mirror of
https://github.com/TryGhost/Ghost.git
synced 2025-01-27 22:49:56 -05:00
Merge pull request #5705 from sebgie/auth-strategies-coverage
Improve middleware coverage
This commit is contained in:
commit
fc39bd1ed4
4 changed files with 172 additions and 26 deletions
|
@ -1,6 +1,4 @@
|
||||||
var BearerStrategy = require('passport-http-bearer').Strategy,
|
var models = require('../models'),
|
||||||
ClientPasswordStrategy = require('passport-oauth2-client-password').Strategy,
|
|
||||||
models = require('../models'),
|
|
||||||
strategies;
|
strategies;
|
||||||
|
|
||||||
strategies = {
|
strategies = {
|
||||||
|
@ -14,9 +12,8 @@ strategies = {
|
||||||
* HTTP Basic scheme to authenticate (not implemented yet).
|
* HTTP Basic scheme to authenticate (not implemented yet).
|
||||||
* Use of the client password strategy is implemented to support ember-simple-auth.
|
* Use of the client password strategy is implemented to support ember-simple-auth.
|
||||||
*/
|
*/
|
||||||
clientPasswordStrategy: new ClientPasswordStrategy(
|
clientPasswordStrategy: function clientPasswordStrategy(clientId, clientSecret, done) {
|
||||||
function strategy(clientId, clientSecret, done) {
|
return models.Client.forge({slug: clientId})
|
||||||
models.Client.forge({slug: clientId})
|
|
||||||
.fetch()
|
.fetch()
|
||||||
.then(function then(model) {
|
.then(function then(model) {
|
||||||
if (model) {
|
if (model) {
|
||||||
|
@ -27,8 +24,7 @@ strategies = {
|
||||||
}
|
}
|
||||||
return done(null, false);
|
return done(null, false);
|
||||||
});
|
});
|
||||||
}
|
},
|
||||||
),
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* BearerStrategy
|
* BearerStrategy
|
||||||
|
@ -38,15 +34,14 @@ strategies = {
|
||||||
* application, which is issued an access token to make requests on behalf of
|
* application, which is issued an access token to make requests on behalf of
|
||||||
* the authorizing user.
|
* the authorizing user.
|
||||||
*/
|
*/
|
||||||
bearerStrategy: new BearerStrategy(
|
bearerStrategy: function bearerStrategy(accessToken, done) {
|
||||||
function strategy(accessToken, done) {
|
return models.Accesstoken.forge({token: accessToken})
|
||||||
models.Accesstoken.forge({token: accessToken})
|
|
||||||
.fetch()
|
.fetch()
|
||||||
.then(function then(model) {
|
.then(function then(model) {
|
||||||
if (model) {
|
if (model) {
|
||||||
var token = model.toJSON();
|
var token = model.toJSON();
|
||||||
if (token.expires > Date.now()) {
|
if (token.expires > Date.now()) {
|
||||||
models.User.forge({id: token.user_id})
|
return models.User.forge({id: token.user_id})
|
||||||
.fetch()
|
.fetch()
|
||||||
.then(function then(model) {
|
.then(function then(model) {
|
||||||
if (model) {
|
if (model) {
|
||||||
|
@ -64,7 +59,6 @@ strategies = {
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
)
|
|
||||||
};
|
};
|
||||||
|
|
||||||
module.exports = strategies;
|
module.exports = strategies;
|
||||||
|
|
|
@ -31,6 +31,9 @@ var bodyParser = require('body-parser'),
|
||||||
themeHandler = require('./theme-handler'),
|
themeHandler = require('./theme-handler'),
|
||||||
privateBlogging = require('./private-blogging'),
|
privateBlogging = require('./private-blogging'),
|
||||||
|
|
||||||
|
ClientPasswordStrategy = require('passport-oauth2-client-password').Strategy,
|
||||||
|
BearerStrategy = require('passport-http-bearer').Strategy,
|
||||||
|
|
||||||
blogApp,
|
blogApp,
|
||||||
middleware,
|
middleware,
|
||||||
setupMiddleware;
|
setupMiddleware;
|
||||||
|
@ -55,8 +58,8 @@ setupMiddleware = function setupMiddleware(blogAppInstance, adminApp) {
|
||||||
