Skip to content
Snippets Groups Projects
Commit 2c0b78f9 authored by Henrique Varella Ehrenfried's avatar Henrique Varella Ehrenfried :speech_balloon:
Browse files

Merge branch 'ACL-Testing' into 'master' 

Acl testing

See merge request !1
parents 03645ca3 0407732c
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 4816 additions and 4200 deletions
README.md
+ 72
1
View file @ 2c0b78f9
# My Application
The project is generated by [LoopBack](http://loopback.io).
\ No newline at end of file
The project is generated by [LoopBack](http://loopback.io).
## Setup
1) You should create a PostgreSQL database, and change de SMPPIR_CheckIn2 connection in the file `server/datasources.json`
2) Temporarily change the first acls rule from `common/end_user.json` from `DENY` to `ALLOW`
3) Create the admin user following the example
```bash
curl -X POST --header 'Content-Type: application/json' --header 'Accept: application/json' -d '{ \
"name": "Administrador Supimpa", \
"email": "abc%40admin.com", \
"permission": "admin", \
"registration": "NMBR#123456789", \
"username": "admin", \
"password": "admin" \
}' 'http://localhost:3000/api/end_users'
```
4) Now that you created an admin, we can reverse what we made in the 2nd step. To do so, it is needed that you change the first acls rule from the file `common/end_user.json` from `DENY` to `ALLOW`
5) Now, access you API URL under the route `/explorer`
6) Log in using the route `POST /end_users_login` and the information that you used to create the admin
Example:
```json
{
"email": "abc@admin.com",
"password": "admin"
}
```
The result will be something similar to:
```json
{
"result": {
"id": "2AMlMt9SaMGtjqvi1mjxOWx5Leq8vZgIUOA2vBwTORFAhbmIhgVwRpSICRB7xARE",
"ttl": 1209600,
"created": "2018-06-04T13:14:02.316Z",
"userId": 1
}
}
```
7) Copy the id resulted of this query and set the Acces token in the top of the page
8) Now create an user's account using the route `POST /end_user` and:
```json
{
"name": "Usuário Incial",
"email": "user@user.com",
"permission": "user",
"registration": "USR#123",
"username": "user",
"password": "user"
}
```
9) Create a category type using the route `POST /categories` and:
```json
{
"category_name": "Categoria teste",
"category_description": "Categoria usada para testar funcionalidades"
}
\ No newline at end of file
common/models/category.json
+ 32
2
View file @ 2c0b78f9
......@@ -16,12 +16,42 @@
},
"validations": [],
"relations": {
"locations":{
"locations": {
"type": "hasMany",
"model": "geolocation",
"foreignKey": "category_id"
},
"user": {
"type": "belongsTo",
"model": "end_user",
"foreignKey": "id"
}
},
"acls": [],
"acls": [
{
"accessType": "*",
"principalType": "ROLE",
"principalId": "$everyone",
"permission": "DENY"
},
{
"accessType": "READ",
"principalType": "ROLE",
"principalId": "$everyone",
"permission": "ALLOW"
},
{
"accessType": "*",
"principalType": "ROLE",
"principalId": "admin",
"permission": "ALLOW"
},
{
"accessType": "count",
"principalType": "ROLE",
"principalId": "$authenticated",
"permission": "ALLOW"
}
],
"methods": {}
}
common/models/end_user.js
+ 1
1
View file @ 2c0b78f9
'use strict';
module.exports = function(Endser) {
module.exports = function(EndUser) {
};
common/models/end_user.json
+ 36
2
View file @ 2c0b78f9
......@@ -21,16 +21,50 @@
},
"registration": {
"type": "string"
},
"name": {
"type": "string",
"required": true
}
},
"validations": [],
"relations": {
"locations":{
"locations": {
"type": "hasMany",
"model": "geolocation",
"foreignKey": "user_id"
