Add backend team enforcement via requireTeam() middleware
Introduce server-side team-scoped data access enforcement: - Add TEAM_TO_IVANTI/IVANTI_TO_TEAM mapping to helpers/teams.js - Add requireTeam() middleware to middleware/auth.js - Admin bypass (req.teamScope = null) - 403 for users with no team assignment - Populates req.teamScope with short and ivanti name arrays - Ivanti findings: replace client ?teams= param with req.teamScope filtering on GET /, /counts, /counts/history, /fp-workflow-counts, POST /sync - Override and note endpoints verify finding is in team scope - Compliance: add requireTeam() router-level, validate ?team= param against scope on GET /items and GET /summary - CARD: validate teamName param on GET /teams/:teamName/assets - Todo queue: verify findings belong to user's teams on POST /batch - Clarify IVANTI_BU_FILTER comment (sync-level vs query-time filtering) - Update 14 test files to include requireTeam in auth middleware mocks
This commit is contained in:
Jordan Ramos
@@ -36,6 +36,7 @@ const fc = require('fast-check');
|
||||
// --- Mocks (must be installed BEFORE requiring the route module) ---
|
||||
|
||||
jest.mock('../middleware/auth', () => ({
|
||||
requireTeam: () => (req, res, next) => { req.teamScope = null; next(); },
|
||||
requireAuth: () => (req, res, next) => {
|
||||
req.user = { id: 1, username: 'testuser', group: 'Admin' };
|
||||
next();
|
||||
|
||||
@@ -40,6 +40,7 @@ const fc = require('fast-check');
|
||||
// --- Mocks (must be installed BEFORE requiring the route module) ---
|
||||
|
||||
jest.mock('../middleware/auth', () => ({
|
||||
requireTeam: () => (req, res, next) => { req.teamScope = null; next(); },
|
||||
requireAuth: () => (req, res, next) => {
|
||||
req.user = { id: 1, username: 'testuser', group: 'Admin' };
|
||||
next();
|
||||
|
||||
@@ -26,6 +26,7 @@ const fc = require('fast-check');
|
||||
// --- Mocks (must be installed BEFORE requiring the route module) ---
|
||||
|
||||
jest.mock('../middleware/auth', () => ({
|
||||
requireTeam: () => (req, res, next) => { req.teamScope = null; next(); },
|
||||
requireAuth: () => (req, res, next) => {
|
||||
req.user = { id: 1, username: 'testuser', group: 'Admin' };
|
||||
next();
|
||||
|
||||
@@ -16,6 +16,7 @@ const express = require('express');
|
||||
|
||||
// Mock auth middleware
|
||||
jest.mock('../middleware/auth', () => ({
|
||||
requireTeam: () => (req, res, next) => { req.teamScope = null; next(); },
|
||||
requireAuth: () => (req, res, next) => {
|
||||
req.user = { id: 1, username: 'testuser', group: 'Admin' };
|
||||
next();
|
||||
|
||||
@@ -20,6 +20,7 @@ const fc = require('fast-check');
|
||||
// --- Mocks (must be installed BEFORE requiring the route module) ---
|
||||
|
||||
jest.mock('../middleware/auth', () => ({
|
||||
requireTeam: () => (req, res, next) => { req.teamScope = null; next(); },
|
||||
requireAuth: () => (req, res, next) => next(),
|
||||
requireGroup: () => (req, res, next) => next(),
|
||||
}));
|
||||
|
||||
@@ -22,6 +22,7 @@ const fc = require('fast-check');
|
||||
|
||||
// Mock dependencies required by the compliance module
|
||||
jest.mock('../middleware/auth', () => ({
|
||||
requireTeam: () => (req, res, next) => { req.teamScope = null; next(); },
|
||||
requireAuth: () => (req, res, next) => next(),
|
||||
requireGroup: () => (req, res, next) => next(),
|
||||
}));
|
||||
|
||||
@@ -14,6 +14,7 @@ const express = require('express');
|
||||
|
||||
// Mock auth middleware to bypass real session checks
|
||||
jest.mock('../middleware/auth', () => ({
|
||||
requireTeam: () => (req, res, next) => { req.teamScope = null; next(); },
|
||||
requireAuth: () => (req, res, next) => {
|
||||
req.user = { id: 1, username: 'testuser', group: 'Admin' };
|
||||
next();
|
||||
|
||||
@@ -35,6 +35,7 @@ const fc = require('fast-check');
|
||||
// --- Mocks (must be installed BEFORE requiring the route module) ---
|
||||
|
||||
jest.mock('../middleware/auth', () => ({
|
||||
requireTeam: () => (req, res, next) => { req.teamScope = null; next(); },
|
||||
requireAuth: () => (req, _res, next) => {
|
||||
req.user = { id: 42, username: 'testuser', group: 'Admin' };
|
||||
next();
|
||||
|
||||
@@ -18,6 +18,7 @@ const express = require('express');
|
||||
// --- Mocks ---
|
||||
|
||||
jest.mock('../middleware/auth', () => ({
|
||||
requireTeam: () => (req, res, next) => { req.teamScope = null; next(); },
|
||||
requireAuth: () => (req, _res, next) => {
|
||||
req.user = { id: 7, username: 'testuser', group: 'Admin' };
|
||||
next();
|
||||
|
||||
@@ -7,6 +7,7 @@ const express = require('express');
|
||||
|
||||
// Mock auth middleware
|
||||
jest.mock('../middleware/auth', () => ({
|
||||
requireTeam: () => (req, res, next) => { req.teamScope = null; next(); },
|
||||
requireAuth: () => (req, _res, next) => {
|
||||
req.user = { id: 7, username: 'testuser' };
|
||||
next();
|
||||
|
||||
@@ -18,6 +18,7 @@ const express = require('express');
|
||||
|
||||
// Mock the auth middleware so routes don't require real sessions/cookies.
|
||||
jest.mock('../middleware/auth', () => ({
|
||||
requireTeam: () => (req, res, next) => { req.teamScope = null; next(); },
|
||||
requireAuth: () => (req, res, next) => {
|
||||
req.user = { id: 1, username: 'test', group: 'Admin' };
|
||||
next();
|
||||
|
||||
@@ -12,6 +12,7 @@ const express = require('express');
|
||||
|
||||
// Mock the auth middleware so routes don't require real sessions/cookies.
|
||||
jest.mock('../middleware/auth', () => ({
|
||||
requireTeam: () => (req, res, next) => { req.teamScope = null; next(); },
|
||||
requireAuth: () => (req, res, next) => {
|
||||
req.user = { id: 1, username: 'test', group: 'Admin' };
|
||||
next();
|
||||
|
||||
@@ -17,6 +17,7 @@ const express = require('express');
|
||||
|
||||
// Mock auth middleware
|
||||
jest.mock('../middleware/auth', () => ({
|
||||
requireTeam: () => (req, res, next) => { req.teamScope = null; next(); },
|
||||
requireAuth: () => (req, res, next) => {
|
||||
req.user = { id: 1, username: 'testuser', group: 'Admin' };
|
||||
next();
|
||||
|
||||
@@ -17,6 +17,7 @@ const express = require('express');
|
||||
|
||||
// Mock auth middleware to bypass real session checks
|
||||
jest.mock('../middleware/auth', () => ({
|
||||
requireTeam: () => (req, res, next) => { req.teamScope = null; next(); },
|
||||
requireAuth: () => (req, res, next) => {
|
||||
req.user = { id: 1, username: 'testuser', group: 'Admin' };
|
||||
next();
|
||||
|
||||
Reference in New Issue
Block a user