0
Fork 0
mirror of https://github.com/verdaccio/verdaccio.git synced 2024-12-30 22:34:10 -05:00
verdaccio/packages/server/test/jwt/index.spec.ts

164 lines
5 KiB
TypeScript
Raw Normal View History

import path from 'path';
import request from 'supertest';
2020-03-03 17:59:19 -05:00
import {
API_ERROR,
HEADERS,
HEADER_TYPE,
HTTP_STATUS,
TOKEN_BASIC,
TOKEN_BEARER,
} from '@verdaccio/core';
import { logger, setup } from '@verdaccio/logger';
import { generateRamdonStorage, mockServer } from '@verdaccio/mock';
import {
DOMAIN_SERVERS,
addUser,
configExample,
getPackage,
loginUserToken,
} from '@verdaccio/mock';
import { buildToken, buildUserBuffer } from '@verdaccio/utils';
import endPointAPI from '../../src';
setup([]);
2020-03-03 17:59:19 -05:00
const credentials = { name: 'JotaJWT', password: 'secretPass' };
const FORBIDDEN_VUE = 'authorization required to access package vue';
describe('endpoint user auth JWT unit test', () => {
2019-05-20 00:41:12 -05:00
jest.setTimeout(20000);
let app;
let mockRegistry;
2019-05-19 14:37:43 -05:00
const FAKE_TOKEN: string = buildToken(TOKEN_BEARER, 'fake');
beforeAll(async function () {
const mockServerPort = 55546;
2020-03-03 17:59:19 -05:00
const store = generateRamdonStorage();
const configForTest = configExample(
{
storage: store,
uplinks: {
remote: {
url: `http://${DOMAIN_SERVERS}:${mockServerPort}`,
},
},
config_path: store,
2020-03-03 17:59:19 -05:00
},
'jwt.yaml',
__dirname
);
2020-03-03 17:59:19 -05:00
app = await endPointAPI(configForTest);
const binPath = require.resolve('verdaccio/bin/verdaccio');
const storePath = path.join(__dirname, '/mock/store');
mockRegistry = await mockServer(mockServerPort, { storePath, silence: true }).init(binPath);
});
afterAll(function () {
2020-03-03 17:59:19 -05:00
const [registry, pid] = mockRegistry;
registry.stop();
logger.info(`registry ${pid} has been stopped`);
});
test('should test add a new user with JWT enabled', async () => {
const [err, res] = await addUser(request(app), credentials.name, credentials);
expect(err).toBeNull();
expect(res.body.ok).toBeDefined();
expect(res.body.token).toBeDefined();
const { token } = res.body;
expect(typeof token).toBe('string');
expect(res.body.ok).toMatch(`user '${credentials.name}' created`);
// testing JWT auth headers with token
// we need it here, because token is required
const [err1, resp1] = await getPackage(request(app), token, 'vue');
2020-03-03 17:59:19 -05:00
expect(err1).toBeNull();
expect(resp1.body).toBeDefined();
expect(resp1.body.name).toMatch('vue');
const [err2, resp2] = await getPackage(
request(app),
FAKE_TOKEN,
'vue',
HTTP_STATUS.UNAUTHORIZED
);
expect(err2).toBeNull();
expect(resp2.statusCode).toBe(HTTP_STATUS.UNAUTHORIZED);
expect(resp2.body.error).toMatch(FORBIDDEN_VUE);
});
test('should emulate npm login when user already exist', async () => {
const credentials = { name: 'jwtUser2', password: 'secretPass' };
// creates an user
await addUser(request(app), credentials.name, credentials);
// it should fails conflict 409
await addUser(request(app), credentials.name, credentials, HTTP_STATUS.CONFLICT);
// npm will try to sign in sending credentials via basic auth header
const token = buildUserBuffer(credentials.name, credentials.password).toString('base64');
// put should exist in request
return new Promise((resolve) => {
// @ts-ignore
request(app)
.put(`/-/user/org.couchdb.user:${credentials.name}/-rev/undefined`)
.send(credentials)
.set(HEADERS.AUTHORIZATION, buildToken(TOKEN_BASIC, token))
.expect(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON_CHARSET)
.expect(HTTP_STATUS.CREATED)
.end(function (err, res) {
expect(err).toBeNull();
expect(res.body.ok).toBeDefined();
expect(res.body.token).toBeDefined();
resolve(res);
});
});
});
test('should fails on try to access with corrupted token', async () => {
const [err2, resp2] = await getPackage(
request(app),
FAKE_TOKEN,
'vue',
HTTP_STATUS.UNAUTHORIZED
);
expect(err2).toBeNull();
expect(resp2.statusCode).toBe(HTTP_STATUS.UNAUTHORIZED);
expect(resp2.body.error).toMatch(FORBIDDEN_VUE);
});
test(
'should fails on login if user credentials are invalid even if jwt' +
' valid token is provided',
async () => {
const credentials = { name: 'newFailsUser', password: 'secretPass' };
const [err, res] = await addUser(request(app), credentials.name, credentials);
expect(err).toBeNull();
expect(res.body.ok).toBeDefined();
expect(res.body.token).toBeDefined();
const { token } = res.body;
expect(typeof token).toBe('string');
expect(res.body.ok).toMatch(`user '${credentials.name}' created`);
// we login when token is valid
const newCredentials = { name: 'newFailsUser', password: 'BAD_PASSWORD' };
const [err2, resp2] = await loginUserToken(
request(app),
newCredentials.name,
newCredentials,
token,
HTTP_STATUS.UNAUTHORIZED
);
expect(err2).toBeNull();
expect(resp2.statusCode).toBe(HTTP_STATUS.UNAUTHORIZED);
expect(resp2.body.error).toMatch(API_ERROR.BAD_USERNAME_PASSWORD);
}
);
});