2020-09-17 06:48:16 +02:00
|
|
|
import _ from 'lodash';
|
2021-10-29 17:33:05 +02:00
|
|
|
import supertest from 'supertest';
|
2020-06-30 21:55:14 +02:00
|
|
|
|
2020-11-15 11:14:09 +01:00
|
|
|
import {
|
2021-10-29 17:33:05 +02:00
|
|
|
API_ERROR,
|
|
|
|
API_MESSAGE,
|
2020-11-15 11:14:09 +01:00
|
|
|
HEADERS,
|
|
|
|
HEADER_TYPE,
|
|
|
|
HTTP_STATUS,
|
2021-10-29 17:33:05 +02:00
|
|
|
errorUtils,
|
2021-09-26 00:08:00 +02:00
|
|
|
} from '@verdaccio/core';
|
2020-11-15 11:14:09 +01:00
|
|
|
|
2020-09-17 06:48:16 +02:00
|
|
|
import { $RequestExtend, $ResponseExtend } from '../../types/custom';
|
2020-08-11 07:21:51 +02:00
|
|
|
import { initializeServer } from './_helper';
|
2020-06-30 21:55:14 +02:00
|
|
|
|
2020-09-17 06:48:16 +02:00
|
|
|
const mockApiJWTmiddleware = jest.fn(
|
2021-05-16 17:11:08 +02:00
|
|
|
() =>
|
|
|
|
(req: $RequestExtend, res: $ResponseExtend, _next): void => {
|
|
|
|
req.remote_user = { name: 'test', groups: [], real_groups: [] };
|
|
|
|
_next();
|
|
|
|
}
|
2020-09-17 06:48:16 +02:00
|
|
|
);
|
2020-06-30 21:55:14 +02:00
|
|
|
|
|
|
|
const mockAuthenticate = jest.fn(() => (_name, _password, callback): void => {
|
2020-08-13 23:27:00 +02:00
|
|
|
return callback(null, ['all']);
|
|
|
|
});
|
2020-06-30 21:55:14 +02:00
|
|
|
|
|
|
|
const mockAddUser = jest.fn(() => (_name, _password, callback): void => {
|
2021-09-26 00:08:00 +02:00
|
|
|
return callback(errorUtils.getConflict(API_ERROR.USERNAME_ALREADY_REGISTERED));
|
2020-08-13 23:27:00 +02:00
|
|
|
});
|
2020-06-30 21:55:14 +02:00
|
|
|
|
|
|
|
jest.mock('@verdaccio/auth', () => ({
|
2020-08-13 23:27:00 +02:00
|
|
|
getApiToken: () => 'token',
|
|
|
|
Auth: class {
|
|
|
|
apiJWTmiddleware() {
|
|
|
|
return mockApiJWTmiddleware();
|
|
|
|
}
|
2022-09-16 08:02:08 +02:00
|
|
|
init() {
|
|
|
|
return Promise.resolve();
|
|
|
|
}
|
2020-08-13 23:27:00 +02:00
|
|
|
allow_access(_d, f_, cb) {
|
|
|
|
cb(null, true);
|
|
|
|
}
|
|
|
|
add_user(name, password, callback) {
|
|
|
|
mockAddUser()(name, password, callback);
|
|
|
|
}
|
|
|
|
authenticate(_name, _password, callback) {
|
|
|
|
mockAuthenticate()(_name, _password, callback);
|
|
|
|
}
|
|
|
|
},
|
2020-06-30 21:55:14 +02:00
|
|
|
}));
|
|
|
|
|
2022-07-29 20:51:45 +02:00
|
|
|
// FIXME: This might be covered with user.jwt.spec
|
2020-06-30 21:55:14 +02:00
|
|
|
describe('user', () => {
|
2020-08-13 23:27:00 +02:00
|
|
|
const credentials = { name: 'test', password: 'test' };
|
|
|
|
|
2021-06-13 09:14:04 +02:00
|
|
|
test('should test add a new user', async () => {
|
2020-09-17 06:48:16 +02:00
|
|
|
mockApiJWTmiddleware.mockImplementationOnce(
|
2021-05-16 17:11:08 +02:00
|
|
|
() =>
|
|
|
|
(req: $RequestExtend, res: $ResponseExtend, _next): void => {
|
|
|
|
req.remote_user = { name: undefined };
|
|
|
|
_next();
|
|
|
|
}
|
2020-09-17 06:48:16 +02:00
|
|
|
);
|
2020-08-13 23:27:00 +02:00
|
|
|
|
|
|
|
