2021-10-29 10:33:05 -05:00
|
|
|
import supertest from 'supertest';
|
2024-08-04 13:17:02 -05:00
|
|
|
import { describe, expect, test, vi } from 'vitest';
|
2020-06-30 14:55:14 -05:00
|
|
|
|
2022-09-17 12:29:40 -05:00
|
|
|
import { API_ERROR, HEADERS, HEADER_TYPE, HTTP_STATUS, TOKEN_BEARER } from '@verdaccio/core';
|
|
|
|
import { buildToken } from '@verdaccio/utils';
|
2020-11-15 05:14:09 -05:00
|
|
|
|
2022-09-17 12:29:40 -05:00
|
|
|
import { createUser, getPackage, initializeServer } from './_helper';
|
2020-06-30 14:55:14 -05:00
|
|
|
|
2022-09-17 12:29:40 -05:00
|
|
|
const FORBIDDEN_VUE = 'authorization required to access package vue';
|
2020-06-30 14:55:14 -05:00
|
|
|
|
2024-08-04 13:17:02 -05:00
|
|
|
vi.setConfig({ testTimeout: 20000 });
|
2020-06-30 14:55:14 -05:00
|
|
|
|
2022-09-17 12:29:40 -05:00
|
|
|
describe('token', () => {
|
|
|
|
describe('basics', () => {
|
|
|
|
const FAKE_TOKEN: string = buildToken(TOKEN_BEARER, 'fake');
|
|
|
|
test.each([['user.yaml'], ['user.jwt.yaml']])('should test add a new user', async (conf) => {
|
|
|
|
const app = await initializeServer(conf);
|
|
|
|
const credentials = { name: 'JotaJWT', password: 'secretPass' };
|
|
|
|
const response = await createUser(app, credentials.name, credentials.password);
|
|
|
|
expect(response.body.ok).toMatch(`user '${credentials.name}' created`);
|
2020-06-30 14:55:14 -05:00
|
|
|
|
2022-09-17 12:29:40 -05:00
|
|
|
const vueResponse = await getPackage(app, response.body.token, 'vue');
|
|
|
|
expect(vueResponse.body).toBeDefined();
|
|
|
|
expect(vueResponse.body.name).toMatch('vue');
|
2020-06-30 14:55:14 -05:00
|
|
|
|
2022-09-17 12:29:40 -05:00
|
|
|
const vueFailResp = await getPackage(app, FAKE_TOKEN, 'vue', HTTP_STATUS.UNAUTHORIZED);
|
|
|
|
expect(vueFailResp.body.error).toMatch(FORBIDDEN_VUE);
|
|
|
|
});
|
2020-08-13 16:27:00 -05:00
|
|
|
|
2022-09-17 12:29:40 -05:00
|
|
|
test.each([['user.yaml'], ['user.jwt.yaml']])('should login an user', async (conf) => {
|
|
|
|
const app = await initializeServer(conf);
|
|
|
|
const credentials = { name: 'test', password: 'test' };
|
|
|
|
const response = await createUser(app, credentials.name, credentials.password);
|
|
|
|
expect(response.body.ok).toMatch(`user '${credentials.name}' created`);
|
2020-08-13 16:27:00 -05:00
|
|
|
|
2022-09-17 12:29:40 -05:00
|
|
|
await supertest(app)
|
|
|
|
.put(`/-/user/org.couchdb.user:${credentials.name}`)
|
2021-06-13 02:14:04 -05:00
|
|
|
.send({
|
2022-09-17 12:29:40 -05:00
|
|
|
name: credentials.name,
|
|
|
|
password: credentials.password,
|
2021-06-13 02:14:04 -05:00
|
|
|
})
|
2022-09-17 12:29:40 -05:00
|
|
|
.set(HEADERS.AUTHORIZATION, buildToken(TOKEN_BEARER, response.body.token))
|
2021-06-13 02:14:04 -05:00
|
|
|
.expect(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON_CHARSET)
|
2022-09-17 12:29:40 -05:00
|
|
|
.expect(HTTP_STATUS.CREATED);
|
2021-06-13 02:14:04 -05:00
|
|
