n8n/packages/cli/test/integration/shared/db/users.ts

import Container from 'typedi';
import { hash } from 'bcryptjs';
import { AuthIdentity } from '@db/entities/AuthIdentity';
import type { GlobalRole, User } from '@db/entities/User';
import { AuthIdentityRepository } from '@db/repositories/authIdentity.repository';
import { UserRepository } from '@db/repositories/user.repository';
import { TOTPService } from '@/Mfa/totp.service';
import { MfaService } from '@/Mfa/mfa.service';

import { randomApiKey, randomEmail, randomName, randomValidPassword } from '../random';

// pre-computed bcrypt hash for the string 'password', using `await hash('password', 10)`
const passwordHash = '$2a$10$njedH7S6V5898mj6p0Jr..IGY9Ms.qNwR7RbSzzX9yubJocKfvGGK';

/**
 * Store a user in the DB, defaulting to a `member`.
 */
export async function createUser(attributes: Partial<User> = {}): Promise<User> {
	const { email, password, firstName, lastName, role, ...rest } = attributes;
	const user = Container.get(UserRepository).create({
		email: email ?? randomEmail(),
		password: password ? await hash(password, 1) : passwordHash,
		firstName: firstName ?? randomName(),
		lastName: lastName ?? randomName(),
		role: role ?? 'global:member',
		...rest,
	});
	user.computeIsOwner();

	return await Container.get(UserRepository).save(user);
}

export async function createLdapUser(attributes: Partial<User>, ldapId: string): Promise<User> {
	const user = await createUser(attributes);
	await Container.get(AuthIdentityRepository).save(AuthIdentity.create(user, ldapId, 'ldap'));
	return user;
}

export async function createUserWithMfaEnabled(
	data: { numberOfRecoveryCodes: number } = { numberOfRecoveryCodes: 10 },
) {
	const email = randomEmail();
	const password = randomValidPassword();

	const toptService = new TOTPService();

	const secret = toptService.generateSecret();

	const mfaService = Container.get(MfaService);

	const recoveryCodes = mfaService.generateRecoveryCodes(data.numberOfRecoveryCodes);

	const { encryptedSecret, encryptedRecoveryCodes } = mfaService.encryptSecretAndRecoveryCodes(
		secret,
		recoveryCodes,
	);

	return {
		user: await createUser({
			mfaEnabled: true,
			password,
			email,
			mfaSecret: encryptedSecret,
			mfaRecoveryCodes: encryptedRecoveryCodes,
		}),
		rawPassword: password,
		rawSecret: secret,
		rawRecoveryCodes: recoveryCodes,
	};
}

export async function createOwner() {
	return await createUser({ role: 'global:owner' });
}

export async function createMember() {
	return await createUser({ role: 'global:member' });
}

export async function createAdmin() {
	return await createUser({ role: 'global:admin' });
}

export async function createUserShell(role: GlobalRole): Promise<User> {
	const shell: Partial<User> = { role };

	if (role !== 'global:owner') {
		shell.email = randomEmail();
	}

	return await Container.get(UserRepository).save(shell);
}

/**
 * Create many users in the DB, defaulting to a `member`.
 */
export async function createManyUsers(
	amount: number,
	attributes: Partial<User> = {},
): Promise<User[]> {
	let { email, password, firstName, lastName, role, ...rest } = attributes;

	const users = await Promise.all(
		[...Array(amount)].map(async () =>
			Container.get(UserRepository).create({
				email: email ?? randomEmail(),
				password: password ? await hash(password, 1) : passwordHash,
				firstName: firstName ?? randomName(),
				lastName: lastName ?? randomName(),
				role: role ?? 'global:member',
				...rest,
			}),
		),
	);

	return await Container.get(UserRepository).save(users);
}

export async function addApiKey(user: User): Promise<User> {
	user.apiKey = randomApiKey();
	return await Container.get(UserRepository).save(user);
}

export const getAllUsers = async () =>
	await Container.get(UserRepository).find({
		relations: ['authIdentities'],
	});

export const getUserById = async (id: string) =>
	await Container.get(UserRepository).findOneOrFail({
		where: { id },
		relations: ['authIdentities'],
	});

export const getLdapIdentities = async () =>
	await Container.get(AuthIdentityRepository).find({
		where: { providerType: 'ldap' },
		relations: ['user'],
	});

