2018-06-14 20:17:54 -07:00
|
|
|
/* jslint node:true */
|
|
|
|
|
/* global it:false */
|
|
|
|
|
/* global describe:false */
|
|
|
|
|
/* global before:false */
|
|
|
|
|
/* global after:false */
|
|
|
|
|
|
|
|
|
|
'use strict';
|
|
|
|
|
|
|
|
|
|
var accesscontrol = require('../accesscontrol.js'),
|
|
|
|
|
expect = require('expect.js');
|
|
|
|
|
|
|
|
|
|
describe('access control', function () {
|
2018-06-17 22:42:18 -07:00
|
|
|
describe('canonicalScopeString', function () {
|
2018-06-14 20:17:54 -07:00
|
|
|
it('only * scope', function () {
|
2018-06-17 22:42:18 -07:00
|
|
|
expect(accesscontrol.canonicalScopeString('*')).to.be(accesscontrol.VALID_SCOPES.join(','));
|
2018-06-14 20:17:54 -07:00
|
|
|
});
|
|
|
|
|
|
2018-06-17 22:42:18 -07:00
|
|
|
it('identity for non-*', function () {
|
2018-06-27 14:07:25 -07:00
|
|
|
expect(accesscontrol.canonicalScopeString('foo,bar')).to.be('bar,foo'); // becomes sorted
|
2018-06-14 20:17:54 -07:00
|
|
|
});
|
|
|
|
|
});
|
2018-06-14 16:28:09 -07:00
|
|
|
|
2018-06-17 22:38:14 -07:00
|
|
|
describe('intersectScopes', function () { // args: allowed, wanted
|
2018-06-14 16:28:09 -07:00
|
|
|
it('both are same', function () {
|
2018-06-27 23:17:04 -07:00
|
|
|
expect(accesscontrol.intersectScopes([ 'apps', 'clients' ], [ 'apps', 'clients' ])).to.eql([ 'apps', 'clients' ]);
|
2018-06-14 16:28:09 -07:00
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('some are different', function () {
|
2018-06-27 23:17:04 -07:00
|
|
|
expect(accesscontrol.intersectScopes([ 'apps' ], [ 'apps', 'clients' ])).to.eql(['apps']);
|
2018-06-17 22:38:14 -07:00
|
|
|
expect(accesscontrol.intersectScopes([ 'clients', 'domains', 'mail' ], [ 'mail' ])).to.eql(['mail']);
|
2018-06-14 16:28:09 -07:00
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('everything is different', function () {
|
2018-06-27 23:17:04 -07:00
|
|
|
expect(accesscontrol.intersectScopes(['cloudron', 'domains' ], ['apps','clients'])).to.eql([]);
|
2018-06-27 14:07:25 -07:00
|
|
|
});
|
|
|
|
|
|
2018-06-27 18:08:38 -07:00
|
|
|
it('subscopes', function () {
|
2018-06-27 14:07:25 -07:00
|
|
|
expect(accesscontrol.intersectScopes(['apps:read' ], ['apps'])).to.eql(['apps:read']);
|
2018-06-27 18:08:38 -07:00
|
|
|
expect(accesscontrol.intersectScopes(['apps:read','domains','profile'], ['apps','domains:manage','profile'])).to.eql(['apps:read','domains:manage','profile']);
|
|
|
|
|
expect(accesscontrol.intersectScopes(['apps:read','domains','profile'], ['apps','apps:read'])).to.eql(['apps:read']);
|
2018-06-14 16:28:09 -07:00
|
|
|
});
|
2018-06-14 16:32:24 -07:00
|
|
|
});
|
|
|
|
|
|
2018-06-17 22:29:17 -07:00
|
|
|
describe('validateScopeString', function () {
|
2018-06-14 20:51:15 -07:00
|
|
|
it('allows valid scopes', function () {
|
2018-06-17 22:29:17 -07:00
|
|
|
expect(accesscontrol.validateScopeString('apps')).to.be(null);
|
|
|
|
|
expect(accesscontrol.validateScopeString('apps,mail')).to.be(null);
|
|
|
|
|
expect(accesscontrol.validateScopeString('apps:read,mail')).to.be(null);
|
|
|
|
|
expect(accesscontrol.validateScopeString('apps,mail:write')).to.be(null);
|
2018-06-14 20:51:15 -07:00
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('disallows invalid scopes', function () {
|
2018-06-17 22:29:17 -07:00
|
|
|
expect(accesscontrol.validateScopeString('apps, mail')).to.be.an(Error);
|
|
|
|
|
expect(accesscontrol.validateScopeString('random')).to.be.an(Error);
|
|
|
|
|
expect(accesscontrol.validateScopeString('')).to.be.an(Error);
|
2018-06-14 20:51:15 -07:00
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
2018-06-14 16:32:24 -07:00
|
|
|
describe('hasScopes', function () {
|
|
|
|
|
it('succeeds if it contains the scope', function () {
|
2018-06-17 19:54:05 -07:00
|
|
|
expect(accesscontrol.hasScopes([ 'apps' ], [ 'apps' ])).to.be(null);
|
|
|
|
|
expect(accesscontrol.hasScopes([ 'apps', 'mail' ], [ 'mail' ])).to.be(null);
|
|
|
|
|
expect(accesscontrol.hasScopes([ 'clients', '*', 'apps', 'mail' ], [ 'mail' ])).to.be(null);
|
2018-06-14 16:37:38 -07:00
|
|
|
|
|
|
|
|
// subscope
|
2018-06-17 19:54:05 -07:00
|
|
|
expect(accesscontrol.hasScopes([ 'apps' ], [ 'apps:read' ])).to.be(null);
|
|
|
|
|
expect(accesscontrol.hasScopes([ 'apps:read' ], [ 'apps:read' ])).to.be(null);
|
|
|
|
|
expect(accesscontrol.hasScopes([ 'apps' , 'mail' ], [ 'apps:*' ])).to.be(null);
|
|
|
|
|
expect(accesscontrol.hasScopes([ '*' ], [ 'apps:read' ])).to.be(null);
|
2018-06-14 16:32:24 -07:00
|
|
|
});
|
2018-06-14 16:28:09 -07:00
|
|
|
|
2018-06-14 16:32:24 -07:00
|
|
|
it('fails if it does not contain the scope', function () {
|
2018-06-17 19:54:05 -07:00
|
|
|
expect(accesscontrol.hasScopes([ 'apps' ], [ 'mail' ])).to.be.an(Error);
|
|
|
|
|
expect(accesscontrol.hasScopes([ 'apps', 'mail' ], [ 'clients' ])).to.be.an(Error);
|
2018-06-14 16:37:38 -07:00
|
|
|
|
|
|
|
|
// subscope
|
2018-06-17 19:54:05 -07:00
|
|
|
expect(accesscontrol.hasScopes([ 'apps:write' ], [ 'apps:read' ])).to.be.an(Error);
|
2018-06-14 16:32:24 -07:00
|
|
|
});
|
2018-06-14 16:28:09 -07:00
|
|
|
});
|
2018-06-14 20:17:54 -07:00
|
|
|
});
|
