github.com/verdaccio
1
0
Fork 0
mirror of https://github.com/verdaccio/verdaccio.git synced 2024-11-13 03:35:52 +01:00
Code Releases Wiki Activity
5612c13e9e
verdaccio/test/unit/modules/auth/jwt.spec.ts

138 lines
5.0 KiB
TypeScript
Raw Normal View History

feat: add support for jwt on api (#896) * feat: add support for jwt on api * test: add unit test for sign token with jwt add multiple scenarios with configuration file * chore: add JWT verification on middleware * chore: restore headless * chore: restore middleware header validation * refactor: fix login whether user exists * refactor: JWT is signed asynchronously * refactor: better structure and new naming convention * test: add unit test for token signature * test: add unit test for creating user with JWT enabled #168 * docs: add security section jwt * refactor: renable web auth middleware * test(auth): add legacy disabled scenario * chore: update gitignore * chore: add some es6 sugar * feat: enable JWT token signature for new installations * chore: add yaml files to git I forgot add this before :mask: * chore: trace log on auth in case we want more output
2018-08-21 08:05:34 +02:00
import request from 'supertest';
import path from 'path';
import rimraf from 'rimraf';
test: relocate spec test
2019-05-19 22:23:12 +02:00
import endPointAPI from '../../../../src/api';
feat: add support for jwt on api (#896) * feat: add support for jwt on api * test: add unit test for sign token with jwt add multiple scenarios with configuration file * chore: add JWT verification on middleware * chore: restore headless * chore: restore middleware header validation * refactor: fix login whether user exists * refactor: JWT is signed asynchronously * refactor: better structure and new naming convention * test: add unit test for token signature * test: add unit test for creating user with JWT enabled #168 * docs: add security section jwt * refactor: renable web auth middleware * test(auth): add legacy disabled scenario * chore: update gitignore * chore: add some es6 sugar * feat: enable JWT token signature for new installations * chore: add yaml files to git I forgot add this before :mask: * chore: trace log on auth in case we want more output
2018-08-21 08:05:34 +02:00
Merge remote-tracking branch 'origin/master' into 4.1.x
2019-06-13 22:04:35 +02:00
import {HEADERS, HTTP_STATUS, HEADER_TYPE, TOKEN_BEARER, TOKEN_BASIC, API_ERROR} from '../../../../src/lib/constants';
test: relocate spec test
2019-05-19 22:23:12 +02:00
import {mockServer} from '../../__helper/mock';
import {DOMAIN_SERVERS} from '../../../functional/config.functional';
fix: unpublish and add or remove star colision (#1434) * fix: unpublish and add or remove star colision The issue was the npm star use a similar payload, but we did not check properly the shape of the payload, this fix and allow unpublish correctly. Improve unit testing for publishing and unpublishing Add new code documentation for future changes. * chore: update secrets baseline * chore: add missing type this will requires update types in the future
2019-08-10 13:38:06 +02:00
import {buildToken} from '../../../../src/lib/utils';
Merge remote-tracking branch 'origin/master' into 4.1.x
2019-06-13 22:04:35 +02:00
import {addUser, getPackage, loginUserToken} from '../../__helper/api';
test: relocate spec test
2019-05-19 22:23:12 +02:00
import {setup} from '../../../../src/lib/logger';
fix: unpublish and add or remove star colision (#1434) * fix: unpublish and add or remove star colision The issue was the npm star use a similar payload, but we did not check properly the shape of the payload, this fix and allow unpublish correctly. Improve unit testing for publishing and unpublishing Add new code documentation for future changes. * chore: update secrets baseline * chore: add missing type this will requires update types in the future
2019-08-10 13:38:06 +02:00
import configDefault from '../../partials/config';
test: relocate spec test
2019-05-19 22:23:12 +02:00
import {buildUserBuffer} from '../../../../src/lib/auth-utils';
feat: add support for jwt on api (#896) * feat: add support for jwt on api * test: add unit test for sign token with jwt add multiple scenarios with configuration file * chore: add JWT verification on middleware * chore: restore headless * chore: restore middleware header validation * refactor: fix login whether user exists * refactor: JWT is signed asynchronously * refactor: better structure and new naming convention * test: add unit test for token signature * test: add unit test for creating user with JWT enabled #168 * docs: add security section jwt * refactor: renable web auth middleware * test(auth): add legacy disabled scenario * chore: update gitignore * chore: add some es6 sugar * feat: enable JWT token signature for new installations * chore: add yaml files to git I forgot add this before :mask: * chore: trace log on auth in case we want more output
