#25 admin guard can activate if API is not under auth

2026-01-04 00:23:19 +09:00 · 2020-11-18 00:44:43 +01:00
parent d950ff29b2
commit b0868de37b
6 changed files with 90 additions and 8 deletions
--- a/quartz-manager-frontend/src/app/components/header/header.component.html
+++ b/quartz-manager-frontend/src/app/components/header/header.component.html
@@ -11,7 +11,7 @@
      </button>
      <button
        class="greeting-button"
-        *ngIf="hasSignedIn()"
+        *ngIf="hasSignedIn() && !noAuthenticationRequired()"
        mat-button mat-ripple
        [matMenuTriggerFor]="accountMenu">
        <span>Hi, {{userName()}}</span>
--- a/quartz-manager-frontend/src/app/components/header/header.component.ts
+++ b/quartz-manager-frontend/src/app/components/header/header.component.ts
@@ -1,7 +1,8 @@
 import { Component, OnInit } from '@angular/core';
 import {
  UserService,
-  AuthService
+  AuthService,
+  NO_AUTH
 } from '../../services';
 import { Router } from '@angular/router';

@@ -31,6 +32,9 @@ export class HeaderComponent implements OnInit {
    return !!this.userService.currentUser;
  }

+  noAuthenticationRequired = () => this.hasSignedIn() && this.userService.currentUser === NO_AUTH; 
+  
+
  userName() {
    const user = this.userService.currentUser;
    return user.username;
--- a/quartz-manager-frontend/src/app/guards/admin.guard.spec.ts
+++ b/quartz-manager-frontend/src/app/guards/admin.guard.spec.ts
@@ -1,14 +1,55 @@
 import { TestBed, async, inject } from '@angular/core/testing';
 import { Router } from '@angular/router';
-import { UserService } from '../services';
+import { NO_AUTH, UserService } from '../services';
 import { AdminGuard } from './admin.guard';
-import { MockUserService } from '../services/mocks';
+import {jest} from '@jest/globals'

 export class RouterStub {
  navigate(commands?: any[], extras?: any) {}
 }

-describe('AdminGuard', () => {
+const RouterSpy = jest.spyOn(RouterStub.prototype, 'navigate');
+
+const MockUserServiceNoAuth = jest.fn(() => ({currentUser: NO_AUTH}));
+const MockUserService = jest.fn(() => ({
+  currentUser: {
+    authorities: ['ROLE_ADMIN']
+  }
+}));
+const MockUserServiceForbidden = jest.fn(() => ({
+  currentUser: {
+    authorities: ['ROLE_GUEST']
+  }
+}));
+
+describe('AdminGuard NoAuth', () => {
+  beforeEach(() => {
+    TestBed.configureTestingModule({
+      providers: [
+        AdminGuard,
+        {
+          provide: Router,
+          useClass: RouterStub
+        },
+        {
+          provide: UserService,
+          useClass: MockUserServiceNoAuth
+        }
+      ]
+    });
+  });
+
+  it('should run', inject([AdminGuard], (guard: AdminGuard) => {
+    expect(guard).toBeTruthy();
+  }));
+
+  it('returns true if user is NO_AUTH',inject([AdminGuard], (guard: AdminGuard) => {
+    expect(guard.canActivate(null, null)).toBeTruthy();
+  }));
+
+});
+
+describe('AdminGuard activates the route', () => {
  beforeEach(() => {
    TestBed.configureTestingModule({
      providers: [
@@ -25,7 +66,40 @@ describe('AdminGuard', () => {
    });
  });

-  it('should ...', inject([AdminGuard], (guard: AdminGuard) => {
+  it('should run', inject([AdminGuard], (guard: AdminGuard) => {
    expect(guard).toBeTruthy();
  }));
+
+  it('returns true if user has admin role',inject([AdminGuard], (guard: AdminGuard) => {
+    expect(guard.canActivate(null, null)).toBeTruthy();
+  }));
+
+});
+
+describe('AdminGuard redirects to 403', () => {
+  beforeEach(() => {
+    TestBed.configureTestingModule({
+      providers: [
+        AdminGuard,
+        {
+          provide: Router,
+          useClass: RouterStub
+        },
+        {
+          provide: UserService,
+          useClass: MockUserServiceForbidden
+        }
+      ]
+    });
+  });
+
+  it('should run', inject([AdminGuard], (guard: AdminGuard) => {
+    expect(guard).toBeTruthy();
+  }));
+
+  it('returns false if user is not authorized',inject([AdminGuard], (guard: AdminGuard) => {
+    expect(guard.canActivate(null, null)).toBeFalsy();
+    expect(RouterSpy).toHaveBeenCalledTimes(1);
+  }));
+
 });
--- a/quartz-manager-frontend/src/app/guards/admin.guard.ts
+++ b/quartz-manager-frontend/src/app/guards/admin.guard.ts
@@ -9,6 +9,8 @@ export class AdminGuard implements CanActivate {

  canActivate(route: ActivatedRouteSnapshot, state: RouterStateSnapshot): boolean {
    if (this.userService.currentUser) {
+      if(this.userService.currentUser === 'NO_AUTH')
+        return true;
      if (JSON.stringify(this.userService.currentUser.authorities).search('ROLE_ADMIN') !== -1) 
        return true;
      else {
--- a/quartz-manager-frontend/src/app/services/auth.service.ts
+++ b/quartz-manager-frontend/src/app/services/auth.service.ts
@@ -3,8 +3,7 @@ import { HttpHeaders, HttpResponse } from '@angular/common/http';
 import { ApiService } from './api.service';
 import { UserService } from './user.service';
 import { ConfigService } from './config.service';
-import { Observable } from 'rxjs';
-import { map, tap } from 'rxjs/operators';
+import { map } from 'rxjs/operators';

@Injectable()
 export class AuthService {
--- a/quartz-manager-frontend/src/app/services/user.service.ts
+++ b/quartz-manager-frontend/src/app/services/user.service.ts
@@ -4,6 +4,8 @@ import { ConfigService } from './config.service';

 import { map } from 'rxjs/operators'

+export const NO_AUTH: string = 'NO_AUTH'
+
@Injectable()
 export class UserService {

@@ -34,6 +36,7 @@ export class UserService {
          this.currentUser = user;
        }, err => {
          //not logged
+          console.log(`error retrieving current user due to ` + err);
        });
  }