1
0
mirror of https://github.com/Foltik/Shimapan synced 2025-01-07 08:42:49 -05:00

Add banned field and tests to User

This commit is contained in:
Jack Foltz 2018-08-12 05:30:50 -04:00
parent e0eacf5ff9
commit b8d40032ca
Signed by: foltik
GPG Key ID: 303F88F996E95541
5 changed files with 76 additions and 7 deletions

View File

@ -33,6 +33,15 @@ const UserSchema = mongoose.Schema({
date: {
type: Date,
default: Date.now
},
banned: {
type: Boolean,
default: false,
expires: {
type: Date,
default: null
}
}
});

View File

@ -115,8 +115,8 @@ router.post('/logout', function (req, res) {
router.get('/whoami', requireAuth(), (req, res) => {
res.status(200).json({
user: req.username,
display: req.displayname,
username: req.username,
displayname: req.displayname,
scope: req.scope,
key: req.key
});

View File

@ -1,5 +1,6 @@
const ModelPath = '../models/';
const Key = require(ModelPath + 'Key.js');
const User = require(ModelPath + 'User.js');
const wrap = require('./wrap.js');
const verifyScope = require('./verifyScope.js');
@ -35,7 +36,8 @@ const checkKey = async (req, scope, status) => {
// Middleware that checks for authentication by either API key or session
// sets req.username, req.displayname, req.scope, and req.key if authenticated properly,
// otherwise throws an error code
// otherwise throws an error code.
// If the user is banned, also throw an error.
const requireAuth = scope =>
wrap(async (req, res, next) => {
const status = {
@ -53,7 +55,12 @@ const requireAuth = scope =>
return res.status(401).json({message: 'Unauthorized.'});
else if (!status.permission)
return res.status(403).json({message: 'Forbidden.'});
else
// Check if the user is banned
const user = await User.findOne({username: req.username});
if(user && user.banned)
return res.status(403).json({message: 'Forbidden.'});
next();
});

View File

@ -186,6 +186,56 @@ describe('Authentication', () => {
);
});
});
describe('/POST whoami', () => {
function verifyWhoami(res, username, displayname, scope, key) {
res.should.have.status(200);
res.body.should.be.a('object');
res.body.should.have.property('username').equal(username);
res.body.should.have.property('displayname').equal(displayname);
res.body.should.have.property('scope').deep.equal(scope);
res.body.should.have.property('key').equal(key);
}
describe('0 Valid Request', () => {
it('must respond with a valid session', async () => {
await util.createTestSession(agent);
const res = await util.whoami(agent);
verifyWhoami(res, 'user', 'user', ['file.upload'], null);
return util.logout(agent);
});
it('must respond with a valid api key', async () => {
await util.createTestKey(['file.upload']);
const res = await util.whoami(agent, 'key');
verifyWhoami(res, 'Mocha', 'Mocha', ['file.upload'], 'key');
});
});
describe('1 Invalid Auth', () => {
it('must not respond with an invalid session', async () => {
const res = await util.whoami(agent);
util.verifyResponse(res, 401, 'Unauthorized.');
});
it('must not respond with a banned user with a valid session', async () => {
await util.createTestSession(agent);
await util.setBanned('user', true);
const res = await util.whoami(agent);
util.verifyResponse(res, 403, 'Forbidden.');
});
it('must not respond with a banned users api key', async () => {
await util.createTestUser(agent);
await Promise.all([
util.setBanned('user', true),
util.insertKey({key: 'key', identifier: 'test', scope: ['file.upload'], issuer: 'user'})
]);
const res = await util.whoami(agent, 'key');
util.verifyResponse(res, 403, 'Forbidden.');
});
});
});
});
describe('Uploading', () => {

View File

@ -44,6 +44,9 @@ exports.insertInvite = invite =>
exports.insertKey = key =>
Key.create(key);
exports.setBanned = (username, banned) =>
User.updateOne({username: username}, {banned: banned});
//---------------- API ROUTES ----------------//
exports.login = (credentials, agent) =>
@ -57,9 +60,9 @@ exports.registerUser = (user, agent) =>
agent.post('/api/auth/register')
.send(user);
exports.whoami = (agent) =>
exports.whoami = (agent, key) =>
agent.get('/api/auth/whoami')
.send();
.send({key: key});
//---------------- TEST ENTRY CREATION ----------------//