diff options
Diffstat (limited to 'server')
-rw-r--r-- | server/middlewares/oauth.ts | 18 | ||||
-rw-r--r-- | server/tests/api/check-params/jobs.ts | 43 | ||||
-rw-r--r-- | server/tests/utils/requests/check-api-params.ts | 9 |
3 files changed, 30 insertions, 40 deletions
diff --git a/server/middlewares/oauth.ts b/server/middlewares/oauth.ts index 12872c4a5..9976993e0 100644 --- a/server/middlewares/oauth.ts +++ b/server/middlewares/oauth.ts | |||
@@ -1,10 +1,10 @@ | |||
1 | import 'express-validator' | ||
2 | import * as express from 'express' | 1 | import * as express from 'express' |
3 | import * as OAuthServer from 'express-oauth-server' | 2 | import * as OAuthServer from 'express-oauth-server' |
4 | import { logger } from '../helpers/logger' | 3 | import 'express-validator' |
5 | import { OAUTH_LIFETIME } from '../initializers' | 4 | import { OAUTH_LIFETIME } from '../initializers' |
6 | 5 | ||
7 | const oAuthServer = new OAuthServer({ | 6 | const oAuthServer = new OAuthServer({ |
7 | useErrorHandler: true, | ||
8 | accessTokenLifetime: OAUTH_LIFETIME.ACCESS_TOKEN, | 8 | accessTokenLifetime: OAUTH_LIFETIME.ACCESS_TOKEN, |
9 | refreshTokenLifetime: OAUTH_LIFETIME.REFRESH_TOKEN, | 9 | refreshTokenLifetime: OAUTH_LIFETIME.REFRESH_TOKEN, |
10 | model: require('../lib/oauth-model') | 10 | model: require('../lib/oauth-model') |
@@ -13,14 +13,12 @@ const oAuthServer = new OAuthServer({ | |||
13 | function authenticate (req: express.Request, res: express.Response, next: express.NextFunction) { | 13 | function authenticate (req: express.Request, res: express.Response, next: express.NextFunction) { |
14 | oAuthServer.authenticate()(req, res, err => { | 14 | oAuthServer.authenticate()(req, res, err => { |
15 | if (err) { | 15 | if (err) { |
16 | logger.error('Cannot authenticate.', err) | 16 | return res.status(err.status) |
17 | return res.sendStatus(500) | 17 | .json({ |
18 | } | 18 | error: 'Authentication failed.', |
19 | 19 | code: err.name | |
20 | if (res.statusCode === 401 || res.statusCode === 400 || res.statusCode === 503) { | 20 | }) |
21 | return res.json({ | 21 | .end() |
22 | error: 'Authentication failed.' | ||
23 | }).end() | ||
24 | } | 22 | } |
25 | 23 | ||
26 | return next() | 24 | return next() |
diff --git a/server/tests/api/check-params/jobs.ts b/server/tests/api/check-params/jobs.ts index 3795d1d64..46b05cb4e 100644 --- a/server/tests/api/check-params/jobs.ts +++ b/server/tests/api/check-params/jobs.ts | |||
@@ -4,6 +4,8 @@ import 'mocha' | |||
4 | import * as request from 'supertest' | 4 | import * as request from 'supertest' |
5 | 5 | ||
6 | import { createUser, flushTests, userLogin, killallServers, runServer, ServerInfo, setAccessTokensToServers } from '../../utils' | 6 | import { createUser, flushTests, userLogin, killallServers, runServer, ServerInfo, setAccessTokensToServers } from '../../utils' |
7 | import { checkBadCountPagination, checkBadSortPagination, checkBadStartPagination } from '../../utils/requests/check-api-params' | ||
8 | import { makeGetRequest } from '../../utils/requests/requests' | ||
7 | 9 | ||
8 | describe('Test jobs API validators', function () { | 10 | describe('Test jobs API validators', function () { |
9 | const path = '/api/v1/jobs/' | 11 | const path = '/api/v1/jobs/' |
@@ -31,45 +33,32 @@ describe('Test jobs API validators', function () { | |||
31 | 33 | ||
32 | describe('When listing jobs', function () { | 34 | describe('When listing jobs', function () { |
33 | it('Should fail with a bad start pagination', async function () { | 35 | it('Should fail with a bad start pagination', async function () { |
34 | await request(server.url) | 36 | await checkBadStartPagination(server.url, path, server.accessToken) |
35 | .get(path) | ||
36 | .query({ start: 'hello' }) | ||
