verdaccio/test/functional/package/access.ts

import { API_ERROR, HTTP_STATUS, TOKEN_BASIC } from '../../../src/lib/constants';
import { buildToken } from '../../../src/lib/utils';
import { CREDENTIALS } from '../config.functional';
import fixturePkg from '../fixtures/package';

export default function (server) {
  describe('package access control', () => {
    const buildAccesToken = (auth) => {
      return buildToken(TOKEN_BASIC, `${Buffer.from(auth).toString('base64')}`);
    };

    /**
     * Check whether the user is allowed to fetch packages
     * @param auth {object} disable auth
     * @param pkg {string} package name
     * @param status {boolean}
     */
    function checkAccess(auth, pkg, status) {
      test(`${status ? 'allows' : 'forbids'} access ${auth} to ${pkg}`, () => {
        server.authstr = auth ? buildAccesToken(auth) : undefined;
        const req = server.getPackage(pkg);

        if (status === HTTP_STATUS.NOT_FOUND) {
          return req.status(HTTP_STATUS.NOT_FOUND).body_error(API_ERROR.NO_PACKAGE);
        } else if (status === HTTP_STATUS.FORBIDDEN) {
          return req.status(HTTP_STATUS.FORBIDDEN).body_error(API_ERROR.NOT_ALLOWED);
        }
      });
    }

    /**
     * Check whether the user is allowed to publish packages
     * @param auth {object} disable auth
     * @param pkg {string} package name
     * @param status {boolean}
     */
    function checkPublish(auth, pkg, status) {
      test(`${status ? 'allows' : 'forbids'} publish ${auth} to ${pkg}`, () => {
        server.authstr = auth ? buildAccesToken(auth) : undefined;
        const req = server.putPackage(pkg, fixturePkg(pkg));
        if (status === HTTP_STATUS.NOT_FOUND) {
          return req.status(HTTP_STATUS.NOT_FOUND).body_error(API_ERROR.PACKAGE_CANNOT_BE_ADDED);
        } else if (status === HTTP_STATUS.FORBIDDEN) {
          return req.status(HTTP_STATUS.FORBIDDEN).body_error(API_ERROR.NOT_ALLOWED_PUBLISH);
        } else if (status === HTTP_STATUS.CREATED) {
          return req.status(HTTP_STATUS.CREATED);
        } else if (status === HTTP_STATUS.CONFLICT) {
          return req.status(HTTP_STATUS.CONFLICT);
        }
      });
    }

    // credentials
    const badCredentials = 'test:badpass';
    // test user is logged by default
    const validCredentials = `${CREDENTIALS.user}:${CREDENTIALS.password}`;

    // defined on server1 configuration
    const testAccessOnly = 'test-access-only';
    const testPublishOnly = 'test-publish-only';
    const testOnlyTest = 'test-only-test';
    const testOnlyAuth = 'test-only-auth';

    describe('all are allowed to access', () => {
      checkAccess(validCredentials, testAccessOnly, HTTP_STATUS.NOT_FOUND);
      checkAccess(undefined, testAccessOnly, HTTP_STATUS.NOT_FOUND);
      checkAccess(badCredentials, testAccessOnly, HTTP_STATUS.NOT_FOUND);
      checkPublish(validCredentials, testAccessOnly, HTTP_STATUS.FORBIDDEN);
      checkPublish(undefined, testAccessOnly, HTTP_STATUS.FORBIDDEN);
      checkPublish(badCredentials, testAccessOnly, HTTP_STATUS.FORBIDDEN);
    });

    describe('all are allowed to publish', () => {
      checkAccess(validCredentials, testPublishOnly, HTTP_STATUS.FORBIDDEN);
      checkAccess(undefined, testPublishOnly, HTTP_STATUS.FORBIDDEN);
      checkAccess(badCredentials, testPublishOnly, HTTP_STATUS.FORBIDDEN);
      checkPublish(validCredentials, testPublishOnly, HTTP_STATUS.CREATED);
      checkPublish(undefined, testPublishOnly, HTTP_STATUS.CONFLICT);
      checkPublish(badCredentials, testPublishOnly, HTTP_STATUS.CONFLICT);
    });

