mudhorn/n8n
1
0
Fork 0
mirror of https://github.com/n8n-io/n8n.git synced 2025-01-11 04:47:29 -08:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

feat(cli): User Management and Credentials sharing (#3602)

Browse source 
* 🎉 starting feature development

*  sharing/unsharing a credential (#3601)

* 🎉 initial design

*  sharing/unsharing of credentials

*  add tests for EE credentials controller

* 💪 implement review comments

* 🛠 refactor agent creation and credential role locking

* 👕 linting adjustments (#3691)

* 👕 Adjust rule `naming-convention`

* 👕 Fix `naming-convention` config value

* 👕 Disregard casing for EE-prefixed vars

Co-authored-by: Iván Ovejero <ivov.src@gmail.com>

* 🛠 refactor authAgents in tests (#3725)

* 🛠 refactor authAgent

* 🛠 refactor authAgent

* 🛠 refactor authAgent

* 🛠 refactor authAgent

* 👕 fix ts issue

* 🐘 add migration for mysql and postgres + add AuthAgent type

Co-authored-by: Iván Ovejero <ivov.src@gmail.com>

* ️ refactor existing credentials routes (#3672)

* 🎉 initial design

*  sharing/unsharing of credentials

* ♻️ split credential update route into controller and service

* 🔥 remove credentials test that is no longer applicable

* ♻️ split credential creation route into controller and service

* ♻️ split single credential get

* ♻️ split delete credentials route

* ♻️ split get all credentials route

* 🔥 remove unused imports in credentials contoller

* 🔥 remove console.log

* :refactor: changes to credentials controller and service from review

 - removed credentials from service function names
 - made relations list optional
 - put allowGlobalOwner in options objects
 - check length of relations array so join doesn't happen if empty
 - update some comments to further explain rationale
 - remove unneeded `Object.assign`
 - remove non-null assertion from test

* ♻️ move filtered credentials selected fields to variable

* ♻️ remove unneeded merges in credentials service

Co-authored-by: Ben Hesseldieck <b.hesseldieck@gmail.com>
Co-authored-by: Ben Hesseldieck <1849459+BHesseldieck@users.noreply.github.com>

*  fix test

* 🐛 fix imports

* 👕 fix lint issue

* User Management: switch over to decorators to define routes (#3827)

* Add permissions details to credentials for User Management (#3863)

*  Open `GET /users`

*  Add permissions to cred service

* 🚚 Rename method

*  Refactor cred controller

* 🧪 Adjust test

* ✏️ Improve comment

* ✏️ Improve another comment

*  Account for multiple sharings

* 🐛 Fix access when user is editor

* 📘 Expand interface

* 📘 Relocate types

* 📘 Exempt cred entity with service-injected fields

* 📘 Adjust interface

* ♻️ Add permissions only in `GET /credentials`

* 🧪 Add expectations for `ownedBy`

* 🧪 Add sharing details test

* 🧪 Make `ownedBy` checks more granular

* 📘 Adjust interface

* 🚚 Rename cred getter

* ♻️ Refactor cred getter

* 🧪 Expand tests

* ♻️ Refactor to use guard

* 👕 Remove unneeded lint exception

* 🔥 Remove unneeded relation

* 🚚 Move relation to `GET /credentials/:id`

* 📘 Consolidate typings

* 🎨 Add multiline for readability

* 🔥 Remove unneeded type

* ✏️ Clarity comment

* ✏️ Make comments consistent

* 👕 Add exception to fix build

* 👕 Add more lint exceptions to fix build

* 🐛 Check for non-owner

* 📘 Improve typings

* 🧪 Temporarily skip tests

* 🔥 Remove `@ts-ignore`

* 👕 Move lint exceptions

* ♻️ Refactor cred service and controller

*  Simplify check

* ✏️ adjust naming to experimental

* ️ add credentialsSharing flag to settings

* 🛠 add helper to check if UM is also enabled as dependency for CredentialsSharing

* 👕 fix lint error

* 🐘 change name of credential role

* 🚧 WIP batch sharing

* 🚧 WIP use put for sharing

*  add tests for batch sharing, 🛠 implement review suggestions

*  expand credential sharing tests for User Management (#3931)

* 🧪 Expand cred sharing tests

*  Add recently added flags

*  fix and adjust tests for /credentials

Co-authored-by: Ben Hesseldieck <b.hesseldieck@gmail.com>

*  User management v2 Front End (#3795)

* feat: Added responsive generic page view layout.

* feat: Added empty state.

* feat: Added credentials view empty state.

* test: Added unit tests for N8nActionBox

* feat: Added credentials list initial design.

* feat: Added credential actions. Started working on filters.

* feat: Updated InfoTip markup, added tests and changed stories to typescript.

* feat: Added credentials filtering by type. Added support for apply/reset filters.

* feat: Added credential sharing user select and user list. Added paywall component.

* feat: Updated credentials view permissions.

* feat: Added support for temporary sharing config for unsaved credentials.

* test: Fixed broken snapshots.

* feat: Added overflow styles to page-view-layout list.

* feat: Handled sharee specific views.

* feat: Integration between FE and BE to support real-world credential sharing scenario.

* feat: Added front end permissions table.

* feat: Refactored credential sharing flow. Updated design elements.

* feat: Added margin and padding auto spacer utilities.

* feat: Rehauled permissions to support instanceOwner role and action inheritance.

* feat: Updated credentials view to apply filters automatically.

* feat: Removed apply filters button and added active button state.

* test: Updated component snapshots.

* refactor: Renamed ResourceSharee to ResourceReader.

* feat: Credential sharing error handling, permissions improvement.

* feat: Updated permissions and error handling.

* chore: Removed console.log.

* 🛠 refactor enabling of credentialsSharing

* feat: Removed owner menu selector from credentials when sharing is disabled.

* refactor: Moved EE features into ee store module file.

* 🛠 add sharing info to GET credentials/:id

* fix: Fixed initial credential data loading for sharing.

* chore: Removed console.log.

* 🐛 owner can fetch any credential

* 🛠 refactor users test

* 👕 fix build type issue

* fix: Removed owner tag when credential sharing is disabled. Fixed small reactivity issue.

* chore: Removed console.log.

* 🚧 separate fetching credentials between EE and open

* fix: Fixed empty dropdown in users list.

* fix: Fixed error message and initialization when credential gets unshared.

*  add tests for fetching single credential

* Revert decorators based controllers

* ️ adjust credentials test route to also allow testing for sharees (#3999)

* ️ pull data if user is sharee

* fix: Removed sharedWith and ownedBy from credentialData on testing credentials.

Co-authored-by: Alex Grozav <alex@grozav.com>

* 📈 add BE analytics

* 💪 improve credential test

* ️ adjust tracking properties

* ️ removed roles from tracking

* 🐛 fix build by removing imports

* 🐛 fix missed merge conflict

* feat: User management P2 Front End bug bash and improvements (#4014)

* fix: Fixed type select size after reopening dropdown.

* fix: Fixed template cards.

* fix: Fixed card content size and copy input.

* fix: Fixed horizontal overflow.

* fix: Hiding el-tags scrollbar in select.

* fix: Added fallback credential icon. Added oAuth credential owner check.

* feat: Added disabled state to user select.

* feat: Added fallback scenario for non-existent credential types.

* feat: Adjusted credentials empty state to show that there are shared credentials.

* fix: Fixed time title.

* feat: Added actionable empty state when shared credentials are present.

* fix: Made action box x padding smaller

* feat: Repositioned owner tag for credential card.

* feat: Updated message box styling to use n8n css variables.

* feat: Added confirmation for deleting sharee.

* fix: Fixed deleted credential types. Fixed select in dropdown bug.

* fix: Various code improvements. Addressed PR review comments.

* fix: Fixed credential deletion errors.

* fix: Various code quality improvements.

* feat: N8N-4531 update cloud coming soon features (#4025)

* feat: Showing different upcoming feature messages and format for cloud.

* fix: Changed url format.

* fix: Updated how cloud deployment is determined.

* feat: N8N-4527 implementing credential sharing FE telemetry (#4023)

* feat: Added credential sharing telemetry.

* chore: Renamed computed function for consistency.

* refactor: Simplified subview telemetry sending.

* fix: Changed to callDebounced() helper.

* 📧 update email text

* fix: Adjusted feature coming soon margin.

* chore: Fixed type and line height for delete sharee confirmation modal.

* refactor(editor-ui): Update telemetry (#4040)

* 🔥 Remove `identify` from BE

*  Add `versionCli`

*  Add node creator ignore input

*  Move obfuscators to editor-ui

*  Refactor `ph-no-capture`

*  Pass `user_id` to manual exec props

* 🚚 Relocate class in `SettingsApiView`

*  Add `userId` to BE PH `identify` call

*  Revert " Add `userId` to BE PH `identify` call"

This reverts commit 895aaa45e5.

* Revert " Revert " Add `userId` to BE PH `identify` call""

This reverts commit b86a098c20.

* 🐛 Fix `Promise` handling in `track()` call

*  Restore `Db.collections` call

*  Set up PH payload to mirror RS

* 🔥 Remove excess `userId`

* 📘 Remove `userId` from interface

* 🔥 Remove unused ref and method

* fix: Fixed bug causing instanceOwner to become credential owner on update. (#4079)

* 🐛 fix test for credential shared with member

* 👕 fix lint issues

* delete conflicting migration. this data is already seeded in CreateUserManagement

* feat: Expand obfuscation to User Management credential sharing (#4070)

 Expand obfuscation

* feat: Added credential sharing infotip for instance owner.

* bring back the migration. add a check to avoid conflicts on inserts

* fix(cli): use a non-env config flag to detect of enterprise features are enabled (#4105)

* chore: Changed ampersand to and in translation.

* refactor(telemetry): Obfuscate code and JSON editors (#4118)

 Obfuscate code and JSON editors

* feat(editor): improve design and functionality of coming soon features (#4116)

* feat: Improved coming soon feature design and functionality.

* style: Removed empty line.

* chore: Removed unused translation.

* fix: fix telemetry for credential creates and updates (#4125)

fix telemetry for credential creates and updates

* feat: Display errors due to missing credentials in the correct node (#4124)

feat: Display errors due to invalid credentials in the correct node when missing permissions

* fix: remove duplicate header for coming soon features in cloud deployment

* telemetry: fix the payload for `User viewed credential tab`

* telemetry: add credential_id to 'User selected credential from node modal'

* feat: update empty states for coming soon features

* Update ActionBox.spec.ts.snap

* replace UserSharingsDetails with a subset of User properties

* rename the CreateCredentialsEditorRole to CreateCredentialsUserRole

* move IUser to the workflow package

* use IUser in the frontend as well

Co-authored-by: Iván Ovejero <ivov.src@gmail.com>
Co-authored-by: Valya <68596159+valya@users.noreply.github.com>
Co-authored-by: कारतोफ्फेलस्क्रिप्ट™ <netroy@users.noreply.github.com>
Co-authored-by: Alex Grozav <alex@grozav.com>
Co-authored-by: कारतोफ्फेलस्क्रिप्ट™ <aditya@netroy.in>
Co-authored-by: Omar Ajoue <krynble@gmail.com>
This commit is contained in:
Ben Hesseldieck 2022-09-21 10:20:29 +02:00 committed by GitHub
parent 4d8c380bef
commit 97cd564f7b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
159 changed files with 4569 additions and 1269 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
packages/cli/commands/worker.ts
View file

@ -41,6 +41,7 @@ import {
checkPermissionsForExecution,
getWorkflowOwner,
} from '../src/UserManagement/UserManagementHelper';
import { generateFailedExecutionFromError } from '../src/WorkflowHelpers';
export class Worker extends Command {
static description = '\nStarts a n8n worker';
@ -183,8 +184,6 @@ export class Worker extends Command {
settings: currentExecutionDb.workflowData.settings,
});
await checkPermissionsForExecution(workflow, workflowOwner.id);
const additionalData = await WorkflowExecuteAdditionalData.getBase(
workflowOwner.id,
undefined,
@ -197,6 +196,20 @@ export class Worker extends Command {
{ retryOf: currentExecutionDb.retryOf as string },
);
try {
await checkPermissionsForExecution(workflow, workflowOwner.id);
} catch (error) {
const failedExecution = generateFailedExecutionFromError(
currentExecutionDb.mode,
error,
error.node,
);
await additionalData.hooks.executeHookFunctions('workflowExecuteAfter', [failedExecution]);
return {
success: true,
};
}
additionalData.hooks.hookFunctions.sendResponse = [
async (response: IExecuteResponsePromiseData): Promise<void> => {
const progress: Queue.WebhookResponse = {

9
packages/cli/config/schema.ts
View file

@ -875,6 +875,15 @@ export const schema = {
},
},
enterprise: {
features: {
sharing: {
format: Boolean,
default: false,
},
},
},
hiringBanner: {
enabled: {
doc: 'Whether hiring banner in browser console is enabled.',

2
packages/cli/src/CredentialsHelper.ts
View file

@ -805,7 +805,7 @@ export async function getCredentialWithoutUser(
return credential;
}
export function createCredentiasFromCredentialsEntity(
export function createCredentialsFromCredentialsEntity(
credential: CredentialsEntity,
encrypt = false,
): Credentials {

25
packages/cli/src/Interfaces.ts
View file

@ -28,16 +28,17 @@ import { Repository } from 'typeorm';
import { ChildProcess } from 'child_process';
import { Url } from 'url';
import { Request } from 'express';
import { WorkflowEntity } from './databases/entities/WorkflowEntity';
import { TagEntity } from './databases/entities/TagEntity';
import { Role } from './databases/entities/Role';
import { User } from './databases/entities/User';
import { SharedCredentials } from './databases/entities/SharedCredentials';
import { SharedWorkflow } from './databases/entities/SharedWorkflow';
import { Settings } from './databases/entities/Settings';
import { InstalledPackages } from './databases/entities/InstalledPackages';
import { InstalledNodes } from './databases/entities/InstalledNodes';
import type { Request } from 'express';
import type { InstalledNodes } from './databases/entities/InstalledNodes';
import type { InstalledPackages } from './databases/entities/InstalledPackages';
import type { Role } from './databases/entities/Role';
import type { Settings } from './databases/entities/Settings';
import type { SharedCredentials } from './databases/entities/SharedCredentials';
import type { SharedWorkflow } from './databases/entities/SharedWorkflow';
import type { TagEntity } from './databases/entities/TagEntity';
import type { User } from './databases/entities/User';
import type { WorkflowEntity } from './databases/entities/WorkflowEntity';
export interface IActivationError {
time: number;
@ -153,6 +154,7 @@ export interface ICredentialsBase {
export interface ICredentialsDb extends ICredentialsBase, ICredentialsEncrypted {
id: number | string;
name: string;
shared?: SharedCredentials[];
}
export interface ICredentialsResponse extends ICredentialsDb {
@ -506,6 +508,9 @@ export interface IN8nUISettings {
type: string;
};
isNpmAvailable: boolean;
enterprise: {
sharing: boolean;
};
}
export interface IPersonalizationSurveyAnswers {

42
packages/cli/src/InternalHooks.ts
View file

@ -1,5 +1,5 @@
/* eslint-disable import/no-cycle */
import { get as pslGet } from 'psl';
import { snakeCase } from 'change-case';
import { BinaryDataManager } from 'n8n-core';
import {
INodesGraphResult,
@ -8,7 +8,7 @@ import {
ITelemetryTrackProperties,
TelemetryHelpers,
} from 'n8n-workflow';
import { snakeCase } from 'change-case';
import { get as pslGet } from 'psl';
import {
IDiagnosticInfo,
IInternalHooksClass,
@ -16,15 +16,20 @@ import {
IWorkflowBase,
IWorkflowDb,
} from '.';
import { Telemetry } from './telemetry';
import { IExecutionTrackProperties } from './Interfaces';
import { Telemetry } from './telemetry';
export class InternalHooksClass implements IInternalHooksClass {
private versionCli: string;
private nodeTypes: INodeTypes;
constructor(private telemetry: Telemetry, versionCli: string, nodeTypes: INodeTypes) {
constructor(
private telemetry: Telemetry,
private instanceId: string,
versionCli: string,
nodeTypes: INodeTypes,
) {
this.versionCli = versionCli;
this.nodeTypes = nodeTypes;
}
@ -187,6 +192,7 @@ export class InternalHooksClass implements IInternalHooksClass {
}
const manualExecEventProperties: ITelemetryTrackProperties = {
user_id: userId,
workflow_id: workflow.id.toString(),
status: properties.success ? 'success' : 'failed',
error_message: properties.error_message as string,
@ -398,6 +404,34 @@ export class InternalHooksClass implements IInternalHooksClass {
);
}
/**
* Credentials
*/
async onUserCreatedCredentials(userCreatedCredentialsData: {
credential_type: string;
credential_id: string;
public_api: boolean;
}): Promise<void> {
return this.telemetry.track('User created credentials', {
...userCreatedCredentialsData,
instance_id: this.instanceId,
});
}
async onUserSharedCredentials(userSharedCredentialsData: {
credential_type: string;
credential_id: string;
user_id_sharer: string;
user_ids_sharees_added: string[];
sharees_removed: number | null;
}): Promise<void> {
return this.telemetry.track('User updated cred sharing', {
...userSharedCredentialsData,
instance_id: this.instanceId,
});
}
/**
* Community nodes backend telemetry events
*/

1
packages/cli/src/InternalHooksManager.ts
View file

@ -18,6 +18,7 @@ export class InternalHooksManager {
if (!this.internalHooksInstance) {
this.internalHooksInstance = new InternalHooksClass(
new Telemetry(instanceId, versionCli),
instanceId,
versionCli,
nodeTypes,
);

8
packages/cli/src/ResponseHelper.ts
View file

@ -148,9 +148,11 @@ const isUniqueConstraintError = (error: Error) =>
* @returns
*/
export function send(processFunction: (req: Request, res: Response) => Promise<any>, raw = false) {
// eslint-disable-next-line consistent-return
return async (req: Request, res: Response) => {
export function send<T, R extends Request, S extends Response>(
processFunction: (req: R, res: S) => Promise<T>,
raw = false,
) {
return async (req: R, res: S) => {
try {
const data = await processFunction(req, res);

99
packages/cli/src/Server.ts
View file

@ -29,20 +29,19 @@
/* eslint-disable import/no-dynamic-require */
/* eslint-disable no-await-in-loop */
import express from 'express';
import { readFileSync, promises } from 'fs';
import { exec as callbackExec } from 'child_process';
import _ from 'lodash';
import { dirname as pathDirname, join as pathJoin, resolve as pathResolve } from 'path';
import { FindManyOptions, getConnectionManager, In } from 'typeorm';
import bodyParser from 'body-parser';
import cookieParser from 'cookie-parser';
import history from 'connect-history-api-fallback';
import { promises, readFileSync } from 'fs';
import os from 'os';
// eslint-disable-next-line import/no-extraneous-dependencies
import clientOAuth1, { RequestOptions } from 'oauth-1.0a';
import axios, { AxiosRequestConfig } from 'axios';
import { dirname as pathDirname, join as pathJoin, resolve as pathResolve } from 'path';
import { createHmac } from 'crypto';
import { promisify } from 'util';
import cookieParser from 'cookie-parser';
import express from 'express';
import _ from 'lodash';
import { FindManyOptions, getConnectionManager, In } from 'typeorm';
// eslint-disable-next-line import/no-extraneous-dependencies
import axios, { AxiosRequestConfig } from 'axios';
import clientOAuth1, { RequestOptions } from 'oauth-1.0a';
// IMPORTANT! Do not switch to anther bcrypt library unless really necessary and
// tested with all possible systems like Windows, Alpine on ARM, FreeBSD, ...
import { compare } from 'bcryptjs';
@ -70,8 +69,41 @@ import jwks from 'jwks-rsa';
import timezones from 'google-timezones-json';
import parseUrl from 'parseurl';
import promClient, { Registry } from 'prom-client';
import { promisify } from 'util';
import history from 'connect-history-api-fallback';
import bodyParser from 'body-parser';
import config from '../config';
import * as Queue from './Queue';
import { InternalHooksManager } from './InternalHooksManager';
import { getCredentialTranslationPath } from './TranslationHelpers';
import { WEBHOOK_METHODS } from './WebhookHelpers';
import { getSharedWorkflowIds, whereClause } from './WorkflowHelpers';
import { nodesController } from './api/nodes.api';
import { workflowsController } from './api/workflows.api';
import { AUTH_COOKIE_NAME, RESPONSE_ERROR_MESSAGES } from './constants';
import { credentialsController } from './credentials/credentials.controller';
import { oauth2CredentialController } from './credentials/oauth2Credential.api';
import type {
ExecutionRequest,
NodeParameterOptionsRequest,
OAuthRequest,
WorkflowRequest,
} from './requests';
import { userManagementRouter } from './UserManagement';
import { resolveJwt } from './UserManagement/auth/jwt';
import { executionsController } from './api/executions.api';
import { nodeTypesController } from './api/nodeTypes.api';
import { tagsController } from './api/tags.api';
import { isCredentialsSharingEnabled } from './credentials/helpers';
import { loadPublicApiVersions } from './PublicApi';
import * as telemetryScripts from './telemetry/scripts';
import {
getInstanceBaseUrl,
isEmailSetUp,
isUserManagementEnabled,
} from './UserManagement/UserManagementHelper';
import {
ActiveExecutions,
ActiveWorkflowRunner,
@ -82,6 +114,8 @@ import {
Db,
ExternalHooks,
GenericHelpers,
getCredentialForUser,
getCredentialWithoutUser,
ICredentialsDb,
ICredentialsOverwrite,
ICustomRequest,
@ -101,41 +135,8 @@ import {
WebhookHelpers,
WebhookServer,
WorkflowExecuteAdditionalData,
getCredentialForUser,
getCredentialWithoutUser,
} from '.';
import config from '../config';
import { InternalHooksManager } from './InternalHooksManager';
import { getSharedWorkflowIds, whereClause } from './WorkflowHelpers';
import { getCredentialTranslationPath, getNodeTranslationPath } from './TranslationHelpers';
import { WEBHOOK_METHODS } from './WebhookHelpers';
import { userManagementRouter } from './UserManagement';
import { resolveJwt } from './UserManagement/auth/jwt';
import type {
ExecutionRequest,
NodeParameterOptionsRequest,
OAuthRequest,
WorkflowRequest,
} from './requests';
import { AUTH_COOKIE_NAME, RESPONSE_ERROR_MESSAGES } from './constants';
import { credentialsController } from './api/credentials.api';
import { executionsController } from './api/executions.api';
import { workflowsController } from './api/workflows.api';
import { nodesController } from './api/nodes.api';
import { oauth2CredentialController } from './api/oauth2Credential.api';
import { tagsController } from './api/tags.api';
import {
getInstanceBaseUrl,
isEmailSetUp,
isUserManagementEnabled,
} from './UserManagement/UserManagementHelper';
import { loadPublicApiVersions } from './PublicApi';
import * as telemetryScripts from './telemetry/scripts';
import { nodeTypesController } from './api/nodeTypes.api';
require('body-parser-xml')(bodyParser);
const exec = promisify(callbackExec);
@ -310,6 +311,9 @@ class App {
type: config.getEnv('deployment.type'),
},
isNpmAvailable: false,
enterprise: {
sharing: false,
},
};
}
@ -336,6 +340,11 @@ class App {
config.getEnv('userManagement.skipInstanceOwnerSetup') === false,
});
// refresh enterprise status
Object.assign(this.frontendSettings.enterprise, {
sharing: isCredentialsSharingEnabled(),
});
if (config.get('nodes.packagesMissing').length > 0) {
this.frontendSettings.missingPackages = true;
}

31
packages/cli/src/UserManagement/UserManagementHelper.ts
View file

@ -1,7 +1,7 @@
/* eslint-disable @typescript-eslint/no-unused-vars */
/* eslint-disable @typescript-eslint/no-non-null-assertion */
/* eslint-disable import/no-cycle */
import { Workflow } from 'n8n-workflow';
import { INode, NodeOperationError, Workflow } from 'n8n-workflow';
import { In } from 'typeorm';
import express from 'express';
import { compare, genSaltSync, hash } from 'bcryptjs';
@ -147,6 +147,7 @@ export async function checkPermissionsForExecution(
): Promise<boolean> {
const credentialIds = new Set();
const nodeNames = Object.keys(workflow.nodes);
const credentialUsedBy = new Map();
// Iterate over all nodes
nodeNames.forEach((nodeName) => {
const node = workflow.nodes[nodeName];
@ -165,16 +166,21 @@ export async function checkPermissionsForExecution(
// Migrations should handle the case where a credential does
// not have an id.
if (credentialDetail.id === null) {
throw new Error(
throw new NodeOperationError(
node,
`The credential on node '${node.name}' is not valid. Please open the workflow and set it to a valid value.`,
);
}
if (!credentialDetail.id) {
throw new Error(
throw new NodeOperationError(
node,
`Error initializing workflow: credential ID not present. Please open the workflow and save it to fix this error. [Node: '${node.name}']`,
);
}
credentialIds.add(credentialDetail.id.toString());
if (!credentialUsedBy.has(credentialDetail.id)) {
credentialUsedBy.set(credentialDetail.id, node);
}
});
}
});
@ -197,7 +203,7 @@ export async function checkPermissionsForExecution(
}
// Check for the user's permission to all used credentials
const credentialCount = await Db.collections.SharedCredentials.count({
const credentialsWithAccess = await Db.collections.SharedCredentials.find({
where: {
user: { id: userId },
credentials: In(ids),
@ -207,8 +213,21 @@ export async function checkPermissionsForExecution(
// Considering the user needs to have access to all credentials
// then both arrays (allowed credentials vs used credentials)
// must be the same length
if (ids.length !== credentialCount) {
throw new Error('One or more of the used credentials are not accessible.');
if (ids.length !== credentialsWithAccess.length) {
credentialsWithAccess.forEach((credential) => {
credentialUsedBy.delete(credential.credentialId.toString());
});
// Find the first missing node from the Set - this is arbitrarily fetched
const firstMissingCredentialNode = credentialUsedBy.values().next().value as INode;
throw new NodeOperationError(
firstMissingCredentialNode,
'This node does not have access to the required credential',
{
description:
'Maybe the credential was removed or you have lost access to it. Try contacting the owner if this credential does not belong to you',
},
);
}
return true;
}

2
packages/cli/src/UserManagement/email/templates/passwordReset.html
View file

@ -1,5 +1,5 @@
<p>Hi {{firstName}},</p>
<p>Somebody asked to reset your password on n8n ({{ domain }}).</p>
<p>If it was not you, you can safely ignore this email.</p>
<br/>
<p>Click the following link to choose a new password. The link is valid for 2 hours.</p>
<a href="{{ passwordResetUrl }}">{{ passwordResetUrl }}</a>

56
packages/cli/src/UserManagement/middlewares/auth.ts Normal file
View file

@ -0,0 +1,56 @@
/* eslint-disable import/no-cycle */
import { Request, RequestHandler } from 'express';
import jwt from 'jsonwebtoken';
import passport from 'passport';
import { Strategy } from 'passport-jwt';
import { LoggerProxy as Logger } from 'n8n-workflow';
import { JwtPayload } from '../Interfaces';
import type { AuthenticatedRequest } from '../../requests';
import * as config from '../../../config';
import { AUTH_COOKIE_NAME } from '../../constants';
import { issueCookie, resolveJwtContent } from '../auth/jwt';
const jwtFromRequest = (req: Request) => {
// eslint-disable-next-line @typescript-eslint/no-unsafe-member-access
return (req.cookies?.[AUTH_COOKIE_NAME] as string | undefined) ?? null;
};
export const jwtAuth = (): RequestHandler => {
const jwtStrategy = new Strategy(
{
jwtFromRequest,
secretOrKey: config.getEnv('userManagement.jwtSecret'),
},
async (jwtPayload: JwtPayload, done) => {
try {
const user = await resolveJwtContent(jwtPayload);
return done(null, user);
} catch (error) {
Logger.debug('Failed to extract user from JWT payload', { jwtPayload });
return done(null, false, { message: 'User not found' });
}
},
);
passport.use(jwtStrategy);
return passport.initialize();
};
/**
* middleware to refresh cookie before it expires
*/
export const refreshExpiringCookie: RequestHandler = async (
req: AuthenticatedRequest,
res,
next,
) => {
const cookieAuth = jwtFromRequest(req);
if (cookieAuth && req.user) {
const cookieContents = jwt.decode(cookieAuth) as JwtPayload & { exp: number };
if (cookieContents.exp * 1000 - Date.now() < 259200000) {
// if cookie expires in < 3 days, renew it.
await issueCookie(res, req.user);
}
}
next();
};

