From d0d08b1ee1fc4934c6686936a7de5a9e6daf2068 Mon Sep 17 00:00:00 2001
From: Daniel Hutzel <daniel.hutzel@sap.com>
Date: Thu, 12 Nov 2020 23:56:04 +0100
Subject: [PATCH] Enable authorizations w/ dummy-auth (#158)

* Enable authorizations w/ dummy-auth

* fixed: some tests run in privileged mode

* Fixed tests to skip auth

* npm test --silent

* Added dependency to passport
---
 bookshop/package.json           |  3 ++-
 bookshop/srv/admin-service.cds  |  2 +-
 bookshop/srv/cat-service.cds    |  2 +-
 bookshop/test/requests.http     |  3 ++-
 fiori/package.json              |  3 ++-
 package.json                    |  4 ++--
 reviewed/test/requests.http     | 13 +++++++++----
 reviews/srv/reviews-service.cds |  4 ++--
 test/custom-handlers.test.js    |  2 +-
 test/localized-data.test.js     |  2 +-
 test/messaging.test.js          |  2 +-
 test/odata.test.js              |  2 +-
 12 files changed, 25 insertions(+), 17 deletions(-)

diff --git a/bookshop/package.json b/bookshop/package.json
index 6601ca5c..53be832a 100644
--- a/bookshop/package.json
+++ b/bookshop/package.json
@@ -5,7 +5,8 @@
   "dependencies": {
     "@capire/common": "*",
     "@sap/cds": "^4",
-    "express": "^4.17.1"
+    "express": "^4.17.1",
+    "passport": "0.4.1"
   },
   "scripts": {
     "genres": "cds serve test/genres.cds",
diff --git a/bookshop/srv/admin-service.cds b/bookshop/srv/admin-service.cds
index 8939262f..ea9b0731 100644
--- a/bookshop/srv/admin-service.cds
+++ b/bookshop/srv/admin-service.cds
@@ -1,5 +1,5 @@
 using { sap.capire.bookshop as my } from '../db/schema';
-service AdminService @(requires_:'admin') {
+service AdminService @(requires:'admin') {
   entity Books as projection on my.Books;
   entity Authors as projection on my.Authors;
 }
diff --git a/bookshop/srv/cat-service.cds b/bookshop/srv/cat-service.cds
index 3cbaaa8f..b95c1302 100644
--- a/bookshop/srv/cat-service.cds
+++ b/bookshop/srv/cat-service.cds
@@ -5,6 +5,6 @@ service CatalogService @(path:'/browse') {
     author.name as author
   } excluding { createdBy, modifiedBy };
 
-  @requires_: 'authenticated-user'
+  @requires: 'authenticated-user'
   action submitOrder (book : Books:ID, amount: Integer);
 }
diff --git a/bookshop/test/requests.http b/bookshop/test/requests.http
index 6c6428a0..1fbdc0ca 100644
--- a/bookshop/test/requests.http
+++ b/bookshop/test/requests.http
@@ -36,6 +36,7 @@ Authorization: Basic alice:
 # Create book
 POST {{server}}/admin/Books
 Content-Type: application/json;IEEE754Compatible=true
+Authorization: Basic alice:
 
 {
   "ID": 2,
@@ -53,6 +54,7 @@ Content-Type: application/json;IEEE754Compatible=true
 # Put image to books
 PUT {{server}}/admin/Books(2)/image
 Content-Type: image/png
+Authorization: Basic alice:
 
