n8n/packages/cli/test/unit/repositories/sharedCredentials.repository.test.ts

import { Container } from 'typedi';
import { In } from '@n8n/typeorm';
import { mock } from 'jest-mock-extended';
import { hasScope } from '@n8n/permissions';

import type { User } from '@db/entities/User';
import type { CredentialsEntity } from '@db/entities/CredentialsEntity';
import { SharedCredentials } from '@db/entities/SharedCredentials';
import { SharedCredentialsRepository } from '@db/repositories/sharedCredentials.repository';
import { GLOBAL_MEMBER_SCOPES, GLOBAL_OWNER_SCOPES } from '@/permissions/global-roles';
import { mockEntityManager } from '../../shared/mocking';

describe('SharedCredentialsRepository', () => {
	const entityManager = mockEntityManager(SharedCredentials);
	const repository = Container.get(SharedCredentialsRepository);

	describe('findCredentialForUser', () => {
		const credentialsId = 'cred_123';
		const sharedCredential = mock<SharedCredentials>();
		sharedCredential.credentials = mock<CredentialsEntity>({ id: credentialsId });
		const owner = mock<User>({
			isOwner: true,
			hasGlobalScope: (scope) =>
				hasScope(scope, {
					global: GLOBAL_OWNER_SCOPES,
				}),
		});
		const member = mock<User>({
			isOwner: false,
			id: 'test',
			hasGlobalScope: (scope) =>
				hasScope(scope, {
					global: GLOBAL_MEMBER_SCOPES,
				}),
		});

		beforeEach(() => {
			jest.resetAllMocks();
		});

		test('should allow instance owner access to all credentials', async () => {
			entityManager.findOne.mockResolvedValueOnce(sharedCredential);
			const credential = await repository.findCredentialForUser(credentialsId, owner, [
				'credential:read',
			]);
			expect(entityManager.findOne).toHaveBeenCalledWith(SharedCredentials, {
				relations: { credentials: { shared: { project: { projectRelations: { user: true } } } } },
				where: { credentialsId },
			});
			expect(credential).toEqual(sharedCredential.credentials);
		});

		test('should allow members', async () => {
			entityManager.findOne.mockResolvedValueOnce(sharedCredential);
			const credential = await repository.findCredentialForUser(credentialsId, member, [
				'credential:read',
			]);
			expect(entityManager.findOne).toHaveBeenCalledWith(SharedCredentials, {
				relations: { credentials: { shared: { project: { projectRelations: { user: true } } } } },
				where: {
					credentialsId,
					role: In(['credential:owner', 'credential:user']),
					project: {
						projectRelations: {
							role: In([
								'project:admin',
								'project:personalOwner',
								'project:editor',
								'project:viewer',
							]),
							userId: member.id,
						},
					},
				},
			});
			expect(credential).toEqual(sharedCredential.credentials);
		});

		test('should return null when no shared credential is found', async () => {
			entityManager.findOne.mockResolvedValueOnce(null);
			const credential = await repository.findCredentialForUser(credentialsId, member, [
				'credential:read',
			]);
			expect(entityManager.findOne).toHaveBeenCalledWith(SharedCredentials, {
				relations: { credentials: { shared: { project: { projectRelations: { user: true } } } } },
				where: {
					credentialsId,
					role: In(['credential:owner', 'credential:user']),
					project: {
						projectRelations: {
							role: In([
								'project:admin',
								'project:personalOwner',
								'project:editor',
								'project:viewer',
							]),
							userId: member.id,
						},
					},
				},
			});
			expect(credential).toEqual(null);
		});
	});
});
refactor(core): Convert OAuth1/OAuth2 routes to decorated controller classes (no-changelog) (#5973) 2023-11-03 09:20:54 -07:00			`import { Container } from 'typedi';`
feat: RBAC (#8922) Signed-off-by: Oleg Ivaniv <me@olegivaniv.com> Co-authored-by: Val <68596159+valya@users.noreply.github.com> Co-authored-by: कारतोफ्फेलस्क्रिप्ट™ <aditya@netroy.in> Co-authored-by: Valya Bullions <valya@n8n.io> Co-authored-by: Danny Martini <danny@n8n.io> Co-authored-by: Danny Martini <despair.blue@gmail.com> Co-authored-by: Iván Ovejero <ivov.src@gmail.com> Co-authored-by: Omar Ajoue <krynble@gmail.com> Co-authored-by: oleg <me@olegivaniv.com> Co-authored-by: Michael Kret <michael.k@radency.com> Co-authored-by: Michael Kret <88898367+michael-radency@users.noreply.github.com> Co-authored-by: Elias Meire <elias@meire.dev> Co-authored-by: Giulio Andreini <andreini@netseven.it> Co-authored-by: Giulio Andreini <g.andreini@gmail.com> Co-authored-by: Ayato Hayashi <go12limchangyong@gmail.com> 2024-05-17 01:53:15 -07:00			`import { In } from '@n8n/typeorm';`
refactor(core): Convert OAuth1/OAuth2 routes to decorated controller classes (no-changelog) (#5973) 2023-11-03 09:20:54 -07:00			`import { mock } from 'jest-mock-extended';`
ci: Delete some duplicate code in cli tests (no-changelog) (#9049) 2024-04-05 04:47:49 -07:00			`import { hasScope } from '@n8n/permissions';`