mockAddUser.mockImplementationOnce(() => (_name, _password, callback): void => {
|
|
|
|
return callback(null, true);
|
|
|
|
});
|
2021-06-13 09:14:04 +02:00
|
|
|
const app = await initializeServer('user.yaml');
|
|
|
|
return new Promise((resolve, reject) => {
|
|
|
|
supertest(app)
|
|
|
|
.put(`/-/user/org.couchdb.user:newUser`)
|
|
|
|
.send({
|
|
|
|
name: 'newUser',
|
|
|
|
password: 'newUser',
|
|
|
|
})
|
|
|
|
.expect(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON_CHARSET)
|
|
|
|
.expect(HTTP_STATUS.CREATED)
|
|
|
|
.end(function (err, res) {
|
|
|
|
if (err) {
|
|
|
|
return reject(err);
|
|
|
|
}
|
|
|
|
expect(res.body.ok).toBeDefined();
|
|
|
|
expect(res.body.token).toBeDefined();
|
|
|
|
const token = res.body.token;
|
|
|
|
expect(typeof token).toBe('string');
|
|
|
|
expect(res.body.ok).toMatch(`user 'newUser' created`);
|
|
|
|
resolve(null);
|
|
|
|
});
|
|
|
|
});
|
2020-08-13 23:27:00 +02:00
|
|
|
});
|
|
|
|
|
2021-06-13 09:14:04 +02:00
|
|
|
test('should test fails on add a existing user with login', async () => {
|
2020-09-17 06:48:16 +02:00
|
|
|
mockApiJWTmiddleware.mockImplementationOnce(
|
2021-05-16 17:11:08 +02:00
|
|
|
() =>
|
|
|
|
(req: $RequestExtend, res: $ResponseExtend, _next): void => {
|
|
|
|
req.remote_user = { name: undefined };
|
|
|
|
_next();
|
|
|
|
}
|
2020-09-17 06:48:16 +02:00
|
|
|
);
|
2021-06-13 09:14:04 +02:00
|
|
|
const app = await initializeServer('user.yaml');
|
|
|
|
return new Promise((resolve, reject) => {
|
|
|
|
supertest(app)
|
|
|
|
.put('/-/user/org.couchdb.user:jotaNew')
|
|
|
|
.send(credentials)
|
|
|
|
.expect(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON_CHARSET)
|
|
|
|
.expect(HTTP_STATUS.CONFLICT)
|
|
|
|
.end(function (err, res) {
|
|
|
|
if (err) {
|
|
|
|
return reject(err);
|
|
|
|
}
|
|
|
|
expect(res.body.error).toBeDefined();
|
|
|
|
expect(res.body.error).toMatch(API_ERROR.USERNAME_ALREADY_REGISTERED);
|
|
|
|
resolve(res.body);
|
|
|
|
});
|
|
|
|
});
|
2020-08-13 23:27:00 +02:00
|
|
|
});
|
|
|
|
|
2021-06-13 09:14:04 +02:00
|
|
|
test('should log in as existing user', async () => {
|
|
|
|
const app = await initializeServer('user.yaml');
|
|
|
|
return new Promise((resolve, reject) => {
|
|
|
|
supertest(app)
|
|
|
|
.put(`/-/user/org.couchdb.user:${credentials.name}`)
|
|
|
|
.send(credentials)
|
|
|
|
.expect(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON_CHARSET)
|
|
|
|
.expect(HTTP_STATUS.CREATED)
|
|
|
|
.end((err, res) => {
|
|
|
|
if (err) {
|
|
|
|
return reject(err);
|
|
|
|
}
|
2020-08-13 23:27:00 +02:00
|
|
|
|
2021-06-13 09:14:04 +02:00
|
|
|
expect(res.body).toBeTruthy();
|
|
|
|
expect(res.body.ok).toMatch(`you are authenticated as \'${credentials.name}\'`);
|
|
|
|
resolve(res);
|
|
|
|
});
|
|
|
|
});
|
2020-08-13 23:27:00 +02:00
|
|
|
});
|
|
|
|
|
2021-06-13 09:14:04 +02:00
|
|
|
test('should test fails add a new user with missing name', async () => {
|
