add tests for auth plugins

2024-11-08 23:25:51 +01:00 · 2015-04-11 16:09:19 +03:00 · 2015-04-11 16:09:19 +03:00 · 6cb257e51f
commit 6cb257e51f
parent 3c16e59a5c
7 changed files with 221 additions and 4 deletions
--- a/test/functional/basic.js
+++ b/test/functional/basic.js
@ -130,10 +130,8 @@ module.exports = function() {
  })

  it('who am I?', function(cb) {
-    server.request({uri:'/-/whoami'}, function(err, res, body) {
-      assert.equal(err, null)
-      assert.equal(res.statusCode, 200)
-      assert.equal(body.username, 'test')
+    server.whoami(function(username) {
+      assert.equal(username, 'test')
      cb()
    })
  })
--- a/test/functional/config-2.yaml
+++ b/test/functional/config-2.yaml
@ -3,6 +3,8 @@ storage: ./test-storage2
 users:
  test:
    password: a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
+  authtest:
+    password: a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

 uplinks:
  server1:
@ -12,6 +14,15 @@ uplinks:
 web:
  enable: true

+auth:
+  ./plugins/authenticate:
+    accept_user: authtest2
+    with_password: blahblah
+
+  ./plugins/authorize:
+    allow_user: authtest
+    to_access: test-auth-allow
+
 logs:
  - {type: stdout, format: pretty, level: trace}

@ -40,6 +51,12 @@ packages:
    allow_access: all
    allow_publish: all

+  'test-auth-regular':
+    allow_access: $authenticated
+
+  'test-auth-*':
+    handled_by_auth_plugin: true
+
  '*':
    allow_access: test anonymous
    allow_publish: test anonymous
--- a/test/functional/index.js
+++ b/test/functional/index.js
@ -59,6 +59,7 @@ describe('Func', function() {
  require('./security')()
  require('./adduser')()
  require('./addtag')()
+  require('./plugins')()

  after(function(cb) {
    async.map([server, server2], function(server, cb) {
--- a/test/functional/lib/server.js
+++ b/test/functional/lib/server.js
@ -131,6 +131,14 @@ Server.prototype.add_package = function(name, cb) {
  })
 }

