@infomaker/service-authorization-lib
Version:
IMID Service Authorization Library
184 lines (175 loc) • 4.19 kB
JavaScript
const testData = {
ORG_A: 'test-org-a',
ORG_B: 'test-org-b',
UNIT_A: 'test-unit-a',
UNIT_B: 'test-unit-b',
UNIT_C: 'test-unit-c',
PERMISSION_A: 'test:permission-a',
PERMISSION_B: 'test:permission-b',
UNIT_A_PERMISSION: 'test:unit-a-permission',
UNIT_B_PERMISSION: 'test:unit-b-permission',
SUB_A: 'test-sub-a',
SUB_B: 'test-sub-b',
ORG_GROUP_A: 'Test group A',
ORG_GROUP_B: 'Test group B',
VALID_SERVICE_TOKEN_SIGN_SECRET: 'valid',
SERVICE_ADMIN_INFOMAKER_GROUP: 'Infomaker ID',
AUTH_MODE_SERVICE_ADMIN_ENDPOINT: 'SERVICE_ADMIN_ENDPOINT',
AUTH_MODE_OPEN_ENDPOINT: 'OPEN_ENDPOINT',
AUTH_MODE_AUTHENTICATED_ENDPOINT: 'AUTHENTICATED_ENDPOINT',
ERRORS: {
UNAUTHORIZED: {
STATUS_CODE: 401,
MESSAGE: 'Unauthorized'
},
FORBIDDEN: {
STATUS_CODE: 403,
MESSAGE: 'Access denied'
}
}
}
testData.validatorPayloads = [
{
shouldValidate: true,
description: 'serviceAdminOnly',
payload: testData.AUTH_MODE_SERVICE_ADMIN_ENDPOINT
},
{
shouldValidate: true,
description: 'org, false unit, accessRules (sub)',
payload: {
org: 'test-org',
accessRules: [{
sub: 'test_xxxx'
}]
}
},
{
shouldValidate: true,
description: 'org, accessRules (unit, sub)',
payload: {
org: 'test-org',
accessRules: [{
unit: 'test-unit',
sub: 'test_xxxx'
}]
}
},
{
shouldValidate: true,
description: 'org, false unit, accessRules (permission)',
payload: {
org: 'test-org',
accessRules: [{
permission: 'test:perform-task'
}]
}
},
{
shouldValidate: true,
description: 'org, accessRules (unit, permission)',
payload: {
org: 'test-org',
accessRules: [{
unit: 'test-unit',
permission: 'test:perform-task'
}]
}
},
{
shouldValidate: true,
description: 'org accessRules (unit)',
payload: {
org: 'test-org',
accessRules: [{
unit: 'test-unit'
}]
}
},
{
shouldValidate: true,
description: 'only org',
payload: {
org: 'test-org'
}
},
{
shouldValidate: false,
description: 'missing org, accessRules (permission)',
payload: {
accessRules: [{
permission: 'test:perform-task'
}]
}
},
{
shouldValidate: false,
description: 'missing org, accessRules (permission)',
payload: {
accessRules: [{
unit: 'test-unit'
}]
}
},
{
shouldValidate: false,
description: 'missing org, accessRules (sub)',
payload: {
accessRules: [{
sub: 'test_xxxx'
}]
}
}
]
testData.VALID_SERVICE_TOKEN_PAYLOAD_A = {
org: testData.ORG_A,
sub: testData.SUB_A,
permissions: {
org: [testData.PERMISSION_A],
units: {
[testData.UNIT_A]: [
testData.UNIT_A_PERMISSION
],
[testData.UNIT_B]: [
testData.UNIT_B_PERMISSION
]
}
},
serviceAdmin: false
}
testData.VALID_SERVICE_TOKEN_PAYLOAD_B = {
org: testData.ORG_B,
sub: testData.SUB_A,
permissions: {
org: [testData.PERMISSION_A],
units: {}
},
serviceAdmin: false
}
testData.VALID_SERVICE_TOKEN_PAYLOAD_SERVICE_ADMIN = {
org: testData.ORG_A,
sub: testData.SUB_A,
permissions: {
org: [testData.PERMISSION_A],
units: {}
},
service_admin: true
}
testData.VALID_SERVICE_TOKEN_PAYLOAD_A_EMPTY_PERMISSIONS = {
org: testData.ORG_A,
sub: testData.SUB_A,
permissions: {
org: [],
units: {}
}
}
testData.artifactReasons = {
SERVICE_ADMIN_MATCH: 'Authorized: Service admin rule matched',
ORG_RULE_MATCH: 'Authorized: Matching org and access rule (for locked down endpoint)',
NO_ACCESS_RULES: 'Authorized: Valid serviceToken for open endpoint',
NO_SERVICE_TOKEN_NO_ACCESS_RULES: 'Open endpoint and no serviceToken',
AUTHENTICATED_ENDPOINT: 'Authorized: Valid serviceToken for authenticated endpoint',
ORG_MATCH: 'Authorized: Org matched org and no accessRules exists (locked down endpoint)',
FALSE_ORG_MATCHING_ACCESS_RULES: 'Authorized: Matching access rule and false org (for locked down endpoint)'
}
module.exports = testData