export async function getGlobalOwner() {
	return await Container.get(UserRepository).findOneByOrFail({ role: 'global:owner' });
}
ci(core): Reduce memory usage in tests (part-1) (no-changelog) (#7654) 2023-11-08 07:29:39 -08:00			`import Container from 'typedi';`
			`import { hash } from 'bcryptjs';`
			`import { AuthIdentity } from '@db/entities/AuthIdentity';`
refactor(core): Remove roleId indirection (no-changelog) (#8413) 2024-01-24 04:38:57 -08:00			`import type { GlobalRole, User } from '@db/entities/User';`
ci(core): Reduce memory usage in tests (part-2) (no-changelog) (#7671) This also gets rid of `Db.collection`, which was another source of circular dependencies. 2023-11-10 06:04:26 -08:00			`import { AuthIdentityRepository } from '@db/repositories/authIdentity.repository';`
			`import { UserRepository } from '@db/repositories/user.repository';`
ci(core): Reduce memory usage in tests (part-1) (no-changelog) (#7654) 2023-11-08 07:29:39 -08:00			`import { TOTPService } from '@/Mfa/totp.service';`
			`import { MfaService } from '@/Mfa/mfa.service';`

			`import { randomApiKey, randomEmail, randomName, randomValidPassword } from '../random';`

ci(core): Avoid slow bcrypt calls in tests (no-changelog) (#8570) 2024-02-07 08:56:02 -08:00			// pre-computed bcrypt hash for the string 'password', using `await hash('password', 10)`
			`const passwordHash = '$2a$10$njedH7S6V5898mj6p0Jr..IGY9Ms.qNwR7RbSzzX9yubJocKfvGGK';`

ci(core): Reduce memory usage in tests (part-1) (no-changelog) (#7654) 2023-11-08 07:29:39 -08:00			`/**`
			* Store a user in the DB, defaulting to a `member`.
			`*/`
			`export async function createUser(attributes: Partial<User> = {}): Promise<User> {`
refactor(core): Remove roleId indirection (no-changelog) (#8413) 2024-01-24 04:38:57 -08:00			`const { email, password, firstName, lastName, role, ...rest } = attributes;`
feat: Replace owner checks with scope checks (no-changelog) (#7846) Github issue / Community forum post (link here to close automatically): 2023-11-29 06:48:36 -08:00			`const user = Container.get(UserRepository).create({`
ci(core): Reduce memory usage in tests (part-1) (no-changelog) (#7654) 2023-11-08 07:29:39 -08:00			`email: email ?? randomEmail(),`
ci(core): Avoid slow bcrypt calls in tests (no-changelog) (#8570) 2024-02-07 08:56:02 -08:00			`password: password ? await hash(password, 1) : passwordHash,`
ci(core): Reduce memory usage in tests (part-1) (no-changelog) (#7654) 2023-11-08 07:29:39 -08:00			`firstName: firstName ?? randomName(),`
			`lastName: lastName ?? randomName(),`
refactor(core): Remove roleId indirection (no-changelog) (#8413) 2024-01-24 04:38:57 -08:00			`role: role ?? 'global:member',`
ci(core): Reduce memory usage in tests (part-1) (no-changelog) (#7654) 2023-11-08 07:29:39 -08:00			`...rest,`
feat: Replace owner checks with scope checks (no-changelog) (#7846) Github issue / Community forum post (link here to close automatically): 2023-11-29 06:48:36 -08:00			`});`
			`user.computeIsOwner();`
ci(core): Reduce memory usage in tests (part-1) (no-changelog) (#7654) 2023-11-08 07:29:39 -08:00
fix: Set '@typescript-eslint/return-await' rule to 'always' for node code (no-changelog) (#8363) Co-authored-by: कारतोफ्फेलस्क्रिप्ट™ <aditya@netroy.in> 2024-01-17 07:08:50 -08:00			`return await Container.get(UserRepository).save(user);`
ci(core): Reduce memory usage in tests (part-1) (no-changelog) (#7654) 2023-11-08 07:29:39 -08:00			`}`

			`export async function createLdapUser(attributes: Partial<User>, ldapId: string): Promise<User> {`
			`const user = await createUser(attributes);`
			`await Container.get(AuthIdentityRepository).save(AuthIdentity.create(user, ldapId, 'ldap'));`
			`return user;`
			`}`

			`export async function createUserWithMfaEnabled(`
			`data: { numberOfRecoveryCodes: number } = { numberOfRecoveryCodes: 10 },`
			`) {`
			`const email = randomEmail();`
			`const password = randomValidPassword();`

			`const toptService = new TOTPService();`

			`const secret = toptService.generateSecret();`

			`const mfaService = Container.get(MfaService);`

			`const recoveryCodes = mfaService.generateRecoveryCodes(data.numberOfRecoveryCodes);`