|
});
|
2020-08-13 16:27:00 -05:00
|
|
|
|
2022-09-17 12:29:40 -05:00
|
|
|
test.each([['user.yaml'], ['user.jwt.yaml']])(
|
|
|
|
'should fails login a valid user',
|
|
|
|
async (conf) => {
|
|
|
|
const app = await initializeServer(conf);
|
|
|
|
const credentials = { name: 'test', password: 'test' };
|
|
|
|
const response = await createUser(app, credentials.name, credentials.password);
|
|
|
|
expect(response.body.ok).toMatch(`user '${credentials.name}' created`);
|
|
|
|
|
|
|
|
await supertest(app)
|
|
|
|
.put(`/-/user/org.couchdb.user:${credentials.name}`)
|
|
|
|
.send({
|
|
|
|
name: credentials.name,
|
|
|
|
password: 'failPassword',
|
|
|
|
})
|
|
|
|
.set(HEADERS.AUTHORIZATION, buildToken(TOKEN_BEARER, response.body.token))
|
|
|
|
.expect(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON_CHARSET)
|
|
|
|
.expect(HTTP_STATUS.UNAUTHORIZED);
|
|
|
|
}
|
2020-09-16 23:48:16 -05:00
|
|
|
);
|
2020-08-13 16:27:00 -05:00
|
|
|
|
2022-09-17 12:29:40 -05:00
|
|
|
test.each([['user.yaml'], ['user.jwt.yaml']])(
|
|
|
|
'should test conflict create new user',
|
|
|
|
async (conf) => {
|
|
|
|
const app = await initializeServer(conf);
|
|
|
|
const credentials = { name: 'JotaJWT', password: 'secretPass' };
|
|
|
|
const response = await createUser(app, credentials.name, credentials.password);
|
|
|
|
expect(response.body.ok).toMatch(`user '${credentials.name}' created`);
|
|
|
|
const response2 = await supertest(app)
|
|
|
|
.put(`/-/user/org.couchdb.user:${credentials.name}`)
|
|
|
|
.send({
|
|
|
|
name: credentials.name,
|
|
|
|
password: credentials.password,
|
|
|
|
})
|
|
|
|
.expect(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON_CHARSET)
|
|
|
|
.expect(HTTP_STATUS.CONFLICT);
|
|
|
|
expect(response2.body.error).toBe(API_ERROR.USERNAME_ALREADY_REGISTERED);
|
|
|
|
}
|
2020-09-16 23:48:16 -05:00
|
|
|
);
|
2020-08-13 16:27:00 -05:00
|
|
|
|
2022-09-17 12:29:40 -05:00
|
|
|
test.each([['user.yaml'], ['user.jwt.yaml']])(
|
|
|
|
'should fails on login if user credentials are invalid',
|
|
|
|
async (conf) => {
|
|
|
|
const app = await initializeServer(conf);
|
|
|
|
const credentials = { name: 'newFailsUser', password: 'secretPass' };
|
|
|
|
const response = await createUser(app, credentials.name, credentials.password);
|
|
|
|
expect(response.body.ok).toMatch(`user '${credentials.name}' created`);
|
|
|
|
const response2 = await supertest(app)
|
|
|
|
.put(`/-/user/org.couchdb.user:${credentials.name}`)
|
|
|
|
.send({
|
|
|
|
name: credentials.name,
|
|
|
|
password: 'BAD_PASSWORD',
|
|
|
|
})
|
|
|
|
.expect(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON_CHARSET)
|
|
|
|
.expect(HTTP_STATUS.UNAUTHORIZED);
|
|
|
|
expect(response2.body.error).toBe(API_ERROR.UNAUTHORIZED_ACCESS);
|
|
|
|
}
|
2020-09-16 23:48:16 -05:00
|
|
|
);
|
2020-08-13 16:27:00 -05:00
|
|
|
|
2022-09-17 12:29:40 -05:00
|
|
|
test.each([['user.yaml'], ['user.jwt.yaml']])(
