diff --git a/README.md b/README.md index 8c73ea1..6939e80 100644 --- a/README.md +++ b/README.md @@ -25,10 +25,10 @@ npm install @cap-js/ord To enforce authentication in the ORD Plugin, set the following environment variables: -* `ORD_AUTH`: Specifies the authentication types. +* `ORD_AUTH_TYPE`: Specifies the authentication types. * `BASIC_AUTH`: Contains credentials for `basic` authentication. -If `ORD_AUTH` is not set, the application starts without authentication. This variable accepts `open` and `basic` (UCL-mTLS is also planned). +If `ORD_AUTH_TYPE` is not set, the application starts without authentication. This variable accepts `open` and `basic` (UCL-mTLS is also planned). > Note: `open` cannot be combined with `basic` or any other (future) authentication types. #### Open @@ -37,7 +37,7 @@ The `open` authentication type bypasses authentication checks. #### Basic -To use `basic` authentication, set `ORD_AUTH` to `["basic"]` and provide credentials in `BASIC_AUTH`. Example: +To use `basic` authentication, set `ORD_AUTH_TYPE` to `["basic"]` and provide credentials in `BASIC_AUTH`. Example: ```bash BASIC_AUTH='{"user":"password"}' diff --git a/__tests__/unittest/authentication.test.js b/__tests__/unittest/authentication.test.js index 00ec08e..a10f434 100644 --- a/__tests__/unittest/authentication.test.js +++ b/__tests__/unittest/authentication.test.js @@ -45,13 +45,13 @@ describe('authentication', () => { describe('Initialization of authentication config data', () => { beforeAll(() => { - delete process.env.ORD_AUTH; + delete process.env.ORD_AUTH_TYPE; delete process.env.BASIC_AUTH; cds.env.authentication = {}; }); afterEach(() => { - delete process.env.ORD_AUTH; + delete process.env.ORD_AUTH_TYPE; delete process.env.BASIC_AUTH; cds.env.authentication = {}; }); @@ -64,38 +64,38 @@ describe('authentication', () => { it('should return configuration when Open authentication type is provided', () => { - process.env.ORD_AUTH = `["${AUTHENTICATION_TYPE.Open}"]`; + process.env.ORD_AUTH_TYPE = `["${AUTHENTICATION_TYPE.Open}"]`; const authConfig = createAuthConfig(); expect(authConfig).toEqual({ types: [AUTHENTICATION_TYPE.Open] }); }); it('should return default configuration with error when invalid authentication type is provided', () => { - process.env.ORD_AUTH = '["InvalidType"]'; + process.env.ORD_AUTH_TYPE = '["InvalidType"]'; const authConfig = createAuthConfig(); expect(authConfig).toEqual({ types: [AUTHENTICATION_TYPE.Open], error: 'Invalid authentication type' }); }); it('should return default configuration with error when Open and Basic authentication types are combined', () => { - process.env.ORD_AUTH = `["${AUTHENTICATION_TYPE.Open}", "${AUTHENTICATION_TYPE.Basic}"]`; + process.env.ORD_AUTH_TYPE = `["${AUTHENTICATION_TYPE.Open}", "${AUTHENTICATION_TYPE.Basic}"]`; const authConfig = createAuthConfig(); expect(authConfig).toEqual({ types: [AUTHENTICATION_TYPE.Open], error: 'Open authentication cannot be combined with any other authentication type' }); }); it('should return default configuration with error when invalid JSON is provided', () => { - process.env.ORD_AUTH = 'typo["Open"typo]'; + process.env.ORD_AUTH_TYPE = 'typo["Open"typo]'; const authConfig = createAuthConfig(); expect(authConfig).toEqual({ types: [AUTHENTICATION_TYPE.Open], error: expect.stringContaining('not valid JSON') }); }); it('should return default configuration with error when credentials are not valid JSON', () => { - process.env.ORD_AUTH = `["${AUTHENTICATION_TYPE.Basic}"]`; + process.env.ORD_AUTH_TYPE = `["${AUTHENTICATION_TYPE.Basic}"]`; process.env.BASIC_AUTH = 'non-valid-json'; const authConfig = createAuthConfig(); expect(authConfig).toEqual({ types: [AUTHENTICATION_TYPE.Open], error: expect.stringContaining('not valid JSON') }); }); it('should return auth configuration containing credentials by using data from process.env.BASIC_AUTH', () => { - process.env.ORD_AUTH = `["${AUTHENTICATION_TYPE.Basic}"]`; + process.env.ORD_AUTH_TYPE = `["${AUTHENTICATION_TYPE.Basic}"]`; process.env.BASIC_AUTH = JSON.stringify(mockValidUser); const authConfig = createAuthConfig(); expect(authConfig).toEqual({ @@ -108,7 +108,7 @@ describe('authentication', () => { }); it('should return auth configuration containing credentials by using data from .cdsrc.json', () => { - process.env.ORD_AUTH = `["${AUTHENTICATION_TYPE.Basic}"]`; + process.env.ORD_AUTH_TYPE = `["${AUTHENTICATION_TYPE.Basic}"]`; cds.env.authentication.credentials = mockValidUser; const authConfig = createAuthConfig(); expect(authConfig).toEqual({ @@ -123,7 +123,7 @@ describe('authentication', () => { describe("Authentication middleware", () => { afterEach(() => { - delete process.env.ORD_AUTH; + delete process.env.ORD_AUTH_TYPE; delete process.env.BASIC_AUTH; cds.env.authentication = {} cds.context.authConfig = {}; diff --git a/lib/authentication.js b/lib/authentication.js index 9b9cf7c..85e5be5 100644 --- a/lib/authentication.js +++ b/lib/authentication.js @@ -14,8 +14,8 @@ function createAuthConfig() { try { const authConfig = {}; - authConfig.types = process.env.ORD_AUTH ? - [...new Set(JSON.parse(process.env.ORD_AUTH))] : + authConfig.types = process.env.ORD_AUTH_TYPE ? + [...new Set(JSON.parse(process.env.ORD_AUTH_TYPE))] : [...new Set(cds.env.authentication?.types)]; if (!authConfig.types || authConfig.types.length === 0) { diff --git a/xmpl/default-env.json b/xmpl/default-env.json index dee2506..391ed96 100644 --- a/xmpl/default-env.json +++ b/xmpl/default-env.json @@ -4,7 +4,7 @@ "ORD_BASE_URL": "http://localhost:8080", "ORD_SOURCE_TYPE": "local", "ORD_DIRECTORY": "./example", - "ORD_AUTH": ["basic"], + "ORD_AUTH_TYPE": ["basic"], "BASIC_AUTH": { "admin": "secret" }