Hawkin
/
arangodb
mirror of https://gitee.com/bigwinds/arangodb
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
arangodb/js/client/tests/auth.js

474 lines
14 KiB
JavaScript
Raw Blame History

/*jshint globalstrict:false, strict:false */
/*global fail, assertTrue */
////////////////////////////////////////////////////////////////////////////////
/// @brief test the authentication
///
/// @file
///
/// DISCLAIMER
///
/// Copyright 2010-2012 triagens GmbH, Cologne, Germany
///
/// Licensed under the Apache License, Version 2.0 (the "License");
/// you may not use this file except in compliance with the License.
/// You may obtain a copy of the License at
///
/// http://www.apache.org/licenses/LICENSE-2.0
///
/// Unless required by applicable law or agreed to in writing, software
/// distributed under the License is distributed on an "AS IS" BASIS,
/// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
/// See the License for the specific language governing permissions and
/// limitations under the License.
///
/// Copyright holder is triAGENS GmbH, Cologne, Germany
///
/// @author Jan Steemann
/// @author Copyright 2013, triAGENS GmbH, Cologne, Germany
////////////////////////////////////////////////////////////////////////////////
var jsunity = require("jsunity");
var arango = require("@arangodb").arango;
var db = require("internal").db;
var users = require("@arangodb/users");
var request = require('@arangodb/request');
var crypto = require('@arangodb/crypto');
var expect = require('expect.js');
////////////////////////////////////////////////////////////////////////////////
/// @brief test suite
////////////////////////////////////////////////////////////////////////////////
function AuthSuite () {
'use strict';
var baseUrl = function () {
return arango.getEndpoint().replace(/^tcp:/, 'http:').replace(/^ssl:/, 'https:');
};
const jwtSecret = 'haxxmann';
return {
////////////////////////////////////////////////////////////////////////////////
/// @brief set up
////////////////////////////////////////////////////////////////////////////////
setUp : function () {
arango.reconnect(arango.getEndpoint(), db._name(), "root", "");
try {
users.remove("hackers@arangodb.com");
}
catch (err) {
}
},
////////////////////////////////////////////////////////////////////////////////
/// @brief tear down
////////////////////////////////////////////////////////////////////////////////
tearDown : function () {
try {
users.remove("hackers@arangodb.com");
}
catch (err) {
}
},
////////////////////////////////////////////////////////////////////////////////
/// @brief test creating a new user
////////////////////////////////////////////////////////////////////////////////
testNewUser : function () {
users.save("hackers@arangodb.com", "foobar");
users.grantDatabase('hackers@arangodb.com', db._name());
users.reload();
arango.reconnect(arango.getEndpoint(), db._name(), "hackers@arangodb.com", "foobar");
// this will issue a request using the new user
assertTrue(db._collections().length > 0);
// double check with wrong passwords
let isBroken;
isBroken = true;
try {
arango.reconnect(arango.getEndpoint(), db._name(), "hackers@arangodb.com", "foobar2");
}
catch (err1) {
isBroken = false;
}
isBroken = true;
try {
arango.reconnect(arango.getEndpoint(), db._name(), "hackers@arangodb.com", "");
}
catch (err2) {
isBroken = false;
}
},
////////////////////////////////////////////////////////////////////////////////
/// @brief test creating a new user with empty password
////////////////////////////////////////////////////////////////////////////////
testEmptyPassword : function () {
users.save("hackers@arangodb.com", "");
users.grantDatabase('hackers@arangodb.com', db._name());
users.reload();
arango.reconnect(arango.getEndpoint(), db._name(), "hackers@arangodb.com", "");
// this will issue a request using the new user
assertTrue(db._collections().length > 0);
// double check with wrong password
let isBroken;
isBroken = true;
try {
arango.reconnect(arango.getEndpoint(), db._name(), "hackers@arangodb.com", "foobar");
}
catch (err1) {
isBroken = false;
}
},
////////////////////////////////////////////////////////////////////////////////
/// @brief test creating a new user with case sensitive password
////////////////////////////////////////////////////////////////////////////////
testPasswordCase : function () {
users.save("hackers@arangodb.com", "FooBar");
users.grantDatabase('hackers@arangodb.com', db._name());
users.reload();
arango.reconnect(arango.getEndpoint(), db._name(), "hackers@arangodb.com", "FooBar");
// this will issue a request using the new user
assertTrue(db._collections().length > 0);
// double check with wrong passwords
let isBroken;
isBroken = true;
try {
arango.reconnect(arango.getEndpoint(), db._name(), "hackers@arangodb.com", "Foobar");
assertTrue(db._collections().length > 0);
}
catch (err1) {
isBroken = false;
}
if (isBroken) {
fail();
}
isBroken = true;
try {
arango.reconnect(arango.getEndpoint(), db._name(), "hackers@arangodb.com", "foobar");
}
catch (err2) {
isBroken = false;
}
if (isBroken) {
fail();
}
isBroken = true;
try {
arango.reconnect(arango.getEndpoint(), db._name(), "hackers@arangodb.com", "FOOBAR");
}
catch (err3) {
isBroken = false;
}
if (isBroken) {
fail();
}
},
////////////////////////////////////////////////////////////////////////////////
/// @brief test creating a new user with colon in password
////////////////////////////////////////////////////////////////////////////////
testColon : function () {
users.save("hackers@arangodb.com", "fuxx::bar");
users.grantDatabase('hackers@arangodb.com', db._name());
users.reload();
arango.reconnect(arango.getEndpoint(), db._name(), "hackers@arangodb.com", "fuxx::bar");
// this will issue a request using the new user
assertTrue(db._collections().length > 0);
// double check with wrong passwords
let isBroken;
isBroken = true;
try {
arango.reconnect(arango.getEndpoint(), db._name(), "hackers@arangodb.com", "fuxx");
}
catch (err1) {
isBroken = false;
}
if (isBroken) {
fail();
}
isBroken = true;
try {
arango.reconnect(arango.getEndpoint(), db._name(), "hackers@arangodb.com", "bar");
}
catch (err2) {
isBroken = false;
}
if (isBroken) {
fail();
}
isBroken = true;
try {
arango.reconnect(arango.getEndpoint(), db._name(), "hackers@arangodb.com", "");
}
catch (err3) {
isBroken = false;
}
if (isBroken) {
fail();
}
},
////////////////////////////////////////////////////////////////////////////////
/// @brief test creating a new user with special chars in password
////////////////////////////////////////////////////////////////////////////////
testSpecialChars : function () {
users.save("hackers@arangodb.com", ":\\abc'def:foobar@04. x-a");
users.grantDatabase('hackers@arangodb.com', db._name());
users.reload();
arango.reconnect(arango.getEndpoint(), db._name(), "hackers@arangodb.com", ":\\abc'def:foobar@04. x-a");
// this will issue a request using the new user
assertTrue(db._collections().length > 0);
// double check with wrong passwords
let isBroken;
isBroken = true;
try {
arango.reconnect(arango.getEndpoint(), db._name(), "hackers@arangodb.com", "foobar");
}
catch (err1) {
isBroken = false;
}
if (isBroken) {
fail();
}
isBroken = true;
try {
arango.reconnect(arango.getEndpoint(), db._name(), "hackers@arangodb.com", "\\abc'def: x-a");
}
catch (err2) {
isBroken = false;
}
if (isBroken) {
fail();
}
isBroken = true;
try {
arango.reconnect(arango.getEndpoint(), db._name(), "hackers@arangodb.com", "");
}
catch (err3) {
isBroken = false;
}
if (isBroken) {
fail();
}
},
testAuthOpen: function() {
var res = request(baseUrl() + "/_open/auth");
expect(res).to.be.a(request.Response);
// mop: GET is an unsupported method, but it is skipping auth
expect(res).to.have.property('statusCode', 405);
},
testAuth: function() {
var res = request.post({
url: baseUrl() + "/_open/auth",
body: JSON.stringify({"username": "root", "password": ""})
});
expect(res).to.be.a(request.Response);
expect(res).to.have.property('statusCode', 200);
expect(res.body).to.be.an('string');
var obj = JSON.parse(res.body);
expect(obj).to.have.property('jwt');
expect(obj).to.have.property('must_change_password');
expect(obj.jwt).to.be.a('string');
expect(obj.jwt.split('.').length).to.be(3);
expect(obj.must_change_password).to.be.a('boolean');
},
testAuthNewUser: function() {
users.save("hackers@arangodb.com", "foobar");
users.reload();
var res = request.post({
url: baseUrl() + "/_open/auth",
body: JSON.stringify({"username": "hackers@arangodb.com", "password": "foobar"})
});