37 | .set('Accept', 'application/json') | ||
38 | .set('Authorization', 'Bearer ' + server.accessToken) | ||
39 | .expect(400) | ||
40 | }) | 37 | }) |
41 | 38 | ||
42 | it('Should fail with a bad count pagination', async function () { | 39 | it('Should fail with a bad count pagination', async function () { |
43 | await request(server.url) | 40 | await checkBadCountPagination(server.url, path, server.accessToken) |
44 | .get(path) | ||
45 | .query({ count: 'hello' }) | ||
46 | .set('Accept', 'application/json') | ||
47 | .set('Authorization', 'Bearer ' + server.accessToken) | ||
48 | .expect(400) | ||
49 | }) | 41 | }) |
50 | 42 | ||
51 | it('Should fail with an incorrect sort', async function () { | 43 | it('Should fail with an incorrect sort', async function () { |
52 | await request(server.url) | 44 | await checkBadSortPagination(server.url, path, server.accessToken) |
53 | .get(path) | ||
54 | .query({ sort: 'hello' }) | ||
55 | .set('Accept', 'application/json') | ||
56 | .set('Authorization', 'Bearer ' + server.accessToken) | ||
57 | .expect(400) | ||
58 | }) | 45 | }) |
59 | 46 | ||
60 | it('Should fail with a non authenticated user', async function () { | 47 | it('Should fail with a non authenticated user', async function () { |
61 | await request(server.url) | 48 | await makeGetRequest({ |
62 | .get(path) | 49 | url: server.url, |
63 | .set('Accept', 'application/json') | 50 | path, |
64 | .expect(401) | 51 | statusCodeExpected: 401 |
52 | }) | ||
65 | }) | 53 | }) |
66 | 54 | ||
67 | it('Should fail with a non admin user', async function () { | 55 | it('Should fail with a non admin user', async function () { |
68 | await request(server.url) | 56 | await makeGetRequest({ |
69 | .get(path) | 57 | url: server.url, |
70 | .set('Accept', 'application/json') | 58 | path, |
71 | .set('Authorization', 'Bearer ' + userAccessToken) | 59 | token: userAccessToken, |
72 | .expect(403) | 60 | statusCodeExpected: 403 |
61 | }) | ||
73 | }) | 62 | }) |
74 | }) | 63 | }) |
75 | 64 | ||
diff --git a/server/tests/utils/requests/check-api-params.ts b/server/tests/utils/requests/check-api-params.ts index fbd660629..7550eb3d8 100644 --- a/server/tests/utils/requests/check-api-params.ts +++ b/server/tests/utils/requests/check-api-params.ts | |||
@@ -1,27 +1,30 @@ | |||
1 | import { makeGetRequest } from './requests' | 1 | import { makeGetRequest } from './requests' |
2 | 2 | ||
3 | function checkBadStartPagination (url: string, path: string) { | 3 | function checkBadStartPagination (url: string, path: string, token?: string) { |
4 | return makeGetRequest({ | 4 | return makeGetRequest({ |
5 | url, | 5 | url, |
6 | path, | 6 | path, |
7 | token, | ||
7 | query: { start: 'hello' }, | 8 | query: { start: 'hello' }, |
8 | statusCodeExpected: 400 | 9 | statusCodeExpected: 400 |
9 | }) | 10 | }) |
10 | } | 11 | } |
11 | 12 | ||
12 | function checkBadCountPagination (url: string, path: string) { | 13 | function checkBadCountPagination (url: string, path: string, token?: string) { |
13 | return makeGetRequest({ | 14 | return makeGetRequest({ |
14 | url, | 15 | url, |
15 | path, | 16 | path, |
17 | token, | ||
16 | query: { count: 'hello' }, | 18 | query: { count: 'hello' }, |
17 | statusCodeExpected: 400 | 19 | statusCodeExpected: 400 |
18 | }) | 20 | }) |
19 | } | 21 | } |
20 | 22 | ||
21 | function checkBadSortPagination (url: string, path: string) { | 23 | function checkBadSortPagination (url: string, path: string, token?: string) { |
22 | return makeGetRequest({ | 24 | return makeGetRequest({ |
23 | url, | 25 | url, |
24 | path, | 26 | path, |
27 | token, | ||
25 | query: { sort: 'hello' }, | 28 | query: { sort: 'hello' }, |
26 | statusCodeExpected: 400 | 29 | statusCodeExpected: 400 |
27 | }) | 30 | }) |