n8n/packages/cli/test/unit/controllers/owner.controller.test.ts

import type { CookieOptions, Response } from 'express';
import { anyObject, captor, mock } from 'jest-mock-extended';
import jwt from 'jsonwebtoken';
import type { User } from '@db/entities/User';
import type { SettingsRepository } from '@db/repositories/settings.repository';
import config from '@/config';
import type { OwnerRequest } from '@/requests';
import { OwnerController } from '@/controllers/owner.controller';
import { AUTH_COOKIE_NAME } from '@/constants';
import { UserService } from '@/services/user.service';
import { License } from '@/License';

import { mockInstance } from '../../shared/mocking';
import { badPasswords } from '../shared/testData';
import { BadRequestError } from '@/errors/response-errors/bad-request.error';
import { PasswordUtility } from '@/services/password.utility';
import Container from 'typedi';
import type { InternalHooks } from '@/InternalHooks';
import { UserRepository } from '@/databases/repositories/user.repository';

describe('OwnerController', () => {
	const configGetSpy = jest.spyOn(config, 'getEnv');
	const internalHooks = mock<InternalHooks>();
	const userService = mockInstance(UserService);
	const userRepository = mockInstance(UserRepository);
	const settingsRepository = mock<SettingsRepository>();
	mockInstance(License).isWithinUsersLimit.mockReturnValue(true);
	const controller = new OwnerController(
		mock(),
		internalHooks,
		settingsRepository,
		userService,
		Container.get(PasswordUtility),
		mock(),
		userRepository,
	);

	describe('setupOwner', () => {
		it('should throw a BadRequestError if the instance owner is already setup', async () => {
			configGetSpy.mockReturnValue(true);
			await expect(controller.setupOwner(mock(), mock())).rejects.toThrowError(
				new BadRequestError('Instance owner already setup'),
			);
		});

		it('should throw a BadRequestError if the email is invalid', async () => {
			configGetSpy.mockReturnValue(false);
			const req = mock<OwnerRequest.Post>({ body: { email: 'invalid email' } });
			await expect(controller.setupOwner(req, mock())).rejects.toThrowError(
				new BadRequestError('Invalid email address'),
			);
		});

		describe('should throw if the password is invalid', () => {
			Object.entries(badPasswords).forEach(([password, errorMessage]) => {
				it(password, async () => {
					configGetSpy.mockReturnValue(false);
					const req = mock<OwnerRequest.Post>({ body: { email: 'valid@email.com', password } });
					await expect(controller.setupOwner(req, mock())).rejects.toThrowError(
						new BadRequestError(errorMessage),
					);
				});
			});
		});

		it('should throw a BadRequestError if firstName & lastName are missing ', async () => {
			configGetSpy.mockReturnValue(false);
			const req = mock<OwnerRequest.Post>({
				body: { email: 'valid@email.com', password: 'NewPassword123', firstName: '', lastName: '' },
			});
			await expect(controller.setupOwner(req, mock())).rejects.toThrowError(
				new BadRequestError('First and last names are mandatory'),
			);
		});

		it('should setup the instance owner successfully', async () => {
			const user = mock<User>({
				id: 'userId',
				role: 'global:owner',
				authIdentities: [],
			});
			const req = mock<OwnerRequest.Post>({
				body: {
					email: 'valid@email.com',
					password: 'NewPassword123',
					firstName: 'Jane',
					lastName: 'Doe',
				},
				user,
			});
			const res = mock<Response>();
			configGetSpy.mockReturnValue(false);
			userRepository.save.calledWith(anyObject()).mockResolvedValue(user);
			jest.spyOn(jwt, 'sign').mockImplementation(() => 'signed-token');

			await controller.setupOwner(req, res);

			expect(userRepository.save).toHaveBeenCalledWith(user, { transaction: false });

