0
Fork 0
mirror of https://github.com/verdaccio/verdaccio.git synced 2025-01-20 22:52:46 -05:00
verdaccio/test/unit/modules/auth/jwt.spec.ts
Juan Picado @jotadeveloper 66f4197236
feat: convert project to typescript (#1374)
* chore: test

* chore: add

* chore: more progress

* chore: progress in migration, fix prettier parser

* chore: reduce tsc errors

* chore: refactor storage utils types

* chore: refactor utils types

* chore: refactor local storage types

* chore: refactor config utils types

* chore: refactor tsc types

* refactor: apply eslint fix, tabs etc

* chore: fix lint errors

* test: update unit test conf to typescript setup

few test refactored to typescript

* chore: enable more unit test

migrate to typescript

* chore: migrate storage test to tsc

* chore: migrate up storage test to tsc

* refactor: enable plugin and auth test

* chore: migrate plugin loader test

* chore: update dependencies

* chore: migrate functional test to typescript

* chore: add codecove

* chore: update express

* chore: downgrade puppeteer

The latest version does not seems to work properly fine.

* chore: update dependencies
2019-07-16 08:40:01 +02:00

140 lines
5.1 KiB
TypeScript

import request from 'supertest';
import _ from 'lodash';
import path from 'path';
import rimraf from 'rimraf';
import endPointAPI from '../../../../src/api';
import {HEADERS, HTTP_STATUS, HEADER_TYPE, TOKEN_BEARER, TOKEN_BASIC, API_ERROR} from '../../../../src/lib/constants';
import {mockServer} from '../../__helper/mock';
import {DOMAIN_SERVERS} from '../../../functional/config.functional';
import {buildToken, parseConfigFile} from '../../../../src/lib/utils';
import {parseConfigurationFile} from '../../__helper';
import {addUser, getPackage, loginUserToken} from '../../__helper/api';
import {setup} from '../../../../src/lib/logger';
import {buildUserBuffer} from '../../../../src/lib/auth-utils';
setup([]);
const credentials = { name: 'JotaJWT', password: 'secretPass' };
const parseConfigurationJWTFile = () => {
return parseConfigurationFile(`api-jwt/jwt`);
};
const FORBIDDEN_VUE = 'authorization required to access package vue';
describe('endpoint user auth JWT unit test', () => {
jest.setTimeout(20000);
let app;
let mockRegistry;
const FAKE_TOKEN: string = buildToken(TOKEN_BEARER, 'fake');
beforeAll(function(done) {
const store = path.join(__dirname, '../../partials/store/test-jwt-storage');
const mockServerPort = 55546;
rimraf(store, async () => {
const confS = parseConfigFile(parseConfigurationJWTFile());
const configForTest = _.assign({}, _.cloneDeep(confS), {
storage: store,
uplinks: {
npmjs: {
url: `http://${DOMAIN_SERVERS}:${mockServerPort}`
}
},
self_path: store,
auth: {
htpasswd: {
file: './test-jwt-storage/.htpasswd_jwt_auth'
}
}
});
app = await endPointAPI(configForTest);
mockRegistry = await mockServer(mockServerPort).init();
done();
});
});
afterAll(function(done) {
mockRegistry[0].stop();
done();
});
test('should test add a new user with JWT enabled', async (done) => {
const [err, res] = await addUser(request(app), credentials.name, credentials);
expect(err).toBeNull();
expect(res.body.ok).toBeDefined();
expect(res.body.token).toBeDefined();
const { token } = res.body;
expect(typeof token).toBe('string');
expect(res.body.ok).toMatch(`user '${credentials.name}' created`);
// testing JWT auth headers with token
// we need it here, because token is required
const [err1, resp1] = await getPackage(request(app), buildToken(TOKEN_BEARER, token), 'vue');
expect(err1).toBeNull();
expect(resp1.body).toBeDefined();
expect(resp1.body.name).toMatch('vue');
const [err2, resp2] = await getPackage(request(app), FAKE_TOKEN, 'vue', HTTP_STATUS.UNAUTHORIZED);
expect(err2).toBeNull();
expect(resp2.statusCode).toBe(HTTP_STATUS.UNAUTHORIZED);
expect(resp2.body.error).toMatch(FORBIDDEN_VUE);
done();
});
test('should emulate npm login when user already exist', async (done) => {
const credentials = { name: 'jwtUser2', password: 'secretPass' };
// creates an user
await addUser(request(app), credentials.name, credentials);
// it should fails conflict 409
await addUser(request(app), credentials.name, credentials, HTTP_STATUS.CONFLICT);
// npm will try to sign in sending credentials via basic auth header
const token = buildUserBuffer(credentials.name, credentials.password).toString('base64');
// put should exist in request
// @ts-ignore
request(app).put(`/-/user/org.couchdb.user:${credentials.name}/-rev/undefined`)
.send(credentials)
.set(HEADERS.AUTHORIZATION, buildToken(TOKEN_BASIC, token))
.expect(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON_CHARSET)
.expect(HTTP_STATUS.CREATED)
.end(function(err, res) {
expect(err).toBeNull();
expect(res.body.ok).toBeDefined();
expect(res.body.token).toBeDefined();
done();
});
});
test('should fails on try to access with corrupted token', async (done) => {
const [err2, resp2] = await getPackage(request(app), FAKE_TOKEN, 'vue', HTTP_STATUS.UNAUTHORIZED);
expect(err2).toBeNull();
expect(resp2.statusCode).toBe(HTTP_STATUS.UNAUTHORIZED);
expect(resp2.body.error).toMatch(FORBIDDEN_VUE);
done();
});
test('should fails on login if user credentials are invalid even if jwt valid token is provided', async (done) => {
const credentials = { name: 'newFailsUser', password: 'secretPass' };
const [err, res] = await addUser(request(app), credentials.name, credentials);
expect(err).toBeNull();
expect(res.body.ok).toBeDefined();
expect(res.body.token).toBeDefined();
const { token } = res.body;
expect(typeof token).toBe('string');
expect(res.body.ok).toMatch(`user '${credentials.name}' created`);
// we login when token is valid
const newCredentials = { name: 'newFailsUser', password: 'BAD_PASSWORD' };
const [err2, resp2] = await loginUserToken(request(app), newCredentials.name, newCredentials, token, HTTP_STATUS.UNAUTHORIZED);
expect(err2).toBeNull();
expect(resp2.statusCode).toBe(HTTP_STATUS.UNAUTHORIZED);
expect(resp2.body.error).toMatch(API_ERROR.BAD_USERNAME_PASSWORD);
done();
});
});