Add more tests to register/enroll/revoke

More tests that exercises the roles support for registering users Change-Id: Ifaeedabbb4ea93dc6aa96842e64f0480a58d0237 Signed-off-by: Jim Zhang <jzhang@us.ibm.com>
hyperledger · Feb 24, 2017 · abd80fb · abd80fb
1 parent 651aac8
commit abd80fb
Show file tree

Hide file tree

Showing 3 changed files with 33 additions and 268 deletions.
diff --git a/fabric-ca-client/lib/FabricCAClientImpl.js b/fabric-ca-client/lib/FabricCAClientImpl.js
@@ -75,6 +75,7 @@ var FabricCAServices = class {
 	 * Register the member and return an enrollment secret.
 	 * @param {Object} req Registration request with the following fields:
 	 * <br> - enrollmentID {string}. ID which will be used for enrollment
+	 * <br> - role {string}. An arbitrary string representing a role value for the user
 	 * <br> - group {string}. Group to which this user will be assigned, like a company or an organization
 	 * <br> - attrs {{@link KeyValueAttribute}[]}. Array of key/value attributes to assign to the user.
 	 * @param registrar {User}. The identity of the registrar (i.e. who is performing the registration)
@@ -91,7 +92,7 @@ var FabricCAServices = class {
 
 		checkRegistrar(registrar);
 
-		return this._fabricCAClient.register(req.enrollmentID, 'client', req.group, req.attrs, registrar.getSigningIdentity());
+		return this._fabricCAClient.register(req.enrollmentID, req.role, req.group, req.attrs, registrar.getSigningIdentity());
 	}
 
 	/**
@@ -289,7 +290,7 @@ var FabricCAClient = class {
 
 	/**
 	 * @typedef {Object} KeyValueAttribute
-	 * @property {string} key The key used to reference the attribute
+	 * @property {string} name The key used to reference the attribute
 	 * @property {string} value The value of the attribute
 	 */
 
@@ -316,7 +317,7 @@ var FabricCAClient = class {
 		return new Promise(function (resolve, reject) {
 			var regRequest = {
 				'id': enrollmentID,
-				'type': role,
+				'type': role ? role : 'client',
 				'group': group,
 				'attrs': attrs
 			};

diff --git a/test/integration/ca-tests.js b/test/integration/ca-tests.js
diff --git a/test/integration/fabriccopservices-tests.js b/test/integration/fabriccopservices-tests.js
@@ -62,7 +62,7 @@ test('FabricCAServices: Test enroll() With Dynamic CSR', function (t) {
 		enrollmentSecret: 'adminpw'
 	};
 
-	var eResult, client, member;
+	var eResult, client, member, webAdmin;
 	return cop.enroll(req)
 		.then((enrollment) => {
 			t.pass('Successfully enrolled \'' + req.enrollmentID + '\'.');
@@ -117,7 +117,7 @@ test('FabricCAServices: Test enroll() With Dynamic CSR', function (t) {
 		}).then((secret) => {
 			t.comment('Successfully registered another user "testUserY"');
 
-			return cop.enroll({enrollmentID: 'testUserY', enrollmentSecret: secret}, member);
+			return cop.enroll({enrollmentID: 'testUserY', enrollmentSecret: secret});
 		}).then((enrollment) => {
 			t.comment('Successfully enrolled "testUserY"');
 
@@ -132,6 +132,33 @@ test('FabricCAServices: Test enroll() With Dynamic CSR', function (t) {
 		}).then((response) => {
 			t.equal(response.success, true, 'Successfully revoked "testUserY" using serial number and AKI');
 
+			// register a new user 'webAdmin' that can register other users of the role 'client'
+			return cop.register({enrollmentID: 'webAdmin', group: 'bank_a', attrs: [{name: 'hf.Registrar.Roles', value: 'client'}]}, member);
+		}).then((secret) => {
+			t.pass('Successfully registered "webAdmin" who can register other users of the "client" role');
+
+			return cop.enroll({enrollmentID: 'webAdmin', enrollmentSecret: secret});
+		},(err) => {
+			t.fail('Failed to register "webAdmin". ' + err.stack ? err.stack : err);
+			t.end();
+		}).then((enrollment) => {
+			t.pass('Successfully enrolled "webAdmin"');
+
+			webAdmin = new User('webAdmin', client);
+			return webAdmin.setEnrollment(enrollment.key, enrollment.certificate);
+		}).then(() => {
+			t.pass('Successfully constructed User object for "webAdmin"');
+
+			return cop.register({enrollmentID: 'auditor', role: 'auditor'}, webAdmin);
+		}).then(() => {
+			t.fail('Should not have been able to use "webAdmin" to register a user of the "auditor" role');
+			t.end();
+		},(err) => {
+			t.pass('Successfully rejected attempt to register a user of invalid role. ' + err);
+
+			return cop.register({enrollmentID: 'auditor', role: 'client', group: 'bank_a'}, webAdmin);
+		}).then(() => {
+			t.pass('Successfully registered "auditor" of role "client" from "webAdmin"');
 			t.end();
 		}).catch((err) => {
 			t.fail('Failed at ' + err.stack ? err.stack : err);