},
"category": {
"type": "hasMany",
"model": "categories",
"foreignKey": "id"
}
},
"acls": [],
"acls": [
{
"accessType": "*",
"principalType": "ROLE",
"principalId": "$everyone",
"permission": "DENY"
},
{
"accessType": "READ",
"principalType": "ROLE",
"principalId": "$owner",
"permission": "ALLOW"
},
{
"accessType": "EXECUTE",
"principalType": "ROLE",
"principalId": "$owner",
"permission": "ALLOW"
},
{
"accessType": "*",
"principalType": "ROLE",
"principalId": "admin",
"permission": "ALLOW"
}
],
"methods": {}
}
common/models/geolocation.json
+ 38
12
View file @ 2c0b78f9
......@@ -17,17 +17,17 @@
},
"latitude": {
"type": "number",
"postgresql":{
"dataType":"float"
},
"required": true
"required": true,
"postgresql": {
"dataType": "float"
}
},
"longitude": {
"type": "number",
"postgresql":{
"dataType":"float"
},
"required": true
"required": true,
"postgresql": {
"dataType": "float"
}
},
"android_id": {
"type": "string"
......@@ -40,22 +40,48 @@
},
"user_id": {
"type": "number",
"required": true
"required": false
}
},
"validations": [],
"relations": {
"user":{
"user": {
"type": "belongsTo",
"model": "end_user",
"foreignKey": "id"
},
"category":{
"category": {
"type": "belongsTo",
"model": "category",
"foreignKey": "id"
}
},
"acls": [],
"acls": [
{
"accessType": "*",
"principalType": "ROLE",
"principalId": "$everyone",
"permission": "DENY"
},
{
"accessType": "READ",
"principalType": "ROLE",
"principalId": "$everyone",
"permission": "ALLOW"
},
{
"accessType": "*",
"principalType": "ROLE",
"principalId": "admin",
"permission": "ALLOW"
},
{
"accessType": "EXECUTE",
"principalType": "ROLE",
"principalId": "$everyone",
"permission": "ALLOW",
"property": "create"
}
],
"methods": {}
}
enviroment.js 0 → 100644
+ 54
0
View file @ 2c0b78f9
const URL = 'http://localhost:3000/api/';
const randomLowerCase = function() {
let possible = 'abcdefghijklmnopqrstuvwxyz';
return (possible.charAt(Math.floor(Math.random() * possible.length)));
};
const randomUpperCase = function() {
let possible = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
return (possible.charAt(Math.floor(Math.random() * possible.length)));
};
const randomNumber = function(min, max) {
min = Math.ceil(min);
max = Math.floor(max);
return (Math.floor(Math.random() * (max - min + 1)) + min);
};
const randomWord = function(num, allUpper = false, firstUpper = false) {
let word = '';
for (let i = 0; i < num; i++) {
if (!allUpper) {
if (i == 0 && firstUpper) {
word = word + randomUpperCase();
} else {
word = word + randomLowerCase();
}
} else {
word = word + randomUpperCase();
}
}
return word;
};
const randomId = function(num) {
let word = '';
for (let i = 0; i < num; i++) {
if (randomNumber(0, 1) == 0) {
word = word + randomNumber(0, 9);
} else {
word = word + randomLowerCase();
}
}
return word;
};
module.exports = {
URL,
randomLowerCase,
randomUpperCase,
randomNumber,
randomWord,
randomId,
};
package-lock.json
+ 4280
4179
View file @ 2c0b78f9
Source diff could not be displayed: it is too large. Options to address this: view the blob.
package.json
+ 3
1
View file @ 2c0b78f9
......@@ -8,7 +8,8 @@
"scripts": {
"lint": "eslint .",
"start": "node .",
"posttest": "npm run lint && nsp check"
"posttest": "npm run lint && nsp check",
"tests": "mocha ./test"
},
"dependencies": {
"compression": "^1.0.3",
......@@ -22,6 +23,7 @@
"strong-error-handler": "^2.0.0"
},
"devDependencies": {
"chakram": "^1.5.0",
"eslint": "^3.17.1",
"eslint-config-loopback": "^8.0.0",
"nsp": "^3.2.1"
......