2
packages/cli/src/UserManagement/middlewares/index.ts Normal file
View file

@ -0,0 +1,2 @@
/* eslint-disable import/no-cycle */
export * from './auth';

11
packages/cli/src/UserManagement/routes/auth.ts
View file

@ -21,20 +21,19 @@ export function authenticationMethods(this: N8nApp): void {
this.app.post(
`/${this.restEndpoint}/login`,
ResponseHelper.send(async (req: LoginRequest, res: Response): Promise<PublicUser> => {
if (!req.body.email) {
const { email, password } = req.body;
if (!email) {
throw new Error('Email is required to log in');
}
if (!req.body.password) {
if (!password) {
throw new Error('Password is required to log in');
}
let user;
let user: User | undefined;
try {
user = await Db.collections.User.findOne(
{
email: req.body.email,
},
{ email },
{
relations: ['globalRole'],
},

57
packages/cli/src/UserManagement/routes/index.ts
View file

@ -4,21 +4,10 @@
/* eslint-disable import/no-cycle */
import cookieParser from 'cookie-parser';
import passport from 'passport';
import { Strategy } from 'passport-jwt';
import { NextFunction, Request, Response } from 'express';
import jwt from 'jsonwebtoken';
import { LoggerProxy as Logger } from 'n8n-workflow';
import { JwtPayload, N8nApp } from '../Interfaces';
import { authenticationMethods } from './auth';
import * as config from '../../../config';
import { AUTH_COOKIE_NAME } from '../../constants';
import { issueCookie, resolveJwtContent } from '../auth/jwt';
import { meNamespace } from './me';
import { usersNamespace } from './users';
import { passwordResetNamespace } from './passwordReset';
import { N8nApp } from '../Interfaces';
import { AuthenticatedRequest } from '../../requests';
import { ownerNamespace } from './owner';
import {
isAuthExcluded,
isPostUsersId,
@ -26,32 +15,17 @@ import {
isUserManagementDisabled,
} from '../UserManagementHelper';
import { Db } from '../..';
import { jwtAuth, refreshExpiringCookie } from '../middlewares';
import { authenticationMethods } from './auth';
import { meNamespace } from './me';
import { usersNamespace } from './users';
import { passwordResetNamespace } from './passwordReset';
import { ownerNamespace } from './owner';
export function addRoutes(this: N8nApp, ignoredEndpoints: string[], restEndpoint: string): void {
// needed for testing; not adding overhead since it directly returns if req.cookies exists
this.app.use(cookieParser());
const options = {
jwtFromRequest: (req: Request) => {
// eslint-disable-next-line @typescript-eslint/no-unsafe-member-access
return (req.cookies?.[AUTH_COOKIE_NAME] as string | undefined) ?? null;
},
secretOrKey: config.getEnv('userManagement.jwtSecret'),
};
passport.use(
new Strategy(options, async function validateCookieContents(jwtPayload: JwtPayload, done) {
try {
const user = await resolveJwtContent(jwtPayload);
return done(null, user);
} catch (error) {
Logger.debug('Failed to extract user from JWT payload', { jwtPayload });
return done(null, false, { message: 'User not found' });
}
}),
);
this.app.use(passport.initialize());
this.app.use(jwtAuth());
this.app.use(async (req: Request, res: Response, next: NextFunction) => {
if (
@ -102,7 +76,7 @@ export function addRoutes(this: N8nApp, ignoredEndpoints: string[], restEndpoint
}
// Not owner and user exists. We now protect restricted urls.
const postRestrictedUrls = [`/${this.restEndpoint}/users`, `/${this.restEndpoint}/owner`];
const getRestrictedUrls = [`/${this.restEndpoint}/users`];
const getRestrictedUrls: string[] = [];
const trimmedUrl = req.url.endsWith('/') ? req.url.slice(0, -1) : req.url;
if (
(req.method === 'POST' && postRestrictedUrls.includes(trimmedUrl)) ||
@ -124,18 +98,7 @@ export function addRoutes(this: N8nApp, ignoredEndpoints: string[], restEndpoint
next();
});
// middleware to refresh cookie before it expires
this.app.use(async (req: AuthenticatedRequest, res: Response, next: NextFunction) => {
const cookieAuth = options.jwtFromRequest(req);
if (cookieAuth && req.user) {
const cookieContents = jwt.decode(cookieAuth) as JwtPayload & { exp: number };
if (cookieContents.exp * 1000 - Date.now() < 259200000) {
// if cookie expires in < 3 days, renew it.
await issueCookie(res, req.user);
}
}
next();
});
this.app.use(refreshExpiringCookie);
authenticationMethods.apply(this);
ownerNamespace.apply(this);

7
packages/cli/src/UserManagement/routes/me.ts
View file

@ -32,7 +32,8 @@ export function meNamespace(this: N8nApp): void {
`/${this.restEndpoint}/me`,
ResponseHelper.send(
async (req: MeRequest.Settings, res: express.Response): Promise<PublicUser> => {
if (!req.body.email) {
const { email } = req.body;
if (!email) {
Logger.debug('Request to update user email failed because of missing email in payload', {
userId: req.user.id,
payload: req.body,
@ -40,10 +41,10 @@ export function meNamespace(this: N8nApp): void {
throw new ResponseHelper.ResponseError('Email is mandatory', undefined, 400);
}
if (!validator.isEmail(req.body.email)) {
if (!validator.isEmail(email)) {
Logger.debug('Request to update user email failed because of invalid email in payload', {
userId: req.user.id,
invalidEmail: req.body.email,
invalidEmail: email,
});
throw new ResponseHelper.ResponseError('Invalid email address', undefined, 400);
}

48
packages/cli/src/WorkflowHelpers.ts
View file

@ -19,7 +19,10 @@ import {
IRunExecutionData,
ITaskData,
LoggerProxy as Logger,
NodeApiError,
NodeOperationError,
Workflow,
WorkflowExecuteMode,
} from 'n8n-workflow';
import { v4 as uuid } from 'uuid';
// eslint-disable-next-line import/no-cycle
@ -684,3 +687,48 @@ export async function isBelowOnboardingThreshold(user: User): Promise<boolean> {
return belowThreshold;
}
export function generateFailedExecutionFromError(
mode: WorkflowExecuteMode,
error: NodeApiError | NodeOperationError,
node: INode,
): IRun {
return {
data: {
startData: {
destinationNode: node.name,
runNodeFilter: [node.name],
},
resultData: {
error,
runData: {
[node.name]: [
{
startTime: 0,
executionTime: 0,
error,
source: [],
},
],
},
lastNodeExecuted: node.name,
},
executionData: {
contextData: {},
nodeExecutionStack: [
{
node,
data: {},
source: null,
},
],
waitingExecution: {},
waitingExecutionSource: {},
},
},
finished: false,
mode,
startedAt: new Date(),
stoppedAt: new Date(),
};
}

21
packages/cli/src/WorkflowRunner.ts
View file

@ -55,6 +55,7 @@ import {
import * as Queue from './Queue';
import { InternalHooksManager } from './InternalHooksManager';
import { checkPermissionsForExecution } from './UserManagement/UserManagementHelper';
import { generateFailedExecutionFromError } from './WorkflowHelpers';
export class WorkflowRunner {
activeExecutions: ActiveExecutions.ActiveExecutions;
@ -267,14 +268,30 @@ export class WorkflowRunner {
{ executionId },
);
await checkPermissionsForExecution(workflow, data.userId);
additionalData.hooks = WorkflowExecuteAdditionalData.getWorkflowHooksMain(
data,
executionId,
true,
);
try {
await checkPermissionsForExecution(workflow, data.userId);
} catch (error) {
// Create a failed execution with the data for the node
// save it and abort execution
const failedExecution = generateFailedExecutionFromError(
data.executionMode,
error,
error.node,
);
additionalData.hooks
.executeHookFunctions('workflowExecuteAfter', [failedExecution])
.then(() => {
this.activeExecutions.remove(executionId, failedExecution);
});
return executionId;
}
additionalData.hooks.hookFunctions.sendResponse = [
async (response: IExecuteResponsePromiseData): Promise<void> => {
if (responsePromise) {

19
packages/cli/src/WorkflowRunnerProcess.ts
View file

@ -25,6 +25,7 @@ import {
IWorkflowExecuteHooks,
IWorkflowSettings,
LoggerProxy,
NodeOperationError,
Workflow,
WorkflowExecuteMode,
WorkflowHooks,
@ -50,6 +51,7 @@ import config from '../config';
import { InternalHooksManager } from './InternalHooksManager';
import { checkPermissionsForExecution } from './UserManagement/UserManagementHelper';
import { loadClassInIsolation } from './CommunityNodes/helpers';
import { generateFailedExecutionFromError } from './WorkflowHelpers';
export class WorkflowRunnerProcess {
data: IWorkflowExecutionDataProcessWithExecution | undefined;
@ -220,7 +222,22 @@ export class WorkflowRunnerProcess {
settings: this.data.workflowData.settings,
pinData: this.data.pinData,
});
await checkPermissionsForExecution(this.workflow, userId);
try {
await checkPermissionsForExecution(this.workflow, userId);
} catch (error) {
const caughtError = error as NodeOperationError;
const failedExecutionData = generateFailedExecutionFromError(
this.data.executionMode,
caughtError,
caughtError.node,
);
// Force the `workflowExecuteAfter` hook to run since
// it's the one responsible for saving the execution
await this.sendHookToParentProcess('workflowExecuteAfter', [failedExecutionData]);
// Interrupt the workflow execution since we don't have all necessary creds.
return failedExecutionData;
}
const additionalData = await WorkflowExecuteAdditionalData.getBase(
userId,
undefined,

419
packages/cli/src/api/credentials.api.ts
View file

@ -1,419 +0,0 @@
/* eslint-disable @typescript-eslint/no-shadow */
/* eslint-disable @typescript-eslint/no-unused-vars */
/* eslint-disable no-restricted-syntax */
/* eslint-disable @typescript-eslint/no-non-null-assertion */
/* eslint-disable import/no-cycle */
import express from 'express';
import { In } from 'typeorm';
import { UserSettings, Credentials } from 'n8n-core';
import {
INodeCredentialsDetails,
INodeCredentialTestResult,
LoggerProxy,
WorkflowExecuteMode,
} from 'n8n-workflow';
import { getLogger } from '../Logger';
import {
CredentialsHelper,
Db,
GenericHelpers,
ICredentialsDb,
ICredentialsResponse,
whereClause,
ResponseHelper,
CredentialTypes,
} from '..';
import { RESPONSE_ERROR_MESSAGES } from '../constants';
import { CredentialsEntity } from '../databases/entities/CredentialsEntity';
import { SharedCredentials } from '../databases/entities/SharedCredentials';
import { validateEntity } from '../GenericHelpers';
import { createCredentiasFromCredentialsEntity } from '../CredentialsHelper';
import type { CredentialRequest } from '../requests';
import * as config from '../../config';
import { externalHooks } from '../Server';
export const credentialsController = express.Router();
/**
* Initialize Logger if needed
*/
credentialsController.use((req, res, next) => {
try {
LoggerProxy.getInstance();
} catch (error) {
LoggerProxy.init(getLogger());
}
next();
});
/**
* GET /credentials
*/
credentialsController.get(
'/',
ResponseHelper.send(async (req: CredentialRequest.GetAll): Promise<ICredentialsResponse[]> => {
let credentials: ICredentialsDb[] = [];
const filter = req.query.filter ? (JSON.parse(req.query.filter) as Record<string, string>) : {};
try {
if (req.user.globalRole.name === 'owner') {
credentials = await Db.collections.Credentials.find({
select: ['id', 'name', 'type', 'nodesAccess', 'createdAt', 'updatedAt'],
where: filter,
});
} else {
const shared = await Db.collections.SharedCredentials.find({
where: whereClause({
user: req.user,
entityType: 'credentials',
}),
});
if (!shared.length) return [];
credentials = await Db.collections.Credentials.find({
select: ['id', 'name', 'type', 'nodesAccess', 'createdAt', 'updatedAt'],
where: {
id: In(shared.map(({ credentialId }) => credentialId)),
...filter,
},
});
}
} catch (error) {
// eslint-disable-next-line @typescript-eslint/no-unsafe-argument
LoggerProxy.error('Request to list credentials failed', error);
throw error;
}
return credentials.map((credential) => {
// eslint-disable-next-line no-param-reassign
credential.id = credential.id.toString();
return credential as ICredentialsResponse;
});
}),
);
/**
* GET /credentials/new
*
* Generate a unique credential name.
*/
credentialsController.get(
'/new',
ResponseHelper.send(async (req: CredentialRequest.NewName): Promise<{ name: string }> => {
const { name: newName } = req.query;
return {
name: await GenericHelpers.generateUniqueName(
newName ?? config.getEnv('credentials.defaultName'),
'credentials',
),
};
}),
);
/**
* POST /credentials/test
*
* Test if a credential is valid.
*/
credentialsController.post(
'/test',
ResponseHelper.send(async (req: CredentialRequest.Test): Promise<INodeCredentialTestResult> => {
const { credentials, nodeToTestWith } = req.body;
let encryptionKey: string;
try {
encryptionKey = await UserSettings.getEncryptionKey();
} catch (error) {
throw new ResponseHelper.ResponseError(
RESPONSE_ERROR_MESSAGES.NO_ENCRYPTION_KEY,
undefined,
500,
);
}
const helper = new CredentialsHelper(encryptionKey);
return helper.testCredentials(req.user, credentials.type, credentials, nodeToTestWith);
}),
);
/**
* POST /credentials
*/
credentialsController.post(
'/',
ResponseHelper.send(async (req: CredentialRequest.Create) => {
delete req.body.id; // delete if sent
const newCredential = new CredentialsEntity();
Object.assign(newCredential, req.body);
await validateEntity(newCredential);
// Add the added date for node access permissions
for (const nodeAccess of newCredential.nodesAccess) {
nodeAccess.date = new Date();
}
let encryptionKey: string;
try {
encryptionKey = await UserSettings.getEncryptionKey();
} catch (error) {
throw new ResponseHelper.ResponseError(
RESPONSE_ERROR_MESSAGES.NO_ENCRYPTION_KEY,
undefined,
500,
);
}
// Encrypt the data
const coreCredential = createCredentiasFromCredentialsEntity(newCredential, true);
// @ts-ignore
coreCredential.setData(newCredential.data, encryptionKey);
const encryptedData = coreCredential.getDataToSave() as ICredentialsDb;
Object.assign(newCredential, encryptedData);
await externalHooks.run('credentials.create', [encryptedData]);
const role = await Db.collections.Role.findOneOrFail({
name: 'owner',
scope: 'credential',
});
const { id, ...rest } = await Db.transaction(async (transactionManager) => {
const savedCredential = await transactionManager.save<CredentialsEntity>(newCredential);
savedCredential.data = newCredential.data;
const newSharedCredential = new SharedCredentials();
Object.assign(newSharedCredential, {
role,
user: req.user,
credentials: savedCredential,
});
await transactionManager.save<SharedCredentials>(newSharedCredential);
return savedCredential;
});
LoggerProxy.verbose('New credential created', {
credentialId: newCredential.id,
ownerId: req.user.id,
});
return { id: id.toString(), ...rest };
}),
);
/**
* DELETE /credentials/:id
*/
credentialsController.delete(
'/:id',
ResponseHelper.send(async (req: CredentialRequest.Delete) => {
const { id: credentialId } = req.params;
const shared = await Db.collections.SharedCredentials.findOne({
relations: ['credentials'],
where: whereClause({
user: req.user,
entityType: 'credentials',
entityId: credentialId,
}),
});
if (!shared) {
LoggerProxy.info('Attempt to delete credential blocked due to lack of permissions', {
credentialId,
userId: req.user.id,
});
throw new ResponseHelper.ResponseError(
`Credential with ID "${credentialId}" could not be found to be deleted.`,
undefined,
404,
);
}
await externalHooks.run('credentials.delete', [credentialId]);
await Db.collections.Credentials.remove(shared.credentials);
return true;
}),
);
/**
* PATCH /credentials/:id
*/
credentialsController.patch(
'/:id',
ResponseHelper.send(async (req: CredentialRequest.Update): Promise<ICredentialsResponse> => {
const { id: credentialId } = req.params;
const updateData = new CredentialsEntity();
Object.assign(updateData, req.body);
await validateEntity(updateData);
const shared = await Db.collections.SharedCredentials.findOne({
relations: ['credentials'],
where: whereClause({
user: req.user,
entityType: 'credentials',
entityId: credentialId,
}),
});
if (!shared) {
LoggerProxy.info('Attempt to update credential blocked due to lack of permissions', {
credentialId,
userId: req.user.id,
});
throw new ResponseHelper.ResponseError(
`Credential with ID "${credentialId}" could not be found to be updated.`,
undefined,
404,
);
}
const { credentials: credential } = shared;
// Add the date for newly added node access permissions
for (const nodeAccess of updateData.nodesAccess) {
if (!nodeAccess.date) {
nodeAccess.date = new Date();
}
}
let encryptionKey: string;
try {
encryptionKey = await UserSettings.getEncryptionKey();
} catch (error) {
throw new ResponseHelper.ResponseError(
RESPONSE_ERROR_MESSAGES.NO_ENCRYPTION_KEY,
undefined,
500,
);
}
const coreCredential = createCredentiasFromCredentialsEntity(credential);
const decryptedData = coreCredential.getData(encryptionKey);
// Do not overwrite the oauth data else data like the access or refresh token would get lost
// everytime anybody changes anything on the credentials even if it is just the name.
if (decryptedData.oauthTokenData) {
// @ts-ignore
updateData.data.oauthTokenData = decryptedData.oauthTokenData;
}
// Encrypt the data
const credentials = new Credentials(
{ id: credentialId, name: updateData.name },
updateData.type,
updateData.nodesAccess,
);
// @ts-ignore
credentials.setData(updateData.data, encryptionKey);
const newCredentialData = credentials.getDataToSave() as ICredentialsDb;
// Add special database related data
newCredentialData.updatedAt = new Date();
await externalHooks.run('credentials.update', [newCredentialData]);
// Update the credentials in DB
await Db.collections.Credentials.update(credentialId, newCredentialData);
// We sadly get nothing back from "update". Neither if it updated a record
// nor the new value. So query now the updated entry.
const responseData = await Db.collections.Credentials.findOne(credentialId);
if (responseData === undefined) {
throw new ResponseHelper.ResponseError(
`Credential ID "${credentialId}" could not be found to be updated.`,
undefined,
404,
);
}
// Remove the encrypted data as it is not needed in the frontend
const { id, data, ...rest } = responseData;
LoggerProxy.verbose('Credential updated', { credentialId });
return {
id: id.toString(),
...rest,
};
}),
);
/**
* GET /credentials/:id
*/
credentialsController.get(
'/:id',
ResponseHelper.send(async (req: CredentialRequest.Get) => {
const { id: credentialId } = req.params;
const shared = await Db.collections.SharedCredentials.findOne({
relations: ['credentials'],
where: whereClause({
user: req.user,
entityType: 'credentials',
entityId: credentialId,
}),
});
if (!shared) {
throw new ResponseHelper.ResponseError(
`Credentials with ID "${credentialId}" could not be found.`,
undefined,
404,
);
}
const { credentials: credential } = shared;
if (req.query.includeData !== 'true') {
const { data, id, ...rest } = credential;
return {
id: id.toString(),
...rest,
};
}
const { data, id, ...rest } = credential;
let encryptionKey: string;
try {
encryptionKey = await UserSettings.getEncryptionKey();
} catch (error) {
throw new ResponseHelper.ResponseError(
RESPONSE_ERROR_MESSAGES.NO_ENCRYPTION_KEY,
undefined,
500,
);
}
const coreCredential = createCredentiasFromCredentialsEntity(credential);
return {
id: id.toString(),
data: coreCredential.getData(encryptionKey),
...rest,
};
}),
);

182
packages/cli/src/credentials/credentials.controller.ee.ts Normal file
View file

@ -0,0 +1,182 @@
/* eslint-disable import/no-cycle */
import express from 'express';
import { INodeCredentialTestResult, LoggerProxy } from 'n8n-workflow';
import { Db, InternalHooksManager, ResponseHelper } from '..';
import type { CredentialsEntity } from '../databases/entities/CredentialsEntity';
import type { CredentialRequest } from '../requests';
import { EECredentialsService as EECredentials } from './credentials.service.ee';
import type { CredentialWithSharings } from './credentials.types';
import { isCredentialsSharingEnabled, rightDiff } from './helpers';
// eslint-disable-next-line @typescript-eslint/naming-convention
export const EECredentialsController = express.Router();
EECredentialsController.use((req, res, next) => {
if (!isCredentialsSharingEnabled()) {
// skip ee router and use free one
next('router');
return;
}
// use ee router
next();
});
/**
* GET /credentials
*/
EECredentialsController.get(
'/',
ResponseHelper.send(async (req: CredentialRequest.GetAll): Promise<CredentialWithSharings[]> => {
try {
const allCredentials = await EECredentials.getAll(req.user, {
relations: ['shared', 'shared.role', 'shared.user'],
});
// eslint-disable-next-line @typescript-eslint/unbound-method
return allCredentials.map(EECredentials.addOwnerAndSharings);
} catch (error) {
LoggerProxy.error('Request to list credentials failed', error as Error);
throw error;
}
}),
);
/**
* GET /credentials/:id
*/
EECredentialsController.get(
'/:id',
(req, res, next) => (req.params.id === 'new' ? next('router') : next()), // skip ee router and use free one for naming
ResponseHelper.send(async (req: CredentialRequest.Get) => {
const { id: credentialId } = req.params;
const includeDecryptedData = req.query.includeData === 'true';
if (Number.isNaN(Number(credentialId))) {
throw new ResponseHelper.ResponseError(`Credential ID must be a number.`, undefined, 400);
}
let credential = (await EECredentials.get(
{ id: credentialId },
{ relations: ['shared', 'shared.role', 'shared.user'] },
)) as CredentialsEntity & CredentialWithSharings;
if (!credential) {
throw new ResponseHelper.ResponseError(
`Credential with ID "${credentialId}" could not be found.`,
undefined,
404,
);
}
const userSharing = credential.shared?.find((shared) => shared.user.id === req.user.id);
if (!userSharing && req.user.globalRole.name !== 'owner') {
throw new ResponseHelper.ResponseError(`Forbidden.`, undefined, 403);
}
credential = EECredentials.addOwnerAndSharings(credential);
// @ts-ignore @TODO_TECH_DEBT: Stringify `id` with entity field transformer
credential.id = credential.id.toString();
if (!includeDecryptedData || !userSharing || userSharing.role.name !== 'owner') {
// eslint-disable-next-line @typescript-eslint/no-unused-vars
const { id, data: _, ...rest } = credential;
// @TODO_TECH_DEBT: Stringify `id` with entity field transformer
return { id: id.toString(), ...rest };
}
// eslint-disable-next-line @typescript-eslint/no-unused-vars
const { id, data: _, ...rest } = credential;
const key = await EECredentials.getEncryptionKey();
const decryptedData = await EECredentials.decrypt(key, credential);
// @TODO_TECH_DEBT: Stringify `id` with entity field transformer
return { id: id.toString(), data: decryptedData, ...rest };
}),
);
/**
* POST /credentials/test
*
* Test if a credential is valid.
*/
EECredentialsController.post(
'/test',
ResponseHelper.send(async (req: CredentialRequest.Test): Promise<INodeCredentialTestResult> => {
const { credentials, nodeToTestWith } = req.body;
const encryptionKey = await EECredentials.getEncryptionKey();
const { ownsCredential } = await EECredentials.isOwned(req.user, credentials.id.toString());
if (!ownsCredential) {
const sharing = await EECredentials.getSharing(req.user, credentials.id);
if (!sharing) {
throw new ResponseHelper.ResponseError(`Forbidden`, undefined, 403);
}
const decryptedData = await EECredentials.decrypt(encryptionKey, sharing.credentials);
Object.assign(credentials, { data: decryptedData });
}
return EECredentials.test(req.user, encryptionKey, credentials, nodeToTestWith);
}),
);
/**
* (EE) PUT /credentials/:id/share
*
* Grant or remove users' access to a credential.
*/
EECredentialsController.put('/:credentialId/share', async (req: CredentialRequest.Share, res) => {
const { credentialId } = req.params;
const { shareWithIds } = req.body;
if (!Array.isArray(shareWithIds) || !shareWithIds.every((userId) => typeof userId === 'string')) {
return res.status(400).send('Bad Request');
}
const { ownsCredential, credential } = await EECredentials.isOwned(req.user, credentialId);
if (!ownsCredential || !credential) {
return res.status(403).send();
}
let amountRemoved: number | null = null;
let newShareeIds: string[] = [];
await Db.transaction(async (trx) => {
// remove all sharings that are not supposed to exist anymore
const { affected } = await EECredentials.pruneSharings(trx, credentialId, [
req.user.id,
...shareWithIds,
]);
if (affected) amountRemoved = affected;
const sharings = await EECredentials.getSharings(trx, credentialId);
// extract the new sharings that need to be added
newShareeIds = rightDiff(
[sharings, (sharing) => sharing.userId],
[shareWithIds, (shareeId) => shareeId],
);
if (newShareeIds.length) {
await EECredentials.share(trx, credential, newShareeIds);
}
});
void InternalHooksManager.getInstance().onUserSharedCredentials({
credential_type: credential.type,
credential_id: credential.id.toString(),
user_id_sharer: req.user.id,
user_ids_sharees_added: newShareeIds,
sharees_removed: amountRemoved,
});
return res.status(200).send();
});

