Infrastructure/verdaccio
0
Fork 0
mirror of https://github.com/verdaccio/verdaccio.git synced 2025-01-20 22:52:46 -05:00
Code Issues Activity

fix access control

Browse source 
ref #238
This commit is contained in:
Alex Kocharin 2015-04-21 19:41:50 +03:00
parent e8593c47cc
commit 137fd5978f
4 changed files with 103 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
lib/auth.js
View file

@ -154,11 +154,11 @@ Auth.prototype.allow_publish = function(package_name, user, callback) {
;(function next() {
var p = plugins.shift()
if (typeof(p.allow_access) !== 'function') {
if (typeof(p.allow_publish) !== 'function') {
return next()
}
p.allow_access(user, package, function(err, ok) {
p.allow_publish(user, package, function(err, ok) {
if (err) return callback(err)
if (ok) return callback(null, ok)
next() // cb(null, false) causes next plugin to roll

80
test/functional/access.js Normal file
View file

@ -0,0 +1,80 @@
module.exports = function () {
describe('access control', function () {
var server = process.server
var oldauth
before(function () {
oldauth = server.authstr
})
after(function () {
server.authstr = oldauth
})
function check_access(auth, pkg, ok) {
it((ok ? 'allows' : 'forbids') +' access ' + auth + ' to ' + pkg, function () {
server.authstr = auth
? 'Basic '+(new Buffer(auth).toString('base64'))
: undefined
var req = server.get_package(pkg)
if (ok) {
return req.status(404)
.body_error(/no such package available/)
} else {
return req.status(403)
.body_error(/not allowed to access package/)
}
})
}
function check_publish(auth, pkg, ok) {
it((ok ? 'allows' : 'forbids') + ' publish ' + auth + ' to ' + pkg, function () {
server.authstr = auth
? 'Basic '+(new Buffer(auth).toString('base64'))
: undefined
var req = server.put_package(pkg, require('./lib/package')(pkg))
if (ok) {
return req.status(404)
.body_error(/this package cannot be added/)
} else {
return req.status(403)
.body_error(/not allowed to publish package/)
}
})
}
check_access('test:test', 'test-access-only', true)
check_access(undefined, 'test-access-only', true)
check_access('test:badpass', 'test-access-only', true)
check_publish('test:test', 'test-access-only', false)
check_publish(undefined, 'test-access-only', false)
check_publish('test:badpass', 'test-access-only', false)
check_access('test:test', 'test-publish-only', false)
check_access(undefined, 'test-publish-only', false)
check_access('test:badpass', 'test-publish-only', false)
check_publish('test:test', 'test-publish-only', true)
check_publish(undefined, 'test-publish-only', true)
check_publish('test:badpass', 'test-publish-only', true)
check_access('test:test', 'test-only-test', true)
check_access(undefined, 'test-only-test', false)
check_access('test:badpass', 'test-only-test', false)
check_publish('test:test', 'test-only-test', true)
check_publish(undefined, 'test-only-test', false)
check_publish('test:badpass', 'test-only-test', false)
check_access('test:test', 'test-only-auth', true)
check_access(undefined, 'test-only-auth', false)
check_access('test:badpass', 'test-only-auth', false)
check_publish('test:test', 'test-only-auth', true)
check_publish(undefined, 'test-only-auth', false)
check_publish('test:badpass', 'test-only-auth', false)
})
}

20
test/functional/config-1.yaml
View file

@ -56,6 +56,26 @@ packages:
allow_publish: all
proxy_access: baduplink
'test-access-only':
allow_access: $all
allow_publish: nobody
storage: false
'test-publish-only':
allow_access: nobody
allow_publish: $all
storage: false
'test-only-test':
allow_access: test
allow_publish: test
storage: false
'test-only-auth':
allow_access: $authenticated
allow_publish: $authenticated
storage: false
'*':
allow_access: test undefined
allow_publish: test undefined

1
test/functional/index.js
View file

@ -45,6 +45,7 @@ describe('Func', function() {
it('authenticate', function(){/* test for before() */})
require('./access')()
require('./basic')()
require('./gh29')()
require('./tags')()