verdaccio/test/functional/plugins.js

'use strict';

require('./lib/startup');

let assert = require('assert');

module.exports = function() {
  let server2 = process.server2;

  describe('authentication', function() {
    let authstr;

    before(function() {
      authstr = server2.authstr;
    });

    it('should not authenticate with wrong password', function() {
      return server2.auth('authtest', 'wrongpass')
               .status(409)
               .body_error('this user already exists')
               .then(function() {
                 return server2.whoami();
               })
               .then(function(username) {
                 assert.equal(username, null);
               });
    });

    it('wrong password handled by plugin', function() {
      return server2.auth('authtest2', 'wrongpass')
               .status(409)
               .body_error('registration is disabled')
               .then(function() {
                 return server2.whoami();
               })
               .then(function(username) {
                 assert.equal(username, null);
               });
    });

    it('right password handled by plugin', function() {
      return server2.auth('authtest2', 'blahblah')
               .status(201)
               .body_ok(/'authtest2'/)
               .then(function() {
                 return server2.whoami();
               })
               .then(function(username) {
                 assert.equal(username, 'authtest2');
               });
    });

    after(function() {
      server2.authstr = authstr;
    });
  });

  describe('authorization', function() {
    let authstr;

    before(function() {
      authstr = server2.authstr;
    });

    describe('authtest', function() {
      before(function() {
        return server2.auth('authtest', 'test')
                 .status(201)
                 .body_ok(/'authtest'/);
      });

      it('access test-auth-allow', function() {
        return server2.get_package('test-auth-allow')
                 .status(404)
                 .body_error('no such package available');
      });

      it('access test-auth-deny', function() {
        return server2.get_package('test-auth-deny')
                 .status(403)
                 .body_error('you\'re not allowed here');
      });

      it('access test-auth-regular', function() {
        return server2.get_package('test-auth-regular')
                 .status(404)
                 .body_error('no such package available');
      });
    });

    describe('authtest2', function() {
      before(function() {
        return server2.auth('authtest2', 'blahblah')
                 .status(201)
                 .body_ok(/'authtest2'/);
      });

      it('access test-auth-allow', function() {
        return server2.get_package('test-auth-allow')
                 .status(403)
                 .body_error('i don\'t know anything about you');
      });

      it('access test-auth-deny', function() {
        return server2.get_package('test-auth-deny')
                 .status(403)
                 .body_error('i don\'t know anything about you');
      });

      it('access test-auth-regular', function() {
        return server2.get_package('test-auth-regular')
                 .status(404)
                 .body_error('no such package available');
      });
    });

    after(function() {
      server2.authstr = authstr;
    });
  });
};