0
Fork 0
mirror of https://github.com/verdaccio/verdaccio.git synced 2025-01-20 22:52:46 -05:00
verdaccio/test/functional/plugins/auth.js

118 lines
3.9 KiB
JavaScript
Raw Normal View History

2018-06-23 01:03:25 +02:00
import {HTTP_STATUS, API_ERROR} from "../../../src/lib/constants";
2018-06-22 20:31:43 +02:00
export default function(server2) {
// credentials
const USER1 = 'authtest';
const USER2 = 'authtest2';
2018-06-23 08:35:06 +02:00
const CORRECT_PASSWORD = 'blahblah-password';
2018-06-22 20:31:43 +02:00
const WRONG_PASSWORD = 'wrongpass1';
// package names
const DENY_PKG_NAME = 'test-auth-deny';
const AUTH_PKG_ACCESS_NAME = 'test-auth-regular';
const ONLY_ACCESS_BY_USER_2 = 'test-deny';
const UNEXISTING_PKG_NAME = 'test-auth-allow';
2015-04-11 16:09:19 +03:00
const requestAuthFail = (user, pass, message, statusCode) => {
return server2.auth(user, pass)
.status(statusCode)
.body_error(message)
.then(function() {
return server2.whoami();
})
.then(function(username) {
2018-06-22 20:31:43 +02:00
expect(username).toBeUndefined();
});
};
const requestAuthOk = (user, pass, regex, statusCode) => {
return server2.auth(user, pass)
.status(statusCode)
.body_ok(regex)
.then(function() {
return server2.whoami();
})
.then(function(username) {
2018-06-22 20:31:43 +02:00
expect(username).toBe(user);
});
};
2015-04-11 16:09:19 +03:00
2018-06-22 20:31:43 +02:00
describe('plugin authentication', () => {
2015-04-11 16:09:19 +03:00
2018-06-22 20:31:43 +02:00
describe('test users authentication', () => {
2015-04-11 16:09:19 +03:00
2018-06-22 20:31:43 +02:00
test('should not authenticate user1 with wrong password', () => {
return requestAuthFail(USER1, WRONG_PASSWORD, 'i don\'t like your password', HTTP_STATUS.UNAUTHORIZED);
2017-04-19 21:15:28 +02:00
});
2015-04-11 16:09:19 +03:00
2018-06-22 20:31:43 +02:00
test('should not authenticate user2 with wrong password', () => {
return requestAuthFail(USER2, WRONG_PASSWORD, 'i don\'t like your password', HTTP_STATUS.UNAUTHORIZED);
2017-04-19 21:15:28 +02:00
});
2015-04-11 16:09:19 +03:00
2018-06-22 20:31:43 +02:00
test('should right user2 password handled by plugin', () => {
return requestAuthOk(USER2, CORRECT_PASSWORD, new RegExp(USER2), HTTP_STATUS.CREATED);
2017-04-19 21:15:28 +02:00
});
2015-04-11 16:09:19 +03:00
2018-06-22 20:31:43 +02:00
test('should right user1 password handled by plugin', () => {
return requestAuthOk(USER1, CORRECT_PASSWORD, new RegExp(USER1), HTTP_STATUS.CREATED);
2017-04-19 21:15:28 +02:00
});
2015-04-11 16:09:19 +03:00
2018-06-22 20:31:43 +02:00
});
2015-04-11 16:09:19 +03:00
2018-06-22 20:31:43 +02:00
describe('test package access authorization', () => {
describe(`access with user ${USER1} on server2`, () => {
beforeAll(function() {
return server2.auth(USER1, CORRECT_PASSWORD)
.status(HTTP_STATUS.CREATED)
.body_ok(new RegExp(USER1));
});
test(`should fails (404) on access ${UNEXISTING_PKG_NAME}`, () => {
return server2.getPackage(UNEXISTING_PKG_NAME)
.status(HTTP_STATUS.NOT_FOUND)
2018-06-23 01:03:25 +02:00
.body_error(API_ERROR.NO_PACKAGE);
2018-06-22 20:31:43 +02:00
});
test(`should fails (403) access ${ONLY_ACCESS_BY_USER_2}`, () => {
return server2.getPackage(ONLY_ACCESS_BY_USER_2)
.status(HTTP_STATUS.FORBIDDEN)
2018-06-23 01:03:25 +02:00
.body_error(API_ERROR.NOT_ALLOWED);
2018-06-22 20:31:43 +02:00
});
test(`should fails (404) access ${AUTH_PKG_ACCESS_NAME}`, () => {
return server2.getPackage(AUTH_PKG_ACCESS_NAME)
.status(HTTP_STATUS.NOT_FOUND)
2018-06-23 01:03:25 +02:00
.body_error(API_ERROR.NO_PACKAGE);
2018-06-22 20:31:43 +02:00
});
2017-04-19 21:15:28 +02:00
});
2015-04-11 16:09:19 +03:00
2018-06-22 20:31:43 +02:00
describe(`access with user ${USER2} on server2`, () => {
beforeAll(function() {
return server2.auth(USER2, CORRECT_PASSWORD)
.status(HTTP_STATUS.CREATED)
.body_ok(new RegExp(USER2));
});
test(`should fails (403) on access ${UNEXISTING_PKG_NAME}`, () => {
return server2.getPackage(UNEXISTING_PKG_NAME)
.status(HTTP_STATUS.FORBIDDEN)
2018-06-23 01:03:25 +02:00
.body_error(API_ERROR.NOT_ALLOWED);
2018-06-22 20:31:43 +02:00
});
test(`should fails (403) on access ${DENY_PKG_NAME}`, () => {
return server2.getPackage(DENY_PKG_NAME)
.status(HTTP_STATUS.FORBIDDEN)
2018-06-23 01:03:25 +02:00
.body_error(API_ERROR.NOT_ALLOWED);
2018-06-22 20:31:43 +02:00
});
test(`should fails (404) access ${AUTH_PKG_ACCESS_NAME}`, () => {
return server2.getPackage(AUTH_PKG_ACCESS_NAME)
.status(HTTP_STATUS.NOT_FOUND)
2018-06-23 01:03:25 +02:00
.body_error(API_ERROR.NO_PACKAGE);
2018-06-22 20:31:43 +02:00
});
2017-04-19 21:15:28 +02:00
});
2015-04-11 16:09:19 +03:00
2017-04-19 21:15:28 +02:00
});
});
2017-12-02 11:19:08 +01:00
}