232
packages/cli/src/credentials/credentials.controller.ts Normal file
View file

@ -0,0 +1,232 @@
/* eslint-disable no-param-reassign */
/* eslint-disable @typescript-eslint/no-unused-vars */
/* eslint-disable import/no-cycle */
import express from 'express';
import { INodeCredentialTestResult, LoggerProxy } from 'n8n-workflow';
import { GenericHelpers, InternalHooksManager, ResponseHelper } from '..';
import config from '../../config';
import { getLogger } from '../Logger';
import { EECredentialsController } from './credentials.controller.ee';
import { CredentialsService } from './credentials.service';
import type { ICredentialsResponse } from '..';
import type { CredentialRequest } from '../requests';
export const credentialsController = express.Router();
/**
* Initialize Logger if needed
*/
credentialsController.use((req, res, next) => {
try {
LoggerProxy.getInstance();
} catch (error) {
LoggerProxy.init(getLogger());
}
next();
});
credentialsController.use('/', EECredentialsController);
/**
* GET /credentials
*/
credentialsController.get(
'/',
ResponseHelper.send(async (req: CredentialRequest.GetAll): Promise<ICredentialsResponse[]> => {
const credentials = await CredentialsService.getAll(req.user);
return credentials.map((credential) => {
// eslint-disable-next-line no-param-reassign
credential.id = credential.id.toString();
return credential as ICredentialsResponse;
});
}),
);
/**
* GET /credentials/new
*
* Generate a unique credential name.
*/
credentialsController.get(
'/new',
ResponseHelper.send(async (req: CredentialRequest.NewName): Promise<{ name: string }> => {
const { name: newName } = req.query;
return {
name: await GenericHelpers.generateUniqueName(
newName ?? config.getEnv('credentials.defaultName'),
'credentials',
),
};
}),
);
/**
* GET /credentials/:id
*/
credentialsController.get(
'/:id',
ResponseHelper.send(async (req: CredentialRequest.Get) => {
const { id: credentialId } = req.params;
const includeDecryptedData = req.query.includeData === 'true';
if (Number.isNaN(Number(credentialId))) {
throw new ResponseHelper.ResponseError(`Credential ID must be a number.`, undefined, 400);
}
const sharing = await CredentialsService.getSharing(req.user, credentialId, ['credentials']);
if (!sharing) {
throw new ResponseHelper.ResponseError(
`Credential with ID "${credentialId}" could not be found.`,
undefined,
404,
);
}
const { credentials: credential } = sharing;
if (!includeDecryptedData) {
const { id, data: _, ...rest } = credential;
// @TODO_TECH_DEBT: Stringify `id` with entity field transformer
return { id: id.toString(), ...rest };
}
const { id, data: _, ...rest } = credential;
const key = await CredentialsService.getEncryptionKey();
const decryptedData = await CredentialsService.decrypt(key, credential);
// @TODO_TECH_DEBT: Stringify `id` with entity field transformer
return { id: id.toString(), data: decryptedData, ...rest };
}),
);
/**
* POST /credentials/test
*
* Test if a credential is valid.
*/
credentialsController.post(
'/test',
ResponseHelper.send(async (req: CredentialRequest.Test): Promise<INodeCredentialTestResult> => {
const { credentials, nodeToTestWith } = req.body;
const encryptionKey = await CredentialsService.getEncryptionKey();
return CredentialsService.test(req.user, encryptionKey, credentials, nodeToTestWith);
}),
);
/**
* POST /credentials
*/
credentialsController.post(
'/',
ResponseHelper.send(async (req: CredentialRequest.Create) => {
const newCredential = await CredentialsService.prepareCreateData(req.body);
const key = await CredentialsService.getEncryptionKey();
const encryptedData = CredentialsService.createEncryptedData(key, null, newCredential);
const { id, ...rest } = await CredentialsService.save(newCredential, encryptedData, req.user);
void InternalHooksManager.getInstance().onUserCreatedCredentials({
credential_type: rest.type,
credential_id: id.toString(),
public_api: false,
});
return { id: id.toString(), ...rest };
}),
);
/**
* PATCH /credentials/:id
*/
credentialsController.patch(
'/:id',
ResponseHelper.send(async (req: CredentialRequest.Update): Promise<ICredentialsResponse> => {
const { id: credentialId } = req.params;
const sharing = await CredentialsService.getSharing(req.user, credentialId);
if (!sharing) {
LoggerProxy.info('Attempt to update credential blocked due to lack of permissions', {
credentialId,
userId: req.user.id,
});
throw new ResponseHelper.ResponseError(
`Credential with ID "${credentialId}" could not be found to be updated.`,
undefined,
404,
);
}
const { credentials: credential } = sharing;
const key = await CredentialsService.getEncryptionKey();
const decryptedData = await CredentialsService.decrypt(key, credential);
const preparedCredentialData = await CredentialsService.prepareUpdateData(
req.body,
decryptedData,
);
const newCredentialData = CredentialsService.createEncryptedData(
key,
credentialId,
preparedCredentialData,
);
const responseData = await CredentialsService.update(credentialId, newCredentialData);
if (responseData === undefined) {
throw new ResponseHelper.ResponseError(
`Credential ID "${credentialId}" could not be found to be updated.`,
undefined,
404,
);
}
// Remove the encrypted data as it is not needed in the frontend
const { id, data: _, ...rest } = responseData;
LoggerProxy.verbose('Credential updated', { credentialId });
return {
id: id.toString(),
...rest,
};
}),
);
/**
* DELETE /credentials/:id
*/
credentialsController.delete(
'/:id',
ResponseHelper.send(async (req: CredentialRequest.Delete) => {
const { id: credentialId } = req.params;
const sharing = await CredentialsService.getSharing(req.user, credentialId);
if (!sharing) {
LoggerProxy.info('Attempt to delete credential blocked due to lack of permissions', {
credentialId,
userId: req.user.id,
});
throw new ResponseHelper.ResponseError(
`Credential with ID "${credentialId}" could not be found to be deleted.`,
undefined,
404,
);
}
const { credentials: credential } = sharing;
await CredentialsService.delete(credential);
return true;
}),
);

96
packages/cli/src/credentials/credentials.service.ee.ts Normal file
View file

@ -0,0 +1,96 @@
/* eslint-disable import/no-cycle */
/* eslint-disable no-param-reassign */
import { DeleteResult, EntityManager, In, Not } from 'typeorm';
import { Db } from '..';
import { RoleService } from '../role/role.service';
import { CredentialsService } from './credentials.service';
import { CredentialsEntity } from '../databases/entities/CredentialsEntity';
import { SharedCredentials } from '../databases/entities/SharedCredentials';
import { User } from '../databases/entities/User';
import { UserService } from '../user/user.service';
import type { CredentialWithSharings } from './credentials.types';
export class EECredentialsService extends CredentialsService {
static async isOwned(
user: User,
credentialId: string,
): Promise<{ ownsCredential: boolean; credential?: CredentialsEntity }> {
const sharing = await this.getSharing(user, credentialId, ['credentials', 'role'], {
allowGlobalOwner: false,
});
if (!sharing || sharing.role.name !== 'owner') return { ownsCredential: false };
const { credentials: credential } = sharing;
return { ownsCredential: true, credential };
}
static async getSharings(
transaction: EntityManager,
credentialId: string,
): Promise<SharedCredentials[]> {
const credential = await transaction.findOne(CredentialsEntity, credentialId, {
relations: ['shared'],
});
return credential?.shared ?? [];
}
static async pruneSharings(
transaction: EntityManager,
credentialId: string,
userIds: string[],
): Promise<DeleteResult> {
return transaction.delete(SharedCredentials, {
credentials: { id: credentialId },
user: { id: Not(In(userIds)) },
});
}
static async share(
transaction: EntityManager,
credential: CredentialsEntity,
shareWithIds: string[],
): Promise<SharedCredentials[]> {
const [users, role] = await Promise.all([
UserService.getByIds(transaction, shareWithIds),
RoleService.trxGet(transaction, { scope: 'credential', name: 'user' }),
]);
const newSharedCredentials = users
.filter((user) => !user.isPending)
.map((user) =>
Db.collections.SharedCredentials.create({
credentials: credential,
user,
role,
}),
);
return transaction.save(newSharedCredentials);
}
static addOwnerAndSharings(
credential: CredentialsEntity & CredentialWithSharings,
): CredentialsEntity & CredentialWithSharings {
credential.ownedBy = null;
credential.sharedWith = [];
credential.shared?.forEach(({ user, role }) => {
const { id, email, firstName, lastName } = user;
if (role.name === 'owner') {
credential.ownedBy = { id, email, firstName, lastName };
return;
}
credential.sharedWith?.push({ id, email, firstName, lastName });
});
// @ts-ignore
delete credential.shared;
return credential;
}
}

276
packages/cli/src/credentials/credentials.service.ts Normal file
View file

@ -0,0 +1,276 @@
/* eslint-disable no-restricted-syntax */
/* eslint-disable import/no-cycle */
import { Credentials, UserSettings } from 'n8n-core';
import {
ICredentialDataDecryptedObject,
ICredentialsDecrypted,
INodeCredentialTestResult,
LoggerProxy,
} from 'n8n-workflow';
import { FindOneOptions, In } from 'typeorm';
import {
createCredentialsFromCredentialsEntity,
CredentialsHelper,
Db,
ICredentialsDb,
ResponseHelper,
} from '..';
import { RESPONSE_ERROR_MESSAGES } from '../constants';
import { CredentialsEntity } from '../databases/entities/CredentialsEntity';
import { SharedCredentials } from '../databases/entities/SharedCredentials';
import { validateEntity } from '../GenericHelpers';
import { externalHooks } from '../Server';
import type { User } from '../databases/entities/User';
import type { CredentialRequest } from '../requests';
export class CredentialsService {
static async get(
credential: Partial<ICredentialsDb>,
options?: { relations: string[] },
): Promise<ICredentialsDb | undefined> {
return Db.collections.Credentials.findOne(credential, {
relations: options?.relations,
});
}
static async getAll(user: User, options?: { relations: string[] }): Promise<ICredentialsDb[]> {
const SELECT_FIELDS: Array<keyof ICredentialsDb> = [
'id',
'name',
'type',
'nodesAccess',
'createdAt',
'updatedAt',
];
// if instance owner, return all credentials
if (user.globalRole.name === 'owner') {
return Db.collections.Credentials.find({
select: SELECT_FIELDS,
relations: options?.relations,
});
}
// if member, return credentials owned by or shared with member
const userSharings = await Db.collections.SharedCredentials.find({
where: {
user,
},
});
return Db.collections.Credentials.find({
select: SELECT_FIELDS,
relations: options?.relations,
where: {
id: In(userSharings.map((x) => x.credentialId)),
},
});
}
/**
* Retrieve the sharing that matches a user and a credential.
*/
static async getSharing(
user: User,
credentialId: number | string,
relations: string[] | undefined = ['credentials'],
{ allowGlobalOwner } = { allowGlobalOwner: true },
): Promise<SharedCredentials | undefined> {
const options: FindOneOptions = {
where: {
credentials: { id: credentialId },
},
};
// Omit user from where if the requesting user is the global
// owner. This allows the global owner to view and delete
// credentials they don't own.
if (!allowGlobalOwner || user.globalRole.name !== 'owner') {
// eslint-disable-next-line @typescript-eslint/no-unsafe-member-access
options.where.user = { id: user.id };
}
if (relations?.length) {
options.relations = relations;
}
return Db.collections.SharedCredentials.findOne(options);
}
static createCredentialsFromCredentialsEntity(
credential: CredentialsEntity,
encrypt = false,
): Credentials {
const { id, name, type, nodesAccess, data } = credential;
if (encrypt) {
return new Credentials({ id: null, name }, type, nodesAccess);
}
return new Credentials({ id: id.toString(), name }, type, nodesAccess, data);
}
static async prepareCreateData(
data: CredentialRequest.CredentialProperties,
): Promise<CredentialsEntity> {
// eslint-disable-next-line @typescript-eslint/no-unused-vars
const { id, ...rest } = data;
// This saves us a merge but requires some type casting. These
// types are compatiable for this case.
const newCredentials = Db.collections.Credentials.create(
rest as ICredentialsDb,
) as CredentialsEntity;
await validateEntity(newCredentials);
// Add the date for newly added node access permissions
for (const nodeAccess of newCredentials.nodesAccess) {
nodeAccess.date = new Date();
}
return newCredentials;
}
static async prepareUpdateData(
data: CredentialRequest.CredentialProperties,
decryptedData: ICredentialDataDecryptedObject,
): Promise<CredentialsEntity> {
// This saves us a merge but requires some type casting. These
// types are compatiable for this case.
const updateData = Db.collections.Credentials.create(
data as ICredentialsDb,
) as CredentialsEntity;
await validateEntity(updateData);
// Add the date for newly added node access permissions
for (const nodeAccess of updateData.nodesAccess) {
if (!nodeAccess.date) {
nodeAccess.date = new Date();
}
}
// Do not overwrite the oauth data else data like the access or refresh token would get lost
// everytime anybody changes anything on the credentials even if it is just the name.
if (decryptedData.oauthTokenData) {
// @ts-ignore
updateData.data.oauthTokenData = decryptedData.oauthTokenData;
}
return updateData;
}
static createEncryptedData(
encryptionKey: string,
credentialsId: string | null,
data: CredentialsEntity,
): ICredentialsDb {
const credentials = new Credentials(
{ id: credentialsId, name: data.name },
data.type,
data.nodesAccess,
);
credentials.setData(data.data as unknown as ICredentialDataDecryptedObject, encryptionKey);
const newCredentialData = credentials.getDataToSave() as ICredentialsDb;
// Add special database related data
newCredentialData.updatedAt = new Date();
return newCredentialData;
}
static async getEncryptionKey(): Promise<string> {
try {
return await UserSettings.getEncryptionKey();
} catch (error) {
throw new ResponseHelper.ResponseError(
RESPONSE_ERROR_MESSAGES.NO_ENCRYPTION_KEY,
undefined,
500,
);
}
}
static async decrypt(
encryptionKey: string,
credential: CredentialsEntity,
): Promise<ICredentialDataDecryptedObject> {
const coreCredential = createCredentialsFromCredentialsEntity(credential);
return coreCredential.getData(encryptionKey);
}
static async update(
credentialId: string,
newCredentialData: ICredentialsDb,
): Promise<ICredentialsDb | undefined> {
await externalHooks.run('credentials.update', [newCredentialData]);
// Update the credentials in DB
await Db.collections.Credentials.update(credentialId, newCredentialData);
// We sadly get nothing back from "update". Neither if it updated a record
// nor the new value. So query now the updated entry.
return Db.collections.Credentials.findOne(credentialId);
}
static async save(
credential: CredentialsEntity,
encryptedData: ICredentialsDb,
user: User,
): Promise<CredentialsEntity> {
// To avoid side effects
const newCredential = new CredentialsEntity();
Object.assign(newCredential, credential, encryptedData);
await externalHooks.run('credentials.create', [encryptedData]);
const role = await Db.collections.Role.findOneOrFail({
name: 'owner',
scope: 'credential',
});
const result = await Db.transaction(async (transactionManager) => {
const savedCredential = await transactionManager.save<CredentialsEntity>(newCredential);
savedCredential.data = newCredential.data;
const newSharedCredential = new SharedCredentials();
Object.assign(newSharedCredential, {
role,
user,
credentials: savedCredential,
});
await transactionManager.save<SharedCredentials>(newSharedCredential);
return savedCredential;
});
LoggerProxy.verbose('New credential created', {
credentialId: newCredential.id,
ownerId: user.id,
});
return result;
}
static async delete(credentials: CredentialsEntity): Promise<void> {
await externalHooks.run('credentials.delete', [credentials.id]);
await Db.collections.Credentials.remove(credentials);
}
static async test(
user: User,
encryptionKey: string,
credentials: ICredentialsDecrypted,
nodeToTestWith: string | undefined,
): Promise<INodeCredentialTestResult> {
const helper = new CredentialsHelper(encryptionKey);
return helper.testCredentials(user, credentials.type, credentials, nodeToTestWith);
}
}

7
packages/cli/src/credentials/credentials.types.ts Normal file
View file

@ -0,0 +1,7 @@
import type { IUser } from 'n8n-workflow';
import type { ICredentialsDb } from '../Interfaces';
export interface CredentialWithSharings extends ICredentialsDb {
ownedBy?: IUser | null;
sharedWith?: IUser[];
}

0
packages/cli/src/credentials/helpers.ee.ts Normal file
View file

28
packages/cli/src/credentials/helpers.ts Normal file
View file

@ -0,0 +1,28 @@
/* eslint-disable import/no-cycle */
import config from '../../config';
import { isUserManagementEnabled } from '../UserManagement/UserManagementHelper';
export function isCredentialsSharingEnabled(): boolean {
return isUserManagementEnabled() && config.getEnv('enterprise.features.sharing');
}
// return the difference between two arrays
export function rightDiff<T1, T2>(
[arr1, keyExtractor1]: [T1[], (item: T1) => string],
[arr2, keyExtractor2]: [T2[], (item: T2) => string],
): T2[] {
// create map { itemKey => true } for fast lookup for diff
const keyMap = arr1.reduce<{ [key: string]: true }>((map, item) => {
// eslint-disable-next-line no-param-reassign
map[keyExtractor1(item)] = true;
return map;
}, {});
// diff against map
return arr2.reduce<T2[]>((acc, item) => {
if (!keyMap[keyExtractor2(item)]) {
acc.push(item);
}
return acc;
}, []);
}

0
packages/cli/src/api/oauth2Credential.api.ts → packages/cli/src/credentials/oauth2Credential.api.ts
View file

3
packages/cli/src/databases/entities/Role.ts
View file

@ -17,6 +17,7 @@ import { User } from './User';
import { SharedWorkflow } from './SharedWorkflow';
import { SharedCredentials } from './SharedCredentials';
type RoleNames = 'owner' | 'member' | 'user';
type RoleScopes = 'global' | 'workflow' | 'credential';
// eslint-disable-next-line @typescript-eslint/explicit-module-boundary-types
@ -42,7 +43,7 @@ export class Role {
@Column({ length: 32 })
@IsString({ message: 'Role name must be of type string.' })
@Length(1, 32, { message: 'Role name must be 1 to 32 characters long.' })
name: string;
name: RoleNames;
@Column()
scope: RoleScopes;

3
packages/cli/src/databases/entities/User.ts
View file

@ -15,6 +15,7 @@ import {
BeforeInsert,
} from 'typeorm';
import { IsEmail, IsString, Length } from 'class-validator';
import type { IUser } from 'n8n-workflow';
import * as config from '../../../config';
import { DatabaseType, IPersonalizationSurveyAnswers, IUserSettings } from '../..';
import { Role } from './Role';
@ -59,7 +60,7 @@ function getTimestampSyntax() {
}
@Entity()
export class User {
export class User implements IUser {
@PrimaryGeneratedColumn('uuid')
id: string;

24
packages/cli/src/databases/migrations/mysqldb/1660062385367-CreateCredentialsUserRole.ts Normal file
View file

@ -0,0 +1,24 @@
import { MigrationInterface, QueryRunner } from 'typeorm';
import config from '../../../../config';
export class CreateCredentialsUserRole1660062385367 implements MigrationInterface {
name = 'CreateCredentialsUserRole1660062385367';
async up(queryRunner: QueryRunner): Promise<void> {
const tablePrefix = config.getEnv('database.tablePrefix');
await queryRunner.query(`
INSERT INTO ${tablePrefix}role (name, scope)
VALUES ("user", "credential")
ON CONFLICT DO NOTHING;
`);
}
async down(queryRunner: QueryRunner): Promise<void> {
const tablePrefix = config.getEnv('database.tablePrefix');
await queryRunner.query(`
DELETE FROM ${tablePrefix}role WHERE name='user' AND scope='credential';
`);
}
}

2
packages/cli/src/databases/migrations/mysqldb/index.ts
View file

@ -19,6 +19,7 @@ import { AddAPIKeyColumn1652905585850 } from './1652905585850-AddAPIKeyColumn';
import { IntroducePinData1654090101303 } from './1654090101303-IntroducePinData';
import { AddNodeIds1658932910559 } from './1658932910559-AddNodeIds';
import { AddJsonKeyPinData1659895550980 } from './1659895550980-AddJsonKeyPinData';
import { CreateCredentialsUserRole1660062385367 } from './1660062385367-CreateCredentialsUserRole';
export const mysqlMigrations = [
InitialMigration1588157391238,
@ -42,4 +43,5 @@ export const mysqlMigrations = [
IntroducePinData1654090101303,
AddNodeIds1658932910559,
AddJsonKeyPinData1659895550980,
CreateCredentialsUserRole1660062385367,
];

24
packages/cli/src/databases/migrations/postgresdb/1660062385367-CreateCredentialsUserRole.ts Normal file
View file

@ -0,0 +1,24 @@
import { MigrationInterface, QueryRunner } from 'typeorm';
import config from '../../../../config';
export class CreateCredentialsUserRole1660062385367 implements MigrationInterface {
name = 'CreateCredentialsUserRole1660062385367';
async up(queryRunner: QueryRunner): Promise<void> {
const tablePrefix = config.getEnv('database.tablePrefix');
await queryRunner.query(`
INSERT INTO ${tablePrefix}role (name, scope)
VALUES ('user', 'credential')
ON CONFLICT DO NOTHING;
`);
}
async down(queryRunner: QueryRunner): Promise<void> {
const tablePrefix = config.getEnv('database.tablePrefix');
await queryRunner.query(`
DELETE FROM ${tablePrefix}role WHERE name='user' AND scope='credential';
`);
}
}

2
packages/cli/src/databases/migrations/postgresdb/index.ts
View file

@ -17,6 +17,7 @@ import { AddAPIKeyColumn1652905585850 } from './1652905585850-AddAPIKeyColumn';
import { IntroducePinData1654090467022 } from './1654090467022-IntroducePinData';
import { AddNodeIds1658932090381 } from './1658932090381-AddNodeIds';
import { AddJsonKeyPinData1659902242948 } from './1659902242948-AddJsonKeyPinData';
import { CreateCredentialsUserRole1660062385367 } from './1660062385367-CreateCredentialsUserRole';
export const postgresMigrations = [
InitialMigration1587669153312,
@ -36,6 +37,7 @@ export const postgresMigrations = [
CommunityNodes1652254514002,
AddAPIKeyColumn1652905585850,
IntroducePinData1654090467022,
CreateCredentialsUserRole1660062385367,
AddNodeIds1658932090381,
AddJsonKeyPinData1659902242948,
];

4
packages/cli/src/databases/migrations/sqlite/1648740597343-LowerCaseUserEmail.ts
View file

@ -1,5 +1,5 @@
import { MigrationInterface, QueryRunner } from 'typeorm';
import config = require('../../../../config');
import * as config from '../../../../config';
import { logMigrationEnd, logMigrationStart } from '../../utils/migrationHelpers';
export class LowerCaseUserEmail1648740597343 implements MigrationInterface {
@ -8,7 +8,7 @@ export class LowerCaseUserEmail1648740597343 implements MigrationInterface {
public async up(queryRunner: QueryRunner): Promise<void> {
logMigrationStart(this.name);
const tablePrefix = config.get('database.tablePrefix');
const tablePrefix = config.getEnv('database.tablePrefix');
await queryRunner.query(`
UPDATE "${tablePrefix}user"

29
packages/cli/src/databases/migrations/sqlite/1660062385367-CreateCredentialsUserRole.ts Normal file
View file

@ -0,0 +1,29 @@
import { MigrationInterface, QueryRunner } from 'typeorm';
import * as config from '../../../../config';
import { logMigrationEnd, logMigrationStart } from '../../utils/migrationHelpers';
export class CreateCredentialsUserRole1660062385367 implements MigrationInterface {
name = 'CreateCredentialsUserRole1660062385367';
async up(queryRunner: QueryRunner): Promise<void> {
logMigrationStart(this.name);
const tablePrefix = config.getEnv('database.tablePrefix');
await queryRunner.query(`
INSERT INTO "${tablePrefix}role" (name, scope)
VALUES ("user", "credential")
ON CONFLICT DO NOTHING;
`);
logMigrationEnd(this.name);
}
async down(queryRunner: QueryRunner): Promise<void> {
const tablePrefix = config.getEnv('database.tablePrefix');
await queryRunner.query(`
DELETE FROM "${tablePrefix}role" WHERE name='user' AND scope='credential';
`);
}
}

2
packages/cli/src/databases/migrations/sqlite/index.ts
View file

@ -16,6 +16,7 @@ import { AddAPIKeyColumn1652905585850 } from './1652905585850-AddAPIKeyColumn';
import { IntroducePinData1654089251344 } from './1654089251344-IntroducePinData';
import { AddNodeIds1658930531669 } from './1658930531669-AddNodeIds';
import { AddJsonKeyPinData1659888469333 } from './1659888469333-AddJsonKeyPinData';
import { CreateCredentialsUserRole1660062385367 } from './1660062385367-CreateCredentialsUserRole';
const sqliteMigrations = [
InitialMigration1588102412422,
@ -36,6 +37,7 @@ const sqliteMigrations = [
IntroducePinData1654089251344,
AddNodeIds1658930531669,
AddJsonKeyPinData1659888469333,
CreateCredentialsUserRole1660062385367,
];
export { sqliteMigrations };

2
packages/cli/src/requests.d.ts vendored
View file

@ -105,6 +105,8 @@ export declare namespace CredentialRequest {
type NewName = WorkflowRequest.NewName;
type Test = AuthenticatedRequest<{}, {}, INodeCredentialTestRequest>;
type Share = AuthenticatedRequest<{ credentialId: string }, {}, { shareWithIds: string[] }>;
}
// ----------------------------------

14
packages/cli/src/role/role.service.ts Normal file
View file

@ -0,0 +1,14 @@
/* eslint-disable import/no-cycle */
import { EntityManager } from 'typeorm';
import { Db } from '..';
import { Role } from '../databases/entities/Role';
export class RoleService {
static async get(role: Partial<Role>): Promise<Role | undefined> {
return Db.collections.Role.findOne(role);
}
static async trxGet(transaction: EntityManager, role: Partial<Role>) {
return transaction.findOne(Role, role);
}
}

26
packages/cli/src/telemetry/index.ts
View file

@ -142,16 +142,6 @@ export class Telemetry {
[key: string]: string | number | boolean | object | undefined | null;
}): Promise<void> {
return new Promise<void>((resolve) => {
if (this.postHog) {
this.postHog.identify({
distinctId: this.instanceId,
properties: {
...traits,
instanceId: this.instanceId,
},
});
}
if (this.rudderStack) {
this.rudderStack.identify(
{
@ -192,13 +182,19 @@ export class Telemetry {
};
if (withPostHog && this.postHog) {
this.postHog.capture({ ...payload, distinctId: payload.userId });
return Promise.all([
this.postHog.capture({
distinctId: payload.userId,
...payload,
}),
this.rudderStack.track(payload),
]).then(() => resolve());
}
this.rudderStack.track(payload, resolve);
} else {
resolve();
return this.rudderStack.track(payload, resolve);
}
return resolve();
});
}
@ -208,7 +204,7 @@ export class Telemetry {
): Promise<boolean> {
if (!this.postHog) return Promise.resolve(false);
const fullId = [this.instanceId, userId].join('_'); // PostHog disallows # in ID
const fullId = [this.instanceId, userId].join('#');
return this.postHog.isFeatureEnabled(featureFlagName, fullId);
}

14
packages/cli/src/user/user.service.ts Normal file
View file

@ -0,0 +1,14 @@
/* eslint-disable import/no-cycle */
import { EntityManager, In } from 'typeorm';
import { Db } from '..';
import { User } from '../databases/entities/User';
export class UserService {
static async get(user: Partial<User>): Promise<User | undefined> {
return Db.collections.User.findOne(user);
}
static async getByIds(transaction: EntityManager, ids: string[]) {
return transaction.find(User, { id: In(ids) });
}
}