    describe('only user "test" is allowed to publish and access', () => {
      checkAccess(validCredentials, testOnlyTest, HTTP_STATUS.NOT_FOUND);
      checkAccess(undefined, testOnlyTest, HTTP_STATUS.FORBIDDEN);
      checkAccess(badCredentials, testOnlyTest, HTTP_STATUS.FORBIDDEN);
      checkPublish(validCredentials, testOnlyTest, HTTP_STATUS.CREATED);
      checkPublish(undefined, testOnlyTest, HTTP_STATUS.FORBIDDEN);
      checkPublish(badCredentials, testOnlyTest, HTTP_STATUS.FORBIDDEN);
    });

    describe('only authenticated users are allowed', () => {
      checkAccess(validCredentials, testOnlyAuth, HTTP_STATUS.NOT_FOUND);
      checkAccess(undefined, testOnlyAuth, HTTP_STATUS.FORBIDDEN);
      checkAccess(badCredentials, testOnlyAuth, HTTP_STATUS.FORBIDDEN);
      checkPublish(validCredentials, testOnlyAuth, HTTP_STATUS.CREATED);
      checkPublish(undefined, testOnlyAuth, HTTP_STATUS.FORBIDDEN);
      checkPublish(badCredentials, testOnlyAuth, HTTP_STATUS.FORBIDDEN);
    });
  });
}
chore: update eslint dependencies (#2126) * chore: update eslint * chore: update rules and style * chore: aling formatting * chore: update ci rules * chore: aling formatting * chore: aling formatting 2021-03-14 02:42:46 -05:00			`import { API_ERROR, HTTP_STATUS, TOKEN_BASIC } from '../../../src/lib/constants';`
build: format code prettier, enable ci (#2886) * fix: format code prettier, enable ci * chore: add trivago import prettier pluggin 2022-01-09 14:51:50 -05:00			`import { buildToken } from '../../../src/lib/utils';`
chore: update eslint dependencies (#2126) * chore: update eslint * chore: update rules and style * chore: aling formatting * chore: update ci rules * chore: aling formatting * chore: aling formatting 2021-03-14 02:42:46 -05:00			`import { CREDENTIALS } from '../config.functional';`
feat: convert project to typescript (#1374) * chore: test * chore: add * chore: more progress * chore: progress in migration, fix prettier parser * chore: reduce tsc errors * chore: refactor storage utils types * chore: refactor utils types * chore: refactor local storage types * chore: refactor config utils types * chore: refactor tsc types * refactor: apply eslint fix, tabs etc * chore: fix lint errors * test: update unit test conf to typescript setup few test refactored to typescript * chore: enable more unit test migrate to typescript * chore: migrate storage test to tsc * chore: migrate up storage test to tsc * refactor: enable plugin and auth test * chore: migrate plugin loader test * chore: update dependencies * chore: migrate functional test to typescript * chore: add codecove * chore: update express * chore: downgrade puppeteer The latest version does not seems to work properly fine. * chore: update dependencies 2019-07-16 01:40:01 -05:00			`import fixturePkg from '../fixtures/package';`
