From 91a804aa3fb6adf142e0415d566a1cd953262df8 Mon Sep 17 00:00:00 2001 From: James Lambie Date: Mon, 4 Dec 2017 15:31:47 +0000 Subject: [PATCH] feat: allow options request for token route --- dadi/lib/auth/index.js | 12 + dadi/lib/help.js | 15 +- test/acceptance/auth.js | 785 ++++++++++++++++++++-------------------- 3 files changed, 406 insertions(+), 406 deletions(-) diff --git a/dadi/lib/auth/index.js b/dadi/lib/auth/index.js index 0334b26c..9a816714 100755 --- a/dadi/lib/auth/index.js +++ b/dadi/lib/auth/index.js @@ -165,7 +165,19 @@ module.exports = function (server) { var method = req.method && req.method.toLowerCase() if (method === 'post') { return tokens.generate(req, res, next) + } else if (method === 'options') { + res.statusCode = 200 + res.setHeader('content-type', 'application/json') + + if (config.get('cors') === true) { + res.setHeader('Access-Control-Allow-Origin', '*') + res.setHeader('Access-Control-Allow-Methods', 'POST, OPTIONS') + res.setHeader('Access-Control-Allow-Headers', 'Origin, X-Requested-With, Content-Type, Accept, Authorization') + } + + return res.end(JSON.stringify({})) } + next() }) } diff --git a/dadi/lib/help.js b/dadi/lib/help.js index 1d8dad17..400c3931 100755 --- a/dadi/lib/help.js +++ b/dadi/lib/help.js @@ -1,4 +1,3 @@ -var _ = require('underscore') var crypto = require('crypto') var formatError = require('@dadi/format-error') var fs = require('fs') @@ -159,7 +158,7 @@ module.exports.transformQuery = function (obj, type, format) { } if (obj) { - Object.keys(obj).forEach((key) => { + Object.keys(obj).forEach(key => { if ((typeof obj[key] === 'object') && (obj[key] !== null)) { this.transformQuery(obj[key], type) } else if (typeof obj[key] === 'string') { @@ -233,7 +232,7 @@ module.exports.validateCollectionSchema = function (obj) { response.errors.push({section: 'settings', message: 'must be provided'}) } - if (!_.isEmpty(response.errors)) { + if (response.errors.length > 0) { response.success = false return response } @@ -262,13 +261,13 @@ module.exports.validateCollectionSchema = function (obj) { if (!obj.settings.index) { indexSpecified = false } else { - if (_.isArray(obj.settings.index)) { - _.each(obj.settings.index, (index) => { - if (_.contains(Object.keys(index.keys), obj.settings.sort)) { + if (Array.isArray(obj.settings.index)) { + obj.settings.index.forEach(index => { + if (Object.keys(index.keys).includes(obj.settings.sort)) { indexSpecified = true } }) - } else if (_.contains(Object.keys(obj.settings.index.keys), obj.settings.sort)) { + } else if (Object.keys(obj.settings.index.keys).includes(obj.settings.sort)) { indexSpecified = true } } @@ -278,7 +277,7 @@ module.exports.validateCollectionSchema = function (obj) { } } - response.success = _.isEmpty(response.errors) + response.success = response.errors.length === 0 return response } diff --git a/test/acceptance/auth.js b/test/acceptance/auth.js index afe24eed..d378f365 100755 --- a/test/acceptance/auth.js +++ b/test/acceptance/auth.js @@ -1,522 +1,490 @@ -var should = require('should'); -var request = require('supertest'); -var config = require(__dirname + '/../../config'); -var help = require(__dirname + '/help'); -var app = require(__dirname + '/../../dadi/lib/'); -var tokens = require(__dirname + '/../../dadi/lib/auth/tokens'); -var fs = require('fs'); +var should = require('should') +var request = require('supertest') +var config = require(__dirname + '/../../config') +var help = require(__dirname + '/help') +var app = require(__dirname + '/../../dadi/lib/') +var tokens = require(__dirname + '/../../dadi/lib/auth/tokens') +var fs = require('fs') -var originalSchemaPath = __dirname + '/../new-schema.json'; -var testSchemaPath = __dirname + '/workspace/collections/vtest/testdb/collection.test-schema.json'; +var originalSchemaPath = __dirname + '/../new-schema.json' +var testSchemaPath = __dirname + '/workspace/collections/vtest/testdb/collection.test-schema.json' describe('Authentication', function () { - var tokenRoute = config.get('auth.tokenUrl'); + var tokenRoute = config.get('auth.tokenUrl') - before(function (done) { - - help.createClient(null, function() { - - app.start(function (err) { - if (err) return done(err); + before(function (done) { + help.createClient(null, function () { + app.start(function (err) { + if (err) return done(err) // give it a moment for http.Server to finish starting - setTimeout(function () { - done(); - }, 500); - }) - }); - }); - - after(function (done) { - help.removeTestClients(function() { - app.stop(done); - }); - }); + setTimeout(function () { + done() + }, 500) + }) + }) + }) - afterEach(function (done) { - var testSchema = fs.readFileSync(originalSchemaPath, {encoding: 'utf8'}) - testSchema = testSchema.replace('newField', 'field1') - fs.writeFileSync(testSchemaPath, testSchema) - done() + after(function (done) { + help.removeTestClients(function () { + app.stop(done) }) + }) - it('should issue a bearer token', function (done) { - var client = request('http://' + config.get('server.host') + ':' + config.get('server.port')); + afterEach(function (done) { + var testSchema = fs.readFileSync(originalSchemaPath, {encoding: 'utf8'}) + testSchema = testSchema.replace('newField', 'field1') + fs.writeFileSync(testSchemaPath, testSchema) + done() + }) - client + it('should issue a bearer token', function (done) { + var client = request('http://' + config.get('server.host') + ':' + config.get('server.port')) + + client .post(tokenRoute) .send({ - clientId: 'test123', - secret: 'superSecret' + clientId: 'test123', + secret: 'superSecret' }) .expect('content-type', 'application/json') .expect('pragma', 'no-cache') .expect('Cache-Control', 'no-store') - .expect(200, done); - }); + .expect(200, done) + }) - it('should not issue token if creds are invalid', function (done) { - var client = request('http://' + config.get('server.host') + ':' + config.get('server.port')); + it('should not issue token if creds are invalid', function (done) { + var client = request('http://' + config.get('server.host') + ':' + config.get('server.port')) - client + client .post(tokenRoute) .send({ - clientId: 'test123', - secret: 'badSecret', - code: ' ' + clientId: 'test123', + secret: 'badSecret', + code: ' ' }) - .expect(401, function(err, res) { - res.headers['www-authenticate'].should.exist; - res.headers['www-authenticate'].should.eql('Bearer, error="invalid_credentials", error_description="Invalid credentials supplied"'); - done(); - }); - }); - - it('should allow requests containing token', function (done) { - help.getBearerToken(function (err, token) { + .expect(401, function (err, res) { + res.headers['www-authenticate'].should.exist + res.headers['www-authenticate'].should.eql('Bearer, error="invalid_credentials", error_description="Invalid credentials supplied"') + done() + }) + }) - var client = request('http://' + config.get('server.host') + ':' + config.get('server.port')); + it('should allow requests containing token', function (done) { + help.getBearerToken(function (err, token) { + var client = request('http://' + config.get('server.host') + ':' + config.get('server.port')) - client + client .get('/vtest/testdb/test-schema') .set('Authorization', 'Bearer ' + token) .expect('content-type', 'application/json') - .expect(200, done); - }); - }); - - it('should not allow requests containing invalid token', function (done) { + .expect(200, done) + }) + }) - help.getBearerToken(function (err, token) { - var client = request('http://' + config.get('server.host') + ':' + config.get('server.port')); + it('should not allow requests containing invalid token', function (done) { + help.getBearerToken(function (err, token) { + var client = request('http://' + config.get('server.host') + ':' + config.get('server.port')) - client + client .get('/vtest/testdb/test-schema') .set('Authorization', 'Bearer badtokenvalue') - .expect(401, function(err, res) { - res.headers['www-authenticate'].should.exist; - res.headers['www-authenticate'].should.eql('Bearer, error="invalid_token", error_description="Invalid or expired access token"'); - done(); - }); - }); - }); - - it('should not allow requests with expired tokens', function (done) { - this.timeout(4000); + .expect(401, function (err, res) { + res.headers['www-authenticate'].should.exist + res.headers['www-authenticate'].should.eql('Bearer, error="invalid_token", error_description="Invalid or expired access token"') + done() + }) + }) + }) - var oldTtl = Number(config.get('auth.tokenTtl')); - config.set('auth.tokenTtl', 1); + it('should not allow requests with expired tokens', function (done) { + this.timeout(4000) - var _done = function (err) { - config.set('auth.tokenTtl', oldTtl); - done(err); - }; + var oldTtl = Number(config.get('auth.tokenTtl')) + config.set('auth.tokenTtl', 