refactor(core): Convert OAuth1/OAuth2 routes to decorated controller classes (no-changelog) (#5973) 2023-11-03 09:20:54 -07:00			`import type { User } from '@db/entities/User';`
			`import type { CredentialsEntity } from '@db/entities/CredentialsEntity';`
			`import { SharedCredentials } from '@db/entities/SharedCredentials';`
			`import { SharedCredentialsRepository } from '@db/repositories/sharedCredentials.repository';`
feat: RBAC (#8922) Signed-off-by: Oleg Ivaniv <me@olegivaniv.com> Co-authored-by: Val <68596159+valya@users.noreply.github.com> Co-authored-by: कारतोफ्फेलस्क्रिप्ट™ <aditya@netroy.in> Co-authored-by: Valya Bullions <valya@n8n.io> Co-authored-by: Danny Martini <danny@n8n.io> Co-authored-by: Danny Martini <despair.blue@gmail.com> Co-authored-by: Iván Ovejero <ivov.src@gmail.com> Co-authored-by: Omar Ajoue <krynble@gmail.com> Co-authored-by: oleg <me@olegivaniv.com> Co-authored-by: Michael Kret <michael.k@radency.com> Co-authored-by: Michael Kret <88898367+michael-radency@users.noreply.github.com> Co-authored-by: Elias Meire <elias@meire.dev> Co-authored-by: Giulio Andreini <andreini@netseven.it> Co-authored-by: Giulio Andreini <g.andreini@gmail.com> Co-authored-by: Ayato Hayashi <go12limchangyong@gmail.com> 2024-05-17 01:53:15 -07:00			`import { GLOBAL_MEMBER_SCOPES, GLOBAL_OWNER_SCOPES } from '@/permissions/global-roles';`
ci: Delete some duplicate code in cli tests (no-changelog) (#9049) 2024-04-05 04:47:49 -07:00			`import { mockEntityManager } from '../../shared/mocking';`
refactor(core): Convert OAuth1/OAuth2 routes to decorated controller classes (no-changelog) (#5973) 2023-11-03 09:20:54 -07:00
			`describe('SharedCredentialsRepository', () => {`
ci: Delete some duplicate code in cli tests (no-changelog) (#9049) 2024-04-05 04:47:49 -07:00			`const entityManager = mockEntityManager(SharedCredentials);`
refactor(core): Convert OAuth1/OAuth2 routes to decorated controller classes (no-changelog) (#5973) 2023-11-03 09:20:54 -07:00			`const repository = Container.get(SharedCredentialsRepository);`

