Mirrors/unleash.unleash
1
0
Fork 0
mirror of https://github.com/Unleash/unleash.git synced 2024-10-18 20:09:08 +02:00
Code Issues Projects Releases Wiki Activity
3a65847aa7
unleash.unleash/src/lib/middleware/rbac-middleware.test.ts
Christopher Kolstad 3a65847aa7
Migrate to jest (#854) 
* Migrate to jest
* Use --force-exit until dns close handle issue https://github.com/facebook/jest/issues/9982

Co-authored-by: Ivar Conradi Østhus <ivarconr@gmail.com>
2021-05-28 11:10:24 +02:00

305 lines
7.7 KiB
TypeScript
Raw Blame History

import rbacMiddleware from './rbac-middleware';
import ffStore from '../../test/fixtures/fake-feature-toggle-store';
import User from '../types/user';
import * as perms from '../types/permissions';
import { IUnleashConfig } from '../types/option';
import { createTestConfig } from '../../test/config/test-config';
import ApiUser from '../types/api-user';
let config: IUnleashConfig;
let featureToggleStore: any;
beforeEach(() => {
featureToggleStore = ffStore();
config = createTestConfig();
});
test('should add checkRbac to request', () => {
const accessService = {
hasPermission: jest.fn(),
};
const func = rbacMiddleware(config, { featureToggleStore }, accessService);
const cb = jest.fn();
const req = jest.fn();
func(req, undefined, cb);
// @ts-ignore
expect(req.checkRbac).toBeTruthy();
// @ts-ignore
expect(typeof req.checkRbac).toBe('function');
});
test('should give api-user ADMIN permission', async () => {
const accessService = {
hasPermission: jest.fn(),
};
const func = rbacMiddleware(config, { featureToggleStore }, accessService);
const cb = jest.fn();
const req: any = {
user: new ApiUser({
username: 'api',
permissions: [perms.ADMIN],
}),
};
func(req, undefined, cb);
const hasAccess = await req.checkRbac(perms.ADMIN);
expect(hasAccess).toBe(true);
});
test('should not give api-user ADMIN permission', async () => {
const accessService = {
hasPermission: jest.fn(),
};
const func = rbacMiddleware(config, { featureToggleStore }, accessService);
const cb = jest.fn();
const req: any = {
user: new ApiUser({
username: 'api',
permissions: [perms.CLIENT],
}),
};
func(req, undefined, cb);
const hasAccess = await req.checkRbac(perms.ADMIN);
expect(hasAccess).toBe(false);
expect(accessService.hasPermission).toHaveBeenCalledTimes(0);
});
test('should not allow user to miss userId', async () => {
const accessService = {
hasPermission: jest.fn(),
};
const func = rbacMiddleware(config, { featureToggleStore }, accessService);
const cb = jest.fn();
const req: any = {
user: {
username: 'user',
},
};
func(req, undefined, cb);
const hasAccess = await req.checkRbac(perms.ADMIN);
expect(hasAccess).toBe(false);
});
test('should return false for missing user', async () => {
const accessService = {
hasPermission: jest.fn(),
};
const func = rbacMiddleware(config, { featureToggleStore }, accessService);
const cb = jest.fn();
const req: any = {};
func(req, undefined, cb);
const hasAccess = await req.checkRbac(perms.ADMIN);
expect(hasAccess).toBe(false);
expect(accessService.hasPermission).toHaveBeenCalledTimes(0);
});
test('should verify permission for root resource', async () => {
const accessService = {
hasPermission: jest.fn(),
};
const func = rbacMiddleware(config, { featureToggleStore }, accessService);
const cb = jest.fn();
const req: any = {
user: new User({
username: 'user',
id: 1,
}),
params: {},
};
func(req, undefined, cb);
await req.checkRbac(perms.ADMIN);
expect(accessService.hasPermission).toHaveBeenCalledTimes(1);
expect(accessService.hasPermission).toHaveBeenCalledWith(
req.user,
perms.ADMIN,
undefined,
);
});
