2021-04-09 13:46:53 +02:00
|
|
|
import dbInit from '../helpers/database-init';
|
|
|
|
import getLogger from '../../fixtures/no-logger';
|
|
|
|
import UserService from '../../../lib/services/user-service';
|
2021-08-12 15:04:37 +02:00
|
|
|
import { AccessService } from '../../../lib/services/access-service';
|
2021-04-09 13:46:53 +02:00
|
|
|
import UserStore from '../../../lib/db/user-store';
|
2021-04-16 15:29:23 +02:00
|
|
|
import ResetTokenService from '../../../lib/services/reset-token-service';
|
|
|
|
import { EmailService } from '../../../lib/services/email-service';
|
2021-04-22 15:04:08 +02:00
|
|
|
import { createTestConfig } from '../../config/test-config';
|
2021-04-27 09:16:44 +02:00
|
|
|
import SessionService from '../../../lib/services/session-service';
|
2021-04-29 10:54:11 +02:00
|
|
|
import NotFoundError from '../../../lib/error/notfound-error';
|
2021-08-12 15:04:37 +02:00
|
|
|
import { IRole } from '../../../lib/types/stores/access-store';
|
|
|
|
import { RoleName } from '../../../lib/types/model';
|
2021-10-29 10:25:42 +02:00
|
|
|
import SettingService from '../../../lib/services/setting-service';
|
2022-08-26 09:09:48 +02:00
|
|
|
import { simpleAuthSettingsKey } from '../../../lib/types/settings/simple-auth-settings';
|
2021-11-02 15:13:46 +01:00
|
|
|
import { addDays, minutesToMilliseconds } from 'date-fns';
|
2022-07-21 16:23:56 +02:00
|
|
|
import { GroupService } from '../../../lib/services/group-service';
|
2022-08-26 09:09:48 +02:00
|
|
|
import { randomId } from '../../../lib/util/random-id';
|
2021-04-09 13:46:53 +02:00
|
|
|
|
|
|
|
let db;
|
|
|
|
let stores;
|
|
|
|
let userService: UserService;
|
|
|
|
let userStore: UserStore;
|
|
|
|
let adminRole: IRole;
|
2021-08-23 12:11:29 +02:00
|
|
|
let viewerRole: IRole;
|
2021-04-29 10:54:11 +02:00
|
|
|
let sessionService: SessionService;
|
2022-08-26 09:09:48 +02:00
|
|
|
let settingService: SettingService;
|
2021-04-09 13:46:53 +02:00
|
|
|
|
2021-05-28 11:10:24 +02:00
|
|
|
beforeAll(async () => {
|
2021-04-09 13:46:53 +02:00
|
|
|
db = await dbInit('user_service_serial', getLogger);
|
|
|
|
stores = db.stores;
|
2021-04-22 15:04:08 +02:00
|
|
|
const config = createTestConfig();
|
2022-07-21 16:23:56 +02:00
|
|
|
const groupService = new GroupService(stores, config);
|
|
|
|
const accessService = new AccessService(stores, config, groupService);
|
2021-04-16 15:29:23 +02:00
|
|
|
const resetTokenService = new ResetTokenService(stores, config);
|
2021-04-22 10:07:10 +02:00
|
|
|
const emailService = new EmailService(undefined, config.getLogger);
|
2021-04-29 10:54:11 +02:00
|
|
|
sessionService = new SessionService(stores, config);
|
2022-08-26 09:09:48 +02:00
|
|
|
settingService = new SettingService(stores, config);
|
2021-04-16 15:29:23 +02:00
|
|
|
|
|
|
|
userService = new UserService(stores, config, {
|
|
|
|
accessService,
|
|
|
|
resetTokenService,
|
|
|
|
emailService,
|
2021-04-27 09:16:44 +02:00
|
|
|
sessionService,
|
2021-10-29 10:25:42 +02:00
|
|
|
settingService,
|
2021-04-16 15:29:23 +02:00
|
|
|
});
|
2021-04-09 13:46:53 +02:00
|
|
|
userStore = stores.userStore;
|
|
|
|
const rootRoles = await accessService.getRootRoles();
