mirror of
https://github.com/Unleash/unleash.git
synced 2025-01-06 00:07:44 +01:00
f00eac0881
Audit events for USER_CREATE, USER_UPDATE and USER_DELETE did not include the users rootRole. ![image](https://github.com/Unleash/unleash/assets/158948/fcbc1407-e4f0-438f-86cf-7073205cd8c2) --------- Co-authored-by: Gastón Fournier <gaston@getunleash.io>
200 lines
5.8 KiB
TypeScript
200 lines
5.8 KiB
TypeScript
import createStores from '../../test/fixtures/store';
|
|
import { createTestConfig } from '../../test/config/test-config';
|
|
import { createServices } from '../services';
|
|
import getApp from '../app';
|
|
import supertest from 'supertest';
|
|
import permissions from '../../test/fixtures/permissions';
|
|
import { RoleName, RoleType } from '../types/model';
|
|
|
|
describe('Public Signup API', () => {
|
|
async function getSetup() {
|
|
const stores = createStores();
|
|
const perms = permissions();
|
|
const config = createTestConfig({
|
|
preRouterHook: perms.hook,
|
|
});
|
|
|
|
stores.accessStore = {
|
|
...stores.accessStore,
|
|
addUserToRole: jest.fn(),
|
|
removeRolesOfTypeForUser: jest.fn(),
|
|
getRolesForUserId: () => Promise.resolve([]),
|
|
getRootRoleForUser: () =>
|
|
Promise.resolve({
|
|
id: -1,
|
|
name: RoleName.VIEWER,
|
|
type: RoleType.ROOT,
|
|
}),
|
|
};
|
|
|
|
const services = createServices(stores, config);
|
|
const app = await getApp(config, stores, services);
|
|
|
|
await stores.roleStore.create({
|
|
name: RoleName.VIEWER,
|
|
roleType: RoleType.ROOT,
|
|
description: '',
|
|
});
|
|
|
|
await stores.roleStore.create({
|
|
name: RoleName.ADMIN,
|
|
roleType: RoleType.ROOT,
|
|
description: '',
|
|
});
|
|
|
|
return {
|
|
request: supertest(app),
|
|
stores,
|
|
perms,
|
|
};
|
|
}
|
|
|
|
let stores;
|
|
let request;
|
|
|
|
const user = {
|
|
username: 'some-username',
|
|
email: 'someEmail@example.com',
|
|
name: 'some-name',
|
|
password: 'password',
|
|
};
|
|
|
|
beforeEach(async () => {
|
|
const setup = await getSetup();
|
|
stores = setup.stores;
|
|
request = setup.request;
|
|
});
|
|
|
|
const expireAt = (addDays: number = 7): Date => {
|
|
const now = new Date();
|
|
now.setDate(now.getDate() + addDays);
|
|
return now;
|
|
};
|
|
|
|
const createBody = () => ({
|
|
name: 'some-name',
|
|
expiresAt: expireAt(),
|
|
});
|
|
|
|
test('should create user and add to token', async () => {
|
|
expect.assertions(3);
|
|
const appName = '123!23';
|
|
|
|
stores.clientApplicationsStore.upsert({ appName });
|
|
stores.publicSignupTokenStore.create({
|
|
name: 'some-name',
|
|
expiresAt: expireAt(),
|
|
});
|
|
|
|
return request
|
|
.post('/invite/some-secret/signup')
|
|
.send(user)
|
|
.expect(201)
|
|
.expect(async (res) => {
|
|
const count = await stores.userStore.count();
|
|
expect(count).toBe(1);
|
|
const eventCount = await stores.eventStore.count();
|
|
expect(eventCount).toBe(2); //USER_CREATED && PUBLIC_SIGNUP_TOKEN_USER_ADDED
|
|
expect(res.body.username).toBe(user.username);
|
|
});
|
|
});
|
|
|
|
test('Should validate required fields', async () => {
|
|
const appName = '123!23';
|
|
|
|
stores.clientApplicationsStore.upsert({ appName });
|
|
stores.publicSignupTokenStore.create({
|
|
name: 'some-name',
|
|
expiresAt: expireAt(),
|
|
});
|
|
|
|
await request
|
|
.post('/invite/some-secret/signup')
|
|
.send({ name: 'test' })
|
|
.expect(400);
|
|
|
|
await request
|
|
.post('/invite/some-secret/signup')
|
|
.send({ email: 'test@test.com' })
|
|
.expect(400);
|
|
|
|
await request
|
|
.post('/invite/some-secret/signup')
|
|
.send({ ...user, rootRole: 1 })
|
|
.expect(400);
|
|
|
|
await request.post('/invite/some-secret/signup').send({}).expect(400);
|
|
});
|
|
|
|
test('should not be able to send root role in signup request body', async () => {
|
|
const appName = '123!23';
|
|
|
|
stores.clientApplicationsStore.upsert({ appName });
|
|
stores.publicSignupTokenStore.create({
|
|
name: 'some-name',
|
|
expiresAt: expireAt(),
|
|
});
|
|
|
|
const roles = await stores.roleStore.getAll();
|
|
const adminId = roles.find((role) => role.name === RoleName.ADMIN).id;
|
|
|
|
return request
|
|
.post('/invite/some-secret/signup')
|
|
.send({ ...user, rootRole: adminId })
|
|
.expect(400);
|
|
});
|
|
|
|
test('should not allow a user to register with expired token', async () => {
|
|
const appName = '123!23';
|
|
|
|
stores.clientApplicationsStore.upsert({ appName });
|
|
stores.publicSignupTokenStore.create({
|
|
name: 'some-name',
|
|
expiresAt: expireAt(-1),
|
|
});
|
|
|
|
return request
|
|
.post('/invite/some-secret/signup')
|
|
.send(user)
|
|
.expect(400);
|
|
});
|
|
|
|
test('should not allow a user to register disabled token', async () => {
|
|
const appName = '123!23';
|
|
|
|
stores.clientApplicationsStore.upsert({ appName });
|
|
stores.publicSignupTokenStore.create({
|
|
name: 'some-name',
|
|
expiresAt: expireAt(),
|
|
});
|
|
stores.publicSignupTokenStore.update('some-secret', { enabled: false });
|
|
|
|
return request
|
|
.post('/invite/some-secret/signup')
|
|
.send(user)
|
|
.expect(400);
|
|
});
|
|
|
|
test('should return 200 if token is valid', async () => {
|
|
const appName = '123!23';
|
|
|
|
stores.clientApplicationsStore.upsert({ appName });
|
|
// Create a token
|
|
const res = await request
|
|
.post('/api/admin/invite-link/tokens')
|
|
.send(createBody())
|
|
.expect(201);
|
|
const { secret } = res.body;
|
|
|
|
return request.get(`/invite/${secret}/validate`).expect(200);
|
|
});
|
|
|
|
test('should return 400 if token is invalid', async () => {
|
|
const appName = '123!23';
|
|
|
|
stores.clientApplicationsStore.upsert({ appName });
|
|
|
|
return request.get('/invite/some-invalid-secret/validate').expect(400);
|
|
});
|
|
});
|