From 62b97ca828f39b829ca0e7696869a1c4677c0082 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ivar=20Conradi=20=C3=98sthus?= <ivarconr@gmail.com>
Date: Sat, 8 Jun 2019 12:50:59 +0200
Subject: [PATCH] fix: none authentication should have a mock user (#449)

This also fix the bug introduces where authentication mode triggers readOnly mode in the UI.
---
 lib/app.js                               |  5 ++++
 lib/middleware/no-authentication.js      | 12 ++++++++++
 lib/middleware/no-authentication.test.js | 30 ++++++++++++++++++++++++
 test/e2e/api/admin/feature.e2e.test.js   |  2 +-
 4 files changed, 48 insertions(+), 1 deletion(-)
 create mode 100644 lib/middleware/no-authentication.js
 create mode 100644 lib/middleware/no-authentication.test.js

diff --git a/lib/app.js b/lib/app.js
index 493b6e0b1f..72358b7e88 100644
--- a/lib/app.js
+++ b/lib/app.js
@@ -11,6 +11,7 @@ const unleashSession = require('./middleware/session');
 const responseTime = require('./middleware/response-time');
 const requestLogger = require('./middleware/request-logger');
 const simpleAuthentication = require('./middleware/simple-authentication');
+const noAuthentication = require('./middleware/no-authentication');
 
 module.exports = function(config) {
     const app = express();
@@ -42,6 +43,10 @@ module.exports = function(config) {
         simpleAuthentication(baseUriPath, app);
     }
 
+    if (config.adminAuthentication === 'none') {
+        noAuthentication(baseUriPath, app);
+    }
+
     if (typeof config.preRouterHook === 'function') {
         config.preRouterHook(app);
     }
diff --git a/lib/middleware/no-authentication.js b/lib/middleware/no-authentication.js
new file mode 100644
index 0000000000..3b4a9e9861
--- /dev/null
+++ b/lib/middleware/no-authentication.js
@@ -0,0 +1,12 @@
+'use strict';
+
+const User = require('../user');
+
+function noneAuthentication(basePath = '', app) {
+    app.use(`${basePath}/api/admin/`, (req, res, next) => {
+        req.user = new User({ email: 'none@unknown.com' });
+        next();
+    });
+}
+
+module.exports = noneAuthentication;
diff --git a/lib/middleware/no-authentication.test.js b/lib/middleware/no-authentication.test.js
new file mode 100644
index 0000000000..ce7d4f30c7
--- /dev/null
+++ b/lib/middleware/no-authentication.test.js
@@ -0,0 +1,30 @@
+'use strict';
+
+const test = require('ava');
+const supertest = require('supertest');
+const express = require('express');
+const noAuthentication = require('./no-authentication');
+
+test('should add dummy user object to all requests', t => {
+    t.plan(1);
+
+    const app = express();
+    noAuthentication('', app);
+    app.get('/api/admin/test', (req, res) => {
+        const user = Object.assign({}, req.user);
+
+        return res
+            .status(200)
+            .json(user)
+            .end();
+    });
+    const request = supertest(app);
+
+    return request
+        .get('/api/admin/test')
+        .expect(200)
+        .expect(res => {
+            console.log(res.body);
+            t.true(res.body.email === 'none@unknown.com');
+        });
+});
diff --git a/test/e2e/api/admin/feature.e2e.test.js b/test/e2e/api/admin/feature.e2e.test.js
index a7ea8903cf..1799d54069 100644
--- a/test/e2e/api/admin/feature.e2e.test.js
+++ b/test/e2e/api/admin/feature.e2e.test.js
@@ -91,7 +91,7 @@ test.serial('creates new feature toggle with createdBy unknown', async t => {
     await request
         .get('/api/admin/events')
         .expect(res => {
-            t.true(res.body.events[0].createdBy === 'unknown');
+            t.true(res.body.events[0].createdBy === 'none@unknown.com');
         })
         .then(destroy);
 });