tabshift/payload
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add role middleware tests

Browse Source
This commit is contained in:
Elliot DeNolf
2019-01-04 02:19:26 -05:00
parent 7bd4bda08e
commit 83524bc25a
4 changed files with 1058 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
src/middleware/index.js
View File

@@ -1,22 +1,22 @@
export function role(role) {
return function (req, res, next) {
if (role !== req.user.role) res.send(401, 'Role not authorized.');
else next();
}
export function role(role) {
return function (req, res, next) {
if (role !== req.user.role) res.status(401).send('Role not authorized.');
else next();
}
}
export function atLeastRole(roleList, permittedRole) {
return function(req, res, next) {
let actualRoleIndex = roleList.indexOf(req.user.role);
if (actualRoleIndex === -1) res.status(400).send('Invalid role.');
export function atLeastRole(roleList, permittedRole) {
return function(req, res, next) {
let actualRoleIndex = roleList.indexOf(req.user.role);
if (actualRoleIndex === -1) res.status(400).send('Invalid role.');
let permittedRoleIndex = roleList.indexOf(permittedRole);
if (permittedRoleIndex === -1) res.status(500).send();
let permittedRoleIndex = roleList.indexOf(permittedRole);
if (permittedRoleIndex === -1) res.status(500).send();
if (actualRoleIndex <= permittedRoleIndex) next();
if (actualRoleIndex <= permittedRoleIndex) next();
res.status(401).send('Role not authorized.');
}
res.status(401).send('Role not authorized.');
}
}
export default { role, atLeastRole };

109
src/tests/middleware.spec.js Normal file
View File

@@ -0,0 +1,109 @@
import middleware from '../middleware';
import mockExpress from 'jest-mock-express';
let res = null;
let next = null;
beforeEach(() => {
res = mockExpress.response();
next = jest.fn();
});
describe('Payload Role Middleware', () => {
it('Exact role - authorized', () => {
const req = {
user: {
role: 'user'
}
};
middleware.role('user')(req, res, next);
expect(next.mock.calls.length).toBe(1);
expect(res.status).not.toHaveBeenCalled();
});
it('Exact role - unauthorized', () => {
const req = {
user: {
role: 'user'
}
};
middleware.role('admin')(req, res, next);
expect(next.mock.calls.length).toBe(0);
expect(res.status).toHaveBeenCalled();
expect(res.send).toHaveBeenCalled();
});
it('At least role - exact', () => {
const roleList = [
'admin',
'user',
'viewer'
];
const req = {
user: {
role: 'user'
}
};
middleware.atLeastRole(roleList, 'user')(req, res, next);
expect(next.mock.calls.length).toBe(1);
});
it('At least role - permitted', () => {
const roleList = [
'admin',
'user',
'viewer'
];
const req = {
user: {
role: 'user'
}
};
middleware.atLeastRole(roleList, 'viewer')(req, res, next);
expect(next.mock.calls.length).toBe(1);
});
it('At least role - unauthorized', () => {
const roleList = [
'admin',
'user',
'viewer'
];
const req = {
user: {
role: 'user'
}
};
middleware.atLeastRole(roleList, 'admin')(req, res, next);
expect(next.mock.calls.length).toBe(0);
expect(res.status).toHaveBeenCalledWith(401);
});
it('At least role - non-existent role', () => {
const roleList = [
'admin',
'user',
'viewer'
];
const req = {
user: {
role: 'user'
}
};
middleware.atLeastRole(roleList, 'invalid')(req, res, next);
expect(next.mock.calls.length).toBe(0);
expect(res.status).toHaveBeenCalledWith(500);
})
});