From 33450fc76ea03bc7dfc02fed8c52b37fb5ba4c25 Mon Sep 17 00:00:00 2001 From: Javier Brea Date: Wed, 1 May 2019 18:10:44 +0200 Subject: [PATCH 01/18] Add user adminPermissions property, intended to be used with plugin users --- lib/api/users.js | 4 ++-- lib/api/users.json | 8 ++++++++ lib/commands/securityToken.js | 5 +++-- lib/commands/user.js | 2 +- lib/models/securityToken.js | 3 +++ lib/models/user.js | 3 +++ lib/security/apiKey.js | 4 ++-- lib/security/utils.js | 7 ++++++- 8 files changed, 28 insertions(+), 8 deletions(-) diff --git a/lib/api/users.js b/lib/api/users.js index 441797e..878efb5 100644 --- a/lib/api/users.js +++ b/lib/api/users.js @@ -53,8 +53,8 @@ const Operations = (service, commands) => { return commands.user.getById(params.path.id) .then(user => { if ( - // Only operators and admin users can be modified - [roles.ADMIN, roles.OPERATOR].includes(user.role) && + // Only operators and admin users can be modified, or plugins in case adminPermissions is the uniq property being modified + ([roles.ADMIN, roles.OPERATOR].includes(user.role) || (user.role === roles.PLUGIN && Object.keys(body).length === 1 && !isUndefined(body.adminPermissions))) && // Role can be only modified by administrators (userData.role === roles.ADMIN || (params.path.id === userData._id && !body.role)) && // Role can be modified only to operator or admin roles diff --git a/lib/api/users.json b/lib/api/users.json index dbf0608..1e2b38c 100644 --- a/lib/api/users.json +++ b/lib/api/users.json @@ -35,6 +35,10 @@ "updatedAt": { "description": "Last update date timestamp", "type": "string" + }, + "adminPermissions": { + "description": "Grant admin permissions to this user", + "type": "boolean" } }, "additionalProperties": false, @@ -98,6 +102,10 @@ "description": "Role assigned to the user", "type": "string", "enum": ["admin", "operator", "module", "plugin", "service-registerer"] + }, + "adminPermissions": { + "description": "Grant admin permissions to this user", + "type": "boolean" } }, "additionalProperties": false, diff --git a/lib/commands/securityToken.js b/lib/commands/securityToken.js index d6fbb78..3750994 100644 --- a/lib/commands/securityToken.js +++ b/lib/commands/securityToken.js @@ -15,11 +15,12 @@ const Commands = (service, models, client) => { return Promise.resolve(token) } - const add = (userData, type) => { + const add = (userData, type, creatorUser) => { const token = new models.SecurityToken({ token: randToken.generate(64), _user: userData._id, - type + type, + createdBy: creatorUser && creatorUser._id.toString() }) return token.save() .catch(error => utils.transformValidationErrors(error, service)) diff --git a/lib/commands/user.js b/lib/commands/user.js index 1d8e73f..a19b10a 100644 --- a/lib/commands/user.js +++ b/lib/commands/user.js @@ -4,7 +4,7 @@ const templates = require('../templates') const utils = require('../utils') const { INITIAL_ADMIN_USER, SERVICE_REGISTERER_USER, ANONYMOUS_USER } = require('../security/utils') -const PUBLIC_FIELDS = 'name email role updatedAt createdAt' +const PUBLIC_FIELDS = 'name email role updatedAt createdAt adminPermissions' const Commands = (service, models, client) => { const ensureUser = user => { diff --git a/lib/models/securityToken.js b/lib/models/securityToken.js index 09ed3c1..516b994 100644 --- a/lib/models/securityToken.js +++ b/lib/models/securityToken.js @@ -30,6 +30,9 @@ const Model = service => { securityUtils.API_KEY, securityUtils.JWT ] + }, + createdBy: { + type: String } }, { diff --git a/lib/models/user.js b/lib/models/user.js index 035d472..47f4967 100644 --- a/lib/models/user.js +++ b/lib/models/user.js @@ -52,6 +52,9 @@ const Model = service => { type: String, required: [true, templates.userRoleRequired()], enum: _.map(roles, role => role) + }, + adminPermissions: { + type: Boolean } }, { diff --git a/lib/security/apiKey.js b/lib/security/apiKey.js index 9771a58..bfd7fba 100644 --- a/lib/security/apiKey.js +++ b/lib/security/apiKey.js @@ -21,8 +21,8 @@ const Methods = (service, commands) => { return Promise.reject(new service.errors.Forbidden()) } - const authenticateHandler = (params, body) => commands.user.getById(body.user) - .then(user => commands.securityToken.add(user, utils.API_KEY) + const authenticateHandler = (params, body, res, userData) => commands.user.getById(body.user) + .then(user => commands.securityToken.add(user, utils.API_KEY, userData) .then(securityToken => Promise.resolve(securityToken.token)) ) diff --git a/lib/security/utils.js b/lib/security/utils.js index 29fb4f1..c602278 100644 --- a/lib/security/utils.js +++ b/lib/security/utils.js @@ -39,7 +39,12 @@ const cleanUserData = userData => ({ }) const GetUserBySecurityToken = commands => securityToken => commands.securityToken.getUser(securityToken) - .then(userData => Promise.resolve(cleanUserData(userData))) + .then(userData => { + if (userData.adminPermissions) { + userData.role = roles.ADMIN + } + return Promise.resolve(cleanUserData(userData)) + }) const GetAnonymousUser = commands => () => { if (anonymousUserPromise) { From 75c79bcc25724a4401bdd832af04e6e3587cb57c Mon Sep 17 00:00:00 2001 From: Javier Brea Date: Wed, 1 May 2019 18:23:54 +0200 Subject: [PATCH 02/18] Add unit tests --- test/unit/lib/api/users.specs.js | 41 +++++++++++++++++++ test/unit/lib/commands/securityToken.specs.js | 23 ++++++++++- test/unit/lib/security/utils.specs.js | 24 +++++++++++ 3 files changed, 87 insertions(+), 1 deletion(-) diff --git a/test/unit/lib/api/users.specs.js b/test/unit/lib/api/users.specs.js index 59d175e..57181fc 100644 --- a/test/unit/lib/api/users.specs.js +++ b/test/unit/lib/api/users.specs.js @@ -450,6 +450,47 @@ test.describe('users api', () => { }) }) + test.it('should resolve if target user has plugin role and only adminPermissions are being updated', () => { + commandsMocks.stubs.user.getById.resolves({ + role: 'plugin' + }) + + return operations.updateUser.auth(fooUser, fooParams, { + adminPermissions: true + }).then(() => { + return test.expect(true).to.be.true() + }) + }) + + test.it('should reject if target user has plugin role and any other key plus adminPermissions is being updated', () => { + commandsMocks.stubs.user.getById.resolves({ + role: 'plugin' + }) + + return operations.updateUser.auth(fooUser, fooParams, { + adminPermissions: true, + name: 'foo' + }).then(() => { + return test.assert.fail() + }, err => { + return test.expect(err).to.be.an.instanceof(Error) + }) + }) + + test.it('should reject if target user has plugin role and any other key than adminPermissions is being updated', () => { + commandsMocks.stubs.user.getById.resolves({ + role: 'plugin' + }) + + return operations.updateUser.auth(fooUser, fooParams, { + name: 'foo' + }).then(() => { + return test.assert.fail() + }, err => { + return test.expect(err).to.be.an.instanceof(Error) + }) + }) + test.it('should reject if user is not admin and wants to update role', () => { commandsMocks.stubs.user.getById.resolves({ role: 'operator' diff --git a/test/unit/lib/commands/securityToken.specs.js b/test/unit/lib/commands/securityToken.specs.js index e65497d..fefb95d 100644 --- a/test/unit/lib/commands/securityToken.specs.js +++ b/test/unit/lib/commands/securityToken.specs.js @@ -41,6 +41,10 @@ test.describe('securityToken commands', () => { const fooUserData = { _id: fooUserId } + const fooCreatorId = 'foo-creator-id' + const fooCreatorData = { + _id: fooCreatorId + } test.it('should create and save a SecurityToken model with the received user data', () => { return commands.add(fooUserData, 'jwt') .then(() => { @@ -49,7 +53,24 @@ test.describe('securityToken commands', () => { test.expect(modelsMocks.stubs.SecurityToken).to.have.been.calledWith({ _user: fooUserId, token: 'foo-token', - type: 'jwt' + type: 'jwt', + createdBy: undefined + }), + test.expect(modelsMocks.stubs.securityToken.save).to.have.been.called() + ]) + }) + }) + + test.it('should add the user creator id to the securityToken', () => { + return commands.add(fooUserData, 'apiKey', fooCreatorData) + .then(() => { + return Promise.all([ + test.expect(randTokenStub).to.have.been.called(), + test.expect(modelsMocks.stubs.SecurityToken).to.have.been.calledWith({ + _user: fooUserId, + token: 'foo-token', + type: 