Getting most of the test auth working, adding in global builder configuration.
This commit is contained in:
parent
f1e37a501c
commit
105e1cc16f
|
@ -29,6 +29,9 @@
|
||||||
email: "test@test.com",
|
email: "test@test.com",
|
||||||
password: "test",
|
password: "test",
|
||||||
roles: {},
|
roles: {},
|
||||||
|
builder: {
|
||||||
|
global: true,
|
||||||
|
}
|
||||||
})
|
})
|
||||||
notifier.success("Test user created")
|
notifier.success("Test user created")
|
||||||
} catch (err) {
|
} catch (err) {
|
||||||
|
|
|
@ -10,8 +10,15 @@ module.exports = async (url, opts) => {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (url.includes("/api/admin")) {
|
||||||
|
return json({
|
||||||
|
email: "test@test.com",
|
||||||
|
_id: "us_test@test.com",
|
||||||
|
status: "active",
|
||||||
|
})
|
||||||
|
}
|
||||||
// mocked data based on url
|
// mocked data based on url
|
||||||
if (url.includes("api/apps")) {
|
else if (url.includes("api/apps")) {
|
||||||
return json({
|
return json({
|
||||||
app1: {
|
app1: {
|
||||||
url: "/app1",
|
url: "/app1",
|
||||||
|
@ -41,12 +48,6 @@ module.exports = async (url, opts) => {
|
||||||
],
|
],
|
||||||
bookmark: "test",
|
bookmark: "test",
|
||||||
})
|
})
|
||||||
} else if (url.includes("/api/admin")) {
|
|
||||||
return json({
|
|
||||||
email: "test@test.com",
|
|
||||||
_id: "us_test@test.com",
|
|
||||||
status: "active",
|
|
||||||
})
|
|
||||||
}
|
}
|
||||||
return fetch(url, opts)
|
return fetch(url, opts)
|
||||||
}
|
}
|
||||||
|
|
|
@ -30,14 +30,10 @@ module.exports = (permType, permLevel = null) => async (ctx, next) => {
|
||||||
ctx.roleId
|
ctx.roleId
|
||||||
)
|
)
|
||||||
|
|
||||||
// TODO: need to determine if the user has permission to build here, global cookie
|
let isBuilder = ctx.user && ctx.user.builder && ctx.user.builder.global
|
||||||
|
if (permType === PermissionTypes.BUILDER && isBuilder) {
|
||||||
// this may need to change in the future, right now only admins
|
|
||||||
// can have access to builder features, this is hard coded into
|
|
||||||
// our rules
|
|
||||||
if (isAuthed) {
|
|
||||||
return next()
|
return next()
|
||||||
} else if (permType === PermissionTypes.BUILDER) {
|
} else if (permType === PermissionTypes.BUILDER && !isBuilder) {
|
||||||
return ctx.throw(403, "Not Authorized")
|
return ctx.throw(403, "Not Authorized")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -15,12 +15,11 @@ module.exports = async (ctx, next) => {
|
||||||
|
|
||||||
let updateCookie = false,
|
let updateCookie = false,
|
||||||
appId,
|
appId,
|
||||||
roleId
|
roleId = BUILTIN_ROLE_IDS.PUBLIC
|
||||||
if (!ctx.user) {
|
if (!ctx.user) {
|
||||||
// not logged in, try to set a cookie for public apps
|
// not logged in, try to set a cookie for public apps
|
||||||
updateCookie = true
|
updateCookie = true
|
||||||
appId = requestAppId
|
appId = requestAppId
|
||||||
roleId = BUILTIN_ROLE_IDS.PUBLIC
|
|
||||||
} else if (
|
} else if (
|
||||||
requestAppId != null &&
|
requestAppId != null &&
|
||||||
(appCookie == null ||
|
(appCookie == null ||
|
||||||
|
@ -31,7 +30,9 @@ module.exports = async (ctx, next) => {
|
||||||
const globalUser = await getGlobalUsers(ctx, requestAppId, ctx.user.email)
|
const globalUser = await getGlobalUsers(ctx, requestAppId, ctx.user.email)
|
||||||
updateCookie = true
|
updateCookie = true
|
||||||
appId = requestAppId
|
appId = requestAppId
|
||||||
roleId = globalUser.roles[requestAppId] || BUILTIN_ROLE_IDS.PUBLIC
|
if (globalUser.roles && globalUser.roles[requestAppId]) {
|
||||||
|
roleId = globalUser.roles[requestAppId]
|
||||||
|
}
|
||||||
} else if (appCookie != null) {
|
} else if (appCookie != null) {
|
||||||
appId = appCookie.appId
|
appId = appCookie.appId
|
||||||
roleId = appCookie.roleId || BUILTIN_ROLE_IDS.PUBLIC
|
roleId = appCookie.roleId || BUILTIN_ROLE_IDS.PUBLIC
|
||||||
|
|
|
@ -15,6 +15,7 @@ const {
|
||||||
const controllers = require("./controllers")
|
