borg/drone-detector
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix jwt-token

Browse Source
This commit is contained in:
Alexander Borg
2025-09-13 14:15:45 +02:00
parent f8dca30ef9
commit 097c0f074c
1 changed files with 327 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

327
server/test-rbac.js
View File

@@ -0,0 +1,327 @@
/**
* Comprehensive RBAC System Test Suite
* Tests granular permissions for all roles and provides detailed analysis
*/
const { hasPermission, ROLES, PERMISSIONS } = require('./middleware/rbac');
// Mock users with different roles
const testUsers = {
admin: {
id: 1,
username: 'super_admin',
role: 'admin'
},
user_admin: {
id: 2,
username: 'user_manager',
role: 'user_admin'
},
security_admin: {
id: 3,
username: 'security_manager',
role: 'security_admin'
},
branding_admin: {
id: 4,
username: 'branding_manager',
role: 'branding_admin'
},
operator: {
id: 5,
username: 'device_operator',
role: 'operator'
},
viewer: {
id: 6,
username: 'read_only_user',
role: 'viewer'
}
};
// Comprehensive test scenarios for each role
const testScenarios = [
{
name: 'Admin - Full System Access',
user: testUsers.admin,
description: 'Should have access to all system functions',
tests: [
{ permission: 'tenant.view', expected: true, category: 'Tenant' },
{ permission: 'tenant.edit', expected: true, category: 'Tenant' },
{ permission: 'branding.view', expected: true, category: 'Branding' },
{ permission: 'branding.edit', expected: true, category: 'Branding' },
{ permission: 'security.view', expected: true, category: 'Security' },
{ permission: 'security.edit', expected: true, category: 'Security' },
{ permission: 'users.view', expected: true, category: 'Users' },
{ permission: 'users.create', expected: true, category: 'Users' },
{ permission: 'users.edit', expected: true, category: 'Users' },
{ permission: 'users.delete', expected: true, category: 'Users' },
{ permission: 'users.manage_roles', expected: true, category: 'Users' },
{ permission: 'auth.view', expected: true, category: 'Authentication' },
{ permission: 'auth.edit', expected: true, category: 'Authentication' },
{ permission: 'devices.manage', expected: true, category: 'Devices' },
{ permission: 'debug.access', expected: true, category: 'Debug' }
]
},
{
name: 'User Admin - User Management Specialist',
user: testUsers.user_admin,
description: 'Should only manage users, not system settings',
tests: [
{ permission: 'tenant.view', expected: true, category: 'Tenant' },
{ permission: 'tenant.edit', expected: false, category: 'Tenant' },
{ permission: 'branding.view', expected: false, category: 'Branding' },
{ permission: 'branding.edit', expected: false, category: 'Branding' },
{ permission: 'security.view', expected: false, category: 'Security' },
{ permission: 'security.edit', expected: false, category: 'Security' },
{ permission: 'users.view', expected: true, category: 'Users' },
{ permission: 'users.create', expected: true, category: 'Users' },
{ permission: 'users.edit', expected: true, category: 'Users' },
{ permission: 'users.delete', expected: true, category: 'Users' },
{ permission: 'users.manage_roles', expected: true, category: 'Users' },
{ permission: 'auth.view', expected: false, category: 'Authentication' },
{ permission: 'auth.edit', expected: false, category: 'Authentication' },
{ permission: 'devices.manage', expected: false, category: 'Devices' },
{ permission: 'debug.access', expected: false, category: 'Debug' }
]
},
{
name: 'Security Admin - Security Specialist',
user: testUsers.security_admin,
description: 'Should only manage security and authentication settings',
tests: [
{ permission: 'tenant.view', expected: true, category: 'Tenant' },
{ permission: 'tenant.edit', expected: false, category: 'Tenant' },
{ permission: 'branding.view', expected: false, category: 'Branding' },
{ permission: 'branding.edit', expected: false, category: 'Branding' },
{ permission: 'security.view', expected: true, category: 'Security' },
{ permission: 'security.edit', expected: true, category: 'Security' },
{ permission: 'users.view', expected: true, category: 'Users' },
{ permission: 'users.create', expected: false, category: 'Users' },
{ permission: 'users.edit', expected: false, category: 'Users' },
{ permission: 'users.delete', expected: false, category: 'Users' },
{ permission: 'users.manage_roles', expected: false, category: 'Users' },
{ permission: 'auth.view', expected: true, category: 'Authentication' },
{ permission: 'auth.edit', expected: true, category: 'Authentication' },
