216 lines
6.9 KiB
JavaScript
216 lines
6.9 KiB
JavaScript
import {
|
|
setupApphierarchy,
|
|
basicAppHierarchyCreator_WithFields,
|
|
} from "./specHelpers"
|
|
import { userAuthFile, USERS_LOCK_FILE } from "../src/authApi/authCommon"
|
|
import { getLock } from "../src/common/lock"
|
|
import { getNewUserAuth } from "../src/authApi/getNewUser"
|
|
import { permission } from "../src/authApi/permissions"
|
|
|
|
describe("getNewUser", () => {
|
|
it("should create correct fields", async () => {
|
|
const { authApi } = await setupApphierarchy(
|
|
basicAppHierarchyCreator_WithFields
|
|
)
|
|
const user = authApi.getNewUser()
|
|
expect(user.name).toBe("")
|
|
expect(user.accessLevels).toEqual([])
|
|
expect(user.enabled).toBe(true)
|
|
expect(user.temporaryAccessId).toBe("")
|
|
})
|
|
})
|
|
|
|
describe("getNewUser", () => {
|
|
it("should create correct fields", async () => {
|
|
const { app } = await setupApphierarchy(basicAppHierarchyCreator_WithFields)
|
|
const userAuth = getNewUserAuth(app)()
|
|
expect(userAuth.passwordHash).toBe("")
|
|
expect(userAuth.temporaryAccessHash).toEqual("")
|
|
expect(userAuth.temporaryAccessExpiryEpoch).toBe(0)
|
|
})
|
|
})
|
|
|
|
describe("validateUsers", () => {
|
|
it("should not return errors for valid user", async () => {
|
|
const { authApi, app } = await setupApphierarchy(
|
|
basicAppHierarchyCreator_WithFields
|
|
)
|
|
const user = validUser(app, authApi)
|
|
const errs = authApi.validateUser([user], user)
|
|
expect(errs).toEqual([])
|
|
})
|
|
|
|
it("should have error when username is not set", async () => {
|
|
const { authApi, app } = await setupApphierarchy(
|
|
basicAppHierarchyCreator_WithFields
|
|
)
|
|
const user = validUser(app, authApi)
|
|
user.name = ""
|
|
const errs = authApi.validateUser([user], user)
|
|
expect(errs.length).toBe(1)
|
|
expect(errs[0].field).toBe("name")
|
|
})
|
|
|
|
it("should have error when duplicate usernames", async () => {
|
|
const { authApi, app } = await setupApphierarchy(
|
|
basicAppHierarchyCreator_WithFields
|
|
)
|
|
const user1 = validUser(app, authApi)
|
|
const user2 = validUser(app, authApi)
|
|
const errs = authApi.validateUser([user1, user2], user1)
|
|
expect(errs.length).toBe(1)
|
|
expect(errs[0].field).toBe("name")
|
|
})
|
|
|
|
it("should have error when no access levels", async () => {
|
|
const { authApi, app } = await setupApphierarchy(
|
|
basicAppHierarchyCreator_WithFields
|
|
)
|
|
const user = validUser(app, authApi)
|
|
user.accessLevels = []
|
|
const errs = authApi.validateUser([user], user)
|
|
expect(errs.length).toBe(1)
|
|
expect(errs[0].field).toBe("accessLevels")
|
|
})
|
|
})
|
|
|
|
describe("create and list users", () => {
|
|
it("should create and load a valid user", async () => {
|
|
const { authApi, app } = await setupApphierarchy(
|
|
basicAppHierarchyCreator_WithFields
|
|
)
|
|
const user = validUser(app, authApi)
|
|
await authApi.createUser(user)
|
|
const users = await authApi.getUsers()
|
|
expect(users.length).toBe(1)
|
|
expect(users[0].name).toBe(user.name)
|
|
})
|
|
|
|
it("should not save an invalid user", async () => {
|
|
const { authApi, app } = await setupApphierarchy(
|
|
basicAppHierarchyCreator_WithFields
|
|
)
|
|
const user = validUser(app, authApi)
|
|
user.name = ""
|
|
let e
|
|
try {
|
|
await authApi.createUser(user)
|
|
} catch (ex) {
|
|
e = ex
|
|
}
|
|
expect(e).toBeDefined()
|
|
const users = await authApi.getUsers()
|
|
expect(users.length).toBe(0)
|
|
})
|
|
|
|
it("should not save when users file is locked", async () => {
|
|
const { authApi, app } = await setupApphierarchy(
|
|