1) - help.getBearerToken(function (err, token) { + var _done = function (err) { + config.set('auth.tokenTtl', oldTtl) + done(err) + } - var client = request('http://' + config.get('server.host') + ':' + config.get('server.port')); + help.getBearerToken(function (err, token) { + var client = request('http://' + config.get('server.host') + ':' + config.get('server.port')) - client + client .get('/vtest/testdb/test-schema') .set('Authorization', 'Bearer ' + token) .expect(200, function (err) { - if (err) return _done(err); + if (err) return _done(err) - setTimeout(function () { - client + setTimeout(function () { + client .get('/vtest/testdb/test-schema') .set('Authorization', 'Bearer ' + token) - .expect(401, function(err, res) { - res.headers['www-authenticate'].should.exist; - res.headers['www-authenticate'].should.eql('Bearer, error="invalid_token", error_description="Invalid or expired access token"'); - _done(); + .expect(401, function (err, res) { + res.headers['www-authenticate'].should.exist + res.headers['www-authenticate'].should.eql('Bearer, error="invalid_token", error_description="Invalid or expired access token"') + _done() }) - }, 2000); - }); - }); - }); - - it('should not allow POST requests for collection config by clients with accessType `user`', function (done) { - - help.getBearerTokenWithAccessType("user", function (err, token) { + }, 2000) + }) + }) + }) - var client = request('http://' + config.get('server.host') + ':' + config.get('server.port')); + it('should not allow POST requests for collection config by clients with accessType `user`', function (done) { + help.getBearerTokenWithAccessType('user', function (err, token) { + var client = request('http://' + config.get('server.host') + ':' + config.get('server.port')) - var testSchema = fs.readFileSync(originalSchemaPath, {encoding: 'utf8'}); + var testSchema = fs.readFileSync(originalSchemaPath, {encoding: 'utf8'}) - client + client .post('/vtest/testdb/test-schema/config') .send(testSchema) .set('Authorization', 'Bearer ' + token) .expect(401) - //.expect('content-type', 'application/json') - .end(function(err,res) { - if (err) return done(err); - res.headers['www-authenticate'].should.exist; - res.headers['www-authenticate'].should.eql('Bearer realm="/vtest/testdb/test-schema/config"'); - done(); - }); - }); - }); - - it('should allow GET requests for collection config by clients with accessType `user`', function (done) { - - help.getBearerTokenWithAccessType("user", function (err, token) { + // .expect('content-type', 'application/json') + .end(function (err, res) { + if (err) return done(err) + res.headers['www-authenticate'].should.exist + res.headers['www-authenticate'].should.eql('Bearer realm="/vtest/testdb/test-schema/config"') + done() + }) + }) + }) - var client = request('http://' + config.get('server.host') + ':' + config.get('server.port')); + it('should allow GET requests for collection config by clients with accessType `user`', function (done) { + help.getBearerTokenWithAccessType('user', function (err, token) { + var client = request('http://' + config.get('server.host') + ':' + config.get('server.port')) - client + client .get('/vtest/testdb/test-schema/config') .set('Authorization', 'Bearer ' + token) .expect(200) - //.expect('content-type', 'application/json') - .end(function(err,res) { - if (err) return done(err); - done(); - }); - }); - }); - - it('should not allow POST requests for collection config by clients with no accessType specified', function (done) { - - help.getBearerToken(function (err, token) { + // .expect('content-type', 'application/json') + .end(function (err, res) { + if (err) return done(err) + done() + }) + }) + }) - var client = request('http://' + config.get('server.host') + ':' + config.get('server.port')); + it('should not allow POST requests for collection config by clients with no accessType specified', function (done) { + help.getBearerToken(function (err, token) { + var client = request('http://' + config.get('server.host') + ':' + config.get('server.port')) - var testSchema = fs.readFileSync(originalSchemaPath, {encoding: 'utf8'}); + var testSchema = fs.readFileSync(originalSchemaPath, {encoding: 'utf8'}) - client + client .post('/vtest/testdb/test-schema/config') .send(testSchema) .set('Authorization', 'Bearer ' + token) .expect(401) - //.expect('content-type', 'application/json') - .end(function(err,res) { - if (err) return done(err); - res.headers['www-authenticate'].should.exist; - res.headers['www-authenticate'].should.eql('Bearer realm="/vtest/testdb/test-schema/config"'); - done(); - }); - }); - }); - - it('should allow requests for collection config by clients with accessType `admin`', function (done) { - - help.getBearerTokenWithAccessType("admin", function (err, token) { + // .expect('content-type', 'application/json') + .end(function (err, res) { + if (err) return done(err) + res.headers['www-authenticate'].should.exist + res.headers['www-authenticate'].should.eql('Bearer realm="/vtest/testdb/test-schema/config"') + done() + }) + }) + }) - var client = request('http://' + config.get('server.host') + ':' + config.get('server.port')); + it('should allow requests for collection config by clients with accessType `admin`', function (done) { + help.getBearerTokenWithAccessType('admin', function (err, token) { + var client = request('http://' + config.get('server.host') + ':' + config.get('server.port')) - client + client .get('/vtest/testdb/test-schema/config') .set('Authorization', 'Bearer ' + token) .expect(200) - //.expect('content-type', 'application/json') - .end(function(err,res) { - if (err) return done(err); - done(); - }); - }); - }); - - it('should allow unauthenticated request for collection specifying authenticate = false', function (done) { + // .expect('content-type', 'application/json') + .end(function (err, res) { + if (err) return done(err) + done() + }) + }) + }) - help.getBearerTokenWithAccessType("admin", function (err, token) { - var client = request('http://' + config.get('server.host') + ':' + config.get('server.port')); + it('should allow unauthenticated request for collection specifying authenticate = false', function (done) { + help.getBearerTokenWithAccessType('admin', function (err, token) { + var client = request('http://' + config.get('server.host') + ':' + config.get('server.port')) - var jsSchemaString = fs.readFileSync(testSchemaPath, {encoding: 'utf8'}); - var schema = JSON.parse(jsSchemaString); + var jsSchemaString = fs.readFileSync(testSchemaPath, {encoding: 'utf8'}) + var schema = JSON.parse(jsSchemaString) // update the schema - schema.settings.authenticate = false; + schema.settings.authenticate = false - client + client .post('/vtest/testdb/test-schema/config') .send(JSON.stringify(schema)) .set('content-type', 'text/plain') .set('Authorization', 'Bearer ' + token) .expect(200) - //.expect('content-type', 'application/json') + // .expect('content-type', 'application/json') .end(function (err, res) { - if (err) return done(err); + if (err) return done(err) // Wait, then test that we can make an unauthenticated request - setTimeout(function () { - client + setTimeout(function () { + client .get('/vtest/testdb/test-schema') .expect(200) .expect('content-type', 'application/json') - .end(function(err,res) { - if (err) return done(err); - done(); - }); - }, 300); - }); - }); - }); - - it('should allow unauthenticated GET request for collection specifying read-only authentication settings', function (done) { + .end(function (err, res) { + if (err) return done(err) + done() + }) + }, 300) + }) + }) + }) - help.getBearerTokenWithAccessType("admin", function (err, token) { - var client = request('http://' + config.get('server.host') + ':' + config.get('server.port')); + it('should allow unauthenticated GET request for collection specifying read-only authentication settings', function (done) { + help.getBearerTokenWithAccessType('admin', function (err, token) { + var client = request('http://' + config.get('server.host') + ':' + config.get('server.port')) - var jsSchemaString = fs.readFileSync(testSchemaPath, {encoding: 'utf8'}); - var schema = JSON.parse(jsSchemaString); + var jsSchemaString = fs.readFileSync(testSchemaPath, {encoding: 'utf8'}) + var schema = JSON.parse(jsSchemaString) // update the schema - schema.settings.authenticate = ['POST', 'PUT', 'DELETE']; + schema.settings.authenticate = ['POST', 'PUT', 'DELETE'] - client + client .post('/vtest/testdb/test-schema/config') .send(JSON.stringify(schema)) .set('content-type', 'text/plain') .set('Authorization', 'Bearer ' + token) .expect(200) - //.expect('content-type', 'application/json') + // .expect('content-type', 'application/json') .end(function (err, res) { - if (err) return done(err); + if (err) return done(err) // Wait, then test that