			const cookieOptions = captor<CookieOptions>();
			expect(res.cookie).toHaveBeenCalledWith(AUTH_COOKIE_NAME, 'signed-token', cookieOptions);
			expect(cookieOptions.value.httpOnly).toBe(true);
			expect(cookieOptions.value.sameSite).toBe('lax');
		});
	});
});
refactor(core): Improve instance owner setup and add unit tests (no-changelog) (#5499) * refactor(core): Avoid fetching all workflows and credentials for the owner setup screen * refactor(core): Add unit tests for the owner controller 2023-02-17 01:59:09 -08:00			`import type { CookieOptions, Response } from 'express';`
			`import { anyObject, captor, mock } from 'jest-mock-extended';`
			`import jwt from 'jsonwebtoken';`
			`import type { User } from '@db/entities/User';`
ci(core): Reduce memory usage in tests (part-2) (no-changelog) (#7671) This also gets rid of `Db.collection`, which was another source of circular dependencies. 2023-11-10 06:04:26 -08:00			`import type { SettingsRepository } from '@db/repositories/settings.repository';`
refactor(core): Use Dependency Injection for all Controller classes (no-changelog) (#8146) ## Review / Merge checklist - [x] PR title and summary are descriptive 2023-12-27 02:50:43 -08:00			`import config from '@/config';`
refactor(core): Improve instance owner setup and add unit tests (no-changelog) (#5499) * refactor(core): Avoid fetching all workflows and credentials for the owner setup screen * refactor(core): Add unit tests for the owner controller 2023-02-17 01:59:09 -08:00			`import type { OwnerRequest } from '@/requests';`
ci(core): Reduce memory usage in tests (part-1) (no-changelog) (#7654) 2023-11-08 07:29:39 -08:00			`import { OwnerController } from '@/controllers/owner.controller';`
refactor(core): Improve instance owner setup and add unit tests (no-changelog) (#5499) * refactor(core): Avoid fetching all workflows and credentials for the owner setup screen * refactor(core): Add unit tests for the owner controller 2023-02-17 01:59:09 -08:00			`import { AUTH_COOKIE_NAME } from '@/constants';`
refactor(core): Move all user DB access to `UserRepository` (#6910) Prep for https://linear.app/n8n/issue/PAY-646 2023-08-22 06:58:05 -07:00			`import { UserService } from '@/services/user.service';`
ci(core): Reduce memory usage in tests (part-2) (no-changelog) (#7671) This also gets rid of `Db.collection`, which was another source of circular dependencies. 2023-11-10 06:04:26 -08:00			`import { License } from '@/License';`