2018-08-21 08:05:34 +02:00
setup([]);
const credentials = { name: 'JotaJWT', password: 'secretPass' };
feat: convert project to typescript (#1374) * chore: test * chore: add * chore: more progress * chore: progress in migration, fix prettier parser * chore: reduce tsc errors * chore: refactor storage utils types * chore: refactor utils types * chore: refactor local storage types * chore: refactor config utils types * chore: refactor tsc types * refactor: apply eslint fix, tabs etc * chore: fix lint errors * test: update unit test conf to typescript setup few test refactored to typescript * chore: enable more unit test migrate to typescript * chore: migrate storage test to tsc * chore: migrate up storage test to tsc * refactor: enable plugin and auth test * chore: migrate plugin loader test * chore: update dependencies * chore: migrate functional test to typescript * chore: add codecove * chore: update express * chore: downgrade puppeteer The latest version does not seems to work properly fine. * chore: update dependencies
2019-07-16 08:40:01 +02:00
const FORBIDDEN_VUE = 'authorization required to access package vue';
feat: add support for jwt on api (#896) * feat: add support for jwt on api * test: add unit test for sign token with jwt add multiple scenarios with configuration file * chore: add JWT verification on middleware * chore: restore headless * chore: restore middleware header validation * refactor: fix login whether user exists * refactor: JWT is signed asynchronously * refactor: better structure and new naming convention * test: add unit test for token signature * test: add unit test for creating user with JWT enabled #168 * docs: add security section jwt * refactor: renable web auth middleware * test(auth): add legacy disabled scenario * chore: update gitignore * chore: add some es6 sugar * feat: enable JWT token signature for new installations * chore: add yaml files to git I forgot add this before :mask: * chore: trace log on auth in case we want more output
2018-08-21 08:05:34 +02:00
describe('endpoint user auth JWT unit test', () => {
test: relocate unit test
2019-05-20 07:41:12 +02:00
jest.setTimeout(20000);
feat: add support for jwt on api (#896) * feat: add support for jwt on api * test: add unit test for sign token with jwt add multiple scenarios with configuration file * chore: add JWT verification on middleware * chore: restore headless * chore: restore middleware header validation * refactor: fix login whether user exists * refactor: JWT is signed asynchronously * refactor: better structure and new naming convention * test: add unit test for token signature * test: add unit test for creating user with JWT enabled #168 * docs: add security section jwt * refactor: renable web auth middleware * test(auth): add legacy disabled scenario * chore: update gitignore * chore: add some es6 sugar * feat: enable JWT token signature for new installations * chore: add yaml files to git I forgot add this before :mask: * chore: trace log on auth in case we want more output
2018-08-21 08:05:34 +02:00
let app;
let mockRegistry;
test: increase usage of constants
2019-05-19 21:37:43 +02:00
const FAKE_TOKEN: string = buildToken(TOKEN_BEARER, 'fake');
feat: add support for jwt on api (#896) * feat: add support for jwt on api * test: add unit test for sign token with jwt add multiple scenarios with configuration file * chore: add JWT verification on middleware * chore: restore headless * chore: restore middleware header validation * refactor: fix login whether user exists * refactor: JWT is signed asynchronously * refactor: better structure and new naming convention * test: add unit test for token signature * test: add unit test for creating user with JWT enabled #168 * docs: add security section jwt * refactor: renable web auth middleware * test(auth): add legacy disabled scenario * chore: update gitignore * chore: add some es6 sugar * feat: enable JWT token signature for new installations * chore: add yaml files to git I forgot add this before :mask: * chore: trace log on auth in case we want more output
2018-08-21 08:05:34 +02:00
beforeAll(function(done) {
test: relocate spec test
2019-05-19 22:23:12 +02:00
const store = path.join(__dirname, '../../partials/store/test-jwt-storage');
feat: add support for jwt on api (#896) * feat: add support for jwt on api * test: add unit test for sign token with jwt add multiple scenarios with configuration file * chore: add JWT verification on middleware * chore: restore headless * chore: restore middleware header validation * refactor: fix login whether user exists * refactor: JWT is signed asynchronously * refactor: better structure and new naming convention * test: add unit test for token signature * test: add unit test for creating user with JWT enabled #168 * docs: add security section jwt * refactor: renable web auth middleware * test(auth): add legacy disabled scenario * chore: update gitignore * chore: add some es6 sugar * feat: enable JWT token signature for new installations * chore: add yaml files to git I forgot add this before :mask: * chore: trace log on auth in case we want more output