we can make an unauthenticated request - setTimeout(function () { - client + setTimeout(function () { + client .get('/vtest/testdb/test-schema') .expect(200) .expect('content-type', 'application/json') - .end(function(err,res) { - if (err) return done(err); - done(); - }); - }, 300); - }); - }); - }); - - it('should not allow unauthenticated POST request for collection specifying read-only authentication settings', function (done) { + .end(function (err, res) { + if (err) return done(err) + done() + }) + }, 300) + }) + }) + }) - help.getBearerTokenWithAccessType("admin", function (err, token) { - var client = request('http://' + config.get('server.host') + ':' + config.get('server.port')); + it('should not allow unauthenticated POST request for collection specifying read-only authentication settings', function (done) { + help.getBearerTokenWithAccessType('admin', function (err, token) { + var client = request('http://' + config.get('server.host') + ':' + config.get('server.port')) - var jsSchemaString = fs.readFileSync(testSchemaPath, {encoding: 'utf8'}); - var schema = JSON.parse(jsSchemaString); + var jsSchemaString = fs.readFileSync(testSchemaPath, {encoding: 'utf8'}) + var schema = JSON.parse(jsSchemaString) // update the schema - schema.settings.authenticate = ['POST', 'PUT', 'DELETE']; + schema.settings.authenticate = ['POST', 'PUT', 'DELETE'] - client + client .post('/vtest/testdb/test-schema/config') .send(JSON.stringify(schema)) .set('content-type', 'text/plain') .set('Authorization', 'Bearer ' + token) .expect(200) - //.expect('content-type', 'application/json') + // .expect('content-type', 'application/json') .end(function (err, res) { - if (err) return done(err); + if (err) return done(err) // Wait, then test that we can make an unauthenticated request - setTimeout(function () { - client + setTimeout(function () { + client .post('/vtest/testdb/test-schema') .expect(401) .expect('content-type', 'application/json') - .end(function(err,res) { - if (err) return done(err); - done(); - }); - }, 300); - }); - }); - }); - - it('should allow access to collection specified in client permissions list without apiVersion restriction', function (done) { - - var permissions = { permissions: { collections: [ { path: "test-schema" } ] } } + .end(function (err, res) { + if (err) return done(err) + done() + }) + }, 300) + }) + }) + }) - help.getBearerTokenWithPermissions(permissions, function (err, token) { + it('should allow access to collection specified in client permissions list without apiVersion restriction', function (done) { + var permissions = { permissions: { collections: [ { path: 'test-schema' } ] } } - var client = request('http://' + config.get('server.host') + ':' + config.get('server.port')); + help.getBearerTokenWithPermissions(permissions, function (err, token) { + var client = request('http://' + config.get('server.host') + ':' + config.get('server.port')) // Wait, then test that we can make an unauthenticated request - setTimeout(function () { - client + setTimeout(function () { + client .get('/vtest/testdb/test-schema?cache=false') .set('Authorization', 'Bearer ' + token) .expect(200) - //.expect('content-type', 'application/json') - .end(function(err,res) { - if (err) return done(err); - done(); - }); - }, 300); - }); - }); - - it('should allow access to collection specified in client permissions list with apiVersion restriction', function (done) { - - var permissions = { permissions: { collections: [ { apiVersion: 'vtest', path: "test-schema" } ] } } + // .expect('content-type', 'application/json') + .end(function (err, res) { + if (err) return done(err) + done() + }) + }, 300) + }) + }) - help.getBearerTokenWithPermissions(permissions, function (err, token) { + it('should allow access to collection specified in client permissions list with apiVersion restriction', function (done) { + var permissions = { permissions: { collections: [ { apiVersion: 'vtest', path: 'test-schema' } ] } } - var client = request('http://' + config.get('server.host') + ':' + config.get('server.port')); + help.getBearerTokenWithPermissions(permissions, function (err, token) { + var client = request('http://' + config.get('server.host') + ':' + config.get('server.port')) // Wait, then test that we can make an unauthenticated request - setTimeout(function () { - client + setTimeout(function () { + client .get('/vtest/testdb/test-schema?cache=false') .set('Authorization', 'Bearer ' + token) .expect(200) - //.expect('content-type', 'application/json') - .end(function(err,res) { - if (err) return done(err); - done(); - }); - }, 300); - }); - }); - - it('should not allow access to collection specified in client permissions list with apiVersion restriction', function (done) { - - var permissions = { permissions: { collections: [ { apiVersion: '1.0', path: "test-schema" } ] } } + // .expect('content-type', 'application/json') + .end(function (err, res) { + if (err) return done(err) + done() + }) + }, 300) + }) + }) - help.getBearerTokenWithPermissions(permissions, function (err, token) { + it('should not allow access to collection specified in client permissions list with apiVersion restriction', function (done) { + var permissions = { permissions: { collections: [ { apiVersion: '1.0', path: 'test-schema' } ] } } - var client = request('http://' + config.get('server.host') + ':' + config.get('server.port')); + help.getBearerTokenWithPermissions(permissions, function (err, token) { + var client = request('http://' + config.get('server.host') + ':' + config.get('server.port')) // Wait, then test that we can make an unauthenticated request - setTimeout(function () { - client + setTimeout(function () { + client .get('/vtest/testdb/test-schema?cache=false') .set('Authorization', 'Bearer ' + token) .expect(401) - //.expect('content-type', 'application/json') - .end(function(err,res) { - if (err) return done(err); - res.headers['www-authenticate'].should.exist; - res.headers['www-authenticate'].should.eql('Bearer realm="/vtest/testdb/test-schema"'); - done(); - }); - }, 300); - }); - }); - - it('should not allow access to collection not specified in client permissions list', function (done) { - - var permissions = { permissions: { collections: [ { apiVersion: 'vtest', path: "books" } ] } } + // .expect('content-type', 'application/json') + .end(function (err, res) { + if (err) return done(err) + res.headers['www-authenticate'].should.exist + res.headers['www-authenticate'].should.eql('Bearer realm="/vtest/testdb/test-schema"') + done() + }) + }, 300) + }) + }) - help.getBearerTokenWithPermissions(permissions, function (err, token) { + it('should not allow access to collection not specified in client permissions list', function (done) { + var permissions = { permissions: { collections: [ { apiVersion: 'vtest', path: 'books' } ] } } - var client = request('http://' + config.get('server.host') + ':' + config.get('server.port')); + help.getBearerTokenWithPermissions(permissions, function (err, token) { + var client = request('http://' + config.get('server.host') + ':' + config.get('server.port')) // Wait, then test that we can make an unauthenticated request - setTimeout(function () { - client + setTimeout(function () { + client .get('/vtest/testdb/test-schema?cache=false') .set('Authorization', 'Bearer ' + token) .expect(401) - //.expect('content-type', 'application/json') - .end(function(err,res) { - if (err) return done(err); - res.headers['www-authenticate'].should.exist; - res.headers['www-authenticate'].should.eql('Bearer realm="/vtest/testdb/test-schema"'); - done(); - }); - }, 300); - }); - }); - - it('should allow access to endpoint specified in client permissions list without apiVersion restriction', function (done) { - - var permissions = { permissions: { endpoints: [ { path: "test-endpoint" } ] } } + // .expect('content-type', 'application/json') + .end(function (err, res) { + if (err) return done(err) + res.headers['www-authenticate'].should.exist + res.headers['www-authenticate'].should.eql('Bearer realm="/vtest/testdb/test-schema"') + done() + }) + }, 300) + }) + }) - help.getBearerTokenWithPermissions(permissions, function (err, token) { + it('should allow access to endpoint specified in client permissions list without apiVersion restriction', function (done) { + var permissions = { permissions: { endpoints: [ { path: 'test-endpoint' } ] } } - var client = request('http://' + config.get('server.host') + ':' + config.get('server.port')); + help.getBearerTokenWithPermissions(permissions, function (err, token) { + var client = request('http://' + config.get('server.host') + ':' + config.get('server.port')) // Wait, then test that we can make an unauthenticated request - setTimeout(function () { - client + setTimeout(function () { + client .get('/v1/test-endpoint') .set('Authorization', 'Bearer ' + token) .expect(200) - //.expect('content-type', 'application/json') - .end(function(err,res) { - if (err) return done(err); - done(); - }); - }, 300); - }); - }); - - it('should allow access to endpoint specified in client permissions list with apiVersion restriction', function (done) { - - var permissions = { permissions: { endpoints: [ { apiVersion: 'v1', path: "test-endpoint" } ] } } + // .expect('content-type', 'application/json') + .end(function (err, res) { + if (err) return done(err) + done() + }) + }, 300) + }) + }) - help.getBearerTokenWithPermissions(permissions, function (err, token) { + it('should allow access to endpoint specified in client permissions list with apiVersion restriction', function (done) { + var permissions = { permissions: { endpoints: [ { apiVersion: 'v1', path: 'test-endpoint' } ] } } - var client = request('http://' + config.get('server.host') + ':' + config.get('server.port')); + help.getBearerTokenWithPermissions(permissions, function (err, token) { + var client = request('http://' + config.get('server.host') + ':' + config.get('server.port')) // Wait, then test that we can make an unauthenticated request - setTimeout(function () { - client + setTimeout(function () { + client .get('/v1/test-endpoint') .set('Authorization', 'Bearer ' + token) .expect(200) - //.expect('content-type', 'application/json') - .end(function(err,res) { - if (err) return done(err); - done(); - }); - }, 300); - }); - }); - - it('should not allow access to endpoint not specified in client permissions list', function (done) { - - var permissions = { permissions: { endpoints: [ { apiVersion: 'v1', path: "xxxx-endpoint" } ] } } + // .expect('content-type', 'application/json') + .end(function (err, res) { + if (err) return done(err) + done() + }) + }, 300) + }) + }) - help.getBearerTokenWithPermissions(permissions, function (err, token) { + it('should not allow access to endpoint not specified in client permissions list', function (done) { + var permissions = { permissions: { endpoints: [ { apiVersion: 'v1', path: 'xxxx-endpoint' } ] } } - var client = request('http://' + config.get('server.host') + ':' + config.get('server.port')); + help.getBearerTokenWithPermissions(permissions, function (err, token) { + var client = request('http://' + config.get('server.host') + ':' + config.get('server.port')) // Wait, then test that we can make an unauthenticated request - setTimeout(function () { - client + setTimeout(function () { + client .get('/v1/test-endpoint') .set('Authorization', 'Bearer ' + token) .expect(401) - //.expect('content-type', 'application/json') - .end(function(err,res) { - if (err) return done(err); - res.headers['www-authenticate'].should.exist; - res.headers['www-authenticate'].should.eql('Bearer realm="/v1/test-endpoint"'); - done(); - }); - }, 300); - }); - }); - - it('should not allow access to endpoint specified in client permissions list with apiVersion restriction', function (done) { - - var permissions = { permissions: { endpoints: [ { apiVersion: 'v2', path: "test-endpoint" } ] } } + // .expect('content-type', 'application/json') + .end(function (err, res) { + if (err) return done(err) + res.headers['www-authenticate'].should.exist + res.headers['www-authenticate'].should.eql('Bearer realm="/v1/test-endpoint"') + done() + }) + }, 300) + }) + }) - help.getBearerTokenWithPermissions(permissions, function (err, token) { + it('should not allow access to endpoint specified in client permissions list with apiVersion restriction', function (done) { + var permissions = { permissions: { endpoints: [ { apiVersion: 'v2', path: 'test-endpoint' } ] } } - var client = request('http://' + config.get('server.host') + ':' + config.get('server.port')); + help.getBearerTokenWithPermissions(permissions, function (err, token) { + var client = request('http://' + config.get('server.host') + ':' + config.get('server.port')) // Wait, then test that we can make an unauthenticated request - setTimeout(function () { - client + setTimeout(function () { + client .get('/v1/test-endpoint') .set('Authorization', 'Bearer ' + token) .expect(401) - //.expect('content-type', 'application/json') - .end(function(err,res) { - if (err) return done(err); - res.headers['www-authenticate'].should.exist; - res.headers['www-authenticate'].should.eql('Bearer realm="/v1/test-endpoint"'); - done(); - }); - }, 