server/boot/access-control.js 0 → 100644
+ 88
0
View file @ 2c0b78f9
/*
2 Permissions : admin, user
user: GET category, geolocation, own profile, number of users
UPDATE own profile
POST geolocation
admin: GET all
POST all
UPDATE all
DELETE all
*/
module.exports = function(app) {
var Role = app.models.Role;
Role.registerResolver('admin', function(role, context, cb) {
function reject() {
process.nextTick(function() {
cb(null, false);
});
}
switch (context.modelName){
case 'end_user':
break;
case 'geolocation':
break;
case 'category':
break;
default:
return reject();
}
var userId = context.accessToken.userId;
if (!userId) {
return reject();
}
context.model.findById(userId, function(err, model) {
app.models.EndUser.findById(userId, function(err2, user){
if ((err || !model ) && (err2 || !user))
return reject();
if(user.permission !== role)
return reject();
else
return cb(null,true)
})
});
});
Role.registerResolver('user', function(role, context, cb) {
function reject() {
process.nextTick(function() {
cb(null, false);
});
}
switch (context.modelName){
case 'end_user':
break;
case 'geolocation':
break;
case 'category':
break;
default:
return reject();
}
var userId = context.accessToken.userId;
if (!userId) {
return reject();
}
context.model.findById(userId, function(err, model) {
app.models.EndUser.findById(userId, function(err2, user){
if ((err || !model ) && (err2 || !user))
return reject();
if(user.permission !== role)
return reject();
else
return cb(null,true)
})
});
});
};
\ No newline at end of file
server/boot/authentication.js
+ 1
1
View file @ 2c0b78f9
......@@ -2,5 +2,5 @@
module.exports = function enableAuthentication(server) {
// enable authentication
// server.enableAuth();
server.enableAuth();
};
server/boot/hook.js 0 → 100644
+ 11
0
View file @ 2c0b78f9
module.exports = function(server) {
var remotes = server.remotes();
// modify all returned values
remotes.after('**', function (ctx, next) {
ctx.result = {
result: ctx.result
};
next();
});
};
\ No newline at end of file
server/model-config.json
+ 1
1
View file @ 2c0b78f9
......@@ -34,7 +34,7 @@
},
"Role": {
"dataSource": "db",
"public": false
"public": true
},
"category": {
"dataSource": "SMPPIR_CheckIn2",
......
test/account.js 0 → 100644
+ 67
0
View file @ 2c0b78f9
var chakram = require('chakram'), expect = chakram.expect;
var env = require('../enviroment');
const URL = env.URL;
describe('Account', function() {
it('should create an admin account', function() {
let name = env.randomWord(env.randomNumber(1, 25));
let testObject = {
'email': `${name}@admin.com`,
'permission': 'admin',
'registration': 'NMBR#123456789',
'username': `${name}`,
'name': `${name.replace(/\b\w/g, l => l.toUpperCase())}`,
'password': 'admin',
};
return chakram.post(`${URL}end_users`, testObject).then(function(myResponse) {
expect(myResponse).to.have.status(200);
expect(myResponse.body.result.permission).to.contain('admin');
});
});
it('should create an user account', function() {
let name = env.randomWord(env.randomNumber(1, 25));
let testObject = {
'email': `${name}@enduser.com`,
'permission': 'user',
'registration': 'NMBR#321654987',
'username': `${name}`,
'name': `${name.replace(/\b\w/g, l => l.toUpperCase())}`,
'password': 'end_user',
};
return chakram.post(`${URL}end_users`, testObject).then(function(myResponse) {
expect(myResponse).to.have.status(200);
expect(myResponse.body.result.permission).to.contain('user');
});
});
it('should login to an admin account', function() {
let testObject = {
'email': 'abc@admin.com',
'password': 'admin',
};
return chakram.post(`${URL}end_users/login`, testObject).then(function(myResponse) {
expect(myResponse).to.have.status(200);
expect(myResponse.body.result).to.be.a('object');
});
});
it('should login to an user account', function() {
let testObject = {
'email': 'user@user.com',
'password': 'user',
};
return chakram.post(`${URL}end_users/login`, testObject).then(function(myResponse) {
expect(myResponse).to.have.status(200);
expect(myResponse.body.result).to.be.a('object');
});
});
it('should logout', function() {
let testObject = {
'email': 'user@user.com',
'password': 'user',
};
return chakram.post(`${URL}end_users/login`, testObject).then(function(myResponse) {
return chakram.post(`${URL}end_users/logout?access_token=${myResponse.body.result.id}`).then(function(myResponse2) {
expect(myResponse2).to.have.status(200);
});
});
});
});
test/category.js 0 → 100644
+ 65
0
View file @ 2c0b78f9
var chakram = require('chakram'), expect = chakram.expect;
var env = require('../enviroment');
const URL = env.URL;
describe('Categories', function() {
it('should return all categories', function() {