2018-08-21 08:05:34 +02:00
const mockServerPort = 55546;
rimraf(store, async () => {
fix: unpublish and add or remove star colision (#1434) * fix: unpublish and add or remove star colision The issue was the npm star use a similar payload, but we did not check properly the shape of the payload, this fix and allow unpublish correctly. Improve unit testing for publishing and unpublishing Add new code documentation for future changes. * chore: update secrets baseline * chore: add missing type this will requires update types in the future
2019-08-10 13:38:06 +02:00
const configForTest = configDefault({
chore: fix unpublish issues, fix unit test
2019-02-24 23:20:25 +01:00
storage: store,
test: relocate spec test
2019-05-19 22:23:12 +02:00
uplinks: {
chore: fix unpublish issues, fix unit test
2019-02-24 23:20:25 +01:00
npmjs: {
url: `http://${DOMAIN_SERVERS}:${mockServerPort}`
}
},
self_path: store,
auth: {
htpasswd: {
test: relocate spec test
2019-05-19 22:23:12 +02:00
file: './test-jwt-storage/.htpasswd_jwt_auth'
chore: fix unpublish issues, fix unit test
2019-02-24 23:20:25 +01:00
}
fix: unpublish and add or remove star colision (#1434) * fix: unpublish and add or remove star colision The issue was the npm star use a similar payload, but we did not check properly the shape of the payload, this fix and allow unpublish correctly. Improve unit testing for publishing and unpublishing Add new code documentation for future changes. * chore: update secrets baseline * chore: add missing type this will requires update types in the future
2019-08-10 13:38:06 +02:00
},
logs: [
{ type: 'stdout', format: 'pretty', level: 'warn' }
]
}, 'api-jwt/jwt.yaml');
feat: convert project to typescript (#1374) * chore: test * chore: add * chore: more progress * chore: progress in migration, fix prettier parser * chore: reduce tsc errors * chore: refactor storage utils types * chore: refactor utils types * chore: refactor local storage types * chore: refactor config utils types * chore: refactor tsc types * refactor: apply eslint fix, tabs etc * chore: fix lint errors * test: update unit test conf to typescript setup few test refactored to typescript * chore: enable more unit test migrate to typescript * chore: migrate storage test to tsc * chore: migrate up storage test to tsc * refactor: enable plugin and auth test * chore: migrate plugin loader test * chore: update dependencies * chore: migrate functional test to typescript * chore: add codecove * chore: update express * chore: downgrade puppeteer The latest version does not seems to work properly fine. * chore: update dependencies
2019-07-16 08:40:01 +02:00
chore: fix unpublish issues, fix unit test
2019-02-24 23:20:25 +01:00
app = await endPointAPI(configForTest);
feat: add support for jwt on api (#896) * feat: add support for jwt on api * test: add unit test for sign token with jwt add multiple scenarios with configuration file * chore: add JWT verification on middleware * chore: restore headless * chore: restore middleware header validation * refactor: fix login whether user exists * refactor: JWT is signed asynchronously * refactor: better structure and new naming convention * test: add unit test for token signature * test: add unit test for creating user with JWT enabled #168 * docs: add security section jwt * refactor: renable web auth middleware * test(auth): add legacy disabled scenario * chore: update gitignore * chore: add some es6 sugar * feat: enable JWT token signature for new installations * chore: add yaml files to git I forgot add this before :mask: * chore: trace log on auth in case we want more output
2018-08-21 08:05:34 +02:00
mockRegistry = await mockServer(mockServerPort).init();
done();
});
});
afterAll(function(done) {
mockRegistry[0].stop();
done();
});
test('should test add a new user with JWT enabled', async (done) => {
const [err, res] = await addUser(request(app), credentials.name, credentials);
expect(err).toBeNull();
expect(res.body.ok).toBeDefined();
expect(res.body.token).toBeDefined();
fix(api): force authenticate on login (#1347) When a user has a valid token and tries to login with other credentials the endpoint returns 201. The reason was if another user logged previously and had a valid token stored in the terminal. We must authenticate any user that tries to log in even if the token stored is valid. We must check credentials again and return a new token, if the credentials are wrong we reject the login. Furthermore, the new token will update the list of groups.
