openhim-core
Version:
The OpenHIM core application that provides logging and routing of http requests
375 lines (374 loc) • 14.1 kB
HTML
<html lang="en">
<head>
<title>Code coverage report for src/api/authentication.coffee</title>
<meta charset="utf-8" />
<link rel="stylesheet" href="../../prettify.css" />
<link rel="stylesheet" href="../../base.css" />
<meta name="viewport" content="width=device-width, initial-scale=1">
<style type='text/css'>
.coverage-summary .sorter {
background-image: url(../../sort-arrow-sprite.png);
}
</style>
</head>
<body>
<div class='wrapper'>
<div class='pad1'>
<h1>
<a href="../../index.html">All files</a> / <a href="index.html">src/api</a> authentication.coffee
</h1>
<div class='clearfix'>
<div class='fl pad1y space-right2'>
<span class="strong">22.81% </span>
<span class="quiet">Statements</span>
<span class='fraction'>13/57</span>
</div>
<div class='fl pad1y space-right2'>
<span class="strong">0% </span>
<span class="quiet">Branches</span>
<span class='fraction'>0/14</span>
</div>
<div class='fl pad1y space-right2'>
<span class="strong">0% </span>
<span class="quiet">Functions</span>
<span class='fraction'>0/5</span>
</div>
<div class='fl pad1y space-right2'>
<span class="strong">22.81% </span>
<span class="quiet">Lines</span>
<span class='fraction'>13/57</span>
</div>
</div>
</div>
<div class='status-line low'></div>
<pre><table class="coverage">
<tr><td class="line-count quiet">1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104</td><td class="line-coverage quiet"><span class="cline-any cline-yes">1x</span>
<span class="cline-any cline-yes">1x</span>
<span class="cline-any cline-yes">1x</span>
<span class="cline-any cline-yes">1x</span>
<span class="cline-any cline-yes">1x</span>
<span class="cline-any cline-yes">1x</span>
<span class="cline-any cline-yes">1x</span>
<span class="cline-any cline-yes">1x</span>
<span class="cline-any cline-yes">1x</span>
<span class="cline-any cline-yes">1x</span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-yes">1x</span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-yes">1x</span>
<span class="cline-any cline-no"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-yes">1x</span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-no"> </span>
<span class="cline-any cline-no"> </span>
<span class="cline-any cline-no"> </span>
<span class="cline-any cline-no"> </span>
<span class="cline-any cline-no"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-no"> </span>
<span class="cline-any cline-no"> </span>
<span class="cline-any cline-no"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-no"> </span>
<span class="cline-any cline-no"> </span>
<span class="cline-any cline-no"> </span>
<span class="cline-any cline-no"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-no"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-no"> </span>
<span class="cline-any cline-no"> </span>
<span class="cline-any cline-no"> </span>
<span class="cline-any cline-no"> </span>
<span class="cline-any cline-no"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-no"> </span>
<span class="cline-any cline-no"> </span>
<span class="cline-any cline-no"> </span>
<span class="cline-any cline-no"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-no"> </span>
<span class="cline-any cline-no"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-no"> </span>
<span class="cline-any cline-no"> </span>
<span class="cline-any cline-no"> </span>
<span class="cline-any cline-no"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-no"> </span>
<span class="cline-any cline-no"> </span>
<span class="cline-any cline-no"> </span>
<span class="cline-any cline-no"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-no"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-no"> </span>
<span class="cline-any cline-no"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-no"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-no"> </span>
<span class="cline-any cline-no"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-no"> </span>
<span class="cline-any cline-no"> </span>
<span class="cline-any cline-no"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-no"> </span>
<span class="cline-any cline-no"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-neutral"> </span></td><td class="text"><pre class="prettyprint lang-js">User = require('../model/users').User
crypto = require 'crypto'
logger = require 'winston'
config = require "../config/config"
config.api = config.get('api')
config.auditing = config.get('auditing')
atna = require 'atna-audit'
auditing = require '../auditing'
os = require 'os'
himSourceID = config.auditing.auditEvents.auditSourceID
# will NOT audit any successful logins on the following paths (specified as regex patterns)
# only 'noisy' endpoints should be included, such as heartbeats or endpoints that get polled
#
# /transactions is treated as a special case - see below
auditingExemptPaths = [
/\/tasks/
/\/events.*/
/\/metrics.*/
/\/mediators\/.*\/heartbeat/
/\/audits/
/\/logs/
]
isUndefOrEmpty = <span class="fstat-no" title="function not covered" >(</span>string) ->
<span class="cstat-no" title="statement not covered" > return not string? or string is '</span>'
exports.authenticate = <span class="fstat-no" title="function not covered" >(</span>next) ->
<span class="cstat-no" title="statement not covered" > header = this.request.h</span>eader
<span class="cstat-no" title="statement not covered" > email = header['</span>auth-username']