|
2021-08-12 15:04:37 +02:00
|
|
|
adminRole = rootRoles.find((r) => r.name === RoleName.ADMIN);
|
2021-08-23 12:11:29 +02:00
|
|
|
viewerRole = rootRoles.find((r) => r.name === RoleName.VIEWER);
|
2021-04-09 13:46:53 +02:00
|
|
|
});
|
|
|
|
|
2021-05-28 11:10:24 +02:00
|
|
|
afterAll(async () => {
|
2021-04-09 13:46:53 +02:00
|
|
|
await db.destroy();
|
|
|
|
});
|
|
|
|
|
2021-05-28 11:10:24 +02:00
|
|
|
afterEach(async () => {
|
2021-04-29 10:54:11 +02:00
|
|
|
await userStore.deleteAll();
|
2021-04-09 13:46:53 +02:00
|
|
|
});
|
|
|
|
|
2021-05-28 11:10:24 +02:00
|
|
|
test('should create initial admin user', async () => {
|
2021-04-09 13:46:53 +02:00
|
|
|
await userService.initAdminUser();
|
2021-05-28 11:10:24 +02:00
|
|
|
await expect(async () =>
|
|
|
|
userService.loginUser('admin', 'wrong-password'),
|
|
|
|
).rejects.toThrow(Error);
|
|
|
|
await expect(async () =>
|
|
|
|
userService.loginUser('admin', 'unleash4all'),
|
|
|
|
).toBeTruthy();
|
2021-04-09 13:46:53 +02:00
|
|
|
});
|
|
|
|
|
2021-10-12 21:27:06 +02:00
|
|
|
test('should not init default user if we already have users', async () => {
|
|
|
|
await userService.createUser({
|
|
|
|
username: 'test',
|
|
|
|
password: 'A very strange P4ssw0rd_',
|
|
|
|
rootRole: adminRole.id,
|
|
|
|
});
|
|
|
|
await userService.initAdminUser();
|
|
|
|
const users = await userService.getAll();
|
|
|
|
expect(users).toHaveLength(1);
|
|
|
|
expect(users[0].username).toBe('test');
|
|
|
|
await expect(async () =>
|
|
|
|
userService.loginUser('admin', 'unleash4all'),
|
|
|
|
).rejects.toThrow(Error);
|
|
|
|
});
|
|
|
|
|
2021-05-28 11:10:24 +02:00
|
|
|
test('should not be allowed to create existing user', async () => {
|
2021-04-22 23:40:52 +02:00
|
|
|
await userStore.insert({ username: 'test', name: 'Hans Mola' });
|
2021-05-28 11:10:24 +02:00
|
|
|
await expect(async () =>
|
2021-04-09 13:46:53 +02:00
|
|
|
userService.createUser({ username: 'test', rootRole: adminRole.id }),
|
2021-05-28 11:10:24 +02:00
|
|
|
).rejects.toThrow(Error);
|
2021-04-09 13:46:53 +02:00
|
|
|
});
|
|
|
|
|
2021-05-28 11:10:24 +02:00
|
|
|
test('should create user with password', async () => {
|
2021-04-09 13:46:53 +02:00
|
|
|
await userService.createUser({
|
|
|
|
username: 'test',
|
|
|
|
password: 'A very strange P4ssw0rd_',
|
|
|
|
rootRole: adminRole.id,
|
|
|
|
});
|
|
|
|
const user = await userService.loginUser(
|
|
|
|
'test',
|
|
|
|
'A very strange P4ssw0rd_',
|
|
|
|
);
|
2021-05-28 11:10:24 +02:00
|
|
|
expect(user.username).toBe('test');
|
2021-04-09 13:46:53 +02:00
|
|
|
});
|
|
|
|
|
2021-10-29 10:25:42 +02:00
|
|
|
test('should not login user if simple auth is disabled', async () => {
|
2022-08-26 09:09:48 +02:00
|
|
|
await settingService.insert(
|
|
|
|
simpleAuthSettingsKey,
|
|
|
|
{ disabled: true },
|
|
|
|
randomId(),
|
|
|
|
);
|
2021-10-29 10:25:42 +02:00
|
|
|
|
|
|
|
await userService.createUser({
|
|
|
|
username: 'test_no_pass',
|
|
|
|
password: 'A very strange P4ssw0rd_',
|
|
|
|
rootRole: adminRole.id,
|
|
|
|
});
|
|
|
|
|
|
|
|
await expect(async () => {
|
|
|
|
await userService.loginUser('test_no_pass', 'A very strange P4ssw0rd_');
|
|
