1 | 'use strict'
|
2 |
|
3 |
|
4 | const Fastify = require('fastify')
|
5 | const fastifyGuard = require('./src/index')
|
6 |
|
7 |
|
8 | const generateServer = async (pluginOpts) => {
|
9 |
|
10 | const fastify = new Fastify()
|
11 |
|
12 |
|
13 | await fastify.register(fastifyGuard, pluginOpts)
|
14 |
|
15 |
|
16 | fastify.addHook('onRequest', (req, reply, done) => {
|
17 | req.user = {
|
18 | id: 306,
|
19 | name: 'Huseyin',
|
20 | role: ['user', 'admin', 'editor'],
|
21 | scope: ['profile', 'email', 'openid'],
|
22 | location: 'Istanbul'
|
23 | }
|
24 |
|
25 |
|
26 | done()
|
27 | })
|
28 |
|
29 |
|
30 | return fastify
|
31 | }
|
32 |
|
33 |
|
34 |
|
35 |
|
36 | test('sufficient hasRole check', async done => {
|
37 |
|
38 | const fastify = await generateServer()
|
39 |
|
40 |
|
41 | fastify.get('/', (req, reply) => {
|
42 |
|
43 | const isOk = fastify.guard.hasRole(req, 'user')
|
44 |
|
45 |
|
46 | reply.send(isOk)
|
47 | })
|
48 |
|
49 |
|
50 | fastify.inject(
|
51 | { method: 'GET', url: '/' },
|
52 |
|
53 | (err, res) => {
|
54 |
|
55 | expect(res.payload).toBe('true')
|
56 | done()
|
57 |
|
58 |
|
59 | fastify.close()
|
60 | }
|
61 | )
|
62 | })
|
63 |
|
64 |
|
65 | test('insufficient hasRole check', async done => {
|
66 |
|
67 | const fastify = await generateServer()
|
68 |
|
69 |
|
70 | fastify.get('/', (req, reply) => {
|
71 |
|
72 | const isOk = fastify.guard.hasRole(req, 'cmo')
|
73 |
|
74 |
|
75 | reply.send(isOk)
|
76 | })
|
77 |
|
78 |
|
79 | fastify.inject(
|
80 | { method: 'GET', url: '/' },
|
81 |
|
82 | (err, res) => {
|
83 |
|
84 | expect(res.payload).toBe('false')
|
85 | done()
|
86 |
|
87 |
|
88 | fastify.close()
|
89 | }
|
90 | )
|
91 | })
|
92 |
|
93 |
|
94 | test('hasRole argument validations', async done => {
|
95 |
|
96 | const fastify = await generateServer()
|
97 |
|
98 |
|
99 | fastify.get('/', (req, reply) => {
|
100 |
|
101 | const isOk =
|
102 | fastify.guard.hasRole(req, '') || fastify.guard.hasRole(null, 'user') || fastify.guard.hasRole()
|
103 |
|
104 |
|
105 | reply.send(isOk)
|
106 | })
|
107 |
|
108 |
|
109 | fastify.inject(
|
110 | { method: 'GET', url: '/' },
|
111 |
|
112 | (err, res) => {
|
113 |
|
114 | expect(res.statusCode).toBe(500)
|
115 | done()
|
116 |
|
117 |
|
118 | fastify.close()
|
119 | }
|
120 | )
|
121 | })
|
122 |
|
123 |
|
124 | test('sufficient hasScope check', async done => {
|
125 |
|
126 | const fastify = await generateServer()
|
127 |
|
128 |
|
129 | fastify.get('/', (req, reply) => {
|
130 |
|
131 | const isOk = fastify.guard.hasScope(req, 'profile')
|
132 |
|
133 |
|
134 | reply.send(isOk)
|
135 | })
|
136 |
|
137 |
|
138 | fastify.inject(
|
139 | { method: 'GET', url: '/' },
|
140 |
|
141 | (err, res) => {
|
142 |
|
143 | expect(res.payload).toBe('true')
|
144 | done()
|
145 |
|
146 |
|
147 | fastify.close()
|
148 | }
|
149 | )
|
150 | })
|
151 |
|
152 |
|
153 | test('insufficient hasScope check', async done => {
|
154 |
|
155 | const fastify = await generateServer()
|
156 |
|
157 |
|
158 | fastify.get('/', (req, reply) => {
