unleash.unleash/src/lib/middleware/api-token-middleware.test.ts

import test from 'ava';

import sinon from 'sinon';

import apiTokenMiddleware from './api-token-middleware';
import getLogger from '../../test/fixtures/no-logger';
import { CLIENT } from '../permissions';
import { createTestConfig } from '../../test/config/test-config';
import ApiUser from '../types/api-user';

let config: any;

test.beforeEach(() => {
    config = {
        getLogger,
        authentication: {
            enableApiToken: true,
        },
    };
});

test('should not do anything if request does not contain a authorization', async t => {
    const apiTokenService = {
        getUserForToken: sinon.fake(),
    };

    const func = apiTokenMiddleware(config, { apiTokenService });

    const cb = sinon.fake();

    const req = {
        header: sinon.fake(),
    };

    await func(req, undefined, cb);

    t.true(req.header.calledOnce);
    t.true(cb.calledOnce);
});

test('should not add user if unknown token', async t => {
    const apiTokenService = {
        getUserForToken: sinon.fake(),
    };

    const func = apiTokenMiddleware(config, { apiTokenService });

    const cb = sinon.fake();

    const req = {
        header: sinon.fake.returns('some-token'),
        user: undefined,
    };

    await func(req, undefined, cb);

    t.true(cb.called);
    t.true(req.header.called);
    t.falsy(req.user);
});

test('should add user if unknown token', async t => {
    const apiUser = new ApiUser({
        username: 'default',
        permissions: [CLIENT],
    });
    const apiTokenService = {
        getUserForToken: sinon.fake.returns(apiUser),
    };

    const func = apiTokenMiddleware(config, { apiTokenService });

    const cb = sinon.fake();

    const req = {
        header: sinon.fake.returns('some-known-token'),
        user: undefined,
    };

    await func(req, undefined, cb);

    t.true(cb.called);
    t.true(req.header.called);
    t.is(req.user, apiUser);
});

test('should not add user if disabled', async t => {
    const apiUser = new ApiUser({
        username: 'default',
        permissions: [CLIENT],
    });
    const apiTokenService = {
        getUserForToken: sinon.fake.returns(apiUser),
    };

    const disabledConfig = createTestConfig({
        getLogger,
        authentication: {
            enableApiToken: false,
            createAdminUser: false,
        },
    });

    const func = apiTokenMiddleware(disabledConfig, { apiTokenService });

    const cb = sinon.fake();

    const req = {
        header: sinon.fake.returns('some-known-token'),
        user: undefined,
    };

    await func(req, undefined, cb);

    t.true(cb.called);
    t.falsy(req.user);
});

test('should call next if apiTokenService throws', async t => {
    getLogger.setMuteError(true);
    const apiTokenService = {
        getUserForToken: () => {
            throw new Error('hi there, i am stupid');
        },
    };

    const func = apiTokenMiddleware(config, { apiTokenService });

    const cb = sinon.fake();

    const req = {
        header: sinon.fake.returns('some-token'),
        user: undefined,
    };

    await func(req, undefined, cb);

    t.true(cb.called);
    getLogger.setMuteError(false);
});

test('should call next if apiTokenService throws x2', async t => {
    const apiTokenService = {
        getUserForToken: () => {
            throw new Error('hi there, i am stupid');
        },
    };

    const func = apiTokenMiddleware(config, { apiTokenService });

    const cb = sinon.fake();

    const req = {
        header: sinon.fake.returns('some-token'),
        user: undefined,
    };

    await func(req, undefined, cb);

    t.true(cb.called);
});
Feat: Api-Tokens (#774) fixes: #774 2021-03-29 19:58:11 +02:00			`import test from 'ava';`

			`import sinon from 'sinon';`

			`import apiTokenMiddleware from './api-token-middleware';`
			`import getLogger from '../../test/fixtures/no-logger';`
			`import { CLIENT } from '../permissions';`
fix: convert AUTH_TYPE to uppercase (#797) Make sure we support both `AUTH_TYPE=demo` and `AUTH_TYPE=DEMO` Co-authored-by: Christopher Kolstad <chriswk@getunleash.ai> 2021-04-22 15:04:08 +02:00			`import { createTestConfig } from '../../test/config/test-config';`
fix: User should require a ID field set (#799) 2021-04-22 23:40:52 +02:00			`import ApiUser from '../types/api-user';`
Feat: Api-Tokens (#774) fixes: #774 2021-03-29 19:58:11 +02:00
			`let config: any;`

			`test.beforeEach(() => {`
			`config = {`
			`getLogger,`
			`authentication: {`
			`enableApiToken: true,`
			`},`
			`};`
			`});`

			`test('should not do anything if request does not contain a authorization', async t => {`
			`const apiTokenService = {`
			`getUserForToken: sinon.fake(),`
			`};`

