mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
121 lines
4.2 KiB
TypeScript
121 lines
4.2 KiB
TypeScript
|
|
import assert = require("assert");
|
|
import winston = require("winston");
|
|
|
|
import PatternBuilder from "../../../../src/server/lib/access_control/PatternBuilder";
|
|
import { ACLConfiguration } from "../../../../src/types/Configuration";
|
|
|
|
describe("test access control manager", function () {
|
|
describe("test access control pattern builder when no configuration is provided", () => {
|
|
it("should allow access to the user", () => {
|
|
const patternBuilder = new PatternBuilder(undefined, winston);
|
|
|
|
const allowed_domains = patternBuilder.getAllowedDomains("user", ["group1"]);
|
|
assert.deepEqual(allowed_domains, ["*"]);
|
|
});
|
|
});
|
|
|
|
describe("test access control pattern builder", function () {
|
|
let patternBuilder: PatternBuilder;
|
|
let configuration: ACLConfiguration;
|
|
|
|
|
|
beforeEach(() => {
|
|
configuration = {
|
|
default: [],
|
|
users: {},
|
|
groups: {}
|
|
};
|
|
patternBuilder = new PatternBuilder(configuration, winston);
|
|
});
|
|
|
|
it("should deny all if nothing is defined in the config", function () {
|
|
const allowed_domains = patternBuilder.getAllowedDomains("user", ["group1", "group2"]);
|
|
assert.deepEqual(allowed_domains, []);
|
|
});
|
|
|
|
it("should allow domain test.example.com to all users if defined in" +
|
|
" default policy", function () {
|
|
configuration.default = ["test.example.com"];
|
|
const allowed_domains = patternBuilder.getAllowedDomains("user", ["group1", "group2"]);
|
|
assert.deepEqual(allowed_domains, ["test.example.com"]);
|
|
});
|
|
|
|
it("should allow domain test.example.com to all users in group mygroup", function () {
|
|
const allowed_domains0 = patternBuilder.getAllowedDomains("user", ["group1", "group1"]);
|
|
assert.deepEqual(allowed_domains0, []);
|
|
|
|
configuration.groups = {
|
|
mygroup: ["test.example.com"]
|
|
};
|
|
|
|
const allowed_domains1 = patternBuilder.getAllowedDomains("user", ["group1", "group2"]);
|
|
assert.deepEqual(allowed_domains1, []);
|
|
|
|
const allowed_domains2 = patternBuilder.getAllowedDomains("user", ["group1", "mygroup"]);
|
|
assert.deepEqual(allowed_domains2, ["test.example.com"]);
|
|
});
|
|
|
|
it("should allow domain test.example.com based on per user config", function () {
|
|
const allowed_domains0 = patternBuilder.getAllowedDomains("user", ["group1"]);
|
|
assert.deepEqual(allowed_domains0, []);
|
|
|
|
configuration.users = {
|
|
user1: ["test.example.com"]
|
|
};
|
|
|
|
const allowed_domains1 = patternBuilder.getAllowedDomains("user", ["group1", "mygroup"]);
|
|
assert.deepEqual(allowed_domains1, []);
|
|
|
|
const allowed_domains2 = patternBuilder.getAllowedDomains("user1", ["group1", "mygroup"]);
|
|
assert.deepEqual(allowed_domains2, ["test.example.com"]);
|
|
});
|
|
|
|
it("should allow domains from user and groups", function () {
|
|
configuration.groups = {
|
|
group2: ["secret.example.com", "secret1.example.com"]
|
|
};
|
|
configuration.users = {
|
|
user: ["test.example.com"]
|
|
};
|
|
|
|
const allowed_domains0 = patternBuilder.getAllowedDomains("user", ["group1", "group2"]);
|
|
assert.deepEqual(allowed_domains0, [
|
|
"secret.example.com",
|
|
"secret1.example.com",
|
|
"test.example.com",
|
|
]);
|
|
});
|
|
|
|
it("should allow domains from several groups", function () {
|
|
configuration.groups = {
|
|
group1: ["secret2.example.com"],
|
|
group2: ["secret.example.com", "secret1.example.com"]
|
|
};
|
|
|
|
const allowed_domains0 = patternBuilder.getAllowedDomains("user", ["group1", "group2"]);
|
|
assert.deepEqual(allowed_domains0, [
|
|
"secret2.example.com",
|
|
"secret.example.com",
|
|
"secret1.example.com",
|
|
]);
|
|
});
|
|
|
|
it("should allow domains from several groups and default policy", function () {
|
|
configuration.default = ["home.example.com"];
|
|
configuration.groups = {
|
|
group1: ["secret2.example.com"],
|
|
group2: ["secret.example.com", "secret1.example.com"]
|
|
};
|
|
|
|
const allowed_domains0 = patternBuilder.getAllowedDomains("user", ["group1", "group2"]);
|
|
assert.deepEqual(allowed_domains0, [
|
|
"home.example.com",
|
|
"secret2.example.com",
|
|
"secret.example.com",
|
|
"secret1.example.com",
|
|
]);
|
|
});
|
|
});
|
|
});
|