33
packages/cli/test/integration/auth.api.test.ts
View file

@ -1,14 +1,14 @@
import express = require('express');
import validator from 'validator';
import config = require('../../config');
import * as utils from './shared/utils';
import { LOGGED_OUT_RESPONSE_BODY } from './shared/constants';
import config from '../../config';
import { Db } from '../../src';
import { AUTH_COOKIE_NAME } from '../../src/constants';
import type { Role } from '../../src/databases/entities/Role';
import { LOGGED_OUT_RESPONSE_BODY } from './shared/constants';
import { randomValidPassword } from './shared/random';
import * as testDb from './shared/testDb';
import { AUTH_COOKIE_NAME } from '../../src/constants';
import type { AuthAgent } from './shared/types';
import * as utils from './shared/utils';
jest.mock('../../src/telemetry');
@ -16,6 +16,7 @@ let app: express.Application;
let testDbName = '';
let globalOwnerRole: Role;
let globalMemberRole: Role;
let authAgent: AuthAgent;
beforeAll(async () => {
app = await utils.initTestServer({ endpointGroups: ['auth'], applyAuth: true });
@ -24,6 +25,9 @@ beforeAll(async () => {
globalOwnerRole = await testDb.getGlobalOwnerRole();
globalMemberRole = await testDb.getGlobalMemberRole();
authAgent = utils.createAuthAgent(app);
utils.initTestLogger();
utils.initTestTelemetry();
});
@ -109,9 +113,7 @@ test('GET /login should return cookie if UM is disabled', async () => {
{ value: JSON.stringify(false) },
);
const authOwnerShellAgent = utils.createAgent(app, { auth: true, user: ownerShell });
const response = await authOwnerShellAgent.get('/login');
const response = await authAgent(ownerShell).get('/login');
expect(response.statusCode).toBe(200);
@ -133,9 +135,8 @@ test('GET /login should return 401 Unauthorized if invalid cookie', async () =>
test('GET /login should return logged-in owner shell', async () => {
const ownerShell = await testDb.createUserShell(globalOwnerRole);
const authMemberAgent = utils.createAgent(app, { auth: true, user: ownerShell });
const response = await authMemberAgent.get('/login');
const response = await authAgent(ownerShell).get('/login');
expect(response.statusCode).toBe(200);
@ -170,9 +171,8 @@ test('GET /login should return logged-in owner shell', async () => {
test('GET /login should return logged-in member shell', async () => {
const memberShell = await testDb.createUserShell(globalMemberRole);
const authMemberAgent = utils.createAgent(app, { auth: true, user: memberShell });
const response = await authMemberAgent.get('/login');
const response = await authAgent(memberShell).get('/login');
expect(response.statusCode).toBe(200);
@ -207,9 +207,8 @@ test('GET /login should return logged-in member shell', async () => {
test('GET /login should return logged-in owner', async () => {
const owner = await testDb.createUser({ globalRole: globalOwnerRole });
const authOwnerAgent = utils.createAgent(app, { auth: true, user: owner });
const response = await authOwnerAgent.get('/login');
const response = await authAgent(owner).get('/login');
expect(response.statusCode).toBe(200);
@ -244,9 +243,8 @@ test('GET /login should return logged-in owner', async () => {
test('GET /login should return logged-in member', async () => {
const member = await testDb.createUser({ globalRole: globalMemberRole });
const authMemberAgent = utils.createAgent(app, { auth: true, user: member });
const response = await authMemberAgent.get('/login');
const response = await authAgent(member).get('/login');
expect(response.statusCode).toBe(200);
@ -281,9 +279,8 @@ test('GET /login should return logged-in member', async () => {
test('POST /logout should log user out', async () => {
const owner = await testDb.createUser({ globalRole: globalOwnerRole });
const authOwnerAgent = utils.createAgent(app, { auth: true, user: owner });
const response = await authOwnerAgent.post('/logout');
const response = await authAgent(owner).post('/logout');
expect(response.statusCode).toBe(200);
expect(response.body).toEqual(LOGGED_OUT_RESPONSE_BODY);

13
packages/cli/test/integration/auth.mw.test.ts
View file

@ -1,20 +1,22 @@
import express from 'express';
import request from 'supertest';
import type { Role } from '../../src/databases/entities/Role';
import {
REST_PATH_SEGMENT,
ROUTES_REQUIRING_AUTHORIZATION,
ROUTES_REQUIRING_AUTHENTICATION,
ROUTES_REQUIRING_AUTHORIZATION,
} from './shared/constants';
import * as utils from './shared/utils';
import * as testDb from './shared/testDb';
import type { Role } from '../../src/databases/entities/Role';
import type { AuthAgent } from './shared/types';
import * as utils from './shared/utils';
jest.mock('../../src/telemetry');
let app: express.Application;
let testDbName = '';
let globalMemberRole: Role;
let authAgent: AuthAgent;
beforeAll(async () => {
app = await utils.initTestServer({
@ -26,6 +28,8 @@ beforeAll(async () => {
globalMemberRole = await testDb.getGlobalMemberRole();
authAgent = utils.createAuthAgent(app);
utils.initTestLogger();
utils.initTestTelemetry();
});
@ -49,8 +53,7 @@ ROUTES_REQUIRING_AUTHORIZATION.forEach(async (route) => {
test(`${route} should return 403 Forbidden for member`, async () => {
const member = await testDb.createUser({ globalRole: globalMemberRole });
const authMemberAgent = utils.createAgent(app, { auth: true, user: member });
const response = await authMemberAgent[method](endpoint);
const response = await authAgent(member)[method](endpoint);
expect(response.statusCode).toBe(403);
});

551
packages/cli/test/integration/credentials.ee.test.ts Normal file
View file

@ -0,0 +1,551 @@
import express from 'express';
import { UserSettings } from 'n8n-core';
import { In } from 'typeorm';
import { Db, IUser } from '../../src';
import { RESPONSE_ERROR_MESSAGES } from '../../src/constants';
import type { CredentialWithSharings } from '../../src/credentials/credentials.types';
import * as CredentialHelpers from '../../src/credentials/helpers';
import type { Role } from '../../src/databases/entities/Role';
import { randomCredentialPayload } from './shared/random';
import * as testDb from './shared/testDb';
import type { AuthAgent, SaveCredentialFunction } from './shared/types';
import * as utils from './shared/utils';
jest.mock('../../src/telemetry');
// mock whether credentialsSharing is enabled or not
const mockIsCredentialsSharingEnabled = jest.spyOn(
CredentialHelpers,
'isCredentialsSharingEnabled',
);
mockIsCredentialsSharingEnabled.mockReturnValue(true);
let app: express.Application;
let testDbName = '';
let globalOwnerRole: Role;
let globalMemberRole: Role;
let credentialOwnerRole: Role;
let saveCredential: SaveCredentialFunction;
let authAgent: AuthAgent;
beforeAll(async () => {
app = await utils.initTestServer({
endpointGroups: ['credentials'],
applyAuth: true,
});
const initResult = await testDb.init();
testDbName = initResult.testDbName;
utils.initConfigFile();
globalOwnerRole = await testDb.getGlobalOwnerRole();
globalMemberRole = await testDb.getGlobalMemberRole();
credentialOwnerRole = await testDb.getCredentialOwnerRole();
saveCredential = testDb.affixRoleToSaveCredential(credentialOwnerRole);
authAgent = utils.createAuthAgent(app);
utils.initTestLogger();
utils.initTestTelemetry();
});
beforeEach(async () => {
await testDb.truncate(['User', 'SharedCredentials', 'Credentials'], testDbName);
});
afterAll(async () => {
await testDb.terminate(testDbName);
});
// ----------------------------------------
// dynamic router switching
// ----------------------------------------
test('router should switch based on flag', async () => {
const owner = await testDb.createUser({ globalRole: globalOwnerRole });
const member = await testDb.createUser({ globalRole: globalMemberRole });
const savedCredential = await saveCredential(randomCredentialPayload(), { user: owner });
// free router
mockIsCredentialsSharingEnabled.mockReturnValueOnce(false);
const freeShareResponse = authAgent(owner)
.put(`/credentials/${savedCredential.id}/share`)
.send({ shareWithIds: [member.id] });
const freeGetResponse = authAgent(owner).get(`/credentials/${savedCredential.id}`).send();
const [{ statusCode: freeShareStatus }, { statusCode: freeGetStatus }] = await Promise.all([
freeShareResponse,
freeGetResponse,
]);
expect(freeShareStatus).toBe(404);
expect(freeGetStatus).toBe(200);
// EE router
mockIsCredentialsSharingEnabled.mockReturnValueOnce(true);
const eeShareResponse = authAgent(owner)
.put(`/credentials/${savedCredential.id}/share`)
.send({ shareWithIds: [member.id] });
const eeGetResponse = authAgent(owner).get(`/credentials/${savedCredential.id}`).send();
const [{ statusCode: eeShareStatus }, { statusCode: eeGetStatus }] = await Promise.all([
eeShareResponse,
eeGetResponse,
]);
expect(eeShareStatus).toBe(200);
expect(eeGetStatus).toBe(200);
});
// ----------------------------------------
// GET /credentials - fetch all credentials
// ----------------------------------------
test('GET /credentials should return all creds for owner', async () => {
const owner = await testDb.createUser({ globalRole: globalOwnerRole });
const [member1, member2, member3] = await testDb.createManyUsers(3, {
globalRole: globalMemberRole,
});
const savedCredential = await saveCredential(randomCredentialPayload(), { user: owner });
await saveCredential(randomCredentialPayload(), { user: member1 });
const sharedWith = [member1, member2, member3];
await testDb.shareCredentialWithUsers(savedCredential, sharedWith);
const response = await authAgent(owner).get('/credentials');
expect(response.statusCode).toBe(200);
expect(response.body.data.length).toBe(2); // owner retrieved owner cred and member cred
const [ownerCredential, memberCredential] = response.body.data;
validateMainCredentialData(ownerCredential);
expect(ownerCredential.data).toBeUndefined();
validateMainCredentialData(memberCredential);
expect(memberCredential.data).toBeUndefined();
expect(ownerCredential.ownedBy).toMatchObject({
id: owner.id,
email: owner.email,
firstName: owner.firstName,
lastName: owner.lastName,
});
expect(Array.isArray(ownerCredential.sharedWith)).toBe(true);
expect(ownerCredential.sharedWith.length).toBe(3);
ownerCredential.sharedWith.forEach((sharee: IUser, idx: number) => {
expect(sharee).toMatchObject({
id: sharedWith[idx].id,
email: sharedWith[idx].email,
firstName: sharedWith[idx].firstName,
lastName: sharedWith[idx].lastName,
});
});
expect(memberCredential.ownedBy).toMatchObject({
id: member1.id,
email: member1.email,
firstName: member1.firstName,
lastName: member1.lastName,
});
expect(Array.isArray(memberCredential.sharedWith)).toBe(true);
expect(memberCredential.sharedWith.length).toBe(0);
});
test('GET /credentials should return only relevant creds for member', async () => {
const [member1, member2] = await testDb.createManyUsers(2, {
globalRole: globalMemberRole,
});
await saveCredential(randomCredentialPayload(), { user: member2 });
const savedMemberCredential = await saveCredential(randomCredentialPayload(), { user: member1 });
await testDb.shareCredentialWithUsers(savedMemberCredential, [member2]);
const response = await authAgent(member1).get('/credentials');
expect(response.statusCode).toBe(200);
expect(response.body.data.length).toBe(1); // member retrieved only member cred
const [member1Credential] = response.body.data;
validateMainCredentialData(member1Credential);
expect(member1Credential.data).toBeUndefined();
expect(member1Credential.ownedBy).toMatchObject({
id: member1.id,
email: member1.email,
firstName: member1.firstName,
lastName: member1.lastName,
});
expect(Array.isArray(member1Credential.sharedWith)).toBe(true);
expect(member1Credential.sharedWith.length).toBe(1);
const [sharee] = member1Credential.sharedWith;
expect(sharee).toMatchObject({
id: member2.id,
email: member2.email,
firstName: member2.firstName,
lastName: member2.lastName,
});
});
// ----------------------------------------
// GET /credentials/:id - fetch a certain credential
// ----------------------------------------
test('GET /credentials/:id should retrieve owned cred for owner', async () => {
const ownerShell = await testDb.createUserShell(globalOwnerRole);
const authOwnerAgent = authAgent(ownerShell);
const savedCredential = await saveCredential(randomCredentialPayload(), { user: ownerShell });
const firstResponse = await authOwnerAgent.get(`/credentials/${savedCredential.id}`);
expect(firstResponse.statusCode).toBe(200);
const { data: firstCredential } = firstResponse.body;
validateMainCredentialData(firstCredential);
expect(firstCredential.data).toBeUndefined();
expect(firstCredential.ownedBy).toMatchObject({
id: ownerShell.id,
email: ownerShell.email,
firstName: ownerShell.firstName,
lastName: ownerShell.lastName,
});
expect(firstCredential.sharedWith.length).toBe(0);
const secondResponse = await authOwnerAgent
.get(`/credentials/${savedCredential.id}`)
.query({ includeData: true });
expect(secondResponse.statusCode).toBe(200);
const { data: secondCredential } = secondResponse.body;
validateMainCredentialData(secondCredential);
expect(secondCredential.data).toBeDefined();
});
test('GET /credentials/:id should retrieve non-owned cred for owner', async () => {
const owner = await testDb.createUser({ globalRole: globalOwnerRole });
const authOwnerAgent = authAgent(owner);
const [member1, member2] = await testDb.createManyUsers(2, {
globalRole: globalMemberRole,
});
const savedCredential = await saveCredential(randomCredentialPayload(), { user: member1 });
await testDb.shareCredentialWithUsers(savedCredential, [member2]);
const response1 = await authOwnerAgent.get(`/credentials/${savedCredential.id}`);
expect(response1.statusCode).toBe(200);
validateMainCredentialData(response1.body.data);
expect(response1.body.data.data).toBeUndefined();
expect(response1.body.data.ownedBy).toMatchObject({
id: member1.id,
email: member1.email,
firstName: member1.firstName,
lastName: member1.lastName,
});
expect(response1.body.data.sharedWith.length).toBe(1);
expect(response1.body.data.sharedWith[0]).toMatchObject({
id: member2.id,
email: member2.email,
firstName: member2.firstName,
lastName: member2.lastName,
});
const response2 = await authOwnerAgent
.get(`/credentials/${savedCredential.id}`)
.query({ includeData: true });
expect(response2.statusCode).toBe(200);
validateMainCredentialData(response2.body.data);
expect(response2.body.data.data).toBeUndefined();
expect(response2.body.data.sharedWith.length).toBe(1);
});
test('GET /credentials/:id should retrieve owned cred for member', async () => {
const [member1, member2, member3] = await testDb.createManyUsers(3, {
globalRole: globalMemberRole,
});
const authMemberAgent = authAgent(member1);
const savedCredential = await saveCredential(randomCredentialPayload(), { user: member1 });
await testDb.shareCredentialWithUsers(savedCredential, [member2, member3]);
const firstResponse = await authMemberAgent.get(`/credentials/${savedCredential.id}`);
expect(firstResponse.statusCode).toBe(200);
const { data: firstCredential } = firstResponse.body;
validateMainCredentialData(firstCredential);
expect(firstCredential.data).toBeUndefined();
expect(firstCredential.ownedBy).toMatchObject({
id: member1.id,
email: member1.email,
firstName: member1.firstName,
lastName: member1.lastName,
});
expect(firstCredential.sharedWith.length).toBe(2);
firstCredential.sharedWith.forEach((sharee: IUser, idx: number) => {
expect([member2.id, member3.id]).toContain(sharee.id);
});
const secondResponse = await authMemberAgent
.get(`/credentials/${savedCredential.id}`)
.query({ includeData: true });
expect(secondResponse.statusCode).toBe(200);
const { data: secondCredential } = secondResponse.body;
validateMainCredentialData(secondCredential);
expect(secondCredential.data).toBeDefined();
expect(firstCredential.sharedWith.length).toBe(2);
});
test('GET /credentials/:id should not retrieve non-owned cred for member', async () => {
const ownerShell = await testDb.createUserShell(globalOwnerRole);
const member = await testDb.createUser({ globalRole: globalMemberRole });
const savedCredential = await saveCredential(randomCredentialPayload(), { user: ownerShell });
const response = await authAgent(member).get(`/credentials/${savedCredential.id}`);
expect(response.statusCode).toBe(403);
expect(response.body.data).toBeUndefined(); // owner's cred not returned
});
test('GET /credentials/:id should fail with missing encryption key', async () => {
const ownerShell = await testDb.createUserShell(globalOwnerRole);
const savedCredential = await saveCredential(randomCredentialPayload(), { user: ownerShell });
const mock = jest.spyOn(UserSettings, 'getEncryptionKey');
mock.mockRejectedValue(new Error(RESPONSE_ERROR_MESSAGES.NO_ENCRYPTION_KEY));
const response = await authAgent(ownerShell)
.get(`/credentials/${savedCredential.id}`)
.query({ includeData: true });
expect(response.statusCode).toBe(500);
mock.mockRestore();
});
test('GET /credentials/:id should return 404 if cred not found', async () => {
const ownerShell = await testDb.createUserShell(globalOwnerRole);
const response = await authAgent(ownerShell).get('/credentials/789');
expect(response.statusCode).toBe(404);
const responseAbc = await authAgent(ownerShell).get('/credentials/abc');
expect(responseAbc.statusCode).toBe(400);
// because EE router has precedence, check if forwards this route
const responseNew = await authAgent(ownerShell).get('/credentials/new');
expect(responseNew.statusCode).toBe(200);
});
// ----------------------------------------
// indempotent share/unshare
// ----------------------------------------
test('PUT /credentials/:id/share should share the credential with the provided userIds and unshare it for missing ones', async () => {
const owner = await testDb.createUser({ globalRole: globalOwnerRole });
const savedCredential = await saveCredential(randomCredentialPayload(), { user: owner });
const [member1, member2, member3, member4, member5] = await testDb.createManyUsers(5, {
globalRole: globalMemberRole,
});
const shareWithIds = [member1.id, member2.id, member3.id];
await testDb.shareCredentialWithUsers(savedCredential, [member4, member5]);
const response = await authAgent(owner)
.put(`/credentials/${savedCredential.id}/share`)
.send({ shareWithIds });
expect(response.statusCode).toBe(200);
expect(response.body.data).toBeUndefined();
const sharedCredentials = await Db.collections.SharedCredentials.find({
relations: ['role'],
where: { credentials: savedCredential },
});
// check that sharings have been removed/added correctly
expect(sharedCredentials.length).toBe(shareWithIds.length + 1); // +1 for the owner
sharedCredentials.forEach((sharedCredential) => {
if (sharedCredential.userId === owner.id) {
expect(sharedCredential.role.name).toBe('owner');
expect(sharedCredential.role.scope).toBe('credential');
return;
}
expect(shareWithIds).toContain(sharedCredential.userId);
expect(sharedCredential.role.name).toBe('user');
expect(sharedCredential.role.scope).toBe('credential');
});
});
// ----------------------------------------
// share
// ----------------------------------------
test('PUT /credentials/:id/share should share the credential with the provided userIds', async () => {
const owner = await testDb.createUser({ globalRole: globalOwnerRole });
const [member1, member2, member3] = await testDb.createManyUsers(3, {
globalRole: globalMemberRole,
});
const memberIds = [member1.id, member2.id, member3.id];
const savedCredential = await saveCredential(randomCredentialPayload(), { user: owner });
const response = await authAgent(owner)
.put(`/credentials/${savedCredential.id}/share`)
.send({ shareWithIds: memberIds });
expect(response.statusCode).toBe(200);
expect(response.body.data).toBeUndefined();
// check that sharings got correctly set in DB
const sharedCredentials = await Db.collections.SharedCredentials.find({
relations: ['role'],
where: { credentials: savedCredential, user: { id: In([...memberIds]) } },
});
expect(sharedCredentials.length).toBe(memberIds.length);
sharedCredentials.forEach((sharedCredential) => {
expect(sharedCredential.role.name).toBe('user');
expect(sharedCredential.role.scope).toBe('credential');
});
// check that owner still exists
const ownerSharedCredential = await Db.collections.SharedCredentials.findOneOrFail({
relations: ['role'],
where: { credentials: savedCredential, user: owner },
});
expect(ownerSharedCredential.role.name).toBe('owner');
expect(ownerSharedCredential.role.scope).toBe('credential');
});
test('PUT /credentials/:id/share should respond 403 for non-existing credentials', async () => {
const owner = await testDb.createUser({ globalRole: globalOwnerRole });
const member = await testDb.createUser({ globalRole: globalMemberRole });
const response = await authAgent(owner)
.put(`/credentials/1234567/share`)
.send({ shareWithIds: [member.id] });
expect(response.statusCode).toBe(403);
});
test('PUT /credentials/:id/share should respond 403 for non-owned credentials', async () => {
const owner = await testDb.createUser({ globalRole: globalOwnerRole });
const member = await testDb.createUser({ globalRole: globalMemberRole });
const savedCredential = await saveCredential(randomCredentialPayload(), { user: member });
const response = await authAgent(owner)
.put(`/credentials/${savedCredential.id}/share`)
.send({ shareWithIds: [member.id] });
expect(response.statusCode).toBe(403);
});
test('PUT /credentials/:id/share should ignore pending sharee', async () => {
const owner = await testDb.createUser({ globalRole: globalOwnerRole });
const memberShell = await testDb.createUserShell(globalMemberRole);
const savedCredential = await saveCredential(randomCredentialPayload(), { user: owner });
const response = await authAgent(owner)
.put(`/credentials/${savedCredential.id}/share`)
.send({ shareWithIds: [memberShell.id] });
expect(response.statusCode).toBe(200);
const sharedCredentials = await Db.collections.SharedCredentials.find({
where: { credentials: savedCredential },
});
expect(sharedCredentials.length).toBe(1);
expect(sharedCredentials[0].userId).toBe(owner.id);
});
test('PUT /credentials/:id/share should ignore non-existing sharee', async () => {
const owner = await testDb.createUser({ globalRole: globalOwnerRole });
const savedCredential = await saveCredential(randomCredentialPayload(), { user: owner });
const response = await authAgent(owner)
.put(`/credentials/${savedCredential.id}/share`)
.send({ shareWithIds: ['bce38a11-5e45-4d1c-a9ee-36e4a20ab0fc'] });
expect(response.statusCode).toBe(200);
const sharedCredentials = await Db.collections.SharedCredentials.find({
where: { credentials: savedCredential },
});
expect(sharedCredentials.length).toBe(1);
expect(sharedCredentials[0].userId).toBe(owner.id);
});
test('PUT /credentials/:id/share should respond 400 if invalid payload is provided', async () => {
const owner = await testDb.createUser({ globalRole: globalOwnerRole });
const savedCredential = await saveCredential(randomCredentialPayload(), { user: owner });
const responses = await Promise.all([
authAgent(owner).put(`/credentials/${savedCredential.id}/share`).send(),
authAgent(owner)
.put(`/credentials/${savedCredential.id}/share`)
.send({ shareWithIds: [1] }),
]);
responses.forEach((response) => expect(response.statusCode).toBe(400));
});
// ----------------------------------------
// unshare
// ----------------------------------------
test('PUT /credentials/:id/share should unshare the credential', async () => {
const owner = await testDb.createUser({ globalRole: globalOwnerRole });
const savedCredential = await saveCredential(randomCredentialPayload(), { user: owner });
const [member1, member2] = await testDb.createManyUsers(2, {
globalRole: globalMemberRole,
});
await testDb.shareCredentialWithUsers(savedCredential, [member1, member2]);
const response = await authAgent(owner)
.put(`/credentials/${savedCredential.id}/share`)
.send({ shareWithIds: [] });
expect(response.statusCode).toBe(200);
const sharedCredentials = await Db.collections.SharedCredentials.find({
where: { credentials: savedCredential },
});
expect(sharedCredentials.length).toBe(1);
expect(sharedCredentials[0].userId).toBe(owner.id);
});
function validateMainCredentialData(credential: CredentialWithSharings) {
expect(typeof credential.name).toBe('string');
expect(typeof credential.type).toBe('string');
expect(typeof credential.nodesAccess[0].nodeType).toBe('string');
expect(credential.ownedBy).toBeDefined();
expect(Array.isArray(credential.sharedWith)).toBe(true);
}

327
packages/cli/test/integration/credentials.api.test.ts → packages/cli/test/integration/credentials.test.ts
View file

