npm - @lobb-js/lobb-ext-auth - Versions diffs - 0.12.0 → 0.14.0 - Mend

@lobb-js/lobb-ext-auth 0.12.0 → 0.14.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (51) hide show

package/extensions/auth/tests/controllers/me.test.ts DELETED Viewed

@@ -1,376 +0,0 @@
-import { Lobb } from "@lobb-js/core";
-import { afterAll, beforeAll, describe, it, expect } from "bun:test";
-import { authConfig } from "../configs/auth.ts";
-describe("Login", () => {
-  let lobb: Lobb;
-  let baseUrl: string;
-  let adminUserId: number;
-  beforeAll(async () => {
-    lobb = await Lobb.init(authConfig);
-    baseUrl = `http://127.0.0.1:${lobb.webServer.port}`;
-    adminUserId = (await lobb.collectionService.findAll({
-      collectionName: "auth_users",
-      params: {
-        filter: {
-          email: "admin@test.com",
-        },
-      },
-    })).data[0].id;
-  });
-  afterAll(async () => {
-    await lobb.collectionService.deleteMany({
-      collectionName: "auth_sessions",
-    });
-    await lobb.collectionService.deleteMany({
-      collectionName: "auth_users",
-    });
-    await lobb.close();
-  });
-  it("should return the information current user", async () => {
-    const response = await fetch(
-      `${baseUrl}/api/collections/auth_sessions`,
-      {
-        method: "POST",
-        headers: {
-          "Content-Type": "application/json",
-        },
-        body: JSON.stringify({
-          data: {
-            email: "admin@test.com",
-            password: "admin",
-          },
-        }),
-      },
-    );
-    const result = await response.json();
-    const sessionToken = result.data.access_token.token;
-    const headers = new Headers();
-    headers.append(
-      "Authorization",
-      `Bearer ${sessionToken}`,
-    );
-    const response2 = await fetch(
-      `${baseUrl}/api/collections/auth_users/me`,
-      {
-        method: "GET",
-        headers: headers,
-      },
-    );
-    const data2 = await response2.json();
-    expect(data2.data).toMatchObject({
-      email: "admin@test.com",
-      role: "admin",
-    });
-  });
-  it("should return correct response for a public user", async () => {
-    const response = await fetch(
-      `${baseUrl}/api/collections/auth_users/me`,
-    );
-    const data = await response.json();
-    expect(data).toMatchObject({
-      code: "BAD_REQUEST",
-      message: "You need to provide an access token.",
-      status: 400,
-    });
-  });
-  it("should allow the user to get his information", async () => {
-    // create a new test user
-    const response = await fetch(
-      `${baseUrl}/api/collections/auth_users`,
-      {
-        method: "POST",
-        headers: {
-          "Content-Type": "application/json",
-        },
-        body: JSON.stringify({
-          data: {
-            email: "test@example.com",
-            password: "test_password",
-            role: "author",
-          },
-        }),
-      },
-    );
-    const result = await response.json();
-    // login with that user
-    const loginResponse = await fetch(
-      `${baseUrl}/api/collections/auth_sessions`,
-      {
-        method: "POST",
-        headers: {
-          "Content-Type": "application/json",
-        },
-        body: JSON.stringify({
-          data: {
-            email: "test@example.com",
-            password: "test_password",
-          },
-        }),
-      },
-    );
-    const loginResult = await loginResponse.json();
-    // test if the user can get his data
-    const sessionToken = loginResult.data.access_token.token;
-    const response2 = await fetch(
-      `${baseUrl}/api/collections/auth_users/me`,
-      {
-        headers: {
-          "Authorization": `Bearer ${sessionToken}`,
-        },
-      },
-    );
-    const data = await response2.json();
-    expect(response2.status).toEqual(200);
-  });
-  it("should prevent the test user from accessing the admin user", async () => {
-    // login with that user
-    const loginResponse = await fetch(
-      `${baseUrl}/api/collections/auth_sessions`,
-      {
-        method: "POST",
-        headers: {
-          "Content-Type": "application/json",
-        },
-        body: JSON.stringify({
-          data: {
-            email: "test@example.com",
-            password: "test_password",
-          },
-        }),
-      },
-    );
-    const loginResult = await loginResponse.json();
-    const sessionToken = loginResult.data.access_token.token;
-    const response2 = await fetch(
-      `${baseUrl}/api/collections/auth_users/${adminUserId}`,
-      {
-        headers: {
-          "Authorization": `Bearer ${sessionToken}`,
-        },
-      },
-    );
-    await response2.json();
-    expect(response2.status).not.toEqual(200);
-  });
-  it("should prevent the test user to mutate another user", async () => {
-    // login with that user
-    const loginResponse = await fetch(
-      `${baseUrl}/api/collections/auth_sessions`,
-      {
-        method: "POST",
-        headers: {
-          "Content-Type": "application/json",
-        },
-        body: JSON.stringify({
-          data: {
-            email: "test@example.com",
-            password: "test_password",
-          },
-        }),
-      },
-    );
-    const loginResult = await loginResponse.json();
-    const sessionToken = loginResult.data.access_token.token;
-    const response2 = await fetch(
-      `${baseUrl}/api/collections/auth_users/${adminUserId}`,
-      {
-        method: "PATCH",
-        headers: {
-          "Authorization": `Bearer ${sessionToken}`,
-        },
-        body: JSON.stringify({
-          data: {
-            password: "test_password",
-          },
-        }),
-      },
-    );
-    await response2.json();
-    expect(response2.status).toEqual(403);