'apiKey', + createdBy: fooCreatorId }), test.expect(modelsMocks.stubs.securityToken.save).to.have.been.called() ]) diff --git a/test/unit/lib/security/utils.specs.js b/test/unit/lib/security/utils.specs.js index 5e13452..2fa0397 100644 --- a/test/unit/lib/security/utils.specs.js +++ b/test/unit/lib/security/utils.specs.js @@ -58,6 +58,30 @@ test.describe('security utils', () => { ]) }) }) + + test.it('should override role to admin if user has adminPermissions property set to true', () => { + const fooToken = 'fooToken' + commandsMocks.stubs.securityToken.getUser.resolves({ + _id: 'fooId', + name: 'fooName', + email: 'fooEmail', + role: 'fooRole', + password: 'fooPassword', + adminPermissions: true + }) + return getUserBySecurityToken(fooToken) + .then(result => { + return Promise.all([ + test.expect(commandsMocks.stubs.securityToken.getUser).to.have.been.calledWith(fooToken), + test.expect(result).to.deep.equal({ + _id: 'fooId', + name: 'fooName', + email: 'fooEmail', + role: 'admin' + }) + ]) + }) + }) }) test.describe('AdminOrOwner instance', () => { From 553bbf112870414f47c69c35b1da245793a403e2 Mon Sep 17 00:00:00 2001 From: Javier Brea Date: Wed, 1 May 2019 18:44:15 +0200 Subject: [PATCH 03/18] Avoid any other user than admin updating adminPermissions property --- lib/api/users.js | 8 ++++-- test/functional/specs/users-api.specs.js | 8 ++++++ test/unit/lib/api/users.specs.js | 35 +++++++++++++++++++++++- 3 files changed, 47 insertions(+), 4 deletions(-) diff --git a/lib/api/users.js b/lib/api/users.js index 878efb5..f6ead4b 100644 --- a/lib/api/users.js +++ b/lib/api/users.js @@ -55,10 +55,12 @@ const Operations = (service, commands) => { if ( // Only operators and admin users can be modified, or plugins in case adminPermissions is the uniq property being modified ([roles.ADMIN, roles.OPERATOR].includes(user.role) || (user.role === roles.PLUGIN && Object.keys(body).length === 1 && !isUndefined(body.adminPermissions))) && - // Role can be only modified by administrators - (userData.role === roles.ADMIN || (params.path.id === userData._id && !body.role)) && + // Role and adminPermissions can be only modified by administrators + (userData.role === roles.ADMIN || (params.path.id === userData._id && !body.role && !body.adminPermissions)) && // Role can be modified only to operator or admin roles - (!body.role || [roles.ADMIN, roles.OPERATOR].includes(body.role)) + (!body.role || [roles.ADMIN, roles.OPERATOR].includes(body.role)) && + // adminPermissions can be modified only to plugin roles + (!body.adminPermissions || user.role === roles.PLUGIN) ) { return Promise.resolve() } diff --git a/test/functional/specs/users-api.specs.js b/test/functional/specs/users-api.specs.js index effd54f..f0be87e 100644 --- a/test/functional/specs/users-api.specs.js +++ b/test/functional/specs/users-api.specs.js @@ -536,6 +536,14 @@ test.describe('users api', function () { ]) }) }) + + test.it('should be able to update adminPermissions of plugin users', () => { + return updateUser(pluginUserId, { + adminPermissions: true + }).then(response => { + return test.expect(response.statusCode).to.equal(204) + }) + }) }) test.describe('when user is operator', () => { diff --git a/test/unit/lib/api/users.specs.js b/test/unit/lib/api/users.specs.js index 57181fc..ba3c9ff 100644 --- a/test/unit/lib/api/users.specs.js +++ b/test/unit/lib/api/users.specs.js @@ -493,7 +493,7 @@ test.describe('users api', () => { test.it('should reject if user is not admin and wants to update role', () => { commandsMocks.stubs.user.getById.resolves({ - role: 'operator' + role: 'plugin' }) return operations.updateUser.auth({ @@ -508,6 +508,39 @@ test.describe('users api', () => { }) }) + test.it('should reject if user is admin and wants to update adminPermissions of a non plugin user', () => { + commandsMocks.stubs.user.getById.resolves({ + role: 'operator' + }) + + return operations.updateUser.auth({ + fooUser + }, fooParams, { + adminPermissions: true + }).then(() => { + return test.assert.fail() + }, err => { + return test.expect(err).to.be.an.instanceof(Error) + }) + }) + + test.it('should reject