verdaccio/test/functional/package/access.js

import {buildToken} from "../../../src/lib/utils";
import {API_ERROR, HTTP_STATUS, TOKEN_BASIC} from "../../../src/lib/constants";
import {CREDENTIALS} from "../config.functional";

export default function(server) {

  describe('package access control', () => {
    const buildAccesToken = (auth) => {
      return buildToken(TOKEN_BASIC, `${(new Buffer(auth).toString('base64'))}`);
    };

    /**
     * Check whether the user is allowed to fetch packages
     * @param auth {object} disable auth
     * @param pkg {string} package name
     * @param ok {boolean}
     */
    function checkAccess(auth, pkg, ok) {
      test(
        `${(ok ? 'allows' : 'forbids')} access ${auth} to ${pkg}`, () => {
          server.authstr = auth ? buildAccesToken(auth) : undefined;
          const req = server.getPackage(pkg);

          if (ok) {
            return req.status(HTTP_STATUS.NOT_FOUND).body_error(API_ERROR.NO_PACKAGE);
          } else {
            return req.status(HTTP_STATUS.FORBIDDEN).body_error(API_ERROR.NOT_ALLOWED);
          }
        }
      );
    }

    /**
     * Check whether the user is allowed to publish packages
     * @param auth {object} disable auth
     * @param pkg {string} package name
     * @param ok {boolean}
     */
    function checkPublish(auth, pkg, ok) {
      test(`${(ok ? 'allows' : 'forbids')} publish ${auth} to ${pkg}`, () => {
        server.authstr = auth ? buildAccesToken(auth) : undefined;
        const req = server.putPackage(pkg, require('../fixtures/package')(pkg));
        if (ok) {
          return req.status(HTTP_STATUS.NOT_FOUND).body_error(/this package cannot be added/);
        } else {
          return req.status(HTTP_STATUS.FORBIDDEN).body_error(/not allowed to publish package/);
        }
      });
    }

    // credentials
    const badCredentials = 'test:badpass';
    // test user is logged by default
    const validCredentials = `${CREDENTIALS.user}:${CREDENTIALS.password}`;

    // defined on server1 configuration
    const testAccessOnly = 'test-access-only';
    const testPublishOnly = 'test-publish-only';
    const testOnlyTest = 'test-only-test';
    const testOnlyAuth = 'test-only-auth';

    describe('all are allowed to access', () => {
      checkAccess(validCredentials, testAccessOnly, true);
      checkAccess(undefined, testAccessOnly, true);
      checkAccess(badCredentials, testAccessOnly, true);
      checkPublish(validCredentials, testAccessOnly, false);
      checkPublish(undefined, testAccessOnly, false);
      checkPublish(badCredentials, testAccessOnly, false);
    });

    describe('all are allowed to publish', () => {
      checkAccess(validCredentials, testPublishOnly, false);
      checkAccess(undefined, testPublishOnly, false);
      checkAccess(badCredentials, testPublishOnly, false);
      checkPublish(validCredentials, testPublishOnly, true);
      checkPublish(undefined, testPublishOnly, true);
      checkPublish(badCredentials, testPublishOnly, true);
    });

    describe('only user "test" is allowed to publish and access', () => {
      checkAccess(validCredentials, testOnlyTest, true);
      checkAccess(undefined, testOnlyTest, false);
      checkAccess(badCredentials, testOnlyTest, false);
      checkPublish(validCredentials, testOnlyTest, true);
      checkPublish(undefined, testOnlyTest, false);
      checkPublish(badCredentials, testOnlyTest, false);
    });

