Feat/allow admin login using demo auth

frontend/src/component/user/DemoAuth/DemoAuth.tsx

@@ -63,7 +63,7 @@ const DemoAuth: VFC<IDemoAuthProps> = ({ authDetails, redirect }) => {
                         id='email'
                         data-testid={LOGIN_EMAIL_ID}
                         required
-                        type='email'
+                        type={email === 'admin' ? 'text' : 'email'}
                     />
 
                     <Button

src/lib/__snapshots__/create-config.test.ts.snap

@@ -17,6 +17,7 @@ exports[`should create default config 1`] = `
   "authentication": {
     "createAdminUser": true,
     "customAuthHandler": [Function],
+    "demoAllowAdminLogin": false,
     "enableApiToken": true,
     "initApiTokens": [],
     "initialAdminUser": {

src/lib/create-config.test.ts

@@ -226,6 +226,11 @@ test('should handle cases where no env var specified for tokens', async () => {
     expect(config.authentication.initApiTokens).toHaveLength(1);
 });
 
+test('should default demo admin login to false', async () => {
+    const config = createConfig({});
+    expect(config.authentication.demoAllowAdminLogin).toBeFalsy();
+});
+
 test('should load environment overrides from env var', async () => {
     process.env.ENABLED_ENVIRONMENTS = 'default,production';
 

src/lib/create-config.ts

@@ -271,6 +271,10 @@ const defaultVersionOption: IVersionOption = {
 };
 
 const defaultAuthentication: IAuthOption = {
+    demoAllowAdminLogin: parseEnvVarBoolean(
+        process.env.AUTH_DEMO_ALLOW_ADMIN_LOGIN,
+        false,
+    ),
     enableApiToken: parseEnvVarBoolean(process.env.AUTH_ENABLE_API_TOKEN, true),
     type: authTypeFromString(process.env.AUTH_TYPE),
     customAuthHandler: defaultCustomAuthDenyAll,

src/lib/middleware/demo-authentication.e2e.test.ts

@@ -0,0 +1,73 @@
+import dbInit from '../../test/e2e/helpers/database-init';
+import { IAuthType } from '../server-impl';
+import { setupAppWithCustomAuth } from '../../test/e2e/helpers/test-helper';
+import type { ITestDb } from '../../test/e2e/helpers/database-init';
+import type { IUnleashStores } from '../types';
+
+let db: ITestDb;
+let stores: IUnleashStores;
+
+beforeAll(async () => {
+    db = await dbInit('demo_auth_serial');
+    stores = db.stores;
+});
+
+afterAll(async () => {
+    await db?.destroy();
+});
+
+const getApp = (adminLoginEnabled: boolean) =>
+    setupAppWithCustomAuth(stores, () => {}, {
+        authentication: {
+            demoAllowAdminLogin: adminLoginEnabled,
+            type: IAuthType.DEMO,
+            createAdminUser: true,
+        },
+    });
+
+test('the demoAllowAdminLogin flag should not affect regular user login/creation', async () => {
+    const app = await getApp(true);
+    return app.request
+        .post(`/auth/demo/login`)
+        .send({ email: '[email protected]' })
+        .expect(200)
+        .expect((res) => {
+            expect(res.body.email).toBe('[email protected]');
+            expect(res.body.id).not.toBe(1);
+        });
+});
+
+test('if the demoAllowAdminLogin flag is disabled, using `admin` should have the same result as any other invalid email', async () => {
+    const app = await getApp(false);
+
+    const nonAdminUsername = 'not-an-email';
+    const adminUsername = 'admin';
+
+    const nonAdminUser = await app.request
+        .post(`/auth/demo/login`)
+        .send({ email: nonAdminUsername });
+
+    const adminUser = await app.request
+        .post(`/auth/demo/login`)
+        .send({ email: adminUsername });
+
+    expect(nonAdminUser.status).toBe(adminUser.status);
+
+    for (const user of [nonAdminUser, adminUser]) {
+        expect(user.body).toMatchObject({
+            error: expect.stringMatching(/^Could not sign in with /),
+        });
+    }
+});
+
+test('should allow you to login as admin if the demoAllowAdminLogin flag enabled', async () => {
+    const app = await getApp(true);
+    return app.request
+        .post(`/auth/demo/login`)
+        .send({ email: 'admin' })
+        .expect(200)
+        .expect((res) => {
+            expect(res.body.id).toBe(1);
+            expect(res.body.username).toBe('admin');
+        });
+});

src/lib/middleware/demo-authentication.ts

@@ -4,7 +4,7 @@
 import type { IUnleashConfig } from '../types/option';
 import ApiUser from '../types/api-user';
 import { ApiTokenType } from '../types/models/api-token';
-import type { IAuthRequest } from '../server-impl';
+import type { IAuthRequest, IUser } from '../server-impl';
 import type { IApiRequest } from '../routes/unleash-types';
 import { encrypt } from '../util';
 
@@ -17,27 +17,32 @@
         flagResolver,
     }: Pick<IUnleashConfig, 'authentication' | 'flagResolver'>,
 ): void {
     app.post(`${basePath}/auth/demo/login`, async (req: IAuthRequest, res) => {
         let { email } = req.body;
-        email = flagResolver.isEnabled('encryptEmails', { email })
-            ? encrypt(email)
-            : email;
+        let user: IUser;
+
         try {
-            const user = await userService.loginUserWithoutPassword(
-                email,
-                true,
-            );
+            if (authentication.demoAllowAdminLogin && email === 'admin') {
+                user = await userService.loginDemoAuthDefaultAdmin();
+            } else {
+                email = flagResolver.isEnabled('encryptEmails', { email })
+                    ? encrypt(email)
+                    : email;
+
+                user = await userService.loginUserWithoutPassword(email, true);
+            }
+
             req.session.user = user;
             return res.status(200).json(user);
         } catch (e) {
             res.status(400)
                 .json({ error: `Could not sign in with ${email}` })
                 .end();
         }
     });
 
     app.use(`${basePath}/api/admin/`, (req: IAuthRequest, res, next) => {
-        if (req.session.user?.email) {
+        if (req.session.user?.email || req.session.user?.username === 'admin') {
             req.user = req.session.user;
         }
         next();

src/lib/services/user-service.ts

@@ -379,6 +379,12 @@ class UserService {
         return user;
     }
 
+    async loginDemoAuthDefaultAdmin(): Promise<IUser> {
+        const user = await this.store.getByQuery({ id: 1 });
+        await this.store.successfullyLogin(user);
+        return user;
+    }
+
     async changePassword(userId: number, password: string): Promise<void> {
         this.validatePassword(password);
         const passwordHash = await bcrypt.hash(password, saltRounds);

src/lib/types/option.ts

@@ -67,6 +67,7 @@ export type CustomAuthHandler = (
 ) => void;
 
 export interface IAuthOption {
+    demoAllowAdminLogin?: boolean;
     enableApiToken: boolean;
     type: IAuthType;
     customAuthHandler?: CustomAuthHandler;