if user is admin and wants to update adminPermissions', () => { + commandsMocks.stubs.user.getById.resolves({ + role: 'operator' + }) + + return operations.updateUser.auth({ + ...fooUser, + role: 'plugin' + }, fooParams, { + adminPermissions: true + }).then(() => { + return test.assert.fail() + }, err => { + return test.expect(err).to.be.an.instanceof(Error) + }) + }) + test.it('should reject if user is admin and wants to update to a role different to admin or operator', () => { commandsMocks.stubs.user.getById.resolves({ role: 'operator' From 1c22e21edc4a24d9f18416be03a6b6774bd3c9a0 Mon Sep 17 00:00:00 2001 From: Javier Brea Date: Wed, 1 May 2019 18:51:08 +0200 Subject: [PATCH 04/18] Add functional tests --- test/functional/specs/users-api.specs.js | 32 ++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/test/functional/specs/users-api.specs.js b/test/functional/specs/users-api.specs.js index f0be87e..a916278 100644 --- a/test/functional/specs/users-api.specs.js +++ b/test/functional/specs/users-api.specs.js @@ -546,6 +546,27 @@ test.describe('users api', function () { }) }) + test.describe('when user has role "plugin" with adminPermissions checked', () => { + test.before(() => { + return utils.ensureUserAndDoLogin(authenticator, pluginUser) + }) + + test.after(() => { + return updateUser(pluginUserId, { + adminPermissions: false + }) + }) + + test.it('should be able to update data of operator users, including role', () => { + return updateUser(operatorUserId, { + password: 'foo', + role: 'operator' + }).then(response => { + return test.expect(response.statusCode).to.equal(204) + }) + }) + }) + test.describe('when user is operator', () => { test.before(() => { return utils.ensureUserAndDoLogin(authenticator, operatorUser) @@ -638,6 +659,17 @@ test.describe('users api', function () { return utils.ensureUserAndDoLogin(authenticator, pluginUser) }) + test.it('should not be able to update self data', () => { + return updateUser(pluginUserId, { + adminPermissions: true + }).then(response => { + return Promise.all([ + test.expect(response.body.message).to.contain('Not authorized'), + test.expect(response.statusCode).to.equal(403) + ]) + }) + }) + test.describe('add user', () => { test.it('should return 201 when adding a new user with role "operator"', () => { return utils.createUser(authenticator, newOperatorUser).then(response => { From ff154dd0a02ea8b3371f5779cbcdd9ab4334bc57 Mon Sep 17 00:00:00 2001 From: Javier Brea Date: Wed, 1 May 2019 18:57:14 +0200 Subject: [PATCH 05/18] Fix lint --- test/functional/specs/users-api.specs.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/functional/specs/users-api.specs.js b/test/functional/specs/users-api.specs.js index a916278..00f06c1 100644 --- a/test/functional/specs/users-api.specs.js +++ b/test/functional/specs/users-api.specs.js @@ -8,6 +8,7 @@ test.describe('users api', function () { let authenticator = utils.Authenticator() let adminUserId let pluginId + let pluginUserId let entityId let operatorUserId @@ -471,7 +472,6 @@ test.describe('users api', function () { test.describe('update user', () => { let moduleUserId - let pluginUserId test.before(() => { return utils.doLogin(authenticator) From 559655f30428fe7f7de37398fc6e28a1c35249b8 Mon Sep 17 00:00:00 2001 From: Javier Brea Date: Wed, 1 May 2019 19:31:53 +0200 Subject: [PATCH 06/18] Add test traces --- .travis.yml | 2 +- test/functional/specs/users-api.specs.js | 10 +++++++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index 455c8c2..95b881c 100644 --- a/.travis.yml +++ b/.travis.yml @@ -31,6 +31,6 @@ addons: name: "$TRAVIS_CURRENT_BRANCH" script: - - npm test + - npm test -- --suite=users --logLevel=trace - npm run coveralls - 'if [ "$TRAVIS_PULL_REQUEST" = "false" ]; then sonar-scanner; fi' diff --git a/test/functional/specs/users-api.specs.js b/test/functional/specs/users-api.specs.js index 00f06c1..ec380ba 100644 --- a/test/functional/specs/users-api.specs.js +++ b/test/functional/specs/users-api.specs.js @@ -548,7 +548,15 @@ test.describe('users api', function () { test.describe('when user has role "plugin" with adminPermissions