|
|
|
|
'should fails password validation',
|
|
|
|
async (conf) => {
|
|
|
|
const credentials = { name: 'test', password: '12' };
|
|
|
|
const app = await initializeServer(conf);
|
|
|
|
const response = await supertest(app)
|
|
|
|
.put(`/-/user/org.couchdb.user:${credentials.name}`)
|
|
|
|
.send({
|
|
|
|
name: credentials.name,
|
|
|
|
password: credentials.password,
|
|
|
|
})
|
|
|
|
.expect(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON_CHARSET)
|
|
|
|
.expect(HTTP_STATUS.BAD_REQUEST);
|
|
|
|
expect(response.body.error).toBe(API_ERROR.PASSWORD_SHORT);
|
|
|
|
}
|
2020-09-16 23:48:16 -05:00
|
|
|
);
|
2020-08-13 16:27:00 -05:00
|
|
|
|
2022-09-17 12:29:40 -05:00
|
|
|
test.each([['user.yaml'], ['user.jwt.yaml']])(
|
|
|
|
'should fails missing password validation',
|
|
|
|
async (conf) => {
|
|
|
|
const credentials = { name: 'test' };
|
|
|
|
const app = await initializeServer(conf);
|
|
|
|
const response = await supertest(app)
|
|
|
|
.put(`/-/user/org.couchdb.user:${credentials.name}`)
|
|
|
|
.send({
|
|
|
|
name: credentials.name,
|
|
|
|
password: undefined,
|
|
|
|
})
|
|
|
|
.expect(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON_CHARSET)
|
|
|
|
.expect(HTTP_STATUS.BAD_REQUEST);
|
|
|
|
expect(response.body.error).toBe(API_ERROR.PASSWORD_SHORT);
|
|
|
|
}
|
|
|
|
);
|
2020-08-13 16:27:00 -05:00
|
|
|
|
2022-09-17 12:29:40 -05:00
|
|
|
test.each([['user.yaml'], ['user.jwt.yaml']])(
|
|
|
|
'should verify if user is logged',
|
|
|
|
async (conf) => {
|
|
|
|
const app = await initializeServer(conf);
|
|
|
|
const credentials = { name: 'jota', password: 'secretPass' };
|
|
|
|
const response = await createUser(app, credentials.name, credentials.password);
|
|
|
|
expect(response.body.ok).toMatch(`user '${credentials.name}' created`);
|
|
|
|
const response2 = await supertest(app)
|
|
|
|
.get(`/-/user/org.couchdb.user:${credentials.name}`)
|
|
|
|
.set(HEADERS.AUTHORIZATION, buildToken(TOKEN_BEARER, response.body.token))
|
|
|
|
.expect(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON_CHARSET)
|
|
|
|
.expect(HTTP_STATUS.OK);
|
|
|
|
expect(response2.body.ok).toBe(`you are authenticated as '${credentials.name}'`);
|
2024-06-13 05:06:01 -05:00
|
|
|
expect(response2.body.name).toBe(credentials.name);
|
|
|
|
}
|
|
|
|
);
|
|
|
|
|
|
|
|
test.each([['user.yaml'], ['user.jwt.yaml']])(
|
|
|
|
'should return name of requested user',
|
|
|
|
async (conf) => {
|
|
|
|
const app = await initializeServer(conf);
|
|
|
|
const username = 'yeti';
|
|
|
|
const credentials = { name: 'jota', password: 'secretPass' };
|
|
|
|
const response = await createUser(app, credentials.name, credentials.password);
|
|
|
|
expect(response.body.ok).toMatch(`user '${credentials.name}' created`);
|
|
|
|
const response3 = await supertest(app)
|
|
|
|
.get(`/-/user/org.couchdb.user:${username}`)
|
|
|
|
.set(HEADERS.AUTHORIZATION, buildToken(TOKEN_BEARER, response.body.token))
