mirror of
https://github.com/outline/outline.git
synced 2026-06-13 11:25:03 +03:00
Tom Moor
a06671e8ce
This PR contains the necessary work to make Outline an OAuth provider including: - OAuth app registration - OAuth app management - Private / public apps (Public in cloud only) - Full OAuth 2.0 spec compatible authentication flow - Granular scopes - User token management screen in settings - Associated API endpoints for programatic access
127 lines
5.4 KiB
TypeScript
127 lines
5.4 KiB
TypeScript
import AuthenticationHelper from "./AuthenticationHelper";
|
|
|
|
describe("AuthenticationHelper", () => {
|
|
const canAccess = AuthenticationHelper.canAccess;
|
|
|
|
describe("canAccess", () => {
|
|
describe("api scopes", () => {
|
|
it("should account for query string", async () => {
|
|
const scopes = ["/api/documents.info"];
|
|
|
|
expect(canAccess("/api/documents.info?foo=bar", scopes)).toBe(true);
|
|
});
|
|
|
|
it("should return false if no matching scope", async () => {
|
|
const scopes = ["/api/documents.info"];
|
|
|
|
expect(canAccess("/api/documents.info", scopes)).toBe(true);
|
|
expect(canAccess("/api/collections.create", scopes)).toBe(false);
|
|
expect(canAccess("/api/apiKeys.list", scopes)).toBe(false);
|
|
});
|
|
|
|
it("should allow wildcard methods", async () => {
|
|
const scopes = ["/api/documents.*"];
|
|
|
|
expect(canAccess("/api/documents.info", scopes)).toBe(true);
|
|
expect(canAccess("/api/documents.create", scopes)).toBe(true);
|
|
expect(canAccess("/api/collections.create", scopes)).toBe(false);
|
|
});
|
|
|
|
it("should allow wildcard namespaces", async () => {
|
|
const scopes = ["/api/*.info"];
|
|
|
|
expect(canAccess("/api/documents.info", scopes)).toBe(true);
|
|
expect(canAccess("/api/documents.create", scopes)).toBe(false);
|
|
expect(canAccess("/api/collections.create", scopes)).toBe(false);
|
|
});
|
|
|
|
it("should allow wildcard namespaces", async () => {
|
|
const scopes = ["/api/*.info"];
|
|
|
|
expect(canAccess("/api/documents.info", scopes)).toBe(true);
|
|
expect(canAccess("/api/documents.create", scopes)).toBe(false);
|
|
});
|
|
});
|
|
|
|
describe("namespaced access scopes", () => {
|
|
it("read", async () => {
|
|
const scopes = ["documents:read"];
|
|
|
|
expect(canAccess("/api/documents.info?foo=bar", scopes)).toBe(true);
|
|
expect(canAccess("/api/documents.info", scopes)).toBe(true);
|
|
expect(canAccess("/api/documents.list", scopes)).toBe(true);
|
|
expect(canAccess("/api/documents.create", scopes)).toBe(false);
|
|
expect(canAccess("/api/documents.update", scopes)).toBe(false);
|
|
expect(canAccess("/api/users.info", scopes)).toBe(false);
|
|
expect(canAccess("/api/users.create", scopes)).toBe(false);
|
|
});
|
|
|
|
it("write", async () => {
|
|
const scopes = ["documents:write"];
|
|
|
|
expect(canAccess("/api/documents.info?foo=bar", scopes)).toBe(true);
|
|
expect(canAccess("/api/documents.info", scopes)).toBe(true);
|
|
expect(canAccess("/api/documents.list", scopes)).toBe(true);
|
|
expect(canAccess("/api/documents.create", scopes)).toBe(true);
|
|
expect(canAccess("/api/documents.update", scopes)).toBe(true);
|
|
expect(canAccess("/api/users.info", scopes)).toBe(false);
|
|
expect(canAccess("/api/users.create", scopes)).toBe(false);
|
|
});
|
|
|
|
it("create", async () => {
|
|
const scopes = ["documents:create"];
|
|
|
|
expect(canAccess("/api/documents.create", scopes)).toBe(true);
|
|
expect(canAccess("/api/documents.info?foo=bar", scopes)).toBe(false);
|
|
expect(canAccess("/api/documents.info", scopes)).toBe(false);
|
|
expect(canAccess("/api/documents.list", scopes)).toBe(false);
|
|
expect(canAccess("/api/documents.update", scopes)).toBe(false);
|
|
expect(canAccess("/api/users.info", scopes)).toBe(false);
|
|
expect(canAccess("/api/users.create", scopes)).toBe(false);
|
|
});
|
|
});
|
|
|
|
describe("global access scopes", () => {
|
|
it("read", async () => {
|
|
const scopes = ["read"];
|
|
|
|
expect(canAccess("/api/documents.info?foo=bar", scopes)).toBe(true);
|
|
expect(canAccess("/api/documents.info", scopes)).toBe(true);
|
|
expect(canAccess("/api/documents.list", scopes)).toBe(true);
|
|
expect(canAccess("/api/users.info", scopes)).toBe(true);
|
|
expect(canAccess("/api/groups.info", scopes)).toBe(true);
|
|
expect(canAccess("/api/collections.list", scopes)).toBe(true);
|
|
expect(canAccess("/api/documents.create", scopes)).toBe(false);
|
|
expect(canAccess("/api/documents.update", scopes)).toBe(false);
|
|
expect(canAccess("/api/users.create", scopes)).toBe(false);
|
|
});
|
|
|
|
it("write", async () => {
|
|
const scopes = ["write"];
|
|
|
|
expect(canAccess("/api/documents.info?foo=bar", scopes)).toBe(true);
|
|
expect(canAccess("/api/documents.info", scopes)).toBe(true);
|
|
expect(canAccess("/api/documents.list", scopes)).toBe(true);
|
|
expect(canAccess("/api/users.info", scopes)).toBe(true);
|
|
expect(canAccess("/api/groups.info", scopes)).toBe(true);
|
|
expect(canAccess("/api/documents.create", scopes)).toBe(true);
|
|
expect(canAccess("/api/documents.update", scopes)).toBe(true);
|
|
expect(canAccess("/api/users.info", scopes)).toBe(true);
|
|
expect(canAccess("/api/users.create", scopes)).toBe(true);
|
|
});
|
|
|
|
it("create", async () => {
|
|
const scopes = ["create"];
|
|
|
|
expect(canAccess("/api/documents.create", scopes)).toBe(true);
|
|
expect(canAccess("/api/users.create", scopes)).toBe(true);
|
|
expect(canAccess("/api/documents.info?foo=bar", scopes)).toBe(false);
|
|
expect(canAccess("/api/documents.info", scopes)).toBe(false);
|
|
expect(canAccess("/api/documents.list", scopes)).toBe(false);
|
|
expect(canAccess("/api/documents.update", scopes)).toBe(false);
|
|
expect(canAccess("/api/users.info", scopes)).toBe(false);
|
|
});
|
|
});
|
|
});
|
|
});
|