2019-06-13 06:58:43 +02:00
const { token } = res.body;
feat: add support for jwt on api (#896) * feat: add support for jwt on api * test: add unit test for sign token with jwt add multiple scenarios with configuration file * chore: add JWT verification on middleware * chore: restore headless * chore: restore middleware header validation * refactor: fix login whether user exists * refactor: JWT is signed asynchronously * refactor: better structure and new naming convention * test: add unit test for token signature * test: add unit test for creating user with JWT enabled #168 * docs: add security section jwt * refactor: renable web auth middleware * test(auth): add legacy disabled scenario * chore: update gitignore * chore: add some es6 sugar * feat: enable JWT token signature for new installations * chore: add yaml files to git I forgot add this before :mask: * chore: trace log on auth in case we want more output
2018-08-21 08:05:34 +02:00
expect(typeof token).toBe('string');
expect(res.body.ok).toMatch(`user '${credentials.name}' created`);
fix(api): force authenticate on login (#1347) When a user has a valid token and tries to login with other credentials the endpoint returns 201. The reason was if another user logged previously and had a valid token stored in the terminal. We must authenticate any user that tries to log in even if the token stored is valid. We must check credentials again and return a new token, if the credentials are wrong we reject the login. Furthermore, the new token will update the list of groups.
2019-06-13 06:58:43 +02:00
feat: add support for jwt on api (#896) * feat: add support for jwt on api * test: add unit test for sign token with jwt add multiple scenarios with configuration file * chore: add JWT verification on middleware * chore: restore headless * chore: restore middleware header validation * refactor: fix login whether user exists * refactor: JWT is signed asynchronously * refactor: better structure and new naming convention * test: add unit test for token signature * test: add unit test for creating user with JWT enabled #168 * docs: add security section jwt * refactor: renable web auth middleware * test(auth): add legacy disabled scenario * chore: update gitignore * chore: add some es6 sugar * feat: enable JWT token signature for new installations * chore: add yaml files to git I forgot add this before :mask: * chore: trace log on auth in case we want more output
2018-08-21 08:05:34 +02:00
// testing JWT auth headers with token
// we need it here, because token is required
fix: unpublish and add or remove star colision (#1434) * fix: unpublish and add or remove star colision The issue was the npm star use a similar payload, but we did not check properly the shape of the payload, this fix and allow unpublish correctly. Improve unit testing for publishing and unpublishing Add new code documentation for future changes. * chore: update secrets baseline * chore: add missing type this will requires update types in the future
2019-08-10 13:38:06 +02:00
const [err1, resp1] = await getPackage(request(app), token, 'vue');
feat: add support for jwt on api (#896) * feat: add support for jwt on api * test: add unit test for sign token with jwt add multiple scenarios with configuration file * chore: add JWT verification on middleware * chore: restore headless * chore: restore middleware header validation * refactor: fix login whether user exists * refactor: JWT is signed asynchronously * refactor: better structure and new naming convention * test: add unit test for token signature * test: add unit test for creating user with JWT enabled #168 * docs: add security section jwt * refactor: renable web auth middleware * test(auth): add legacy disabled scenario * chore: update gitignore * chore: add some es6 sugar * feat: enable JWT token signature for new installations * chore: add yaml files to git I forgot add this before :mask: * chore: trace log on auth in case we want more output
