Getting most of the test auth working, adding in global builder configuration.

This commit is contained in:
mike12345567 2021-04-13 18:12:35 +01:00
parent f1e37a501c
commit 105e1cc16f
7 changed files with 50 additions and 33 deletions

View File

@ -29,6 +29,9 @@
email: "test@test.com", email: "test@test.com",
password: "test", password: "test",
roles: {}, roles: {},
builder: {
global: true,
}
}) })
notifier.success("Test user created") notifier.success("Test user created")
} catch (err) { } catch (err) {

View File

@ -10,8 +10,15 @@ module.exports = async (url, opts) => {
} }
} }
if (url.includes("/api/admin")) {
return json({
email: "test@test.com",
_id: "us_test@test.com",
status: "active",
})
}
// mocked data based on url // mocked data based on url
if (url.includes("api/apps")) { else if (url.includes("api/apps")) {
return json({ return json({
app1: { app1: {
url: "/app1", url: "/app1",
@ -41,12 +48,6 @@ module.exports = async (url, opts) => {
], ],
bookmark: "test", bookmark: "test",
}) })
} else if (url.includes("/api/admin")) {
return json({
email: "test@test.com",
_id: "us_test@test.com",
status: "active",
})
} }
return fetch(url, opts) return fetch(url, opts)
} }

View File

@ -30,14 +30,10 @@ module.exports = (permType, permLevel = null) => async (ctx, next) => {
ctx.roleId ctx.roleId
) )
// TODO: need to determine if the user has permission to build here, global cookie let isBuilder = ctx.user && ctx.user.builder && ctx.user.builder.global
if (permType === PermissionTypes.BUILDER && isBuilder) {
// this may need to change in the future, right now only admins
// can have access to builder features, this is hard coded into
// our rules
if (isAuthed) {
return next() return next()
} else if (permType === PermissionTypes.BUILDER) { } else if (permType === PermissionTypes.BUILDER && !isBuilder) {
return ctx.throw(403, "Not Authorized") return ctx.throw(403, "Not Authorized")
} }

View File

@ -15,12 +15,11 @@ module.exports = async (ctx, next) => {
let updateCookie = false, let updateCookie = false,
appId, appId,
roleId roleId = BUILTIN_ROLE_IDS.PUBLIC
if (!ctx.user) { if (!ctx.user) {
// not logged in, try to set a cookie for public apps // not logged in, try to set a cookie for public apps
updateCookie = true updateCookie = true
appId = requestAppId appId = requestAppId
roleId = BUILTIN_ROLE_IDS.PUBLIC
} else if ( } else if (
requestAppId != null && requestAppId != null &&
(appCookie == null || (appCookie == null ||
@ -31,7 +30,9 @@ module.exports = async (ctx, next) => {
const globalUser = await getGlobalUsers(ctx, requestAppId, ctx.user.email) const globalUser = await getGlobalUsers(ctx, requestAppId, ctx.user.email)
updateCookie = true updateCookie = true
appId = requestAppId appId = requestAppId
roleId = globalUser.roles[requestAppId] || BUILTIN_ROLE_IDS.PUBLIC if (globalUser.roles && globalUser.roles[requestAppId]) {
roleId = globalUser.roles[requestAppId]
}
} else if (appCookie != null) { } else if (appCookie != null) {
appId = appCookie.appId appId = appCookie.appId
roleId = appCookie.roleId || BUILTIN_ROLE_IDS.PUBLIC roleId = appCookie.roleId || BUILTIN_ROLE_IDS.PUBLIC

View File

@ -15,6 +15,7 @@ const {
const controllers = require("./controllers") const controllers = require("./controllers")
const supertest = require("supertest") const supertest = require("supertest")
const { cleanup } = require("../../utilities/fileSystem") const { cleanup } = require("../../utilities/fileSystem")
const { Cookies } = require("@budibase/auth")
const EMAIL = "babs@babs.com" const EMAIL = "babs@babs.com"
const PASSWORD = "babs_password" const PASSWORD = "babs_password"
@ -68,16 +69,26 @@ class TestConfiguration {
} }
defaultHeaders() { defaultHeaders() {
const builderUser = { const user = {
userId: "BUILDER", userId: "us_test@test.com",
email: "test@test.com",
roleId: BUILTIN_ROLE_IDS.BUILDER, roleId: BUILTIN_ROLE_IDS.BUILDER,
builder: {
global: true,
},
} }
const builderToken = jwt.sign(builderUser, env.JWT_SECRET) const app = {
// can be "production" for test case roleId: BUILTIN_ROLE_IDS.BUILDER,
const type = env.isProd() ? "cloud" : "local" appId: this.appId,
}
const authToken = jwt.sign(user, env.JWT_SECRET)
const appToken = jwt.sign(app, env.JWT_SECRET)
const headers = { const headers = {
Accept: "application/json", Accept: "application/json",
Cookie: [`budibase:builder:${type}=${builderToken}`], Cookie: [
`${Cookies.Auth}=${authToken}`,
`${Cookies.CurrentApp}=${appToken}`,
],
} }
if (this.appId) { if (this.appId) {
headers["x-budibase-app-id"] = this.appId headers["x-budibase-app-id"] = this.appId
@ -307,20 +318,18 @@ class TestConfiguration {
} }
if (!email || !password) { if (!email || !password) {
await this.createUser() await this.createUser()
email = EMAIL
password = PASSWORD
} }
const result = await this.request const user = {
.post(`/api/authenticate`) userId: "us_test@test.com",
.set({ email: EMAIL,
"x-budibase-app-id": this.appId, roleId: BUILTIN_ROLE_IDS.BASIC,
}) }
.send({ email, password }) const token = jwt.sign(user, env.JWT_SECRET)
// returning necessary request headers // returning necessary request headers
return { return {
Accept: "application/json", Accept: "application/json",
Cookie: result.headers["set-cookie"], Cookie: [`${Cookies.Auth}=${token}`],
"x-budibase-app-id": this.appId, "x-budibase-app-id": this.appId,
} }
} }

View File

@ -99,6 +99,9 @@ exports.saveGlobalUser = async (ctx, appId, email, body) => {
password: body.password || undefined, password: body.password || undefined,
status: body.status, status: body.status,
roles, roles,
builder: {
global: true,
},
}, },
} }

View File

@ -13,12 +13,16 @@ function buildUserSaveValidation() {
_rev: Joi.string(), _rev: Joi.string(),
email: Joi.string(), email: Joi.string(),
password: Joi.string().allow(null, ""), password: Joi.string().allow(null, ""),
builder: Joi.object({
global: Joi.boolean().allow(undefined),
apps: Joi.array().allow(undefined),
}).unknown(true).allow(undefined),
// maps appId -> roleId for the user // maps appId -> roleId for the user
roles: Joi.object() roles: Joi.object()
.pattern(/.*/, Joi.string()) .pattern(/.*/, Joi.string())
.required() .required()
.unknown(true) .unknown(true)
}).required().unknown(true)) }).required().unknown(true).allow(undefined))
} }
router router