 data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAANwAAADcCAYAAAAbWs+BAAAGwElEQVR4Ae3cwZFbNxBFUY5rkrDTmKAUk5QT03Aa44U22KC7NHptw+DRikVAXf8fzC3u8Hj4R4AAAQIECBAgQIAAAQIECBAgQIAAAQIECBAgQIAAAQIECBAgQIAAAQIECBAgQIAAAQIECBAgQIAAAQIECBAgQIAAAQIECBAgQIAAgZzAW26USQT+e4HPx+Mz+RRvj0e0kT+SD2cWAQK1gOBqH6sEogKCi3IaRqAWEFztY5VAVEBwUU7DCNQCgqt9rBKICgguymkYgVpAcLWPVQJRAcFFOQ0jUAsIrvaxSiAqILgop2EEagHB1T5WCUQFBBflNIxALSC42scqgaiA4KKchhGoBQRX+1glEBUQXJTTMAK1gOBqH6sEogKCi3IaRqAWeK+Xb1z9iN558fHxcSPS9p2ezx/ROz4e4TtIHt+3j/61hW9f+2+7/+UXbifjewIDAoIbQDWSwE5AcDsZ3xMYEBDcAKqRBHYCgtvJ+J7AgIDgBlCNJLATENxOxvcEBgQEN4BqJIGdgOB2Mr4nMCAguAFUIwnsBAS3k/E9gQEBwQ2gGklgJyC4nYzvCQwICG4A1UgCOwHB7WR8T2BAQHADqEYS2AkIbifjewIDAoIbQDWSwE5AcDsZ3xMYEEjfTzHwiK91B8npd6Q8n8/oGQ/ckRJ9vvQwv3BpUfMIFAKCK3AsEUgLCC4tah6BQkBwBY4lAmkBwaVFzSNQCAiuwLFEIC0guLSoeQQKAcEVOJYIpAUElxY1j0AhILgCxxKBtIDg0qLmESgEBFfgWCKQFhBcWtQ8AoWA4AocSwTSAoJLi5pHoBAQXIFjiUBaQHBpUfMIFAKCK3AsEUgLCC4tah6BQmDgTpPsHSTFs39p6fQ7Q770UsV/Ov19X+2OFL9wxR+rJQJpAcGlRc0jUAgIrsCxRCAtILi0qHkECgHBFTiWCKQFBJcWNY9AISC4AscSgbSA4NKi5hEoBARX4FgikBYQXFrUPAKFgOAKHEsE0gKCS4uaR6AQEFyBY4lAWkBwaVHzCBQCgitwLBFICwguLWoegUJAcAWOJQJpAcGlRc0jUAgIrsCxRCAt8J4eePq89B0ar3ZnyOnve/rfn1+400/I810lILirjtPLnC4guNNPyPNdJSC4q47Ty5wuILjTT8jzXSUguKuO08ucLiC400/I810lILirjtPLnC4guNNPyPNdJSC4q47Ty5wuILjTT8jzXSUguKuO08ucLiC400/I810lILirjtPLnC4guNNPyPNdJSC4q47Ty5wuILjTT8jzXSUguKuO08ucLiC400/I810l8JZ/m78+szP/zI47fJo7Q37vgJ7PHwN/07/3TOv/9gu3avhMYFhAcMPAxhNYBQS3avhMYFhAcMPAxhNYBQS3avhMYFhAcMPAxhNYBQS3avhMYFhAcMPAxhNYBQS3avhMYFhAcMPAxhNYBQS3avhMYFhAcMPAxhNYBQS3avhMYFhAcMPAxhNYBQS3avhMYFhAcMPAxhNYBQS3avhMYFhAcMPAxhNYBQS3avhMYFhg4P6H9J0maYHXuiMlrXf+vOfA33Turf3C5SxNItAKCK4lsoFATkBwOUuTCLQCgmuJbCCQExBcztIkAq2A4FoiGwjkBASXszSJQCsguJbIBgI5AcHlLE0i0AoIriWygUBOQHA5S5MItAKCa4lsIJATEFzO0iQCrYDgWiIbCOQEBJezNIlAKyC4lsgGAjkBweUsTSLQCgiuJbKBQE5AcDlLkwi0Akff//Dz6U+/I6U1/sUNr3bnytl3kPzi4bXb/cK1RDYQyAkILmdpEoFWQHAtkQ0EcgKCy1maRKAVEFxLZAOBnIDgcpYmEWgFBNcS2UAgJyC4nKVJBFoBwbVENhDICQguZ2kSgVZAcC2RDQRyAoLLWZpEoBUQXEtkA4GcgOByliYRaAUE1xLZQCAnILicpUkEWgHBtUQ2EMgJCC5naRKBVkBwLZENBHIC/4M7TXIv+3PS22d24qvdQfL3C/7N5P5i/MLlLE0i0AoIriWygUBOQHA5S5MItAKCa4lsIJATEFzO0iQCrYDgWiIbCOQEBJezNIlAKyC4lsgGAjkBweUsTSLQCgiuJbKBQE5AcDlLkwi0AoJriWwgkBMQXM7SJAKtgOBaIhsI5AQEl7M0iUArILiWyAYCOQHB5SxNItAKCK4lsoFATkBwOUuTCBAgQIAAAQIECBAgQIAAAQIECBAgQIAAAQIECBAgQIAAAQIECBAgQIAAAQIECBAgQIAAAQIECBAgQIAAAQIECBAgQIAAAQIECBAgQIDAvyrwDySEJ2VQgUSoAAAAAElFTkSuQmCC
 