			`import { mockInstance } from '../../shared/mocking';`
			`import { badPasswords } from '../shared/testData';`
refactor(core): Reorganize error hierarchy in `cli` package (no-changelog) (#7839) Ensure all errors in `cli` inherit from `ApplicationError` to continue normalizing all the errors we report to Sentry Follow-up to: https://github.com/n8n-io/n8n/pull/7820 2023-11-28 01:19:27 -08:00			`import { BadRequestError } from '@/errors/response-errors/bad-request.error';`
refactor(core): Introduce password utility (no-changelog) (#7979) ## Summary Provide details about your pull request and what it adds, fixes, or changes. Photos and videos are recommended. Continue breaking down `UserManagementHelper.ts` ... #### How to test the change: 1. ... ## Issues fixed Include links to Github issue or Community forum post or Linear ticket: > Important in order to close automatically and provide context to reviewers ... ## Review / Merge checklist - [ ] PR title and summary are descriptive. Remember, the title automatically goes into the changelog. Use `(no-changelog)` otherwise. ([conventions](https://github.com/n8n-io/n8n/blob/master/.github/pull_request_title_conventions.md)) - [ ] [Docs updated](https://github.com/n8n-io/n8n-docs) or follow-up ticket created. - [ ] Tests included. > A bug is not considered fixed, unless a test is added to prevent it from happening again. A feature is not complete without tests. > > (internal) You can use Slack commands to trigger [e2e tests](https://www.notion.so/n8n/How-to-use-Test-Instances-d65f49dfc51f441ea44367fb6f67eb0a?pvs=4#a39f9e5ba64a48b58a71d81c837e8227) or [deploy test instance](https://www.notion.so/n8n/How-to-use-Test-Instances-d65f49dfc51f441ea44367fb6f67eb0a?pvs=4#f6a177d32bde4b57ae2da0b8e454bfce) or [deploy early access version on Cloud](https://www.notion.so/n8n/Cloudbot-3dbe779836004972b7057bc989526998?pvs=4#fef2d36ab02247e1a0f65a74f6fb534e). 2023-12-11 09:23:42 -08:00			`import { PasswordUtility } from '@/services/password.utility';`
			`import Container from 'typedi';`
refactor(core): Use Dependency Injection for all Controller classes (no-changelog) (#8146) ## Review / Merge checklist - [x] PR title and summary are descriptive 2023-12-27 02:50:43 -08:00			`import type { InternalHooks } from '@/InternalHooks';`
refactor(core): Continue moving `typeorm` operators to repositories (no-changelog) (#8186) Follow-up to: #8163 2024-01-02 08:53:24 -08:00			`import { UserRepository } from '@/databases/repositories/user.repository';`
refactor(core): Improve instance owner setup and add unit tests (no-changelog) (#5499) * refactor(core): Avoid fetching all workflows and credentials for the owner setup screen * refactor(core): Add unit tests for the owner controller 2023-02-17 01:59:09 -08:00
			`describe('OwnerController', () => {`
refactor(core): Use Dependency Injection for all Controller classes (no-changelog) (#8146) ## Review / Merge checklist - [x] PR title and summary are descriptive 2023-12-27 02:50:43 -08:00			`const configGetSpy = jest.spyOn(config, 'getEnv');`
			`const internalHooks = mock<InternalHooks>();`
refactor(core): Move all user DB access to `UserRepository` (#6910) Prep for https://linear.app/n8n/issue/PAY-646 2023-08-22 06:58:05 -07:00			`const userService = mockInstance(UserService);`
refactor(core): Continue moving `typeorm` operators to repositories (no-changelog) (#8186) Follow-up to: #8163 2024-01-02 08:53:24 -08:00			`const userRepository = mockInstance(UserRepository);`
refactor(core): Use injectable classes for db repositories (part-1) (no-changelog) (#5953) Co-authored-by: ricardo <ricardoespinoza105@gmail.com> 2023-04-12 01:59:14 -07:00			`const settingsRepository = mock<SettingsRepository>();`
ci(core): Reduce memory usage in tests (part-2) (no-changelog) (#7671) This also gets rid of `Db.collection`, which was another source of circular dependencies. 2023-11-10 06:04:26 -08:00			`mockInstance(License).isWithinUsersLimit.mockReturnValue(true);`
refactor(core): Make controller constructors consistent (no-changelog) (#7015) 2023-08-25 04:23:22 -07:00			`const controller = new OwnerController(`
refactor(core): Make Logger a service (no-changelog) (#7494) 2023-10-25 07:35:22 -07:00			`mock(),`
refactor(core): Improve instance owner setup and add unit tests (no-changelog) (#5499) * refactor(core): Avoid fetching all workflows and credentials for the owner setup screen * refactor(core): Add unit tests for the owner controller 2023-02-17 01:59:09 -08:00			`internalHooks,`
refactor(core): Make controller constructors consistent (no-changelog) (#7015) 2023-08-25 04:23:22 -07:00			`settingsRepository,`
			`userService,`
refactor(core): Introduce password utility (no-changelog) (#7979) ## Summary Provide details about your pull request and what it adds, fixes, or changes. Photos and videos are recommended. Continue breaking down `UserManagementHelper.ts` ... #### How to test the change: 1. ... ## Issues fixed Include links to Github issue or Community forum post or Linear ticket: > Important in order to close automatically and provide context to reviewers ... ## Review / Merge checklist - [ ] PR title and summary are descriptive. Remember, the title automatically goes into the changelog. Use `(no-changelog)` otherwise. ([conventions](https://github.com/n8n-io/n8n/blob/master/.github/pull_request_title_conventions.md)) - [ ] [Docs updated](https://github.com/n8n-io/n8n-docs) or follow-up ticket created. - [ ] Tests included. > A bug is not considered fixed, unless a test is added to prevent it from happening again. A feature is not complete without tests. > > (internal) You can use Slack commands to trigger [e2e tests](https://www.notion.so/n8n/How-to-use-Test-Instances-d65f49dfc51f441ea44367fb6f67eb0a?pvs=4#a39f9e5ba64a48b58a71d81c837e8227) or [deploy test instance](https://www.notion.so/n8n/How-to-use-Test-Instances-d65f49dfc51f441ea44367fb6f67eb0a?pvs=4#f6a177d32bde4b57ae2da0b8e454bfce) or [deploy early access version on Cloud](https://www.notion.so/n8n/Cloudbot-3dbe779836004972b7057bc989526998?pvs=4#fef2d36ab02247e1a0f65a74f6fb534e). 2023-12-11 09:23:42 -08:00			`Container.get(PasswordUtility),`
refactor(core): Use Dependency Injection for all Controller classes (no-changelog) (#8146) ## Review / Merge checklist - [x] PR title and summary are descriptive 2023-12-27 02:50:43 -08:00			`mock(),`
refactor(core): Continue moving `typeorm` operators to repositories (no-changelog) (#8186) Follow-up to: #8163 2024-01-02 08:53:24 -08:00			`userRepository,`
refactor(core): Make controller constructors consistent (no-changelog) (#7015) 2023-08-25 04:23:22 -07:00			`);`
refactor(core): Improve instance owner setup and add unit tests (no-changelog) (#5499) * refactor(core): Avoid fetching all workflows and credentials for the owner setup screen * refactor(core): Add unit tests for the owner controller 2023-02-17 01:59:09 -08:00
			`describe('setupOwner', () => {`
			`it('should throw a BadRequestError if the instance owner is already setup', async () => {`
refactor(core): Use Dependency Injection for all Controller classes (no-changelog) (#8146) ## Review / Merge checklist - [x] PR title and summary are descriptive 2023-12-27 02:50:43 -08:00			`configGetSpy.mockReturnValue(true);`
feat(core): Remove all floating promises. Enforce `@typescript-eslint/no-floating-promises` (#6281) 2023-05-23 17:01:45 -07:00			`await expect(controller.setupOwner(mock(), mock())).rejects.toThrowError(`
refactor(core): Improve instance owner setup and add unit tests (no-changelog) (#5499) * refactor(core): Avoid fetching all workflows and credentials for the owner setup screen * refactor(core): Add unit tests for the owner controller 2023-02-17 01:59:09 -08:00			`new BadRequestError('Instance owner already setup'),`
			`);`
			`});`

