mirror of
https://github.com/verdaccio/verdaccio.git
synced 2024-11-13 03:35:52 +01:00
81 lines
2.8 KiB
JavaScript
81 lines
2.8 KiB
JavaScript
|
|
||
|
module.exports = function () {
|
||
|
describe('access control', function () {
|
||
|
var server = process.server
|
||
|
var oldauth
|
||
|
|
||
|
before(function () {
|
||
|
oldauth = server.authstr
|
||
|
})
|
||
|
|
||
|
after(function () {
|
||
|
server.authstr = oldauth
|
||
|
})
|
||
|
|
||
|
function check_access(auth, pkg, ok) {
|
||
|
it((ok ? 'allows' : 'forbids') +' access ' + auth + ' to ' + pkg, function () {
|
||
|
server.authstr = auth
|
||
|
? 'Basic '+(new Buffer(auth).toString('base64'))
|
||
|
: undefined
|
||
|
|
||
|
var req = server.get_package(pkg)
|
||
|
|
||
|
if (ok) {
|
||
|
return req.status(404)
|
||
|
.body_error(/no such package available/)
|
||
|
} else {
|
||
|
return req.status(403)
|
||
|
.body_error(/not allowed to access package/)
|
||
|
}
|
||
|
})
|
||
|
}
|
||
|
|
||
|
function check_publish(auth, pkg, ok) {
|
||
|
it((ok ? 'allows' : 'forbids') + ' publish ' + auth + ' to ' + pkg, function () {
|
||
|
server.authstr = auth
|
||
|
? 'Basic '+(new Buffer(auth).toString('base64'))
|
||
|
: undefined
|
||
|
|
||
|
var req = server.put_package(pkg, require('./lib/package')(pkg))
|
||
|
|
||
|
if (ok) {
|
||
|
return req.status(404)
|
||
|
.body_error(/this package cannot be added/)
|
||
|
} else {
|
||
|
return req.status(403)
|
||
|
.body_error(/not allowed to publish package/)
|
||
|
}
|
||
|
})
|
||
|
}
|
||
|
|
||
|
check_access('test:test', 'test-access-only', true)
|
||
|
check_access(undefined, 'test-access-only', true)
|
||
|
check_access('test:badpass', 'test-access-only', true)
|
||
|
check_publish('test:test', 'test-access-only', false)
|
||
|
check_publish(undefined, 'test-access-only', false)
|
||
|
check_publish('test:badpass', 'test-access-only', false)
|
||
|
|
||
|
check_access('test:test', 'test-publish-only', false)
|
||
|
check_access(undefined, 'test-publish-only', false)
|
||
|
check_access('test:badpass', 'test-publish-only', false)
|
||
|
check_publish('test:test', 'test-publish-only', true)
|
||
|
check_publish(undefined, 'test-publish-only', true)
|
||
|
check_publish('test:badpass', 'test-publish-only', true)
|
||
|
|
||
|
check_access('test:test', 'test-only-test', true)
|
||
|
check_access(undefined, 'test-only-test', false)
|
||
|
check_access('test:badpass', 'test-only-test', false)
|
||
|
check_publish('test:test', 'test-only-test', true)
|
||
|
check_publish(undefined, 'test-only-test', false)
|
||
|
check_publish('test:badpass', 'test-only-test', false)
|
||
|
|
||
|
check_access('test:test', 'test-only-auth', true)
|
||
|
check_access(undefined, 'test-only-auth', false)
|
||
|
check_access('test:badpass', 'test-only-auth', false)
|
||
|
check_publish('test:test', 'test-only-auth', true)
|
||
|
check_publish(undefined, 'test-only-auth', false)
|
||
|
check_publish('test:badpass', 'test-only-auth', false)
|
||
|
})
|
||
|
}
|
||
|
|