+Server.prototype.whoami = function(cb) {
+  this.request({ uri:'/-/whoami' }, function(err, res, body) {
+    assert.equal(err, null)
+    assert.equal(res.statusCode, 200)
+    cb(body.username)
+  })
+}
+
 Server.prototype.debug = function(cb) {
  this.request({
    uri: '/-/_debug',
--- a/test/functional/plugins.js
+++ b/test/functional/plugins.js
@ -0,0 +1,136 @@
+require('./lib/startup')
+
+var assert = require('assert')
+
+module.exports = function() {
+  var server2 = process.server2
+
+  describe('authentication', function() {
+    var authstr
+
+    before(function() {
+      authstr = server2.authstr
+    })
+
+    it('should not authenticate with wrong password', function(cb) {
+      server2.auth('authtest', 'wrongpass', function(res, body) {
+        assert.equal(res.statusCode, 409)
+        assert.equal(body.error, 'this user already exists')
+
+        server2.whoami(function(username) {
+          assert.equal(username, undefined)
+          cb()
+        })
+      })
+    })
+
+    it('wrong password handled by plugin', function(cb) {
+      server2.auth('authtest2', 'wrongpass', function(res, body) {
+        assert.equal(res.statusCode, 409)
+        assert.equal(body.error, 'registration is disabled')
+
+        server2.whoami(function(username) {
+          assert.equal(username, undefined)
+          cb()
+        })
+      })
+    })
+
+    it('right password handled by plugin', function(cb) {
+      server2.auth('authtest2', 'blahblah', function(res, body) {
+        assert.equal(res.statusCode, 201)
+        assert.notEqual(body.ok.indexOf("'authtest2'"), -1)
+
+        server2.whoami(function(username) {
+          assert.equal(username, 'authtest2')
+          cb()
+        })
+      })
+    })
+
+    after(function() {
+      server2.authstr = authstr
+    })
+  })
+
+  describe('authorization', function() {
+    var authstr
+
+    before(function() {
+      authstr = server2.authstr
+    })
+
+    describe('authtest', function() {
+      before(function(cb) {
+        server2.auth('authtest', 'test', function(res, body) {
+          assert.equal(res.statusCode, 201)
+          assert.notEqual(body.ok.indexOf("'authtest'"), -1)
+          cb()
+        })
+      })
+
+      it('access test-auth-allow', function(cb) {
+        server2.get_package('test-auth-allow', function(res, body) {
+          assert.equal(res.statusCode, 404)
+          assert.equal(body.error, 'no such package available')
+          cb()
+        })
+      })
+
+      it('access test-auth-deny', function(cb) {
+        server2.get_package('test-auth-deny', function(res, body) {
+          assert.equal(res.statusCode, 403)
+          assert.equal(body.error, "you're not allowed here")
+          cb()
+        })
+      })
+
+      it('access test-auth-regular', function(cb) {
+        server2.get_package('test-auth-regular', function(res, body) {
+          assert.equal(res.statusCode, 404)
+          assert.equal(body.error, 'no such package available')
+          cb()
+        })
+      })
+    })
+
+    describe('authtest2', function() {
+      before(function(cb) {
+        server2.auth('authtest2', 'blahblah', function(res, body) {
+          assert.equal(res.statusCode, 201)
+          assert.notEqual(body.ok.indexOf("'authtest2'"), -1)
+          cb()
+        })
+      })
+
+      it('access test-auth-allow', function(cb) {
+        server2.get_package('test-auth-allow', function(res, body) {
+          assert.equal(res.statusCode, 403)
+          assert.equal(body.error, "i don't know anything about you")
+          cb()
+        })
+      })
+
+      it('access test-auth-deny', function(cb) {
+        server2.get_package('test-auth-deny', function(res, body) {
+          assert.equal(res.statusCode, 403)
+          assert.equal(body.error, "i don't know anything about you")
+          cb()
+        })
+      })
+
+      it('access test-auth-regular', function(cb) {
+        server2.get_package('test-auth-regular', function(res, body) {
+          assert.equal(res.statusCode, 404)
+          assert.equal(body.error, 'no such package available')
+          cb()
+        })
+      })
+    })
+
+    after(function() {
+      server2.authstr = authstr
+    })
+  })
+}
+
--- a/test/functional/plugins/authenticate.js
+++ b/test/functional/plugins/authenticate.js
@ -0,0 +1,26 @@
+
+module.exports = Plugin
+
+function Plugin(config, stuff) {
+  var self = Object.create(Plugin.prototype)
+  self._config = config
+  return self
+}
+
+// plugin is expected to be compatible with...
+Plugin.prototype.sinopia_version = '1.1.0'
+
+Plugin.prototype.authenticate = function(user, password, cb) {
+  var self = this
+  if (user !== self._config.accept_user) {
+    // delegate to next plugin
+    return cb(null, false)
+  }
+  if (password !== self._config.with_password) {
+    var err = Error("i don't like your password")
+    err.status = 403
+    return cb(err)
+  }
+  return cb(null, [ user ])
+}
+
--- a/test/functional/plugins/authorize.js
+++ b/test/functional/plugins/authorize.js
@ -0,0 +1,31 @@
+
+module.exports = Plugin
+
+function Plugin(config, stuff) {
+  var self = Object.create(Plugin.prototype)
+  self._config = config
+  return self
+}
+
+// plugin is expected to be compatible with...
+Plugin.prototype.sinopia_version = '1.1.0'
+
+Plugin.prototype.allow_access = function(user, package, cb) {
+  var self = this
+  if (!package.handled_by_auth_plugin) {
+    // delegate to next plugin
+    return cb(null, false)
+  }
+  if (user.name !== self._config.allow_user) {
+    var err = Error("i don't know anything about you")
+    err.status = 403
+    return cb(err)
+  }
+  if (package.name !== self._config.to_access) {
+    var err = Error("you're not allowed here")
+    err.status = 403
+    return cb(err)
+  }
+  return cb(null, true)
+}
+