{ permission: 'devices.manage', expected: false, category: 'Devices' },
{ permission: 'debug.access', expected: false, category: 'Debug' }
]
},
{
name: 'Branding Admin - Branding Specialist',
user: testUsers.branding_admin,
description: 'Should only manage branding and visual customization',
tests: [
{ permission: 'tenant.view', expected: true, category: 'Tenant' },
{ permission: 'tenant.edit', expected: false, category: 'Tenant' },
{ permission: 'branding.view', expected: true, category: 'Branding' },
{ permission: 'branding.edit', expected: true, category: 'Branding' },
{ permission: 'security.view', expected: false, category: 'Security' },
{ permission: 'security.edit', expected: false, category: 'Security' },
{ permission: 'users.view', expected: false, category: 'Users' },
{ permission: 'users.create', expected: false, category: 'Users' },
{ permission: 'users.edit', expected: false, category: 'Users' },
{ permission: 'users.delete', expected: false, category: 'Users' },
{ permission: 'users.manage_roles', expected: false, category: 'Users' },
{ permission: 'auth.view', expected: false, category: 'Authentication' },
{ permission: 'auth.edit', expected: false, category: 'Authentication' },
{ permission: 'devices.manage', expected: false, category: 'Devices' },
{ permission: 'debug.access', expected: false, category: 'Debug' }
]
},
{
name: 'Operator - Limited Operational Access',
user: testUsers.operator,
description: 'Should have basic operational access without admin privileges',
tests: [
{ permission: 'tenant.view', expected: true, category: 'Tenant' },
{ permission: 'tenant.edit', expected: false, category: 'Tenant' },
{ permission: 'branding.view', expected: false, category: 'Branding' },
{ permission: 'branding.edit', expected: false, category: 'Branding' },
{ permission: 'security.view', expected: false, category: 'Security' },
{ permission: 'security.edit', expected: false, category: 'Security' },
{ permission: 'users.view', expected: false, category: 'Users' },
{ permission: 'users.create', expected: false, category: 'Users' },
{ permission: 'users.edit', expected: false, category: 'Users' },
{ permission: 'users.delete', expected: false, category: 'Users' },
{ permission: 'users.manage_roles', expected: false, category: 'Users' },
{ permission: 'auth.view', expected: false, category: 'Authentication' },
{ permission: 'auth.edit', expected: false, category: 'Authentication' },
{ permission: 'devices.manage', expected: true, category: 'Devices' },
{ permission: 'debug.access', expected: false, category: 'Debug' }
]
},
{
name: 'Viewer - Read-Only Access',
user: testUsers.viewer,
description: 'Should only have read access to basic information',
tests: [
{ permission: 'tenant.view', expected: false, category: 'Tenant' },
{ permission: 'tenant.edit', expected: false, category: 'Tenant' },
{ permission: 'branding.view', expected: false, category: 'Branding' },
{ permission: 'branding.edit', expected: false, category: 'Branding' },
{ permission: 'security.view', expected: false, category: 'Security' },
{ permission: 'security.edit', expected: false, category: 'Security' },
{ permission: 'users.view', expected: false, category: 'Users' },
{ permission: 'users.create', expected: false, category: 'Users' },
{ permission: 'users.edit', expected: false, category: 'Users' },
{ permission: 'users.delete', expected: false, category: 'Users' },
{ permission: 'users.manage_roles', expected: false, category: 'Users' },
{ permission: 'auth.view', expected: false, category: 'Authentication' },
{ permission: 'auth.edit', expected: false, category: 'Authentication' },
{ permission: 'devices.manage', expected: false, category: 'Devices' },
{ permission: 'debug.access', expected: false, category: 'Debug' }
]
}
];
// Console formatting helpers
const colors = {
reset: '\x1b[0m',
bright: '\x1b[1m',
red: '\x1b[31m',
green: '\x1b[32m',
yellow: '\x1b[33m',
blue: '\x1b[34m',
magenta: '\x1b[35m',
cyan: '\x1b[36m'
};
function colorText(text, color) {
return `${colors[color]}${text}${colors.reset}`;
}
// Main test execution
console.log(colorText('🧪 COMPREHENSIVE RBAC SYSTEM TEST SUITE', 'bright'));
console.log(colorText('=' .repeat(60), 'cyan'));
console.log();
// Display system overview
console.log(colorText('📋 RBAC System Overview:', 'blue'));
console.log();
console.log(colorText('Available Roles:', 'cyan'));
Object.entries(ROLES).forEach(([role, permissions]) => {
console.log(` ${colorText('●', 'green')} ${colorText(role, 'bright')}: ${permissions.length} permissions`);
