0
Fork 0
mirror of https://github.com/verdaccio/verdaccio.git synced 2024-12-23 22:27:34 -05:00
verdaccio/test/functional/package/access.ts

104 lines
4.5 KiB
TypeScript
Raw Normal View History

import {buildToken} from "../../../src/lib/utils";
2018-06-24 03:11:52 -05:00
import {API_ERROR, HTTP_STATUS, TOKEN_BASIC} from "../../../src/lib/constants";
import {CREDENTIALS} from "../config.functional";
import fixturePkg from '../fixtures/package';
export default function(server) {
2015-04-21 11:41:50 -05:00
describe('package access control', () => {
const buildAccesToken = (auth) => {
return buildToken(TOKEN_BASIC, `${(new Buffer(auth).toString('base64'))}`);
};
2015-04-21 11:41:50 -05:00
/**
* Check whether the user is allowed to fetch packages
* @param auth {object} disable auth
* @param pkg {string} package name
2019-02-03 04:43:55 -05:00
* @param status {boolean}
*/
2019-02-03 04:43:55 -05:00
function checkAccess(auth, pkg, status) {
test(
2019-02-03 04:43:55 -05:00
`${(status ? 'allows' : 'forbids')} access ${auth} to ${pkg}`, () => {
server.authstr = auth ? buildAccesToken(auth) : undefined;
const req = server.getPackage(pkg);
2018-06-24 03:11:52 -05:00
2019-02-03 04:43:55 -05:00
if (status === HTTP_STATUS.NOT_FOUND) {
2018-06-24 03:11:52 -05:00
return req.status(HTTP_STATUS.NOT_FOUND).body_error(API_ERROR.NO_PACKAGE);
2019-02-03 04:43:55 -05:00
} else if (status === HTTP_STATUS.FORBIDDEN) {
2018-06-24 03:11:52 -05:00
return req.status(HTTP_STATUS.FORBIDDEN).body_error(API_ERROR.NOT_ALLOWED);
}
2015-04-21 11:41:50 -05:00
}
);
2015-04-21 11:41:50 -05:00
}
/**
* Check whether the user is allowed to publish packages
* @param auth {object} disable auth
* @param pkg {string} package name
2019-02-03 04:43:55 -05:00
* @param status {boolean}
*/
2019-02-03 04:43:55 -05:00
function checkPublish(auth, pkg, status) {
test(`${(status ? 'allows' : 'forbids')} publish ${auth} to ${pkg}`, () => {
server.authstr = auth ? buildAccesToken(auth) : undefined;
const req = server.putPackage(pkg, fixturePkg(pkg));
2019-02-03 04:43:55 -05:00
if (status === HTTP_STATUS.NOT_FOUND) {
return req.status(HTTP_STATUS.NOT_FOUND).body_error(API_ERROR.PACKAGE_CANNOT_BE_ADDED);
} else if (status === HTTP_STATUS.FORBIDDEN) {
return req.status(HTTP_STATUS.FORBIDDEN).body_error(API_ERROR.NOT_ALLOWED_PUBLISH);
} else if (status === HTTP_STATUS.CREATED) {
return req.status(HTTP_STATUS.CREATED);
} else if (status === HTTP_STATUS.CONFLICT) {
return req.status(HTTP_STATUS.CONFLICT);
2015-04-21 11:41:50 -05:00
}
2017-04-19 14:15:28 -05:00
});
2015-04-21 11:41:50 -05:00
}
// credentials
const badCredentials = 'test:badpass';
// test user is logged by default
const validCredentials = `${CREDENTIALS.user}:${CREDENTIALS.password}`;
// defined on server1 configuration
2017-04-19 14:15:28 -05:00
const testAccessOnly = 'test-access-only';
const testPublishOnly = 'test-publish-only';
const testOnlyTest = 'test-only-test';
const testOnlyAuth = 'test-only-auth';
2015-04-21 11:41:50 -05:00
describe('all are allowed to access', () => {
2019-02-03 04:43:55 -05:00
checkAccess(validCredentials, testAccessOnly, HTTP_STATUS.NOT_FOUND);
checkAccess(undefined, testAccessOnly, HTTP_STATUS.NOT_FOUND);
checkAccess(badCredentials, testAccessOnly, HTTP_STATUS.NOT_FOUND);
checkPublish(validCredentials, testAccessOnly, HTTP_STATUS.FORBIDDEN);
checkPublish(undefined, testAccessOnly, HTTP_STATUS.FORBIDDEN);
checkPublish(badCredentials, testAccessOnly, HTTP_STATUS.FORBIDDEN);
});
describe('all are allowed to publish', () => {
2019-02-03 04:43:55 -05:00
checkAccess(validCredentials, testPublishOnly, HTTP_STATUS.FORBIDDEN);
checkAccess(undefined, testPublishOnly, HTTP_STATUS.FORBIDDEN);
checkAccess(badCredentials, testPublishOnly, HTTP_STATUS.FORBIDDEN);
checkPublish(validCredentials, testPublishOnly, HTTP_STATUS.CREATED);
checkPublish(undefined, testPublishOnly, HTTP_STATUS.CONFLICT);
checkPublish(badCredentials, testPublishOnly, HTTP_STATUS.CONFLICT);
});
2015-04-21 11:41:50 -05:00
describe('only user "test" is allowed to publish and access', () => {
2019-02-03 04:43:55 -05:00
checkAccess(validCredentials, testOnlyTest, HTTP_STATUS.NOT_FOUND);
checkAccess(undefined, testOnlyTest, HTTP_STATUS.FORBIDDEN);
checkAccess(badCredentials, testOnlyTest, HTTP_STATUS.FORBIDDEN);
checkPublish(validCredentials, testOnlyTest, HTTP_STATUS.CREATED);
checkPublish(undefined, testOnlyTest, HTTP_STATUS.FORBIDDEN);
checkPublish(badCredentials, testOnlyTest, HTTP_STATUS.FORBIDDEN);
});
2015-04-21 11:41:50 -05:00
describe('only authenticated users are allowed', () => {
2019-02-03 04:43:55 -05:00
checkAccess(validCredentials, testOnlyAuth, HTTP_STATUS.NOT_FOUND);
checkAccess(undefined, testOnlyAuth, HTTP_STATUS.FORBIDDEN);
checkAccess(badCredentials, testOnlyAuth, HTTP_STATUS.FORBIDDEN);
checkPublish(validCredentials, testOnlyAuth, HTTP_STATUS.CREATED);
checkPublish(undefined, testOnlyAuth, HTTP_STATUS.FORBIDDEN);
checkPublish(badCredentials, testOnlyAuth, HTTP_STATUS.FORBIDDEN);
});
2017-04-19 14:15:28 -05:00
});
}