			`const { encryptedSecret, encryptedRecoveryCodes } = mfaService.encryptSecretAndRecoveryCodes(`
			`secret,`
			`recoveryCodes,`
			`);`

			`return {`
			`user: await createUser({`
			`mfaEnabled: true,`
			`password,`
			`email,`
			`mfaSecret: encryptedSecret,`
			`mfaRecoveryCodes: encryptedRecoveryCodes,`
			`}),`
			`rawPassword: password,`
			`rawSecret: secret,`
			`rawRecoveryCodes: recoveryCodes,`
			`};`
			`}`

			`export async function createOwner() {`
refactor(core): Remove roleId indirection (no-changelog) (#8413) 2024-01-24 04:38:57 -08:00			`return await createUser({ role: 'global:owner' });`
ci(core): Reduce memory usage in tests (part-1) (no-changelog) (#7654) 2023-11-08 07:29:39 -08:00			`}`

			`export async function createMember() {`
refactor(core): Remove roleId indirection (no-changelog) (#8413) 2024-01-24 04:38:57 -08:00			`return await createUser({ role: 'global:member' });`
ci(core): Reduce memory usage in tests (part-1) (no-changelog) (#7654) 2023-11-08 07:29:39 -08:00			`}`

feat(core): Allow user role modification (#7797) https://linear.app/n8n/issue/PAY-985 ``` PATCH /users/:id/role unauthenticated user ✓ should receive 401 (349 ms) member ✓ should fail to demote owner to member (349 ms) ✓ should fail to demote owner to admin (359 ms) ✓ should fail to demote admin to member (381 ms) ✓ should fail to promote other member to owner (353 ms) ✓ should fail to promote other member to admin (377 ms) ✓ should fail to promote self to admin (354 ms) ✓ should fail to promote self to owner (371 ms) admin ✓ should receive 400 on invalid payload (351 ms) ✓ should receive 404 on unknown target user (351 ms) ✓ should fail to demote owner to admin (349 ms) ✓ should fail to demote owner to member (347 ms) ✓ should fail to promote member to owner (384 ms) ✓ should fail to promote admin to owner (350 ms) ✓ should be able to demote admin to member (354 ms) ✓ should be able to demote self to member (350 ms) ✓ should be able to promote member to admin (349 ms) owner ✓ should be able to promote member to admin (349 ms) ✓ should be able to demote admin to member (349 ms) ✓ should fail to demote self to admin (348 ms) ✓ should fail to demote self to member (354 ms) ``` 2023-11-24 02:40:08 -08:00			`export async function createAdmin() {`
refactor(core): Remove roleId indirection (no-changelog) (#8413) 2024-01-24 04:38:57 -08:00			`return await createUser({ role: 'global:admin' });`
feat(core): Allow user role modification (#7797) https://linear.app/n8n/issue/PAY-985 ``` PATCH /users/:id/role unauthenticated user ✓ should receive 401 (349 ms) member ✓ should fail to demote owner to member (349 ms) ✓ should fail to demote owner to admin (359 ms) ✓ should fail to demote admin to member (381 ms) ✓ should fail to promote other member to owner (353 ms) ✓ should fail to promote other member to admin (377 ms) ✓ should fail to promote self to admin (354 ms) ✓ should fail to promote self to owner (371 ms) admin ✓ should receive 400 on invalid payload (351 ms) ✓ should receive 404 on unknown target user (351 ms) ✓ should fail to demote owner to admin (349 ms) ✓ should fail to demote owner to member (347 ms) ✓ should fail to promote member to owner (384 ms) ✓ should fail to promote admin to owner (350 ms) ✓ should be able to demote admin to member (354 ms) ✓ should be able to demote self to member (350 ms) ✓ should be able to promote member to admin (349 ms) owner ✓ should be able to promote member to admin (349 ms) ✓ should be able to demote admin to member (349 ms) ✓ should fail to demote self to admin (348 ms) ✓ should fail to demote self to member (354 ms) ``` 2023-11-24 02:40:08 -08:00			`}`

refactor(core): Remove roleId indirection (no-changelog) (#8413) 2024-01-24 04:38:57 -08:00			`export async function createUserShell(role: GlobalRole): Promise<User> {`
			`const shell: Partial<User> = { role };`
ci(core): Reduce memory usage in tests (part-1) (no-changelog) (#7654) 2023-11-08 07:29:39 -08:00
refactor(core): Remove roleId indirection (no-changelog) (#8413) 2024-01-24 04:38:57 -08:00			`if (role !== 'global:owner') {`
ci(core): Reduce memory usage in tests (part-1) (no-changelog) (#7654) 2023-11-08 07:29:39 -08:00			`shell.email = randomEmail();`
			`}`

fix: Set '@typescript-eslint/return-await' rule to 'always' for node code (no-changelog) (#8363) Co-authored-by: कारतोफ्फेलस्क्रिप्ट™ <aditya@netroy.in> 2024-01-17 07:08:50 -08:00			`return await Container.get(UserRepository).save(shell);`
ci(core): Reduce memory usage in tests (part-1) (no-changelog) (#7654) 2023-11-08 07:29:39 -08:00			`}`

