2018-03-31 12:59:45 +00:00
|
|
|
const test = require('../testlib');
|
|
|
|
|
|
|
|
test.run(async function () {
|
|
|
|
await test('admin', async function (assert, req) {
|
|
|
|
//Test missing field
|
|
|
|
var res = await req({
|
|
|
|
url: '/records/1/credentials',
|
|
|
|
method: 'post',
|
|
|
|
data: {
|
|
|
|
description: 'Test'
|
|
|
|
}
|
|
|
|
});
|
|
|
|
|
|
|
|
assert.equal(res.status, 422);
|
|
|
|
|
|
|
|
//Test invalid type
|
|
|
|
var res = await req({
|
|
|
|
url: '/records/1/credentials',
|
|
|
|
method: 'post',
|
|
|
|
data: {
|
|
|
|
description: 'Test',
|
|
|
|
type: 'foo'
|
|
|
|
}
|
|
|
|
});
|
|
|
|
|
|
|
|
assert.equal(res.status, 400);
|
|
|
|
|
|
|
|
//Test missing key
|
|
|
|
var res = await req({
|
|
|
|
url: '/records/1/credentials',
|
|
|
|
method: 'post',
|
|
|
|
data: {
|
|
|
|
description: 'Test',
|
|
|
|
type: 'key'
|
|
|
|
}
|
|
|
|
});
|
|
|
|
|
|
|
|
assert.equal(res.status, 422);
|
|
|
|
|
|
|
|
//Test missing password
|
|
|
|
var res = await req({
|
|
|
|
url: '/records/1/credentials',
|
|
|
|
method: 'post',
|
|
|
|
data: {
|
|
|
|
description: 'Test',
|
|
|
|
type: 'password'
|
|
|
|
}
|
|
|
|
});
|
|
|
|
|
|
|
|
assert.equal(res.status, 422);
|
|
|
|
|
|
|
|
//Test invalid key
|
|
|
|
var res = await req({
|
|
|
|
url: '/records/1/credentials',
|
|
|
|
method: 'post',
|
|
|
|
data: {
|
|
|
|
description: 'Test',
|
|
|
|
type: 'key',
|
|
|
|
key: 'foo'
|
|
|
|
}
|
|
|
|
});
|
|
|
|
|
|
|
|
assert.equal(res.status, 400);
|
|
|
|
|
2018-04-02 11:35:14 +00:00
|
|
|
//Test invalid record
|
|
|
|
var res = await req({
|
|
|
|
url: '/records/100/credentials',
|
|
|
|
method: 'post',
|
|
|
|
data: {
|
|
|
|
description: 'Test',
|
|
|
|
type: 'password',
|
|
|
|
password: 'foo'
|
|
|
|
}
|
|
|
|
});
|
|
|
|
|
|
|
|
assert.equal(res.status, 404, 'Not existent record should trigger error.');
|
|
|
|
|
2018-03-31 15:13:47 +00:00
|
|
|
//Add key (key is intensionally very short but valid) and get it
|
2018-03-31 12:59:45 +00:00
|
|
|
var res = await req({
|
|
|
|
url: '/records/1/credentials',
|
|
|
|
method: 'post',
|
|
|
|
data: {
|
|
|
|
description: 'Test Key',
|
|
|
|
type: 'key',
|
|
|
|
key: '-----BEGIN PUBLIC KEY-----\nMDwwDQYJKoZIhvcNAQEBBQADKwAwKAIhAMOLSxmtlYxSkEKep11gjq200PTKVUaA\nyalonAKxw3XnAgMBAAE=\n-----END PUBLIC KEY-----'
|
|
|
|
}
|
|
|
|
});
|
|
|
|
|
|
|
|
assert.equal(res.status, 201, 'Adding key should succeed.');
|
|
|
|
assert.equal(res.data, {
|
|
|
|
id: 4,
|
|
|
|
description: 'Test Key',
|
|
|
|
type: 'key',
|
|
|
|
key: '-----BEGIN PUBLIC KEY-----\nMDwwDQYJKoZIhvcNAQEBBQADKwAwKAIhAMOLSxmtlYxSkEKep11gjq200PTKVUaA\nyalonAKxw3XnAgMBAAE=\n-----END PUBLIC KEY-----'
|
|
|
|
}, 'Adding credential data fail.');
|
|
|
|
|
2018-03-31 15:13:47 +00:00
|
|
|
var res = await req({
|
|
|
|
url: '/records/1/credentials/4',
|
|
|
|
method: 'get'
|
|
|
|
});
|
|
|
|
|
|
|
|
assert.equal(res.status, 200, 'Added key should be found.');
|
|
|
|
assert.equal(res.data, {
|
|
|
|
id: 4,
|
|
|
|
description: 'Test Key',
|
|
|
|
type: 'key',
|
|
|
|
key: '-----BEGIN PUBLIC KEY-----\nMDwwDQYJKoZIhvcNAQEBBQADKwAwKAIhAMOLSxmtlYxSkEKep11gjq200PTKVUaA\nyalonAKxw3XnAgMBAAE=\n-----END PUBLIC KEY-----'