refactor: more unit test constants usage 2018-06-21 16:33:20 -05:00
chore: update eslint dependencies (#2126) * chore: update eslint * chore: update rules and style * chore: aling formatting * chore: update ci rules * chore: aling formatting * chore: aling formatting 2021-03-14 02:42:46 -05:00			`export default function (server) {`
refactor: functional testing with jest set up 2017-12-01 19:50:09 -05:00			`describe('package access control', () => {`
refactor: more unit test constants usage 2018-06-21 16:33:20 -05:00			`const buildAccesToken = (auth) => {`
chore: update eslint dependencies (#2126) * chore: update eslint * chore: update rules and style * chore: aling formatting * chore: update ci rules * chore: aling formatting * chore: aling formatting 2021-03-14 02:42:46 -05:00			return buildToken(TOKEN_BASIC, `${Buffer.from(auth).toString('base64')}`);
(test): Refactor and add documentation some unit test, relocate storages 2017-07-01 17:05:58 -05:00			`};`
fix access control ref #238 2015-04-21 11:41:50 -05:00
(test): Refactor and add documentation some unit test, relocate storages 2017-07-01 17:05:58 -05:00			`/**`
			`* Check whether the user is allowed to fetch packages`
			`* @param auth {object} disable auth`
			`* @param pkg {string} package name`
chore: testing local-storage 2019-02-03 04:43:55 -05:00			`* @param status {boolean}`
(test): Refactor and add documentation some unit test, relocate storages 2017-07-01 17:05:58 -05:00			`*/`
chore: testing local-storage 2019-02-03 04:43:55 -05:00			`function checkAccess(auth, pkg, status) {`
chore: update eslint dependencies (#2126) * chore: update eslint * chore: update rules and style * chore: aling formatting * chore: update ci rules * chore: aling formatting * chore: aling formatting 2021-03-14 02:42:46 -05:00			test(`${status ? 'allows' : 'forbids'} access ${auth} to ${pkg}`, () => {
			`server.authstr = auth ? buildAccesToken(auth) : undefined;`
			`const req = server.getPackage(pkg);`
refactor: improve code with es6 style 2018-06-24 03:11:52 -05:00
chore: update eslint dependencies (#2126) * chore: update eslint * chore: update rules and style * chore: aling formatting * chore: update ci rules * chore: aling formatting * chore: aling formatting 2021-03-14 02:42:46 -05:00			`if (status === HTTP_STATUS.NOT_FOUND) {`
			`return req.status(HTTP_STATUS.NOT_FOUND).body_error(API_ERROR.NO_PACKAGE);`
			`} else if (status === HTTP_STATUS.FORBIDDEN) {`
			`return req.status(HTTP_STATUS.FORBIDDEN).body_error(API_ERROR.NOT_ALLOWED);`
fix access control ref #238 2015-04-21 11:41:50 -05:00			`}`
chore: update eslint dependencies (#2126) * chore: update eslint * chore: update rules and style * chore: aling formatting * chore: update ci rules * chore: aling formatting * chore: aling formatting 2021-03-14 02:42:46 -05:00			`});`
fix access control ref #238 2015-04-21 11:41:50 -05:00			`}`

