Skip to content

[OGUI-1573] Add minimumRoleMiddleware check on lock/:action API #2657

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
graduta merged 3 commits into from
Nov 15, 2024
Merged

[OGUI-1573] Add minimumRoleMiddleware check on lock/:action API #2657

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
64d22ff
Add middleware check on lock action
graduta Nov 15, 2024
5c76401
Add API test suite for lock actions
graduta Nov 15, 2024
e0298ce
Fix GH warnings
graduta Nov 15, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 4 additions & 1 deletion Control/lib/api.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -184,7 +184,10 @@ module.exports.setup = (http, ws) => {

// Lock Service
http.get('/locks', lockController.getLocksStateHandler.bind(lockController));
http.put('/locks/:action/:detectorId', lockController.actionLockHandler.bind(lockController));
http.put('/locks/:action/:detectorId',
minimumRoleMiddleware(Role.DETECTOR),
lockController.actionLockHandler.bind(lockController)
);
http.put('/locks/force/:action/:detectorId',
minimumRoleMiddleware(Role.GLOBAL),
lockController.actionForceLockHandler.bind(lockController));
Expand Down
163 changes: 162 additions & 1 deletion Control/package-lock.json
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3 changes: 2 additions & 1 deletion Control/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,7 @@
"nock": "^13.5.0",
"nyc": "^17.1.0",
"puppeteer": "^23.7.0",
"sinon": "19.0.2"
"sinon": "19.0.2",
"supertest": "7.0.0"
}
}
43 changes: 43 additions & 0 deletions Control/test/api/generateToken.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@

/**
* @license
* Copyright 2019-2020 CERN and copyright holders of ALICE O2.
* See http://alice-o2.web.cern.ch/copyright for details of the copyright holders.
* All rights not expressly granted are reserved.
*
* This software is distributed under the terms of the GNU General Public
* License v3 (GPL Version 3), copied verbatim in the file "COPYING".
*
* In applying this license CERN does not waive the privileges and immunities
* granted to it by virtue of its status as an Intergovernmental Organization
* or submit itself to any jurisdiction.
*/

const jwt = require('jsonwebtoken');
const { http, jwt: jwtConfig } = require('./../test-config.js');


/**
* Provides JSON Web Token functionality such as token generation and verification with `jsonwebtoken` library
*/
const generateToken = (personid, username, name, access = '', secret) => {
return jwt.sign({ id: personid, username, name, access }, secret, {
expiresIn: '1d',
issuer: 'test-gui',
});
};

const TEST_URL = 'http://' + http.hostname + ':' + http.port;
const ADMIN_TEST_TOKEN = generateToken(0, 'admin', 'Admin User', 'admin', jwtConfig.secret);
const GLOBAL_TEST_TOKEN = generateToken(1, 'global', 'Global User', 'global', jwtConfig.secret);
const DET_MID_TEST_TOKEN = generateToken(2, 'det-mid', 'Detector User', 'det-mid', jwtConfig.secret);
const GUEST_TEST_TOKEN = generateToken(3, 'guest', 'Guest User', 'guest', jwtConfig.secret);

module.exports = {
ADMIN_TEST_TOKEN,
GLOBAL_TEST_TOKEN,
DET_MID_TEST_TOKEN,
GUEST_TEST_TOKEN,
TEST_URL,
};

53 changes: 53 additions & 0 deletions Control/test/api/lock/api-get-locks.test.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@

/**
* @license
* Copyright 2019-2020 CERN and copyright holders of ALICE O2.
* See http://alice-o2.web.cern.ch/copyright for details of the copyright holders.
* All rights not expressly granted are reserved.
*
* This software is distributed under the terms of the GNU General Public
* License v3 (GPL Version 3), copied verbatim in the file "COPYING".
*
* In applying this license CERN does not waive the privileges and immunities
* granted to it by virtue of its status as an Intergovernmental Organization
* or submit itself to any jurisdiction.
*/

const request = require('supertest');
const { ADMIN_TEST_TOKEN, TEST_URL } = require('../generateToken.js');

describe(`'API - GET - /locks' test suite`, () => {
before(async () => {
// release ALL locks via API to prepare test-setup for API PUT tests
await request(`${TEST_URL}/api/locks`)
.put(`/force/release/ALL?token=${ADMIN_TEST_TOKEN}`);
});

it('should successfully get all locks state', async () => {
await request(`${TEST_URL}/api/locks`)
.get(`/?token=${ADMIN_TEST_TOKEN}`)
.expect(200, {
MID: { name: 'MID', state: 'FREE' },
DCS: { name: 'DCS', state: 'FREE' },
ODC: { name: 'ODC', state: 'FREE' }
});
});

it('should return unauthorized error for missing token requests', async () => {
await request(`${TEST_URL}/api/locks`)
.get('/')
.expect(403, {
error: '403 - Json Web Token Error',
message: 'You must provide a JWT token'
});
});

it('should return unauthorized error for invalid token requests', async () => {
await request(`${TEST_URL}/api/locks`)
.get('/?token=invalid-token')
.expect(403, {
error: '403 - Json Web Token Error',
message: 'Invalid JWT token provided'
});
});
});
Loading