|
159 |
|
160 | const isOk = fastify.guard.hasScope(req, 'base')
|
161 |
|
162 |
|
163 | reply.send(isOk)
|
164 | })
|
165 |
|
166 |
|
167 | fastify.inject(
|
168 | { method: 'GET', url: '/' },
|
169 |
|
170 | (err, res) => {
|
171 |
|
172 | expect(res.payload).toBe('false')
|
173 | done()
|
174 |
|
175 |
|
176 | fastify.close()
|
177 | }
|
178 | )
|
179 | })
|
180 |
|
181 |
|
182 | test('hasScope argument validations', async done => {
|
183 |
|
184 | const fastify = await generateServer()
|
185 |
|
186 |
|
187 | fastify.get('/', (req, reply) => {
|
188 |
|
189 | const isOk =
|
190 | fastify.guard.hasScope(req, '') || fastify.guard.hasScope(null, 'profile') || fastify.guard.hasScope()
|
191 |
|
192 |
|
193 | reply.send(isOk)
|
194 | })
|
195 |
|
196 |
|
197 | fastify.inject(
|
198 | { method: 'GET', url: '/' },
|
199 |
|
200 | (err, res) => {
|
201 |
|
202 | expect(res.statusCode).toBe(500)
|
203 | done()
|
204 |
|
205 |
|
206 | fastify.close()
|
207 | }
|
208 | )
|
209 | })
|
210 |
|
211 |
|
212 | test('sufficient role permission (check OR case by providing two roles as arguments)', async done => {
|
213 |
|
214 | const fastify = await generateServer()
|
215 |
|
216 |
|
217 | fastify.get('/', { preHandler: [fastify.guard.role('admin', ['author'])] }, (req, reply) => {
|
218 |
|
219 | reply.send()
|
220 | })
|
221 |
|
222 |
|
223 | fastify.inject(
|
224 | { method: 'GET', url: '/' },
|
225 |
|
226 | (err, res) => {
|
227 |
|
228 | expect(res.payload).toBe('')
|
229 | done()
|
230 |
|
231 |
|
232 | fastify.close()
|
233 | }
|
234 | )
|
235 | })
|
236 |
|
237 |
|
238 | test('insufficient role permission (check OR case by providing two roles as arguments)', async done => {
|
239 |
|
240 | const fastify = await generateServer()
|
241 |
|
242 |
|
243 | fastify.get('/', { preHandler: [fastify.guard.role('author', ['ceo'])] }, (req, reply) => {
|
244 |
|
245 | reply.send()
|
246 | })
|
247 |
|
248 |
|
249 | fastify.inject(
|
250 | { method: 'GET', url: '/' },
|
251 |
|
252 | (err, res) => {
|
253 |
|
254 | expect(res.statusCode).toBe(403)
|
255 | done()
|
256 |
|
257 |
|
258 | fastify.close()
|
259 | }
|
260 | )
|
261 | })
|
262 |
|
263 |
|
264 | test('sufficient scope permission (check OR case by providing two scopes as arguments)', async done => {
|
265 |
|
266 | const fastify = await generateServer()
|
267 |
|
268 |
|
269 | fastify.get('/', { preHandler: [fastify.guard.scope('email', ['user:read'])] }, (req, reply) => {
|
270 |
|
271 | reply.send()
|
272 | })
|
273 |
|
274 |
|
275 | fastify.inject(
|
276 | { method: 'GET', url: '/' },
|
277 |
|
278 | (err, res) => {
|
279 |
|
280 | expect(res.payload).toBe('')
|
281 | done()
|
282 |
|
283 |
|
284 | fastify.close()
|
285 | }
|
286 | )
|
287 | })
|
288 |
|
289 |
|
290 | test('insufficient scope permission (check OR case by providing two scopes as arguments)', async done => {
|
291 |
|
292 | const fastify = await generateServer()
|
293 |
|
294 |
|
295 | fastify.get('/', { preHandler: [fastify.guard.scope('user:read', ['user:write'])] }, (req, reply) => {
