Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
await Promise.all([
request(app).get('/foo').set('Cookie', cookie).expect(200),
request(app).get('/bar').set('Cookie', cookie).expect(403),
]);
/* Add the admin group and permission */
await createConnection({
database: 'e2e_db.sqlite',
entities: [ User, Permission, Group ],
name: 'perm-connection',
type: 'sqlite',
});
const user2 = await getRepository(User, 'perm-connection').findOne({ email: 'john@foalts.org' });
if (!user2) {
throw new Error('John was not found in the database.');
}
const perm = new Permission();
perm.codeName = 'admin';
perm.name = 'Admin permission';
await getRepository(Permission, 'perm-connection').save(perm);
const group = new Group();
group.name = 'Administrators';
group.codeName = 'administrators';
group.permissions = [ perm ];
await getRepository(Group, 'perm-connection').save(group);
user2.groups = [ group ];
throw new Error('John was not found in the database.');
}
const perm = new Permission();
perm.codeName = 'admin';
perm.name = 'Admin permission';
await getRepository(Permission, 'perm-connection').save(perm);
const group = new Group();
group.name = 'Administrators';
group.codeName = 'administrators';
group.permissions = [ perm ];
await getRepository(Group, 'perm-connection').save(group);
user2.groups = [ group ];
await getRepository(User, 'perm-connection').save(user2);
await getConnection('perm-connection').close();
/* Access the route that requires a specific permission */
await request(app).get('/bar').set('Cookie', cookie).expect(200);
/* Log out */
await request(app).get('/logout').set('Cookie', cookie).expect(204);
/* Try to access routes that require authentication and a specific permission */
await Promise.all([
request(app).get('/foo').expect(401),
request(app).get('/bar').expect(401),
const user2 = await getRepository(User, 'perm-connection').findOne({ email: 'john@foalts.org' });
if (!user2) {
throw new Error('John was not found in the database.');
}
const perm = new Permission();
perm.codeName = 'admin';
perm.name = 'Admin permission';
await getRepository(Permission, 'perm-connection').save(perm);
const group = new Group();
group.name = 'Administrators';
group.codeName = 'administrators';
group.permissions = [ perm ];
await getRepository(Group, 'perm-connection').save(group);
user2.groups = [ group ];
await getRepository(User, 'perm-connection').save(user2);
await getConnection('perm-connection').close();
/* Access the route that requires a specific permission */
await request(app).get('/bar').set('Cookie', cookie).expect(200);
/* Log out */
await request(app).get('/logout').set('Cookie', cookie).expect(204);
/* Try to access routes that require authentication and a specific permission */
process.env.SETTINGS_SESSION_SECRET = 'session-secret';
await createConnection({
database: 'e2e_db.sqlite',
dropSchema: true,
entities: [ User, Permission, Group ],
synchronize: true,
type: 'sqlite',
});
const user1 = new User();
const user2 = new User();
const perm = new Permission();
perm.codeName = 'access-foo';
perm.name = 'Foo permission';
await getRepository(Permission).save(perm);
const group = new Group();
group.name = 'Administrators';
group.codeName = 'administrators';
group.permissions = [ perm ];
await getRepository(Group).save(group);
user1.userPermissions = [ perm ];
user2.groups = [ group ];
await getRepository(User).save([ user1, user2 ]);
const session1 = await createService(TypeORMStore).createAndSaveSessionFromUser(user1);
tokenUser1 = session1.getToken();
const session2 = await createService(TypeORMStore).createAndSaveSessionFromUser(user2);
async login(ctx: Context) {
const user = await getRepository(User).findOne({ email: ctx.request.body.email });
if (!user) {
return new HttpResponseUnauthorized();
}
if (!await verifyPassword(ctx.request.body.password, user.password)) {
return new HttpResponseUnauthorized();
}
const session = await this.store.createAndSaveSessionFromUser(user);
const response = new HttpResponseNoContent();
const token = session.getToken();
setSessionCookie(response, token);
return response;
}
async login(ctx: Context) {
const user = await getRepository(User).findOne({ email: ctx.request.body.email });
if (!user) {
return new HttpResponseRedirect('/login');
}
if (!await verifyPassword(ctx.request.body.password, user.password)) {
return new HttpResponseRedirect('/login');
}
const session = await this.store.createAndSaveSessionFromUser(user);
const response = new HttpResponseRedirect('/home');
const token = session.getToken();
setSessionCookie(response, token);
return response;
}
async login(ctx: Context) {
const user = await getRepository(User).findOne({ email: ctx.request.body.email });
if (!user) {
return new HttpResponseUnauthorized();
}
if (!await verifyPassword(ctx.request.body.password, user.password)) {
return new HttpResponseUnauthorized();
}
logIn(ctx, user);
return new HttpResponseNoContent();
}
}
type: 'sqlite',
});
const user1 = new User();
const user2 = new User();
const perm = new Permission();
perm.codeName = 'access-foo';
perm.name = 'Foo permission';
await getRepository(Permission).save(perm);
const group = new Group();
group.name = 'Administrators';
group.codeName = 'administrators';
group.permissions = [ perm ];
await getRepository(Group).save(group);
user1.userPermissions = [ perm ];
user2.groups = [ group ];
await getRepository(User).save([ user1, user2 ]);
const session1 = await createService(TypeORMStore).createAndSaveSessionFromUser(user1);
tokenUser1 = session1.getToken();
const session2 = await createService(TypeORMStore).createAndSaveSessionFromUser(user2);
tokenUser2 = session2.getToken();
app = createApp(AppController);
});
async login(ctx: Context) {
const user = await getRepository(User).findOne({ email: ctx.request.body.email });
if (!user) {
return new HttpResponseUnauthorized();
}
if (!await verifyPassword(ctx.request.body.password, user.password)) {
return new HttpResponseUnauthorized();
}
return this.generateLoginResponse(user);
}
async signup(ctx: Context) {
const user = new User();
user.email = ctx.request.body.email;
user.password = await hashPassword(ctx.request.body.password);
await getRepository(User).save(user);
return this.generateLoginResponse(user);
}