    describe('only authenticated users are allowed', () => {
      checkAccess(validCredentials, testOnlyAuth, true);
      checkAccess(undefined, testOnlyAuth, false);
      checkAccess(badCredentials, testOnlyAuth, false);
      checkPublish(validCredentials, testOnlyAuth, true);
      checkPublish(undefined, testOnlyAuth, false);
      checkPublish(badCredentials, testOnlyAuth, false);
    });
  });
}
refactor: more unit test constants usage 2018-06-21 23:33:20 +02:00			`import {buildToken} from "../../../src/lib/utils";`
refactor: improve code with es6 style 2018-06-24 10:11:52 +02:00			`import {API_ERROR, HTTP_STATUS, TOKEN_BASIC} from "../../../src/lib/constants";`
			`import {CREDENTIALS} from "../config.functional";`
refactor: more unit test constants usage 2018-06-21 23:33:20 +02:00
refactor: functional testing with jest set up 2017-12-02 01:50:09 +01:00			`export default function(server) {`
fix access control ref #238 2015-04-21 18:41:50 +02:00
refactor: functional testing with jest set up 2017-12-02 01:50:09 +01:00			`describe('package access control', () => {`
refactor: more unit test constants usage 2018-06-21 23:33:20 +02:00			`const buildAccesToken = (auth) => {`
			return buildToken(TOKEN_BASIC, `${(new Buffer(auth).toString('base64'))}`);
(test): Refactor and add documentation some unit test, relocate storages 2017-07-02 00:05:58 +02:00			`};`
fix access control ref #238 2015-04-21 18:41:50 +02:00
(test): Refactor and add documentation some unit test, relocate storages 2017-07-02 00:05:58 +02:00			`/**`
			`* Check whether the user is allowed to fetch packages`
			`* @param auth {object} disable auth`
			`* @param pkg {string} package name`
			`* @param ok {boolean}`
			`*/`
			`function checkAccess(auth, pkg, ok) {`
refactor: functional testing with jest set up 2017-12-02 01:50:09 +01:00			`test(`
refactor: improve code with es6 style 2018-06-24 10:11:52 +02:00			`${(ok ? 'allows' : 'forbids')} access ${auth} to ${pkg}`, () => {
refactor: more unit test constants usage 2018-06-21 23:33:20 +02:00			`server.authstr = auth ? buildAccesToken(auth) : undefined;`
			`const req = server.getPackage(pkg);`
refactor: improve code with es6 style 2018-06-24 10:11:52 +02:00
refactor: functional testing with jest set up 2017-12-02 01:50:09 +01:00			`if (ok) {`
refactor: improve code with es6 style 2018-06-24 10:11:52 +02:00			`return req.status(HTTP_STATUS.NOT_FOUND).body_error(API_ERROR.NO_PACKAGE);`
refactor: functional testing with jest set up 2017-12-02 01:50:09 +01:00			`} else {`
refactor: improve code with es6 style 2018-06-24 10:11:52 +02:00			`return req.status(HTTP_STATUS.FORBIDDEN).body_error(API_ERROR.NOT_ALLOWED);`
refactor: functional testing with jest set up 2017-12-02 01:50:09 +01:00			`}`
fix access control ref #238 2015-04-21 18:41:50 +02:00			`}`
refactor: functional testing with jest set up 2017-12-02 01:50:09 +01:00			`);`
fix access control ref #238 2015-04-21 18:41:50 +02:00			`}`