oauthServer = oauth2orize.createServer();
|
oauthServer = oauth2orize.createServer();
|
||||||
|
|
||||||
// silence JSHint without disabling unused check for the whole file
|
// silence JSHint without disabling unused check for the whole file
|
||||||
passport.use(authStrategies.clientPasswordStrategy);
|
passport.use(new ClientPasswordStrategy(authStrategies.clientPasswordStrategy));
|
||||||
passport.use(authStrategies.bearerStrategy);
|
passport.use(new BearerStrategy(authStrategies.bearerStrategy));
|
||||||
|
|
||||||
// Cache express server instance
|
// Cache express server instance
|
||||||
blogApp = blogAppInstance;
|
blogApp = blogAppInstance;
|
||||||
|
|
140
core/test/unit/middleware/auth-strategies_spec.js
Normal file
140
core/test/unit/middleware/auth-strategies_spec.js
Normal file
|
@ -0,0 +1,140 @@
|
||||||
|
/*globals describe, before, beforeEach, afterEach, it*/
|
||||||
|
/*jshint expr:true*/
|
||||||
|
var should = require('should'),
|
||||||
|
sinon = require('sinon'),
|
||||||
|
Promise = require('bluebird'),
|
||||||
|
testUtils = require('../../utils'),
|
||||||
|
authStrategies = require('../../../server/middleware/auth-strategies'),
|
||||||
|
models = require('../../../server/models'),
|
||||||
|
globalUtils = require('../../../server/utils');
|
||||||
|
|
||||||
|
// To stop jshint complaining
|
||||||
|
should.equal(true, true);
|
||||||
|
|
||||||
|
describe('Auth Strategies', function () {
|
||||||
|
var next, sandbox;
|
||||||
|
|
||||||
|
before(testUtils.teardown);
|
||||||
|
|
||||||
|
beforeEach(function () {
|
||||||
|
sandbox = sinon.sandbox.create();
|
||||||
|
next = sandbox.spy();
|
||||||
|
});
|
||||||
|
|
||||||
|
afterEach(function () {
|
||||||
|
sandbox.restore();
|
||||||
|
});
|
||||||
|
afterEach(testUtils.teardown);
|
||||||
|
|
||||||
|
describe('Client Password Strategy', function () {
|
||||||
|
beforeEach(testUtils.setup('clients'));
|
||||||
|
|
||||||
|
it('should find client', function (done) {
|
||||||
|
var clientId = 'ghost-admin',
|
||||||
|
clientSecret = 'not_available';
|
||||||
|
|
||||||
|
authStrategies.clientPasswordStrategy(clientId, clientSecret, function () {
|
||||||
|
arguments.length.should.eql(2);
|
||||||
|
should.equal(arguments[0], null);
|
||||||
|
arguments[1].slug.should.eql('ghost-admin');
|
||||||
|
done();
|
||||||
|
});
|
||||||
|
});
|
||||||
|
|
||||||
|
it('shouldn\'t find client with invalid id', function (done) {
|
||||||
|
var clientId = 'invalid_id',
|
||||||
|
clientSecret = 'not_available';
|
||||||
|
authStrategies.clientPasswordStrategy(clientId, clientSecret, next).then(function () {
|
||||||
|
next.called.should.be.true;
|
||||||
|
next.calledWith(null, false).should.be.true;
|
||||||
|
done();
|
||||||
|
});
|
||||||
|
});
|
||||||
|
|
||||||
|
it('shouldn\'t find client with invalid secret', function (done) {
|
||||||
|
var clientId = 'ghost-admin',
|
||||||
|
clientSecret = 'invalid_secret';
|
||||||
|
authStrategies.clientPasswordStrategy(clientId, clientSecret, next).then(function () {
|
||||||
|
next.called.should.be.true;
|
||||||
|
next.calledWith(null, false).should.be.true;
|
||||||
|
done();
|
||||||
|
});
|
||||||
|
});
|
||||||
|
});
|
||||||
|
|
||||||
|
describe('Bearer Strategy', function () {
|
||||||
|
beforeEach(testUtils.setup('users:roles', 'users', 'clients'));
|
||||||
|
|
||||||
|
it('should find user with valid token', function (done) {
|
||||||
|
var accessToken = 'valid-token';
|
||||||
|
|
||||||
|
testUtils.fixtures.insertAccessToken({
|
||||||
|
user_id: 3,
|
||||||
|
token: accessToken,
|
||||||
|
client_id: 1,
|
||||||
|
expires: Date.now() + globalUtils.ONE_DAY_MS
