Fix auth using header

2018-09-01 09:36:48 -07:00
parent 41c3b1fa5f
commit e04db2c49c
11 changed files with 435 additions and 349 deletions
--- a/modules/tests/_blacklist-test.js
+++ b/modules/tests/_blacklist-test.js
@ -0,0 +1,109 @@
+const request = require("supertest");
+
+const createServer = require("../createServer");
+const clearBlacklist = require("./utils/clearBlacklist");
+const withToken = require("./utils/withToken");
+
+describe("The /_blacklist endpoint", () => {
+  let server;
+  beforeEach(() => {
+    server = createServer();
+  });
+
+  describe("POST /_blacklist", () => {
+    afterEach(clearBlacklist);
+
+    describe("with no auth", () => {
+      it("is forbidden", done => {
+        request(server)
+          .post("/_blacklist")
+          .end((err, res) => {
+            expect(res.statusCode).toBe(403);
+            done();
+          });
+      });
+    });
+
+    describe('with the "blacklist.add" scope', () => {
+      it("can add to the blacklist", done => {
+        withToken({ blacklist: { add: true } }, token => {
+          request(server)
+            .post("/_blacklist")
+            .send({ token, packageName: "bad-package" })
+            .end((err, res) => {
+              expect(res.statusCode).toBe(200);
+              expect(res.body.ok).toBe(true);
+              done();
+            });
+        });
+      });
+    });
+  });
+
+  describe("GET /_blacklist", () => {
+    describe("with no auth", () => {
+      it("is forbidden", done => {
+        request(server)
+          .get("/_blacklist")
+          .end((err, res) => {
+            expect(res.statusCode).toBe(403);
+            done();
+          });
+      });
+    });
+
+    describe('with the "blacklist.read" scope', () => {
+      it("can read the blacklist", done => {
+        withToken({ blacklist: { read: true } }, token => {
+          request(server)
+            .get("/_blacklist?token=" + token)
+            .end((err, res) => {
+              expect(res.statusCode).toBe(200);
+              done();
+            });
+        });
+      });
+    });
+  });
+
+  describe("DELETE /_blacklist/:packageName", () => {
+    describe("with no auth", () => {
+      it("is forbidden", done => {
+        request(server)
+          .delete("/_blacklist/bad-package")
+          .end((err, res) => {
+            expect(res.statusCode).toBe(403);
+            done();
+          });
+      });
+    });
+
+    describe('with the "blacklist.remove" scope', () => {
+      it("can remove a package from the blacklist", done => {
+        withToken({ blacklist: { remove: true } }, token => {
+          request(server)
+            .delete("/_blacklist/bad-package")
+            .send({ token })
+            .end((err, res) => {
+              expect(res.statusCode).toBe(200);
+              expect(res.body.ok).toBe(true);
+              done();
+            });
+        });
+      });
+
+      it("can remove a scoped package from the blacklist", done => {
+        withToken({ blacklist: { remove: true } }, token => {
+          request(server)
+            .delete("/_blacklist/@scope/bad-package")
+            .send({ token })
+            .end((err, res) => {
+              expect(res.statusCode).toBe(200);
+              expect(res.body.ok).toBe(true);
+              done();
+            });
+        });
+      });
+    });
+  });
+});