@@ -78,4 +80,3 @@ GET {{server}}/browse/Genres?
 # &$filter=parent_ID eq null&$select=name
 # &$expand=children($select=name)
 {{me}}
-
diff --git a/fiori/package.json b/fiori/package.json
index 1c0eec27..ca60b42e 100644
--- a/fiori/package.json
+++ b/fiori/package.json
@@ -6,7 +6,8 @@
     "@capire/orders": "*",
     "@capire/common": "*",
     "@sap/cds": "^4",
-    "express": "^4.17.1"
+    "express": "^4.17.1",
+    "passport": "0.4.1"
   },
   "scripts": {
     "start": "cds run --in-memory?",
diff --git a/package.json b/package.json
index f81fc148..1914f30e 100644
--- a/package.json
+++ b/package.json
@@ -25,8 +25,8 @@
     "fiori": "cds watch fiori",
     "media": "cds watch media",
     "mocha": "npx mocha || echo",
-    "jest": "npx jest --verbose",
-    "test": "npm run jest -s"
+    "jest": "npx jest",
+    "test": "npm run jest --silent"
   },
   "mocha": {
     "parallel": true
diff --git a/reviewed/test/requests.http b/reviewed/test/requests.http
index 7a9d711c..1831c08d 100644
--- a/reviewed/test/requests.http
+++ b/reviewed/test/requests.http
@@ -1,10 +1,16 @@
+
+@me = {{$processEnv USER}}:
+@bookshop = http://localhost:4004
+@reviews-service = {{bookshop}}/reviews
+# @reviews-service = http://localhost:5005/reviews
+
+
+
 #################################################
 #
 #   To ReviewsService
 #
 # move the right down:
-@reviews-service = http://localhost:4004/reviews
-@reviews-service = http://localhost:5005/reviews
 
 ### Get all reviews
 GET {{reviews-service}}/Reviews
@@ -12,6 +18,7 @@ GET {{reviews-service}}/Reviews
 ### Add a new review (with random rating)
 POST {{reviews-service}}/Reviews
 Content-Type: application/json;IEEE754Compatible=true
+Authorization: Basic {{me}}
 
 {"subject":"201", "title":"boo"}
 
@@ -23,8 +30,6 @@ Content-Type: application/json;IEEE754Compatible=true
 #   (both in-process as well as separate one)
 #
 
-@bookshop = http://localhost:4004
-
 ### Request to CatalogService > delegated to ReviewsService
 GET {{bookshop}}/browse/Books(201)/reviews?
 &$select=rating,date,reviewer,title
diff --git a/reviews/srv/reviews-service.cds b/reviews/srv/reviews-service.cds
index 44fa83e2..17a46578 100644
--- a/reviews/srv/reviews-service.cds
+++ b/reviews/srv/reviews-service.cds
@@ -24,14 +24,14 @@ service ReviewsService {
 
 
 // Access control restrictions
-annotate ReviewsService.Reviews with @restrict_:[
+annotate ReviewsService.Reviews with @restrict:[
   { grant:'READ',   to:'any' },                 // everybody can read reviews
   { grant:'CREATE', to:'authenticated-user' },  // users must login to add reviews
   { grant:'UPDATE', to:'authenticated-user', where:'reviewer=$user' },
   { grant:'DELETE', to:'admin' },
 ];
 
-annotate ReviewsService with @restrict_:[
+annotate ReviewsService with @restrict:[
   { grant:'like', to:'identified-user' },
   { grant:'unlike', to:'identified-user', where:'user=$user' },
 ];
diff --git a/test/custom-handlers.test.js b/test/custom-handlers.test.js
index 8e798d97..fd38c91f 100644
--- a/test/custom-handlers.test.js
+++ b/test/custom-handlers.test.js
@@ -1,4 +1,4 @@
-const cds = require('@sap/cds/lib')
+const cds = require('@sap/cds/lib'); cds.User = cds.User.Privileged // skip auth
 const { GET, POST, expect } = cds.test('bookshop').in(__dirname,'..')
 
 describe('Custom Handlers', () => {
diff --git a/test/localized-data.test.js b/test/localized-data.test.js
index ad8256b9..c31fd43a 100644
--- a/test/localized-data.test.js
+++ b/test/localized-data.test.js
@@ -1,4 +1,4 @@
-const cds = require('@sap/cds/lib')
+const cds = require('@sap/cds/lib'); cds.User = cds.User.Privileged // skip auth
 const { GET, expect } = cds.test ('serve', __dirname+'/localized-data.cds', '--in-memory')
 
 describe('Localized Data', () => {
diff --git a/test/messaging.test.js b/test/messaging.test.js
index a3e0df3e..78866a37 100644
--- a/test/messaging.test.js
+++ b/test/messaging.test.js
@@ -2,7 +2,7 @@ const cds = require('@sap/cds/lib')
 const cwd = process.cwd(); process.chdir (__dirname) //> only for internal CI/CD@SAP
 const {expect} = cds.test
 const _model = '@capire/reviews'
-
+cds.User = cds.User.Privileged // hard core monkey patch
 
 describe('Messaging', ()=>{
 
diff --git a/test/odata.test.js b/test/odata.test.js
index 4a561a95..db24ea3d 100644
--- a/test/odata.test.js
+++ b/test/odata.test.js
@@ -1,4 +1,4 @@
-const cds = require('@sap/cds/lib')
+const cds = require('@sap/cds/lib'); cds.User = cds.User.Privileged // skip auth
 const { GET, expect } = cds.test('bookshop').in(__dirname,'..')
 
 describe('OData Protocol', () => {