Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
5 changed files
with
98 additions
and
53 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,5 +1,9 @@ | ||
{ | ||
"rules": { | ||
"mocha/handle-done-callback": 0, | ||
"mocha/no-async-describe": 0, | ||
"mocha/no-global-tests": 0, | ||
"mocha/no-nested-tests": 0, | ||
"node/no-unpublished-require": 0 | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,17 +1,43 @@ | ||
import tap from 'tap' | ||
import assert from 'node:assert/strict'; | ||
import test from 'node:test'; | ||
|
||
import { checkRoles } from '../lib/auth.js' | ||
|
||
tap.test('auth.test.js', t => { | ||
t.plan(10) | ||
t.true(checkRoles('admin', 'admin'), 'admin can access admin') | ||
t.false(checkRoles('user', 'admin'), 'user can\'t access admin') | ||
t.true(checkRoles(['user'], 'user'), '[user] can access user') | ||
t.true(checkRoles(['user'], ['user']), '[user] can access [user]') | ||
t.true(checkRoles('user', ['user']), 'user can access [user]') | ||
t.false(checkRoles(['a'], ['a', 'b'], { all: true }), 'all should cause a false return when not all roles are present') | ||
t.true(checkRoles(['b', 'a'], ['a', 'b'], { all: true }), 'all should cause a true return when all roles are present') | ||
t.true(checkRoles(['ham', 'b', 'x', 'a'], ['a', 'b'], { all: true }), 'all should cause a true return when all roles are present and user has more roles than are needed') | ||
t.false(checkRoles('admin', 'user'), 'admin can\'t access user') | ||
t.true(checkRoles('admin', 'user', { hierarchy: ['user', 'admin'] }), 'admin can access user with appropriate hierarchy') | ||
test('checkRoles()', async t => { | ||
await t.test('basic', () => { | ||
assert.equal(checkRoles('admin', 'admin'), true, 'admin can access admin') | ||
assert.equal(checkRoles('user', 'admin'), false, "user can't access admin") | ||
assert.equal(checkRoles(['user'], 'user'), true, '[user] can access user') | ||
assert.equal(checkRoles(['user'], ['user']), true, '[user] can access [user]') | ||
assert.equal(checkRoles('user', ['user']), true, 'user can access [user]') | ||
}) | ||
|
||
await t.test('all: true', () => { | ||
assert.equal( | ||
checkRoles(['a'], ['a', 'b'], { all: true }), | ||
false, | ||
'all should cause a false return when not all roles are present' | ||
) | ||
|
||
assert.equal( | ||
checkRoles(['b', 'a'], ['a', 'b'], { all: true }), | ||
true, | ||
'all should cause a true return when all roles are present' | ||
); | ||
|
||
assert.equal( | ||
checkRoles(['ham', 'b', 'x', 'a'], ['a', 'b'], { all: true }), | ||
true, | ||
'all should cause a true return when all roles are present and user has more roles than are needed' | ||
) | ||
}); | ||
|
||
await t.test('hierarchy', () => { | ||
assert.equal(checkRoles('admin', 'user'), false, "admin can't access user") | ||
assert.equal( | ||
checkRoles('admin', 'user', { hierarchy: ['user', 'admin'] }), | ||
true, | ||
'admin can access user with appropriate hierarchy' | ||
) | ||
}); | ||
}) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,42 +1,43 @@ | ||
import assert from 'node:assert/strict'; | ||
import { describe, it } from 'node:test'; | ||
|
||
import fastify from 'fastify' | ||
import tap from 'tap' | ||
|
||
import { fastifyAclAuth as plugin } from '../plugin.js' | ||
import { fastifyAclAuth } from '../plugin.js' | ||
|
||
/** @type {import('../plugin.js').ActualRolesCallback} */ | ||
const actualRoles = () => 'user'; | ||
const fastifyAclAuthPlugin = fastifyAclAuth({ actualRoles: () => 'user' }); | ||
|
||
tap.test('plugin.test.js', async t => { | ||
const defaultPlugin = plugin({ actualRoles }) | ||
const fastifyInstance = fastify() | ||
describe('plugin.test.js', () => { | ||
it('should get actual route when accessing user', async () => { | ||
const fastifyInstance = fastify() | ||
|
||
t.ok(defaultPlugin, 'plugin exists') | ||
fastifyInstance.register(function (f, _o, n) { | ||
f.register(plugin({ allowedRoles: ['user'], actualRoles })) | ||
f.get('/user', async function () { | ||
return '/user' | ||
}) | ||
n() | ||
}) | ||
fastifyInstance.register(function (f, _o, n) { | ||
f.register(plugin({ allowedRoles: ['admin'], actualRoles })) | ||
f.get('/admin', async function () { | ||
return '/admin' | ||
fastifyInstance.register(async fastifyScope => { | ||
fastifyScope.register(fastifyAclAuthPlugin, { allowedRoles: 'user' }) | ||
fastifyScope.get('/user', () => '/user') | ||
}) | ||
n() | ||
}) | ||
await t.test('get /user', async t => { | ||
|
||
const response = await fastifyInstance.inject({ | ||
method: 'GET', | ||
url: '/user', | ||
}) | ||
t.is(response.body, '/user', 'body should be /user') | ||
|
||
assert.equal(response.body, '/user', 'body should be /user') | ||
}) | ||
await t.test('get /admin', async t => { | ||
|
||
it('should get 403 when accessing admin', async () => { | ||
const fastifyInstance = fastify() | ||
|
||
fastifyInstance.register(async fastifyScope => { | ||
fastifyScope.register(fastifyAclAuthPlugin, { allowedRoles: 'admin' }) | ||
fastifyScope.get('/admin', () => '/admin') | ||
}) | ||
|
||
const response = await fastifyInstance.inject({ | ||
method: 'GET', | ||
url: '/admin', | ||
}) | ||
t.is(response.statusCode, 403, 'admin should return 403') | ||
|
||
assert.equal(response.statusCode, 403, 'admin should return 403') | ||
assert.notEqual(response.body, '/admin', 'body should not be /admin') | ||
}) | ||
}) |