			`describe('findCredentialForUser', () => {`
			`const credentialsId = 'cred_123';`
			`const sharedCredential = mock<SharedCredentials>();`
			`sharedCredential.credentials = mock<CredentialsEntity>({ id: credentialsId });`
feat: Replace owner checks with scope checks (no-changelog) (#7846) Github issue / Community forum post (link here to close automatically): 2023-11-29 06:48:36 -08:00			`const owner = mock<User>({`
			`isOwner: true,`
ci: Remove unnecessary async/await, enable await-thenable linting rule (no-changelog) (#8076) ## Summary We accidentally made some functions `async` in https://github.com/n8n-io/n8n/pull/7846 This PR reverts that change. ## Review / Merge checklist - [x] PR title and summary are descriptive. 2023-12-19 04:52:42 -08:00			`hasGlobalScope: (scope) =>`
			`hasScope(scope, {`
feat: RBAC (#8922) Signed-off-by: Oleg Ivaniv <me@olegivaniv.com> Co-authored-by: Val <68596159+valya@users.noreply.github.com> Co-authored-by: कारतोफ्फेलस्क्रिप्ट™ <aditya@netroy.in> Co-authored-by: Valya Bullions <valya@n8n.io> Co-authored-by: Danny Martini <danny@n8n.io> Co-authored-by: Danny Martini <despair.blue@gmail.com> Co-authored-by: Iván Ovejero <ivov.src@gmail.com> Co-authored-by: Omar Ajoue <krynble@gmail.com> Co-authored-by: oleg <me@olegivaniv.com> Co-authored-by: Michael Kret <michael.k@radency.com> Co-authored-by: Michael Kret <88898367+michael-radency@users.noreply.github.com> Co-authored-by: Elias Meire <elias@meire.dev> Co-authored-by: Giulio Andreini <andreini@netseven.it> Co-authored-by: Giulio Andreini <g.andreini@gmail.com> Co-authored-by: Ayato Hayashi <go12limchangyong@gmail.com> 2024-05-17 01:53:15 -07:00			`global: GLOBAL_OWNER_SCOPES,`
ci: Remove unnecessary async/await, enable await-thenable linting rule (no-changelog) (#8076) ## Summary We accidentally made some functions `async` in https://github.com/n8n-io/n8n/pull/7846 This PR reverts that change. ## Review / Merge checklist - [x] PR title and summary are descriptive. 2023-12-19 04:52:42 -08:00			`}),`
feat: Replace owner checks with scope checks (no-changelog) (#7846) Github issue / Community forum post (link here to close automatically): 2023-11-29 06:48:36 -08:00			`});`
			`const member = mock<User>({`
			`isOwner: false,`
			`id: 'test',`
ci: Remove unnecessary async/await, enable await-thenable linting rule (no-changelog) (#8076) ## Summary We accidentally made some functions `async` in https://github.com/n8n-io/n8n/pull/7846 This PR reverts that change. ## Review / Merge checklist - [x] PR title and summary are descriptive. 2023-12-19 04:52:42 -08:00			`hasGlobalScope: (scope) =>`
			`hasScope(scope, {`
feat: RBAC (#8922) Signed-off-by: Oleg Ivaniv <me@olegivaniv.com> Co-authored-by: Val <68596159+valya@users.noreply.github.com> Co-authored-by: कारतोफ्फेलस्क्रिप्ट™ <aditya@netroy.in> Co-authored-by: Valya Bullions <valya@n8n.io> Co-authored-by: Danny Martini <danny@n8n.io> Co-authored-by: Danny Martini <despair.blue@gmail.com> Co-authored-by: Iván Ovejero <ivov.src@gmail.com> Co-authored-by: Omar Ajoue <krynble@gmail.com> Co-authored-by: oleg <me@olegivaniv.com> Co-authored-by: Michael Kret <michael.k@radency.com> Co-authored-by: Michael Kret <88898367+michael-radency@users.noreply.github.com> Co-authored-by: Elias Meire <elias@meire.dev> Co-authored-by: Giulio Andreini <andreini@netseven.it> Co-authored-by: Giulio Andreini <g.andreini@gmail.com> Co-authored-by: Ayato Hayashi <go12limchangyong@gmail.com> 2024-05-17 01:53:15 -07:00			`global: GLOBAL_MEMBER_SCOPES,`
ci: Remove unnecessary async/await, enable await-thenable linting rule (no-changelog) (#8076) ## Summary We accidentally made some functions `async` in https://github.com/n8n-io/n8n/pull/7846 This PR reverts that change. ## Review / Merge checklist - [x] PR title and summary are descriptive. 2023-12-19 04:52:42 -08:00			`}),`
feat: Replace owner checks with scope checks (no-changelog) (#7846) Github issue / Community forum post (link here to close automatically): 2023-11-29 06:48:36 -08:00			`});`
refactor(core): Convert OAuth1/OAuth2 routes to decorated controller classes (no-changelog) (#5973) 2023-11-03 09:20:54 -07:00
			`beforeEach(() => {`
			`jest.resetAllMocks();`
			`});`