			`it('should throw a BadRequestError if the email is invalid', async () => {`
refactor(core): Use Dependency Injection for all Controller classes (no-changelog) (#8146) ## Review / Merge checklist - [x] PR title and summary are descriptive 2023-12-27 02:50:43 -08:00			`configGetSpy.mockReturnValue(false);`
refactor(core): Improve instance owner setup and add unit tests (no-changelog) (#5499) * refactor(core): Avoid fetching all workflows and credentials for the owner setup screen * refactor(core): Add unit tests for the owner controller 2023-02-17 01:59:09 -08:00			`const req = mock<OwnerRequest.Post>({ body: { email: 'invalid email' } });`
feat(core): Remove all floating promises. Enforce `@typescript-eslint/no-floating-promises` (#6281) 2023-05-23 17:01:45 -07:00			`await expect(controller.setupOwner(req, mock())).rejects.toThrowError(`
refactor(core): Improve instance owner setup and add unit tests (no-changelog) (#5499) * refactor(core): Avoid fetching all workflows and credentials for the owner setup screen * refactor(core): Add unit tests for the owner controller 2023-02-17 01:59:09 -08:00			`new BadRequestError('Invalid email address'),`
			`);`
			`});`

			`describe('should throw if the password is invalid', () => {`
			`Object.entries(badPasswords).forEach(([password, errorMessage]) => {`
			`it(password, async () => {`
refactor(core): Use Dependency Injection for all Controller classes (no-changelog) (#8146) ## Review / Merge checklist - [x] PR title and summary are descriptive 2023-12-27 02:50:43 -08:00			`configGetSpy.mockReturnValue(false);`
refactor(core): Improve instance owner setup and add unit tests (no-changelog) (#5499) * refactor(core): Avoid fetching all workflows and credentials for the owner setup screen * refactor(core): Add unit tests for the owner controller 2023-02-17 01:59:09 -08:00			`const req = mock<OwnerRequest.Post>({ body: { email: 'valid@email.com', password } });`
feat(core): Remove all floating promises. Enforce `@typescript-eslint/no-floating-promises` (#6281) 2023-05-23 17:01:45 -07:00			`await expect(controller.setupOwner(req, mock())).rejects.toThrowError(`
refactor(core): Improve instance owner setup and add unit tests (no-changelog) (#5499) * refactor(core): Avoid fetching all workflows and credentials for the owner setup screen * refactor(core): Add unit tests for the owner controller 2023-02-17 01:59:09 -08:00			`new BadRequestError(errorMessage),`
			`);`
			`});`
			`});`
			`});`