-    const response3 = await fetch(
-      `${baseUrl}/api/collections/auth_users/${adminUserId}?force`,
-      {
-        method: "DELETE",
-        headers: {
-          "Authorization": `Bearer ${sessionToken}`,
-        },
-      },
-    );
-    await response3.json();
-    expect(response3.status).toEqual(403);
-  });
-  it("should allow current test user to update or delete his user", async () => {
-    // login with that user
-    const loginResponse = await fetch(
-      `${baseUrl}/api/collections/auth_sessions`,
-      {
-        method: "POST",
-        headers: {
-          "Content-Type": "application/json",
-        },
-        body: JSON.stringify({
-          data: {
-            email: "test@example.com",
-            password: "test_password",
-          },
-        }),
-      },
-    );
-    const loginResult = await loginResponse.json();
-    const sessionToken = loginResult.data.access_token.token;
-    const response2 = await fetch(
-      `${baseUrl}/api/collections/auth_users/me`,
-      {
-        method: "PATCH",
-        headers: {
-          "Authorization": `Bearer ${sessionToken}`,
-        },
-        body: JSON.stringify({
-          data: {
-            role: "author",
-          },
-        }),
-      },
-    );
-    await response2.json();
-    expect(response2.status).toEqual(200);
-    const response3 = await fetch(
-      `${baseUrl}/api/collections/auth_users/me?force`,
-      {
-        method: "DELETE",
-        headers: {
-          "Authorization": `Bearer ${sessionToken}`,
-        },
-      },
-    );
-    const result = await response3.json();
-    expect(response3.status).toEqual(200);
-  });
-  describe("permissions in the /me response", () => {
-    async function login(email: string, password: string): Promise<string> {
-      const res = await fetch(`${baseUrl}/api/collections/auth_sessions`, {
-        method: "POST",
-        headers: { "Content-Type": "application/json" },
-        body: JSON.stringify({ data: { email, password } }),
-      });
-      const body = await res.json();
-      return body.data.access_token.token;
-    }
-    async function createUser(email: string, password: string, role: string) {
-      await fetch(`${baseUrl}/api/collections/auth_users`, {
-        method: "POST",
-        headers: { "Content-Type": "application/json" },
-        body: JSON.stringify({ data: { email, password, role } }),
-      });
-    }
-    it("should attach the role's permissions as a sibling of data for the current user via /me", async () => {
-      await createUser("perm_author@example.com", "pw", "author");
-      const token = await login("perm_author@example.com", "pw");
-      const res = await fetch(`${baseUrl}/api/collections/auth_users/me`, {
-        headers: { "Authorization": `Bearer ${token}` },
-      });
-      const body = await res.json();
-      expect(res.status).toEqual(200);
-      expect(body.data.permissions).toBeUndefined();
-      // author role config has auth_users.read/update/delete — function-typed
-      // filters get stripped to plain JSON before being returned.
-      expect(body.permissions).toEqual({
-        auth_users: {
-          read: { filter: {} },
-          update: true,
-          delete: true,
-        },
-        articles: {
-          read: {
-            filter: {},
-            fields: { id: true, title: true, body: true },
-          },
-          create: { fields: { title: true, body: true } },
-        },
-        auth_shares: {
-          create: true,
-        },
-      });
-    });
-    it("should not attach permissions when reading another user's row", async () => {
-      // login as admin so we can read other users
-      const adminToken = await login("admin@test.com", "admin");
-      // fetch a non-admin user's row by id
-      const otherUser = (await lobb.collectionService.findAll({
-        collectionName: "auth_users",
-        params: { filter: { email: "perm_author@example.com" } },
-      })).data[0];
-      const res = await fetch(
-        `${baseUrl}/api/collections/auth_users/${otherUser.id}`,
-        { headers: { "Authorization": `Bearer ${adminToken}` } },
-      );
-      const body = await res.json();
-      expect(res.status).toEqual(200);
-      expect(body.permissions).toBeUndefined();
-    });
-    it("should not attach permissions when the current user reads their own row by id (not via /me)", async () => {
-      const token = await login("perm_author@example.com", "pw");
-      const ownUser = (await lobb.collectionService.findAll({
-        collectionName: "auth_users",
-        params: { filter: { email: "perm_author@example.com" } },
-      })).data[0];
-      const res = await fetch(
-        `${baseUrl}/api/collections/auth_users/${ownUser.id}`,
-        { headers: { "Authorization": `Bearer ${token}` } },
-      );
-      const body = await res.json();
-      expect(res.status).toEqual(200);
-      expect(body.permissions).toBeUndefined();
-    });
-    it("should allow a user whose role has no auth_users.read permission to fetch /me", async () => {
-      // The "reader" role in authConfig has only articles.read — no auth_users
-      // perm at all. /me should still work because the user is reading their
-      // own row, but historically the internal findOne→findAll re-checked the
-      // policy on preFindAll and threw 403 for roles lacking auth_users.read.
-      await createUser("no_auth_perm@example.com", "pw", "reader");
-      const token = await login("no_auth_perm@example.com", "pw");
-      const res = await fetch(`${baseUrl}/api/collections/auth_users/me`, {
-        headers: { "Authorization": `Bearer ${token}` },
-      });
-      expect(res.status).toEqual(200);
-    });
-  });
-});