|
|
}).rejects.toThrowError(
|
|
|
|
'Logging in with username/password has been disabled.',
|
|
|
|
);
|
|
|
|
});
|
|
|
|
|
2021-05-28 11:10:24 +02:00
|
|
|
test('should login for user _without_ password', async () => {
|
2021-04-09 13:46:53 +02:00
|
|
|
const email = 'some@test.com';
|
|
|
|
await userService.createUser({
|
|
|
|
email,
|
|
|
|
password: 'A very strange P4ssw0rd_',
|
|
|
|
rootRole: adminRole.id,
|
|
|
|
});
|
|
|
|
const user = await userService.loginUserWithoutPassword(email);
|
2021-05-28 11:10:24 +02:00
|
|
|
expect(user.email).toBe(email);
|
2021-04-09 13:46:53 +02:00
|
|
|
});
|
|
|
|
|
2021-05-28 11:10:24 +02:00
|
|
|
test('should get user with root role', async () => {
|
2021-04-09 13:46:53 +02:00
|
|
|
const email = 'some@test.com';
|
|
|
|
const u = await userService.createUser({
|
|
|
|
email,
|
|
|
|
password: 'A very strange P4ssw0rd_',
|
|
|
|
rootRole: adminRole.id,
|
|
|
|
});
|
|
|
|
const user = await userService.getUser(u.id);
|
2021-05-28 11:10:24 +02:00
|
|
|
expect(user.email).toBe(email);
|
|
|
|
expect(user.id).toBe(u.id);
|
|
|
|
expect(user.rootRole).toBe(adminRole.id);
|
2021-04-30 13:25:24 +02:00
|
|
|
});
|
|
|
|
|
2021-05-28 11:10:24 +02:00
|
|
|
test('should get user with root role by name', async () => {
|
2021-04-30 13:25:24 +02:00
|
|
|
const email = 'some2@test.com';
|
|
|
|
const u = await userService.createUser({
|
|
|
|
email,
|
|
|
|
password: 'A very strange P4ssw0rd_',
|
|
|
|
rootRole: RoleName.ADMIN,
|
|
|
|
});
|
|
|
|
const user = await userService.getUser(u.id);
|
2021-05-28 11:10:24 +02:00
|
|
|
expect(user.email).toBe(email);
|
|
|
|
expect(user.id).toBe(u.id);
|
|
|
|
expect(user.rootRole).toBe(adminRole.id);
|
2021-04-09 13:46:53 +02:00
|
|
|
});
|
2021-04-29 10:54:11 +02:00
|
|
|
|
2021-08-12 15:04:37 +02:00
|
|
|
test("deleting a user should delete the user's sessions", async () => {
|
2021-04-29 10:54:11 +02:00
|
|
|
const email = 'some@test.com';
|
|
|
|
const user = await userService.createUser({
|
|
|
|
email,
|
|
|
|
password: 'A very strange P4ssw0rd_',
|
|
|
|
rootRole: adminRole.id,
|
|
|
|
});
|
|
|
|
const testComSession = {
|
|
|
|
sid: 'xyz321',
|
|
|
|
sess: {
|
|
|
|
cookie: {
|
2021-11-02 15:13:46 +01:00
|
|
|
originalMaxAge: minutesToMilliseconds(48),
|
|
|
|
expires: addDays(Date.now(), 1).toDateString(),
|
2021-04-29 10:54:11 +02:00
|
|
|
secure: false,
|
|
|
|
httpOnly: true,
|
|
|
|
path: '/',
|
|
|
|
},
|
|
|
|
user,
|
|
|
|
},
|
|
|
|
};
|
|
|
|
await sessionService.insertSession(testComSession);
|
|
|
|
const userSessions = await sessionService.getSessionsForUser(user.id);
|
2021-05-28 11:10:24 +02:00
|
|
|
expect(userSessions.length).toBe(1);
|
2021-04-29 10:54:11 +02:00
|
|
|
await userService.deleteUser(user.id);
|
2021-05-28 11:10:24 +02:00
|
|
|
await expect(async () =>
|
|
|
|
sessionService.getSessionsForUser(user.id),
|
|
|
|
).rejects.toThrow(NotFoundError);
|
2021-04-29 10:54:11 +02:00
|
|
|
});
|
2021-08-23 12:11:29 +02:00
|
|
|
|
2022-01-03 20:14:56 +01:00
|
|
|
test('updating a user without an email should not strip the email', async () => {
|
|
|
|
const email = 'some@test.com';
|
|
|
|
const user = await userService.createUser({
