Add the allowInternal option for the authorize hook

This also improves the tests to make sure they're testing what they should, including passing through the feathers built-in authentication mechanism
2018-10-23 15:01:58 -07:00 · 2018-10-23 15:01:58 -07:00 · 1e4742dae2
parent dc196e9b34
commit 1e4742dae2
3 changed files with 39 additions and 2 deletions
--- a/package.json
+++ b/package.json
@ -73,7 +73,10 @@
    "transform": {
      "^.+\\.tsx?$": "ts-jest"
    },
-    "testRegex": "(/test/.*|(\\.|/)(test|spec))\\.(jsx?|tsx?)$",
+    "testMatch": [
+        "**/__tests__/**/*.ts?(x)",
+        "**/?(*.)+(spec|test).ts?(x)"
+    ],
    "moduleFileExtensions": [
      "ts",
      "tsx",
--- a/src/hooks/authorize.ts
+++ b/src/hooks/authorize.ts
@ -4,8 +4,21 @@ import { SKIP } from '@feathersjs/feathers';

 import logger from '../logger';

-export default () => {
+export interface AuthorizeOptions {
+  allowInternal?: boolean,
+};
+
+export default (options : AuthorizeOptions = {}) => {
  return async context => {
+
+    /*
+     * Allow internal API calls to skip the entire authorization process
+     */
+    if ((options.allowInternal) &&
+        (!context.params.provider)) {
+      return SKIP;
+    }
+
    if ((process.env.NODE_ENV == 'test') &&
        (context.params.query.testing_access_token)) {
      // Remove the property to make sure it's not used in the DB query
--- a/test/hooks/authorize.test.ts
+++ b/test/hooks/authorize.test.ts
@ -7,11 +7,19 @@ describe('The `authorize` hook', () => {
  let context = null;
  let mockServices = {};
  const mockApp = {
+    authenticate: () => {
+      return () => { return Promise.resolve({}); };
+    },
+    passport: {
+      _strategy: () => { return ['jwt'] },
+      options: () => { },
+    },
    service: (name) => { return mockServices; },
  };

  beforeEach(() => {
    context = {
+      type: 'before',
      app: mockApp,
      params: {
        query: {},
@ -31,4 +39,17 @@ describe('The `authorize` hook', () => {
      return expect(authorize()(context)).resolves.toEqual(SKIP);
    });
  });
+
+  describe('with the allowInternal option', () => {
+    it('should not skip for external API calls', () => {
+      context.params.provider = 'rest';
+      return expect(authorize({ allowInternal: true })(context))
+        .rejects.toThrow(Forbidden);
+    });
+
+    it('should SKIP for internal API calls', () => {
+      return expect(authorize({ allowInternal: true })(context))
+        .resolves.toEqual(SKIP);
+    });
+  });
 });