			`test('should allow instance owner access to all credentials', async () => {`
			`entityManager.findOne.mockResolvedValueOnce(sharedCredential);`
feat: RBAC (#8922) Signed-off-by: Oleg Ivaniv <me@olegivaniv.com> Co-authored-by: Val <68596159+valya@users.noreply.github.com> Co-authored-by: कारतोफ्फेलस्क्रिप्ट™ <aditya@netroy.in> Co-authored-by: Valya Bullions <valya@n8n.io> Co-authored-by: Danny Martini <danny@n8n.io> Co-authored-by: Danny Martini <despair.blue@gmail.com> Co-authored-by: Iván Ovejero <ivov.src@gmail.com> Co-authored-by: Omar Ajoue <krynble@gmail.com> Co-authored-by: oleg <me@olegivaniv.com> Co-authored-by: Michael Kret <michael.k@radency.com> Co-authored-by: Michael Kret <88898367+michael-radency@users.noreply.github.com> Co-authored-by: Elias Meire <elias@meire.dev> Co-authored-by: Giulio Andreini <andreini@netseven.it> Co-authored-by: Giulio Andreini <g.andreini@gmail.com> Co-authored-by: Ayato Hayashi <go12limchangyong@gmail.com> 2024-05-17 01:53:15 -07:00			`const credential = await repository.findCredentialForUser(credentialsId, owner, [`
			`'credential:read',`
			`]);`
refactor(core): Convert OAuth1/OAuth2 routes to decorated controller classes (no-changelog) (#5973) 2023-11-03 09:20:54 -07:00			`expect(entityManager.findOne).toHaveBeenCalledWith(SharedCredentials, {`
feat: RBAC (#8922) Signed-off-by: Oleg Ivaniv <me@olegivaniv.com> Co-authored-by: Val <68596159+valya@users.noreply.github.com> Co-authored-by: कारतोफ्फेलस्क्रिप्ट™ <aditya@netroy.in> Co-authored-by: Valya Bullions <valya@n8n.io> Co-authored-by: Danny Martini <danny@n8n.io> Co-authored-by: Danny Martini <despair.blue@gmail.com> Co-authored-by: Iván Ovejero <ivov.src@gmail.com> Co-authored-by: Omar Ajoue <krynble@gmail.com> Co-authored-by: oleg <me@olegivaniv.com> Co-authored-by: Michael Kret <michael.k@radency.com> Co-authored-by: Michael Kret <88898367+michael-radency@users.noreply.github.com> Co-authored-by: Elias Meire <elias@meire.dev> Co-authored-by: Giulio Andreini <andreini@netseven.it> Co-authored-by: Giulio Andreini <g.andreini@gmail.com> Co-authored-by: Ayato Hayashi <go12limchangyong@gmail.com> 2024-05-17 01:53:15 -07:00			`relations: { credentials: { shared: { project: { projectRelations: { user: true } } } } },`
refactor(core): Convert OAuth1/OAuth2 routes to decorated controller classes (no-changelog) (#5973) 2023-11-03 09:20:54 -07:00			`where: { credentialsId },`
			`});`
			`expect(credential).toEqual(sharedCredential.credentials);`
			`});`