|
|
|
|
}, 'Added key does not match.');
|
|
|
|
|
|
|
|
//Add password and get it
|
2018-03-31 12:59:45 +00:00
|
|
|
var res = await req({
|
|
|
|
url: '/records/1/credentials',
|
|
|
|
method: 'post',
|
|
|
|
data: {
|
|
|
|
description: 'Test Password',
|
|
|
|
type: 'password',
|
|
|
|
password: 'foo'
|
|
|
|
}
|
|
|
|
});
|
|
|
|
|
|
|
|
assert.equal(res.status, 201, 'Adding password should succeed.');
|
|
|
|
assert.equal(res.data, {
|
|
|
|
id: 5,
|
|
|
|
description: 'Test Password',
|
|
|
|
type: 'password',
|
|
|
|
}, 'Adding credential data fail.');
|
|
|
|
|
2018-03-31 15:13:47 +00:00
|
|
|
var res = await req({
|
|
|
|
url: '/records/1/credentials/5',
|
|
|
|
method: 'get'
|
|
|
|
});
|
|
|
|
|
|
|
|
assert.equal(res.status, 200, 'Added key should be found.');
|
|
|
|
assert.equal(res.data, {
|
|
|
|
id: 5,
|
|
|
|
description: 'Test Password',
|
|
|
|
type: 'password',
|
|
|
|
}, 'Added password does not match.');
|
|
|
|
|
2018-04-01 14:05:24 +00:00
|
|
|
//Update credential
|
|
|
|
var res = await req({
|
|
|
|
url: '/records/1/credentials/4',
|
|
|
|
method: 'put',
|
|
|
|
data: {
|
|
|
|
type: 'key',
|
|
|
|
key: '-----BEGIN PUBLIC KEY-----\nMDwwDQYJKoZIhvcNAQEBBQADKwAwKAIhAMTyWha8C93l2NAPMkLPZ2WnbkqWXOnH\no3RenmVJHn1tAgMBAAE=\n-----END PUBLIC KEY-----'
|
|
|
|
}
|
|
|
|
});
|
|
|
|
|
|
|
|
assert.equal(res.status, 204, 'Updating record should succeed.');
|
|
|
|
|
|
|
|
var res = await req({
|
|
|
|
url: '/records/1/credentials/4',
|
|
|
|
method: 'get'
|
|
|
|
});
|
|
|
|
|
|
|
|
assert.equal(res.status, 200, 'Updated credential should be found.');
|
|
|
|
assert.equal(res.data, {
|
|
|
|
id: 4,
|
|
|
|
description: 'Test Key',
|
|
|
|
type: 'key',
|
|
|
|
key: '-----BEGIN PUBLIC KEY-----\nMDwwDQYJKoZIhvcNAQEBBQADKwAwKAIhAMTyWha8C93l2NAPMkLPZ2WnbkqWXOnH\no3RenmVJHn1tAgMBAAE=\n-----END PUBLIC KEY-----'
|
|
|
|
}, 'Updated key does not match.');
|
|
|
|
|
|
|
|
// Change type to password
|
|
|
|
var res = await req({
|
|
|
|
url: '/records/1/credentials/4',
|
|
|
|
method: 'put',
|
|
|
|
data: {
|
|
|
|
description: 'Foo Bar',
|
|
|
|
type: 'password',
|
|
|
|
password: 'foo'
|
|
|
|
}
|
|
|
|
});
|
|
|
|
|
|
|
|
assert.equal(res.status, 204, 'Updating record should succeed.');
|
|
|
|
|
|
|
|
var res = await req({
|
|
|
|
url: '/records/1/credentials/4',
|
|
|
|
method: 'get'
|
|
|
|
});
|
|
|
|
|
|
|
|
assert.equal(res.status, 200, 'Updated credential should be found.');
|
|
|
|
assert.equal(res.data, {
|
|
|
|
id: 4,
|
|
|
|
description: 'Foo Bar',
|
|
|
|
type: 'password'
|
|
|
|
}, 'Added key does not match.');
|
|
|
|
|
|
|
|
//Test update fails
|
|
|
|
var res = await req({
|
|
|
|
url: '/records/1/credentials/4',
|
|
|
|
method: 'put',
|
|
|
|
data: {
|
|
|
|
type: 'foo'
|
|
|
|
}
|
|
|
|
});
|
|
|
|
assert.equal(res.status, 400, 'Invalid type should trigger error.');
|
|
|
|
|
|
|
|
var res = await req({
|
|
|
|
url: '/records/1/credentials/4',
|
|
|
|
method: 'put',
|
|
|
|
data: {
|
|
|
|
type: 'key',
|
|
|
|
key: 'foo'
|
|
|
|
}
|
|
|
|
});
|
|
|
|