@ -1,22 +1,34 @@
import express from 'express';
import { UserSettings } from 'n8n-core';
import { Db } from '../../src';
import { randomCredentialPayload, randomName, randomString } from './shared/random';
import * as utils from './shared/utils';
import type { CredentialPayload, SaveCredentialFunction } from './shared/types';
import type { Role } from '../../src/databases/entities/Role';
import type { User } from '../../src/databases/entities/User';
import * as testDb from './shared/testDb';
import { RESPONSE_ERROR_MESSAGES } from '../../src/constants';
import { CredentialsEntity } from '../../src/databases/entities/CredentialsEntity';
import * as CredentialHelpers from '../../src/credentials/helpers';
import type { Role } from '../../src/databases/entities/Role';
import { randomCredentialPayload, randomName, randomString } from './shared/random';
import * as testDb from './shared/testDb';
import type { SaveCredentialFunction } from './shared/types';
import * as utils from './shared/utils';
import config from '../../config';
import type { CredentialsEntity } from '../../src/databases/entities/CredentialsEntity';
import type { AuthAgent } from './shared/types';
jest.mock('../../src/telemetry');
// mock that credentialsSharing is not enabled
const mockIsCredentialsSharingEnabled = jest.spyOn(
CredentialHelpers,
'isCredentialsSharingEnabled',
);
mockIsCredentialsSharingEnabled.mockReturnValue(false);
let app: express.Application;
let testDbName = '';
let globalOwnerRole: Role;
let globalMemberRole: Role;
let saveCredential: SaveCredentialFunction;
let authAgent: AuthAgent;
beforeAll(async () => {
app = await utils.initTestServer({
@ -31,7 +43,10 @@ beforeAll(async () => {
globalOwnerRole = await testDb.getGlobalOwnerRole();
globalMemberRole = await testDb.getGlobalMemberRole();
const credentialOwnerRole = await testDb.getCredentialOwnerRole();
saveCredential = affixRoleToSaveCredential(credentialOwnerRole);
saveCredential = testDb.affixRoleToSaveCredential(credentialOwnerRole);
authAgent = utils.createAuthAgent(app);
utils.initTestLogger();
utils.initTestTelemetry();
@ -45,13 +60,62 @@ afterAll(async () => {
await testDb.terminate(testDbName);
});
// ----------------------------------------
// GET /credentials - fetch all credentials
// ----------------------------------------
test('GET /credentials should return all creds for owner', async () => {
const [owner, member] = await Promise.all([
testDb.createUser({ globalRole: globalOwnerRole }),
testDb.createUser({ globalRole: globalMemberRole }),
]);
const [{ id: savedOwnerCredentialId }, { id: savedMemberCredentialId }] = await Promise.all([
saveCredential(randomCredentialPayload(), { user: owner }),
saveCredential(randomCredentialPayload(), { user: member }),
]);
const response = await authAgent(owner).get('/credentials');
expect(response.statusCode).toBe(200);
expect(response.body.data.length).toBe(2); // owner retrieved owner cred and member cred
const savedCredentialsIds = [savedOwnerCredentialId, savedMemberCredentialId];
response.body.data.forEach((credential: CredentialsEntity) => {
validateMainCredentialData(credential);
expect(credential.data).toBeUndefined();
expect(savedCredentialsIds.includes(Number(credential.id))).toBe(true);
});
});
test('GET /credentials should return only own creds for member', async () => {
const [member1, member2] = await testDb.createManyUsers(2, {
globalRole: globalMemberRole,
});
const [savedCredential1] = await Promise.all([
saveCredential(randomCredentialPayload(), { user: member1 }),
saveCredential(randomCredentialPayload(), { user: member2 }),
]);
const response = await authAgent(member1).get('/credentials');
expect(response.statusCode).toBe(200);
expect(response.body.data.length).toBe(1); // member retrieved only own cred
const [member1Credential] = response.body.data;
validateMainCredentialData(member1Credential);
expect(member1Credential.data).toBeUndefined();
expect(member1Credential.id).toBe(savedCredential1.id.toString());
});
test('POST /credentials should create cred', async () => {
const ownerShell = await testDb.createUserShell(globalOwnerRole);
const authOwnerAgent = utils.createAgent(app, { auth: true, user: ownerShell });
const payload = randomCredentialPayload();
const response = await authOwnerAgent.post('/credentials').send(payload);
const response = await authAgent(ownerShell).post('/credentials').send(payload);
expect(response.statusCode).toBe(200);
@ -59,6 +123,9 @@ test('POST /credentials should create cred', async () => {
expect(name).toBe(payload.name);
expect(type).toBe(payload.type);
if (!payload.nodesAccess) {
fail('Payload did not contain a nodesAccess array');
}
expect(nodesAccess[0].nodeType).toBe(payload.nodesAccess[0].nodeType);
expect(encryptedData).not.toBe(payload.data);
@ -66,7 +133,7 @@ test('POST /credentials should create cred', async () => {
expect(credential.name).toBe(payload.name);
expect(credential.type).toBe(payload.type);
expect(credential.nodesAccess[0].nodeType).toBe(payload.nodesAccess[0].nodeType);
expect(credential.nodesAccess[0].nodeType).toBe(payload.nodesAccess![0].nodeType);
expect(credential.data).not.toBe(payload.data);
const sharedCredential = await Db.collections.SharedCredentials.findOneOrFail({
@ -80,7 +147,7 @@ test('POST /credentials should create cred', async () => {
test('POST /credentials should fail with invalid inputs', async () => {
const ownerShell = await testDb.createUserShell(globalOwnerRole);
const authOwnerAgent = utils.createAgent(app, { auth: true, user: ownerShell });
const authOwnerAgent = authAgent(ownerShell);
await Promise.all(
INVALID_PAYLOADS.map(async (invalidPayload) => {
@ -95,9 +162,8 @@ test('POST /credentials should fail with missing encryption key', async () => {
mock.mockRejectedValue(new Error(RESPONSE_ERROR_MESSAGES.NO_ENCRYPTION_KEY));
const ownerShell = await testDb.createUserShell(globalOwnerRole);
const authOwnerAgent = utils.createAgent(app, { auth: true, user: ownerShell });
const response = await authOwnerAgent.post('/credentials').send(randomCredentialPayload());
const response = await authAgent(ownerShell).post('/credentials').send(randomCredentialPayload());
expect(response.statusCode).toBe(500);
@ -106,7 +172,7 @@ test('POST /credentials should fail with missing encryption key', async () => {
test('POST /credentials should ignore ID in payload', async () => {
const ownerShell = await testDb.createUserShell(globalOwnerRole);
const authOwnerAgent = utils.createAgent(app, { auth: true, user: ownerShell });
const authOwnerAgent = authAgent(ownerShell);
const firstResponse = await authOwnerAgent
.post('/credentials')
@ -123,10 +189,9 @@ test('POST /credentials should ignore ID in payload', async () => {
test('DELETE /credentials/:id should delete owned cred for owner', async () => {
const ownerShell = await testDb.createUserShell(globalOwnerRole);
const authOwnerAgent = utils.createAgent(app, { auth: true, user: ownerShell });
const savedCredential = await saveCredential(randomCredentialPayload(), { user: ownerShell });
const response = await authOwnerAgent.delete(`/credentials/${savedCredential.id}`);
const response = await authAgent(ownerShell).delete(`/credentials/${savedCredential.id}`);
expect(response.statusCode).toBe(200);
expect(response.body).toEqual({ data: true });
@ -142,11 +207,10 @@ test('DELETE /credentials/:id should delete owned cred for owner', async () => {
test('DELETE /credentials/:id should delete non-owned cred for owner', async () => {
const ownerShell = await testDb.createUserShell(globalOwnerRole);
const authOwnerAgent = utils.createAgent(app, { auth: true, user: ownerShell });
const member = await testDb.createUser({ globalRole: globalMemberRole });
const savedCredential = await saveCredential(randomCredentialPayload(), { user: member });
const response = await authOwnerAgent.delete(`/credentials/${savedCredential.id}`);
const response = await authAgent(ownerShell).delete(`/credentials/${savedCredential.id}`);
expect(response.statusCode).toBe(200);
expect(response.body).toEqual({ data: true });
@ -162,10 +226,9 @@ test('DELETE /credentials/:id should delete non-owned cred for owner', async ()
test('DELETE /credentials/:id should delete owned cred for member', async () => {
const member = await testDb.createUser({ globalRole: globalMemberRole });
const authMemberAgent = utils.createAgent(app, { auth: true, user: member });
const savedCredential = await saveCredential(randomCredentialPayload(), { user: member });
const response = await authMemberAgent.delete(`/credentials/${savedCredential.id}`);
const response = await authAgent(member).delete(`/credentials/${savedCredential.id}`);
expect(response.statusCode).toBe(200);
expect(response.body).toEqual({ data: true });
@ -182,10 +245,9 @@ test('DELETE /credentials/:id should delete owned cred for member', async () =>
test('DELETE /credentials/:id should not delete non-owned cred for member', async () => {
const ownerShell = await testDb.createUserShell(globalOwnerRole);
const member = await testDb.createUser({ globalRole: globalMemberRole });
const authMemberAgent = utils.createAgent(app, { auth: true, user: member });
const savedCredential = await saveCredential(randomCredentialPayload(), { user: ownerShell });
const response = await authMemberAgent.delete(`/credentials/${savedCredential.id}`);
const response = await authAgent(member).delete(`/credentials/${savedCredential.id}`);
expect(response.statusCode).toBe(404);
@ -200,20 +262,18 @@ test('DELETE /credentials/:id should not delete non-owned cred for member', asyn
test('DELETE /credentials/:id should fail if cred not found', async () => {
const ownerShell = await testDb.createUserShell(globalOwnerRole);
const authOwnerAgent = utils.createAgent(app, { auth: true, user: ownerShell });
const response = await authOwnerAgent.delete('/credentials/123');
const response = await authAgent(ownerShell).delete('/credentials/123');
expect(response.statusCode).toBe(404);
});
test('PATCH /credentials/:id should update owned cred for owner', async () => {
const ownerShell = await testDb.createUserShell(globalOwnerRole);
const authOwnerAgent = utils.createAgent(app, { auth: true, user: ownerShell });
const savedCredential = await saveCredential(randomCredentialPayload(), { user: ownerShell });
const patchPayload = randomCredentialPayload();
const response = await authOwnerAgent
const response = await authAgent(ownerShell)
.patch(`/credentials/${savedCredential.id}`)
.send(patchPayload);
@ -223,14 +283,18 @@ test('PATCH /credentials/:id should update owned cred for owner', async () => {
expect(name).toBe(patchPayload.name);
expect(type).toBe(patchPayload.type);
if (!patchPayload.nodesAccess) {
fail('Payload did not contain a nodesAccess array');
}
expect(nodesAccess[0].nodeType).toBe(patchPayload.nodesAccess[0].nodeType);
expect(encryptedData).not.toBe(patchPayload.data);
const credential = await Db.collections.Credentials.findOneOrFail(id);
expect(credential.name).toBe(patchPayload.name);
expect(credential.type).toBe(patchPayload.type);
expect(credential.nodesAccess[0].nodeType).toBe(patchPayload.nodesAccess[0].nodeType);
expect(credential.nodesAccess[0].nodeType).toBe(patchPayload.nodesAccess![0].nodeType);
expect(credential.data).not.toBe(patchPayload.data);
const sharedCredential = await Db.collections.SharedCredentials.findOneOrFail({
@ -243,12 +307,11 @@ test('PATCH /credentials/:id should update owned cred for owner', async () => {
test('PATCH /credentials/:id should update non-owned cred for owner', async () => {
const ownerShell = await testDb.createUserShell(globalOwnerRole);
const authOwnerAgent = utils.createAgent(app, { auth: true, user: ownerShell });
const member = await testDb.createUser({ globalRole: globalMemberRole });
const savedCredential = await saveCredential(randomCredentialPayload(), { user: member });
const patchPayload = randomCredentialPayload();
const response = await authOwnerAgent
const response = await authAgent(ownerShell)
.patch(`/credentials/${savedCredential.id}`)
.send(patchPayload);
@ -258,14 +321,19 @@ test('PATCH /credentials/:id should update non-owned cred for owner', async () =
expect(name).toBe(patchPayload.name);
expect(type).toBe(patchPayload.type);
if (!patchPayload.nodesAccess) {
fail('Payload did not contain a nodesAccess array');
}
expect(nodesAccess[0].nodeType).toBe(patchPayload.nodesAccess[0].nodeType);
expect(encryptedData).not.toBe(patchPayload.data);
const credential = await Db.collections.Credentials.findOneOrFail(id);
expect(credential.name).toBe(patchPayload.name);
expect(credential.type).toBe(patchPayload.type);
expect(credential.nodesAccess[0].nodeType).toBe(patchPayload.nodesAccess[0].nodeType);
expect(credential.nodesAccess[0].nodeType).toBe(patchPayload.nodesAccess![0].nodeType);
expect(credential.data).not.toBe(patchPayload.data);
const sharedCredential = await Db.collections.SharedCredentials.findOneOrFail({
@ -278,11 +346,10 @@ test('PATCH /credentials/:id should update non-owned cred for owner', async () =
test('PATCH /credentials/:id should update owned cred for member', async () => {
const member = await testDb.createUser({ globalRole: globalMemberRole });
const authMemberAgent = utils.createAgent(app, { auth: true, user: member });
const savedCredential = await saveCredential(randomCredentialPayload(), { user: member });
const patchPayload = randomCredentialPayload();
const response = await authMemberAgent
const response = await authAgent(member)
.patch(`/credentials/${savedCredential.id}`)
.send(patchPayload);
@ -292,14 +359,19 @@ test('PATCH /credentials/:id should update owned cred for member', async () => {
expect(name).toBe(patchPayload.name);
expect(type).toBe(patchPayload.type);
if (!patchPayload.nodesAccess) {
fail('Payload did not contain a nodesAccess array');
}
expect(nodesAccess[0].nodeType).toBe(patchPayload.nodesAccess[0].nodeType);
expect(encryptedData).not.toBe(patchPayload.data);
const credential = await Db.collections.Credentials.findOneOrFail(id);
expect(credential.name).toBe(patchPayload.name);
expect(credential.type).toBe(patchPayload.type);
expect(credential.nodesAccess[0].nodeType).toBe(patchPayload.nodesAccess[0].nodeType);
expect(credential.nodesAccess[0].nodeType).toBe(patchPayload.nodesAccess![0].nodeType);
expect(credential.data).not.toBe(patchPayload.data);
const sharedCredential = await Db.collections.SharedCredentials.findOneOrFail({
@ -313,11 +385,10 @@ test('PATCH /credentials/:id should update owned cred for member', async () => {
test('PATCH /credentials/:id should not update non-owned cred for member', async () => {
const ownerShell = await testDb.createUserShell(globalOwnerRole);
const member = await testDb.createUser({ globalRole: globalMemberRole });
const authMemberAgent = utils.createAgent(app, { auth: true, user: member });
const savedCredential = await saveCredential(randomCredentialPayload(), { user: ownerShell });
const patchPayload = randomCredentialPayload();
const response = await authMemberAgent
const response = await authAgent(member)
.patch(`/credentials/${savedCredential.id}`)
.send(patchPayload);
@ -330,7 +401,7 @@ test('PATCH /credentials/:id should not update non-owned cred for member', async
test('PATCH /credentials/:id should fail with invalid inputs', async () => {
const ownerShell = await testDb.createUserShell(globalOwnerRole);
const authOwnerAgent = utils.createAgent(app, { auth: true, user: ownerShell });
const authOwnerAgent = authAgent(ownerShell);
const savedCredential = await saveCredential(randomCredentialPayload(), { user: ownerShell });
await Promise.all(
@ -339,6 +410,9 @@ test('PATCH /credentials/:id should fail with invalid inputs', async () => {
.patch(`/credentials/${savedCredential.id}`)
.send(invalidPayload);
if (response.statusCode === 500) {
console.log(response.statusCode, response.body);
}
expect(response.statusCode).toBe(400);
}),
);
@ -346,9 +420,10 @@ test('PATCH /credentials/:id should fail with invalid inputs', async () => {
test('PATCH /credentials/:id should fail if cred not found', async () => {
const ownerShell = await testDb.createUserShell(globalOwnerRole);
const authOwnerAgent = utils.createAgent(app, { auth: true, user: ownerShell });
const response = await authOwnerAgent.patch('/credentials/123').send(randomCredentialPayload());
const response = await authAgent(ownerShell)
.patch('/credentials/123')
.send(randomCredentialPayload());
expect(response.statusCode).toBe(404);
});
@ -358,121 +433,84 @@ test('PATCH /credentials/:id should fail with missing encryption key', async ()
mock.mockRejectedValue(new Error(RESPONSE_ERROR_MESSAGES.NO_ENCRYPTION_KEY));
const ownerShell = await testDb.createUserShell(globalOwnerRole);
const authOwnerAgent = utils.createAgent(app, { auth: true, user: ownerShell });
const response = await authOwnerAgent.post('/credentials').send(randomCredentialPayload());
const response = await authAgent(ownerShell).post('/credentials').send(randomCredentialPayload());
expect(response.statusCode).toBe(500);
mock.mockRestore();
});
test('GET /credentials should retrieve all creds for owner', async () => {
const ownerShell = await testDb.createUserShell(globalOwnerRole);
const authOwnerAgent = utils.createAgent(app, { auth: true, user: ownerShell });
test('GET /credentials/new should return default name for new credential or its increment', async () => {
const ownerShell = await testDb.createUser({ globalRole: globalOwnerRole });
const authOwnerAgent = authAgent(ownerShell);
const name = config.getEnv('credentials.defaultName');
let tempName = name;
for (let i = 0; i < 3; i++) {
await saveCredential(randomCredentialPayload(), { user: ownerShell });
for (let i = 0; i < 4; i++) {
const response = await authOwnerAgent.get(`/credentials/new?name=${name}`);
expect(response.statusCode).toBe(200);
if (i === 0) {
expect(response.body.data.name).toBe(name);
} else {
tempName = name + ' ' + (i + 1);
expect(response.body.data.name).toBe(tempName);
}
await saveCredential({ ...randomCredentialPayload(), name: tempName }, { user: ownerShell });
}
const member = await testDb.createUser({ globalRole: globalMemberRole });
await saveCredential(randomCredentialPayload(), { user: member });
const response = await authOwnerAgent.get('/credentials');
expect(response.statusCode).toBe(200);
expect(response.body.data.length).toBe(4); // 3 owner + 1 member
await Promise.all(
response.body.data.map(async (credential: CredentialsEntity) => {
const { name, type, nodesAccess, data: encryptedData } = credential;
expect(typeof name).toBe('string');
expect(typeof type).toBe('string');
expect(typeof nodesAccess[0].nodeType).toBe('string');
expect(encryptedData).toBeUndefined();
}),
);
});
test('GET /credentials should retrieve owned creds for member', async () => {
const member = await testDb.createUser({ globalRole: globalMemberRole });
const authMemberAgent = utils.createAgent(app, { auth: true, user: member });
test('GET /credentials/new should return name from query for new credential or its increment', async () => {
const ownerShell = await testDb.createUser({ globalRole: globalOwnerRole });
const authOwnerAgent = authAgent(ownerShell);
const name = 'special credential name';
let tempName = name;
for (let i = 0; i < 3; i++) {
await saveCredential(randomCredentialPayload(), { user: member });
for (let i = 0; i < 4; i++) {
const response = await authOwnerAgent.get(`/credentials/new?name=${name}`);
expect(response.statusCode).toBe(200);
if (i === 0) {
expect(response.body.data.name).toBe(name);
} else {
tempName = name + ' ' + (i + 1);
expect(response.body.data.name).toBe(tempName);
}
await saveCredential({ ...randomCredentialPayload(), name: tempName }, { user: ownerShell });
}
const response = await authMemberAgent.get('/credentials');
expect(response.statusCode).toBe(200);
expect(response.body.data.length).toBe(3);
await Promise.all(
response.body.data.map(async (credential: CredentialsEntity) => {
const { name, type, nodesAccess, data: encryptedData } = credential;
expect(typeof name).toBe('string');
expect(typeof type).toBe('string');
expect(typeof nodesAccess[0].nodeType).toBe('string');
expect(encryptedData).toBeUndefined();
}),
);
});
test('GET /credentials should not retrieve non-owned creds for member', async () => {
const ownerShell = await testDb.createUserShell(globalOwnerRole);
const member = await testDb.createUser({ globalRole: globalMemberRole });
const authMemberAgent = utils.createAgent(app, { auth: true, user: member });
for (let i = 0; i < 3; i++) {
await saveCredential(randomCredentialPayload(), { user: ownerShell });
}
const response = await authMemberAgent.get('/credentials');
expect(response.statusCode).toBe(200);
expect(response.body.data.length).toBe(0); // owner's creds not returned
});
test('GET /credentials/:id should retrieve owned cred for owner', async () => {
const ownerShell = await testDb.createUserShell(globalOwnerRole);
const authOwnerAgent = utils.createAgent(app, { auth: true, user: ownerShell });
const authOwnerAgent = authAgent(ownerShell);
const savedCredential = await saveCredential(randomCredentialPayload(), { user: ownerShell });
const firstResponse = await authOwnerAgent.get(`/credentials/${savedCredential.id}`);
expect(firstResponse.statusCode).toBe(200);
expect(typeof firstResponse.body.data.name).toBe('string');
expect(typeof firstResponse.body.data.type).toBe('string');
expect(typeof firstResponse.body.data.nodesAccess[0].nodeType).toBe('string');
validateMainCredentialData(firstResponse.body.data);
expect(firstResponse.body.data.data).toBeUndefined();
const secondResponse = await authOwnerAgent
.get(`/credentials/${savedCredential.id}`)
.query({ includeData: true });
expect(secondResponse.statusCode).toBe(200);
expect(typeof secondResponse.body.data.name).toBe('string');
expect(typeof secondResponse.body.data.type).toBe('string');
expect(typeof secondResponse.body.data.nodesAccess[0].nodeType).toBe('string');
validateMainCredentialData(secondResponse.body.data);
expect(secondResponse.body.data.data).toBeDefined();
});
test('GET /credentials/:id should retrieve owned cred for member', async () => {
const member = await testDb.createUser({ globalRole: globalMemberRole });
const authMemberAgent = utils.createAgent(app, { auth: true, user: member });
const authMemberAgent = authAgent(member);
const savedCredential = await saveCredential(randomCredentialPayload(), { user: member });
const firstResponse = await authMemberAgent.get(`/credentials/${savedCredential.id}`);
expect(firstResponse.statusCode).toBe(200);
expect(typeof firstResponse.body.data.name).toBe('string');
expect(typeof firstResponse.body.data.type).toBe('string');
expect(typeof firstResponse.body.data.nodesAccess[0].nodeType).toBe('string');
validateMainCredentialData(firstResponse.body.data);
expect(firstResponse.body.data.data).toBeUndefined();
const secondResponse = await authMemberAgent
@ -481,19 +519,40 @@ test('GET /credentials/:id should retrieve owned cred for member', async () => {
expect(secondResponse.statusCode).toBe(200);
expect(typeof secondResponse.body.data.name).toBe('string');
expect(typeof secondResponse.body.data.type).toBe('string');
expect(typeof secondResponse.body.data.nodesAccess[0].nodeType).toBe('string');
validateMainCredentialData(secondResponse.body.data);
expect(secondResponse.body.data.data).toBeDefined();
});
test('GET /credentials/:id should retrieve non-owned cred for owner', async () => {
const owner = await testDb.createUser({ globalRole: globalOwnerRole });
const authOwnerAgent = authAgent(owner);
const member = await testDb.createUser({ globalRole: globalMemberRole });
const savedCredential = await saveCredential(randomCredentialPayload(), { user: member });
const response1 = await authOwnerAgent.get(`/credentials/${savedCredential.id}`);
expect(response1.statusCode).toBe(200);
validateMainCredentialData(response1.body.data);
expect(response1.body.data.data).toBeUndefined();
const response2 = await authOwnerAgent
.get(`/credentials/${savedCredential.id}`)
.query({ includeData: true });
expect(response2.statusCode).toBe(200);
validateMainCredentialData(response2.body.data);
expect(response2.body.data.data).toBeDefined();
});
test('GET /credentials/:id should not retrieve non-owned cred for member', async () => {
const ownerShell = await testDb.createUserShell(globalOwnerRole);
const member = await testDb.createUser({ globalRole: globalMemberRole });
const authMemberAgent = utils.createAgent(app, { auth: true, user: member });
const savedCredential = await saveCredential(randomCredentialPayload(), { user: ownerShell });
const response = await authMemberAgent.get(`/credentials/${savedCredential.id}`);
const response = await authAgent(member).get(`/credentials/${savedCredential.id}`);
expect(response.statusCode).toBe(404);
expect(response.body.data).toBeUndefined(); // owner's cred not returned
@ -501,13 +560,12 @@ test('GET /credentials/:id should not retrieve non-owned cred for member', async
test('GET /credentials/:id should fail with missing encryption key', async () => {
const ownerShell = await testDb.createUserShell(globalOwnerRole);
const authOwnerAgent = utils.createAgent(app, { auth: true, user: ownerShell });
const savedCredential = await saveCredential(randomCredentialPayload(), { user: ownerShell });
const mock = jest.spyOn(UserSettings, 'getEncryptionKey');
mock.mockRejectedValue(new Error(RESPONSE_ERROR_MESSAGES.NO_ENCRYPTION_KEY));
const response = await authOwnerAgent
const response = await authAgent(ownerShell)
.get(`/credentials/${savedCredential.id}`)
.query({ includeData: true });
@ -518,13 +576,28 @@ test('GET /credentials/:id should fail with missing encryption key', async () =>
test('GET /credentials/:id should return 404 if cred not found', async () => {
const ownerShell = await testDb.createUserShell(globalOwnerRole);
const authMemberAgent = utils.createAgent(app, { auth: true, user: ownerShell });
const response = await authMemberAgent.get('/credentials/789');
const response = await authAgent(ownerShell).get('/credentials/789');
expect(response.statusCode).toBe(404);
});
test('GET /credentials/:id should return 400 if id is not a number', async () => {
const ownerShell = await testDb.createUserShell(globalOwnerRole);
const responseAbc = await authAgent(ownerShell).get('/credentials/abc');
expect(responseAbc.statusCode).toBe(400);
});
function validateMainCredentialData(credential: CredentialsEntity) {
expect(typeof credential.name).toBe('string');
expect(typeof credential.type).toBe('string');
expect(typeof credential.nodesAccess[0].nodeType).toBe('string');
// @ts-ignore
expect(credential.ownedBy).toBeUndefined();
// @ts-ignore
expect(credential.sharedWith).toBeUndefined();
}
const INVALID_PAYLOADS = [
{
type: randomName(),
@ -547,11 +620,5 @@ const INVALID_PAYLOADS = [
nodesAccess: [{ nodeType: randomName() }],
},
{},
[],
undefined,
];
function affixRoleToSaveCredential(role: Role) {
return (credentialPayload: CredentialPayload, { user }: { user: User }) =>
testDb.saveCredential(credentialPayload, { user, role });
}