console.log(` ${permissions.slice(0, 5).join(', ')}${permissions.length > 5 ? '...' : ''}`);
});
console.log();
console.log(colorText('Available Permissions:', 'cyan'));
const permissionsByCategory = {};
Object.keys(PERMISSIONS).forEach(permission => {
const category = permission.split('.')[0];
if (!permissionsByCategory[category]) {
permissionsByCategory[category] = [];
}
permissionsByCategory[category].push(permission);
});
Object.entries(permissionsByCategory).forEach(([category, permissions]) => {
console.log(` ${colorText('●', 'yellow')} ${colorText(category.toUpperCase(), 'bright')}: ${permissions.join(', ')}`);
});
console.log();
console.log(colorText('🔍 RUNNING PERMISSION TESTS:', 'blue'));
console.log(colorText('=' .repeat(60), 'cyan'));
// Test execution
let totalTests = 0;
let passedTests = 0;
const results = {};
testScenarios.forEach(scenario => {
console.log();
console.log(colorText(`👤 ${scenario.name}`, 'bright'));
console.log(colorText(` ${scenario.description}`, 'yellow'));
console.log(colorText('─'.repeat(60), 'cyan'));
results[scenario.user.role] = {
passed: 0,
failed: 0,
details: {}
};
// Group tests by category for better organization
const testsByCategory = {};
scenario.tests.forEach(test => {
if (!testsByCategory[test.category]) {
testsByCategory[test.category] = [];
}
testsByCategory[test.category].push(test);
});
Object.entries(testsByCategory).forEach(([category, tests]) => {
console.log(colorText(` 📁 ${category}:`, 'magenta'));
tests.forEach(test => {
totalTests++;
const result = hasPermission(scenario.user, test.permission);
const passed = result === test.expected;
if (passed) {
passedTests++;
results[scenario.user.role].passed++;
} else {
results[scenario.user.role].failed++;
}
const status = passed ? colorText('✅', 'green') : colorText('❌', 'red');
const expectedText = test.expected ? colorText('ALLOW', 'green') : colorText('DENY', 'red');
const actualText = result ? colorText('ALLOW', 'green') : colorText('DENY', 'red');
console.log(` ${status} ${test.permission}: Expected ${expectedText}, Got ${actualText}`);
if (!results[scenario.user.role].details[category]) {
results[scenario.user.role].details[category] = { passed: 0, failed: 0 };
}
results[scenario.user.role].details[category][passed ? 'passed' : 'failed']++;
});
});
});
console.log();
console.log(colorText('📊 DETAILED TEST RESULTS:', 'blue'));
console.log(colorText('=' .repeat(60), 'cyan'));
// Display detailed results
Object.entries(results).forEach(([role, result]) => {
const total = result.passed + result.failed;
const successRate = Math.round((result.passed / total) * 100);
const statusColor = successRate === 100 ? 'green' : successRate >= 80 ? 'yellow' : 'red';
console.log();
console.log(colorText(`🔐 ${role.toUpperCase()}:`, 'bright'));
console.log(` Overall: ${colorText(result.passed, 'green')}/${total} (${colorText(successRate + '%', statusColor)})`);
Object.entries(result.details).forEach(([category, details]) => {
const categoryTotal = details.passed + details.failed;
const categoryRate = Math.round((details.passed / categoryTotal) * 100);
const categoryColor = categoryRate === 100 ? 'green' : categoryRate >= 80 ? 'yellow' : 'red';
console.log(` ${category}: ${colorText(details.passed, 'green')}/${categoryTotal} (${colorText(categoryRate + '%', categoryColor)})`);
});
});
console.log();
console.log(colorText('📈 SUMMARY:', 'blue'));
console.log(colorText('─'.repeat(30), 'cyan'));
console.log(`Total Tests: ${totalTests}`);
console.log(`Passed: ${colorText(passedTests, 'green')}`);
console.log(`Failed: ${colorText(totalTests - passedTests, totalTests > passedTests ? 'red' : 'green')}`);
console.log(`Success Rate: ${colorText(Math.round((passedTests/totalTests) * 100) + '%', passedTests === totalTests ? 'green' : 'yellow')}`);
console.log();
if (passedTests === totalTests) {
console.log(colorText('🎉 ALL TESTS PASSED! RBAC system is working correctly.', 'green'));
console.log(colorText('✓ Role separation is properly enforced', 'green'));
console.log(colorText('✓ Granular permissions are functioning as expected', 'green'));
console.log(colorText('✓ Security boundaries are maintained', 'green'));
} else {
console.log(colorText('⚠️ SOME TESTS FAILED!', 'red'));
console.log(colorText('Please review the RBAC configuration and role definitions.', 'yellow'));
console.log(colorText('Failed tests indicate potential security vulnerabilities.', 'red'));
}
console.log();
console.log(colorText('🔐 Security Validation Complete', 'cyan'));
console.log(colorText('=' .repeat(60), 'cyan'));