2020-09-17 06:48:16 +02:00
|
|
|
mockApiJWTmiddleware.mockImplementationOnce(
|
2021-05-16 17:11:08 +02:00
|
|
|
() =>
|
|
|
|
(req: $RequestExtend, res: $ResponseExtend, _next): void => {
|
|
|
|
req.remote_user = { name: undefined };
|
|
|
|
_next();
|
|
|
|
}
|
2020-09-17 06:48:16 +02:00
|
|
|
);
|
2020-08-13 23:27:00 +02:00
|
|
|
mockAddUser.mockImplementationOnce(() => (_name, _password, callback): void => {
|
2021-09-26 00:08:00 +02:00
|
|
|
return callback(errorUtils.getBadRequest(API_ERROR.USERNAME_PASSWORD_REQUIRED));
|
2020-08-13 23:27:00 +02:00
|
|
|
});
|
|
|
|
const credentialsShort = _.cloneDeep(credentials);
|
|
|
|
delete credentialsShort.name;
|
|
|
|
|
2021-06-13 09:14:04 +02:00
|
|
|
const app = await initializeServer('user.yaml');
|
|
|
|
return new Promise((resolve, reject) => {
|
|
|
|
supertest(app)
|
|
|
|
.put(`/-/user/org.couchdb.user:${credentials.name}`)
|
|
|
|
.send(credentialsShort)
|
|
|
|
.expect(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON_CHARSET)
|
|
|
|
.expect(HTTP_STATUS.BAD_REQUEST)
|
|
|
|
.end(function (err, res) {
|
|
|
|
if (err) {
|
|
|
|
return reject(err);
|
|
|
|
}
|
2020-08-13 23:27:00 +02:00
|
|
|
|
2021-06-13 09:14:04 +02:00
|
|
|
expect(res.body.error).toBeDefined();
|
|
|
|
expect(res.body.error).toMatch(API_ERROR.USERNAME_PASSWORD_REQUIRED);
|
|
|
|
resolve(app);
|
|
|
|
});
|
|
|
|
});
|
2020-08-13 23:27:00 +02:00
|
|
|
});
|
|
|
|
|
2021-06-13 09:14:04 +02:00
|
|
|
test('should test fails add a new user with missing password', async () => {
|
2020-09-17 06:48:16 +02:00
|
|
|
mockApiJWTmiddleware.mockImplementationOnce(
|
2021-05-16 17:11:08 +02:00
|
|
|
() =>
|
|
|
|
(req: $RequestExtend, res: $ResponseExtend, _next): void => {
|
|
|
|
req.remote_user = { name: undefined };
|
|
|
|
_next();
|
|
|
|
}
|
2020-09-17 06:48:16 +02:00
|
|
|
);
|
2020-08-13 23:27:00 +02:00
|
|
|
const credentialsShort = _.cloneDeep(credentials);
|
|
|
|
delete credentialsShort.password;
|
|
|
|
|
2021-06-13 09:14:04 +02:00
|
|
|
const app = await initializeServer('user.yaml');
|
|
|
|
return new Promise((resolve, reject) => {
|
|
|
|
supertest(app)
|
|
|
|
.put(`/-/user/org.couchdb.user:${credentials.name}`)
|
|
|
|
.send(credentialsShort)
|
|
|
|
.expect(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON_CHARSET)
|
|
|
|
.expect(HTTP_STATUS.BAD_REQUEST)
|
|
|
|
.end(function (err, res) {
|
|
|
|
if (err) {
|
|
|
|
return reject(err);
|
|
|
|
}
|
2020-08-13 23:27:00 +02:00
|
|
|
|
2021-06-13 09:14:04 +02:00
|
|
|
expect(res.body.error).toBeDefined();
|
|
|
|
// FIXME: message is not 100% accurate
|
|
|
|
// eslint-disable-next-line new-cap
|
|
|
|
expect(res.body.error).toMatch(API_ERROR.PASSWORD_SHORT());
|
|
|
|
resolve(res);
|
|
|
|
});
|
|
|
|
});
|
2020-08-13 23:27:00 +02:00
|
|
|
});
|
|
|
|
|
2021-06-13 09:14:04 +02:00
|
|
|
test('should test fails add a new user with wrong password', async () => {
|
2020-09-17 06:48:16 +02:00
