176 lines
5.6 KiB
JavaScript
176 lines
5.6 KiB
JavaScript
#!/usr/bin/env node
|
|
|
|
/**
|
|
* Integration Test for Composable Security Architecture
|
|
*
|
|
* This test attempts to load the composable security system with real
|
|
* plugin-based authorization enhancers. It will only pass if the required
|
|
* modules are properly installed and configured.
|
|
*
|
|
* Required modules for full test:
|
|
* - wiki-security-friends (mocked in this test)
|
|
* - wiki-plugin-useraccesstokens
|
|
* - wiki-plugin-ratelimit
|
|
*
|
|
* Usage:
|
|
* node test/integration.test.js
|
|
*/
|
|
|
|
const path = require('path');
|
|
|
|
// Mock the require function first, before any other requires
|
|
const originalRequire = require;
|
|
|
|
// Mock base security plugin (friends)
|
|
const mockFriendsPlugin = (log, loga, argv) => ({
|
|
retrieveOwner: (cb) => {
|
|
console.log('[FRIENDS] Retrieving owner...');
|
|
cb();
|
|
},
|
|
getOwner: () => 'test-owner',
|
|
setOwner: (id, cb) => {
|
|
console.log(`[FRIENDS] Setting owner to: ${id}`);
|
|
cb();
|
|
},
|
|
getUser: (req) => {
|
|
if (req.session && req.session.friend) {
|
|
return 'test-user';
|
|
}
|
|
return '';
|
|
},
|
|
isAuthorized: (req) => {
|
|
return req.session && req.session.friend === 'test-secret';
|
|
},
|
|
isAdmin: (req) => {
|
|
return req.session && req.session.friend === 'admin-secret';
|
|
},
|
|
defineRoutes: (app, cors, updateOwner) => {
|
|
app.post('/login', 'friends-login-handler');
|
|
app.get('/logout', 'friends-logout-handler');
|
|
},
|
|
_debug: { authProvider: 'wiki-security-friends' }
|
|
});
|
|
|
|
// Set up module mocking - only mock the base auth provider
|
|
// The plugin-based authorization enhancers will be loaded as real modules
|
|
const moduleCache = new Map();
|
|
moduleCache.set('wiki-security-friends', mockFriendsPlugin);
|
|
|
|
require = function(module) {
|
|
if (moduleCache.has(module)) {
|
|
return moduleCache.get(module);
|
|
}
|
|
return originalRequire(module);
|
|
};
|
|
const mockLog = (msg) => console.log(`[LOG] ${msg}`);
|
|
const mockLoga = mockLog;
|
|
const mockArgv = {
|
|
status: './test-status',
|
|
auth_provider: 'wiki-security-friends',
|
|
authz_enhancers: ['wiki-plugin-useraccesstokens', 'wiki-plugin-ratelimit'],
|
|
ratelimit_config: {
|
|
windowMs: 60000, // 1 minute for testing
|
|
maxRequests: 10,
|
|
maxAuthRequests: 3
|
|
}
|
|
};
|
|
|
|
// Mock Express app
|
|
const mockApp = {
|
|
use: (path, middleware) => console.log(`[APP] Added middleware for: ${path || 'all routes'}`),
|
|
get: (path, ...handlers) => console.log(`[APP] Added GET route: ${path}`),
|
|
post: (path, ...handlers) => console.log(`[APP] Added POST route: ${path}`),
|
|
delete: (path, ...handlers) => console.log(`[APP] Added DELETE route: ${path}`)
|
|
};
|
|
|
|
const mockCors = (req, res, next) => next();
|
|
const mockUpdateOwner = (owner) => console.log(`[OWNER] Updated to: ${owner}`);
|
|
|
|
console.log('=== Composable Security Integration Test ===\n');
|
|
console.log('This test attempts to load real plugin-based authorization enhancers.');
|
|
console.log('It will fail if required plugin modules are not installed.\n');
|
|
|
|
// Test 1: Load the composable security system
|
|
console.log('1. Loading composable security system...');
|
|
try {
|
|
const ComposableSecurity = require('../index.js');
|
|
const security = ComposableSecurity(mockLog, mockLoga, mockArgv);
|
|
|
|
console.log('✓ Composable security loaded successfully');
|
|
console.log(`✓ Debug info:`, security._debug);
|
|
console.log();
|
|
|
|
// Test 2: Initialize routes
|
|
console.log('2. Initializing routes...');
|
|
security.defineRoutes(mockApp, mockCors, mockUpdateOwner);
|
|
console.log('✓ Routes initialized');
|
|
console.log();
|
|
|
|
// Test 3: Test owner management
|
|
console.log('3. Testing owner management...');
|
|
security.retrieveOwner(() => {
|
|
const owner = security.getOwner();
|
|
console.log(`✓ Current owner: ${owner}`);
|
|
});
|
|
console.log();
|
|
|
|
// Test 4: Test request handling
|
|
console.log('4. Testing request handling...');
|
|
|
|
// Mock requests
|
|
const mockReqAuth = {
|
|
session: { friend: 'test-secret' },
|
|
ip: '127.0.0.1',
|
|
path: '/test',
|
|
get: () => null,
|
|
query: {}
|
|
};
|
|
|
|
const mockReqToken = {
|
|
session: {},
|
|
ip: '127.0.0.1',
|
|
path: '/api/test',
|
|
get: (header) => header === 'Authorization' ? 'Bearer uat_test123' : null,
|
|
query: {}
|
|
};
|
|
|
|
const mockReqUnauth = {
|
|
session: {},
|
|
ip: '127.0.0.1',
|
|
path: '/test',
|
|
get: () => null,
|
|
query: {}
|
|
};
|
|
|
|
// Test authenticated request
|
|
console.log('Testing authenticated request...');
|
|
console.log(` User: ${security.getUser(mockReqAuth)}`);
|
|
console.log(` Authorized: ${security.isAuthorized(mockReqAuth)}`);
|
|
console.log(` Admin: ${security.isAdmin(mockReqAuth)}`);
|
|
|
|
// Test token request (will fail without real token validation)
|
|
console.log('Testing token request...');
|
|
console.log(` User: ${security.getUser(mockReqToken)}`);
|
|
console.log(` Authorized: ${security.isAuthorized(mockReqToken)}`);
|
|
|
|
// Test unauthenticated request
|
|
console.log('Testing unauthenticated request...');
|
|
console.log(` User: ${security.getUser(mockReqUnauth)}`);
|
|
console.log(` Authorized: ${security.isAuthorized(mockReqUnauth)}`);
|
|
|
|
console.log('✓ Request handling tests completed');
|
|
console.log();
|
|
|
|
console.log('=== Integration Test Summary ===');
|
|
console.log('✓ All integration tests completed successfully');
|
|
console.log('✓ Composable security works with real plugin-based authorization enhancers');
|
|
console.log('✓ Auth provider and plugin enhancers loaded correctly');
|
|
console.log('✓ Security interface maintained compatibility');
|
|
|
|
} catch (error) {
|
|
console.error('✗ Integration test failed:', error.message);
|
|
console.error('\nThis is expected if the required plugin modules are not installed.');
|
|
console.error('To run a successful test with mocked modules, use: node test/composable-security.test.js');
|
|
process.exit(1);
|
|
}
|