package/extensions/auth/tests/controllers/register.test.ts DELETED Viewed

@@ -1,45 +0,0 @@
-import { Lobb } from "@lobb-js/core";
-import { afterAll, beforeAll, describe, it, expect } from "bun:test";
-import { authConfig } from "../configs/auth.ts";
-describe("Register", () => {
-  let lobb: Lobb;
-  let baseUrl: string;
-  beforeAll(async () => {
-    lobb = await Lobb.init(authConfig);
-    baseUrl = `http://127.0.0.1:${lobb.webServer.port}`;
-    await lobb.collectionService.deleteMany({
-      collectionName: "auth_sessions",
-    });
-    await lobb.collectionService.deleteMany({
-      collectionName: "auth_users",
-    });
-  });
-  afterAll(async () => {
-    await lobb.close();
-  });
-  it("should create a new user", async () => {
-    const response = await fetch(
-      `${baseUrl}/api/collections/auth_users`,
-      {
-        method: "POST",
-        headers: {
-          "Content-Type": "application/json",
-        },
-        body: JSON.stringify({
-          data: {
-            email: "test@example.com",
-            password: "test_password",
-            role: "author",
-          },
-        }),
-      },
-    );
-    await response.json();
-    expect(response.status).toEqual(201);
-  });
-});