			`test('should allow members', async () => {`
			`entityManager.findOne.mockResolvedValueOnce(sharedCredential);`
feat: RBAC (#8922) Signed-off-by: Oleg Ivaniv <me@olegivaniv.com> Co-authored-by: Val <68596159+valya@users.noreply.github.com> Co-authored-by: कारतोफ्फेलस्क्रिप्ट™ <aditya@netroy.in> Co-authored-by: Valya Bullions <valya@n8n.io> Co-authored-by: Danny Martini <danny@n8n.io> Co-authored-by: Danny Martini <despair.blue@gmail.com> Co-authored-by: Iván Ovejero <ivov.src@gmail.com> Co-authored-by: Omar Ajoue <krynble@gmail.com> Co-authored-by: oleg <me@olegivaniv.com> Co-authored-by: Michael Kret <michael.k@radency.com> Co-authored-by: Michael Kret <88898367+michael-radency@users.noreply.github.com> Co-authored-by: Elias Meire <elias@meire.dev> Co-authored-by: Giulio Andreini <andreini@netseven.it> Co-authored-by: Giulio Andreini <g.andreini@gmail.com> Co-authored-by: Ayato Hayashi <go12limchangyong@gmail.com> 2024-05-17 01:53:15 -07:00			`const credential = await repository.findCredentialForUser(credentialsId, member, [`
			`'credential:read',`
			`]);`
refactor(core): Convert OAuth1/OAuth2 routes to decorated controller classes (no-changelog) (#5973) 2023-11-03 09:20:54 -07:00			`expect(entityManager.findOne).toHaveBeenCalledWith(SharedCredentials, {`
feat: RBAC (#8922) Signed-off-by: Oleg Ivaniv <me@olegivaniv.com> Co-authored-by: Val <68596159+valya@users.noreply.github.com> Co-authored-by: कारतोफ्फेलस्क्रिप्ट™ <aditya@netroy.in> Co-authored-by: Valya Bullions <valya@n8n.io> Co-authored-by: Danny Martini <danny@n8n.io> Co-authored-by: Danny Martini <despair.blue@gmail.com> Co-authored-by: Iván Ovejero <ivov.src@gmail.com> Co-authored-by: Omar Ajoue <krynble@gmail.com> Co-authored-by: oleg <me@olegivaniv.com> Co-authored-by: Michael Kret <michael.k@radency.com> Co-authored-by: Michael Kret <88898367+michael-radency@users.noreply.github.com> Co-authored-by: Elias Meire <elias@meire.dev> Co-authored-by: Giulio Andreini <andreini@netseven.it> Co-authored-by: Giulio Andreini <g.andreini@gmail.com> Co-authored-by: Ayato Hayashi <go12limchangyong@gmail.com> 2024-05-17 01:53:15 -07:00			`relations: { credentials: { shared: { project: { projectRelations: { user: true } } } } },`
			`where: {`
			`credentialsId,`
			`role: In(['credential:owner', 'credential:user']),`
			`project: {`
			`projectRelations: {`
feat(core): Implement `project:viewer` role (#9611) 2024-06-06 02:55:48 -07:00			`role: In([`
			`'project:admin',`
			`'project:personalOwner',`
			`'project:editor',`
			`'project:viewer',`
			`]),`
feat: RBAC (#8922) Signed-off-by: Oleg Ivaniv <me@olegivaniv.com> Co-authored-by: Val <68596159+valya@users.noreply.github.com> Co-authored-by: कारतोफ्फेलस्क्रिप्ट™ <aditya@netroy.in> Co-authored-by: Valya Bullions <valya@n8n.io> Co-authored-by: Danny Martini <danny@n8n.io> Co-authored-by: Danny Martini <despair.blue@gmail.com> Co-authored-by: Iván Ovejero <ivov.src@gmail.com> Co-authored-by: Omar Ajoue <krynble@gmail.com> Co-authored-by: oleg <me@olegivaniv.com> Co-authored-by: Michael Kret <michael.k@radency.com> Co-authored-by: Michael Kret <88898367+michael-radency@users.noreply.github.com> Co-authored-by: Elias Meire <elias@meire.dev> Co-authored-by: Giulio Andreini <andreini@netseven.it> Co-authored-by: Giulio Andreini <g.andreini@gmail.com> Co-authored-by: Ayato Hayashi <go12limchangyong@gmail.com> 2024-05-17 01:53:15 -07:00			`userId: member.id,`
			`},`
			`},`
			`},`
refactor(core): Convert OAuth1/OAuth2 routes to decorated controller classes (no-changelog) (#5973) 2023-11-03 09:20:54 -07:00			`});`
			`expect(credential).toEqual(sharedCredential.credentials);`
			`});`