59
packages/cli/test/integration/me.api.test.ts
View file

@ -1,12 +1,11 @@
import express from 'express';
import validator from 'validator';
import { IsNull } from 'typeorm';
import validator from 'validator';
import config from '../../config';
import * as utils from './shared/utils';
import { SUCCESS_RESPONSE_BODY } from './shared/constants';
import { Db } from '../../src';
import type { Role } from '../../src/databases/entities/Role';
import { SUCCESS_RESPONSE_BODY } from './shared/constants';
import {
randomApiKey,
randomEmail,
@ -15,6 +14,8 @@ import {
randomValidPassword,
} from './shared/random';
import * as testDb from './shared/testDb';
import type { AuthAgent } from './shared/types';
import * as utils from './shared/utils';
jest.mock('../../src/telemetry');
@ -22,6 +23,7 @@ let app: express.Application;
let testDbName = '';
let globalOwnerRole: Role;
let globalMemberRole: Role;
let authAgent: AuthAgent;
beforeAll(async () => {
app = await utils.initTestServer({ endpointGroups: ['me'], applyAuth: true });
@ -30,6 +32,9 @@ beforeAll(async () => {
globalOwnerRole = await testDb.getGlobalOwnerRole();
globalMemberRole = await testDb.getGlobalMemberRole();
authAgent = utils.createAuthAgent(app);
utils.initTestLogger();
utils.initTestTelemetry();
});
@ -45,9 +50,8 @@ describe('Owner shell', () => {
test('GET /me should return sanitized owner shell', async () => {
const ownerShell = await testDb.createUserShell(globalOwnerRole);
const authOwnerShellAgent = utils.createAgent(app, { auth: true, user: ownerShell });
const response = await authOwnerShellAgent.get('/me');
const response = await authAgent(ownerShell).get('/me');
expect(response.statusCode).toBe(200);
@ -79,7 +83,7 @@ describe('Owner shell', () => {
test('PATCH /me should succeed with valid inputs', async () => {
const ownerShell = await testDb.createUserShell(globalOwnerRole);
const authOwnerShellAgent = utils.createAgent(app, { auth: true, user: ownerShell });
const authOwnerShellAgent = authAgent(ownerShell);
for (const validPayload of VALID_PATCH_ME_PAYLOADS) {
const response = await authOwnerShellAgent.patch('/me').send(validPayload);
@ -121,7 +125,7 @@ describe('Owner shell', () => {
test('PATCH /me should fail with invalid inputs', async () => {
const ownerShell = await testDb.createUserShell(globalOwnerRole);
const authOwnerShellAgent = utils.createAgent(app, { auth: true, user: ownerShell });
const authOwnerShellAgent = authAgent(ownerShell);
for (const invalidPayload of INVALID_PATCH_ME_PAYLOADS) {
const response = await authOwnerShellAgent.patch('/me').send(invalidPayload);
@ -136,7 +140,7 @@ describe('Owner shell', () => {
test('PATCH /me/password should fail for shell', async () => {
const ownerShell = await testDb.createUserShell(globalOwnerRole);
const authOwnerShellAgent = utils.createAgent(app, { auth: true, user: ownerShell });
const authOwnerShellAgent = authAgent(ownerShell);
const validPasswordPayload = {
currentPassword: randomValidPassword(),
@ -168,7 +172,7 @@ describe('Owner shell', () => {
test('POST /me/survey should succeed with valid inputs', async () => {
const ownerShell = await testDb.createUserShell(globalOwnerRole);
const authOwnerShellAgent = utils.createAgent(app, { auth: true, user: ownerShell });
const authOwnerShellAgent = authAgent(ownerShell);
const validPayloads = [SURVEY, {}];
@ -188,9 +192,8 @@ describe('Owner shell', () => {
test('POST /me/api-key should create an api key', async () => {
const ownerShell = await testDb.createUserShell(globalOwnerRole);
const authOwnerShellAgent = utils.createAgent(app, { auth: true, user: ownerShell });
const response = await authOwnerShellAgent.post('/me/api-key');
const response = await authAgent(ownerShell).post('/me/api-key');
expect(response.statusCode).toBe(200);
expect(response.body.data.apiKey).toBeDefined();
@ -206,9 +209,8 @@ describe('Owner shell', () => {
test('GET /me/api-key should fetch the api key', async () => {
let ownerShell = await testDb.createUserShell(globalOwnerRole);
ownerShell = await testDb.addApiKey(ownerShell);
const authOwnerShellAgent = utils.createAgent(app, { auth: true, user: ownerShell });
const response = await authOwnerShellAgent.get('/me/api-key');
const response = await authAgent(ownerShell).get('/me/api-key');
expect(response.statusCode).toBe(200);
expect(response.body.data.apiKey).toEqual(ownerShell.apiKey);
@ -217,9 +219,8 @@ describe('Owner shell', () => {
test('DELETE /me/api-key should fetch the api key', async () => {
let ownerShell = await testDb.createUserShell(globalOwnerRole);
ownerShell = await testDb.addApiKey(ownerShell);
const authOwnerShellAgent = utils.createAgent(app, { auth: true, user: ownerShell });
const response = await authOwnerShellAgent.delete('/me/api-key');
const response = await authAgent(ownerShell).delete('/me/api-key');
expect(response.statusCode).toBe(200);
@ -247,9 +248,8 @@ describe('Member', () => {
test('GET /me should return sanitized member', async () => {
const member = await testDb.createUser({ globalRole: globalMemberRole });
const authMemberAgent = utils.createAgent(app, { auth: true, user: member });
const response = await authMemberAgent.get('/me');
const response = await authAgent(member).get('/me');
expect(response.statusCode).toBe(200);
@ -281,7 +281,7 @@ describe('Member', () => {
test('PATCH /me should succeed with valid inputs', async () => {
const member = await testDb.createUser({ globalRole: globalMemberRole });
const authMemberAgent = utils.createAgent(app, { auth: true, user: member });
const authMemberAgent = authAgent(member);
for (const validPayload of VALID_PATCH_ME_PAYLOADS) {
const response = await authMemberAgent.patch('/me').send(validPayload);
@ -323,7 +323,7 @@ describe('Member', () => {
test('PATCH /me should fail with invalid inputs', async () => {
const member = await testDb.createUser({ globalRole: globalMemberRole });
const authMemberAgent = utils.createAgent(app, { auth: true, user: member });
const authMemberAgent = authAgent(member);
for (const invalidPayload of INVALID_PATCH_ME_PAYLOADS) {
const response = await authMemberAgent.patch('/me').send(invalidPayload);
@ -342,14 +342,13 @@ describe('Member', () => {
password: memberPassword,
globalRole: globalMemberRole,
});
const authMemberAgent = utils.createAgent(app, { auth: true, user: member });
const validPayload = {
currentPassword: memberPassword,
newPassword: randomValidPassword(),
};
const response = await authMemberAgent.patch('/me/password').send(validPayload);
const response = await authAgent(member).patch('/me/password').send(validPayload);
expect(response.statusCode).toBe(200);
expect(response.body).toEqual(SUCCESS_RESPONSE_BODY);
@ -360,7 +359,7 @@ describe('Member', () => {
test('PATCH /me/password should fail with invalid inputs', async () => {
const member = await testDb.createUser({ globalRole: globalMemberRole });
const authMemberAgent = utils.createAgent(app, { auth: true, user: member });
const authMemberAgent = authAgent(member);
for (const payload of INVALID_PASSWORD_PAYLOADS) {
const response = await authMemberAgent.patch('/me/password').send(payload);
@ -379,7 +378,7 @@ describe('Member', () => {
test('POST /me/survey should succeed with valid inputs', async () => {
const member = await testDb.createUser({ globalRole: globalMemberRole });
const authMemberAgent = utils.createAgent(app, { auth: true, user: member });
const authMemberAgent = authAgent(member);
const validPayloads = [SURVEY, {}];
@ -399,9 +398,8 @@ describe('Member', () => {
globalRole: globalMemberRole,
apiKey: randomApiKey(),
});
const authMemberAgent = utils.createAgent(app, { auth: true, user: member });
const response = await authMemberAgent.post('/me/api-key');
const response = await authAgent(member).post('/me/api-key');
expect(response.statusCode).toBe(200);
expect(response.body.data.apiKey).toBeDefined();
@ -417,9 +415,8 @@ describe('Member', () => {
globalRole: globalMemberRole,
apiKey: randomApiKey(),
});
const authMemberAgent = utils.createAgent(app, { auth: true, user: member });
const response = await authMemberAgent.get('/me/api-key');
const response = await authAgent(member).get('/me/api-key');
expect(response.statusCode).toBe(200);
expect(response.body.data.apiKey).toEqual(member.apiKey);
@ -430,9 +427,8 @@ describe('Member', () => {
globalRole: globalMemberRole,
apiKey: randomApiKey(),
});
const authMemberAgent = utils.createAgent(app, { auth: true, user: member });
const response = await authMemberAgent.delete('/me/api-key');
const response = await authAgent(member).delete('/me/api-key');
expect(response.statusCode).toBe(200);
@ -453,9 +449,8 @@ describe('Owner', () => {
test('GET /me should return sanitized owner', async () => {
const owner = await testDb.createUser({ globalRole: globalOwnerRole });
const authOwnerAgent = utils.createAgent(app, { auth: true, user: owner });
const response = await authOwnerAgent.get('/me');
const response = await authAgent(owner).get('/me');
expect(response.statusCode).toBe(200);
@ -487,7 +482,7 @@ describe('Owner', () => {
test('PATCH /me should succeed with valid inputs', async () => {
const owner = await testDb.createUser({ globalRole: globalOwnerRole });
const authOwnerAgent = utils.createAgent(app, { auth: true, user: owner });
const authOwnerAgent = authAgent(owner);
for (const validPayload of VALID_PATCH_ME_PAYLOADS) {
const response = await authOwnerAgent.patch('/me').send(validPayload);

26
packages/cli/test/integration/owner.api.test.ts
View file

@ -1,23 +1,25 @@
import express from 'express';
import validator from 'validator';
import * as utils from './shared/utils';
import * as testDb from './shared/testDb';
import { Db } from '../../src';
import config from '../../config';
import { Db } from '../../src';
import type { Role } from '../../src/databases/entities/Role';
import {
randomEmail,
randomInvalidPassword,
randomName,
randomValidPassword,
randomInvalidPassword,
} from './shared/random';
import type { Role } from '../../src/databases/entities/Role';
import * as testDb from './shared/testDb';
import type { AuthAgent } from './shared/types';
import * as utils from './shared/utils';
jest.mock('../../src/telemetry');
let app: express.Application;
let testDbName = '';
let globalOwnerRole: Role;
let authAgent: AuthAgent;
beforeAll(async () => {
app = await utils.initTestServer({ endpointGroups: ['owner'], applyAuth: true });
@ -25,6 +27,9 @@ beforeAll(async () => {
testDbName = initResult.testDbName;
globalOwnerRole = await testDb.getGlobalOwnerRole();
authAgent = utils.createAuthAgent(app);
utils.initTestLogger();
utils.initTestTelemetry();
});
@ -43,7 +48,6 @@ afterAll(async () => {
test('POST /owner should create owner and enable isInstanceOwnerSetUp', async () => {
const ownerShell = await testDb.createUserShell(globalOwnerRole);
const authOwnerAgent = utils.createAgent(app, { auth: true, user: ownerShell });
const newOwnerData = {
email: randomEmail(),
@ -52,7 +56,7 @@ test('POST /owner should create owner and enable isInstanceOwnerSetUp', async ()
password: randomValidPassword(),
};
const response = await authOwnerAgent.post('/owner').send(newOwnerData);
const response = await authAgent(ownerShell).post('/owner').send(newOwnerData);
expect(response.statusCode).toBe(200);
@ -96,7 +100,6 @@ test('POST /owner should create owner and enable isInstanceOwnerSetUp', async ()
test('POST /owner should create owner with lowercased email', async () => {
const ownerShell = await testDb.createUserShell(globalOwnerRole);
const authOwnerAgent = utils.createAgent(app, { auth: true, user: ownerShell });
const newOwnerData = {
email: randomEmail().toUpperCase(),
@ -105,7 +108,7 @@ test('POST /owner should create owner with lowercased email', async () => {
password: randomValidPassword(),
};
const response = await authOwnerAgent.post('/owner').send(newOwnerData);
const response = await authAgent(ownerShell).post('/owner').send(newOwnerData);
expect(response.statusCode).toBe(200);
@ -120,7 +123,7 @@ test('POST /owner should create owner with lowercased email', async () => {
test('POST /owner should fail with invalid inputs', async () => {
const ownerShell = await testDb.createUserShell(globalOwnerRole);
const authOwnerAgent = utils.createAgent(app, { auth: true, user: ownerShell });
const authOwnerAgent = authAgent(ownerShell);
await Promise.all(
INVALID_POST_OWNER_PAYLOADS.map(async (invalidPayload) => {
@ -132,9 +135,8 @@ test('POST /owner should fail with invalid inputs', async () => {
test('POST /owner/skip-setup should persist skipping setup to the DB', async () => {
const ownerShell = await testDb.createUserShell(globalOwnerRole);
const authOwnerAgent = utils.createAgent(app, { auth: true, user: ownerShell });
const response = await authOwnerAgent.post('/owner/skip-setup').send();
const response = await authAgent(ownerShell).post('/owner/skip-setup').send();
expect(response.statusCode).toBe(200);

15
packages/cli/test/integration/publicApi/credentials.test.ts
View file

@ -28,18 +28,14 @@ beforeAll(async () => {
utils.initConfigFile();
const [
fetchedGlobalOwnerRole,
fetchedGlobalMemberRole,
_,
fetchedCredentialOwnerRole,
] = await testDb.getAllRoles();
const [fetchedGlobalOwnerRole, fetchedGlobalMemberRole, _, fetchedCredentialOwnerRole] =
await testDb.getAllRoles();
globalOwnerRole = fetchedGlobalOwnerRole;
globalMemberRole = fetchedGlobalMemberRole;
credentialOwnerRole = fetchedCredentialOwnerRole;
saveCredential = affixRoleToSaveCredential(credentialOwnerRole);
saveCredential = testDb.affixRoleToSaveCredential(credentialOwnerRole);
utils.initTestLogger();
utils.initTestTelemetry();
@ -405,8 +401,3 @@ const INVALID_PAYLOADS = [
[],
undefined,
];
function affixRoleToSaveCredential(role: Role) {
return (credentialPayload: CredentialPayload, { user }: { user: User }) =>
testDb.saveCredential(credentialPayload, { user, role });
}

1
packages/cli/test/integration/shared/constants.ts
View file

@ -41,7 +41,6 @@ export const ROUTES_REQUIRING_AUTHENTICATION: Readonly<string[]> = [
*/
export const ROUTES_REQUIRING_AUTHORIZATION: Readonly<string[]> = [
'POST /users',
'GET /users',
'DELETE /users/123',
'POST /users/123/reinvite',
'POST /owner',

15
packages/cli/test/integration/shared/random.ts
View file

@ -1,5 +1,6 @@
import { randomBytes } from 'crypto';
import { MAX_PASSWORD_LENGTH, MIN_PASSWORD_LENGTH } from '../../../src/databases/entities/User';
import type { CredentialPayload } from './types';
/**
* Create a random alphanumeric string of random length between two limits, both inclusive.
@ -46,11 +47,9 @@ const randomTopLevelDomain = () => chooseRandomly(POPULAR_TOP_LEVEL_DOMAINS);
export const randomName = () => randomString(4, 8);
export function randomCredentialPayload() {
return {
name: randomName(),
type: randomName(),
nodesAccess: [{ nodeType: randomName() }],
data: { accessToken: randomString(6, 16) },
};
}
export const randomCredentialPayload = (): CredentialPayload => ({
name: randomName(),
type: randomName(),
nodesAccess: [{ nodeType: randomName() }],
data: { accessToken: randomString(6, 16) },
});

77
packages/cli/test/integration/shared/testDb.ts
View file

@ -1,10 +1,18 @@
import { exec as callbackExec } from 'child_process';
import { promisify } from 'util';
import { createConnection, getConnection, ConnectionOptions, Connection } from 'typeorm';
import { UserSettings } from 'n8n-core';
import { Connection, ConnectionOptions, createConnection, getConnection } from 'typeorm';
import config from '../../../config';
import { DatabaseType, Db, ICredentialsDb } from '../../../src';
import { createCredentialsFromCredentialsEntity } from '../../../src/CredentialsHelper';
import { entities } from '../../../src/databases/entities';
import { CredentialsEntity } from '../../../src/databases/entities/CredentialsEntity';
import { mysqlMigrations } from '../../../src/databases/migrations/mysqldb';
import { postgresMigrations } from '../../../src/databases/migrations/postgresdb';
import { sqliteMigrations } from '../../../src/databases/migrations/sqlite';
import { hashPassword } from '../../../src/UserManagement/UserManagementHelper';
import {
BOOTSTRAP_MYSQL_CONNECTION_NAME,
BOOTSTRAP_POSTGRES_CONNECTION_NAME,
@ -12,7 +20,6 @@ import {
MAPPING_TABLES,
MAPPING_TABLES_TO_CLEAR,
} from './constants';
import { DatabaseType, Db, ICredentialsDb } from '../../../src';
import {
randomApiKey,
randomCredentialPayload,
@ -21,16 +28,15 @@ import {
randomString,
randomValidPassword,
} from './random';
import { CredentialsEntity } from '../../../src/databases/entities/CredentialsEntity';
import { hashPassword } from '../../../src/UserManagement/UserManagementHelper';
import { entities } from '../../../src/databases/entities';
import { mysqlMigrations } from '../../../src/databases/migrations/mysqldb';
import { postgresMigrations } from '../../../src/databases/migrations/postgresdb';
import { sqliteMigrations } from '../../../src/databases/migrations/sqlite';
import { categorize, getPostgresSchemaSection } from './utils';
import { createCredentiasFromCredentialsEntity } from '../../../src/CredentialsHelper';
import { ExecutionEntity } from '../../../src/databases/entities/ExecutionEntity';
import { InstalledNodes } from '../../../src/databases/entities/InstalledNodes';
import { InstalledPackages } from '../../../src/databases/entities/InstalledPackages';
import type { Role } from '../../../src/databases/entities/Role';
import { TagEntity } from '../../../src/databases/entities/TagEntity';
import { User } from '../../../src/databases/entities/User';
import { WorkflowEntity } from '../../../src/databases/entities/WorkflowEntity';
import type {
CollectionName,
CredentialPayload,
@ -38,12 +44,6 @@ import type {
InstalledPackagePayload,
MappingName,
} from './types';
import { InstalledPackages } from '../../../src/databases/entities/InstalledPackages';
import { InstalledNodes } from '../../../src/databases/entities/InstalledNodes';
import { User } from '../../../src/databases/entities/User';
import { WorkflowEntity } from '../../../src/databases/entities/WorkflowEntity';
import { ExecutionEntity } from '../../../src/databases/entities/ExecutionEntity';
import { TagEntity } from '../../../src/databases/entities/TagEntity';
const exec = promisify(callbackExec);
@ -318,6 +318,23 @@ export async function saveCredential(
return savedCredential;
}
export async function shareCredentialWithUsers(credential: CredentialsEntity, users: User[]) {
const role = await Db.collections.Role.findOne({ scope: 'credential', name: 'user' });
const newSharedCredentials = users.map((user) =>
Db.collections.SharedCredentials.create({
user,
credentials: credential,
role,
}),
);
return Db.collections.SharedCredentials.save(newSharedCredentials);
}
export function affixRoleToSaveCredential(role: Role) {
return (credentialPayload: CredentialPayload, { user }: { user: User }) =>
saveCredential(credentialPayload, { user, role });
}
// ----------------------------------
// user creation
// ----------------------------------
@ -353,6 +370,34 @@ export function createUserShell(globalRole: Role): Promise<User> {
return Db.collections.User.save(shell);
}
/**
* Create many users in the DB, defaulting to a `member`.
*/
export async function createManyUsers(
amount: number,
attributes: Partial<User> = {},
): Promise<User[]> {
let { email, password, firstName, lastName, globalRole, ...rest } = attributes;
if (!globalRole) {
globalRole = await getGlobalMemberRole();
}
const users = await Promise.all(
[...Array(amount)].map(async () =>
Db.collections.User.create({
email: email ?? randomEmail(),
password: await hashPassword(password ?? randomValidPassword()),
firstName: firstName ?? randomName(),
lastName: lastName ?? randomName(),
globalRole,
...rest,
}),
),
);
return Db.collections.User.save(users);
}
// --------------------------------------
// Installed nodes and packages creation
// --------------------------------------
@ -725,7 +770,7 @@ export const getMySqlOptions = ({ name }: { name: string }): ConnectionOptions =
async function encryptCredentialData(credential: CredentialsEntity) {
const encryptionKey = await UserSettings.getEncryptionKey();
const coreCredential = createCredentiasFromCredentialsEntity(credential, true);
const coreCredential = createCredentialsFromCredentialsEntity(credential, true);
// @ts-ignore
coreCredential.setData(credential.data, encryptionKey);

59
packages/cli/test/integration/shared/utils.ts
View file

@ -1,13 +1,10 @@
import { randomBytes } from 'crypto';
import { existsSync } from 'fs';
import express from 'express';
import superagent from 'superagent';
import request from 'supertest';
import { URL } from 'url';
import bodyParser from 'body-parser';
import { set } from 'lodash';
import { CronJob } from 'cron';
import express from 'express';
import { set } from 'lodash';
import { BinaryDataManager, UserSettings } from 'n8n-core';
import {
ICredentialType,
@ -21,20 +18,15 @@ import {
ITriggerResponse,
LoggerProxy,
NodeHelpers,
TriggerTime,
toCronExpression,
TriggerTime,
} from 'n8n-workflow';
import type { N8nApp } from '../../../src/UserManagement/Interfaces';
import superagent from 'superagent';
import request from 'supertest';
import { URL } from 'url';
import config from '../../../config';
import {
AUTHLESS_ENDPOINTS,
COMMUNITY_NODE_VERSION,
COMMUNITY_PACKAGE_VERSION,
PUBLIC_API_REST_PATH_SEGMENT,
REST_PATH_SEGMENT,
} from './constants';
import { AUTH_COOKIE_NAME, NODE_PACKAGE_PREFIX } from '../../../src/constants';
import { addRoutes as authMiddleware } from '../../../src/UserManagement/routes';
import {
ActiveWorkflowRunner,
CredentialTypes,
@ -48,11 +40,24 @@ import { usersNamespace as usersEndpoints } from '../../../src/UserManagement/ro
import { authenticationMethods as authEndpoints } from '../../../src/UserManagement/routes/auth';
import { ownerNamespace as ownerEndpoints } from '../../../src/UserManagement/routes/owner';
import { passwordResetNamespace as passwordResetEndpoints } from '../../../src/UserManagement/routes/passwordReset';
import { issueJWT } from '../../../src/UserManagement/auth/jwt';
import { getLogger } from '../../../src/Logger';
import { credentialsController } from '../../../src/api/credentials.api';
import { loadPublicApiVersions } from '../../../src/PublicApi/';
import { nodesController } from '../../../src/api/nodes.api';
import { workflowsController } from '../../../src/api/workflows.api';
import { AUTH_COOKIE_NAME, NODE_PACKAGE_PREFIX } from '../../../src/constants';
import { credentialsController } from '../../../src/credentials/credentials.controller';
import { InstalledPackages } from '../../../src/databases/entities/InstalledPackages';
import type { User } from '../../../src/databases/entities/User';
import { getLogger } from '../../../src/Logger';
import { loadPublicApiVersions } from '../../../src/PublicApi/';
import { issueJWT } from '../../../src/UserManagement/auth/jwt';
import { addRoutes as authMiddleware } from '../../../src/UserManagement/routes';
import {
AUTHLESS_ENDPOINTS,
COMMUNITY_NODE_VERSION,
COMMUNITY_PACKAGE_VERSION,
PUBLIC_API_REST_PATH_SEGMENT,
REST_PATH_SEGMENT,
} from './constants';
import { randomName } from './random';
import type {
ApiPath,
EndpointGroup,
@ -60,11 +65,6 @@ import type {
InstalledPackagePayload,
PostgresSchemaSection,
} from './types';
import type { N8nApp } from '../../../src/UserManagement/Interfaces';
import { workflowsController } from '../../../src/api/workflows.api';
import { nodesController } from '../../../src/api/nodes.api';
import { randomName } from './random';
import { InstalledPackages } from '../../../src/databases/entities/InstalledPackages';
/**
* Initialize a test server.
@ -153,9 +153,6 @@ export function initTestTelemetry() {
void InternalHooksManager.init('test-instance-id', 'test-version', mockNodeTypes);
}
export const createAuthAgent = (app: express.Application) => (user: User) =>
createAgent(app, { auth: true, user });
/**
* Classify endpoint groups into `routerEndpoints` (newest, using `express.Router`),
* and `functionEndpoints` (legacy, namespaced inside a function).
@ -309,7 +306,9 @@ export async function initNodeTypes() {
const timezone = this.getTimezone();
// Start the cron-jobs
const cronJobs = cronTimes.map(cronTime => new CronJob(cronTime, executeTrigger, undefined, true, timezone));
const cronJobs = cronTimes.map(
(cronTime) => new CronJob(cronTime, executeTrigger, undefined, true, timezone),
);
// Stop the cron-jobs
async function closeFunction() {
@ -587,6 +586,10 @@ export function createAgent(
return agent;
}
export function createAuthAgent(app: express.Application) {
return (user: User) => createAgent(app, { auth: true, user });
}
/**
* Plugin to prefix a path segment into a request URL pathname.
*

80
packages/cli/test/integration/users.api.test.ts
View file

@ -1,24 +1,23 @@
import express from 'express';
import validator from 'validator';
import { v4 as uuid } from 'uuid';
import { Db } from '../../src';
import config from '../../config';
import { Db } from '../../src';
import { CredentialsEntity } from '../../src/databases/entities/CredentialsEntity';
import type { Role } from '../../src/databases/entities/Role';
import type { User } from '../../src/databases/entities/User';
import { WorkflowEntity } from '../../src/databases/entities/WorkflowEntity';
import { compareHash } from '../../src/UserManagement/UserManagementHelper';
import { SUCCESS_RESPONSE_BODY } from './shared/constants';
import {
randomEmail,
randomValidPassword,
randomName,
randomInvalidPassword,
randomCredentialPayload,
randomName,
randomValidPassword,
} from './shared/random';
import { CredentialsEntity } from '../../src/databases/entities/CredentialsEntity';
import { WorkflowEntity } from '../../src/databases/entities/WorkflowEntity';
import type { Role } from '../../src/databases/entities/Role';
import type { User } from '../../src/databases/entities/User';
import * as utils from './shared/utils';
import * as testDb from './shared/testDb';
import { compareHash } from '../../src/UserManagement/UserManagementHelper';
import type { AuthAgent } from './shared/types';
import * as utils from './shared/utils';
import * as UserManagementMailer from '../../src/UserManagement/email/UserManagementMailer';
import { NodeMailer } from '../../src/UserManagement/email/NodeMailer';
@ -32,6 +31,7 @@ let globalMemberRole: Role;
let globalOwnerRole: Role;
let workflowOwnerRole: Role;
let credentialOwnerRole: Role;
let authAgent: AuthAgent;
beforeAll(async () => {
app = await utils.initTestServer({ endpointGroups: ['users'], applyAuth: true });
@ -50,6 +50,8 @@ beforeAll(async () => {
workflowOwnerRole = fetchedWorkflowOwnerRole;
credentialOwnerRole = fetchedCredentialOwnerRole;
authAgent = utils.createAuthAgent(app);
utils.initTestTelemetry();
utils.initTestLogger();
});
@ -73,11 +75,10 @@ afterAll(async () => {
test('GET /users should return all users', async () => {
const owner = await testDb.createUser({ globalRole: globalOwnerRole });
const authOwnerAgent = utils.createAgent(app, { auth: true, user: owner });
await testDb.createUser({ globalRole: globalMemberRole });
const response = await authOwnerAgent.get('/users');
const response = await authAgent(owner).get('/users');
expect(response.statusCode).toBe(200);
expect(response.body.data.length).toBe(2);
@ -113,7 +114,6 @@ test('GET /users should return all users', async () => {
test('DELETE /users/:id should delete the user', async () => {
const owner = await testDb.createUser({ globalRole: globalOwnerRole });
const authOwnerAgent = utils.createAgent(app, { auth: true, user: owner });
const userToDelete = await testDb.createUser({ globalRole: globalMemberRole });
@ -151,7 +151,7 @@ test('DELETE /users/:id should delete the user', async () => {
credentials: savedCredential,
});
const response = await authOwnerAgent.delete(`/users/${userToDelete.id}`);
const response = await authAgent(owner).delete(`/users/${userToDelete.id}`);
expect(response.statusCode).toBe(200);
expect(response.body).toEqual(SUCCESS_RESPONSE_BODY);
@ -182,9 +182,8 @@ test('DELETE /users/:id should delete the user', async () => {
test('DELETE /users/:id should fail to delete self', async () => {
const owner = await testDb.createUser({ globalRole: globalOwnerRole });
const authOwnerAgent = utils.createAgent(app, { auth: true, user: owner });
const response = await authOwnerAgent.delete(`/users/${owner.id}`);
const response = await authAgent(owner).delete(`/users/${owner.id}`);
expect(response.statusCode).toBe(400);
@ -194,11 +193,10 @@ test('DELETE /users/:id should fail to delete self', async () => {
test('DELETE /users/:id should fail if user to delete is transferee', async () => {
const owner = await testDb.createUser({ globalRole: globalOwnerRole });
const authOwnerAgent = utils.createAgent(app, { auth: true, user: owner });
const { id: idToDelete } = await testDb.createUser({ globalRole: globalMemberRole });
const response = await authOwnerAgent.delete(`/users/${idToDelete}`).query({
const response = await authAgent(owner).delete(`/users/${idToDelete}`).query({
transferId: idToDelete,
});
@ -210,7 +208,6 @@ test('DELETE /users/:id should fail if user to delete is transferee', async () =
test('DELETE /users/:id with transferId should perform transfer', async () => {
const owner = await testDb.createUser({ globalRole: globalOwnerRole });
const authOwnerAgent = utils.createAgent(app, { auth: true, user: owner });
const userToDelete = await testDb.createUser({ globalRole: globalMemberRole });
@ -221,42 +218,39 @@ test('DELETE /users/:id with transferId should perform transfer', async () => {
role: credentialOwnerRole,
});
const response = await authOwnerAgent.delete(`/users/${userToDelete.id}`).query({
const response = await authAgent(owner).delete(`/users/${userToDelete.id}`).query({
transferId: owner.id,
});
expect(response.statusCode).toBe(200);
const sharedWorkflow = await Db.collections.SharedWorkflow.findOneOrFail({
relations: ['workflow', 'user'],
relations: ['workflow'],
where: { user: owner },
});
const sharedCredential = await Db.collections.SharedCredentials.findOneOrFail({
relations: ['credentials', 'user'],
where: { user: owner },
});
const deletedUser = await Db.collections.User.findOne(userToDelete);
expect(sharedWorkflow.user.id).toBe(owner.id);
expect(sharedWorkflow.workflow).toBeDefined();
expect(sharedWorkflow.workflow.id).toBe(savedWorkflow.id);
expect(sharedCredential.user.id).toBe(owner.id);
const sharedCredential = await Db.collections.SharedCredentials.findOneOrFail({
relations: ['credentials'],
where: { user: owner },
});
expect(sharedCredential.credentials).toBeDefined();
expect(sharedCredential.credentials.id).toBe(savedCredential.id);
const deletedUser = await Db.collections.User.findOne(userToDelete);
expect(deletedUser).toBeUndefined();
});
test('GET /resolve-signup-token should validate invite token', async () => {
const owner = await testDb.createUser({ globalRole: globalOwnerRole });
const authOwnerAgent = utils.createAgent(app, { auth: true, user: owner });
const memberShell = await testDb.createUserShell(globalMemberRole);
const response = await authOwnerAgent
const response = await authAgent(owner)
.get('/resolve-signup-token')
.query({ inviterId: owner.id })
.query({ inviteeId: memberShell.id });
@ -274,7 +268,7 @@ test('GET /resolve-signup-token should validate invite token', async () => {
test('GET /resolve-signup-token should fail with invalid inputs', async () => {
const owner = await testDb.createUser({ globalRole: globalOwnerRole });
const authOwnerAgent = utils.createAgent(app, { auth: true, user: owner });
const authOwnerAgent = authAgent(owner);
const { id: inviteeId } = await testDb.createUser({ globalRole: globalMemberRole });
@ -441,20 +435,22 @@ test('POST /users/:id should fail with already accepted invite', async () => {
test('POST /users should fail if emailing is not set up', async () => {
const owner = await testDb.createUser({ globalRole: globalOwnerRole });
const authOwnerAgent = utils.createAgent(app, { auth: true, user: owner });
const response = await authOwnerAgent.post('/users').send([{ email: randomEmail() }]);
const response = await authAgent(owner)
.post('/users')
.send([{ email: randomEmail() }]);
expect(response.statusCode).toBe(500);
});
test('POST /users should fail if user management is disabled', async () => {
const owner = await testDb.createUser({ globalRole: globalOwnerRole });
const authOwnerAgent = utils.createAgent(app, { auth: true, user: owner });
config.set('userManagement.disabled', true);
const response = await authOwnerAgent.post('/users').send([{ email: randomEmail() }]);
const response = await authAgent(owner)
.post('/users')
.send([{ email: randomEmail() }]);
expect(response.statusCode).toBe(500);
});
@ -463,7 +459,6 @@ test('POST /users should email invites and create user shells but ignore existin
const owner = await testDb.createUser({ globalRole: globalOwnerRole });
const member = await testDb.createUser({ globalRole: globalMemberRole });
const memberShell = await testDb.createUserShell(globalMemberRole);
const authOwnerAgent = utils.createAgent(app, { auth: true, user: owner });
config.set('userManagement.emails.mode', 'smtp');
@ -471,7 +466,7 @@ test('POST /users should email invites and create user shells but ignore existin
const payload = testEmails.map((e) => ({ email: e }));
const response = await authOwnerAgent.post('/users').send(payload);
const response = await authAgent(owner).post('/users').send(payload);
expect(response.statusCode).toBe(200);
@ -504,7 +499,7 @@ test('POST /users should email invites and create user shells but ignore existin
test('POST /users should fail with invalid inputs', async () => {
const owner = await testDb.createUser({ globalRole: globalOwnerRole });
const authOwnerAgent = utils.createAgent(app, { auth: true, user: owner });
const authOwnerAgent = authAgent(owner);
config.set('userManagement.emails.mode', 'smtp');
@ -529,11 +524,10 @@ test('POST /users should fail with invalid inputs', async () => {
test('POST /users should ignore an empty payload', async () => {
const owner = await testDb.createUser({ globalRole: globalOwnerRole });
const authOwnerAgent = utils.createAgent(app, { auth: true, user: owner });
config.set('userManagement.emails.mode', 'smtp');
const response = await authOwnerAgent.post('/users').send([]);
const response = await authAgent(owner).post('/users').send([]);
const { data } = response.body;

