2018-08-21 01:05:34 -05:00
|
|
|
import path from 'path';
|
2020-08-11 00:21:51 -05:00
|
|
|
import request from 'supertest';
|
2020-03-03 17:59:19 -05:00
|
|
|
|
2020-09-16 23:48:16 -05:00
|
|
|
import {
|
|
|
|
HEADERS,
|
|
|
|
HTTP_STATUS,
|
|
|
|
HEADER_TYPE,
|
|
|
|
TOKEN_BEARER,
|
|
|
|
TOKEN_BASIC,
|
|
|
|
API_ERROR,
|
|
|
|
} from '@verdaccio/dev-commons';
|
2020-08-13 16:27:00 -05:00
|
|
|
import { mockServer, generateRamdonStorage } from '@verdaccio/mock';
|
|
|
|
import { buildUserBuffer, buildToken } from '@verdaccio/utils';
|
2020-09-16 23:48:16 -05:00
|
|
|
import {
|
|
|
|
configExample,
|
|
|
|
DOMAIN_SERVERS,
|
|
|
|
addUser,
|
|
|
|
getPackage,
|
|
|
|
loginUserToken,
|
|
|
|
} from '@verdaccio/mock';
|
2020-03-03 17:59:19 -05:00
|
|
|
|
2020-08-13 16:27:00 -05:00
|
|
|
import { setup, logger } from '@verdaccio/logger';
|
2018-08-21 01:05:34 -05:00
|
|
|
|
2020-08-11 00:21:51 -05:00
|
|
|
import endPointAPI from '../../src';
|
|
|
|
|
2018-08-21 01:05:34 -05:00
|
|
|
setup([]);
|
2020-03-03 17:59:19 -05:00
|
|
|
|
2018-08-21 01:05:34 -05:00
|
|
|
const credentials = { name: 'JotaJWT', password: 'secretPass' };
|
|
|
|
|
2019-07-16 01:40:01 -05:00
|
|
|
const FORBIDDEN_VUE = 'authorization required to access package vue';
|
2018-08-21 01:05:34 -05:00
|
|
|
|
|
|
|
describe('endpoint user auth JWT unit test', () => {
|
2019-05-20 00:41:12 -05:00
|
|
|
jest.setTimeout(20000);
|
2018-08-21 01:05:34 -05:00
|
|
|
let app;
|
|
|
|
let mockRegistry;
|
2019-05-19 14:37:43 -05:00
|
|
|
const FAKE_TOKEN: string = buildToken(TOKEN_BEARER, 'fake');
|
2018-08-21 01:05:34 -05:00
|
|
|
|
2020-08-13 16:27:00 -05:00
|
|
|
beforeAll(async function (done) {
|
2018-08-21 01:05:34 -05:00
|
|
|
const mockServerPort = 55546;
|
2020-03-03 17:59:19 -05:00
|
|
|
const store = generateRamdonStorage();
|
2020-08-13 16:27:00 -05:00
|
|
|
const configForTest = configExample(
|
|
|
|
{
|
|
|
|
storage: store,
|
|
|
|
uplinks: {
|
|
|
|
remote: {
|
|
|
|
url: `http://${DOMAIN_SERVERS}:${mockServerPort}`,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
self_path: store,
|
2020-03-03 17:59:19 -05:00
|
|
|
},
|
2020-08-13 16:27:00 -05:00
|
|
|
'jwt.yaml',
|
|
|
|
__dirname
|
|
|
|
);
|
2020-03-03 17:59:19 -05:00
|
|
|
|
|
|
|
app = await endPointAPI(configForTest);
|
|
|
|
const binPath = require.resolve('verdaccio/bin/verdaccio');
|
|
|
|
const storePath = path.join(__dirname, '/mock/store');
|
|
|
|
mockRegistry = await mockServer(mockServerPort, { storePath, silence: true }).init(binPath);
|
|
|
|
done();
|
2018-08-21 01:05:34 -05:00
|
|
|
});
|
|
|
|
|
2020-08-13 16:27:00 -05:00
|
|
|
afterAll(function (done) {
|
2020-03-03 17:59:19 -05:00
|
|
|
const [registry, pid] = mockRegistry;
|
|
|
|
registry.stop();
|
|
|
|
logger.info(`registry ${pid} has been stopped`);
|
|
|
|
|
2018-08-21 01:05:34 -05:00
|
|
|
done();
|
|
|
|
});
|
|
|
|
|
|
|
|
test('should test add a new user with JWT enabled', async (done) => {
|
|
|
|
const [err, res] = await addUser(request(app), credentials.name, credentials);
|
|
|
|
expect(err).toBeNull();
|
|
|
|
expect(res.body.ok).toBeDefined();
|
|
|
|
expect(res.body.token).toBeDefined();
|
2019-06-12 23:58:43 -05:00
|
|
|
|
|
|
|
const { token } = res.body;
|
2018-08-21 01:05:34 -05:00
|
|
|
expect(typeof token).toBe('string');
|
|
|
|
expect(res.body.ok).toMatch(`user '${credentials.name}' created`);
|
2019-06-12 23:58:43 -05:00
|
|
|
|
2018-08-21 01:05:34 -05:00
|
|
|
// testing JWT auth headers with token
|
|
|
|
// we need it here, because token is required
|
2019-08-10 06:38:06 -05:00
|
|
|
const [err1, resp1] = await getPackage(request(app), token, 'vue');
|
2020-03-03 17:59:19 -05:00
|
|
|
|
2018-08-21 01:05:34 -05:00
|
|
|
expect(err1).toBeNull();
|
|
|
|
