fix: configure user endpoint when AuthType is NONE (#1403)

Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com>

src/lib/middleware/no-authentication.ts

@@ -1,16 +1,12 @@
 import { Application } from 'express';
-import { ADMIN } from '../types/permissions';
-import ApiUser from '../types/api-user';
+import NoAuthUser from '../types/no-auth-user';
 
 function noneAuthentication(basePath = '', app: Application): void {
     app.use(`${basePath}/api/admin/`, (req, res, next) => {
         // @ts-ignore
         if (!req.user) {
-            // @ts-ignore
-            req.user = new ApiUser({
-                username: 'unknown',
-                permissions: [ADMIN],
-            });
+            // @ts-expect-error
+            req.user = new NoAuthUser();
         }
         next();
     });

src/lib/routes/admin-api/config.ts

@@ -1,6 +1,6 @@
 import { Request, Response } from 'express';
 import { IUnleashServices } from '../../types/services';
-import { IUnleashConfig } from '../../types/option';
+import { IAuthType, IUnleashConfig } from '../../types/option';
 import version from '../../util/version';
 
 import Controller from '../controller';
@@ -46,7 +46,9 @@ class ConfigController extends Controller {
             await this.settingService.get<SimpleAuthSettings>(simpleAuthKey);
 
         const versionInfo = this.versionService.getVersionInfo();
-        const disablePasswordAuth = simpleAuthSettings?.disabled;
+        const disablePasswordAuth =
+            simpleAuthSettings?.disabled ||
+            this.config.authentication.type == IAuthType.NONE;
         res.json({ ...config, versionInfo, disablePasswordAuth });
     }
 }

src/lib/routes/admin-api/user.ts

@@ -2,13 +2,13 @@ import { Response } from 'express';
 import { IAuthRequest } from '../unleash-types';
 import Controller from '../controller';
 import { AccessService } from '../../services/access-service';
-import { IUnleashConfig } from '../../types/option';
+import { IAuthType, IUnleashConfig } from '../../types/option';
 import { IUnleashServices } from '../../types/services';
 import UserService from '../../services/user-service';
 import SessionService from '../../services/session-service';
 import UserFeedbackService from '../../services/user-feedback-service';
 import UserSplashService from '../../services/user-splash-service';
-import { NONE } from '../../types/permissions';
+import { ADMIN, NONE } from '../../types/permissions';
 
 interface IChangeUserRequest {
     password: string;
@@ -58,9 +58,12 @@ class UserController extends Controller {
     async getUser(req: IAuthRequest, res: Response): Promise<void> {
         res.setHeader('cache-control', 'no-store');
         const { user } = req;
-        const permissions = await this.accessService.getPermissionsForUser(
-            user,
-        );
+        let permissions;
+        if (this.config.authentication.type === IAuthType.NONE) {
+            permissions = [{ permission: ADMIN }];
+        } else {
+            permissions = await this.accessService.getPermissionsForUser(user);
+        }
         const feedback = await this.userFeedbackService.getAllUserFeedback(
             user,
         );

src/lib/types/no-auth-user.ts

@@ -0,0 +1,22 @@
+import { ADMIN } from './permissions';
+
+export default class NoAuthUser {
+    isAPI: boolean;
+
+    username: string;
+
+    id: number;
+
+    permissions: string[];
+
+    constructor(
+        username: string = 'unknown',
+        id: number = -1,
+        permissions: string[] = [ADMIN],
+    ) {
+        this.isAPI = true;
+        this.username = username;
+        this.id = id;
+        this.permissions = permissions;
+    }
+}