const controllers = require("./controllers")
|
||||||
const supertest = require("supertest")
|
const supertest = require("supertest")
|
||||||
const { cleanup } = require("../../utilities/fileSystem")
|
const { cleanup } = require("../../utilities/fileSystem")
|
||||||
|
const { Cookies } = require("@budibase/auth")
|
||||||
|
|
||||||
const EMAIL = "babs@babs.com"
|
const EMAIL = "babs@babs.com"
|
||||||
const PASSWORD = "babs_password"
|
const PASSWORD = "babs_password"
|
||||||
|
@ -68,16 +69,26 @@ class TestConfiguration {
|
||||||
}
|
}
|
||||||
|
|
||||||
defaultHeaders() {
|
defaultHeaders() {
|
||||||
const builderUser = {
|
const user = {
|
||||||
userId: "BUILDER",
|
userId: "us_test@test.com",
|
||||||
|
email: "test@test.com",
|
||||||
roleId: BUILTIN_ROLE_IDS.BUILDER,
|
roleId: BUILTIN_ROLE_IDS.BUILDER,
|
||||||
|
builder: {
|
||||||
|
global: true,
|
||||||
|
},
|
||||||
}
|
}
|
||||||
const builderToken = jwt.sign(builderUser, env.JWT_SECRET)
|
const app = {
|
||||||
// can be "production" for test case
|
roleId: BUILTIN_ROLE_IDS.BUILDER,
|
||||||
const type = env.isProd() ? "cloud" : "local"
|
appId: this.appId,
|
||||||
|
}
|
||||||
|
const authToken = jwt.sign(user, env.JWT_SECRET)
|
||||||
|
const appToken = jwt.sign(app, env.JWT_SECRET)
|
||||||
const headers = {
|
const headers = {
|
||||||
Accept: "application/json",
|
Accept: "application/json",
|
||||||
Cookie: [`budibase:builder:${type}=${builderToken}`],
|
Cookie: [
|
||||||
|
`${Cookies.Auth}=${authToken}`,
|
||||||
|
`${Cookies.CurrentApp}=${appToken}`,
|
||||||
|
],
|
||||||
}
|
}
|
||||||
if (this.appId) {
|
if (this.appId) {
|
||||||
headers["x-budibase-app-id"] = this.appId
|
headers["x-budibase-app-id"] = this.appId
|
||||||
|
@ -307,20 +318,18 @@ class TestConfiguration {
|
||||||
}
|
}
|
||||||
if (!email || !password) {
|
if (!email || !password) {
|
||||||
await this.createUser()
|
await this.createUser()
|
||||||
email = EMAIL
|
|
||||||
password = PASSWORD
|
|
||||||
}
|
}
|
||||||
const result = await this.request
|
const user = {
|
||||||
.post(`/api/authenticate`)
|
userId: "us_test@test.com",
|
||||||
.set({
|
email: EMAIL,
|
||||||
"x-budibase-app-id": this.appId,
|
roleId: BUILTIN_ROLE_IDS.BASIC,
|
||||||
})
|
}
|
||||||
.send({ email, password })
|
const token = jwt.sign(user, env.JWT_SECRET)
|
||||||
|
|
||||||
// returning necessary request headers
|
// returning necessary request headers
|
||||||
return {
|
return {
|
||||||
Accept: "application/json",
|
Accept: "application/json",
|
||||||
Cookie: result.headers["set-cookie"],
|
Cookie: [`${Cookies.Auth}=${token}`],
|
||||||
"x-budibase-app-id": this.appId,
|
"x-budibase-app-id": this.appId,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -99,6 +99,9 @@ exports.saveGlobalUser = async (ctx, appId, email, body) => {
|
||||||
password: body.password || undefined,
|
password: body.password || undefined,
|
||||||
status: body.status,
|
status: body.status,
|
||||||
roles,
|
roles,
|
||||||
|
builder: {
|
||||||
|
global: true,
|
||||||
|
},
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -13,12 +13,16 @@ function buildUserSaveValidation() {
|
||||||
_rev: Joi.string(),
|
_rev: Joi.string(),
|
||||||
email: Joi.string(),
|
email: Joi.string(),
|
||||||
password: Joi.string().allow(null, ""),
|
password: Joi.string().allow(null, ""),
|
||||||
|
builder: Joi.object({
|
||||||
|
global: Joi.boolean().allow(undefined),
|
||||||
|
apps: Joi.array().allow(undefined),
|
||||||
|
}).unknown(true).allow(undefined),
|
||||||
// maps appId -> roleId for the user
|
// maps appId -> roleId for the user
|
||||||
roles: Joi.object()
|
roles: Joi.object()
|
||||||
.pattern(/.*/, Joi.string())
|
.pattern(/.*/, Joi.string())
|
||||||
.required()
|
.required()
|
||||||
.unknown(true)
|
.unknown(true)
|
||||||
}).required().unknown(true))
|
}).required().unknown(true).allow(undefined))
|
||||||
}
|
}
|
||||||
|
|
||||||
router
|
router
|
||||||
|
|
Loading…
Reference in New Issue