			`test('should return null when no shared credential is found', async () => {`
			`entityManager.findOne.mockResolvedValueOnce(null);`
feat: RBAC (#8922) Signed-off-by: Oleg Ivaniv <me@olegivaniv.com> Co-authored-by: Val <68596159+valya@users.noreply.github.com> Co-authored-by: कारतोफ्फेलस्क्रिप्ट™ <aditya@netroy.in> Co-authored-by: Valya Bullions <valya@n8n.io> Co-authored-by: Danny Martini <danny@n8n.io> Co-authored-by: Danny Martini <despair.blue@gmail.com> Co-authored-by: Iván Ovejero <ivov.src@gmail.com> Co-authored-by: Omar Ajoue <krynble@gmail.com> Co-authored-by: oleg <me@olegivaniv.com> Co-authored-by: Michael Kret <michael.k@radency.com> Co-authored-by: Michael Kret <88898367+michael-radency@users.noreply.github.com> Co-authored-by: Elias Meire <elias@meire.dev> Co-authored-by: Giulio Andreini <andreini@netseven.it> Co-authored-by: Giulio Andreini <g.andreini@gmail.com> Co-authored-by: Ayato Hayashi <go12limchangyong@gmail.com> 2024-05-17 01:53:15 -07:00			`const credential = await repository.findCredentialForUser(credentialsId, member, [`
			`'credential:read',`
			`]);`
refactor(core): Convert OAuth1/OAuth2 routes to decorated controller classes (no-changelog) (#5973) 2023-11-03 09:20:54 -07:00			`expect(entityManager.findOne).toHaveBeenCalledWith(SharedCredentials, {`
feat: RBAC (#8922) Signed-off-by: Oleg Ivaniv <me@olegivaniv.com> Co-authored-by: Val <68596159+valya@users.noreply.github.com> Co-authored-by: कारतोफ्फेलस्क्रिप्ट™ <aditya@netroy.in> Co-authored-by: Valya Bullions <valya@n8n.io> Co-authored-by: Danny Martini <danny@n8n.io> Co-authored-by: Danny Martini <despair.blue@gmail.com> Co-authored-by: Iván Ovejero <ivov.src@gmail.com> Co-authored-by: Omar Ajoue <krynble@gmail.com> Co-authored-by: oleg <me@olegivaniv.com> Co-authored-by: Michael Kret <michael.k@radency.com> Co-authored-by: Michael Kret <88898367+michael-radency@users.noreply.github.com> Co-authored-by: Elias Meire <elias@meire.dev> Co-authored-by: Giulio Andreini <andreini@netseven.it> Co-authored-by: Giulio Andreini <g.andreini@gmail.com> Co-authored-by: Ayato Hayashi <go12limchangyong@gmail.com> 2024-05-17 01:53:15 -07:00			`relations: { credentials: { shared: { project: { projectRelations: { user: true } } } } },`
			`where: {`
			`credentialsId,`
			`role: In(['credential:owner', 'credential:user']),`
			`project: {`
			`projectRelations: {`
feat(core): Implement `project:viewer` role (#9611) 2024-06-06 02:55:48 -07:00			`role: In([`
			`'project:admin',`
			`'project:personalOwner',`
			`'project:editor',`
			`'project:viewer',`
			`]),`
feat: RBAC (#8922) Signed-off-by: Oleg Ivaniv <me@olegivaniv.com> Co-authored-by: Val <68596159+valya@users.noreply.github.com> Co-authored-by: कारतोफ्फेलस्क्रिप्ट™ <aditya@netroy.in> Co-authored-by: Valya Bullions <valya@n8n.io> Co-authored-by: Danny Martini <danny@n8n.io> Co-authored-by: Danny Martini <despair.blue@gmail.com> Co-authored-by: Iván Ovejero <ivov.src@gmail.com> Co-authored-by: Omar Ajoue <krynble@gmail.com> Co-authored-by: oleg <me@olegivaniv.com> Co-authored-by: Michael Kret <michael.k@radency.com> Co-authored-by: Michael Kret <88898367+michael-radency@users.noreply.github.com> Co-authored-by: Elias Meire <elias@meire.dev> Co-authored-by: Giulio Andreini <andreini@netseven.it> Co-authored-by: Giulio Andreini <g.andreini@gmail.com> Co-authored-by: Ayato Hayashi <go12limchangyong@gmail.com> 2024-05-17 01:53:15 -07:00			`userId: member.id,`
			`},`
			`},`
			`},`
refactor(core): Convert OAuth1/OAuth2 routes to decorated controller classes (no-changelog) (#5973) 2023-11-03 09:20:54 -07:00			`});`
			`expect(credential).toEqual(null);`
			`});`
			`});`
			`});`