navguard checks for admin

2025-12-13 07:45:54 +00:00 · 2021-12-02 12:29:24 +01:00 · 2021-12-02 12:29:24 +01:00 · e6ccc00122
commit e6ccc00122
parent c210c590f5
2 changed files with 98 additions and 10 deletions
--- a/admin/src/router/guards.js
+++ b/admin/src/router/guards.js
@ -1,12 +1,28 @@
+import { verifyLogin } from '../graphql/verifyLogin'
 import CONFIG from '../config'

-const addNavigationGuards = (router, store) => {
+const addNavigationGuards = (router, store, apollo) => {
  // store token on `authenticate`
-  router.beforeEach((to, from, next) => {
+  router.beforeEach(async (to, from, next) => {
    if (to.path === '/authenticate' && to.query && to.query.token) {
-      // TODO verify user to get user data
      store.commit('token', to.query.token)
-      next({ path: '/' })
+      await apollo
+        .query({
+          query: verifyLogin,
+          fetchPolicy: 'network-only',
+        })
+        .then((result) => {
+          const moderator = result.data.verifyLogin
+          if (moderator.isAdmin) {
+            store.commit('moderator', moderator)
+            next({ path: '/' })
+          } else {
+            next({ path: '/not-found' })
+          }
+        })
+        .catch(() => {
+          next({ path: '/not-found' })
+        })
    } else {
      next()
    }
@ -16,7 +32,9 @@ const addNavigationGuards = (router, store) => {
  router.beforeEach((to, from, next) => {
    if (
      !CONFIG.DEBUG_DISABLE_AUTH && // we did not disabled the auth module for debug purposes
-      !store.state.token && // we do not have a token
+      (!store.state.token || // we do not have a token
+        !store.state.moderator || // no moderator set in store
+        !store.state.moderator.isAdmin) && // user is no admin
      to.path !== '/not-found' && // we are not on `not-found`
      to.path !== '/logout' // we are not on `logout`
    ) {
--- a/admin/src/router/guards.test.js
+++ b/admin/src/router/guards.test.js
@ -2,6 +2,13 @@ import addNavigationGuards from './guards'
 import router from './router'

 const storeCommitMock = jest.fn()
+const apolloQueryMock = jest.fn().mockResolvedValue({
+  data: {
+    verifyLogin: {
+      isAdmin: true,
+    },
+  },
+})

 const store = {
  commit: storeCommitMock,
@ -10,7 +17,11 @@ const store = {
  },
 }

-addNavigationGuards(router, store)
+const apollo = {
+  query: apolloQueryMock,
+}
+
+addNavigationGuards(router, store, apollo)

 describe('navigation guards', () => {
  beforeEach(() => {
@ -21,18 +32,70 @@ describe('navigation guards', () => {
    const navGuard = router.beforeHooks[0]
    const next = jest.fn()

-    describe('with valid token', () => {
-      it('commits the token to the store', async () => {
+    describe('with valid token and as admin', () => {
+      beforeEach(() => {
        navGuard({ path: '/authenticate', query: { token: 'valid-token' } }, {}, next)
+      })
+
+      it('commits the token to the store', async () => {
        expect(storeCommitMock).toBeCalledWith('token', 'valid-token')
      })

+      it('commits the moderator to the store', () => {
+        expect(storeCommitMock).toBeCalledWith('moderator', { isAdmin: true })
+      })
+
      it('redirects to /', async () => {
-        navGuard({ path: '/authenticate', query: { token: 'valid-token' } }, {}, next)
        expect(next).toBeCalledWith({ path: '/' })
      })
    })

+    describe('with valid token and not as admin', () => {
+      beforeEach(() => {
+        apolloQueryMock.mockResolvedValue({
+          data: {
+            verifyLogin: {
+              isAdmin: false,
+            },
+          },
+        })
+        navGuard({ path: '/authenticate', query: { token: 'valid-token' } }, {}, next)
+      })
+
+      it('commits the token to the store', async () => {
+        expect(storeCommitMock).toBeCalledWith('token', 'valid-token')
+      })
+
+      it('does not commit the moderator to the store', () => {
+        expect(storeCommitMock).not.toBeCalledWith('moderator', { isAdmin: false })
+      })
+
+      it('redirects to /not-found', async () => {
+        expect(next).toBeCalledWith({ path: '/not-found' })
+      })
+    })
+
+    describe('with valid token and server error on verification', () => {
+      beforeEach(() => {
+        apolloQueryMock.mockRejectedValue({
+          message: 'Ouch!',
+        })
+        navGuard({ path: '/authenticate', query: { token: 'valid-token' } }, {}, next)
+      })
+
+      it('commits the token to the store', async () => {
+        expect(storeCommitMock).toBeCalledWith('token', 'valid-token')
+      })
+
+      it('does not commit the moderator to the store', () => {
+        expect(storeCommitMock).not.toBeCalledWith('moderator', { isAdmin: false })
+      })
+
+      it('redirects to /not-found', async () => {
+        expect(next).toBeCalledWith({ path: '/not-found' })
+      })
+    })
+
    describe('without valid token', () => {
      it('does not commit the token to the store', async () => {
        navGuard({ path: '/authenticate' }, {}, next)
@ -55,9 +118,16 @@ describe('navigation guards', () => {
      expect(next).toBeCalledWith({ path: '/not-found' })
    })

-    it('does not redirect when token in store', () => {
+    it('redirects to not found with token in store and not moderator', () => {
      store.state.token = 'valid token'
      navGuard({ path: '/' }, {}, next)
+      expect(next).toBeCalledWith({ path: '/not-found' })
+    })
+
+    it('does not redirect with token in store and as moderator', () => {
+      store.state.token = 'valid token'
+      store.state.moderator = { isAdmin: true }
+      navGuard({ path: '/' }, {}, next)
      expect(next).toBeCalledWith()
    })
  })