verdaccio/test/functional/access.js

'use strict';

module.exports = function() {
  describe('package access control', function() {

    const server = process.server;
    const buildToken = (auth) => {
      return `Basic ${(new Buffer(auth).toString('base64'))}`;
    };
    let oldAuth;

    before(function() {
      oldAuth = server.authstr;
    });

    after(function() {
      server.authstr = oldAuth;
    });

    /**
     * Check whether the user is allowed to fetch packages
     * @param auth {object} disable auth
     * @param pkg {string} package name
     * @param ok {boolean}
     */
    function checkAccess(auth, pkg, ok) {
      it((ok ? 'allows' : 'forbids') +' access ' + auth + ' to ' + pkg, function() {
        server.authstr = auth ? buildToken(auth) : undefined;
        let req = server.getPackage(pkg);
        if (ok) {
          return req.status(404).body_error(/no such package available/);
        } else {
          return req.status(403).body_error(/not allowed to access package/);
        }
      });
    }

    /**
     * Check whether the user is allowed to publish packages
     * @param auth {object} disable auth
     * @param pkg {string} package name
     * @param ok {boolean}
     */
    function checkPublish(auth, pkg, ok) {
      it(`${(ok ? 'allows' : 'forbids')} publish ${auth} to ${pkg}`, function() {
        server.authstr = auth ? buildToken(auth) : undefined;
        const req = server.putPackage(pkg, require('./lib/package')(pkg));
        if (ok) {
          return req.status(404).body_error(/this package cannot be added/);
        } else {
          return req.status(403).body_error(/not allowed to publish package/);
        }
      });
    }

    // credentials
    const badCredentials = 'test:badpass';
    // test user is logged by default
    const validCredentials = 'test:test';

    // defined on server1 configuration
    const testAccessOnly = 'test-access-only';
    const testPublishOnly = 'test-publish-only';
    const testOnlyTest = 'test-only-test';
    const testOnlyAuth = 'test-only-auth';

    // all are allowed to access
    checkAccess(validCredentials, testAccessOnly, true);
    checkAccess(undefined, testAccessOnly, true);
    checkAccess(badCredentials, testAccessOnly, true);
    checkPublish(validCredentials, testAccessOnly, false);
    checkPublish(undefined, testAccessOnly, false);
    checkPublish(badCredentials, testAccessOnly, false);

    // all are allowed to publish
    checkAccess(validCredentials, testPublishOnly, false);
    checkAccess(undefined, testPublishOnly, false);
    checkAccess(badCredentials, testPublishOnly, false);
    checkPublish(validCredentials, testPublishOnly, true);
    checkPublish(undefined, testPublishOnly, true);
    checkPublish(badCredentials, testPublishOnly, true);

    // only user "test" is allowed to publish and access
    checkAccess(validCredentials, testOnlyTest, true);
    checkAccess(undefined, testOnlyTest, false);
    checkAccess(badCredentials, testOnlyTest, false);
    checkPublish(validCredentials, testOnlyTest, true);
    checkPublish(undefined, testOnlyTest, false);
    checkPublish(badCredentials, testOnlyTest, false);

    // only authenticated users are allowed
    checkAccess(validCredentials, testOnlyAuth, true);
    checkAccess(undefined, testOnlyAuth, false);
    checkAccess(badCredentials, testOnlyAuth, false);
    checkPublish(validCredentials, testOnlyAuth, true);
    checkPublish(undefined, testOnlyAuth, false);
    checkPublish(badCredentials, testOnlyAuth, false);
  });
};
Update unit test es6 2017-04-19 21:15:28 +02:00			`'use strict';`
fix access control ref #238 2015-04-21 18:41:50 +02:00
Update unit test es6 2017-04-19 21:15:28 +02:00			`module.exports = function() {`
(test): Refactor and add documentation some unit test, relocate storages 2017-07-02 00:05:58 +02:00			`describe('package access control', function() {`

			`const server = process.server;`
			`const buildToken = (auth) => {`
			return `Basic ${(new Buffer(auth).toString('base64'))}`;
			`};`
			`let oldAuth;`
fix access control ref #238 2015-04-21 18:41:50 +02:00
Update unit test es6 2017-04-19 21:15:28 +02:00			`before(function() {`
(test): Refactor and add documentation some unit test, relocate storages 2017-07-02 00:05:58 +02:00			`oldAuth = server.authstr;`
Update unit test es6 2017-04-19 21:15:28 +02:00			`});`
fix access control ref #238 2015-04-21 18:41:50 +02:00
Update unit test es6 2017-04-19 21:15:28 +02:00			`after(function() {`
(test): Refactor and add documentation some unit test, relocate storages 2017-07-02 00:05:58 +02:00			`server.authstr = oldAuth;`
Update unit test es6 2017-04-19 21:15:28 +02:00			`});`
fix access control ref #238 2015-04-21 18:41:50 +02:00
(test): Refactor and add documentation some unit test, relocate storages 2017-07-02 00:05:58 +02:00			`/**`
			`* Check whether the user is allowed to fetch packages`
			`* @param auth {object} disable auth`
			`* @param pkg {string} package name`
			`* @param ok {boolean}`
			`*/`
			`function checkAccess(auth, pkg, ok) {`
Update unit test es6 2017-04-19 21:15:28 +02:00			`it((ok ? 'allows' : 'forbids') +' access ' + auth + ' to ' + pkg, function() {`
(test): Refactor and add documentation some unit test, relocate storages 2017-07-02 00:05:58 +02:00			`server.authstr = auth ? buildToken(auth) : undefined;`
(test): Refactor server class, renamed methods to camelCase 2017-06-28 22:56:02 +02:00			`let req = server.getPackage(pkg);`
fix access control ref #238 2015-04-21 18:41:50 +02:00			`if (ok) {`
Update unit test es6 2017-04-19 21:15:28 +02:00			`return req.status(404).body_error(/no such package available/);`
fix access control ref #238 2015-04-21 18:41:50 +02:00			`} else {`
Update unit test es6 2017-04-19 21:15:28 +02:00			`return req.status(403).body_error(/not allowed to access package/);`
fix access control ref #238 2015-04-21 18:41:50 +02:00			`}`
Update unit test es6 2017-04-19 21:15:28 +02:00			`});`
fix access control ref #238 2015-04-21 18:41:50 +02:00			`}`