			`/**`
			* Create many users in the DB, defaulting to a `member`.
			`*/`
			`export async function createManyUsers(`
			`amount: number,`
			`attributes: Partial<User> = {},`
			`): Promise<User[]> {`
refactor(core): Remove roleId indirection (no-changelog) (#8413) 2024-01-24 04:38:57 -08:00			`let { email, password, firstName, lastName, role, ...rest } = attributes;`
ci(core): Reduce memory usage in tests (part-1) (no-changelog) (#7654) 2023-11-08 07:29:39 -08:00
			`const users = await Promise.all(`
			`[...Array(amount)].map(async () =>`
			`Container.get(UserRepository).create({`
			`email: email ?? randomEmail(),`
ci(core): Avoid slow bcrypt calls in tests (no-changelog) (#8570) 2024-02-07 08:56:02 -08:00			`password: password ? await hash(password, 1) : passwordHash,`
ci(core): Reduce memory usage in tests (part-1) (no-changelog) (#7654) 2023-11-08 07:29:39 -08:00			`firstName: firstName ?? randomName(),`
			`lastName: lastName ?? randomName(),`
refactor(core): Remove roleId indirection (no-changelog) (#8413) 2024-01-24 04:38:57 -08:00			`role: role ?? 'global:member',`
ci(core): Reduce memory usage in tests (part-1) (no-changelog) (#7654) 2023-11-08 07:29:39 -08:00			`...rest,`
			`}),`
			`),`
			`);`

fix: Set '@typescript-eslint/return-await' rule to 'always' for node code (no-changelog) (#8363) Co-authored-by: कारतोफ्फेलस्क्रिप्ट™ <aditya@netroy.in> 2024-01-17 07:08:50 -08:00			`return await Container.get(UserRepository).save(users);`
ci(core): Reduce memory usage in tests (part-1) (no-changelog) (#7654) 2023-11-08 07:29:39 -08:00			`}`

			`export async function addApiKey(user: User): Promise<User> {`
			`user.apiKey = randomApiKey();`
fix: Set '@typescript-eslint/return-await' rule to 'always' for node code (no-changelog) (#8363) Co-authored-by: कारतोफ्फेलस्क्रिप्ट™ <aditya@netroy.in> 2024-01-17 07:08:50 -08:00			`return await Container.get(UserRepository).save(user);`
ci(core): Reduce memory usage in tests (part-1) (no-changelog) (#7654) 2023-11-08 07:29:39 -08:00			`}`

			`export const getAllUsers = async () =>`
fix: Set '@typescript-eslint/return-await' rule to 'always' for node code (no-changelog) (#8363) Co-authored-by: कारतोफ्फेलस्क्रिप्ट™ <aditya@netroy.in> 2024-01-17 07:08:50 -08:00			`await Container.get(UserRepository).find({`
refactor(core): Remove roleId indirection (no-changelog) (#8413) 2024-01-24 04:38:57 -08:00			`relations: ['authIdentities'],`
ci(core): Reduce memory usage in tests (part-1) (no-changelog) (#7654) 2023-11-08 07:29:39 -08:00			`});`