(test): Refactor and add documentation some unit test, relocate storages 2017-07-01 17:05:58 -05:00			`/**`
			`* Check whether the user is allowed to publish packages`
			`* @param auth {object} disable auth`
			`* @param pkg {string} package name`
chore: testing local-storage 2019-02-03 04:43:55 -05:00			`* @param status {boolean}`
(test): Refactor and add documentation some unit test, relocate storages 2017-07-01 17:05:58 -05:00			`*/`
chore: testing local-storage 2019-02-03 04:43:55 -05:00			`function checkPublish(auth, pkg, status) {`
chore: update eslint dependencies (#2126) * chore: update eslint * chore: update rules and style * chore: aling formatting * chore: update ci rules * chore: aling formatting * chore: aling formatting 2021-03-14 02:42:46 -05:00			test(`${status ? 'allows' : 'forbids'} publish ${auth} to ${pkg}`, () => {
refactor: more unit test constants usage 2018-06-21 16:33:20 -05:00			`server.authstr = auth ? buildAccesToken(auth) : undefined;`
feat: convert project to typescript (#1374) * chore: test * chore: add * chore: more progress * chore: progress in migration, fix prettier parser * chore: reduce tsc errors * chore: refactor storage utils types * chore: refactor utils types * chore: refactor local storage types * chore: refactor config utils types * chore: refactor tsc types * refactor: apply eslint fix, tabs etc * chore: fix lint errors * test: update unit test conf to typescript setup few test refactored to typescript * chore: enable more unit test migrate to typescript * chore: migrate storage test to tsc * chore: migrate up storage test to tsc * refactor: enable plugin and auth test * chore: migrate plugin loader test * chore: update dependencies * chore: migrate functional test to typescript * chore: add codecove * chore: update express * chore: downgrade puppeteer The latest version does not seems to work properly fine. * chore: update dependencies 2019-07-16 01:40:01 -05:00			`const req = server.putPackage(pkg, fixturePkg(pkg));`
chore: testing local-storage 2019-02-03 04:43:55 -05:00			`if (status === HTTP_STATUS.NOT_FOUND) {`
			`return req.status(HTTP_STATUS.NOT_FOUND).body_error(API_ERROR.PACKAGE_CANNOT_BE_ADDED);`
			`} else if (status === HTTP_STATUS.FORBIDDEN) {`
			`return req.status(HTTP_STATUS.FORBIDDEN).body_error(API_ERROR.NOT_ALLOWED_PUBLISH);`
			`} else if (status === HTTP_STATUS.CREATED) {`
			`return req.status(HTTP_STATUS.CREATED);`
			`} else if (status === HTTP_STATUS.CONFLICT) {`
			`return req.status(HTTP_STATUS.CONFLICT);`
fix access control ref #238 2015-04-21 11:41:50 -05:00			`}`
Update unit test es6 2017-04-19 14:15:28 -05:00			`});`
fix access control ref #238 2015-04-21 11:41:50 -05:00			`}`
(test): Refactor and add documentation some unit test, relocate storages 2017-07-01 17:05:58 -05:00
			`// credentials`
			`const badCredentials = 'test:badpass';`
			`// test user is logged by default`
refactor: more unit test constants usage 2018-06-21 16:33:20 -05:00			const validCredentials = `${CREDENTIALS.user}:${CREDENTIALS.password}`;
(test): Refactor and add documentation some unit test, relocate storages 2017-07-01 17:05:58 -05:00
			`// defined on server1 configuration`
Update unit test es6 2017-04-19 14:15:28 -05:00			`const testAccessOnly = 'test-access-only';`
			`const testPublishOnly = 'test-publish-only';`
			`const testOnlyTest = 'test-only-test';`
			`const testOnlyAuth = 'test-only-auth';`
fix access control ref #238 2015-04-21 11:41:50 -05:00
test: Increase coverage for unit test (#974) * test(utils): add test for validate names * test(utils): add unit test for dist-tags normalize utility * refactor(notifications): unit test for notifications * test(cli): add unit test for address validation * chore: add new constants * chore: ignore debug from coverage * test(bootstrap): test https is fails on start * refactor: update code for rebase 2018-09-22 05:54:21 -05:00			`describe('all are allowed to access', () => {`
chore: testing local-storage 2019-02-03 04:43:55 -05:00			`checkAccess(validCredentials, testAccessOnly, HTTP_STATUS.NOT_FOUND);`
			`checkAccess(undefined, testAccessOnly, HTTP_STATUS.NOT_FOUND);`
			`checkAccess(badCredentials, testAccessOnly, HTTP_STATUS.NOT_FOUND);`
			`checkPublish(validCredentials, testAccessOnly, HTTP_STATUS.FORBIDDEN);`
			`checkPublish(undefined, testAccessOnly, HTTP_STATUS.FORBIDDEN);`
			`checkPublish(badCredentials, testAccessOnly, HTTP_STATUS.FORBIDDEN);`
test: Increase coverage for unit test (#974) * test(utils): add test for validate names * test(utils): add unit test for dist-tags normalize utility * refactor(notifications): unit test for notifications * test(cli): add unit test for address validation * chore: add new constants * chore: ignore debug from coverage * test(bootstrap): test https is fails on start * refactor: update code for rebase 2018-09-22 05:54:21 -05:00			`});`