1
packages/core/src/NodeExecuteFunctions.ts
View file

@ -14,6 +14,7 @@
/* eslint-disable @typescript-eslint/no-non-null-assertion */
/* eslint-disable @typescript-eslint/no-shadow */
/* eslint-disable no-param-reassign */
/* eslint-disable @typescript-eslint/prefer-optional-chain */
import {
GenericValue,
IAdditionalCredentialOptions,

5
packages/design-system/src/components/N8nActionBox/ActionBox.stories.js → packages/design-system/src/components/N8nActionBox/ActionBox.stories.ts
View file

@ -1,5 +1,8 @@
/* tslint:disable:variable-name */
import N8nActionBox from './ActionBox.vue';
import { action } from '@storybook/addon-actions';
import {StoryFn} from "@storybook/vue";
export default {
title: 'Atoms/ActionBox',
@ -21,7 +24,7 @@ const methods = {
onClick: action('click'),
};
const Template = (args, { argTypes }) => ({
const Template: StoryFn = (args, { argTypes }) => ({
props: Object.keys(argTypes),
components: {
N8nActionBox,

32
packages/design-system/src/components/N8nActionBox/ActionBox.vue
View file

@ -1,14 +1,25 @@
<template>
<div :class="['n8n-action-box', $style.container]">
<div :class="$style.heading" v-if="heading">
<n8n-heading size="xlarge" align="center">{{ heading }}</n8n-heading>
<div :class="$style.emoji" v-if="emoji">
{{ emoji }}
</div>
<div :class="$style.heading" v-if="heading || $slots.heading">
<n8n-heading size="xlarge" align="center">
<slot name="heading">{{ heading }}</slot>
</n8n-heading>
</div>
<div :class="$style.description" @click="$emit('descriptionClick', $event)">
<n8n-text color="text-base">
<span v-html="description"></span>
<slot name="description">
<span v-html="description"></span>
</slot>
</n8n-text>
</div>
<n8n-button v-if="buttonText" :label="buttonText" size="large"
<n8n-button
v-if="buttonText"
:label="buttonText"
:type="buttonType"
size="large"
@click="$emit('click', $event)"
/>
<n8n-callout
@ -42,12 +53,18 @@ export default Vue.extend({
N8nCallout,
},
props: {
emoji: {
type: String,
},
heading: {
type: String,
},
buttonText: {
type: String,
},
buttonType: {
type: String,
},
description: {
type: String,
},
@ -72,10 +89,14 @@ export default Vue.extend({
display: flex;
flex-direction: column;
align-items: center;
padding: var(--spacing-3xl) 20%;
padding: var(--spacing-3xl);
> * {
margin-bottom: var(--spacing-l);
&:last-child {
margin-bottom: 0;
}
}
}
@ -90,6 +111,7 @@ export default Vue.extend({
.description {
color: var(--color-text-base);
margin-bottom: var(--spacing-xl);
text-align: center;
}
.callout {

22
packages/design-system/src/components/N8nActionBox/__tests__/ActionBox.spec.ts Normal file
View file

@ -0,0 +1,22 @@
import {render} from '@testing-library/vue';
import N8NActionBox from '../ActionBox.vue';
describe('N8NActionBox', () => {
it('should render correctly', () => {
const wrapper = render(N8NActionBox, {
props: {
emoji: "😿",
heading: "Headline you need to know",
description: "Long description that you should know something is the way it is because of how it is. ",
buttonText: "Do something",
},
stubs: [
'n8n-heading',
'n8n-text',
'n8n-button',
'n8n-callout',
],
});
expect(wrapper.html()).toMatchSnapshot();
});
});

15
packages/design-system/src/components/N8nActionBox/__tests__/__snapshots__/ActionBox.spec.ts.snap Normal file
View file

@ -0,0 +1,15 @@
// Vitest Snapshot v1
exports[`N8NActionBox > should render correctly 1`] = `
"<div class=\\"n8n-action-box _container_pvdcm_1\\">
<div class=\\"_emoji_pvdcm_16\\"> 😿 </div>
<div class=\\"_heading_pvdcm_20\\">
<n8n-heading-stub tag=\\"span\\" size=\\"xlarge\\" align=\\"center\\">Headline you need to know</n8n-heading-stub>
</div>
<div class=\\"_description_pvdcm_24\\">
<n8n-text-stub size=\\"medium\\" color=\\"text-base\\" tag=\\"span\\"><span>Long description that you should know something is the way it is because of how it is. </span></n8n-text-stub>
</div>
<n8n-button-stub label=\\"Do something\\" type=\\"primary\\" size=\\"large\\"></n8n-button-stub>
<!---->
</div>"
`;

9
packages/design-system/src/components/N8nActionToggle/ActionToggle.vue
View file

@ -1,6 +1,13 @@
<template>
<span :class="$style.container">
<el-dropdown :placement="placement" :size="size" trigger="click" @command="onCommand" @visible-change="onVisibleChange">
<el-dropdown
:placement="placement"
:size="size"
trigger="click"
@click.native.stop
@command="onCommand"
@visible-change="onVisibleChange"
>
<span :class="{[$style.button]: true, [$style[theme]]: !!theme}">
<component :is="$options.components.N8nIcon"
icon="ellipsis-v"

2
packages/design-system/src/components/N8nBadge/Badge.stories.js
View file

@ -6,7 +6,7 @@ export default {
argTypes: {
theme: {
type: 'text',
options: ['default', 'secondary'],
options: ['default', 'primary', 'secondary', 'tertiary'],
},
size: {
type: 'select',

19
packages/design-system/src/components/N8nBadge/Badge.vue
View file

@ -18,7 +18,7 @@ export default Vue.extend({
theme: {
type: String,
default: 'default',
validator: (value: string) => ['default', 'secondary'].includes(value),
validator: (value: string) => ['default', 'primary', 'secondary', 'tertiary'].includes(value),
},
size: {
type: String,
@ -51,10 +51,27 @@ export default Vue.extend({
border-color: var(--color-text-light);
}
.primary {
composes: badge;
padding: var(--spacing-5xs) var(--spacing-3xs);
border-radius: var(--border-radius-xlarge);
color: var(--color-foreground-xlight);
background-color: var(--color-primary);
border-color: var(--color-primary);
}
.secondary {
composes: badge;
border-radius: var(--border-radius-xlarge);
color: var(--color-secondary);
background-color: var(--color-secondary-tint-1);
}
.tertiary {
composes: badge;
border-radius: var(--border-radius-base);
color: var(--color-text-light);
border-color: var(--color-text-light);
padding: 1px var(--spacing-4xs);
}
</style>

6
packages/design-system/src/components/N8nBadge/__tests__/__snapshots__/Badge.spec.ts.snap
View file

@ -1,7 +1,7 @@
// Vitest Snapshot v1
exports[`components > N8nBadge > props > should render default theme correctly 1`] = `"<span class=\\"n8n-badge _default_13dw2_9 _badge_13dw2_1\\"><n8n-text-stub bold=\\"true\\" size=\\"large\\" compact=\\"true\\" tag=\\"span\\"><n8n-text-stub size=\\"medium\\" tag=\\"span\\">Default badge</n8n-text-stub></n8n-text-stub></span>"`;
exports[`components > N8nBadge > props > should render default theme correctly 1`] = `"<span class=\\"n8n-badge _default_1xljn_9 _badge_1xljn_1\\"><n8n-text-stub bold=\\"true\\" size=\\"large\\" compact=\\"true\\" tag=\\"span\\"><n8n-text-stub size=\\"medium\\" tag=\\"span\\">Default badge</n8n-text-stub></n8n-text-stub></span>"`;
exports[`components > N8nBadge > props > should render secondary theme correctly 1`] = `"<span class=\\"n8n-badge _secondary_13dw2_16 _badge_13dw2_1\\"><n8n-text-stub size=\\"medium\\" compact=\\"true\\" tag=\\"span\\"><n8n-text-stub size=\\"medium\\" tag=\\"span\\">Secondary badge</n8n-text-stub></n8n-text-stub></span>"`;
exports[`components > N8nBadge > props > should render secondary theme correctly 1`] = `"<span class=\\"n8n-badge _secondary_1xljn_25 _badge_1xljn_1\\"><n8n-text-stub size=\\"medium\\" compact=\\"true\\" tag=\\"span\\"><n8n-text-stub size=\\"medium\\" tag=\\"span\\">Secondary badge</n8n-text-stub></n8n-text-stub></span>"`;
exports[`components > N8nBadge > props > should render with default values correctly 1`] = `"<span class=\\"n8n-badge _default_13dw2_9 _badge_13dw2_1\\"><n8n-text-stub size=\\"small\\" compact=\\"true\\" tag=\\"span\\"><n8n-text-stub size=\\"medium\\" tag=\\"span\\">A Badge</n8n-text-stub></n8n-text-stub></span>"`;
exports[`components > N8nBadge > props > should render with default values correctly 1`] = `"<span class=\\"n8n-badge _default_1xljn_9 _badge_1xljn_1\\"><n8n-text-stub size=\\"small\\" compact=\\"true\\" tag=\\"span\\"><n8n-text-stub size=\\"medium\\" tag=\\"span\\">A Badge</n8n-text-stub></n8n-text-stub></span>"`;

10
packages/design-system/src/components/N8nButton/Button.vue
View file

@ -70,6 +70,10 @@ export default Vue.extend({
type: Boolean,
default: false,
},
active: {
type: Boolean,
default: false,
},
float: {
type: String,
validator: (value: string): boolean =>
@ -100,6 +104,7 @@ export default Vue.extend({
`${this.text ? ` ${this.$style['text']}` : ''}` +
`${this.disabled ? ` ${this.$style['disabled']}` : ''}` +
`${this.block ? ` ${this.$style['block']}` : ''}` +
`${this.active ? ` ${this.$style['active']}` : ''}` +
`${this.icon || this.loading ? ` ${this.$style['icon']}` : ''}` +
`${this.square ? ` ${this.$style['square']}` : ''}`;
},
@ -145,7 +150,7 @@ export default Vue.extend({
outline: $focus-outline-width solid $button-focus-outline-color;
}
&:active {
&:active, &.active {
color: $button-active-color;
border-color: $button-active-border-color;
background-color: $button-active-background-color;
@ -394,8 +399,7 @@ $loading-overlay-background-color: rgba(255, 255, 255, 0);
}
}
.loading,
.active {
.loading {
position: relative;
pointer-events: none;

10
packages/design-system/src/components/N8nButton/__tests__/__snapshots__/Button.spec.ts.snap
View file

@ -1,17 +1,17 @@
// Vitest Snapshot v1
exports[`components > N8nButton > overrides > should render correctly 1`] = `"<button aria-disabled=\\"false\\" aria-busy=\\"false\\" aria-live=\\"polite\\" class=\\"button _button_1r6l3_115 _secondary_1r6l3_170 _medium_1r6l3_254 _icon_1r6l3_383\\" icon=\\"plus-circle\\" type=\\"secondary\\"><span class=\\"_icon_1r6l3_383\\"><n8n-icon-stub icon=\\"plus-circle\\" size=\\"medium\\"></n8n-icon-stub></span><span>Button</span></button>"`;
exports[`components > N8nButton > overrides > should render correctly 1`] = `"<button aria-disabled=\\"false\\" aria-busy=\\"false\\" aria-live=\\"polite\\" class=\\"button _button_t2kdy_115 _secondary_t2kdy_170 _medium_t2kdy_254 _icon_t2kdy_381\\" icon=\\"plus-circle\\" type=\\"secondary\\"><span class=\\"_icon_t2kdy_381\\"><n8n-icon-stub icon=\\"plus-circle\\" size=\\"medium\\"></n8n-icon-stub></span><span>Button</span></button>"`;
exports[`components > N8nButton > props > icon > should render icon button 1`] = `"<button aria-disabled=\\"false\\" aria-busy=\\"false\\" aria-live=\\"polite\\" class=\\"button _button_1r6l3_115 _primary_1r6l3_288 _medium_1r6l3_254 _icon_1r6l3_383\\"><span class=\\"_icon_1r6l3_383\\"><n8n-icon-stub icon=\\"plus-circle\\" size=\\"medium\\"></n8n-icon-stub></span><span>Button</span></button>"`;
exports[`components > N8nButton > props > icon > should render icon button 1`] = `"<button aria-disabled=\\"false\\" aria-busy=\\"false\\" aria-live=\\"polite\\" class=\\"button _button_t2kdy_115 _primary_t2kdy_288 _medium_t2kdy_254 _icon_t2kdy_381\\"><span class=\\"_icon_t2kdy_381\\"><n8n-icon-stub icon=\\"plus-circle\\" size=\\"medium\\"></n8n-icon-stub></span><span>Button</span></button>"`;
exports[`components > N8nButton > props > loading > should render loading spinner 1`] = `"<button disabled=\\"disabled\\" aria-disabled=\\"false\\" aria-busy=\\"true\\" aria-live=\\"polite\\" class=\\"button _button_1r6l3_115 _primary_1r6l3_288 _medium_1r6l3_254 _loading_1r6l3_352 _icon_1r6l3_383\\"><span class=\\"_icon_1r6l3_383\\"><n8n-spinner-stub size=\\"medium\\" type=\\"dots\\"></n8n-spinner-stub></span><span>Button</span></button>"`;
exports[`components > N8nButton > props > loading > should render loading spinner 1`] = `"<button disabled=\\"disabled\\" aria-disabled=\\"false\\" aria-busy=\\"true\\" aria-live=\\"polite\\" class=\\"button _button_t2kdy_115 _primary_t2kdy_288 _medium_t2kdy_254 _loading_t2kdy_352 _icon_t2kdy_381\\"><span class=\\"_icon_t2kdy_381\\"><n8n-spinner-stub size=\\"medium\\" type=\\"dots\\"></n8n-spinner-stub></span><span>Button</span></button>"`;
exports[`components > N8nButton > props > square > should render square button 1`] = `
"<button aria-disabled=\\"false\\" aria-busy=\\"false\\" aria-live=\\"polite\\" class=\\"button _button_1r6l3_115 _primary_1r6l3_288 _medium_1r6l3_254 _square_1r6l3_239\\">
"<button aria-disabled=\\"false\\" aria-busy=\\"false\\" aria-live=\\"polite\\" class=\\"button _button_t2kdy_115 _primary_t2kdy_288 _medium_t2kdy_254 _square_t2kdy_239\\">
<!----><span>48</span></button>"
`;
exports[`components > N8nButton > should render correctly 1`] = `
"<button aria-disabled=\\"false\\" aria-busy=\\"false\\" aria-live=\\"polite\\" class=\\"button _button_1r6l3_115 _primary_1r6l3_288 _medium_1r6l3_254\\">
"<button aria-disabled=\\"false\\" aria-busy=\\"false\\" aria-live=\\"polite\\" class=\\"button _button_t2kdy_115 _primary_t2kdy_288 _medium_t2kdy_254\\">
<!----><span>Button</span></button>"
`;

29
packages/design-system/src/components/N8nCard/Card.stories.ts
View file

@ -2,6 +2,9 @@
import N8nCard from './Card.vue';
import {StoryFn} from "@storybook/vue";
import N8nButton from "../N8nButton/Button.vue";
import N8nIcon from "../N8nIcon/Icon.vue";
import N8nText from "../N8nText/Text.vue";
export default {
title: 'Atoms/Card',
@ -16,14 +19,32 @@ export const Default: StoryFn = (args, {argTypes}) => ({
template: `<n8n-card v-bind="$props">This is a card.</n8n-card>`,
});
export const WithHeaderAndFooter: StoryFn = (args, {argTypes}) => ({
export const WithSlots: StoryFn = (args, {argTypes}) => ({
props: Object.keys(argTypes),
components: {
N8nCard,
N8nButton,
N8nIcon,
N8nText,
},
template: `<n8n-card v-bind="$props">
<template #header>Header</template>
This is a card.
<template #footer>Footer</template>
<template slot="prepend">
<n8n-icon icon="check" size="large" />
</template>
<template slot="header">
<strong>Card header</strong>
</template>
<n8n-text color="text-light" size="medium" class="mt-2xs mb-2xs">
This is the card body.
</n8n-text>
<template slot="footer">
<n8n-text size="medium">
Card footer
</n8n-text>
</template>
<template slot="append">
<n8n-button>Click me</n8n-button>
</template>
</n8n-card>`,
});

47
packages/design-system/src/components/N8nCard/Card.vue
View file

@ -1,13 +1,21 @@
<template>
<div :class="['card', $style.card]" v-on="$listeners">
<div :class="$style.header" v-if="$slots.header">
<slot name="header" />
<div :class="$style.icon" v-if="$slots.prepend">
<slot name="prepend"/>
</div>
<div :class="$style.body" v-if="$slots.default">
<slot />
<div :class="$style.content">
<div :class="$style.header" v-if="$slots.header">
<slot name="header"/>
</div>
<div :class="$style.body" v-if="$slots.default">
<slot/>
</div>
<div :class="$style.footer" v-if="$slots.footer">
<slot name="footer"/>
</div>
</div>
<div :class="$style.footer" v-if="$slots.footer">
<slot name="footer" />
<div :class="$style.actions" v-if="$slots.append">
<slot name="append"/>
</div>
</div>
</template>
@ -17,6 +25,7 @@ import Vue from 'vue';
export default Vue.extend({
name: 'n8n-card',
inheritAttrs: true,
});
</script>
@ -27,18 +36,27 @@ export default Vue.extend({
background-color: var(--color-background-xlight);
padding: var(--spacing-s);
display: flex;
flex-direction: column;
justify-content: space-between;
flex-direction: row;
width: 100%;
align-items: center;
}
.header,
.footer {
display: flex;
flex-direction: row;
justify-content: space-between;
flex-direction: row;
justify-content: space-between;
align-items: center;
}
.content {
display: flex;
flex-direction: column;
justify-content: space-between;
flex: 1;
width: 100%;
}
.body {
width: 100%;
height: 100%;
@ -46,4 +64,13 @@ export default Vue.extend({
flex-direction: column;
justify-content: space-between;
}
.icon {
width: 24px;
height: 24px;
display: inline-flex;
justify-content: center;
align-items: center;
margin-right: var(--spacing-s);
}
</style>

0
packages/design-system/src/components/N8nCard/Card.xpec.ts → packages/design-system/src/components/N8nCard/__tests__/Card.spec.ts
View file

25
packages/design-system/src/components/N8nCard/__tests__/__snapshots__/Card.spec.ts.snap Normal file
View file

@ -0,0 +1,25 @@
// Vitest Snapshot v1
exports[`components > N8nCard > should render correctly 1`] = `
"<div class=\\"card _card_nk81s_1\\">
<!---->
<div class=\\"_content_nk81s_20\\">
<!---->
<div class=\\"_body_nk81s_28\\">This is a card.</div>
<!---->
</div>
<!---->
</div>"
`;
exports[`components > N8nCard > should render correctly with header and footer 1`] = `
"<div class=\\"card _card_nk81s_1\\">
<!---->
<div class=\\"_content_nk81s_20\\">
<div class=\\"_header_nk81s_12\\">Header</div>
<div class=\\"_body_nk81s_28\\">This is a card.</div>
<div class=\\"_footer_nk81s_13\\">Footer</div>
</div>
<!---->
</div>"
`;

5
packages/design-system/src/components/N8nInfoTip/InfoTip.stories.js → packages/design-system/src/components/N8nInfoTip/InfoTip.stories.ts
View file

@ -1,3 +1,6 @@
/* tslint:disable:variable-name */
import { StoryFn } from '@storybook/vue';
import N8nInfoTip from './InfoTip.vue';
export default {
@ -5,7 +8,7 @@ export default {
component: N8nInfoTip,
};
const Template = (args, { argTypes }) => ({
const Template: StoryFn = (args, { argTypes }) => ({
props: Object.keys(argTypes),
components: {
N8nInfoTip,

19
packages/design-system/src/components/N8nInfoTip/InfoTip.vue
View file

@ -1,12 +1,24 @@
<template>
<div :class="{'n8n-info-tip': true, [$style[theme]]: true, [$style[type]]: true, [$style.bold]: bold}">
<n8n-tooltip :placement="tooltipPlacement" :popper-class="$style.tooltipPopper" :disabled="type !== 'tooltip'">
<n8n-tooltip
v-if="type === 'tooltip'"
:placement="tooltipPlacement"
:popper-class="$style.tooltipPopper"
:disabled="type !== 'tooltip'"
>
<span :class="$style.iconText">
<n8n-icon :icon="theme.startsWith('info') ? 'info-circle': 'exclamation-triangle'" />
<span v-if="type === 'note'"><slot></slot></span>
</span>
<span v-if="type === 'tooltip'" slot="content"><slot></slot></span>
<span slot="content">
<slot />
</span>
</n8n-tooltip>
<span :class="$style.iconText" v-else>
<n8n-icon :icon="theme.startsWith('info') ? 'info-circle': 'exclamation-triangle'" />
<span>
<slot />
</span>
</span>
</div>
</template>
@ -79,6 +91,7 @@ export default Vue.extend({
.iconText {
display: inline-flex;
align-items: flex-start;
}
.info-light {

31
packages/design-system/src/components/N8nInfoTip/__tests__/InfoTip.spec.ts Normal file
View file

@ -0,0 +1,31 @@
import {render} from '@testing-library/vue';
import N8nInfoTip from "../InfoTip.vue";
const slots = {
default: [
'Need help doing something?',
'<a href="/docs" target="_blank">Open docs</a>',
],
};
const stubs = ['n8n-tooltip'];
describe('N8nInfoTip', () => {
it('should render correctly as note', () => {
const wrapper = render(N8nInfoTip, {
slots,
stubs,
});
expect(wrapper.html()).toMatchSnapshot();
});
it('should render correctly as tooltip', () => {
const wrapper = render(N8nInfoTip, {
slots,
stubs,
props: {
type: 'tooltip',
},
});
expect(wrapper.html()).toMatchSnapshot();
});
});

9
packages/design-system/src/components/N8nInfoTip/__tests__/__snapshots__/InfoTip.spec.ts.snap Normal file
View file

@ -0,0 +1,9 @@
// Vitest Snapshot v1
exports[`N8nInfoTip > should render correctly as note 1`] = `"<div class=\\"n8n-info-tip _info_3egb8_33 _note_3egb8_16 _base_3egb8_1 _bold_3egb8_12\\"><span class=\\"_iconText_3egb8_28\\"><span class=\\"n8n-icon n8n-text _compact_91pa9_34 _size-medium_91pa9_19 _regular_91pa9_5\\"></span><span>Need help doing something?<a href=\\"/docs\\" target=\\"_blank\\">Open docs</a></span></span></div>"`;
exports[`N8nInfoTip > should render correctly as tooltip 1`] = `
"<div class=\\"n8n-info-tip _info_3egb8_33 _tooltip_3egb8_23 _base_3egb8_1 _bold_3egb8_12\\">
<n8n-tooltip-stub transformorigin=\\"true\\" placement=\\"top\\" boundariespadding=\\"5\\" offset=\\"0\\" visiblearrow=\\"true\\" arrowoffset=\\"0\\" appendtobody=\\"true\\" popperoptions=\\"[object Object]\\" opendelay=\\"0\\" effect=\\"dark\\" transition=\\"el-fade-in-linear\\" enterable=\\"true\\" hideafter=\\"0\\" tabindex=\\"0\\"><span class=\\"_iconText_3egb8_28\\"><span class=\\"n8n-icon n8n-text _compact_91pa9_34 _size-medium_91pa9_19 _regular_91pa9_5\\"></span></span><span>Need help doing something?<a href=\\"/docs\\" target=\\"_blank\\">Open docs</a></span></n8n-tooltip-stub>
</div>"
`;

10
packages/design-system/src/components/N8nInput/Input.stories.js → packages/design-system/src/components/N8nInput/Input.stories.ts
View file

@ -1,6 +1,8 @@
/* tslint:disable:variable-name */
import N8nInput from './Input.vue';
import N8nIcon from '../N8nIcon';
import { action } from '@storybook/addon-actions';
import { StoryFn } from '@storybook/vue';
export default {
title: 'Atoms/Input',
@ -34,7 +36,7 @@ const methods = {
onChange: action('change'),
};
const Template = (args, { argTypes }) => ({
const Template: StoryFn = (args, { argTypes }) => ({
props: Object.keys(argTypes),
components: {
N8nInput,
@ -53,7 +55,7 @@ Input.args = {
placeholder: 'placeholder...',
};
const ManyTemplate = (args, { argTypes }) => ({
const ManyTemplate: StoryFn = (args, { argTypes }) => ({
props: Object.keys(argTypes),
components: {
N8nInput,
@ -81,7 +83,7 @@ TextArea.args = {
};
const WithPrefix = (args, { argTypes }) => ({
const WithPrefix: StoryFn = (args, { argTypes }) => ({
props: Object.keys(argTypes),
components: {
N8nIcon,
@ -101,7 +103,7 @@ WithPrefixIcon.args = {
placeholder: 'placeholder...',
};
const WithSuffix = (args, { argTypes }) => ({
const WithSuffix: StoryFn = (args, { argTypes }) => ({
props: Object.keys(argTypes),
components: {
N8nIcon,