2018-08-21 08:05:34 +02:00
expect(err1).toBeNull();
expect(resp1.body).toBeDefined();
expect(resp1.body.name).toMatch('vue');
test: increase usage of constants
2019-05-19 21:37:43 +02:00
const [err2, resp2] = await getPackage(request(app), FAKE_TOKEN, 'vue', HTTP_STATUS.UNAUTHORIZED);
feat: add support for jwt on api (#896) * feat: add support for jwt on api * test: add unit test for sign token with jwt add multiple scenarios with configuration file * chore: add JWT verification on middleware * chore: restore headless * chore: restore middleware header validation * refactor: fix login whether user exists * refactor: JWT is signed asynchronously * refactor: better structure and new naming convention * test: add unit test for token signature * test: add unit test for creating user with JWT enabled #168 * docs: add security section jwt * refactor: renable web auth middleware * test(auth): add legacy disabled scenario * chore: update gitignore * chore: add some es6 sugar * feat: enable JWT token signature for new installations * chore: add yaml files to git I forgot add this before :mask: * chore: trace log on auth in case we want more output
2018-08-21 08:05:34 +02:00
expect(err2).toBeNull();
Merge remote-tracking branch 'origin/master' into 4.x
2018-11-15 21:13:41 +01:00
expect(resp2.statusCode).toBe(HTTP_STATUS.UNAUTHORIZED);
feat: add support for jwt on api (#896) * feat: add support for jwt on api * test: add unit test for sign token with jwt add multiple scenarios with configuration file * chore: add JWT verification on middleware * chore: restore headless * chore: restore middleware header validation * refactor: fix login whether user exists * refactor: JWT is signed asynchronously * refactor: better structure and new naming convention * test: add unit test for token signature * test: add unit test for creating user with JWT enabled #168 * docs: add security section jwt * refactor: renable web auth middleware * test(auth): add legacy disabled scenario * chore: update gitignore * chore: add some es6 sugar * feat: enable JWT token signature for new installations * chore: add yaml files to git I forgot add this before :mask: * chore: trace log on auth in case we want more output
2018-08-21 08:05:34 +02:00
expect(resp2.body.error).toMatch(FORBIDDEN_VUE);
done();
});
test('should emulate npm login when user already exist', async (done) => {
const credentials = { name: 'jwtUser2', password: 'secretPass' };
// creates an user
await addUser(request(app), credentials.name, credentials);
// it should fails conflict 409
await addUser(request(app), credentials.name, credentials, HTTP_STATUS.CONFLICT);
fix(api): force authenticate on login (#1347) When a user has a valid token and tries to login with other credentials the endpoint returns 201. The reason was if another user logged previously and had a valid token stored in the terminal. We must authenticate any user that tries to log in even if the token stored is valid. We must check credentials again and return a new token, if the credentials are wrong we reject the login. Furthermore, the new token will update the list of groups.