checked', () => { test.before(() => { - return utils.ensureUserAndDoLogin(authenticator, pluginUser) + return utils.ensureUserAndDoLogin(authenticator, pluginUser).then(() => { + return getUserMe().then(data => { + console.log("----------------- userMe") + console.log(data) + console.log("----------------- pluginUserId") + console.log(pluginUserId) + return Promise.resolve() + }) + }) }) test.after(() => { From c1c4b5ac43a2a70077fd158d3afd65bfe4ff0695 Mon Sep 17 00:00:00 2001 From: Javier Brea Date: Wed, 1 May 2019 19:43:25 +0200 Subject: [PATCH 07/18] Fix plugin user permissions test --- test/functional/specs/users-api.specs.js | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/test/functional/specs/users-api.specs.js b/test/functional/specs/users-api.specs.js index ec380ba..203619d 100644 --- a/test/functional/specs/users-api.specs.js +++ b/test/functional/specs/users-api.specs.js @@ -538,21 +538,27 @@ test.describe('users api', function () { }) test.it('should be able to update adminPermissions of plugin users', () => { - return updateUser(pluginUserId, { - adminPermissions: true - }).then(response => { - return test.expect(response.statusCode).to.equal(204) + return getUsers().then(usersResponse => { + return Promise.resolve(usersResponse.body.find(userData => userData.name === 'foo-plugin')._id) + }).then(pluginId => { + return updateUser(pluginId, { + adminPermissions: true + }).then(response => { + return test.expect(response.statusCode).to.equal(204) + }) }) }) }) test.describe('when user has role "plugin" with adminPermissions checked', () => { + let pluginUserId test.before(() => { return utils.ensureUserAndDoLogin(authenticator, pluginUser).then(() => { - return getUserMe().then(data => { - console.log("----------------- userMe") - console.log(data) - console.log("----------------- pluginUserId") + return getUserMe().then(response => { + pluginUserId = response.body._id + console.log('----------------- userMe') + console.log(response.body) + console.log('----------------- pluginUserId') console.log(pluginUserId) return Promise.resolve() }) From 07529643c8c4942b454d09fc0026b83366ea6f51 Mon Sep 17 00:00:00 2001 From: Javier Brea Date: Wed, 1 May 2019 19:50:05 +0200 Subject: [PATCH 08/18] Add traces --- lib/api/users.js | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/lib/api/users.js b/lib/api/users.js index f6ead4b..bc46ce8 100644 --- a/lib/api/users.js +++ b/lib/api/users.js @@ -52,6 +52,11 @@ const Operations = (service, commands) => { auth: (userData, params, body) => { return commands.user.getById(params.path.id) .then(user => { + console.log("---------------------- UPDATING USER") + console.log("userData-----------") + console.log(userData) + console.log("body-----------") + console.log(body) if ( // Only operators and admin users can be modified, or plugins in case adminPermissions is the uniq property being modified ([roles.ADMIN, roles.OPERATOR].includes(user.role) || (user.role === roles.PLUGIN && Object.keys(body).length === 1 && !isUndefined(body.adminPermissions))) && From 0a0fb9817334cd726994f148a3e7963e1f076f29 Mon Sep 17 00:00:00 2001 From: Javier Brea Date: Wed, 1 May 2019 20:09:44 +0200 Subject: [PATCH 09/18] Login using apiKey for adminPermissions test --- test/functional/specs/users-api.specs.js | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/test/functional/specs/users-api.specs.js b/test/functional/specs/users-api.specs.js index 203619d..ca375c0 100644 --- a/test/functional/specs/users-api.specs.js +++ b/test/functional/specs/users-api.specs.js @@ -73,6 +73,16 @@ test.describe('users api', function () { }) } + const getApiKey = user => { + return utils.request('/auth/apikey', { + method: 'POST', + body: { + user + }, + ...authenticator.credentials() + }) + } + const getAbilities = function (filters) { return utils.request('/abilities', { method: 'GET', @@ -552,6 +562,8 @@ test.describe('users api', function () { test.describe('when user has role "plugin" with adminPermissions checked', () => { let pluginUserId + let pluginApiKey + test.before(() => { return utils.ensureUserAndDoLogin(authenticator, pluginUser).then(() => { return