|
296 |
|
297 | reply.send()
|
298 | })
|
299 |
|
300 |
|
301 | fastify.inject(
|
302 | { method: 'GET', url: '/' },
|
303 |
|
304 | (err, res) => {
|
305 |
|
306 | expect(res.statusCode).toBe(403)
|
307 | done()
|
308 |
|
309 |
|
310 | fastify.close()
|
311 | }
|
312 | )
|
313 | })
|
314 |
|
315 |
|
316 | test('sufficient role permission (only string as the argument)', async done => {
|
317 |
|
318 | const fastify = await generateServer()
|
319 |
|
320 |
|
321 | fastify.get('/', { preHandler: [fastify.guard.role('admin')] }, (req, reply) => {
|
322 |
|
323 | reply.send()
|
324 | })
|
325 |
|
326 |
|
327 | fastify.inject(
|
328 | { method: 'GET', url: '/' },
|
329 |
|
330 | (err, res) => {
|
331 |
|
332 | expect(res.payload).toBe('')
|
333 | done()
|
334 |
|
335 |
|
336 | fastify.close()
|
337 | }
|
338 | )
|
339 | })
|
340 |
|
341 |
|
342 | test('insufficient role permission (only string as the argument)', async done => {
|
343 |
|
344 | const fastify = await generateServer()
|
345 |
|
346 |
|
347 | fastify.get('/', { preHandler: [fastify.guard.role('author')] }, (req, reply) => {
|
348 |
|
349 | reply.send()
|
350 | })
|
351 |
|
352 |
|
353 | fastify.inject(
|
354 | { method: 'GET', url: '/' },
|
355 |
|
356 | (err, res) => {
|
357 |
|
358 | expect(res.statusCode).toBe(403)
|
359 | done()
|
360 |
|
361 |
|
362 | fastify.close()
|
363 | }
|
364 | )
|
365 | })
|
366 |
|
367 |
|
368 | test('sufficient scope permission (only string as the argument)', async done => {
|
369 |
|
370 | const fastify = await generateServer()
|
371 |
|
372 |
|
373 | fastify.get('/', { preHandler: [fastify.guard.scope('email')] }, (req, reply) => {
|
374 |
|
375 | reply.send()
|
376 | })
|
377 |
|
378 |
|
379 | fastify.inject(
|
380 | { method: 'GET', url: '/' },
|
381 |
|
382 | (err, res) => {
|
383 |
|
384 | expect(res.payload).toBe('')
|
385 | done()
|
386 |
|
387 |
|
388 | fastify.close()
|
389 | }
|
390 | )
|
391 | })
|
392 |
|
393 |
|
394 | test('insufficient scope permission (only string as the argument)', async done => {
|
395 |
|
396 | const fastify = await generateServer()
|
397 |
|
398 |
|
399 | fastify.get('/', { preHandler: [fastify.guard.scope('user:read')] }, (req, reply) => {
|
400 |
|
401 | reply.send()
|
402 | })
|
403 |
|
404 |
|
405 | fastify.inject(
|
406 | { method: 'GET', url: '/' },
|
407 |
|
408 | (err, res) => {
|
409 |
|
410 | expect(res.statusCode).toBe(403)
|
411 | done()
|
412 |
|
413 |
|
414 | fastify.close()
|
415 | }
|
416 | )
|
417 | })
|
418 |
|
419 |
|
420 | test('sufficient role permission', async done => {
|
421 |
|
422 | const fastify = await generateServer()
|
423 |
|
424 |
|
425 | fastify.get('/', { preHandler: [fastify.guard.role(['admin'])] }, (req, reply) => {
|
426 |
|
427 | reply.send()
|
428 | })
|
429 |
|
430 |
|
431 | fastify.inject(
|
432 | { method: 'GET', url: '/' },
|
433 |
|
434 | (err, res) => {
|
435 |
|
436 | expect(res.payload).toBe('')
|
437 | done()
|
438 |
|
439 |
|
440 | fastify.close()
|
441 | }
