Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add use auth middleware #19

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

Add use auth middleware #19

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
44ef90e
Add useAuth function to authenticate specific routers
Apr 22, 2019
3808c55
Merge branch 'master' into use-auth
Apr 23, 2019
9610ef0
Fix current tests
Apr 23, 2019
c608c51
Feedbacks
May 1, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
34 changes: 24 additions & 10 deletions index.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,8 @@ const _isEmpty = require('lodash/isEmpty'),
{ setDb } = require('./services/storage'),
{ setBus } = require('./controllers/users');

let authMiddlewares = [];

/**
* determine if a route is protected
* protected routes are ?edit=true and any method other than GET
Expand Down Expand Up @@ -165,7 +167,9 @@ function init({ router, providers, store, site, storage, bus }) {
setDb(storage);
setBus(bus);

const currentProviders = getProviders(providers, site);
const currentProviders = getProviders(providers, site),
protectRoutesMiddleware = protectRoutes(site),
checkAuthenticationMiddleware = checkAuthentication(site);

pedro-rosario marked this conversation as resolved.
Show resolved Hide resolved
strategyService.createStrategy(providers, site); // allow mocking this in tests

Expand All @@ -175,25 +179,35 @@ function init({ router, providers, store, site, storage, bus }) {
router.use(passport.session());
router.use(flash());

// protect routes
router.use(protectRoutes(site));
authMiddlewares = [
// handle de-authentication errors. This occurs when a user is logged in
// and someone removes them as a user. We need to catch the error
protectRoutesMiddleware,
checkAuthenticationMiddleware,
addUser
];

// add authorization routes
// note: these (and the provider routes) are added here,
// rather than as route controllers in lib/routes/
router.get('/_auth/login', onLogin(site, currentProviders));
router.get('/_auth/logout', onLogout(site));
router.get('/_auth/login', protectRoutesMiddleware, onLogin(site, currentProviders), checkAuthenticationMiddleware, addUser);
router.get('/_auth/logout', protectRoutesMiddleware, onLogout(site), checkAuthenticationMiddleware, addUser);
strategyService.addAuthRoutes(providers, router, site); // allow mocking this in tests

// handle de-authentication errors. This occurs when a user is logged in
// and someone removes them as a user. We need to catch the error
router.use(checkAuthentication(site));
router.use(addUser);

return currentProviders; // for testing/verification
}

/**
* Adds authentication middlewares to the router
*
* @param {Object} router
*/
function useAuth(router) {
authMiddlewares.forEach(middleware => router.use(middleware));
}

module.exports = init;
module.exports.useAuth = useAuth;
module.exports.withAuthLevel = withAuthLevel;
module.exports.authLevels = AUTH_LEVELS;
module.exports.addRoutes = require('./routes/_users');
Expand Down
25 changes: 19 additions & 6 deletions index.test.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ describe(_startCase(filename), function () {
const fn = lib[this.description];

it('is true if edit mode', function () {
expect(fn({ query: { edit: true }})).toEqual(true);
expect(fn({ query: { edit: true } })).toEqual(true);
});

it('is true if POST to api', function () {
Expand Down Expand Up @@ -67,7 +67,7 @@ describe(_startCase(filename), function () {

describe('checkAuthentication', function () {
const fn = lib[this.description],
cb = fn({ path: '/foo', prefix: 'domain.com/foo', port: '80'});
cb = fn({ path: '/foo', prefix: 'domain.com/foo', port: '80' });

it('calls `next` if no error', function () {
const nextSpy = jest.fn();
Expand Down Expand Up @@ -172,16 +172,18 @@ describe(_startCase(filename), function () {

lib(options);

// Should call router use 7 times to set the required middlewares
expect(router.use).toBeCalledTimes(7);
// Should call router use 4 times to set the required middlewares
expect(router.use).toBeCalledTimes(4);
});

it('should add authorization routes', function () {
const middlewares = Array(4).fill(expect.any(Function));

lib(options);

expect(router.get).toBeCalledTimes(2);
expect(router.get).toBeCalledWith('/_auth/login', expect.any(Function));
expect(router.get).toBeCalledWith('/_auth/logout', expect.any(Function));
expect(router.get).toBeCalledWith('/_auth/login', ...middlewares);
expect(router.get).toBeCalledWith('/_auth/logout', ...middlewares);
});
});

Expand All @@ -199,4 +201,15 @@ describe(_startCase(filename), function () {
expect(next).toBeCalled();
});
});

describe('useAuth', function () {
const fn = lib[this.description];

it('should add the middlewares to the router', function () {
const router = { use: jest.fn() };

fn(router);
expect(router.use).toBeCalledTimes(3);
});
});
});
1 change: 1 addition & 0 deletions package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@
"connect-redis": "^3.4.0",
"express-flash": "0.0.2",
"express-session": "^1.15.6",
"lodash": "^4.17.11",
"passport": "^0.3.2",
"passport-google-oauth": "^1.0.0",
"passport-http-header-token": "^1.1.0",
Expand Down