basicAppHierarchyCreator_WithFields
|
|
)
|
|
const user = validUser(app, authApi)
|
|
await getLock(app, USERS_LOCK_FILE, 10000, 0, 0)
|
|
let e
|
|
try {
|
|
await authApi.createUser(user)
|
|
} catch (ex) {
|
|
e = ex
|
|
}
|
|
expect(e).toBeDefined()
|
|
const users = await authApi.getUsers()
|
|
expect(users.length).toBe(0)
|
|
})
|
|
|
|
it("should create temporary access when no password supplied", async () => {
|
|
const { authApi, app } = await setupApphierarchy(
|
|
basicAppHierarchyCreator_WithFields
|
|
)
|
|
const user = validUser(app, authApi)
|
|
const returnedUser = await authApi.createUser(user)
|
|
expect(returnedUser.tempCode.length).toBeGreaterThan(0)
|
|
expect(returnedUser.temporaryAccessId.length).toBeGreaterThan(0)
|
|
})
|
|
|
|
it("should not store tempCode when temp access created", async () => {
|
|
const { authApi, app } = await setupApphierarchy(
|
|
basicAppHierarchyCreator_WithFields
|
|
)
|
|
const user = validUser(app, authApi)
|
|
await authApi.createUser(user)
|
|
const storedUser = (await authApi.getUsers())[0]
|
|
expect(storedUser.tempCode).toBeUndefined()
|
|
})
|
|
|
|
it("should create user auth file with password hash, when password supplied", async () => {
|
|
const { authApi, app } = await setupApphierarchy(
|
|
basicAppHierarchyCreator_WithFields
|
|
)
|
|
const user = validUser(app, authApi)
|
|
const returnedUser = await authApi.createUser(user, "password")
|
|
expect(returnedUser.tempCode).toBeUndefined()
|
|
expect(returnedUser.temporaryAccessId).toBeUndefined()
|
|
|
|
const userAuth = await app.datastore.loadJson(userAuthFile(user.name))
|
|
expect(userAuth.passwordHash.length).toBeGreaterThan(0)
|
|
})
|
|
|
|
it("should not create user when user with same name already exists", async () => {
|
|
const { authApi, app } = await setupApphierarchy(
|
|
basicAppHierarchyCreator_WithFields
|
|
)
|
|
const user = validUser(app, authApi)
|
|
await authApi.createUser(user)
|
|
|
|
let e
|
|
try {
|
|
await authApi.createUser(user)
|
|
} catch (ex) {
|
|
e = ex
|
|
}
|
|
expect(e).toBeDefined()
|
|
const users = await authApi.getUsers()
|
|
expect(users.length).toBe(1)
|
|
})
|
|
|
|
it("create should throw error when user user does not have permission", async () => {
|
|
const { authApi, app } = await setupApphierarchy(
|
|
basicAppHierarchyCreator_WithFields
|
|
)
|
|
const user = validUser(app, authApi)
|
|
app.removePermission(permission.createUser.get())
|
|
expect(authApi.createUser(user)).rejects.toThrow(/Unauthorized/)
|
|
})
|
|
|
|
it("create should not depend on having any other permissions", async () => {
|
|
const { authApi, app } = await setupApphierarchy(
|
|
basicAppHierarchyCreator_WithFields
|
|
)
|
|
const user = validUser(app, authApi)
|
|
app.withOnlyThisPermission(permission.createUser.get())
|
|
await authApi.createUser(user)
|
|
})
|
|
|
|
it("list should throw error when user user does not have permission", async () => {
|
|
const { authApi, app } = await setupApphierarchy(
|
|
basicAppHierarchyCreator_WithFields
|
|
)
|
|
app.removePermission(permission.listUsers.get())
|
|
expect(authApi.getUsers()).rejects.toThrow(/Unauthorized/)
|
|
})
|
|
|
|
it("list should not depend on having any other permissions", async () => {
|
|
const { authApi, app } = await setupApphierarchy(
|
|
basicAppHierarchyCreator_WithFields
|
|
)
|
|
app.withOnlyThisPermission(permission.listUsers.get())
|
|
await authApi.getUsers()
|
|
})
|
|
})
|
|
|
|
const validUser = (app, authApi) => {
|
|
const u = authApi.getNewUser(app)
|
|
u.name = "bob"
|
|
u.accessLevels = ["admin"]
|
|
u.enabled = true
|
|
return u
|
|
}
|