2019-06-13 06:58:43 +02:00
feat: add support for jwt on api (#896) * feat: add support for jwt on api * test: add unit test for sign token with jwt add multiple scenarios with configuration file * chore: add JWT verification on middleware * chore: restore headless * chore: restore middleware header validation * refactor: fix login whether user exists * refactor: JWT is signed asynchronously * refactor: better structure and new naming convention * test: add unit test for token signature * test: add unit test for creating user with JWT enabled #168 * docs: add security section jwt * refactor: renable web auth middleware * test(auth): add legacy disabled scenario * chore: update gitignore * chore: add some es6 sugar * feat: enable JWT token signature for new installations * chore: add yaml files to git I forgot add this before :mask: * chore: trace log on auth in case we want more output
2018-08-21 08:05:34 +02:00
// npm will try to sign in sending credentials via basic auth header
const token = buildUserBuffer(credentials.name, credentials.password).toString('base64');
feat: convert project to typescript (#1374) * chore: test * chore: add * chore: more progress * chore: progress in migration, fix prettier parser * chore: reduce tsc errors * chore: refactor storage utils types * chore: refactor utils types * chore: refactor local storage types * chore: refactor config utils types * chore: refactor tsc types * refactor: apply eslint fix, tabs etc * chore: fix lint errors * test: update unit test conf to typescript setup few test refactored to typescript * chore: enable more unit test migrate to typescript * chore: migrate storage test to tsc * chore: migrate up storage test to tsc * refactor: enable plugin and auth test * chore: migrate plugin loader test * chore: update dependencies * chore: migrate functional test to typescript * chore: add codecove * chore: update express * chore: downgrade puppeteer The latest version does not seems to work properly fine. * chore: update dependencies
2019-07-16 08:40:01 +02:00
// put should exist in request
// @ts-ignore
feat: add support for jwt on api (#896) * feat: add support for jwt on api * test: add unit test for sign token with jwt add multiple scenarios with configuration file * chore: add JWT verification on middleware * chore: restore headless * chore: restore middleware header validation * refactor: fix login whether user exists * refactor: JWT is signed asynchronously * refactor: better structure and new naming convention * test: add unit test for token signature * test: add unit test for creating user with JWT enabled #168 * docs: add security section jwt * refactor: renable web auth middleware * test(auth): add legacy disabled scenario * chore: update gitignore * chore: add some es6 sugar * feat: enable JWT token signature for new installations * chore: add yaml files to git I forgot add this before :mask: * chore: trace log on auth in case we want more output
2018-08-21 08:05:34 +02:00
request(app).put(`/-/user/org.couchdb.user:${credentials.name}/-rev/undefined`)
.send(credentials)
test: increase usage of constants
2019-05-19 21:37:43 +02:00
.set(HEADERS.AUTHORIZATION, buildToken(TOKEN_BASIC, token))
feat: add support for jwt on api (#896) * feat: add support for jwt on api * test: add unit test for sign token with jwt add multiple scenarios with configuration file * chore: add JWT verification on middleware * chore: restore headless * chore: restore middleware header validation * refactor: fix login whether user exists * refactor: JWT is signed asynchronously * refactor: better structure and new naming convention * test: add unit test for token signature * test: add unit test for creating user with JWT enabled #168 * docs: add security section jwt * refactor: renable web auth middleware * test(auth): add legacy disabled scenario * chore: update gitignore * chore: add some es6 sugar * feat: enable JWT token signature for new installations * chore: add yaml files to git I forgot add this before :mask: * chore: trace log on auth in case we want more output
2018-08-21 08:05:34 +02:00
.expect(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON_CHARSET)
.expect(HTTP_STATUS.CREATED)
.end(function(err, res) {
expect(err).toBeNull();
expect(res.body.ok).toBeDefined();
expect(res.body.token).toBeDefined();
fix(api): force authenticate on login (#1347) When a user has a valid token and tries to login with other credentials the endpoint returns 201. The reason was if another user logged previously and had a valid token stored in the terminal. We must authenticate any user that tries to log in even if the token stored is valid. We must check credentials again and return a new token, if the credentials are wrong we reject the login. Furthermore, the new token will update the list of groups.