expect(res).to.be.a(request.Response);
expect(res).to.have.property('statusCode', 200);
expect(res.body).to.be.an('string');
var obj = JSON.parse(res.body);
expect(obj).to.have.property('jwt');
expect(obj).to.have.property('must_change_password');
expect(obj.jwt).to.be.a('string');
expect(obj.jwt.split('.').length).to.be(3);
expect(obj.must_change_password).to.be.a('boolean');
},
testAuthNewWrongPassword: function() {
users.save("hackers@arangodb.com", "foobarJAJA");
users.reload();
var res = request.post({
url: baseUrl() + "/_open/auth",
body: JSON.stringify({"username": "hackers@arangodb.com", "password": "foobar"})
});
expect(res).to.be.a(request.Response);
expect(res).to.have.property('statusCode', 401);
},
testAuthNoPassword: function() {
var res = request.post({
url: baseUrl() + "/_open/auth",
body: JSON.stringify({"username": "hackers@arangodb.com", "passwordaa": "foobar"}),
});
expect(res).to.be.a(request.Response);
expect(res).to.have.property('statusCode', 400);
},
testAuthNoUsername: function() {
var res = request.post({
url: baseUrl() + "/_open/auth",
body: JSON.stringify({"usern": "hackers@arangodb.com", "password": "foobar"}),
});
expect(res).to.be.a(request.Response);
expect(res).to.have.property('statusCode', 400);
},
testAuthRequired: function() {
var res = request.get(baseUrl() + "/_api/version");
expect(res).to.be.a(request.Response);
expect(res).to.have.property('statusCode', 401);
},
testFullAuthWorkflow: function() {
var res = request.post({
url: baseUrl() + "/_open/auth",
body: JSON.stringify({"username": "root", "password": ""}),
});
var jwt = JSON.parse(res.body).jwt;
res = request.get({
url: baseUrl() + "/_api/version",
auth: {
bearer: jwt,
}
});
expect(res).to.be.a(request.Response);
expect(res).to.have.property('statusCode', 200);
},
testViaJS: function() {
var jwt = crypto.jwtEncode(jwtSecret, {"preferred_username": "root", "iss": "arangodb", "exp": Math.floor(Date.now() / 1000) + 3600}, 'HS256');
var res = request.get({
url: baseUrl() + "/_api/version",
auth: {
bearer: jwt,
}
});
expect(res).to.be.a(request.Response);
expect(res).to.have.property('statusCode', 200);
},
testNoneAlgDisabled: function() {
var jwt = (new Buffer(JSON.stringify({"typ": "JWT","alg": "none"})).toString('base64')) + "." + (new Buffer(JSON.stringify({"preferred_username": "root", "iss": "arangodb"})).toString('base64'));
// not supported
var res = request.get({
url: baseUrl() + "/_api/version",
auth: {
bearer: jwt,
}
});
expect(res).to.be.a(request.Response);
expect(res).to.have.property('statusCode', 401);
},
testIssRequired: function() {
var jwt = crypto.jwtEncode(jwtSecret, {"preferred_username": "root", "exp": Math.floor(Date.now() / 1000) + 3600 }, 'HS256');
// not supported
var res = request.get({
url: baseUrl() + "/_api/version",
auth: {
bearer: jwt,
}
});
expect(res).to.be.a(request.Response);
expect(res).to.have.property('statusCode', 401);
},
testIssArangodb: function() {
var jwt = crypto.jwtEncode(jwtSecret, {"preferred_username": "root", "iss": "arangodbaaa", "exp": Math.floor(Date.now() / 1000) + 3600 }, 'HS256');
// not supported
var res = request.get({
url: baseUrl() + "/_api/version",
auth: {
bearer: jwt,
}
});
expect(res).to.be.a(request.Response);
expect(res).to.have.property('statusCode', 401);
},
testExpOptional: function() {
var jwt = crypto.jwtEncode(jwtSecret, {"preferred_username": "root", "iss": "arangodb" }, 'HS256');
// not supported
var res = request.get({
url: baseUrl() + "/_api/version",
auth: {
bearer: jwt,
}
});
expect(res).to.be.a(request.Response);
expect(res).to.have.property('statusCode', 200);
},
testExp: function() {
var jwt = crypto.jwtEncode(jwtSecret, {"preferred_username": "root", "iss": "arangodbaaa", "exp": Math.floor(Date.now() / 1000) - 1000 }, 'HS256');
// not supported
var res = request.get({
url: baseUrl() + "/_api/version",
auth: {
bearer: jwt,
}
});
expect(res).to.be.a(request.Response);
expect(res).to.have.property('statusCode', 401);
},
};
}
////////////////////////////////////////////////////////////////////////////////
/// @brief executes the test suite
////////////////////////////////////////////////////////////////////////////////
jsunity.run(AuthSuite);
return jsunity.done();
Reference in New Issue View Git Blame Copy Permalink