(test): Refactor and add documentation some unit test, relocate storages 2017-07-01 17:05:58 -05:00
test: Increase coverage for unit test (#974) * test(utils): add test for validate names * test(utils): add unit test for dist-tags normalize utility * refactor(notifications): unit test for notifications * test(cli): add unit test for address validation * chore: add new constants * chore: ignore debug from coverage * test(bootstrap): test https is fails on start * refactor: update code for rebase 2018-09-22 05:54:21 -05:00			`describe('all are allowed to publish', () => {`
chore: testing local-storage 2019-02-03 04:43:55 -05:00			`checkAccess(validCredentials, testPublishOnly, HTTP_STATUS.FORBIDDEN);`
			`checkAccess(undefined, testPublishOnly, HTTP_STATUS.FORBIDDEN);`
			`checkAccess(badCredentials, testPublishOnly, HTTP_STATUS.FORBIDDEN);`
			`checkPublish(validCredentials, testPublishOnly, HTTP_STATUS.CREATED);`
			`checkPublish(undefined, testPublishOnly, HTTP_STATUS.CONFLICT);`
			`checkPublish(badCredentials, testPublishOnly, HTTP_STATUS.CONFLICT);`
test: Increase coverage for unit test (#974) * test(utils): add test for validate names * test(utils): add unit test for dist-tags normalize utility * refactor(notifications): unit test for notifications * test(cli): add unit test for address validation * chore: add new constants * chore: ignore debug from coverage * test(bootstrap): test https is fails on start * refactor: update code for rebase 2018-09-22 05:54:21 -05:00			`});`
fix access control ref #238 2015-04-21 11:41:50 -05:00
test: Increase coverage for unit test (#974) * test(utils): add test for validate names * test(utils): add unit test for dist-tags normalize utility * refactor(notifications): unit test for notifications * test(cli): add unit test for address validation * chore: add new constants * chore: ignore debug from coverage * test(bootstrap): test https is fails on start * refactor: update code for rebase 2018-09-22 05:54:21 -05:00			`describe('only user "test" is allowed to publish and access', () => {`
chore: testing local-storage 2019-02-03 04:43:55 -05:00			`checkAccess(validCredentials, testOnlyTest, HTTP_STATUS.NOT_FOUND);`
			`checkAccess(undefined, testOnlyTest, HTTP_STATUS.FORBIDDEN);`
			`checkAccess(badCredentials, testOnlyTest, HTTP_STATUS.FORBIDDEN);`
			`checkPublish(validCredentials, testOnlyTest, HTTP_STATUS.CREATED);`
			`checkPublish(undefined, testOnlyTest, HTTP_STATUS.FORBIDDEN);`
			`checkPublish(badCredentials, testOnlyTest, HTTP_STATUS.FORBIDDEN);`
test: Increase coverage for unit test (#974) * test(utils): add test for validate names * test(utils): add unit test for dist-tags normalize utility * refactor(notifications): unit test for notifications * test(cli): add unit test for address validation * chore: add new constants * chore: ignore debug from coverage * test(bootstrap): test https is fails on start * refactor: update code for rebase 2018-09-22 05:54:21 -05:00			`});`
fix access control ref #238 2015-04-21 11:41:50 -05:00
test: Increase coverage for unit test (#974) * test(utils): add test for validate names * test(utils): add unit test for dist-tags normalize utility * refactor(notifications): unit test for notifications * test(cli): add unit test for address validation * chore: add new constants * chore: ignore debug from coverage * test(bootstrap): test https is fails on start * refactor: update code for rebase 2018-09-22 05:54:21 -05:00			`describe('only authenticated users are allowed', () => {`
chore: testing local-storage 2019-02-03 04:43:55 -05:00			`checkAccess(validCredentials, testOnlyAuth, HTTP_STATUS.NOT_FOUND);`
			`checkAccess(undefined, testOnlyAuth, HTTP_STATUS.FORBIDDEN);`
			`checkAccess(badCredentials, testOnlyAuth, HTTP_STATUS.FORBIDDEN);`
			`checkPublish(validCredentials, testOnlyAuth, HTTP_STATUS.CREATED);`
			`checkPublish(undefined, testOnlyAuth, HTTP_STATUS.FORBIDDEN);`
			`checkPublish(badCredentials, testOnlyAuth, HTTP_STATUS.FORBIDDEN);`
test: Increase coverage for unit test (#974) * test(utils): add test for validate names * test(utils): add unit test for dist-tags normalize utility * refactor(notifications): unit test for notifications * test(cli): add unit test for address validation * chore: add new constants * chore: ignore debug from coverage * test(bootstrap): test https is fails on start * refactor: update code for rebase 2018-09-22 05:54:21 -05:00			`});`
Update unit test es6 2017-04-19 14:15:28 -05:00			`});`
refactor: functional testing with jest set up 2017-12-01 19:50:09 -05:00			`}`