|
|
|
mockApiJWTmiddleware.mockImplementationOnce(
|
2021-05-16 17:11:08 +02:00
|
|
|
() =>
|
|
|
|
(req: $RequestExtend, res: $ResponseExtend, _next): void => {
|
|
|
|
req.remote_user = { name: 'test' };
|
|
|
|
_next();
|
|
|
|
}
|
2020-09-17 06:48:16 +02:00
|
|
|
);
|
2020-08-13 23:27:00 +02:00
|
|
|
mockAuthenticate.mockImplementationOnce(() => (_name, _password, callback): void => {
|
2021-09-26 00:08:00 +02:00
|
|
|
return callback(errorUtils.getUnauthorized(API_ERROR.BAD_USERNAME_PASSWORD));
|
2020-08-13 23:27:00 +02:00
|
|
|
});
|
|
|
|
const credentialsShort = _.cloneDeep(credentials);
|
|
|
|
credentialsShort.password = 'failPassword';
|
2021-06-13 09:14:04 +02:00
|
|
|
const app = await initializeServer('user.yaml');
|
|
|
|
return new Promise((resolve, reject) => {
|
|
|
|
supertest(app)
|
|
|
|
.put('/-/user/org.couchdb.user:test')
|
|
|
|
.send(credentialsShort)
|
|
|
|
.expect(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON_CHARSET)
|
|
|
|
.expect(HTTP_STATUS.UNAUTHORIZED)
|
|
|
|
.end(function (err, res) {
|
|
|
|
if (err) {
|
|
|
|
return reject(err);
|
|
|
|
}
|
2020-08-13 23:27:00 +02:00
|
|
|
|
2021-06-13 09:14:04 +02:00
|
|
|
expect(res.body.error).toBeDefined();
|
|
|
|
expect(res.body.error).toMatch(API_ERROR.BAD_USERNAME_PASSWORD);
|
|
|
|
resolve(res);
|
|
|
|
});
|
|
|
|
});
|
2020-08-13 23:27:00 +02:00
|
|
|
});
|
|
|
|
|
2021-06-13 09:14:04 +02:00
|
|
|
test('should be able to logout an user', async () => {
|
2020-09-17 06:48:16 +02:00
|
|
|
mockApiJWTmiddleware.mockImplementationOnce(
|
2021-05-16 17:11:08 +02:00
|
|
|
() =>
|
2021-06-13 09:14:04 +02:00
|
|
|
(req: $RequestExtend, _res: $ResponseExtend, _next): void => {
|
2021-05-16 17:11:08 +02:00
|
|
|
req.remote_user = { name: 'test' };
|
|
|
|
_next();
|
|
|
|
}
|
2020-09-17 06:48:16 +02:00
|
|
|
);
|
2020-08-13 23:27:00 +02:00
|
|
|
mockAuthenticate.mockImplementationOnce(() => (_name, _password, callback): void => {
|
2021-09-26 00:08:00 +02:00
|
|
|
return callback(errorUtils.getUnauthorized(API_ERROR.BAD_USERNAME_PASSWORD));
|
2020-08-13 23:27:00 +02:00
|
|
|
});
|
|
|
|
const credentialsShort = _.cloneDeep(credentials);
|
|
|
|
credentialsShort.password = 'failPassword';
|
|
|
|
|
2021-06-13 09:14:04 +02:00
|
|
|
const app = await initializeServer('user.yaml');
|
|
|
|
return new Promise((resolve, reject) => {
|
|
|
|
supertest(app)
|
|
|
|
.delete('/-/user/token/someSecretToken')
|
|
|
|
.send(credentialsShort)
|
|
|
|
.expect(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON_CHARSET)
|
|
|
|
.expect(HTTP_STATUS.OK)
|
|
|
|
.end(function (err, res) {
|
|
|
|
if (err) {
|
|
|
|
return reject(err);
|
|
|
|
}
|
2020-08-13 23:27:00 +02:00
|
|
|
|
2021-06-13 09:14:04 +02:00
|
|
|
expect(res.body.ok).toMatch(API_MESSAGE.LOGGED_OUT);
|
|
|
|
resolve(res);
|
|
|
|
});
|
|
|
|
});
|
2020-08-13 23:27:00 +02:00
|
|
|
});
|
2020-06-30 21:55:14 +02:00
|
|
|
});
|