fix: none authentication should have a mock user (#449)

This also fix the bug introduces where authentication mode triggers readOnly mode in the UI.

lib/app.js

@@ -11,6 +11,7 @@ const unleashSession = require('./middleware/session');
 const responseTime = require('./middleware/response-time');
 const requestLogger = require('./middleware/request-logger');
 const simpleAuthentication = require('./middleware/simple-authentication');
+const noAuthentication = require('./middleware/no-authentication');
 
 module.exports = function(config) {
     const app = express();
@@ -42,6 +43,10 @@ module.exports = function(config) {
         simpleAuthentication(baseUriPath, app);
     }
 
+    if (config.adminAuthentication === 'none') {
+        noAuthentication(baseUriPath, app);
+    }
+
     if (typeof config.preRouterHook === 'function') {
         config.preRouterHook(app);
     }

lib/middleware/no-authentication.js

@@ -0,0 +1,12 @@
+'use strict';
+
+const User = require('../user');
+
+function noneAuthentication(basePath = '', app) {
+    app.use(`${basePath}/api/admin/`, (req, res, next) => {
+        req.user = new User({ email: 'none@unknown.com' });
+        next();
+    });
+}
+
+module.exports = noneAuthentication;

lib/middleware/no-authentication.test.js

@@ -0,0 +1,30 @@
+'use strict';
+
+const test = require('ava');
+const supertest = require('supertest');
+const express = require('express');
+const noAuthentication = require('./no-authentication');
+
+test('should add dummy user object to all requests', t => {
+    t.plan(1);
+
+    const app = express();
+    noAuthentication('', app);
+    app.get('/api/admin/test', (req, res) => {
+        const user = Object.assign({}, req.user);
+
+        return res
+            .status(200)
+            .json(user)
+            .end();
+    });
+    const request = supertest(app);
+
+    return request
+        .get('/api/admin/test')
+        .expect(200)
+        .expect(res => {
+            console.log(res.body);
+            t.true(res.body.email === 'none@unknown.com');
+        });
+});

test/e2e/api/admin/feature.e2e.test.js

@@ -91,7 +91,7 @@ test.serial('creates new feature toggle with createdBy unknown', async t => {
     await request
         .get('/api/admin/events')
         .expect(res => {
-            t.true(res.body.events[0].createdBy === 'unknown');
+            t.true(res.body.events[0].createdBy === 'none@unknown.com');
         })
         .then(destroy);
 });