300); - }); - }); + // .expect('content-type', 'application/json') + .end(function (err, res) { + if (err) return done(err) + res.headers['www-authenticate'].should.exist + res.headers['www-authenticate'].should.eql('Bearer realm="/v1/test-endpoint"') + done() + }) + }, 300) + }) + }) // it('should not allow access to main config when client permissions specified', function (done) { @@ -541,62 +509,84 @@ describe('Authentication', function () { // }); // }); - it('should allow access to collection when no permissions specified', function (done) { - - help.getBearerToken(function (err, token) { - - var client = request('http://' + config.get('server.host') + ':' + config.get('server.port')); + it('should allow access to collection when no permissions specified', function (done) { + help.getBearerToken(function (err, token) { + var client = request('http://' + config.get('server.host') + ':' + config.get('server.port')) // Wait, then test that we can make an unauthenticated request - setTimeout(function () { - client + setTimeout(function () { + client .get('/vtest/testdb/test-schema') .set('Authorization', 'Bearer ' + token) .expect(200) - //.expect('content-type', 'application/json') - .end(function(err,res) { - if (err) return done(err); - done(); - }); - }, 300); - }); - }); - - it('should allow access to endpoint when no permissions specified', function (done) { - - help.getBearerToken(function (err, token) { + // .expect('content-type', 'application/json') + .end(function (err, res) { + if (err) return done(err) + done() + }) + }, 300) + }) + }) - var client = request('http://' + config.get('server.host') + ':' + config.get('server.port')); + it('should allow access to endpoint when no permissions specified', function (done) { + help.getBearerToken(function (err, token) { + var client = request('http://' + config.get('server.host') + ':' + config.get('server.port')) // Wait, then test that we can make an unauthenticated request - setTimeout(function () { - client + setTimeout(function () { + client .get('/v1/test-endpoint') .set('Authorization', 'Bearer ' + token) .expect(200) - //.expect('content-type', 'application/json') - .end(function(err,res) { - if (err) return done(err); - done(); - }); - }, 300); - }); - }); - - it('should contain the correct CORS headers when cors = true', function (done) { - var oldCors = config.get('cors'); - config.set('cors', true); + // .expect('content-type', 'application/json') + .end(function (err, res) { + if (err) return done(err) + done() + }) + }, 300) + }) + }) + + it('should allow an OPTIONS request for the token route', function (done) { + var oldCors = config.get('cors') + config.set('cors', true) + + var _done = function (err) { + config.set('cors', oldCors) + done(err) + } + + help.getBearerToken(function (err, token) { + var client = request('http://' + config.get('server.host') + ':' + config.get('server.port')) + client + .options('/token') + .set('Origin', 'http://example.com') + .set('Access-Control-Request-Method', 'GET') + .set('Access-Control-Request-Headers', 'X-Requested-With') + .expect('content-type', 'application/json') + .expect('access-control-allow-origin', '*') + .expect('Access-Control-Allow-Methods', 'POST, OPTIONS') + .expect(200) + .end(function (err, res) { + if (err) return _done(err) + _done() + }) + }) + }) - var _done = function (err) { - config.set('cors', oldCors); - done(err); - }; + it('should contain the correct CORS headers when cors = true', function (done) { + var oldCors = config.get('cors') + config.set('cors', true) - help.getBearerToken(function (err, token) { + var _done = function (err) { + config.set('cors', oldCors) + done(err) + } - var client = request('http://' + config.get('server.host') + ':' + config.get('server.port')); + help.getBearerToken(function (err, token) { + var client = request('http://' + config.get('server.host') + ':' + config.get('server.port')) - client + client .options('/vtest/testdb/test-schema') .set('Origin', 'http://example.com') .set('Access-Control-Request-Method', 'GET') @@ -605,11 +595,10 @@ describe('Authentication', function () { .expect('content-type', 'application/json') .expect('access-control-allow-origin', '*') .expect(200) - .end(function(err,res) { - if (err) return _done(err); - _done(); - }); - }); - }); - -}); + .end(function (err, res) { + if (err) return _done(err) + _done() + }) + }) + }) +})