|
|
|
|
.expect(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON_CHARSET)
|
|
|
|
.expect(HTTP_STATUS.OK);
|
|
|
|
expect(response3.body.ok).toBe(`you are authenticated as '${credentials.name}'`);
|
|
|
|
expect(response3.body.name).toBe(username);
|
2022-09-17 12:29:40 -05:00
|
|
|
}
|
2020-09-16 23:48:16 -05:00
|
|
|
);
|
2020-08-13 16:27:00 -05:00
|
|
|
|
2022-09-17 12:29:40 -05:00
|
|
|
test.each([['user.yaml'], ['user.jwt.yaml']])('should logout user', async (conf) => {
|
|
|
|
const app = await initializeServer(conf);
|
|
|
|
const credentials = { name: 'jota', password: 'secretPass' };
|
|
|
|
const response = await createUser(app, credentials.name, credentials.password);
|
|
|
|
await supertest(app)
|
|
|
|
.get(`/-/user/org.couchdb.user:${credentials.name}`)
|
|
|
|
.set(HEADERS.AUTHORIZATION, buildToken(TOKEN_BEARER, response.body.token))
|
2021-06-13 02:14:04 -05:00
|
|
|
.expect(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON_CHARSET)
|
2022-09-17 12:29:40 -05:00
|
|
|
.expect(HTTP_STATUS.OK);
|
|
|
|
await supertest(app)
|
|
|
|
.delete(`/-/user/token/someSecretToken:${response.body.token}`)
|
|
|
|
.expect(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON_CHARSET)
|
|
|
|
.expect(HTTP_STATUS.OK);
|
2021-06-13 02:14:04 -05:00
|
|
|
});
|
2024-06-13 05:06:01 -05:00
|
|
|
|
|
|
|
test.each([['user.yaml'], ['user.jwt.yaml']])(
|
|
|
|
'should return "false" if user is not logged in',
|
|
|
|
async (conf) => {
|
|
|
|
const app = await initializeServer(conf);
|
|
|
|
const credentials = { name: 'jota', password: '' };
|
|
|
|
const response = await supertest(app)
|
|
|
|
.get(`/-/user/org.couchdb.user:${credentials.name}`)
|
|
|
|
.expect(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON_CHARSET)
|
|
|
|
.expect(HTTP_STATUS.OK);
|
|
|
|
expect(response.body.ok).toBe(false);
|
|
|
|
}
|
|
|
|
);
|
|
|
|
|
|
|
|
test.each([['user.yaml'], ['user.jwt.yaml']])(
|
|
|
|
'should fail if URL does not match user in request body',
|
|
|
|
async (conf) => {
|
|
|
|
const app = await initializeServer(conf);
|
|
|
|
const credentials = { name: 'jota', password: 'secretPass' };
|
|
|
|
const response = await createUser(app, credentials.name, credentials.password);
|
|
|
|
expect(response.body.ok).toMatch(`user '${credentials.name}' created`);
|
|
|
|
const response2 = await supertest(app)
|
|
|
|
.put('/-/user/org.couchdb.user:yeti') // different user
|
|
|
|
.set(HEADERS.AUTHORIZATION, buildToken(TOKEN_BEARER, response.body.token))
|
|
|
|
.send({
|
|
|
|
name: credentials.name,
|
|
|
|
password: credentials.password,
|
|
|
|
})
|
|
|
|
.expect(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON_CHARSET)
|
|
|
|
.expect(HTTP_STATUS.BAD_REQUEST);
|
|
|
|
expect(response2.body.error).toBe(API_ERROR.USERNAME_MISMATCH);
|
|
|
|
}
|
|
|
|
);
|
2020-08-13 16:27:00 -05:00
|
|
|
});
|
2020-06-30 14:55:14 -05:00
|
|
|
});
|