			`const func = apiTokenMiddleware(config, { apiTokenService });`

			`const cb = sinon.fake();`

			`const req = {`
			`header: sinon.fake(),`
			`};`

			`await func(req, undefined, cb);`

			`t.true(req.header.calledOnce);`
			`t.true(cb.calledOnce);`
			`});`

			`test('should not add user if unknown token', async t => {`
			`const apiTokenService = {`
			`getUserForToken: sinon.fake(),`
			`};`

			`const func = apiTokenMiddleware(config, { apiTokenService });`

			`const cb = sinon.fake();`

			`const req = {`
			`header: sinon.fake.returns('some-token'),`
			`user: undefined,`
			`};`

			`await func(req, undefined, cb);`

			`t.true(cb.called);`
			`t.true(req.header.called);`
			`t.falsy(req.user);`
			`});`

			`test('should add user if unknown token', async t => {`
fix: User should require a ID field set (#799) 2021-04-22 23:40:52 +02:00			`const apiUser = new ApiUser({`
Feat: Api-Tokens (#774) fixes: #774 2021-03-29 19:58:11 +02:00			`username: 'default',`
			`permissions: [CLIENT],`
			`});`
			`const apiTokenService = {`
			`getUserForToken: sinon.fake.returns(apiUser),`
			`};`

			`const func = apiTokenMiddleware(config, { apiTokenService });`

			`const cb = sinon.fake();`

			`const req = {`
			`header: sinon.fake.returns('some-known-token'),`
			`user: undefined,`
			`};`

			`await func(req, undefined, cb);`

			`t.true(cb.called);`
			`t.true(req.header.called);`
			`t.is(req.user, apiUser);`
			`});`

			`test('should not add user if disabled', async t => {`
fix: User should require a ID field set (#799) 2021-04-22 23:40:52 +02:00			`const apiUser = new ApiUser({`
Feat: Api-Tokens (#774) fixes: #774 2021-03-29 19:58:11 +02:00			`username: 'default',`
			`permissions: [CLIENT],`
			`});`
			`const apiTokenService = {`
			`getUserForToken: sinon.fake.returns(apiUser),`
			`};`

fix: convert AUTH_TYPE to uppercase (#797) Make sure we support both `AUTH_TYPE=demo` and `AUTH_TYPE=DEMO` Co-authored-by: Christopher Kolstad <chriswk@getunleash.ai> 2021-04-22 15:04:08 +02:00			`const disabledConfig = createTestConfig({`
Feat: Api-Tokens (#774) fixes: #774 2021-03-29 19:58:11 +02:00			`getLogger,`
			`authentication: {`
			`enableApiToken: false,`
feat: Add username/password authentication (#777) 2021-04-09 13:46:53 +02:00			`createAdminUser: false,`
Feat: Api-Tokens (#774) fixes: #774 2021-03-29 19:58:11 +02:00			`},`
Feat/options need types (#794) feat: options are now typed - This makes it easier to know what to send to unleash.start / unleash.create - Using a Partial to instantiate the config, then melding it with defaults to get a config object with all fields set either to their defaults or to whatever is passed in. Co-authored-by: Fredrik Strand Oseberg <fredrik.no@gmail.com> Co-authored-by: Ivar Conradi Østhus <ivarconr@gmail.com> 2021-04-22 10:07:10 +02:00			`});`
Feat: Api-Tokens (#774) fixes: #774 2021-03-29 19:58:11 +02:00
			`const func = apiTokenMiddleware(disabledConfig, { apiTokenService });`

			`const cb = sinon.fake();`

			`const req = {`
			`header: sinon.fake.returns('some-known-token'),`
			`user: undefined,`
			`};`

			`await func(req, undefined, cb);`

			`t.true(cb.called);`
			`t.falsy(req.user);`
			`});`

			`test('should call next if apiTokenService throws', async t => {`
			`getLogger.setMuteError(true);`
			`const apiTokenService = {`
			`getUserForToken: () => {`
			`throw new Error('hi there, i am stupid');`
			`},`
			`};`

			`const func = apiTokenMiddleware(config, { apiTokenService });`

			`const cb = sinon.fake();`

			`const req = {`
			`header: sinon.fake.returns('some-token'),`
			`user: undefined,`
			`};`

			`await func(req, undefined, cb);`

			`t.true(cb.called);`
			`getLogger.setMuteError(false);`
			`});`

			`test('should call next if apiTokenService throws x2', async t => {`
			`const apiTokenService = {`
			`getUserForToken: () => {`
			`throw new Error('hi there, i am stupid');`
			`},`
			`};`

			`const func = apiTokenMiddleware(config, { apiTokenService });`

			`const cb = sinon.fake();`

			`const req = {`
			`header: sinon.fake.returns('some-token'),`
			`user: undefined,`
			`};`

			`await func(req, undefined, cb);`

			`t.true(cb.called);`
			`});`