			`it('should throw a BadRequestError if firstName & lastName are missing ', async () => {`
refactor(core): Use Dependency Injection for all Controller classes (no-changelog) (#8146) ## Review / Merge checklist - [x] PR title and summary are descriptive 2023-12-27 02:50:43 -08:00			`configGetSpy.mockReturnValue(false);`
refactor(core): Improve instance owner setup and add unit tests (no-changelog) (#5499) * refactor(core): Avoid fetching all workflows and credentials for the owner setup screen * refactor(core): Add unit tests for the owner controller 2023-02-17 01:59:09 -08:00			`const req = mock<OwnerRequest.Post>({`
			`body: { email: 'valid@email.com', password: 'NewPassword123', firstName: '', lastName: '' },`
			`});`
feat(core): Remove all floating promises. Enforce `@typescript-eslint/no-floating-promises` (#6281) 2023-05-23 17:01:45 -07:00			`await expect(controller.setupOwner(req, mock())).rejects.toThrowError(`
refactor(core): Improve instance owner setup and add unit tests (no-changelog) (#5499) * refactor(core): Avoid fetching all workflows and credentials for the owner setup screen * refactor(core): Add unit tests for the owner controller 2023-02-17 01:59:09 -08:00			`new BadRequestError('First and last names are mandatory'),`
			`);`
			`});`

			`it('should setup the instance owner successfully', async () => {`
			`const user = mock<User>({`
			`id: 'userId',`
refactor(core): Remove roleId indirection (no-changelog) (#8413) 2024-01-24 04:38:57 -08:00			`role: 'global:owner',`
refactor(core): Improve instance owner setup and add unit tests (no-changelog) (#5499) * refactor(core): Avoid fetching all workflows and credentials for the owner setup screen * refactor(core): Add unit tests for the owner controller 2023-02-17 01:59:09 -08:00			`authIdentities: [],`
			`});`
			`const req = mock<OwnerRequest.Post>({`
			`body: {`
			`email: 'valid@email.com',`
			`password: 'NewPassword123',`
			`firstName: 'Jane',`
			`lastName: 'Doe',`
			`},`
			`user,`
			`});`
			`const res = mock<Response>();`
refactor(core): Use Dependency Injection for all Controller classes (no-changelog) (#8146) ## Review / Merge checklist - [x] PR title and summary are descriptive 2023-12-27 02:50:43 -08:00			`configGetSpy.mockReturnValue(false);`
refactor(core): Continue moving `typeorm` operators to repositories (no-changelog) (#8186) Follow-up to: #8163 2024-01-02 08:53:24 -08:00			`userRepository.save.calledWith(anyObject()).mockResolvedValue(user);`
refactor(core): Improve instance owner setup and add unit tests (no-changelog) (#5499) * refactor(core): Avoid fetching all workflows and credentials for the owner setup screen * refactor(core): Add unit tests for the owner controller 2023-02-17 01:59:09 -08:00			`jest.spyOn(jwt, 'sign').mockImplementation(() => 'signed-token');`

			`await controller.setupOwner(req, res);`

fix: Fix typeorm .save usage (no-changelog) (#8678) 2024-02-20 07:34:54 -08:00			`expect(userRepository.save).toHaveBeenCalledWith(user, { transaction: false });`
refactor(core): Improve instance owner setup and add unit tests (no-changelog) (#5499) * refactor(core): Avoid fetching all workflows and credentials for the owner setup screen * refactor(core): Add unit tests for the owner controller 2023-02-17 01:59:09 -08:00
			`const cookieOptions = captor<CookieOptions>();`
			`expect(res.cookie).toHaveBeenCalledWith(AUTH_COOKIE_NAME, 'signed-token', cookieOptions);`
			`expect(cookieOptions.value.httpOnly).toBe(true);`
			`expect(cookieOptions.value.sameSite).toBe('lax');`
			`});`
			`});`
			`});`