1
packages/design-system/src/components/N8nInput/Input.vue
View file

@ -24,7 +24,6 @@
<script lang="ts">
import ElInput from 'element-ui/lib/input';
import Vue from 'vue';
export default Vue.extend({

9
packages/design-system/src/components/N8nInput/__tests__/Input.spec.ts Normal file
View file

@ -0,0 +1,9 @@
import {render} from '@testing-library/vue';
import N8nInput from "../Input.vue";
describe('N8nInput', () => {
it('should render correctly', () => {
const wrapper = render(N8nInput);
expect(wrapper.html()).toMatchSnapshot();
});
});

11
packages/design-system/src/components/N8nInput/__tests__/__snapshots__/Input.spec.ts.snap Normal file
View file

@ -0,0 +1,11 @@
// Vitest Snapshot v1
exports[`N8nInput > should render correctly 1`] = `
"<div class=\\"el-input el-input--large n8n-input\\">
<!----><input type=\\"text\\" autocomplete=\\"off\\" class=\\"el-input__inner\\">
<!---->
<!---->
<!---->
<!---->
</div>"
`;

9
packages/design-system/src/components/N8nInputLabel/InputLabel.vue
View file

@ -2,13 +2,13 @@
<div :class="$style.container">
<div v-if="label || $slots.options" :class="{
'n8n-input-label': true,
[this.$style.heading]: !!this.label,
[this.$style.underline]: this.underline,
[this.$style.heading]: !!label,
[this.$style.underline]: underline,
[this.$style[this.size]]: true,
[$style.overflow]: !!$slots.options,
}">
<div :class="$style.title" v-if="label">
<n8n-text :bold="bold" :size="size" :compact="!underline && !$slots.options">
<n8n-text :bold="bold" :size="size" :compact="!underline && !$slots.options" :color="color">
{{ label }}
<n8n-text color="primary" :bold="bold" :size="size" v-if="required">*</n8n-text>
</n8n-text>
@ -45,6 +45,9 @@ export default Vue.extend({
N8nTooltip,
},
props: {
color: {
type: String,
},
label: {
type: String,
},

57
packages/design-system/src/components/N8nLoading/Loading.vue
View file

@ -1,40 +1,40 @@
<template>
<el-skeleton :loading="loading" :animated="animated" class="n8n-loading">
<el-skeleton :loading="loading" :animated="animated" :class="['n8n-loading', `n8n-loading-${variant}`]">
<template slot="template">
<el-skeleton-item
v-if="variant === 'button'"
:variant="variant"
/>
<div v-if="variant === 'h1'">
<div
v-for="(item, index) in rows"
:key="index"
:class="{
v-for="(item, index) in rows"
:key="index"
:class="{
[$style.h1Last]: item === rows && rows > 1 && shrinkLast,
}"
>
<el-skeleton-item
:variant="variant"
:variant="variant"
/>
</div>
</div>
<el-skeleton-item
v-if="variant === 'image'"
:variant="variant"
/>
<div v-if="variant === 'p'">
<div v-else-if="variant === 'p'">
<div
v-for="(item, index) in rows"
:key="index"
:class="{
v-for="(item, index) in rows"
:key="index"
:class="{
[$style.pLast]: item === rows && rows > 1 && shrinkLast,
}">
<el-skeleton-item
<el-skeleton-item
:variant="variant"
/>
/>
</div>
</div>
<div :class="$style.custom" v-else-if="variant === 'custom'">
<el-skeleton-item
:variant="variant"
/>
</div>
<el-skeleton-item
v-else
:variant="variant"
/>
</template>
</el-skeleton>
</template>
@ -71,7 +71,7 @@ export default Vue.extend({
variant: {
type: String,
default: 'p',
validator: (value: string): boolean => ['p', 'h1', 'button', 'image'].includes(value),
validator: (value: string): boolean => ['custom', 'p', 'text', 'h1', 'h3', 'text', 'caption', 'button', 'image', 'circle', 'rect'].includes(value),
},
},
});
@ -81,8 +81,21 @@ export default Vue.extend({
.h1Last {
width: 40%;
}
.pLast {
width: 61%;
}
.custom {
width: 100%;
height: 100%;
}
</style>
<style lang="scss">
.n8n-loading-custom .el-skeleton {
&,
.el-skeleton__item {
width: 100%;
height: 100%;
}
}
</style>

1
packages/design-system/src/components/N8nMarkdown/Markdown.vue
View file

@ -3,6 +3,7 @@
<div
v-if="!loading"
ref="editor"
class="ph-no-capture"
:class="$style[theme]" v-html="htmlContent"
@click="onClick"
/>

49
packages/design-system/src/components/N8nPopover/Popover.stories.js Normal file
View file

@ -0,0 +1,49 @@
import N8nPopover from './Popover.vue';
export default {
title: 'Atoms/Popover',
component: N8nPopover,
argTypes: {
effect: {
control: 'select',
options: ['dark', 'light'],
},
placement: {
control: 'select',
options: [
'top',
'top-start',
'top-end',
'bottom',
'bottom-start',
'bottom-end',
'left',
'left-start',
'left-end',
'right',
'right-start',
'right-end',
],
},
disabled: {
control: { type: 'boolean' },
},
},
parameters: {
backgrounds: { default: '--color-background-light' },
},
};
const Template = (args, { argTypes }) => ({
props: Object.keys(argTypes),
components: {
N8nPopover,
},
template:
'<n8n-Popover v-bind="$props"><div style="margin:50px; display: inline-block;"><span>yo</span></div></n8n-Popover>',
});
export const Popover = Template.bind({});
Popover.args = {
content: '...',
};

7
packages/design-system/src/components/N8nPopover/Popover.vue Normal file
View file

@ -0,0 +1,7 @@
<script lang="ts">
import ElPopover from 'element-ui/lib/popover';
ElPopover.name = 'n8n-popover';
export default ElPopover;
</script>

3
packages/design-system/src/components/N8nPopover/index.ts Normal file
View file

@ -0,0 +1,3 @@
import N8nPopover from './Popover.vue';
export default N8nPopover;

11
packages/design-system/src/components/N8nSelect/Select.stories.js → packages/design-system/src/components/N8nSelect/Select.stories.ts
View file

@ -1,3 +1,6 @@
/* tslint:disable:variable-name */
import { StoryFn } from '@storybook/vue';
import N8nSelect from './Select.vue';
import N8nOption from '../N8nOption';
import N8nIcon from '../N8nIcon';
@ -44,7 +47,7 @@ const methods = {
onChange: action('change'),
};
const Template = (args, { argTypes }) => ({
const Template: StoryFn = (args, { argTypes }) => ({
props: Object.keys(argTypes),
components: {
N8nSelect,
@ -70,7 +73,7 @@ Filterable.args = {
const selects = ['large', 'medium', 'small', 'mini'].map((size) => `<n8n-select v-bind="$props" v-model="val" @input="onInput" @change="onChange" size="${size}"><n8n-option value="1">op1</n8n-option><n8n-option value="2">op2</n8n-option></n8n-select>`).join('');
const ManyTemplate = (args, { argTypes }) => ({
const ManyTemplate: StoryFn = (args, { argTypes }) => ({
props: Object.keys(argTypes),
components: {
N8nSelect,
@ -95,7 +98,7 @@ Sizes.args = {
const selectsWithIcon = ['xlarge', 'large', 'medium', 'small', 'mini'].map((size) => `<n8n-select v-bind="$props" v-model="val" @input="onInput" size="${size}"><n8n-icon icon="search" slot="prefix" /><n8n-option value="1">op1</n8n-option><n8n-option value="2">op2</n8n-option></n8n-select>`).join('');
const ManyTemplateWithIcon = (args, { argTypes }) => ({
const ManyTemplateWithIcon: StoryFn = (args, { argTypes }) => ({
props: Object.keys(argTypes),
components: {
N8nSelect,
@ -119,7 +122,7 @@ WithIcon.args = {
};
const LimitedWidthTemplate = (args, { argTypes }) => ({
const LimitedWidthTemplate: StoryFn = (args, { argTypes }) => ({
props: Object.keys(argTypes),
components: {
N8nSelect,

2
packages/design-system/src/components/N8nSelect/Select.vue
View file

@ -29,7 +29,7 @@
import ElSelect from 'element-ui/lib/select';
import Vue from 'vue';
interface IProps {
export interface IProps {
size?: string;
limitPopperWidth?: string;
popperClass?: string;

23
packages/design-system/src/components/N8nSelect/__tests__/Select.spec.ts Normal file
View file

@ -0,0 +1,23 @@
import {render} from '@testing-library/vue';
import N8nSelect from "../Select.vue";
import N8nOption from "../../N8nOption/Option.vue";
describe('components', () => {
describe('N8nSelect', () => {
it('should render correctly', () => {
const wrapper = render(N8nSelect, {
components: {
N8nOption,
},
slots: {
default: [
'<n8n-option value="1">1</n8n-option>',
'<n8n-option value="2">2</n8n-option>',
'<n8n-option value="3">3</n8n-option>',
],
},
});
expect(wrapper.html()).toMatchSnapshot();
});
});
});

40
packages/design-system/src/components/N8nSelect/__tests__/__snapshots__/Select.spec.ts.snap Normal file
View file

@ -0,0 +1,40 @@
// Vitest Snapshot v1
exports[`components > N8nSelect > should render correctly 1`] = `
"<div class=\\"n8n-select _container_l5iac_16\\">
<!---->
<div class=\\"el-select el-select--large\\">
<!---->
<div class=\\"el-input el-input--large el-input--suffix\\">
<!----><input type=\\"text\\" readonly=\\"readonly\\" autocomplete=\\"off\\" placeholder=\\"请选择\\" class=\\"el-input__inner\\">
<!----><span class=\\"el-input__suffix\\"><span class=\\"el-input__suffix-inner\\"><i class=\\"el-select__caret el-input__icon el-icon-arrow-up\\"></i><!----><!----><!----><!----><!----></span>
<!----></span>
<!---->
<!---->
</div>
<transition-stub name=\\"el-zoom-in-top\\">
<div class=\\"el-select-dropdown el-popper\\" style=\\"display: none;\\">
<div class=\\"el-scrollbar\\" style=\\"display: none;\\">
<div class=\\"el-select-dropdown__wrap el-scrollbar__wrap el-scrollbar__wrap--hidden-default\\">
<ul class=\\"el-scrollbar__view el-select-dropdown__list\\">
<!---->
<li class=\\"el-select-dropdown__item\\">1</li>
<li class=\\"el-select-dropdown__item\\">2</li>
<li class=\\"el-select-dropdown__item\\">3</li>
</ul>
</div>
<div class=\\"el-scrollbar__bar is-horizontal\\">
<div class=\\"el-scrollbar__thumb\\" style=\\"width: 0px; transform: translateX(0%); webkit-transform: translateX(0%);\\"></div>
</div>
<div class=\\"el-scrollbar__bar is-vertical\\">
<div class=\\"el-scrollbar__thumb\\" style=\\"height: 0px; transform: translateY(0%); webkit-transform: translateY(0%);\\"></div>
</div>
</div>
<p class=\\"el-select-dropdown__empty\\">
无数据
</p>
</div>
</transition-stub>
</div>
</div>"
`;

3
packages/design-system/src/components/N8nSticky/Sticky.vue
View file

@ -19,6 +19,7 @@
<template>
<div
v-show="!editMode"
class="ph-no-capture"
:class="$style.wrapper"
@dblclick.stop="onDoubleClick"
>
@ -37,7 +38,7 @@
@keydown.esc="onInputBlur"
@keydown.stop
@wheel.stop
class="sticky-textarea"
class="sticky-textarea ph-no-capture"
:class="{'full-height': !shouldShowFooter}"
>
<n8n-input

20
packages/design-system/src/components/N8nUserInfo/UserInfo.vue
View file

@ -1,5 +1,5 @@
<template>
<div :class="$style.container">
<div class="ph-no-capture" :class="classes">
<div :class="$style.avatarContainer">
<n8n-avatar :firstName="firstName" :lastName="lastName" />
</div>
@ -10,7 +10,7 @@
</div>
<div v-else :class="$style.infoContainer">
<div>
<n8n-text :bold="true">{{firstName}} {{lastName}} {{isCurrentUser ? this.t('nds.userInfo.you') : ''}}</n8n-text>
<n8n-text :bold="true" color="text-dark">{{firstName}} {{lastName}} {{isCurrentUser ? this.t('nds.userInfo.you') : ''}}</n8n-text>
</div>
<div>
<n8n-text size="small" color="text-light">{{email}}</n8n-text>
@ -51,6 +51,18 @@ export default mixins(Locale).extend({
isCurrentUser: {
type: Boolean,
},
disabled: {
type: Boolean,
default: false,
},
},
computed: {
classes(): Record<string, boolean> {
return {
[this.$style.container]: true,
[this.$style.disabled]: this.disabled,
};
},
},
});
</script>
@ -87,4 +99,8 @@ export default mixins(Locale).extend({
.pendingBadge {
margin-left: var(--spacing-xs);
}
.disabled {
opacity: 0.5;
}
</style>

16
packages/design-system/src/components/N8nUserSelect/UserSelect.vue
View file

@ -3,15 +3,19 @@
:value="value"
:filterable="true"
:filterMethod="setFilter"
:placeholder="t('nds.userSelect.selectUser')"
:placeholder="placeholder"
:default-first-option="true"
:popper-append-to-body="true"
:popper-class="$style.limitPopperWidth"
:noDataText="t('nds.userSelect.noMatchingUsers')"
:size="size"
@change="onChange"
@blur="onBlur"
@focus="onFocus"
>
<template #prefix v-if="$slots.prefix">
<slot name="prefix" />
</template>
<el-option
v-for="user in sortedUsers"
:key="user.id"
@ -32,6 +36,7 @@ import ElSelect from 'element-ui/lib/select';
import ElOption from 'element-ui/lib/option';
import Locale from '../../mixins/locale';
import mixins from 'vue-typed-mixins';
import { t } from '../../locale';
export default mixins(Locale).extend({
name: 'n8n-user-select',
@ -61,6 +66,15 @@ export default mixins(Locale).extend({
currentUserId: {
type: String,
},
placeholder: {
type: String,
default: () => t('nds.userSelect.selectUser'),
},
size: {
type: String,
validator: (value: string): boolean =>
['mini', 'small', 'large'].includes(value),
},
},
data() {
return {

41
packages/design-system/src/components/N8nUsersList/UsersList.vue
View file

@ -3,13 +3,20 @@
<div
v-for="(user, i) in sortedUsers"
:key="user.id"
class='ph-no-capture'
:class="i === sortedUsers.length - 1 ? $style.itemContainer : $style.itemWithBorder"
>
<n8n-user-info v-bind="user" :isCurrentUser="currentUserId === user.id" />
<div :class="$style.badgeContainer">
<n8n-badge v-if="user.isOwner" theme="secondary">{{ t('nds.auth.roles.owner') }}</n8n-badge>
<n8n-badge
v-if="user.isOwner"
theme="tertiary"
bold
>
{{ t('nds.auth.roles.owner') }}
</n8n-badge>
<n8n-action-toggle
v-if="!user.isOwner"
v-if="!user.isOwner && !readonly && getActions(user).length > 0"
placement="bottom"
:actions="getActions(user)"
theme="dark"
@ -22,15 +29,12 @@
<script lang="ts">
import { IUser } from '../../types';
import Vue from 'vue';
import N8nActionToggle from '../N8nActionToggle';
import N8nBadge from '../N8nBadge';
import N8nIcon from '../N8nIcon';
import N8nLink from '../N8nLink';
import N8nText from '../N8nText';
import N8nUserInfo from '../N8nUserInfo';
import Locale from '../../mixins/locale';
import mixins from 'vue-typed-mixins';
import { t } from '../../locale';
export default mixins(Locale).extend({
name: 'n8n-users-list',
@ -40,16 +44,28 @@ export default mixins(Locale).extend({
N8nUserInfo,
},
props: {
readonly: {
type: Boolean,
default: false,
},
users: {
type: Array,
required: true,
default() {
default(): IUser[] {
return [];
},
},
currentUserId: {
type: String,
},
deleteLabel: {
type: String,
default: () => t('nds.usersList.deleteUser'),
},
reinviteLabel: {
type: String,
default: () => t('nds.usersList.reinviteUser'),
},
},
computed: {
sortedUsers(): IUser[] {
@ -86,19 +102,19 @@ export default mixins(Locale).extend({
}
}
return a.email > b.email ? 1 : -1;
return a.email! > b.email! ? 1 : -1;
});
},
},
methods: {
getActions(user: IUser): Array<{ label: string, value: string }> {
const DELETE = {
label: this.t('nds.usersList.deleteUser'),
label: this.deleteLabel,
value: 'delete',
};
const REINVITE = {
label: this.t('nds.usersList.reinviteUser'),
label: this.reinviteLabel,
value: 'reinvite',
};
@ -110,15 +126,14 @@ export default mixins(Locale).extend({
return [
DELETE,
];
}
else {
} else {
return [
REINVITE,
DELETE,
];
}
},
onUserAction(user: IUser, action: string) {
onUserAction(user: IUser, action: string): void {
if (action === 'delete' || action === 'reinvite') {
this.$emit(action, user.id);
}

2
packages/design-system/src/main.d.ts vendored
View file

@ -10,7 +10,7 @@ declare module 'vue/types/vue' {
declare module 'n8n-design-system' {
export * from './components';
export { N8nUserSelect, N8nUsersList } from './components'; // Workaround for circular imports, will be removed when migrated to typescript
export { N8nUsersList, N8nUserSelect } from './components';
export { locale };
}

2
packages/design-system/src/plugins/elementUIComponents.ts
View file

@ -29,7 +29,6 @@ import Badge from 'element-ui/lib/badge';
import Card from 'element-ui/lib/card';
import ColorPicker from 'element-ui/lib/color-picker';
import Container from 'element-ui/lib/container';
import Popover from 'element-ui/lib/popover';
export default {
install: (app: typeof Vue, options?: {}) => {
@ -62,6 +61,5 @@ export default {
app.component('ElColorPicker', ColorPicker);
app.component('ElContainer', Container);
app.component('ElPagination', Pagination);
app.component('ElPopover', Popover);
},
};

20
packages/design-system/src/plugins/n8nComponents.ts
View file

@ -1,42 +1,45 @@
import Vue from 'vue';
import N8nInfoAccordion from '../components/N8nInfoAccordion';
import N8nActionBox from '../components/N8nActionBox';
import N8nActionToggle from '../components/N8nActionToggle';
import N8nAvatar from '../components/N8nAvatar';
import N8nBadge from "../components/N8nBadge";
import N8nButton from '../components/N8nButton';
import { N8nElButton } from '../components/N8nButton/overrides';
import N8nCallout from '../components/N8nCallout';
import N8nCard from '../components/N8nCard';
import N8nFormBox from '../components/N8nFormBox';
import N8nFormInputs from '../components/N8nFormInputs';
import N8nHeading from '../components/N8nHeading';
import N8nIcon from '../components/N8nIcon';
import N8nIconButton from '../components/N8nIconButton';
import N8nInfoAccordion from '../components/N8nInfoAccordion';
import N8nInfoTip from '../components/N8nInfoTip';
import N8nInput from '../components/N8nInput';
import { default as N8nInput } from '../components/N8nInput';
import N8nInputLabel from '../components/N8nInputLabel';
import N8nInputNumber from '../components/N8nInputNumber';
import N8nLoading from '../components/N8nLoading';
import N8nHeading from '../components/N8nHeading';
import N8nLink from '../components/N8nLink';
import N8nLoading from '../components/N8nLoading';
import N8nMarkdown from '../components/N8nMarkdown';
import N8nMenu from '../components/N8nMenu';
import N8nMenuItem from '../components/N8nMenuItem';
import N8nNodeIcon from '../components/N8nNodeIcon';
import N8nNotice from '../components/N8nNotice';
import N8nOption from '../components/N8nOption';
import N8nPopover from '../components/N8nPopover';
import N8nPulse from '../components/N8nPulse';
import N8nRadioButtons from '../components/N8nRadioButtons';
import N8nSelect from '../components/N8nSelect';
import N8nSpinner from '../components/N8nSpinner';
import N8nSticky from '../components/N8nSticky';
import N8nRadioButtons from '../components/N8nRadioButtons';
import N8nTags from '../components/N8nTags';
import N8nTabs from '../components/N8nTabs';
import N8nTag from '../components/N8nTag';
import N8nTags from '../components/N8nTags';
import N8nText from '../components/N8nText';
import N8nTooltip from '../components/N8nTooltip';
import N8nTree from '../components/N8nTree';
import N8nUsersList from '../components/N8nUsersList';
import N8nUserInfo from '../components/N8nUserInfo';
import N8nUserSelect from '../components/N8nUserSelect';
import N8nUsersList from '../components/N8nUsersList';
export default {
install: (app: typeof Vue, options?: {}) => {
@ -44,6 +47,7 @@ export default {
app.component('n8n-action-box', N8nActionBox);
app.component('n8n-action-toggle', N8nActionToggle);
app.component('n8n-avatar', N8nAvatar);
app.component('n8n-badge', N8nBadge);
app.component('n8n-button', N8nButton);
app.component('el-button', N8nElButton);
app.component('n8n-callout', N8nCallout);
@ -65,6 +69,7 @@ export default {
app.component('n8n-node-icon', N8nNodeIcon);
app.component('n8n-notice', N8nNotice);
app.component('n8n-option', N8nOption);
app.component('n8n-popover', N8nPopover);
app.component('n8n-pulse', N8nPulse);
app.component('n8n-select', N8nSelect);
app.component('n8n-spinner', N8nSpinner);
@ -75,6 +80,7 @@ export default {
app.component('n8n-tag', N8nTag);
app.component('n8n-text', N8nText);
app.component('n8n-tooltip', N8nTooltip);
app.component('n8n-user-info', N8nUserInfo);
app.component('n8n-tree', N8nTree);
app.component('n8n-users-list', N8nUsersList);
app.component('n8n-user-select', N8nUserSelect);

2
packages/design-system/src/styleguide/colors.stories.mdx
View file

@ -26,7 +26,7 @@ import ColorCircles from './ColorCircles.vue';
</Story>
</Canvas>
## Outline
## Secondary
<Canvas>
<Story name="secondary">

8
packages/design-system/src/styleguide/SpacingPreview.vue → packages/design-system/src/styleguide/components/SpacingPreview.vue
View file

@ -1,7 +1,7 @@
<template>
<div>
<div
v-for="size in ['5xs', '4xs', '3xs', '2xs', 'xs', 's', 'm', 'l', 'xl', '2xl', '3xl', '4xl', '5xl']"
v-for="size in sizes"
class="spacing-group"
:key="size"
>
@ -32,6 +32,12 @@ export default Vue.extend({
default: '',
},
},
computed: {
sizes() {
return ['0', '5xs', '4xs', '3xs', '2xs', 'xs', 's', 'm', 'l', 'xl', '2xl', '3xl', '4xl', '5xl']
.concat(this.property === 'margin' ? ['auto'] : []);
},
},
});
</script>

29
packages/design-system/src/styleguide/utilities/lists.stories.ts Normal file
View file

@ -0,0 +1,29 @@
/* tslint:disable:variable-name */
import {StoryFn} from "@storybook/vue";
export default {
title: 'Utilities/Lists',
};
const ListStyleNoneTemplate: StoryFn = (args, {argTypes}) => ({
props: Object.keys(argTypes),
template: `<ul class="list-style-none">
<li>List item 1</li>
<li>List item 2</li>
<li>List item 3</li>
</ul>`,
});
export const StyleNone = ListStyleNoneTemplate.bind({});
const ListInlineTemplate: StoryFn = (args, {argTypes}) => ({
props: Object.keys(argTypes),
template: `<ul class="list-inline">
<li>List item 1</li>
<li>List item 2</li>
<li>List item 3</li>
</ul>`,
});
export const Inline = ListInlineTemplate.bind({});

2
packages/design-system/src/styleguide/utilities.stories.ts → packages/design-system/src/styleguide/utilities/spacing.stories.ts
View file

@ -1,7 +1,7 @@
/* tslint:disable:variable-name */
import {StoryFn} from "@storybook/vue";
import SpacingPreview from "../styleguide/SpacingPreview.vue";
import SpacingPreview from "../components/SpacingPreview.vue";
export default {
title: 'Utilities/Spacing',

2
packages/design-system/src/types/user.ts
View file

@ -4,6 +4,6 @@ export interface IUser {
lastName?: string;
fullName?: string;
email?: string;
isPendingUser: boolean;
isOwner: boolean;
isPendingUser: boolean;
}

8
packages/design-system/theme/src/common/var.scss
View file

@ -479,7 +479,7 @@ $messagebox-content-font-size: $font-size-base;
$messagebox-content-color: var(--color-text-dark);
/// fontSize||Font|1
$messagebox-error-font-size: 12px;
$msgbox-padding-primary: 15px;
$msgbox-padding-primary: var(--spacing-s);
/// color||Color|0
$messagebox-success-color: var(--color-success);
/// color||Color|0
@ -494,7 +494,7 @@ $messagebox-danger-color: var(--color-danger);
$message-shadow: $box-shadow-base;
$message-min-width: 380px;
$message-background-color: #edf2fc;
$message-padding: 15px 15px 15px 20px;
$message-padding: 16px 16px 16px 20px;
/// color||Color|0
$message-close-icon-color: var(--color-text-lighter);
/// height||Other|4
@ -837,7 +837,7 @@ $popover-font-size: $font-size-base;
$popover-border-color: var(--border-color-light);
$popover-arrow-size: 6px;
/// padding||Spacing|3
$popover-padding: 12px;
$popover-padding: var(--spacing-s);
$popover-padding-large: 18px 20px;
/// fontSize||Font|1
$popover-title-font-size: 16px;
@ -871,7 +871,7 @@ $tag-warning-color: var(--color-warning);
/// color||Color|0
$tag-danger-color: var(--color-danger);
/// fontSize||Font|1
$tag-font-size: var(--font-size-s);
$tag-font-size: var(--font-size-xs);
$tag-border-radius: 4px;
$tag-padding: 16px;

10
packages/design-system/theme/src/message-box.scss
View file

@ -7,7 +7,7 @@
@include mixins.b(message-box) {
display: inline-block;
width: var.$msgbox-width;
padding-bottom: 10px;
padding-bottom: var(--spacing-s);
vertical-align: middle;
background-color: var.$color-white;
border-radius: var.$msgbox-border-radius;
@ -38,7 +38,7 @@
@include mixins.e(header) {
position: relative;
padding: var.$msgbox-padding-primary;
padding-bottom: 10px;
padding-bottom: var(--spacing-2xs);
}
@include mixins.e(title) {
@ -73,7 +73,7 @@
}
@include mixins.e(content) {
padding: 10px var.$msgbox-padding-primary;
padding: var(--spacing-2xs) var.$msgbox-padding-primary var(--spacing-s);
color: var.$messagebox-content-color;
font-size: var.$messagebox-content-font-size;
}
@ -131,7 +131,7 @@
& p {
margin: 0;
line-height: 24px;
line-height: var(--font-line-height-loose);
}
}
@ -143,7 +143,7 @@
}
@include mixins.e(btns) {
padding: 5px 15px 0;
padding: var(--spacing-s) var(--spacing-s) 0;
text-align: right;
& button {

1
packages/design-system/theme/src/select-dropdown.scss
View file

@ -11,6 +11,7 @@
box-shadow: var.$select-dropdown-shadow;
box-sizing: border-box;
margin: 5px 0;
max-width: var(--max-width);
@include mixins.when(multiple) {
& .el-select-dropdown__item.selected {

Some files were not shown because too many files have changed in this diff Show more