Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
const perm = new Permission();
perm.codeName = 'admin';
perm.name = 'Admin permission';
await getRepository(Permission, 'perm-connection').save(perm);
const group = new Group();
group.name = 'Administrators';
group.codeName = 'administrators';
group.permissions = [ perm ];
await getRepository(Group, 'perm-connection').save(group);
user2.groups = [ group ];
await getRepository(User, 'perm-connection').save(user2);
await getConnection('perm-connection').close();
/* Access the route that requires a specific permission */
await request(app).get('/bar').set('Cookie', cookie).expect(200);
/* Log out */
await request(app).get('/logout').set('Cookie', cookie).expect(204);
/* Try to access routes that require authentication and a specific permission */
await Promise.all([
request(app).get('/foo').expect(401),
request(app).get('/bar').expect(401),
]);
await createConnection({
database: 'e2e_db.sqlite',
dropSchema: true,
entities: [ User, Permission, Group ],
name: 'create-connection',
synchronize: true,
type: 'sqlite',
});
const user = new User();
user.email = 'john@foalts.org';
user.password = await hashPassword('password');
await getRepository(User, 'create-connection').save(user);
await getConnection('create-connection').close();
/* Try to access routes that require authentication and a specific permission */
await Promise.all([
request(app).get('/foo').expect(401),
request(app).get('/bar').expect(401),
]);
/* Try to login with a wrong email */
await request(app)
.post('/login')
.send({ email: 'mary@foalts.org', password: 'password' })
.expect(401);
/* Try to login with a wrong password */
after(async () => {
await getConnection().close();
delete process.env.SETTINGS_SESSION_SECRET;
});
after(async () => {
await getConnection().close();
delete process.env.SETTINGS_JWT_SECRET_OR_PUBLIC_KEY;
});
after(async () => {
await getConnection().close();
delete process.env.SETTINGS_JWT_SECRET_OR_PUBLIC_KEY;
});
after(async () => {
await getConnection().close();
delete process.env.SETTINGS_SESSION_SECRET;
});
after(() => getConnection().close());
afterEach(() => getConnection().close());
after(async () => {
await getConnection().close();
delete process.env.SETTINGS_SESSION_SECRET;
});
after(async () => {
await getConnection().close();
delete process.env.SETTINGS_SESSION_SECRET;
});