github/directus
1
0
Fork 0
mirror of https://github.com/directus/directus.git synced 2026-01-15 02:58:11 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
1c3e94d8308e85a03dc5da170f3fc33bfc9b3196
directus/api/tests/middleware/authenticate.test.ts
Rijk van Zanten eea9f45624 Add authenticate hook to implement custom auth checks against current request (#11942) 
* Add "authenticate" filter hook that allows custom auth check

* Start on test

* Update Jest, restructure API tests, start implementing authenticate test

* Move access token verify to util function

* Ensure jest can show inline warnings on correct lines

* Update is-directus-jwt to use jsonwebtoken decode + add tests

* Remove unused package

* Tweak and finish + test authenticate

* Tweak test

* Add authenticate filter to docs

* Don't scan tests for codeql

* No seriously, ignore tests
2022-03-03 16:29:13 -05:00

218 lines
5.1 KiB
TypeScript
Raw Blame History

// @ts-nocheck
import jwt from 'jsonwebtoken';
import getDatabase from '../../src/database';
import emitter from '../../src/emitter';
import env from '../../src/env';
import { InvalidCredentialsException } from '../../src/exceptions';
import { handler } from '../../src/middleware/authenticate';
import '../../src/types/express.d.ts';
jest.mock('../../src/database');
jest.mock('../../src/env', () => ({
SECRET: 'test',
}));
afterEach(() => {
jest.resetAllMocks();
});
test('Short-circuits when authenticate filter is used', async () => {
const req = {
ip: '127.0.0.1',
get: jest.fn(),
};
const res = {};
const next = jest.fn();
const customAccountability = { admin: true };
jest.spyOn(emitter, 'emitFilter').mockResolvedValue(customAccountability);
await handler(req, res, next);
expect(req.accountability).toEqual(customAccountability);
expect(next).toHaveBeenCalledTimes(1);
});
test('Uses default public accountability when no token is given', async () => {
const req = {
ip: '127.0.0.1',
get: jest.fn((string) => (string === 'user-agent' ? 'fake-user-agent' : null)),
};
const res = {};
const next = jest.fn();
jest.spyOn(emitter, 'emitFilter').mockImplementation((_, payload) => payload);
await handler(req, res, next);
expect(req.accountability).toEqual({
user: null,
role: null,
admin: false,
app: false,
ip: '127.0.0.1',
userAgent: 'fake-user-agent',
});
expect(next).toHaveBeenCalledTimes(1);
});
test('Sets accountability to payload contents if valid token is passed', async () => {
const userID = '3fac3c02-607f-4438-8d6e-6b8b25109b52';
const roleID = '38269fc6-6eb6-475a-93cb-479d97f73039';
const share = 'ca0ad005-f4ad-4bfe-b428-419ee8784790';
const shareScope = {
collection: 'articles',
item: 15,
};
const appAccess = true;
const adminAccess = false;
const token = jwt.sign(
{
id: userID,
role: roleID,
app_access: appAccess,
admin_access: adminAccess,
share,
share_scope: shareScope,
},
env.SECRET,
{ issuer: 'directus' }
);
const req = {
ip: '127.0.0.1',
get: jest.fn((string) => (string === 'user-agent' ? 'fake-user-agent' : null)),
token,
};
const res = {};
const next = jest.fn();
await handler(req, res, next);
expect(req.accountability).toEqual({
user: userID,
role: roleID,
app: appAccess,
admin: adminAccess,
share,
share_scope: shareScope,
ip: '127.0.0.1',
userAgent: 'fake-user-agent',
});
expect(next).toHaveBeenCalledTimes(1);
// Test with 1/0 instead or true/false
next.mockClear();
req.token = jwt.sign(
{
id: userID,
role: roleID,
app_access: 1,
admin_access: 0,
share,
share_scope: shareScope,
},
env.SECRET,
{ issuer: 'directus' }
);
await handler(req, res, next);
expect(req.accountability).toEqual({
user: userID,
role: roleID,
app: appAccess,
admin: adminAccess,
share,
share_scope: shareScope,
ip: '127.0.0.1',
userAgent: 'fake-user-agent',
});
expect(next).toHaveBeenCalledTimes(1);
});
test('Throws InvalidCredentialsException when static token is used, but user does not exist', async () => {
jest.mocked(getDatabase).mockReturnValue({
select: jest.fn().mockReturnThis(),
from: jest.fn().mockReturnThis(),
leftJoin: jest.fn().mockReturnThis(),
where: jest.fn().mockReturnThis(),
first: jest.fn().mockResolvedValue(undefined),
});
const req = {
ip: '127.0.0.1',
get: jest.fn((string) => (string === 'user-agent' ? 'fake-user-agent' : null)),
token: 'static-token',
};
const res = {};
const next = jest.fn();
expect(handler(req, res, next)).rejects.toEqual(new InvalidCredentialsException());
expect(next).toHaveBeenCalledTimes(0);
});
test('Sets accountability to user information when static token is used', async () => {
const req = {
ip: '127.0.0.1',
get: jest.fn((string) => (string === 'user-agent' ? 'fake-user-agent' : null)),
token: 'static-token',
};
const res = {};
const next = jest.fn();
const testUser = { id: 'test-id', role: 'test-role', admin_access: true, app_access: false };
const expectedAccountability = {
user: testUser.id,
role: testUser.role,
app: testUser.app_access,
admin: testUser.admin_access,
ip: '127.0.0.1',
userAgent: 'fake-user-agent',
};
jest.mocked(getDatabase).mockReturnValue({
select: jest.fn().mockReturnThis(),
from: jest.fn().mockReturnThis(),
leftJoin: jest.fn().mockReturnThis(),
where: jest.fn().mockReturnThis(),
first: jest.fn().mockResolvedValue(testUser),
});
await handler(req, res, next);
expect(req.accountability).toEqual(expectedAccountability);
expect(next).toHaveBeenCalledTimes(1);
// Test for 0 / 1 instead of false / true
next.mockClear();
testUser.admin_access = 1;
testUser.app_access = 0;
await handler(req, res, next);
expect(req.accountability).toEqual(expectedAccountability);
expect(next).toHaveBeenCalledTimes(1);
// Test for "1" / "0" instead of true / false
next.mockClear();
testUser.admin_access = '0';
testUser.app_access = '1';
expectedAccountability.admin = false;
expectedAccountability.app = true;
await handler(req, res, next);
expect(req.accountability).toEqual(expectedAccountability);
expect(next).toHaveBeenCalledTimes(1);
});
Reference in New Issue View Git Blame Copy Permalink