2019-06-13 06:58:43 +02:00
feat: add support for jwt on api (#896) * feat: add support for jwt on api * test: add unit test for sign token with jwt add multiple scenarios with configuration file * chore: add JWT verification on middleware * chore: restore headless * chore: restore middleware header validation * refactor: fix login whether user exists * refactor: JWT is signed asynchronously * refactor: better structure and new naming convention * test: add unit test for token signature * test: add unit test for creating user with JWT enabled #168 * docs: add security section jwt * refactor: renable web auth middleware * test(auth): add legacy disabled scenario * chore: update gitignore * chore: add some es6 sugar * feat: enable JWT token signature for new installations * chore: add yaml files to git I forgot add this before :mask: * chore: trace log on auth in case we want more output
2018-08-21 08:05:34 +02:00
done();
});
});
test('should fails on try to access with corrupted token', async (done) => {
test: increase usage of constants
2019-05-19 21:37:43 +02:00
const [err2, resp2] = await getPackage(request(app), FAKE_TOKEN, 'vue', HTTP_STATUS.UNAUTHORIZED);
feat: add support for jwt on api (#896) * feat: add support for jwt on api * test: add unit test for sign token with jwt add multiple scenarios with configuration file * chore: add JWT verification on middleware * chore: restore headless * chore: restore middleware header validation * refactor: fix login whether user exists * refactor: JWT is signed asynchronously * refactor: better structure and new naming convention * test: add unit test for token signature * test: add unit test for creating user with JWT enabled #168 * docs: add security section jwt * refactor: renable web auth middleware * test(auth): add legacy disabled scenario * chore: update gitignore * chore: add some es6 sugar * feat: enable JWT token signature for new installations * chore: add yaml files to git I forgot add this before :mask: * chore: trace log on auth in case we want more output
2018-08-21 08:05:34 +02:00
expect(err2).toBeNull();
Merge remote-tracking branch 'origin/master' into 4.x
2018-11-15 21:13:41 +01:00
expect(resp2.statusCode).toBe(HTTP_STATUS.UNAUTHORIZED);
feat: add support for jwt on api (#896) * feat: add support for jwt on api * test: add unit test for sign token with jwt add multiple scenarios with configuration file * chore: add JWT verification on middleware * chore: restore headless * chore: restore middleware header validation * refactor: fix login whether user exists * refactor: JWT is signed asynchronously * refactor: better structure and new naming convention * test: add unit test for token signature * test: add unit test for creating user with JWT enabled #168 * docs: add security section jwt * refactor: renable web auth middleware * test(auth): add legacy disabled scenario * chore: update gitignore * chore: add some es6 sugar * feat: enable JWT token signature for new installations * chore: add yaml files to git I forgot add this before :mask: * chore: trace log on auth in case we want more output
2018-08-21 08:05:34 +02:00
expect(resp2.body.error).toMatch(FORBIDDEN_VUE);
done();
});
fix(api): force authenticate on login (#1347) When a user has a valid token and tries to login with other credentials the endpoint returns 201. The reason was if another user logged previously and had a valid token stored in the terminal. We must authenticate any user that tries to log in even if the token stored is valid. We must check credentials again and return a new token, if the credentials are wrong we reject the login. Furthermore, the new token will update the list of groups.
2019-06-13 06:58:43 +02:00
test('should fails on login if user credentials are invalid even if jwt valid token is provided', async (done) => {
const credentials = { name: 'newFailsUser', password: 'secretPass' };
const [err, res] = await addUser(request(app), credentials.name, credentials);
expect(err).toBeNull();
expect(res.body.ok).toBeDefined();
expect(res.body.token).toBeDefined();
const { token } = res.body;
expect(typeof token).toBe('string');
expect(res.body.ok).toMatch(`user '${credentials.name}' created`);
// we login when token is valid
const newCredentials = { name: 'newFailsUser', password: 'BAD_PASSWORD' };
const [err2, resp2] = await loginUserToken(request(app), newCredentials.name, newCredentials, token, HTTP_STATUS.UNAUTHORIZED);
expect(err2).toBeNull();
expect(resp2.statusCode).toBe(HTTP_STATUS.UNAUTHORIZED);
expect(resp2.body.error).toMatch(API_ERROR.BAD_USERNAME_PASSWORD);
done();
});
feat: add support for jwt on api (#896) * feat: add support for jwt on api * test: add unit test for sign token with jwt add multiple scenarios with configuration file * chore: add JWT verification on middleware * chore: restore headless * chore: restore middleware header validation * refactor: fix login whether user exists * refactor: JWT is signed asynchronously * refactor: better structure and new naming convention * test: add unit test for token signature * test: add unit test for creating user with JWT enabled #168 * docs: add security section jwt * refactor: renable web auth middleware * test(auth): add legacy disabled scenario * chore: update gitignore * chore: add some es6 sugar * feat: enable JWT token signature for new installations * chore: add yaml files to git I forgot add this before :mask: * chore: trace log on auth in case we want more output
2018-08-21 08:05:34 +02:00
});
Copy Permalink