test('should lookup projectId from params', async () => {
const accessService = {
hasPermission: jest.fn(),
};
const func = rbacMiddleware(config, { featureToggleStore }, accessService);
const cb = jest.fn();
const req: any = {
user: new User({
username: 'user',
id: 1,
}),
params: {
projectId: 'some-proj',
},
};
func(req, undefined, cb);
await req.checkRbac(perms.UPDATE_PROJECT);
expect(accessService.hasPermission).toHaveBeenCalledWith(
req.user,
perms.UPDATE_PROJECT,
req.params.projectId,
);
});
test('should lookup projectId from feature toggle', async () => {
const projectId = 'some-project-33';
const featureName = 'some-feature-toggle';
const accessService = {
hasPermission: jest.fn(),
};
featureToggleStore.getProjectId = jest.fn().mockReturnValue(projectId);
const func = rbacMiddleware(config, { featureToggleStore }, accessService);
const cb = jest.fn();
const req: any = {
user: new User({
username: 'user',
id: 1,
}),
params: {
featureName,
},
};
func(req, undefined, cb);
await req.checkRbac(perms.UPDATE_FEATURE);
expect(accessService.hasPermission).toHaveBeenCalledWith(
req.user,
perms.UPDATE_FEATURE,
projectId,
);
expect(featureToggleStore.getProjectId.mock.calls[0][0]).toBe(featureName);
});
test('should lookup projectId from data', async () => {
const projectId = 'some-project-33';
const featureName = 'some-feature-toggle';
const accessService = {
hasPermission: jest.fn(),
};
const func = rbacMiddleware(config, { featureToggleStore }, accessService);
const cb = jest.fn();
const req: any = {
user: new User({
username: 'user',
id: 1,
}),
params: {},
body: {
featureName,
project: projectId,
},
};
func(req, undefined, cb);
await req.checkRbac(perms.CREATE_FEATURE);
expect(accessService.hasPermission).toHaveBeenCalledWith(
req.user,
perms.CREATE_FEATURE,
projectId,
);
});
test('Need access to UPDATE_FEATURE on the project you change to', async () => {
const oldProjectId = 'some-project-34';
const newProjectId = 'some-project-35';
const featureName = 'some-feature-toggle';
const accessService = {
hasPermission: jest.fn().mockReturnValue(true),
};
featureToggleStore.getProjectId = jest.fn().mockReturnValue(oldProjectId);
const func = rbacMiddleware(config, { featureToggleStore }, accessService);
const cb = jest.fn();
const req: any = {
user: new User({ username: 'user', id: 1 }),
params: { featureName },
body: { featureName, project: newProjectId },
};
func(req, undefined, cb);
await req.checkRbac(perms.UPDATE_FEATURE);
expect(accessService.hasPermission).toHaveBeenCalledTimes(2);
expect(accessService.hasPermission).toHaveBeenNthCalledWith(
1,
req.user,
perms.UPDATE_FEATURE,
oldProjectId,
);
expect(accessService.hasPermission).toHaveBeenNthCalledWith(
2,
req.user,
perms.UPDATE_FEATURE,
newProjectId,
);
});
test('Does not double check permission if not changing project when updating toggle', async () => {
const oldProjectId = 'some-project-34';
const featureName = 'some-feature-toggle';
const accessService = {
hasPermission: jest.fn().mockReturnValue(true),
};
featureToggleStore.getProjectId = jest.fn().mockReturnValue(oldProjectId);
const func = rbacMiddleware(config, { featureToggleStore }, accessService);
const cb = jest.fn();
const req: any = {
user: new User({ username: 'user', id: 1 }),
params: { featureName },
body: { featureName, project: oldProjectId },
};
func(req, undefined, cb);
await req.checkRbac(perms.UPDATE_FEATURE);
expect(accessService.hasPermission).toHaveBeenCalledTimes(1);
expect(accessService.hasPermission).toHaveBeenCalledWith(
req.user,
perms.UPDATE_FEATURE,
oldProjectId,
);
});
Reference in New Issue View Git Blame Copy Permalink