UNPKG

@infomaker/service-authorization-lib

Version:

IMID Service Authorization Library

184 lines (175 loc) 4.19 kB
const testData = { ORG_A: 'test-org-a', ORG_B: 'test-org-b', UNIT_A: 'test-unit-a', UNIT_B: 'test-unit-b', UNIT_C: 'test-unit-c', PERMISSION_A: 'test:permission-a', PERMISSION_B: 'test:permission-b', UNIT_A_PERMISSION: 'test:unit-a-permission', UNIT_B_PERMISSION: 'test:unit-b-permission', SUB_A: 'test-sub-a', SUB_B: 'test-sub-b', ORG_GROUP_A: 'Test group A', ORG_GROUP_B: 'Test group B', VALID_SERVICE_TOKEN_SIGN_SECRET: 'valid', SERVICE_ADMIN_INFOMAKER_GROUP: 'Infomaker ID', AUTH_MODE_SERVICE_ADMIN_ENDPOINT: 'SERVICE_ADMIN_ENDPOINT', AUTH_MODE_OPEN_ENDPOINT: 'OPEN_ENDPOINT', AUTH_MODE_AUTHENTICATED_ENDPOINT: 'AUTHENTICATED_ENDPOINT', ERRORS: { UNAUTHORIZED: { STATUS_CODE: 401, MESSAGE: 'Unauthorized' }, FORBIDDEN: { STATUS_CODE: 403, MESSAGE: 'Access denied' } } } testData.validatorPayloads = [ { shouldValidate: true, description: 'serviceAdminOnly', payload: testData.AUTH_MODE_SERVICE_ADMIN_ENDPOINT }, { shouldValidate: true, description: 'org, false unit, accessRules (sub)', payload: { org: 'test-org', accessRules: [{ sub: 'test_xxxx' }] } }, { shouldValidate: true, description: 'org, accessRules (unit, sub)', payload: { org: 'test-org', accessRules: [{ unit: 'test-unit', sub: 'test_xxxx' }] } }, { shouldValidate: true, description: 'org, false unit, accessRules (permission)', payload: { org: 'test-org', accessRules: [{ permission: 'test:perform-task' }] } }, { shouldValidate: true, description: 'org, accessRules (unit, permission)', payload: { org: 'test-org', accessRules: [{ unit: 'test-unit', permission: 'test:perform-task' }] } }, { shouldValidate: true, description: 'org accessRules (unit)', payload: { org: 'test-org', accessRules: [{ unit: 'test-unit' }] } }, { shouldValidate: true, description: 'only org', payload: { org: 'test-org' } }, { shouldValidate: false, description: 'missing org, accessRules (permission)', payload: { accessRules: [{ permission: 'test:perform-task' }] } }, { shouldValidate: false, description: 'missing org, accessRules (permission)', payload: { accessRules: [{ unit: 'test-unit' }] } }, { shouldValidate: false, description: 'missing org, accessRules (sub)', payload: { accessRules: [{ sub: 'test_xxxx' }] } } ] testData.VALID_SERVICE_TOKEN_PAYLOAD_A = { org: testData.ORG_A, sub: testData.SUB_A, permissions: { org: [testData.PERMISSION_A], units: { [testData.UNIT_A]: [ testData.UNIT_A_PERMISSION ], [testData.UNIT_B]: [ testData.UNIT_B_PERMISSION ] } }, serviceAdmin: false } testData.VALID_SERVICE_TOKEN_PAYLOAD_B = { org: testData.ORG_B, sub: testData.SUB_A, permissions: { org: [testData.PERMISSION_A], units: {} }, serviceAdmin: false } testData.VALID_SERVICE_TOKEN_PAYLOAD_SERVICE_ADMIN = { org: testData.ORG_A, sub: testData.SUB_A, permissions: { org: [testData.PERMISSION_A], units: {} }, service_admin: true } testData.VALID_SERVICE_TOKEN_PAYLOAD_A_EMPTY_PERMISSIONS = { org: testData.ORG_A, sub: testData.SUB_A, permissions: { org: [], units: {} } } testData.artifactReasons = { SERVICE_ADMIN_MATCH: 'Authorized: Service admin rule matched', ORG_RULE_MATCH: 'Authorized: Matching org and access rule (for locked down endpoint)', NO_ACCESS_RULES: 'Authorized: Valid serviceToken for open endpoint', NO_SERVICE_TOKEN_NO_ACCESS_RULES: 'Open endpoint and no serviceToken', AUTHENTICATED_ENDPOINT: 'Authorized: Valid serviceToken for authenticated endpoint', ORG_MATCH: 'Authorized: Org matched org and no accessRules exists (locked down endpoint)', FALSE_ORG_MATCHING_ACCESS_RULES: 'Authorized: Matching access rule and false org (for locked down endpoint)' } module.exports = testData