|
442 | )
|
443 | })
|
444 |
|
445 |
|
446 | test('insufficient role permission', async done => {
|
447 |
|
448 | const fastify = await generateServer()
|
449 |
|
450 |
|
451 | fastify.get('/', { preHandler: [fastify.guard.role(['author'])] }, (req, reply) => {
|
452 |
|
453 | reply.send()
|
454 | })
|
455 |
|
456 |
|
457 | fastify.inject(
|
458 | { method: 'GET', url: '/' },
|
459 |
|
460 | (err, res) => {
|
461 |
|
462 | expect(res.statusCode).toBe(403)
|
463 | done()
|
464 |
|
465 |
|
466 | fastify.close()
|
467 | }
|
468 | )
|
469 | })
|
470 |
|
471 |
|
472 | test('sufficient scope permission', async done => {
|
473 |
|
474 | const fastify = await generateServer()
|
475 |
|
476 |
|
477 | fastify.get('/', { preHandler: [fastify.guard.scope(['email'])] }, (req, reply) => {
|
478 |
|
479 | reply.send()
|
480 | })
|
481 |
|
482 |
|
483 | fastify.inject(
|
484 | { method: 'GET', url: '/' },
|
485 |
|
486 | (err, res) => {
|
487 |
|
488 | expect(res.payload).toBe('')
|
489 | done()
|
490 |
|
491 |
|
492 | fastify.close()
|
493 | }
|
494 | )
|
495 | })
|
496 |
|
497 |
|
498 | test('insufficient scope permission', async done => {
|
499 |
|
500 | const fastify = await generateServer()
|
501 |
|
502 |
|
503 | fastify.get('/', { preHandler: [fastify.guard.scope(['user:read'])] }, (req, reply) => {
|
504 |
|
505 | reply.send()
|
506 | })
|
507 |
|
508 |
|
509 | fastify.inject(
|
510 | { method: 'GET', url: '/' },
|
511 |
|
512 | (err, res) => {
|
513 |
|
514 | expect(res.statusCode).toBe(403)
|
515 | done()
|
516 |
|
517 |
|
518 | fastify.close()
|
519 | }
|
520 | )
|
521 | })
|
522 |
|
523 |
|
524 | test('sufficient role and scope permissions', async done => {
|
525 |
|
526 | const fastify = await generateServer()
|
527 |
|
528 |
|
529 | fastify.get(
|
530 | '/',
|
531 | {
|
532 | preHandler: [
|
533 | fastify.guard.role(['admin']),
|
534 | fastify.guard.scope(['email'])
|
535 | ]
|
536 | },
|
537 | (req, reply) => {
|
538 |
|
539 | reply.send()
|
540 | }
|
541 | )
|
542 |
|
543 |
|
544 | fastify.inject(
|
545 | { method: 'GET', url: '/' },
|
546 |
|
547 | (err, res) => {
|
548 |
|
549 | expect(res.payload).toBe('')
|
550 | done()
|
551 |
|
552 |
|
553 | fastify.close()
|
554 | }
|
555 | )
|
556 | })
|
557 |
|
558 |
|
559 | test('insufficient role and scope permissions', async done => {
|
560 |
|
561 | const fastify = await generateServer()
|
562 |
|
563 |
|
564 | fastify.get(
|
565 | '/',
|
566 | {
|
567 | preHandler: [
|
568 | fastify.guard.role(['author']),
|
569 | fastify.guard.scope(['user:read'])
|
570 | ]
|
571 | },
|
572 | (req, reply) => {
|
573 |
|
574 | reply.send()
|
575 | }
|
576 | )
|
577 |
|
578 |
|
579 | fastify.inject(
|
580 | { method: 'GET', url: '/' },
|
581 |
|
582 | (err, res) => {
|
583 |
|
584 | expect(res.statusCode).toBe(403)
|
585 | done()
|
586 |
|
587 |
|
588 | fastify.close()
|
589 | }
|
590 | )
|
591 | })
|
592 |
|
593 |
|
594 | test('sufficient role and insufficient scope permissions', async done => {
|
595 |
|
596 | const fastify = await generateServer()