package/extensions/auth/tests/database/adminExtraFields.test.ts DELETED Viewed

@@ -1,50 +0,0 @@
-import { Lobb } from "@lobb-js/core";
-import { afterAll, beforeAll, describe, it, expect } from "bun:test";
-import { authWithAdminExtraFieldsConfig } from "../configs/auth_with_admin_extra_fields.ts";
-describe("AUTH admin extra fields", () => {
-  let lobb: Lobb;
-  beforeAll(async () => {
-    lobb = await Lobb.init(authWithAdminExtraFieldsConfig);
-  });
-  afterAll(async () => {
-    await lobb.close();
-  });
-  it("should create the admin user with extra fields on first init", async () => {
-    const result = await lobb.collectionService.findAll({
-      collectionName: "auth_users",
-      params: { filter: { role: "admin" } },
-    });
-    const admin = result.data[0];
-    expect(admin).toBeDefined();
-    expect(admin.email).toEqual("admin@test.com");
-    expect(admin.role).toEqual("admin");
-    expect(admin.name).toEqual("Super Admin");
-    expect(admin.username).toEqual("superadmin");
-  });
-  it("should always set role to admin regardless of extra fields", async () => {
-    const result = await lobb.collectionService.findAll({
-      collectionName: "auth_users",
-      params: { filter: { role: "admin" } },
-    });
-    expect(result.data[0].role).toEqual("admin");
-  });
-  it("should not create a second admin user on re-init", async () => {
-    const lobb2 = await Lobb.init(authWithAdminExtraFieldsConfig);
-    const result = await lobb2.collectionService.findAll({
-      collectionName: "auth_users",
-      params: { filter: { role: "admin" } },
-    });
-    expect(result.data.length).toEqual(1);
-    await lobb2.close();
-  });
-});

package/extensions/auth/tests/database/db.test.ts DELETED Viewed

@@ -1,64 +0,0 @@
-import { Lobb } from "@lobb-js/core";
-import { afterAll, beforeAll, describe, it, expect } from "bun:test";
-import { authConfig } from "../configs/auth.ts";
-describe("AUTH", () => {
-  let lobb: Lobb;
-  let baseUrl: string;
-  beforeAll(async () => {
-    lobb = await Lobb.init(authConfig);
-    baseUrl = `http://127.0.0.1:${lobb.webServer.port}`;
-    await lobb.collectionService.deleteMany({
-      collectionName: "auth_sessions",
-    });
-  });
-  afterAll(async () => {
-    await lobb.collectionService.deleteMany({
-      collectionName: "auth_sessions",
-    });
-    await lobb.collectionService.deleteMany({
-      collectionName: "auth_users",
-    });
-    await lobb.close();
-  });
-  it("should get the users", async () => {
-    const result = await lobb.collectionService.findAll({
-      collectionName: "auth_users",
-    });
-    expect(result.data.length).toBeTruthy();
-  });
-  it("should get the admin user", async () => {
-    const result = await lobb.collectionService.findAll({
-      collectionName: "auth_users",
-    });
-    expect(result.data[0].email).toEqual("admin@test.com");
-    expect(result.data[0].role).toEqual("admin");
-  });
-  it("should make sure the admin password in the config is the same one in the database", async () => {
-    const response = await fetch(
-      `${baseUrl}/api/collections/auth_sessions`,
-      {
-        method: "POST",
-        headers: {
-          "Content-Type": "application/json",
-        },
-        body: JSON.stringify({
-          data: {
-            email: "admin@test.com",
-            password: "admin",
-          },
-        }),
-      },
-    );
-    await response.json();
-    expect(response.status).toEqual(200);
-  });
-});

package/extensions/auth/tests/database/differentAdminCreds.test.ts DELETED Viewed

@@ -1,51 +0,0 @@
-import { Lobb } from "@lobb-js/core";
-import { afterAll, beforeAll, describe, it, expect } from "bun:test";
-import { authWithDifferentAdminCredsConfig } from "../configs/auth_with_different_admin_creds.ts";
-describe("AUTH with different admin creds", () => {
-  let lobb: Lobb;
-  let baseUrl: string;
-  beforeAll(async () => {
-    lobb = await Lobb.init(authWithDifferentAdminCredsConfig);
-    baseUrl = `http://127.0.0.1:${lobb.webServer.port}`;
-  });
-  afterAll(async () => {
-    await lobb.close();
-  });
-  it("should make sure the admin user's email is changed in the db if its changed in the config", async () => {
-    const response = await fetch(
-      `${baseUrl}/api/collections/auth_users`,
-      {
-        method: "GET",
-      },
-    );
-    const json = await response.json();
-    expect(json.data[0].email).toEqual("admin@wow.yey");
-    expect(json.data[0].role).toEqual("admin");
-  });
-  it("it should make sure the admin user's password is changed in the db if it's changed in the config", async () => {
-    const response = await fetch(
-      `${baseUrl}/api/collections/auth_sessions`,
-      {
-        method: "POST",
-        headers: {
-          "Content-Type": "application/json",
-        },
-        body: JSON.stringify({
-          data: {
-            email: "admin@wow.yey",
-            password: "123456",
-          },
-        }),
-      },
-    );
-    await response.json();
-    expect(response.status).toEqual(200);
-  });
-});