mirror of
https://github.com/n8n-io/n8n.git
synced 2024-11-15 09:04:07 -08:00
5156313074
Some checks are pending
Test Master / install-and-build (push) Waiting to run
Test Master / Unit tests (18.x) (push) Blocked by required conditions
Test Master / Unit tests (20.x) (push) Blocked by required conditions
Test Master / Unit tests (22.4) (push) Blocked by required conditions
Test Master / Lint (push) Blocked by required conditions
Test Master / Notify Slack on failure (push) Blocked by required conditions
Benchmark Docker Image CI / build (push) Waiting to run
54 lines
1.7 KiB
TypeScript
54 lines
1.7 KiB
TypeScript
import { ActiveWorkflowManager } from '@/active-workflow-manager';
|
|
|
|
import { createUser } from './shared/db/users';
|
|
import type { SuperAgentTest } from './shared/types';
|
|
import * as utils from './shared/utils/';
|
|
import { mockInstance } from '../shared/mocking';
|
|
|
|
describe('Auth Middleware', () => {
|
|
mockInstance(ActiveWorkflowManager);
|
|
|
|
const testServer = utils.setupTestServer({
|
|
endpointGroups: ['me', 'auth', 'owner', 'users', 'invitations'],
|
|
});
|
|
|
|
/** Routes requiring a valid `n8n-auth` cookie for a user, either owner or member. */
|
|
const ROUTES_REQUIRING_AUTHENTICATION = [
|
|
['patch', '/me'],
|
|
['patch', '/me/password'],
|
|
['post', '/me/survey'],
|
|
] as const;
|
|
|
|
/** Routes requiring a valid `n8n-auth` cookie for an owner. */
|
|
const ROUTES_REQUIRING_AUTHORIZATION = [
|
|
['post', '/invitations'],
|
|
['delete', '/users/123'],
|
|
] as const;
|
|
|
|
describe('Routes requiring Authentication', () => {
|
|
[...ROUTES_REQUIRING_AUTHENTICATION, ...ROUTES_REQUIRING_AUTHORIZATION].forEach(
|
|
([method, endpoint]) => {
|
|
test(`${method} ${endpoint} should return 401 Unauthorized if no cookie`, async () => {
|
|
const { statusCode } = await testServer.authlessAgent[method](endpoint);
|
|
expect(statusCode).toBe(401);
|
|
});
|
|
},
|
|
);
|
|
});
|
|
|
|
describe('Routes requiring Authorization', () => {
|
|
let authMemberAgent: SuperAgentTest;
|
|
beforeAll(async () => {
|
|
const member = await createUser({ role: 'global:member' });
|
|
authMemberAgent = testServer.authAgentFor(member);
|
|
});
|
|
|
|
ROUTES_REQUIRING_AUTHORIZATION.forEach(async ([method, endpoint]) => {
|
|
test(`${method} ${endpoint} should return 403 Forbidden for member`, async () => {
|
|
const { statusCode } = await authMemberAgent[method](endpoint);
|
|
expect(statusCode).toBe(403);
|
|
});
|
|
});
|
|
});
|
|
});
|