Fix key limit check and add test

2024-11-30 14:31:42 -05:00 · 2018-08-13 06:13:47 -04:00 · 2018-08-13 06:13:47 -04:00 · d28ce97ff5
commit d28ce97ff5
parent b941da93e1
2 changed files with 16 additions and 1 deletions
--- a/app/routes/api/keys.js
+++ b/app/routes/api/keys.js
@ -15,7 +15,7 @@ const createParams = [
    {name: 'identifier', type: 'string', sanitize: true},
    {name: 'scope', instance: Array}];
 router.post('/create', requireAuth('key.create'), bodyVerifier(createParams), wrap(async (req, res) => {
-    const keyCount = await Key.countDocuments({username: req.username});
+    const keyCount = await Key.countDocuments({issuer: req.username});
    if (keyCount >= config.get('Key.limit'))
        return res.status(403).json({message: 'Key limit reached.'});

--- a/test/api.js
+++ b/test/api.js
@ -687,6 +687,21 @@ describe('Keys', () => {
                util.verifyResponse(res, 403, 'Requested scope exceeds own scope.');
            });
        });
+
+        describe('2 Key Limit', () => {
+            it('must not create additional keys beyond the limit', async () => {
+                await util.createSession(agent, ['key.create', 'file.upload']);
+                const limit = config.get('Key.limit');
+
+                // Create keys upto the limit (key0, key1, key2, ...)
+                await Promise.all(
+                    [...Array(limit)]
+                        .map(idx => util.createKey({identifier: 'key' + idx, scope: ['file.upload']}, agent)));
+
+                const res = await util.createKey({identifier: 'toomany', scope: ['file.upload']}, agent);
+                util.verifyResponse(res, 403, 'Key limit reached.');
+            });
+        });
    });

    describe('/POST delete', () => {