Example #1
0
        RestAPI.Admin.getSignedTenantAuthenticationRequestInfo(globalAdminRestContext, null, (err, requestInfo) => {
          assert.ok(err);
          assert.strictEqual(err.code, 400);
          assert.ok(!requestInfo);

          // Ensure we cannot get a signed request with a non-existing tenant alias
          RestAPI.Admin.getSignedTenantAuthenticationRequestInfo(
            globalAdminRestContext,
            'some non existing tenant alias',
            (err, requestInfo) => {
              assert.ok(err);
              assert.strictEqual(err.code, 404);
              assert.ok(!requestInfo);

              // Sanity check that we can get a signed request with an existing tenant alias
              RestAPI.Admin.getSignedTenantAuthenticationRequestInfo(
                globalAdminRestContext,
                'localhost',
                (err, requestInfo) => {
                  assert.ok(!err);
                  assert.ok(requestInfo);
                  return callback();
                }
              );
            }
          );
        });
Example #2
0
                (err, requestInfo) => {
                  assert.ok(err);

                  // This actually throws 404 because these endpoints are not hooked up to the tenant servers
                  assert.strictEqual(err.code, 404);
                  assert.ok(!requestInfo);

                  // Verify a regular user cannot request signed authentication to another tenant
                  RestAPI.Admin.getSignedTenantAuthenticationRequestInfo(
                    mrvisser.restContext,
                    'localhost',
                    (err, requestInfo) => {
                      assert.ok(err);

                      // This actually throws 404 because these endpoints are not hooked up to the tenant servers
                      assert.strictEqual(err.code, 404);
                      assert.ok(!requestInfo);

                      // Sanity check that global admin is granted the signed authentication request
                      RestAPI.Admin.getSignedTenantAuthenticationRequestInfo(
                        globalAdminRestContext,
                        'localhost',
                        (err, requestInfo) => {
                          assert.ok(!err);
                          assert.ok(requestInfo);
                          return callback();
                        }
                      );
                    }
                  );
                }
Example #3
0
      it('verify parameter validation', callback => {
        RestAPI.Admin.getSignedTenantAuthenticationRequestInfo(
          globalAdminRestContext,
          'localhost',
          (err, requestInfo) => {
            assert.ok(!err);

            // Ensure that authentication with this request data works
            _performSignedAuthenticationRequest(requestInfo.url, requestInfo.body, true, () => {
              // Permutations of missing parameters
              _performSignedAuthenticationRequest(requestInfo.url, _.omit(requestInfo.body, 'userId'), false, () => {
                _performSignedAuthenticationRequest(requestInfo.url, _.omit(requestInfo.body, 'expires'), false, () => {
                  _performSignedAuthenticationRequest(
                    requestInfo.url,
                    _.omit(requestInfo.body, 'signature'),
                    false,
                    () => {
                      // All parameters are present, but some are invalid
                      _performSignedAuthenticationRequest(
                        requestInfo.url,
                        _.extend({}, requestInfo.body, { userId: 'u:admin:badid' }),
                        false,
                        () => {
                          _performSignedAuthenticationRequest(
                            requestInfo.url,
                            _.extend({}, requestInfo.body, { expires: 1234567890 }),
                            false,
                            () => {
                              return _performSignedAuthenticationRequest(
                                requestInfo.url,
                                _.extend({}, requestInfo.body, {
                                  signature: 'bad signature'
                                }),
                                false,
                                callback
                              );
                            }
                          );
                        }
                      );
                    }
                  );
                });
              });
            });
          }
        );
      });
Example #4
0
  that.login = function(callback) {
    const tenantAlias = that.contentId.split(':')[1];
    log().trace({ contentId }, 'Logging into %s', tenantAlias);

    // Log in via signed auth, and get a new RestContext
    RestAPI.Admin.getSignedTenantAuthenticationRequestInfo(globalRestContext, tenantAlias, (err, requestInfo) => {
      if (err) {
        log().error(
          { err, contentId },
          'We could not get signed authentication request info for the tenant. The status of the content item will not be set'
        );
        return callback(err);
      }

      // Parse the URL we should use to authenticate to the tenant
      const parsedUrl = url.parse(requestInfo.url);

      // We need to try and use the internally configured host rather than using the external host,
      // so we extract the Host header portion from the suggested URI and replace the connection URI
      // with the internal host
      const { protocol } = parsedUrl;
      const hostHeader = parsedUrl.host;

      // Use internal address if configured
      const host = config.servers.serverInternalAddress || hostHeader;
      const restCtx = new RestContext(util.format('%s//%s', protocol, host), {
        hostHeader,
        strictSSL
      });

      // Perform the actual login
      // eslint-disable-next-line no-unused-vars
      RestAPI.Admin.doSignedAuthentication(restCtx, requestInfo.body, (err, body, response) => {
        if (err) {
          log().error(
            { err, contentId },
            'We could not log in on the tenant. The status of the content item will not be set'
          );
          return callback(err);
        }

        // Use this context for subsequent requests to the tenant
        that.tenantRestContext = restCtx;
        return callback();
      });
    });
  };
Example #5
0
      it('verify signed tenant login request expires', callback => {
        RestAPI.Admin.getSignedTenantAuthenticationRequestInfo(
          globalAdminRestContext,
          'localhost',
          (err, requestInfo) => {
            assert.ok(!err);

            // Skip the time ahead by 5 minutes to ensure the token is no longer valid
            const now = Date.now();
            Date.now = function() {
              return now + 5 * 60 * 1000;
            };

            return _performSignedAuthenticationRequest(requestInfo.url, requestInfo.body, false, callback);
          }
        );
      });