(test): Refactor and add documentation some unit test, relocate storages 2017-07-02 00:05:58 +02:00			`/**`
			`* Check whether the user is allowed to publish packages`
			`* @param auth {object} disable auth`
			`* @param pkg {string} package name`
			`* @param ok {boolean}`
			`*/`
			`function checkPublish(auth, pkg, ok) {`
Update unit test es6 2017-04-19 21:15:28 +02:00			it(`${(ok ? 'allows' : 'forbids')} publish ${auth} to ${pkg}`, function() {
(test): Refactor and add documentation some unit test, relocate storages 2017-07-02 00:05:58 +02:00			`server.authstr = auth ? buildToken(auth) : undefined;`
			`const req = server.putPackage(pkg, require('./lib/package')(pkg));`
fix access control ref #238 2015-04-21 18:41:50 +02:00			`if (ok) {`
Update unit test es6 2017-04-19 21:15:28 +02:00			`return req.status(404).body_error(/this package cannot be added/);`
fix access control ref #238 2015-04-21 18:41:50 +02:00			`} else {`
Update unit test es6 2017-04-19 21:15:28 +02:00			`return req.status(403).body_error(/not allowed to publish package/);`
fix access control ref #238 2015-04-21 18:41:50 +02:00			`}`
Update unit test es6 2017-04-19 21:15:28 +02:00			`});`
fix access control ref #238 2015-04-21 18:41:50 +02:00			`}`
(test): Refactor and add documentation some unit test, relocate storages 2017-07-02 00:05:58 +02:00
			`// credentials`
			`const badCredentials = 'test:badpass';`
			`// test user is logged by default`
			`const validCredentials = 'test:test';`

			`// defined on server1 configuration`
Update unit test es6 2017-04-19 21:15:28 +02:00			`const testAccessOnly = 'test-access-only';`
			`const testPublishOnly = 'test-publish-only';`
			`const testOnlyTest = 'test-only-test';`
			`const testOnlyAuth = 'test-only-auth';`
fix access control ref #238 2015-04-21 18:41:50 +02:00
(test): Refactor and add documentation some unit test, relocate storages 2017-07-02 00:05:58 +02:00			`// all are allowed to access`
			`checkAccess(validCredentials, testAccessOnly, true);`
			`checkAccess(undefined, testAccessOnly, true);`
			`checkAccess(badCredentials, testAccessOnly, true);`
			`checkPublish(validCredentials, testAccessOnly, false);`
			`checkPublish(undefined, testAccessOnly, false);`
			`checkPublish(badCredentials, testAccessOnly, false);`

			`// all are allowed to publish`
			`checkAccess(validCredentials, testPublishOnly, false);`
			`checkAccess(undefined, testPublishOnly, false);`
			`checkAccess(badCredentials, testPublishOnly, false);`
			`checkPublish(validCredentials, testPublishOnly, true);`
			`checkPublish(undefined, testPublishOnly, true);`
			`checkPublish(badCredentials, testPublishOnly, true);`
fix access control ref #238 2015-04-21 18:41:50 +02:00
(test): Refactor and add documentation some unit test, relocate storages 2017-07-02 00:05:58 +02:00			`// only user "test" is allowed to publish and access`
			`checkAccess(validCredentials, testOnlyTest, true);`
			`checkAccess(undefined, testOnlyTest, false);`
			`checkAccess(badCredentials, testOnlyTest, false);`
			`checkPublish(validCredentials, testOnlyTest, true);`
			`checkPublish(undefined, testOnlyTest, false);`
			`checkPublish(badCredentials, testOnlyTest, false);`
fix access control ref #238 2015-04-21 18:41:50 +02:00
(test): Refactor and add documentation some unit test, relocate storages 2017-07-02 00:05:58 +02:00			`// only authenticated users are allowed`
			`checkAccess(validCredentials, testOnlyAuth, true);`
			`checkAccess(undefined, testOnlyAuth, false);`
			`checkAccess(badCredentials, testOnlyAuth, false);`
			`checkPublish(validCredentials, testOnlyAuth, true);`
			`checkPublish(undefined, testOnlyAuth, false);`
			`checkPublish(badCredentials, testOnlyAuth, false);`
Update unit test es6 2017-04-19 21:15:28 +02:00			`});`
			`};`