feat: sas9 mocker improved - public access denied scenario

2026-04-09 07:03:13 +00:00 · 2022-09-07 18:48:56 +02:00
parent 70655e74d3
commit 06d3b17154
5 changed files with 106 additions and 58 deletions
--- a/api/src/app.ts
+++ b/api/src/app.ts
@@ -3,6 +3,7 @@ import express, { ErrorRequestHandler } from 'express'
 import csrf, { CookieOptions } from 'csurf'
 import cookieParser from 'cookie-parser'
 import dotenv from 'dotenv'
+import bodyParser from 'body-parser'

 import {
  copySASjsCore,
@@ -77,6 +78,15 @@ export default setProcessVariables().then(async () => {
  app.use(express.json({ limit: '100mb' }))
  app.use(express.static(path.join(__dirname, '../public')))

+  // Body parser is used for decoding the formdata on POST request.
+  // Currently only place we use it is SAS9 Mock - POST /SASLogon/login
+  app.use(
+    bodyParser.urlencoded({
+      extended: true
+    })
+  )
+  app.use(bodyParser.json())
+
  await setupFolders()
  await copySASjsCore()

--- a/api/src/controllers/mock-sas9.ts
+++ b/api/src/controllers/mock-sas9.ts
@@ -15,7 +15,7 @@ export interface MockFileRead {
 }

 export class MockSas9Controller {
-  private loggedIn: boolean = false
+  private loggedIn: string | undefined

  @Get('/SASStoredProcess')
  public async sasStoredProcess(): Promise<Sas9Response> {
@@ -46,6 +46,13 @@ export class MockSas9Controller {
      }
    }

+    if (this.isPublicAccount()) {
+      return {
+        content: '',
+        redirect: '/SASLogon/Login'
+      }
+    }
+
    let program = req.query._program?.toString() || ''
    program = program.replace('/', '')

@@ -68,6 +75,23 @@ export class MockSas9Controller {

  @Get('/SASLogon/login')
  public async loginGet(): Promise<Sas9Response> {
+    if (this.loggedIn) {
+      if (this.isPublicAccount()) {
+        return {
+          content: '',
+          redirect: '/SASStoredProcess/Logoff?publicDenied=true'
+        }
+      } else {
+        return await getMockResponseFromFile([
+          process.cwd(),
+          'mocks',
+          'generic',
+          'sas9',
+          'logged-in'
+        ])
+      }
+    }
+
    return await getMockResponseFromFile([
      process.cwd(),
      'mocks',
@@ -78,8 +102,8 @@ export class MockSas9Controller {
  }

  @Post('/SASLogon/login')
-  public async loginPost(): Promise<Sas9Response> {
-    this.loggedIn = true
+  public async loginPost(req: express.Request): Promise<Sas9Response> {
+    this.loggedIn = req.body.username

    return await getMockResponseFromFile([
      process.cwd(),
@@ -91,8 +115,18 @@ export class MockSas9Controller {
  }

  @Get('/SASLogon/logout')
-  public async logout(): Promise<Sas9Response> {
-    this.loggedIn = false
+  public async logout(req: express.Request): Promise<Sas9Response> {
+    this.loggedIn = undefined
+
+    if (req.query.publicDenied === 'true') {
+      return await getMockResponseFromFile([
+        process.cwd(),
+        'mocks',
+        'generic',
+        'sas9',
+        'public-access-denied'
+      ])
+    }

    return await getMockResponseFromFile([
      process.cwd(),
@@ -102,6 +136,20 @@ export class MockSas9Controller {
      'logged-out'
    ])
  }
+
+  @Get('/SASStoredProcess/Logoff') //publicDenied=true
+  public async logoff(req: express.Request): Promise<Sas9Response> {
+    const params = req.query.publicDenied
+      ? `?publicDenied=${req.query.publicDenied}`
+      : ''
+
+    return {
+      content: '',
+      redirect: '/SASLogon/logout' + params
+    }
+  }
+
+  private isPublicAccount = () => this.loggedIn?.toLowerCase() === 'public'
 }

 /**
--- a/api/src/routes/web/sas9-web.ts
+++ b/api/src/routes/web/sas9-web.ts
@@ -58,6 +58,11 @@ sas9WebRouter.post('/SASStoredProcess/do/', async (req, res) => {
 sas9WebRouter.get('/SASLogon/login', async (req, res) => {
  const response = await controller.loginGet()

+  if (response.redirect) {
+    res.redirect(response.redirect)
+    return
+  }
+
  try {
    res.send(response.content)
  } catch (err: any) {
@@ -66,7 +71,12 @@ sas9WebRouter.get('/SASLogon/login', async (req, res) => {
 })

 sas9WebRouter.post('/SASLogon/login', async (req, res) => {
-  const response = await controller.loginPost()
+  const response = await controller.loginPost(req)
+
+  if (response.redirect) {
+    res.redirect(response.redirect)
+    return
+  }

  try {
    res.send(response.content)
@@ -76,7 +86,27 @@ sas9WebRouter.post('/SASLogon/login', async (req, res) => {
 })

 sas9WebRouter.get('/SASLogon/logout', async (req, res) => {
-  const response = await controller.logout()
+  const response = await controller.logout(req)
+
+  if (response.redirect) {
+    res.redirect(response.redirect)
+    return
+  }
+
+  try {
+    res.send(response.content)
+  } catch (err: any) {
+    res.status(403).send(err.toString())
+  }
+})
+
+sas9WebRouter.get('/SASStoredProcess/Logoff', async (req, res) => {
+  const response = await controller.logoff(req)
+
+  if (response.redirect) {
+    res.redirect(response.redirect)
+    return
+  }

  try {
    res.send(response.content)