<span class="cstat-no" title="statement not covered" > authTS = header['</span>auth-ts']
<span class="cstat-no" title="statement not covered" > authSalt = header['</span>auth-salt']
<span class="cstat-no" title="statement not covered" > authToken = header['</span>auth-token']
<span class="cstat-no" title="statement not covered" > auditAuthFailure = <span class="fstat-no" title="function not covered" ></span>-</span>>
<span class="cstat-no" title="statement not covered" > audit = a</span>tna.userLoginAudit atna.OUTCOME_SERIOUS_FAILURE, himSourceID, os.hostname(), email
<span class="cstat-no" title="statement not covered" > audit = a</span>tna.wrapInSyslog audit
auditing.sendAuditEvent audit, <span class="fstat-no" title="function not covered" ></span>-> logger.debug 'Processed internal audit'
# if any of the required headers aren't present
if isUndefOrEmpty(email) or isUndefOrEmpty(authTS) or isUndefOrEmpty(authSalt) or isUndefOrEmpty(authToken)
<span class="cstat-no" title="statement not covered" > logger.info "API request made by #{email} from #{this.request.host} is missing required API authentication headers, denying access"</span>
<span class="cstat-no" title="statement not covered" > this.status = 4</span>01
<span class="cstat-no" title="statement not covered" > auditAuthFailure()</span>
<span class="cstat-no" title="statement not covered" > return</span>
# check if request is recent
<span class="cstat-no" title="statement not covered" > requestDate = new D</span>ate Date.parse authTS
<span class="cstat-no" title="statement not covered" > authWindowSeconds = config.api.authWindowSeconds ? 1</span>0
<span class="cstat-no" title="statement not covered" > to = new D</span>ate()
<span class="cstat-no" title="statement not covered" > to.setSeconds(to.getSeconds() + authWindowSeconds)</span>
<span class="cstat-no" title="statement not covered" > from = new D</span>ate()
<span class="cstat-no" title="statement not covered" > from.setSeconds(from.getSeconds() - authWindowSeconds)</span>
if requestDate < from or requestDate > to
# request expired
<span class="cstat-no" title="statement not covered" > logger.info "API request made by #{email} from #{this.request.host} has expired, denying access"</span>
<span class="cstat-no" title="statement not covered" > this.status = 4</span>01
<span class="cstat-no" title="statement not covered" > auditAuthFailure()</span>
<span class="cstat-no" title="statement not covered" > return</span>
<span class="cstat-no" title="statement not covered" > user = y</span>ield User.findOne(email: email).exec()
<span class="cstat-no" title="statement not covered" > this.authenticated = u</span>ser
if not user
# not authenticated - user not found
<span class="cstat-no" title="statement not covered" > logger.info "No user exists for #{email}, denying access to API, request originated from #{this.request.host}"</span>
<span class="cstat-no" title="statement not covered" > this.status = 4</span>01
<span class="cstat-no" title="statement not covered" > auditAuthFailure()</span>
<span class="cstat-no" title="statement not covered" > return</span>
<span class="cstat-no" title="statement not covered" > hash = c</span>rypto.createHash 'sha512'
<span class="cstat-no" title="statement not covered" > hash.update user.passwordHash</span>
<span class="cstat-no" title="statement not covered" > hash.update authSalt</span>
<span class="cstat-no" title="statement not covered" > hash.update authTS</span>
if authToken is hash.digest 'hex'
# authenticated
if this.path is '/transactions'
<span class="cstat-no" title="statement not covered" > if not this.query.filterRepresentation or this.query.filterRepresentation isnt 'full'</span>
# exempt from auditing success
<span class="cstat-no" title="statement not covered" > yield next</span>
<span class="cstat-no" title="statement not covered" > return</span>
else
<span class="cstat-no" title="statement not covered" > for pathTest in auditingExemptPaths</span>
if pathTest.test this.path
# exempt from auditing success
<span class="cstat-no" title="statement not covered" > yield next</span>
<span class="cstat-no" title="statement not covered" > return</span>
# send audit
<span class="cstat-no" title="statement not covered" > audit = a</span>tna.userLoginAudit atna.OUTCOME_SUCCESS, himSourceID, os.hostname(), email, user.groups.join(','), user.groups.join(',')
<span class="cstat-no" title="statement not covered" > audit = a</span>tna.wrapInSyslog audit
<span class="cstat-no" title="statement not covered" > auditing.sendAuditEvent audit, <span class="fstat-no" title="function not covered" ></span>-> logger.debug 'Processed internal audit'</span>
yield next
else
# not authenticated - token mismatch
<span class="cstat-no" title="statement not covered" > logger.info "API token did not match expected value, denying access to API, the request was made by #{email} from #{this.request.host}"</span>
<span class="cstat-no" title="statement not covered" > this.status = 4</span>01
auditAuthFailure()
</pre></td></tr>
</table></pre>
<div class='push'></div><!-- for sticky footer -->
</div><!-- /wrapper -->
<div class='footer quiet pad2 space-top1 center small'>
Code coverage
generated by <a href="http://istanbul-js.org/" target="_blank">istanbul</a> at Mon Oct 10 2016 13:39:22 GMT+0200 (SAST)
</div>
</div>
<script src="../../prettify.js"></script>
<script>
window.onload = function () {
if (typeof prettyPrint === 'function') {
prettyPrint();
}
};
</script>
<script src="../../sorter.js"></script>
</body>
</html>