(test): Refactor and add documentation some unit test, relocate storages 2017-07-02 00:05:58 +02:00			`/**`
			`* Check whether the user is allowed to publish packages`
			`* @param auth {object} disable auth`
			`* @param pkg {string} package name`
			`* @param ok {boolean}`
			`*/`
			`function checkPublish(auth, pkg, ok) {`
refactor: functional testing with jest set up 2017-12-02 01:50:09 +01:00			test(`${(ok ? 'allows' : 'forbids')} publish ${auth} to ${pkg}`, () => {
refactor: more unit test constants usage 2018-06-21 23:33:20 +02:00			`server.authstr = auth ? buildAccesToken(auth) : undefined;`
refactor: naming clean up, relocation, organize by category 2017-08-06 21:54:15 +02:00			`const req = server.putPackage(pkg, require('../fixtures/package')(pkg));`
fix access control ref #238 2015-04-21 18:41:50 +02:00			`if (ok) {`
refactor: more unit test constants usage 2018-06-21 23:33:20 +02:00			`return req.status(HTTP_STATUS.NOT_FOUND).body_error(/this package cannot be added/);`
fix access control ref #238 2015-04-21 18:41:50 +02:00			`} else {`
refactor: more unit test constants usage 2018-06-21 23:33:20 +02:00			`return req.status(HTTP_STATUS.FORBIDDEN).body_error(/not allowed to publish package/);`
fix access control ref #238 2015-04-21 18:41:50 +02:00			`}`
Update unit test es6 2017-04-19 21:15:28 +02:00			`});`
fix access control ref #238 2015-04-21 18:41:50 +02:00			`}`
(test): Refactor and add documentation some unit test, relocate storages 2017-07-02 00:05:58 +02:00
			`// credentials`
			`const badCredentials = 'test:badpass';`
			`// test user is logged by default`
refactor: more unit test constants usage 2018-06-21 23:33:20 +02:00			const validCredentials = `${CREDENTIALS.user}:${CREDENTIALS.password}`;
(test): Refactor and add documentation some unit test, relocate storages 2017-07-02 00:05:58 +02:00
			`// defined on server1 configuration`
Update unit test es6 2017-04-19 21:15:28 +02:00			`const testAccessOnly = 'test-access-only';`
			`const testPublishOnly = 'test-publish-only';`
			`const testOnlyTest = 'test-only-test';`
			`const testOnlyAuth = 'test-only-auth';`
fix access control ref #238 2015-04-21 18:41:50 +02:00
test: Increase coverage for unit test (#974) * test(utils): add test for validate names * test(utils): add unit test for dist-tags normalize utility * refactor(notifications): unit test for notifications * test(cli): add unit test for address validation * chore: add new constants * chore: ignore debug from coverage * test(bootstrap): test https is fails on start * refactor: update code for rebase 2018-09-22 12:54:21 +02:00			`describe('all are allowed to access', () => {`
			`checkAccess(validCredentials, testAccessOnly, true);`
			`checkAccess(undefined, testAccessOnly, true);`
			`checkAccess(badCredentials, testAccessOnly, true);`
			`checkPublish(validCredentials, testAccessOnly, false);`
			`checkPublish(undefined, testAccessOnly, false);`
			`checkPublish(badCredentials, testAccessOnly, false);`
			`});`
(test): Refactor and add documentation some unit test, relocate storages 2017-07-02 00:05:58 +02:00
test: Increase coverage for unit test (#974) * test(utils): add test for validate names * test(utils): add unit test for dist-tags normalize utility * refactor(notifications): unit test for notifications * test(cli): add unit test for address validation * chore: add new constants * chore: ignore debug from coverage * test(bootstrap): test https is fails on start * refactor: update code for rebase 2018-09-22 12:54:21 +02:00			`describe('all are allowed to publish', () => {`
			`checkAccess(validCredentials, testPublishOnly, false);`
			`checkAccess(undefined, testPublishOnly, false);`
			`checkAccess(badCredentials, testPublishOnly, false);`
			`checkPublish(validCredentials, testPublishOnly, true);`
			`checkPublish(undefined, testPublishOnly, true);`
			`checkPublish(badCredentials, testPublishOnly, true);`
			`});`
fix access control ref #238 2015-04-21 18:41:50 +02:00
test: Increase coverage for unit test (#974) * test(utils): add test for validate names * test(utils): add unit test for dist-tags normalize utility * refactor(notifications): unit test for notifications * test(cli): add unit test for address validation * chore: add new constants * chore: ignore debug from coverage * test(bootstrap): test https is fails on start * refactor: update code for rebase 2018-09-22 12:54:21 +02:00			`describe('only user "test" is allowed to publish and access', () => {`
			`checkAccess(validCredentials, testOnlyTest, true);`
			`checkAccess(undefined, testOnlyTest, false);`
			`checkAccess(badCredentials, testOnlyTest, false);`
			`checkPublish(validCredentials, testOnlyTest, true);`
			`checkPublish(undefined, testOnlyTest, false);`
			`checkPublish(badCredentials, testOnlyTest, false);`
			`});`
fix access control ref #238 2015-04-21 18:41:50 +02:00
test: Increase coverage for unit test (#974) * test(utils): add test for validate names * test(utils): add unit test for dist-tags normalize utility * refactor(notifications): unit test for notifications * test(cli): add unit test for address validation * chore: add new constants * chore: ignore debug from coverage * test(bootstrap): test https is fails on start * refactor: update code for rebase 2018-09-22 12:54:21 +02:00			`describe('only authenticated users are allowed', () => {`
			`checkAccess(validCredentials, testOnlyAuth, true);`
			`checkAccess(undefined, testOnlyAuth, false);`
			`checkAccess(badCredentials, testOnlyAuth, false);`
			`checkPublish(validCredentials, testOnlyAuth, true);`
			`checkPublish(undefined, testOnlyAuth, false);`
			`checkPublish(badCredentials, testOnlyAuth, false);`
			`});`
Update unit test es6 2017-04-19 21:15:28 +02:00			`});`
refactor: functional testing with jest set up 2017-12-02 01:50:09 +01:00			`}`