|
597 |
|
598 |
|
599 | fastify.get(
|
600 | '/',
|
601 | {
|
602 | preHandler: [
|
603 | fastify.guard.role(['admin']),
|
604 | fastify.guard.scope(['user:read'])
|
605 | ]
|
606 | },
|
607 | (req, reply) => {
|
608 |
|
609 | reply.send()
|
610 | }
|
611 | )
|
612 |
|
613 |
|
614 | fastify.inject(
|
615 | { method: 'GET', url: '/' },
|
616 |
|
617 | (err, res) => {
|
618 |
|
619 | expect(res.statusCode).toBe(403)
|
620 | done()
|
621 |
|
622 |
|
623 | fastify.close()
|
624 | }
|
625 | )
|
626 | })
|
627 |
|
628 |
|
629 | test('insufficient role and sufficient scope permissions', async done => {
|
630 |
|
631 | const fastify = await generateServer()
|
632 |
|
633 |
|
634 | fastify.get(
|
635 | '/',
|
636 | {
|
637 | preHandler: [
|
638 | fastify.guard.role(['author']),
|
639 | fastify.guard.scope(['email'])
|
640 | ]
|
641 | },
|
642 | (req, reply) => {
|
643 |
|
644 | reply.send()
|
645 | }
|
646 | )
|
647 |
|
648 |
|
649 | fastify.inject(
|
650 | { method: 'GET', url: '/' },
|
651 |
|
652 | (err, res) => {
|
653 |
|
654 | expect(res.statusCode).toBe(403)
|
655 | done()
|
656 |
|
657 |
|
658 | fastify.close()
|
659 | }
|
660 | )
|
661 | })
|
662 |
|
663 |
|
664 | test('wrong argument error', async done => {
|
665 |
|
666 | const fastify = await generateServer()
|
667 |
|
668 |
|
669 | fastify.get('/', { preHandler: [fastify.guard.role(true)] }, (req, reply) => {
|
670 |
|
671 | reply.send()
|
672 | })
|
673 |
|
674 |
|
675 | fastify.inject(
|
676 | { method: 'GET', url: '/' },
|
677 |
|
678 | (err, res) => {
|
679 |
|
680 | expect(res.statusCode).toBe(500)
|
681 | done()
|
682 |
|
683 |
|
684 | fastify.close()
|
685 | }
|
686 | )
|
687 | })
|
688 |
|
689 |
|
690 | test('custom error handler (sufficient case)', async done => {
|
691 |
|
692 | const fastify = await generateServer({
|
693 | errorHandler: (result, req, reply) => {
|
694 | return reply.send('custom error handler works!')
|
695 | }
|
696 | })
|
697 |
|
698 |
|
699 | fastify.get('/', { preHandler: [fastify.guard.role(['admin'])] }, (req, reply) => {
|
700 |
|
701 | reply.send()
|
702 | })
|
703 |
|
704 |
|
705 | fastify.inject(
|
706 | { method: 'GET', url: '/' },
|
707 |
|
708 | (err, res) => {
|
709 |
|
710 | expect(res.payload).toBe('')
|
711 | done()
|
712 |
|
713 |
|
714 | fastify.close()
|
715 | }
|
716 | )
|
717 | })
|
718 |
|
719 |
|
720 | test('custom error handler (insufficient case)', async done => {
|
721 |
|
722 | const fastify = await generateServer({
|
723 | errorHandler: (result, req, reply) => {
|
724 | return reply.send('custom error handler works!')
|
725 | }
|
726 | })
|
727 |
|
728 |
|
729 | fastify.get('/', { preHandler: [fastify.guard.scope(['user:read'])] }, (req, reply) => {
|
730 |
|
731 | reply.send()
|
732 | })
|
733 |
|
734 |
|
735 | fastify.inject(
|
736 | { method: 'GET', url: '/' },
|
737 |
|
738 | (err, res) => {
|
739 |
|
740 | expect(res.payload).toBe('custom error handler works!')
|
741 | done()
|
742 |
|
743 |
|
744 | fastify.close()
|
745 | }
|
746 | )
|
747 | })
|