Merge pull request #10 from franciscogouveia/7-increase-test-coverage

Increase test coverage
franciscogouveia · Feb 15, 2016 · 4288889 · 4288889
2 parents a4cde4b + 427cca2
commit 4288889
Show file tree

Hide file tree

Showing 4 changed files with 147 additions and 2 deletions.
diff --git a/lib/index.js b/lib/index.js
@@ -2,6 +2,7 @@
 
 const Async = require('async');
 const Boom = require('boom');
+const DataRetrievalRouter = require('./DataRetrievalRouter');
 
 const DENY = 0;
 const PERMIT = 1;
@@ -19,6 +20,14 @@ internals.evaluatePolicy = (item, dataRetriever, callback) => {
         return callback(Boom.badImplementation('RBAC configuration error: null item'));
     }
 
+    if (!dataRetriever) {
+        return callback(Boom.badImplementation('RBAC configuration error: null data retriever'));
+    }
+
+    if(!(dataRetriever instanceof DataRetrievalRouter)) {
+        return callback(Boom.badImplementation('RBAC configuration error: invalid data retriever'));
+    }
+
     if (!item.apply) {
         // Default combinatory algorithm
         item.apply = 'permit-overrides';
@@ -59,7 +68,7 @@ internals.evaluatePolicy = (item, dataRetriever, callback) => {
     });
 };
 
-
+const VALID_EFFECTS = ['permit', 'deny'];
 /**
  * Evaluate a single rule.
  *
@@ -74,6 +83,14 @@ internals.evaluateRule = (rule, dataRetriever, callback) => {
         return callback(Boom.badImplementation('RBAC rule is missing'));
     }
 
+    if(!rule.effect) {
+        return callback(Boom.badImplementation('RBAC rule effect is missing'));
+    }
+
+    if(VALID_EFFECTS.indexOf(rule.effect) === -1) {
+       return callback(Boom.badImplementation('RBAC rule effect is invalid. Use one of', VALID_EFFECTS)); 
+    }
+
     internals.evaluateTarget(rule.target, dataRetriever, (err, applies) => {
 
         if (err) {
@@ -257,5 +274,5 @@ exports = module.exports = {
     DENY: DENY,
     PERMIT: PERMIT,
     UNDETERMINED: UNDETERMINED,
-    DataRetrievalRouter: require('./DataRetrievalRouter')
+    DataRetrievalRouter: DataRetrievalRouter
 };
diff --git a/test/policy-set.js b/test/policy-set.js
@@ -191,4 +191,61 @@ experiment('Policy set unit tests', () => {
         });
     });
 
+    test('should have error on missing policy', (done) => {
+
+        const information = {
+            username: 'user00003',
+            group: ['publisher'],
+            premium: true,
+            blocked: false
+        };
+
+        Rbac.evaluatePolicy(null, dataRetriever.createChild(information), (err, applies) => {
+
+            expect(err).to.exist();
+
+            done();
+        });
+    });
+
+    test('should have error on missing data retriever', (done) => {
+
+        Rbac.evaluatePolicy(policySet, null, (err, applies) => {
+
+            expect(err).to.exist();
+
+            done();
+        });
+    });
+
+    test('should have error on invalid data retriever', (done) => {
+
+        Rbac.evaluatePolicy(policySet, 'test', (err, applies) => {
+
+            expect(err).to.exist();
+
+            done();
+        });
+    });
+
+    test('should have error on invalid combinatory algorithm', (done) => {
+
+        const policySet = {
+            target: [{ 'credentials:group': 'writer' }, { 'credentials:group': 'publisher' }], // writer OR publisher
+            apply: 'some-strange-value',
+            rules: [
+                {
+                    effect: 'deny'
+                }
+            ]
+        };
+
+        Rbac.evaluatePolicy(policySet, dataRetriever, (err, applies) => {
+
+            expect(err).to.exist();
+
+            done();
+        });
+    });
+
 });
diff --git a/test/rule.js b/test/rule.js
@@ -171,3 +171,57 @@ experiment('Rule unit tests (deny)', () => {
     });
 
 });
+
+experiment('Rule unit tests', () => {
+
+    const rule = {
+        target: [
+            { 'credentials:group': 'blacklist' }, // Blacklisted OR
+            { 'credentials:group': 'anonymous' }, // Anonymous OR
+            { 'credentials:verified': false } // Not verified
+        ],
+        effect: 'deny'
+    };
+
+    // Register mocked data retriever
+    const dataRetriever = new DataRetrievalRouter();
+
+    test('should have error on missing rule', (done) => {
+
+        Rbac.evaluateRule(null, dataRetriever, (err, result) => {
+
+            expect(err).to.exist();
+
+            done();
+        });
+    });
+
+    test('should have error on missing effect', (done) => {
+
+        const invalidRule = {
+            target: [{ 'credentials:group': ['administrator', 'publisher'] }] // administrator AND publisher -> never use the same key twice in an object or it will be overriden
+        };
+
+        Rbac.evaluateRule(invalidRule, dataRetriever, (err, result) => {
+
+            expect(err).to.exist();
+
+            done();
+        });
+    });
+
+    test('should have error on invalid effect', (done) => {
+
+        const invalidRule = {
+            target: [{ 'credentials:group': ['administrator', 'publisher'] }], // administrator AND publisher -> never use the same key twice in an object or it will be overriden
+            effect: 'some-strange-value'
+        };
+
+        Rbac.evaluateRule(invalidRule, dataRetriever, (err, result) => {
+
+            expect(err).to.exist();
+
+            done();
+        });
+    });
+});
diff --git a/test/target.js b/test/target.js
@@ -150,3 +150,20 @@ experiment('Target unit tests (OR)', () => {
     });
 
 });
+
+experiment('Target unit tests', () => {
+
+    const dataRetriever = new DataRetrievalRouter();
+
+    test('should apply (partial match)', (done) => {
+
+        const invalidTarget = [];
+
+        Rbac.evaluateTarget(invalidTarget, dataRetriever, (err, applies) => {
+
+            expect(err).to.exist();
+
+            done();
+        });
+    });
+});