UNPKG

unleash-server

Version:

Unleash is an enterprise ready feature toggles service. It provides different strategies for handling feature toggles.

github.com/unleash/unleash

unleash/unleash

135 lines 4.87 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
"use strict"; var __importDefault = (this && this.__importDefault) || function (mod) { return (mod && mod.__esModule) ? mod : { "default": mod }; }; Object.defineProperty(exports, "__esModule", { value: true }); const test_helper_1 = require("../../helpers/test-helper"); const database_init_1 = __importDefault(require("../../helpers/database-init")); const no_logger_1 = __importDefault(require("../../../fixtures/no-logger")); const api_token_1 = require("../../../../lib/types/models/api-token"); const model_1 = require("../../../../lib/types/model"); let stores; let db; beforeAll(async () => { db = await (0, database_init_1.default)('token_api_auth_serial', no_logger_1.default); stores = db.stores; }); afterAll(async () => { if (db) { await db.destroy(); } }); afterEach(async () => { await stores.apiTokenStore.deleteAll(); }); test('editor users should only get client tokens', async () => { expect.assertions(2); const preHook = (app, config, { userService, accessService }) => { app.use('/api/admin/', async (req, res, next) => { const role = await accessService.getRootRole(model_1.RoleName.EDITOR); const user = await userService.createUser({ email: 'editor@example.com', rootRole: role.id, }); req.user = user; next(); }); }; const { request, destroy } = await (0, test_helper_1.setupAppWithCustomAuth)(stores, preHook); await stores.apiTokenStore.insert({ username: 'test', secret: '1234', type: api_token_1.ApiTokenType.CLIENT, }); await stores.apiTokenStore.insert({ username: 'test', secret: 'sdfsdf2d', type: api_token_1.ApiTokenType.ADMIN, }); await request .get('/api/admin/api-tokens') .expect('Content-Type', /json/) .expect(200) .expect((res) => { expect(res.body.tokens.length).toBe(1); expect(res.body.tokens[0].type).toBe(api_token_1.ApiTokenType.CLIENT); }); await destroy(); }); test('viewer users should not be allowed to fetch tokens', async () => { expect.assertions(0); const preHook = (app, config, { userService, accessService }) => { app.use('/api/admin/', async (req, res, next) => { const role = await accessService.getRootRole(model_1.RoleName.VIEWER); const user = await userService.createUser({ email: 'viewer@example.com', rootRole: role.id, }); req.user = user; next(); }); }; const { request, destroy } = await (0, test_helper_1.setupAppWithCustomAuth)(stores, preHook); await stores.apiTokenStore.insert({ username: 'test', secret: '1234', type: api_token_1.ApiTokenType.CLIENT, }); await stores.apiTokenStore.insert({ username: 'test', secret: 'sdfsdf2d', type: api_token_1.ApiTokenType.ADMIN, }); await request .get('/api/admin/api-tokens') .expect('Content-Type', /json/) .expect(403); await destroy(); }); test('Only token-admins should be allowed to create token', async () => { expect.assertions(0); const preHook = (app, config, { userService, accessService }) => { app.use('/api/admin/', async (req, res, next) => { const role = await accessService.getRootRole(model_1.RoleName.EDITOR); req.user = await userService.createUser({ email: 'editor2@example.com', rootRole: role.id, }); next(); }); }; const { request, destroy } = await (0, test_helper_1.setupAppWithCustomAuth)(stores, preHook); await request .post('/api/admin/api-tokens') .send({ username: 'default-admin', type: 'admin', }) .set('Content-Type', 'application/json') .expect(403); await destroy(); }); test('Token-admin should be allowed to create token', async () => { expect.assertions(0); const preHook = (app, config, { userService, accessService }) => { app.use('/api/admin/', async (req, res, next) => { const role = await accessService.getRootRole(model_1.RoleName.ADMIN); req.user = await userService.createUser({ email: 'admin@example.com', rootRole: role.id, }); next(); }); }; const { request, destroy } = await (0, test_helper_1.setupAppWithCustomAuth)(stores, preHook); await request .post('/api/admin/api-tokens') .send({ username: 'default-admin', type: 'admin', }) .set('Content-Type', 'application/json') .expect(201); await destroy(); }); //# sourceMappingURL=api-token.auth.e2e.test.js.map