expect(resp1.body).toBeDefined();
|
|
|
|
expect(resp1.body.name).toMatch('vue');
|
|
|
|
|
2020-09-16 23:48:16 -05:00
|
|
|
const [err2, resp2] = await getPackage(
|
|
|
|
request(app),
|
|
|
|
FAKE_TOKEN,
|
|
|
|
'vue',
|
|
|
|
HTTP_STATUS.UNAUTHORIZED
|
|
|
|
);
|
2018-08-21 01:05:34 -05:00
|
|
|
expect(err2).toBeNull();
|
2018-11-15 15:13:41 -05:00
|
|
|
expect(resp2.statusCode).toBe(HTTP_STATUS.UNAUTHORIZED);
|
2018-08-21 01:05:34 -05:00
|
|
|
expect(resp2.body.error).toMatch(FORBIDDEN_VUE);
|
|
|
|
done();
|
|
|
|
});
|
|
|
|
|
|
|
|
test('should emulate npm login when user already exist', async (done) => {
|
|
|
|
const credentials = { name: 'jwtUser2', password: 'secretPass' };
|
|
|
|
// creates an user
|
|
|
|
await addUser(request(app), credentials.name, credentials);
|
|
|
|
// it should fails conflict 409
|
|
|
|
await addUser(request(app), credentials.name, credentials, HTTP_STATUS.CONFLICT);
|
2019-06-12 23:58:43 -05:00
|
|
|
|
2018-08-21 01:05:34 -05:00
|
|
|
// npm will try to sign in sending credentials via basic auth header
|
|
|
|
const token = buildUserBuffer(credentials.name, credentials.password).toString('base64');
|
2019-07-16 01:40:01 -05:00
|
|
|
// put should exist in request
|
|
|
|
// @ts-ignore
|
2020-08-13 16:27:00 -05:00
|
|
|
request(app)
|
|
|
|
.put(`/-/user/org.couchdb.user:${credentials.name}/-rev/undefined`)
|
2018-08-21 01:05:34 -05:00
|
|
|
.send(credentials)
|
2019-05-19 14:37:43 -05:00
|
|
|
.set(HEADERS.AUTHORIZATION, buildToken(TOKEN_BASIC, token))
|
2018-08-21 01:05:34 -05:00
|
|
|
.expect(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON_CHARSET)
|
|
|
|
.expect(HTTP_STATUS.CREATED)
|
2020-08-13 16:27:00 -05:00
|
|
|
.end(function (err, res) {
|
2018-08-21 01:05:34 -05:00
|
|
|
expect(err).toBeNull();
|
|
|
|
expect(res.body.ok).toBeDefined();
|
|
|
|
expect(res.body.token).toBeDefined();
|
2019-06-12 23:58:43 -05:00
|
|
|
|
2018-08-21 01:05:34 -05:00
|
|
|
done();
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
test('should fails on try to access with corrupted token', async (done) => {
|
2020-09-16 23:48:16 -05:00
|
|
|
const [err2, resp2] = await getPackage(
|
|
|
|
request(app),
|
|
|
|
FAKE_TOKEN,
|
|
|
|
'vue',
|
|
|
|
HTTP_STATUS.UNAUTHORIZED
|
|
|
|
);
|
2018-08-21 01:05:34 -05:00
|
|
|
expect(err2).toBeNull();
|
2018-11-15 15:13:41 -05:00
|
|
|
expect(resp2.statusCode).toBe(HTTP_STATUS.UNAUTHORIZED);
|
2018-08-21 01:05:34 -05:00
|
|
|
expect(resp2.body.error).toMatch(FORBIDDEN_VUE);
|
|
|
|
done();
|
|
|
|
});
|
|
|
|
|
2019-06-12 23:58:43 -05:00
|
|
|
test('should fails on login if user credentials are invalid even if jwt valid token is provided', async (done) => {
|
|
|
|
const credentials = { name: 'newFailsUser', password: 'secretPass' };
|
|
|
|
const [err, res] = await addUser(request(app), credentials.name, credentials);
|
|
|
|
expect(err).toBeNull();
|
|
|
|
expect(res.body.ok).toBeDefined();
|
|
|
|
expect(res.body.token).toBeDefined();
|
|
|
|
|
|
|
|
const { token } = res.body;
|
|
|
|
expect(typeof token).toBe('string');
|
|
|
|
expect(res.body.ok).toMatch(`user '${credentials.name}' created`);
|
|
|
|
|
|
|
|
// we login when token is valid
|
|
|
|
const newCredentials = { name: 'newFailsUser', password: 'BAD_PASSWORD' };
|
2020-09-16 23:48:16 -05:00
|
|
|
const [err2, resp2] = await loginUserToken(
|
|
|
|
request(app),
|
|
|
|
newCredentials.name,
|
|
|
|
newCredentials,
|
|
|
|
token,
|
|
|
|
HTTP_STATUS.UNAUTHORIZED
|
|
|
|
);
|
2019-06-12 23:58:43 -05:00
|
|
|
expect(err2).toBeNull();
|
|
|
|
expect(resp2.statusCode).toBe(HTTP_STATUS.UNAUTHORIZED);
|
|
|
|
expect(resp2.body.error).toMatch(API_ERROR.BAD_USERNAME_PASSWORD);
|
|
|
|
|
|
|
|
done();
|
|
|
|
});
|
2018-08-21 01:05:34 -05:00
|
|
|
});
|