getUserMe().then(response => { @@ -560,7 +572,15 @@ test.describe('users api', function () { console.log(response.body) console.log('----------------- pluginUserId') console.log(pluginUserId) - return Promise.resolve() + return getApiKey({ + user: response.body._id + }).then(response => { + pluginApiKey = response.apiKey + console.log('----------------- pluginApiKey') + console.log(pluginApiKey) + authenticator.loginApiKey(response.body.name, pluginApiKey); + return Promise.resolve() + }) }) }) }) From ae241237160ef668d49470d2b978073b5329c9c7 Mon Sep 17 00:00:00 2001 From: Javier Brea Date: Wed, 1 May 2019 20:10:38 +0200 Subject: [PATCH 10/18] Fix test --- test/functional/specs/users-api.specs.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/functional/specs/users-api.specs.js b/test/functional/specs/users-api.specs.js index ca375c0..566bbea 100644 --- a/test/functional/specs/users-api.specs.js +++ b/test/functional/specs/users-api.specs.js @@ -575,7 +575,7 @@ test.describe('users api', function () { return getApiKey({ user: response.body._id }).then(response => { - pluginApiKey = response.apiKey + pluginApiKey = response.body.apiKey console.log('----------------- pluginApiKey') console.log(pluginApiKey) authenticator.loginApiKey(response.body.name, pluginApiKey); From daeec606dbced598affbd95aa95c36d3124a5b2a Mon Sep 17 00:00:00 2001 From: Javier Brea Date: Wed, 1 May 2019 20:14:45 +0200 Subject: [PATCH 11/18] Add trace --- test/functional/specs/users-api.specs.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/test/functional/specs/users-api.specs.js b/test/functional/specs/users-api.specs.js index 566bbea..630dca7 100644 --- a/test/functional/specs/users-api.specs.js +++ b/test/functional/specs/users-api.specs.js @@ -560,7 +560,7 @@ test.describe('users api', function () { }) }) - test.describe('when user has role "plugin" with adminPermissions checked', () => { + test.describe('when user has role "plugin" with adminPermissions checked and is logged using api key', () => { let pluginUserId let pluginApiKey @@ -575,6 +575,7 @@ test.describe('users api', function () { return getApiKey({ user: response.body._id }).then(response => { + console.log(response) pluginApiKey = response.body.apiKey console.log('----------------- pluginApiKey') console.log(pluginApiKey) From d7418e2087d185a1d6b8109d71510e36c1017724 Mon Sep 17 00:00:00 2001 From: Javier Brea Date: Wed, 1 May 2019 20:23:28 +0200 Subject: [PATCH 12/18] Create plugin apiKey with admin user --- test/functional/specs/users-api.specs.js | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/test/functional/specs/users-api.specs.js b/test/functional/specs/users-api.specs.js index 630dca7..3b468cc 100644 --- a/test/functional/specs/users-api.specs.js +++ b/test/functional/specs/users-api.specs.js @@ -572,16 +572,19 @@ test.describe('users api', function () { console.log(response.body) console.log('----------------- pluginUserId') console.log(pluginUserId) - return getApiKey({ - user: response.body._id - }).then(response => { - console.log(response) - pluginApiKey = response.body.apiKey - console.log('----------------- pluginApiKey') - console.log(pluginApiKey) - authenticator.loginApiKey(response.body.name, pluginApiKey); - return Promise.resolve() - }) + return utils.doLogin(authenticator) + .then(() => { + return getApiKey({ + user: pluginUserId + }).then(response => { + console.log(response.body) + pluginApiKey = response.body.apiKey + console.log('----------------- pluginApiKey') + console.log(pluginApiKey) + authenticator.loginApiKey(response.body.name, pluginApiKey); + return Promise.resolve() + }) + }) }) }) }) From cc712f6b930b9ee595c58083ab673a87a3432d78 Mon Sep 17 00:00:00 2001 From: Javier Brea Date: Wed, 1 May 2019 20:25:14 +0200 Subject: [PATCH 13/18] Fix apiKey body --- test/functional/specs/users-api.specs.js | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/test/functional/specs/users-api.specs.js b/test/functional/specs/users-api.specs.js index 3b468cc..b4e8665 100644 --- a/test/functional/specs/users-api.specs.js +++ b/test/functional/specs/users-api.specs.js @@ -572,11 +572,9 @@ test.describe('users api', function () { console.log(response.body) console.log('----------------- pluginUserId') console.log(pluginUserId) - return utils.doLogin(authenticator) - .then(() => { - return getApiKey({ - user: pluginUserId - }).then(response => { + //return utils.doLogin(authenticator) + //.then(() => { + return getApiKey(pluginUserId).then(response => { console.log(response.body) pluginApiKey = response.body.apiKey console.log('----------------- pluginApiKey') @@ -584,7 +582,7 @@ test.describe('users api', function () { authenticator.loginApiKey(response.body.name, pluginApiKey); return Promise.resolve() }) - }) + //}) }) }) }) From 98d8f1ab83688b94adecfed4eedac6ba32934582 Mon Sep 17 00:00:00 2001 From: Javier Brea Date: Wed, 1 May 2019 20:29:40 +0200 Subject: [PATCH 14/18] Active all tests --- .travis.yml | 2 +- lib/api/users.js | 5 ----- test/functional/specs/users-api.specs.js | 7 ------- 3 files changed, 1 insertion(+), 13 deletions(-) diff --git a/.travis.yml b/.travis.yml index 95b881c..455c8c2 100644 --- a/.travis.yml +++ b/.travis.yml @@ -31,6 +31,6 @@ addons: name: "$TRAVIS_CURRENT_BRANCH" script: - - npm test -- --suite=users --logLevel=trace + - npm test - npm run coveralls - 'if [ "$TRAVIS_PULL_REQUEST" = "false" ]; then sonar-scanner; fi' diff --git a/lib/api/users.js b/lib/api/users.js index bc46ce8..f6ead4b 100644 --- a/lib/api/users.js +++ b/lib/api/users.js @@ -52,11 +52,6 @@ const Operations = (service, commands) => { auth: (userData, params, body) => { return commands.user.getById(params.path.id) .then(user => { - console.log("---------------------- UPDATING USER") - console.log("userData-----------") - console.log(userData) - console.log("body-----------") - console.log(body) if ( // Only operators and admin users can be modified, or plugins in case adminPermissions is the uniq property being modified ([roles.ADMIN, roles.OPERATOR].includes(user.role) || (user.role === roles.PLUGIN && Object.keys(body).length === 1 && !isUndefined(body.adminPermissions))) && diff --git a/test/functional/specs/users-api.specs.js b/test/functional/specs/users-api.specs.js index b4e8665..37b7d15 100644 --- a/test/functional/specs/users-api.specs.js +++ b/test/functional/specs/users-api.specs.js @@ -568,12 +568,6 @@ test.describe('users api', function () { return utils.ensureUserAndDoLogin(authenticator, pluginUser).then(() => { return getUserMe().then(response => { pluginUserId = response.body._id - console.log('----------------- userMe') - console.log(response.body) - console.log('----------------- pluginUserId') - console.log(pluginUserId) - //return utils.doLogin(authenticator) - //.then(() => { return getApiKey(pluginUserId).then(response => { console.log(response.body) pluginApiKey = response.body.apiKey @@ -582,7 +576,6 @@ test.describe('users api', function () { authenticator.loginApiKey(response.body.name, pluginApiKey); return Promise.resolve() }) - //}) }) }) }) From e7aea94202dd9923d367d01ec98d781012c2ae48 Mon Sep 17 00:00:00 2001 From: Javier Brea Date: Wed, 1 May 2019 20:31:05 +0200 Subject: [PATCH 15/18] Fix lint --- test/functional/specs/users-api.specs.js | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/test/functional/specs/users-api.specs.js b/test/functional/specs/users-api.specs.js index 37b7d15..da37ee9 100644 --- a/test/functional/specs/users-api.specs.js +++ b/test/functional/specs/users-api.specs.js @@ -568,14 +568,14 @@ test.describe('users api', function () { return utils.ensureUserAndDoLogin(authenticator, pluginUser).then(() => { return getUserMe().then(response => { pluginUserId = response.body._id - return getApiKey(pluginUserId).then(response => { - console.log(response.body) - pluginApiKey = response.body.apiKey - console.log('----------------- pluginApiKey') - console.log(pluginApiKey) - authenticator.loginApiKey(response.body.name, pluginApiKey); - return Promise.resolve() - }) + return getApiKey(pluginUserId).then(response => { + console.log(response.body) + pluginApiKey = response.body.apiKey + console.log('----------------- pluginApiKey') + console.log(pluginApiKey) + authenticator.loginApiKey(response.body.name, pluginApiKey) + return Promise.resolve() + }) }) }) }) From b91da540fb6afa2fafde1fe0835ff5ed726a209c Mon Sep 17 00:00:00 2001 From: Javier Brea Date: Wed, 1 May 2019 20:40:31 +0200 Subject: [PATCH 16/18] Remove traces --- test/functional/specs/users-api.specs.js | 3 --- 1 file changed, 3 deletions(-) diff --git a/test/functional/specs/users-api.specs.js b/test/functional/specs/users-api.specs.js index da37ee9..6b02b99 100644 --- a/test/functional/specs/users-api.specs.js +++ b/test/functional/specs/users-api.specs.js @@ -569,10 +569,7 @@ test.describe('users api', function () { return getUserMe().then(response => { pluginUserId = response.body._id return getApiKey(pluginUserId).then(response => { - console.log(response.body) pluginApiKey = response.body.apiKey - console.log('----------------- pluginApiKey') - console.log(pluginApiKey) authenticator.loginApiKey(response.body.name, pluginApiKey) return Promise.resolve() }) From c170393d34e96e1e430fd9880f9a4536c72df62b Mon Sep 17 00:00:00 2001 From: Javier Brea Date: Wed, 1 May 2019 20:46:12 +0200 Subject: [PATCH 17/18] Upgrade domapic-controller-ui --- npm-shrinkwrap.json | 6 +++--- package.json | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/npm-shrinkwrap.json b/npm-shrinkwrap.json index 8ffbf65..e6eeae6 100644 --- a/npm-shrinkwrap.json +++ b/npm-shrinkwrap.json @@ -1653,9 +1653,9 @@ } }, "domapic-controller-ui": { - "version": "1.0.0-beta.2", - "resolved": "https://registry.npmjs.org/domapic-controller-ui/-/domapic-controller-ui-1.0.0-beta.2.tgz", - "integrity": "sha512-gFxvSzO68O+1iE83IQ9I353jjd9+YBqSzFXcXM32r+CKaY62zIqfX7SklMLjM7h9qxkzG1gY2jAr7cmGySNK2w==", + "version": "1.0.0-beta.3", + "resolved": "https://registry.npmjs.org/domapic-controller-ui/-/domapic-controller-ui-1.0.0-beta.3.tgz", + "integrity": "sha512-bhnEUB2WFKVkx7YWPfEF9o84TrsXOm+y5JhtjHYWR3PE9Iep3QV23COzcUuZp3Tuc4fcFKQxr1KESUrHe7Z9Cg==", "requires": { "validator": "^10.11.0" } diff --git a/package.json b/package.json index 34cb4b4..d006bde 100644 --- a/package.json +++ b/package.json @@ -24,7 +24,7 @@ }, "dependencies": { "domapic-base": "1.0.0-beta.20", - "domapic-controller-ui": "1.0.0-beta.2", + "domapic-controller-ui": "1.0.0-beta.3", "express-mongo-sanitize": "1.3.2", "inquirer": "6.2.1", "inquirer-autocomplete-prompt": "1.0.1", From 8070091148c425f4caa78204cac89181c25746b9 Mon Sep 17 00:00:00 2001 From: Javier Brea Date: Wed, 1 May 2019 20:51:45 +0200 Subject: [PATCH 18/18] Upgrade version --- CHANGELOG.md | 5 +++++ npm-shrinkwrap.json | 2 +- package.json | 2 +- sonar-project.properties | 2 +- 4 files changed, 8 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5ee6855..4a977ec 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,6 +10,11 @@ and this project adheres to [Semantic Versioning](http://semver.org/). ### Fixed ### Removed +## [1.0.0-beta.3] - 2019-05-01 +### Added +- Add user adminPermissions property, intended for grant admin permissions to plugin users when login using apiKey +- Avoid any other user than admin updating adminPermissions property + ## [1.0.0-beta.2] - 2019-03-02 ### Added - Add web ui diff --git a/npm-shrinkwrap.json b/npm-shrinkwrap.json index e6eeae6..15c0702 100644 --- a/npm-shrinkwrap.json +++ b/npm-shrinkwrap.json @@ -1,6 +1,6 @@ { "name": "domapic-controller", - "version": "1.0.0-beta.2", + "version": "1.0.0-beta.3", "lockfileVersion": 1, "requires": true, "dependencies": { diff --git a/package.json b/package.json index d006bde..28789c9 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "domapic-controller", - "version": "1.0.0-beta.2", + "version": "1.0.0-beta.3", "description": "Controller for Domapic systems", "main": "server.js", "keywords": [ diff --git a/sonar-project.properties b/sonar-project.properties index 1546423..c6136db 100644 --- a/sonar-project.properties +++ b/sonar-project.properties @@ -1,6 +1,6 @@ sonar.organization=domapic sonar.projectKey=domapic-controller -sonar.projectVersion=1.0.0-beta.2 +sonar.projectVersion=1.0.0-beta.3 sonar.sources=. sonar.exclusions=node_modules/**