Added adminOnly auth option and auth middleware tests

2017-12-26 09:11:48 +02:00 · 2017-12-26 09:11:48 +02:00 · 4406ec8e15
parent c4d1490d01
commit 4406ec8e15
4 changed files with 888 additions and 320 deletions
--- a/package.json
+++ b/package.json
@ -188,13 +188,13 @@
    "webpack": "1.13.2"
  },
  "devDependencies": {
-    "babel-jest": "^20.0.0",
+    "babel-jest": "22",
    "enzyme": "2.8.2",
    "enzyme-to-json": "^1.5.1",
    "fetch-test-server": "^1.1.0",
    "flow-bin": "^0.49.1",
    "identity-obj-proxy": "^3.0.0",
-    "jest-cli": "^20.0.0",
+    "jest-cli": "22",
    "koa-webpack-dev-middleware": "1.4.5",
    "koa-webpack-hot-middleware": "1.0.3",
    "lint-staged": "^3.4.0",
@ -203,4 +203,4 @@
    "raf": "^3.4.0",
    "react-test-renderer": "^16.1.0"
  }
-}
+}
--- a/server/api/middlewares/authentication.js
+++ b/server/api/middlewares/authentication.js
@ -5,7 +5,17 @@ import { type Context } from 'koa';

 import { User, ApiKey } from '../../models';

-export default function auth({ require = true }: { require?: boolean } = {}) {
+type AuthOptions = {
+  require?: boolean,
+  adminOnly?: boolean,
+};
+
+export default function auth(options: AuthOptions = {}) {
+  options = {
+    require: true,
+    ...options,
+  };
+
  return async function authMiddleware(
    ctx: Context,
    next: () => Promise<void>
@ -25,8 +35,7 @@ export default function auth({ require = true }: { require?: boolean } = {}) {
      } else {
        if (require) {
          throw httpErrors.Unauthorized(
-            `Bad Authorization header format. \
-            Format is "Authorization: Bearer <token>"\n`
+            `Bad Authorization header format. Format is "Authorization: Bearer <token>"`
          );
        }
      }
@ -57,13 +66,13 @@ export default function auth({ require = true }: { require?: boolean } = {}) {
          throw httpErrors.Unauthorized('Invalid API key');
        }

-        if (!apiKey) throw httpErrors.Unauthorized('Invalid token');
+        if (!apiKey) throw httpErrors.Unauthorized('Invalid API key');

        user = await User.findOne({
          where: { id: apiKey.userId },
        });

-        if (!user) throw httpErrors.Unauthorized('Invalid token');
+        if (!user) throw httpErrors.Unauthorized('Invalid API key');
      } else {
        // JWT
        // Get user without verifying payload signature
@ -87,6 +96,10 @@ export default function auth({ require = true }: { require?: boolean } = {}) {
        }
      }

