foltik/shimapan
1
0
Fork 0
mirror of https://github.com/Foltik/Shimapan synced 2025-01-07 08:42:49 -05:00
Code Issues Releases Wiki Activity

Add banned field and tests to User

Browse Source
This commit is contained in:
Jack Foltz 2018-08-12 05:30:50 -04:00
parent e0eacf5ff9
commit b8d40032ca
Signed by: foltik
GPG Key ID: 303F88F996E95541
5 changed files with 76 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
app/models/User.js
View File

@ -33,6 +33,15 @@ const UserSchema = mongoose.Schema({
date: { date: {
type: Date, type: Date,
default: Date.now default: Date.now
},
banned: {
type: Boolean,
default: false,
expires: {
type: Date,
default: null
}
} }
}); });

4
app/routes/api/auth.js
View File

@ -115,8 +115,8 @@ router.post('/logout', function (req, res) {
router.get('/whoami', requireAuth(), (req, res) => { router.get('/whoami', requireAuth(), (req, res) => {
res.status(200).json({ res.status(200).json({
user: req.username, username: req.username,
display: req.displayname, displayname: req.displayname,
scope: req.scope, scope: req.scope,
key: req.key key: req.key
}); });

13
app/util/auth.js
View File

@ -1,5 +1,6 @@
const ModelPath = '../models/'; const ModelPath = '../models/';
const Key = require(ModelPath + 'Key.js'); const Key = require(ModelPath + 'Key.js');
const User = require(ModelPath + 'User.js');
const wrap = require('./wrap.js'); const wrap = require('./wrap.js');
const verifyScope = require('./verifyScope.js'); const verifyScope = require('./verifyScope.js');
@ -35,7 +36,8 @@ const checkKey = async (req, scope, status) => {
// Middleware that checks for authentication by either API key or session // Middleware that checks for authentication by either API key or session
// sets req.username, req.displayname, req.scope, and req.key if authenticated properly, // sets req.username, req.displayname, req.scope, and req.key if authenticated properly,
// otherwise throws an error code // otherwise throws an error code.
// If the user is banned, also throw an error.
const requireAuth = scope => const requireAuth = scope =>
wrap(async (req, res, next) => { wrap(async (req, res, next) => {
const status = { const status = {
@ -53,8 +55,13 @@ const requireAuth = scope =>
return res.status(401).json({message: 'Unauthorized.'}); return res.status(401).json({message: 'Unauthorized.'});
else if (!status.permission) else if (!status.permission)
return res.status(403).json({message: 'Forbidden.'}); return res.status(403).json({message: 'Forbidden.'});
else
next(); // Check if the user is banned
const user = await User.findOne({username: req.username});
if(user && user.banned)
return res.status(403).json({message: 'Forbidden.'});
next();
}); });
module.exports.checkSession = checkSession; module.exports.checkSession = checkSession;

50
test/api.js
View File

@ -186,6 +186,56 @@ describe('Authentication', () => {
); );
}); });
}); });
describe('/POST whoami', () => {
function verifyWhoami(res, username, displayname, scope, key) {
res.should.have.status(200);
res.body.should.be.a('object');
res.body.should.have.property('username').equal(username);
res.body.should.have.property('displayname').equal(displayname);
res.body.should.have.property('scope').deep.equal(scope);
res.body.should.have.property('key').equal(key);
}
describe('0 Valid Request', () => {
it('must respond with a valid session', async () => {
await util.createTestSession(agent);
const res = await util.whoami(agent);
verifyWhoami(res, 'user', 'user', ['file.upload'], null);
return util.logout(agent);
});
it('must respond with a valid api key', async () => {
await util.createTestKey(['file.upload']);
const res = await util.whoami(agent, 'key');
verifyWhoami(res, 'Mocha', 'Mocha', ['file.upload'], 'key');
});
});
describe('1 Invalid Auth', () => {
it('must not respond with an invalid session', async () => {
const res = await util.whoami(agent);
util.verifyResponse(res, 401, 'Unauthorized.');
});
it('must not respond with a banned user with a valid session', async () => {
await util.createTestSession(agent);
await util.setBanned('user', true);
const res = await util.whoami(agent);
util.verifyResponse(res, 403, 'Forbidden.');
});
it('must not respond with a banned users api key', async () => {
await util.createTestUser(agent);
await Promise.all([
util.setBanned('user', true),
util.insertKey({key: 'key', identifier: 'test', scope: ['file.upload'], issuer: 'user'})
]);
const res = await util.whoami(agent, 'key');
util.verifyResponse(res, 403, 'Forbidden.');
});
});
});
}); });
describe('Uploading', () => { describe('Uploading', () => {

7
test/testUtil.js
View File

@ -44,6 +44,9 @@ exports.insertInvite = invite =>
exports.insertKey = key => exports.insertKey = key =>
Key.create(key); Key.create(key);
exports.setBanned = (username, banned) =>
User.updateOne({username: username}, {banned: banned});
//---------------- API ROUTES ----------------// //---------------- API ROUTES ----------------//
exports.login = (credentials, agent) => exports.login = (credentials, agent) =>
@ -57,9 +60,9 @@ exports.registerUser = (user, agent) =>
agent.post('/api/auth/register') agent.post('/api/auth/register')
.send(user); .send(user);
exports.whoami = (agent) => exports.whoami = (agent, key) =>
agent.get('/api/auth/whoami') agent.get('/api/auth/whoami')
.send(); .send({key: key});
//---------------- TEST ENTRY CREATION ----------------// //---------------- TEST ENTRY CREATION ----------------//