
|
||||
.send({email: 'j.doe@bosch.com', name: 'janedoe', pass: 'Abc123!#', level: 'read', location: 'Rng', device_name: 'Alpha II'})
|
||||
.expect(400, (err, res) => {
|
||||
if (err) return done(err);
|
||||
.expect(400)
|
||||
.end((err, res) => {
|
||||
if (err) done (err);
|
||||
should(res.body).be.eql({status: 'Username already taken'});
|
||||
UserModel.find({name: 'janedoe'}).lean().exec( 'find', (err, data) => {
|
||||
if (err) return done(err);
|
||||
@@ -73,5 +79,30 @@ describe('/user/new', () => {
|
||||
done();
|
||||
});
|
||||
});
|
||||
}); // TODO: authentication
|
||||
});
|
||||
it('rejects requests from non-admins', done => {
|
||||
supertest(server)
|
||||
.post('/user/new')
|
||||
.auth('janedoe', 'Abc123!#')
|
||||
.send({email: 'john.doe@bosch.com', name: 'johndoe', pass: 'Abc123!#', level: 'read', location: 'Rng', device_name: 'Alpha II'})
|
||||
.expect('Content-type', /json/)
|
||||
.expect(403)
|
||||
.end((err, res) => {
|
||||
if (err) done (err);
|
||||
should(res.body).be.eql({status: 'Forbidden'});
|
||||
done();
|
||||
});
|
||||
});
|
||||
it('rejects requests from an admin API key', done => {
|
||||
supertest(server)
|
||||
.post('/user/new?key=5ea131671feb9c2ee0aafc9a')
|
||||
.send({email: 'john.doe@bosch.com', name: 'johndoe', pass: 'Abc123!#', level: 'read', location: 'Rng', device_name: 'Alpha II'})
|
||||
.expect('Content-type', /json/)
|
||||
.expect(401)
|
||||
.end((err, res) => {
|
||||
if (err) done (err);
|
||||
should(res.body).be.eql({status: 'Unauthorized'});
|
||||
done();
|
||||
});
|
||||
});
|
||||
});
|
||||
@@ -11,6 +11,9 @@ router.get('/users', (req, res) => {
|
||||
});
|
||||
|
||||
router.post('/user/new', (req, res, next) => {
|
||||
console.log(req.authDetails);
|
||||
if (!req.auth(res, ['admin'], 'basic')) return;
|
||||
|
||||
// validate input
|
||||
const {error, value: user} = UserValidate.input(req.body);
|
||||
if(error !== undefined) {
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
import joi from '@hapi/joi';
|
||||
import globals from "../../globals";
|
||||
import globals from '../../globals';
|
||||
|
||||
export default class UserValidate { // validate input for user
|
||||
static input (data) {
|
||||
@@ -27,6 +27,7 @@ export default class UserValidate { // validate input for user
|
||||
.required(),
|
||||
|
||||
device_name: joi.string()
|
||||
.allow('')
|
||||
.required()
|
||||
}).validate(data);
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user