n8n/packages/cli/test/integration/publicApi/users.ee.test.ts

231 lines
6.7 KiB
TypeScript
Raw Normal View History

import type { SuperAgentTest } from 'supertest';
import validator from 'validator';
import { v4 as uuid } from 'uuid';
import type { Role } from '@db/entities/Role';
import { License } from '@/License';
import { randomApiKey } from '../shared/random';
import * as utils from '../shared/utils/';
import * as testDb from '../shared/testDb';
utils.mockInstance(License, {
getUsersLimit: jest.fn().mockReturnValue(-1),
});
const testServer = utils.setupTestServer({ endpointGroups: ['publicApi'] });
let globalOwnerRole: Role;
let globalMemberRole: Role;
beforeAll(async () => {
[globalOwnerRole, globalMemberRole] = await testDb.getAllRoles();
});
beforeEach(async () => {
await testDb.truncate(['SharedCredentials', 'SharedWorkflow', 'Workflow', 'Credentials', 'User']);
});
describe('With license unlimited quota:users', () => {
describe('GET /users', () => {
test('should fail due to missing API Key', async () => {
const owner = await testDb.createUser({ globalRole: globalOwnerRole });
const authOwnerAgent = testServer.publicApiAgentFor(owner);
await authOwnerAgent.get('/users').expect(401);
});
test('should fail due to invalid API Key', async () => {
const owner = await testDb.createUser({
globalRole: globalOwnerRole,
apiKey: randomApiKey(),
});
owner.apiKey = 'invalid-key';
const authOwnerAgent = testServer.publicApiAgentFor(owner);
await authOwnerAgent.get('/users').expect(401);
});
test('should fail due to member trying to access owner only endpoint', async () => {
const member = await testDb.createUser({ apiKey: randomApiKey() });
const authMemberAgent = testServer.publicApiAgentFor(member);
await authMemberAgent.get('/users').expect(403);
});
test('should return all users', async () => {
const owner = await testDb.createUser({
globalRole: globalOwnerRole,
apiKey: randomApiKey(),
});
const authOwnerAgent = testServer.publicApiAgentFor(owner);
await testDb.createUser();
const response = await authOwnerAgent.get('/users').expect(200);
expect(response.body.data.length).toBe(2);
expect(response.body.nextCursor).toBeNull();
for (const user of response.body.data) {
const {
id,
email,
firstName,
lastName,
personalizationAnswers,
globalRole,
password,
isPending,
createdAt,
updatedAt,
} = user;
expect(validator.isUUID(id)).toBe(true);
expect(email).toBeDefined();
expect(firstName).toBeDefined();
expect(lastName).toBeDefined();
expect(personalizationAnswers).toBeUndefined();
expect(password).toBeUndefined();
expect(isPending).toBe(false);
expect(globalRole).toBeUndefined();
expect(createdAt).toBeDefined();
expect(updatedAt).toBeDefined();
}
});
});
describe('GET /users/:id', () => {
test('should fail due to missing API Key', async () => {
const owner = await testDb.createUser({ globalRole: globalOwnerRole });
const authOwnerAgent = testServer.publicApiAgentFor(owner);
await authOwnerAgent.get(`/users/${owner.id}`).expect(401);
});
test('should fail due to invalid API Key', async () => {
const owner = await testDb.createUser({
globalRole: globalOwnerRole,
apiKey: randomApiKey(),
});
owner.apiKey = 'invalid-key';
const authOwnerAgent = testServer.publicApiAgentFor(owner);
await authOwnerAgent.get(`/users/${owner.id}`).expect(401);
});
test('should fail due to member trying to access owner only endpoint', async () => {
const member = await testDb.createUser({ apiKey: randomApiKey() });
const authMemberAgent = testServer.publicApiAgentFor(member);
await authMemberAgent.get(`/users/${member.id}`).expect(403);
});
test('should return 404 for non-existing id ', async () => {
const owner = await testDb.createUser({
globalRole: globalOwnerRole,
apiKey: randomApiKey(),
});
const authOwnerAgent = testServer.publicApiAgentFor(owner);
await authOwnerAgent.get(`/users/${uuid()}`).expect(404);
});
test('should return a pending user', async () => {
const owner = await testDb.createUser({
globalRole: globalOwnerRole,
apiKey: randomApiKey(),
});
const { id: memberId } = await testDb.createUserShell(globalMemberRole);
const authOwnerAgent = testServer.publicApiAgentFor(owner);
const response = await authOwnerAgent.get(`/users/${memberId}`).expect(200);
const {
id,
email,
firstName,
lastName,
personalizationAnswers,
globalRole,
password,
isPending,
createdAt,
updatedAt,
} = response.body;
expect(validator.isUUID(id)).toBe(true);
expect(email).toBeDefined();
expect(firstName).toBeDefined();
expect(lastName).toBeDefined();
expect(personalizationAnswers).toBeUndefined();
expect(password).toBeUndefined();
expect(globalRole).toBeUndefined();
expect(createdAt).toBeDefined();
expect(isPending).toBeDefined();
expect(isPending).toBeTruthy();
expect(updatedAt).toBeDefined();
});
});
describe('GET /users/:email', () => {
test('with non-existing email should return 404', async () => {
const owner = await testDb.createUser({
globalRole: globalOwnerRole,
apiKey: randomApiKey(),
});
const authOwnerAgent = testServer.publicApiAgentFor(owner);
await authOwnerAgent.get('/users/jhondoe@gmail.com').expect(404);
});
test('should return a user', async () => {
const owner = await testDb.createUser({
globalRole: globalOwnerRole,
apiKey: randomApiKey(),
});
const authOwnerAgent = testServer.publicApiAgentFor(owner);
const response = await authOwnerAgent.get(`/users/${owner.email}`).expect(200);
const {
id,
email,
firstName,
lastName,
personalizationAnswers,
globalRole,
password,
isPending,
createdAt,
updatedAt,
} = response.body;
expect(validator.isUUID(id)).toBe(true);
expect(email).toBeDefined();
expect(firstName).toBeDefined();
expect(lastName).toBeDefined();
expect(personalizationAnswers).toBeUndefined();
expect(password).toBeUndefined();
expect(isPending).toBe(false);
expect(globalRole).toBeUndefined();
expect(createdAt).toBeDefined();
expect(updatedAt).toBeDefined();
});
});
});
describe('With license without quota:users', () => {
let authOwnerAgent: SuperAgentTest;
beforeEach(async () => {
utils.mockInstance(License, { getUsersLimit: jest.fn().mockReturnValue(null) });
const owner = await testDb.createUser({
globalRole: globalOwnerRole,
apiKey: randomApiKey(),
});
authOwnerAgent = testServer.publicApiAgentFor(owner);
});
test('GET /users should fail due to invalid license', async () => {
await authOwnerAgent.get('/users').expect(403);
});
test('GET /users/:id should fail due to invalid license', async () => {
await authOwnerAgent.get(`/users/${uuid()}`).expect(403);
});
});