|
||||||
|
}).then(function () {
|
||||||
|
authStrategies.bearerStrategy(accessToken, function () {
|
||||||
|
should.equal(arguments[0], null);
|
||||||
|
arguments[1].id.should.eql(3);
|
||||||
|
arguments[2].scope.should.eql('*');
|
||||||
|
done();
|
||||||
|
});
|
||||||
|
});
|
||||||
|
});
|
||||||
|
|
||||||
|
it('shouldn\'t find user with invalid token', function (done) {
|
||||||
|
var accessToken = 'invalid_token';
|
||||||
|
|
||||||
|
authStrategies.bearerStrategy(accessToken, next).then(function () {
|
||||||
|
next.called.should.be.true;
|
||||||
|
next.calledWith(null, false).should.be.true;
|
||||||
|
done();
|
||||||
|
});
|
||||||
|
});
|
||||||
|
|
||||||
|
it('should find user that doesn\'t exist', function (done) {
|
||||||
|
var accessToken = 'valid-token';
|
||||||
|
|
||||||
|
// stub needed for mysql, pg
|
||||||
|
// this case could only happen in sqlite
|
||||||
|
sandbox.stub(models.User, 'forge', function () {
|
||||||
|
return {
|
||||||
|
fetch: function () {
|
||||||
|
return Promise.resolve();
|
||||||
|
}
|
||||||
|
};
|
||||||
|
});
|
||||||
|
|
||||||
|
testUtils.fixtures.insertAccessToken({
|
||||||
|
user_id: 3,
|
||||||
|
token: accessToken,
|
||||||
|
client_id: 1,
|
||||||
|
expires: Date.now() + globalUtils.ONE_DAY_MS
|
||||||
|
}).then(function () {
|
||||||
|
return authStrategies.bearerStrategy(accessToken, next);
|
||||||
|
}).then(function () {
|
||||||
|
next.called.should.be.true;
|
||||||
|
next.calledWith(null, false).should.be.true;
|
||||||
|
done();
|
||||||
|
});
|
||||||
|
});
|
||||||
|
|
||||||
|
it('should find user with expired token', function (done) {
|
||||||
|
var accessToken = 'expired-token';
|
||||||
|
|
||||||
|
testUtils.fixtures.insertAccessToken({
|
||||||
|
user_id: 3,
|
||||||
|
token: accessToken,
|
||||||
|
client_id: 1,
|
||||||
|
expires: Date.now() - globalUtils.ONE_DAY_MS
|
||||||
|
}).then(function () {
|
||||||
|
return authStrategies.bearerStrategy(accessToken, next);
|
||||||
|
}).then(function () {
|
||||||
|
next.called.should.be.true;
|
||||||
|
next.calledWith(null, false).should.be.true;
|
||||||
|
done();
|
||||||
|
});
|
||||||
|
});
|
||||||
|
});
|
||||||
|
});
|
|
@ -362,6 +362,14 @@ fixtures = {
|
||||||
return knex('permissions').insert(permsToInsert).then(function () {
|
return knex('permissions').insert(permsToInsert).then(function () {
|
||||||
return knex('permissions_roles').insert(permissionsRoles);
|
return knex('permissions_roles').insert(permissionsRoles);
|
||||||
});
|
});
|
||||||
|
},
|
||||||
|
insertClients: function insertClients() {
|
||||||
|
var knex = config.database.knex;
|
||||||
|
return knex('clients').insert(DataGenerator.forKnex.clients);
|
||||||
|
},
|
||||||
|
insertAccessToken: function insertAccessToken(override) {
|
||||||
|
var knex = config.database.knex;
|
||||||
|
return knex('accesstokens').insert(DataGenerator.forKnex.createToken(override));
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -410,7 +418,8 @@ toDoList = {
|
||||||
'perms:init': function initPermissions() { return permissions.init(); },
|
'perms:init': function initPermissions() { return permissions.init(); },
|
||||||
perms: function permissionsFor(obj) {
|
perms: function permissionsFor(obj) {
|
||||||
return function permissionsForObj() { return fixtures.permissionsFor(obj); };
|
return function permissionsForObj() { return fixtures.permissionsFor(obj); };
|
||||||
}
|
},
|
||||||
|
clients: function insertClients() { return fixtures.insertClients(); }
|
||||||
};
|
};
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
Loading…
Add table
Reference in a new issue