|
|
|
|
email,
|
|
|
|
password: 'A very strange P4ssw0rd_',
|
|
|
|
rootRole: adminRole.id,
|
|
|
|
});
|
|
|
|
|
2022-06-22 14:55:43 +02:00
|
|
|
await userService.updateUser({
|
|
|
|
id: user.id,
|
|
|
|
email: null,
|
|
|
|
name: 'some',
|
|
|
|
});
|
2022-01-03 20:14:56 +01:00
|
|
|
|
|
|
|
const updatedUser = await userService.getUser(user.id);
|
|
|
|
expect(updatedUser.email).toBe(email);
|
|
|
|
});
|
|
|
|
|
2021-08-23 12:11:29 +02:00
|
|
|
test('should login and create user via SSO', async () => {
|
|
|
|
const email = 'some@test.com';
|
|
|
|
const user = await userService.loginUserSSO({
|
|
|
|
email,
|
|
|
|
rootRole: RoleName.VIEWER,
|
|
|
|
name: 'some',
|
|
|
|
autoCreate: true,
|
|
|
|
});
|
|
|
|
|
|
|
|
const userWithRole = await userService.getUser(user.id);
|
|
|
|
expect(user.email).toBe(email);
|
|
|
|
expect(user.name).toBe('some');
|
|
|
|
expect(userWithRole.name).toBe('some');
|
|
|
|
expect(userWithRole.rootRole).toBe(viewerRole.id);
|
|
|
|
});
|
|
|
|
|
|
|
|
test('should throw if rootRole is wrong via SSO', async () => {
|
|
|
|
expect.assertions(1);
|
|
|
|
|
|
|
|
try {
|
|
|
|
await userService.loginUserSSO({
|
|
|
|
email: 'some@test.com',
|
|
|
|
rootRole: RoleName.MEMBER,
|
|
|
|
name: 'some',
|
|
|
|
autoCreate: true,
|
|
|
|
});
|
|
|
|
} catch (e) {
|
|
|
|
expect(e.message).toBe('Could not find rootRole=Member');
|
|
|
|
}
|
|
|
|
});
|
|
|
|
|
|
|
|
test('should update user name when signing in via SSO', async () => {
|
|
|
|
const email = 'some@test.com';
|
|
|
|
const originalUser = await userService.createUser({
|
|
|
|
email,
|
|
|
|
rootRole: RoleName.VIEWER,
|
|
|
|
name: 'some',
|
|
|
|
});
|
|
|
|
|
|
|
|
await userService.loginUserSSO({
|
|
|
|
email,
|
|
|
|
rootRole: RoleName.ADMIN,
|
|
|
|
name: 'New name!',
|
|
|
|
autoCreate: true,
|
|
|
|
});
|
|
|
|
|
|
|
|
const actualUser = await userService.getUser(originalUser.id);
|
|
|
|
|
|
|
|
expect(actualUser.email).toBe(email);
|
|
|
|
expect(actualUser.name).toBe('New name!');
|
|
|
|
expect(actualUser.rootRole).toBe(viewerRole.id);
|
|
|
|
});
|
|
|
|
|
|
|
|
test('should update name if it is different via SSO', async () => {
|
|
|
|
const email = 'some@test.com';
|
|
|
|
const originalUser = await userService.createUser({
|
|
|
|
email,
|
|
|
|
rootRole: RoleName.VIEWER,
|
|
|
|
name: 'some',
|
|
|
|
});
|
|
|
|
|
|
|
|
await userService.loginUserSSO({
|
|
|
|
email,
|
|
|
|
rootRole: RoleName.ADMIN,
|
|
|
|
name: 'New name!',
|
|
|
|
autoCreate: false,
|
|
|
|
});
|
|
|
|
|
|
|
|
const actualUser = await userService.getUser(originalUser.id);
|
|
|
|
|
|
|
|
expect(actualUser.email).toBe(email);
|
|
|
|
expect(actualUser.name).toBe('New name!');
|
|
|
|
expect(actualUser.rootRole).toBe(viewerRole.id);
|
|
|
|
});
|
|
|
|
|
|
|
|
test('should throw if autoCreate is false via SSO', async () => {
|
|
|
|
expect.assertions(1);
|
|
|
|
|
|
|
|
try {
|
|
|
|
await userService.loginUserSSO({
|
|
|
|
email: 'some@test.com',
|
|
|
|
rootRole: RoleName.MEMBER,
|
|
|
|
name: 'some',
|
|
|
|
autoCreate: false,
|
|
|
|
});
|
|
|
|
} catch (e) {
|
|
|
|
expect(e.message).toBe('No user found');
|
|
|
|
}
|
|
|
|
});
|