import {setupApphierarchy, basicAppHierarchyCreator_WithFields} from "./specHelpers"; import { userAuthFile, USERS_LOCK_FILE} from "../src/authApi/authCommon"; import {getLock} from "../src/common/lock"; import {getNewUserAuth} from "../src/authApi/getNewUser"; import {permission} from "../src/authApi/permissions"; describe("getNewUser", () => { it("should create correct fields", async () => { const {authApi} = await setupApphierarchy(basicAppHierarchyCreator_WithFields); const user = authApi.getNewUser(); expect(user.name).toBe(""); expect(user.accessLevels).toEqual([]); expect(user.enabled).toBe(true); expect(user.temporaryAccessId).toBe(""); }); }) describe("getNewUser", () => { it("should create correct fields", async () => { const {app} = await setupApphierarchy(basicAppHierarchyCreator_WithFields); const userAuth = getNewUserAuth(app)(); expect(userAuth.passwordHash).toBe(""); expect(userAuth.temporaryAccessHash).toEqual(""); expect(userAuth.temporaryAccessExpiryEpoch).toBe(0); }); }); describe("validateUsers", () => { it("should not return errors for valid user", async () => { const {authApi, app} = await setupApphierarchy(basicAppHierarchyCreator_WithFields); const user = validUser(app, authApi); const errs = authApi.validateUser([user], user); expect(errs).toEqual([]); }); it("should have error when username is not set", async () => { const {authApi, app} = await setupApphierarchy(basicAppHierarchyCreator_WithFields); const user = validUser(app, authApi); user.name = ""; const errs = authApi.validateUser([user], user); expect(errs.length).toBe(1); expect(errs[0].field).toBe("name"); }); it("should have error when duplicate usernames", async () => { const {authApi, app} = await setupApphierarchy(basicAppHierarchyCreator_WithFields); const user1 = validUser(app, authApi); const user2 = validUser(app, authApi); const errs = authApi.validateUser([user1, user2], user1); expect(errs.length).toBe(1); expect(errs[0].field).toBe("name"); }); it("should have error when no access levels", async () => { const {authApi, app} = await setupApphierarchy(basicAppHierarchyCreator_WithFields); const user = validUser(app, authApi); user.accessLevels = []; const errs = authApi.validateUser([user], user); expect(errs.length).toBe(1); expect(errs[0].field).toBe("accessLevels"); }); }); describe("create and list users", () => { it("should create and load a valid user", async () => { const {authApi, app} = await setupApphierarchy(basicAppHierarchyCreator_WithFields); const user = validUser(app, authApi); await authApi.createUser(user); const users = await authApi.getUsers(); expect(users.length).toBe(1); expect(users[0].name).toBe(user.name); }); it("should not save an invalid user", async () => { const {authApi, app} = await setupApphierarchy(basicAppHierarchyCreator_WithFields); const user = validUser(app, authApi); user.name = ""; let e; try { await authApi.createUser(user); } catch(ex) { e=ex; } expect(e).toBeDefined(); const users = await authApi.getUsers(); expect(users.length).toBe(0); }); it("should not save when users file is locked", async () => { const {authApi, app} = await setupApphierarchy(basicAppHierarchyCreator_WithFields); const user = validUser(app, authApi); await getLock( app, USERS_LOCK_FILE, 10000, 0,0); let e; try { await authApi.createUser(user); } catch(ex) { e=ex; } expect(e).toBeDefined(); const users = await authApi.getUsers(); expect(users.length).toBe(0); }); it("should create temporary access when no password supplied", async () => { const {authApi, app} = await setupApphierarchy(basicAppHierarchyCreator_WithFields); const user = validUser(app, authApi); const returnedUser = await authApi.createUser(user); expect(returnedUser.tempCode.length).toBeGreaterThan(0); expect(returnedUser.temporaryAccessId.length).toBeGreaterThan(0); }); it("should not store tempCode when temp access created", async () => { const {authApi, app} = await setupApphierarchy(basicAppHierarchyCreator_WithFields); const user = validUser(app, authApi); await authApi.createUser(user); const storedUser = (await authApi.getUsers())[0]; expect(storedUser.tempCode).toBeUndefined(); }); it("should create user auth file with password hash, when password supplied", async () => { const {authApi, app} = await setupApphierarchy(basicAppHierarchyCreator_WithFields); const user = validUser(app, authApi); const returnedUser = await authApi.createUser(user, "password"); expect(returnedUser.tempCode).toBeUndefined(); expect(returnedUser.temporaryAccessId).toBeUndefined(); const userAuth = await app.datastore.loadJson( userAuthFile(user.name) ); expect(userAuth.passwordHash.length).toBeGreaterThan(0); }); it("should not create user when user with same name already exists", async () => { const {authApi, app} = await setupApphierarchy(basicAppHierarchyCreator_WithFields); const user = validUser(app, authApi); await authApi.createUser(user); let e; try { await authApi.createUser(user); } catch(ex) { e=ex; } expect(e).toBeDefined(); const users = await authApi.getUsers(); expect(users.length).toBe(1); }); it("create should throw error when user user does not have permission", async () => { const {authApi, app} = await setupApphierarchy(basicAppHierarchyCreator_WithFields); const user = validUser(app, authApi); app.removePermission(permission.createUser.get()); expect(authApi.createUser(user)).rejects.toThrow(/Unauthorized/); }); it("create should not depend on having any other permissions", async () => { const {authApi, app} = await setupApphierarchy(basicAppHierarchyCreator_WithFields); const user = validUser(app, authApi); app.withOnlyThisPermission(permission.createUser.get()); await authApi.createUser(user); }); it("list should throw error when user user does not have permission", async () => { const {authApi, app} = await setupApphierarchy(basicAppHierarchyCreator_WithFields); app.removePermission(permission.listUsers.get()); expect(authApi.getUsers()).rejects.toThrow(/Unauthorized/); }); it("list should not depend on having any other permissions", async () => { const {authApi, app} = await setupApphierarchy(basicAppHierarchyCreator_WithFields); app.withOnlyThisPermission(permission.listUsers.get()); await authApi.getUsers(); }); }); const validUser = (app, authApi) => { const u = authApi.getNewUser(app); u.name = "bob"; u.accessLevels = ["admin"]; u.enabled = true; return u; };