assert.equal(res.status, 400, 'Invalid key should trigger error.');
|
|
|
|
|
|
|
|
var res = await req({
|
|
|
|
url: '/records/1/credentials/4',
|
|
|
|
method: 'put',
|
|
|
|
data: {
|
|
|
|
type: 'key'
|
|
|
|
}
|
|
|
|
});
|
|
|
|
assert.equal(res.status, 422, 'Missing key should trigger error.');
|
|
|
|
|
|
|
|
var res = await req({
|
|
|
|
url: '/records/1/credentials/4',
|
|
|
|
method: 'put',
|
|
|
|
data: {
|
|
|
|
type: 'password'
|
|
|
|
}
|
|
|
|
});
|
|
|
|
assert.equal(res.status, 422, 'Missing password should trigger error.');
|
|
|
|
|
|
|
|
var res = await req({
|
|
|
|
url: '/records/1/credentials/100',
|
|
|
|
method: 'put',
|
|
|
|
data: {
|
|
|
|
description: 'foo'
|
|
|
|
}
|
|
|
|
});
|
|
|
|
assert.equal(res.status, 404, 'Invalid credential should trigger error.');
|
|
|
|
|
|
|
|
|
2018-03-31 13:29:31 +00:00
|
|
|
//Delete entry
|
|
|
|
var res = await req({
|
|
|
|
url: '/records/1/credentials/4',
|
|
|
|
method: 'delete'
|
|
|
|
});
|
|
|
|
|
|
|
|
assert.equal(res.status, 204, 'Deletion of entry should succeed.');
|
|
|
|
|
|
|
|
//Delete not existing entry
|
|
|
|
var res = await req({
|
|
|
|
url: '/records/1/credentials/100',
|
|
|
|
method: 'delete'
|
|
|
|
});
|
|
|
|
|
|
|
|
assert.equal(res.status, 404, 'Deletion of not existing entry should fail.');
|
|
|
|
|
|
|
|
//Delete entry via wrong record
|
|
|
|
var res = await req({
|
|
|
|
url: '/records/4/credentials/5',
|
|
|
|
method: 'delete'
|
|
|
|
});
|
|
|
|
|
|
|
|
assert.equal(res.status, 404, 'Deletion of entry via wrong record should fail.');
|
2018-03-31 12:59:45 +00:00
|
|
|
|
|
|
|
});
|
|
|
|
|
|
|
|
await test('user', async function (assert, req) {
|
|
|
|
//Add password with missing permissions
|
|
|
|
var res = await req({
|
|
|
|
url: '/records/4/credentials',
|
|
|
|
method: 'post',
|
|
|
|
data: {
|
|
|
|
description: 'Test Password',
|
|
|
|
type: 'password',
|
|
|
|
password: 'foo'
|
|
|
|
}
|
|
|
|
});
|
|
|
|
|
|
|
|
assert.equal(res.status, 403, 'Adding password should fail for missing permissions.');
|
|
|
|
|
|
|
|
//Add password with missing permissions
|
|
|
|
var res = await req({
|
|
|
|
url: '/records/1/credentials',
|
|
|
|
method: 'post',
|
|
|
|
data: {
|
|
|
|
description: 'Test Password',
|
|
|
|
type: 'password',
|
|
|
|
password: 'foo'
|
|
|
|
}
|
|
|
|
});
|
|
|
|
|
|
|
|
assert.equal(res.status, 201, 'Adding password should succeed for user.');
|
|
|
|
assert.equal(res.data, {
|
|
|
|
id: 6,
|
|
|
|
description: 'Test Password',
|
|
|
|
type: 'password',
|
|
|
|
}, 'Adding credential data fail.');
|
2018-03-31 13:29:31 +00:00
|
|
|
|
|
|
|
//Delete entry
|
|
|
|
var res = await req({
|
|
|
|
url: '/records/1/credentials/6',
|
|
|
|
method: 'delete'
|
|
|
|
});
|
|
|
|
|
|
|
|
assert.equal(res.status, 204, 'Deletion of entry should succeed for user.');
|
|
|
|
|
|
|
|
//Delete entry without permission
|
|
|
|
var res = await req({
|
|
|
|
url: '/records/4/credentials/2',
|
|
|
|
method: 'delete'
|
|
|
|
});
|
|
|
|
|
|
|
|
assert.equal(res.status, 403, 'Deletion of entry without permission should fail.');
|
2018-03-31 12:59:45 +00:00
|
|
|
});
|
|
|
|
});
|