+      if (options.adminOnly && !user.isAdmin) {
+        throw httpErrors.Forbidden('Only available for admins');
+      }
+
      ctx.state.token = token;
      ctx.state.user = user;
      // $FlowFixMe
--- a/server/api/middlewares/authentication.test.js
+++ b/server/api/middlewares/authentication.test.js
@ -0,0 +1,197 @@
+/* eslint-disable flowtype/require-valid-file-annotation */
+import { flushdb, seed } from '../../test/support';
+import ApiKey from '../../models/ApiKey';
+import randomstring from 'randomstring';
+import auth from './authentication';
+
+beforeEach(flushdb);
+
+describe('Authentication middleware', async () => {
+  describe('with JWT', () => {
+    it('should authenticate with correct token', async () => {
+      const state = {};
+      const { user } = await seed();
+      const authMiddleware = auth();
+
+      await authMiddleware(
+        {
+          request: {
+            get: jest.fn(() => `Bearer ${user.getJwtToken()}`),
+          },
+          state,
+          cache: {},
+        },
+        jest.fn()
+      );
+      expect(state.user.id).toEqual(user.id);
+    });
+
+    it('should return error with invalid token', async () => {
+      const state = {};
+      const { user } = await seed();
+      const authMiddleware = auth();
+
+      try {
+        await authMiddleware(
+          {
+            request: {
+              get: jest.fn(() => `Bearer ${user.getJwtToken()}error`),
+            },
+            state,
+            cache: {},
+          },
+          jest.fn()
+        );
+      } catch (e) {
+        expect(e.message).toBe('Invalid token');
+      }
+    });
+  });
+
+  describe('with API key', () => {
+    it('should authenticate user with valid API key', async () => {
+      const state = {};
+      const { user } = await seed();
+      const authMiddleware = auth();
+      const key = await ApiKey.create({
+        userId: user.id,
+      });
+
+      await authMiddleware(
+        {
+          request: {
+            get: jest.fn(() => `Bearer ${key.secret}`),
+          },
+          state,
+          cache: {},
+        },
+        jest.fn()
+      );
+      expect(state.user.id).toEqual(user.id);
+    });
+
+    it('should return error with invalid API key', async () => {
+      const state = {};
+      const authMiddleware = auth();
+
+      try {
+        await authMiddleware(
+          {
+            request: {
+              get: jest.fn(() => `Bearer ${randomstring.generate(38)}`),
+            },
+            state,
+            cache: {},
+          },
+          jest.fn()
+        );
+      } catch (e) {
+        expect(e.message).toBe('Invalid API key');
+      }
+    });
+  });
+
+  describe('adminOnly', () => {
+    it('should work if user is an admin', async () => {
+      const state = {};
+      const { user } = await seed();
+      const authMiddleware = auth({ adminOnly: true });
+      user.isAdmin = true;
+      await user.save();
+
+      await authMiddleware(
+        {
+          request: {
+            get: jest.fn(() => `Bearer ${user.getJwtToken()}`),
+          },
+          state,
+          cache: {},
+        },
+        jest.fn()
+      );
+      expect(state.user.id).toEqual(user.id);
+    });
+
+    it('should raise 403 if user is not an admin', async () => {
+      const { user } = await seed();
+      const authMiddleware = auth({ adminOnly: true });
+      user.idAdmin = true;
+      await user.save();
+
+      try {
+        await authMiddleware({
+          request: {
+            get: jest.fn(() => `Bearer ${user.getJwtToken()}`),
+          },
+        });
+      } catch (e) {
+        expect(e.message).toBe('Only available for admins');
+      }
+    });
+  });
+
+  it('should return error message if no auth token is available', async () => {
+    const state = {};
+    const authMiddleware = auth();
+
+    try {
+      await authMiddleware(
+        {
+          request: {
+            get: jest.fn(() => 'error'),
+          },
+          state,
+          cache: {},
+        },
+        jest.fn()
+      );
+    } catch (e) {
+      expect(e.message).toBe(
+        'Bad Authorization header format. Format is "Authorization: Bearer <token>"'
+      );
+    }
+  });
+
+  it('should allow passing auth token as a GET param', async () => {
+    const state = {};
+    const { user } = await seed();
+    const authMiddleware = auth();
+
+    await authMiddleware(
+      {
+        request: {
+          get: jest.fn(() => null),
+          query: {
+            token: user.getJwtToken(),
+          },
+        },
+        body: {},
+        state,
+        cache: {},
+      },
+      jest.fn()
+    );
+    expect(state.user.id).toEqual(user.id);
+  });
+
+  it('should allow passing auth token in body params', async () => {
+    const state = {};
+    const { user } = await seed();
+    const authMiddleware = auth();
+
+    await authMiddleware(
+      {
+        request: {
+          get: jest.fn(() => null),
+        },
+        body: {
+          token: user.getJwtToken(),
+        },
+        state,
+        cache: {},
+      },
+      jest.fn()
+    );
+    expect(state.user.id).toEqual(user.id);
+  });
+});
--- a/yarn.lock
+++ b/yarn.lock