return chakram.get(`${URL}categories`).then(function(myResponse) {
expect(myResponse).to.have.status(200);
expect(myResponse.body.result).to.be.a('array');
});
});
it('should return one category', function() {
return chakram.get(`${URL}categories`).then(function(myResponse) {
let category = myResponse.body.result[0];
return chakram.get(`${URL}categories/${myResponse.body.result[0].id}`).then(function(myResponse2) {
expect(myResponse2).to.have.status(200);
expect(myResponse2.body.result.category_name).to.contain(category.category_name);
});
});
});
it('should try to create a new category', function() {
let testObject = {
'category_name': 'Terreiro',
'category_description': 'Lugar que mantém as tradições dos afrodescendentes',
};
return chakram.post(`${URL}categories`, testObject).then(function(myResponse) {
expect(myResponse).to.have.status(401);
expect(myResponse.body.error.code).to.contain('AUTHORIZATION_REQUIRED');
});
});
it('should try to create a new category as user', function(){
let testObject = {
'email': 'user@user.com',
'password': 'user',
};
let testObject2 = {
'category_name': 'Terreiro',
'category_description': 'Lugar que mantém as tradições dos afrodescendentes',
};
return chakram.post(`${URL}end_users/login`, testObject).then(function(myResponse) {
return chakram.post(`${URL}categories?access_token=${myResponse.body.result.id}`, testObject2).then(function(myResponse2) {
expect(myResponse2).to.have.status(401);
expect(myResponse2.body.error.code).to.contain('AUTHORIZATION_REQUIRED');
});
});
});
it('should create a new category as admin', function() {
let testObject = {
'email': 'abc@admin.com',
'password': 'admin',
};
let testObject2 = {
'category_name': 'Terreiro' + env.randomWord(15, true),
'category_description': 'Lugar que mantém as tradições dos afrodescendentes',
};
return chakram.post(`${URL}end_users/login`, testObject).then(function(myResponse) {
return chakram.post(`${URL}categories?access_token=${myResponse.body.result.id}`, testObject2).then(function(myResponse2) {
expect(myResponse2).to.have.status(200);
expect(myResponse2.body.result).to.be.a('object');
});
});
});
});
test/geolocation.js 0 → 100644
+ 67
0
View file @ 2c0b78f9
var chakram = require('chakram'), expect = chakram.expect;
var env = require('../enviroment');
const URL = env.URL;
describe('Geolocation', function() {
it('should create a geolocation as an android user', function() {
let credential = {
'email': 'user@user.com',
'password': 'user',
};
return chakram.post(`${URL}end_users/login`, credential).then(function(loginResponse) {
let testObject = {
'category_id': 1,
'geolocation_name': env.randomWord(10),
'latitude': 10.2123,
'longitude': 112.2124214,
'when_sent': new Date(Date.now()),
'android_id': env.randomId(20),
'user_id': loginResponse.body.result.userId,
'description_location': env.randomWord(6, false, true) + ' ' + env.randomWord(6),
};
return chakram.post(`${URL}geolocations`, testObject).then(function(myResponse) {
expect(myResponse).to.have.status(200);
expect(myResponse.body.result).to.be.a('object');
});
});
});
it('should create a geolocation as a logged user', function() {
let testObject = {
'category_id': 1,
'geolocation_name': env.randomWord(10),
'latitude': 116.2123,
'longitude': 50.2124214,
'when_sent': new Date(Date.now()),
'description_location': env.randomWord(6, false, true) + ' ' + env.randomWord(6),
};
return chakram.post(`${URL}geolocations`, testObject).then(function(myResponse) {
expect(myResponse).to.have.status(200);
expect(myResponse.body.result).to.be.a('object');
});
});
it('should return all geolocations', function() {
return chakram.get(`${URL}geolocations`).then(function(myResponse) {
expect(myResponse).to.have.status(200);
expect(myResponse.body.result).to.be.a('array');
});
});
it('should return one geolocation', function() {
return chakram.get(`${URL}geolocations`).then(function(myResponse) {
let geolocation = myResponse.body.result[0];
return chakram.get(`${URL}geolocations/${myResponse.body.result[0].id}`).then(function(myResponse2) {
expect(myResponse2).to.have.status(200);
expect(myResponse2.body.result.geolocation_name).to.contain(geolocation.geolocation_name);
});
});
});
it('should try to remove one geolocation', function() {
return chakram.get(`${URL}geolocations`).then(function(myResponse) {
let id = myResponse.body.result[0].id;
return chakram.delete(`${URL}geolocations/${id}`).then(function(myResponse2) {
expect(myResponse2).to.have.status(401);
expect(myResponse2.body.error.code).to.contain('AUTHORIZATION_REQUIRED');
});
});
});
});
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment