1
0
Fork 0
mirror of synced 2024-06-16 01:14:48 +12:00
budibase/packages/server/src/middleware/tests/authorized.spec.js

165 lines
3.7 KiB
JavaScript
Raw Normal View History

jest.mock("../../environment", () => ({
prod: false,
isTest: () => true,
isProd: () => this.prod,
_set: function(key, value) {
this.prod = value === "production"
}
})
)
const authorizedMiddleware = require("../authorized")
const env = require("../../environment")
2022-11-18 03:59:18 +13:00
const { PermissionType, PermissionLevel } = require("@budibase/backend-core/permissions")
const { doInAppContext } = require("@budibase/backend-core/context")
const APP_ID = ""
2021-03-10 00:27:12 +13:00
class TestConfiguration {
constructor(role) {
this.middleware = authorizedMiddleware(role)
this.next = jest.fn()
this.throw = jest.fn()
2022-01-26 11:54:50 +13:00
this.headers = {}
2021-03-10 00:27:12 +13:00
this.ctx = {
headers: {},
request: {
url: ""
},
appId: APP_ID,
2021-03-10 00:27:12 +13:00
auth: {},
next: this.next,
2022-01-26 11:54:50 +13:00
throw: this.throw,
get: (name) => this.headers[name],
2021-03-10 00:27:12 +13:00
}
}
executeMiddleware() {
return this.middleware(this.ctx, this.next)
2021-03-10 00:27:12 +13:00
}
setUser(user) {
this.ctx.user = user
}
setMiddlewareRequiredPermission(...perms) {
this.middleware = authorizedMiddleware(...perms)
}
setResourceId(id) {
this.ctx.resourceId = id
}
setAuthenticated(isAuthed) {
2022-01-26 11:54:50 +13:00
this.ctx.isAuthenticated = isAuthed
2021-03-10 00:27:12 +13:00
}
setRequestUrl(url) {
this.ctx.request.url = url
}
setEnvironment(isProd) {
env._set("NODE_ENV", isProd ? "production" : "jest")
2021-03-10 00:27:12 +13:00
}
setRequestHeaders(headers) {
this.ctx.headers = headers
}
afterEach() {
jest.clearAllMocks()
}
}
describe("Authorization middleware", () => {
const next = jest.fn()
let config
afterEach(() => {
config.afterEach()
})
beforeEach(() => {
config = new TestConfiguration()
})
describe("non-webhook call", () => {
let config
beforeEach(() => {
config = new TestConfiguration()
config.setEnvironment(true)
2021-03-10 00:27:12 +13:00
config.setAuthenticated(true)
})
it("throws when no user data is present in context", async () => {
await config.executeMiddleware()
expect(config.throw).toHaveBeenCalledWith(403, "No user info found")
})
it("passes on to next() middleware if user is an admin", async () => {
config.setUser({
2021-05-21 07:48:24 +12:00
_id: "user",
2021-03-10 00:27:12 +13:00
role: {
_id: "ADMIN",
}
})
await config.executeMiddleware()
expect(config.next).toHaveBeenCalled()
})
2022-01-26 11:54:50 +13:00
it("throws if the user does not have builder permissions", async () => {
config.setEnvironment(false)
2022-11-18 03:59:18 +13:00
config.setMiddlewareRequiredPermission(PermissionType.BUILDER)
2021-03-10 00:27:12 +13:00
config.setUser({
role: {
_id: ""
}
})
await config.executeMiddleware()
expect(config.throw).toHaveBeenCalledWith(403, "Not Authorized")
})
it("passes on to next() middleware if the user has resource permission", async () => {
2022-11-18 03:59:18 +13:00
config.setResourceId(PermissionType.QUERY)
2021-03-10 00:27:12 +13:00
config.setUser({
role: {
_id: ""
}
})
2022-11-18 03:59:18 +13:00
config.setMiddlewareRequiredPermission(PermissionType.QUERY)
2021-03-10 00:27:12 +13:00
await config.executeMiddleware()
expect(config.next).toHaveBeenCalled()
})
2022-01-26 11:54:50 +13:00
it("throws if the user session is not authenticated", async () => {
2021-03-10 00:27:12 +13:00
config.setUser({
role: {
_id: ""
},
})
config.setAuthenticated(false)
await config.executeMiddleware()
expect(config.throw).toHaveBeenCalledWith(403, "Session not authenticated")
})
it("throws if the user does not have base permissions to perform the operation", async () => {
config.setUser({
role: {
_id: ""
},
})
2022-11-18 03:59:18 +13:00
config.setMiddlewareRequiredPermission(PermissionType.ADMIN, PermissionLevel.BASIC)
2021-03-10 00:27:12 +13:00
await config.executeMiddleware()
expect(config.throw).toHaveBeenCalledWith(403, "User does not have permission")
})
})
})