feat(core): Allow user role modification (#7797) https://linear.app/n8n/issue/PAY-985 ``` PATCH /users/:id/role unauthenticated user ✓ should receive 401 (349 ms) member ✓ should fail to demote owner to member (349 ms) ✓ should fail to demote owner to admin (359 ms) ✓ should fail to demote admin to member (381 ms) ✓ should fail to promote other member to owner (353 ms) ✓ should fail to promote other member to admin (377 ms) ✓ should fail to promote self to admin (354 ms) ✓ should fail to promote self to owner (371 ms) admin ✓ should receive 400 on invalid payload (351 ms) ✓ should receive 404 on unknown target user (351 ms) ✓ should fail to demote owner to admin (349 ms) ✓ should fail to demote owner to member (347 ms) ✓ should fail to promote member to owner (384 ms) ✓ should fail to promote admin to owner (350 ms) ✓ should be able to demote admin to member (354 ms) ✓ should be able to demote self to member (350 ms) ✓ should be able to promote member to admin (349 ms) owner ✓ should be able to promote member to admin (349 ms) ✓ should be able to demote admin to member (349 ms) ✓ should fail to demote self to admin (348 ms) ✓ should fail to demote self to member (354 ms) ``` 2023-11-24 02:40:08 -08:00			`export const getUserById = async (id: string) =>`
fix: Set '@typescript-eslint/return-await' rule to 'always' for node code (no-changelog) (#8363) Co-authored-by: कारतोफ्फेलस्क्रिप्ट™ <aditya@netroy.in> 2024-01-17 07:08:50 -08:00			`await Container.get(UserRepository).findOneOrFail({`
feat(core): Allow user role modification (#7797) https://linear.app/n8n/issue/PAY-985 ``` PATCH /users/:id/role unauthenticated user ✓ should receive 401 (349 ms) member ✓ should fail to demote owner to member (349 ms) ✓ should fail to demote owner to admin (359 ms) ✓ should fail to demote admin to member (381 ms) ✓ should fail to promote other member to owner (353 ms) ✓ should fail to promote other member to admin (377 ms) ✓ should fail to promote self to admin (354 ms) ✓ should fail to promote self to owner (371 ms) admin ✓ should receive 400 on invalid payload (351 ms) ✓ should receive 404 on unknown target user (351 ms) ✓ should fail to demote owner to admin (349 ms) ✓ should fail to demote owner to member (347 ms) ✓ should fail to promote member to owner (384 ms) ✓ should fail to promote admin to owner (350 ms) ✓ should be able to demote admin to member (354 ms) ✓ should be able to demote self to member (350 ms) ✓ should be able to promote member to admin (349 ms) owner ✓ should be able to promote member to admin (349 ms) ✓ should be able to demote admin to member (349 ms) ✓ should fail to demote self to admin (348 ms) ✓ should fail to demote self to member (354 ms) ``` 2023-11-24 02:40:08 -08:00			`where: { id },`
refactor(core): Remove roleId indirection (no-changelog) (#8413) 2024-01-24 04:38:57 -08:00			`relations: ['authIdentities'],`
feat(core): Allow user role modification (#7797) https://linear.app/n8n/issue/PAY-985 ``` PATCH /users/:id/role unauthenticated user ✓ should receive 401 (349 ms) member ✓ should fail to demote owner to member (349 ms) ✓ should fail to demote owner to admin (359 ms) ✓ should fail to demote admin to member (381 ms) ✓ should fail to promote other member to owner (353 ms) ✓ should fail to promote other member to admin (377 ms) ✓ should fail to promote self to admin (354 ms) ✓ should fail to promote self to owner (371 ms) admin ✓ should receive 400 on invalid payload (351 ms) ✓ should receive 404 on unknown target user (351 ms) ✓ should fail to demote owner to admin (349 ms) ✓ should fail to demote owner to member (347 ms) ✓ should fail to promote member to owner (384 ms) ✓ should fail to promote admin to owner (350 ms) ✓ should be able to demote admin to member (354 ms) ✓ should be able to demote self to member (350 ms) ✓ should be able to promote member to admin (349 ms) owner ✓ should be able to promote member to admin (349 ms) ✓ should be able to demote admin to member (349 ms) ✓ should fail to demote self to admin (348 ms) ✓ should fail to demote self to member (354 ms) ``` 2023-11-24 02:40:08 -08:00			`});`

ci(core): Reduce memory usage in tests (part-1) (no-changelog) (#7654) 2023-11-08 07:29:39 -08:00			`export const getLdapIdentities = async () =>`
fix: Set '@typescript-eslint/return-await' rule to 'always' for node code (no-changelog) (#8363) Co-authored-by: कारतोफ्फेलस्क्रिप्ट™ <aditya@netroy.in> 2024-01-17 07:08:50 -08:00			`await Container.get(AuthIdentityRepository).find({`
ci(core): Reduce memory usage in tests (part-1) (no-changelog) (#7654) 2023-11-08 07:29:39 -08:00			`where: { providerType: 'ldap' },`
			`relations: ['user'],`
			`});`
fix(core): Assign credential ownership correctly in source control import (#8955) 2024-03-26 09:18:41 -07:00
			`export async function getGlobalOwner() {`
			`return await Container.get(UserRepository).findOneByOrFail({ role: 'global:owner' });`
			`}`