mirror of
https://github.com/n8n-io/n8n.git
synced 2024-12-23 11:44:06 -08:00
refactor(core): Modernize credentials controllers and services (no-changelog) (#8488)
Co-authored-by: कारतोफ्फेलस्क्रिप्ट™ <aditya@netroy.in>
This commit is contained in:
parent
0febe62ad0
commit
dac511b710
|
@ -34,7 +34,7 @@ import {
|
|||
N8N_VERSION,
|
||||
TEMPLATES_DIR,
|
||||
} from '@/constants';
|
||||
import { credentialsController } from '@/credentials/credentials.controller';
|
||||
import { CredentialsController } from '@/credentials/credentials.controller';
|
||||
import type { CurlHelper } from '@/requests';
|
||||
import { registerController } from '@/decorators';
|
||||
import { AuthController } from '@/controllers/auth.controller';
|
||||
|
@ -229,6 +229,7 @@ export class Server extends AbstractServer {
|
|||
ActiveWorkflowsController,
|
||||
WorkflowsController,
|
||||
ExecutionsController,
|
||||
CredentialsController,
|
||||
];
|
||||
|
||||
if (
|
||||
|
@ -347,8 +348,6 @@ export class Server extends AbstractServer {
|
|||
|
||||
await this.registerControllers(ignoredEndpoints);
|
||||
|
||||
this.app.use(`/${this.restEndpoint}/credentials`, credentialsController);
|
||||
|
||||
// ----------------------------------------
|
||||
// SAML
|
||||
// ----------------------------------------
|
||||
|
|
|
@ -1,195 +0,0 @@
|
|||
import express from 'express';
|
||||
import type { INodeCredentialTestResult } from 'n8n-workflow';
|
||||
import { deepCopy } from 'n8n-workflow';
|
||||
import * as Db from '@/Db';
|
||||
import * as ResponseHelper from '@/ResponseHelper';
|
||||
|
||||
import type { CredentialRequest } from '@/requests';
|
||||
import { License } from '@/License';
|
||||
import { EECredentialsService as EECredentials } from './credentials.service.ee';
|
||||
import { OwnershipService } from '@/services/ownership.service';
|
||||
import { Container } from 'typedi';
|
||||
import { InternalHooks } from '@/InternalHooks';
|
||||
import { BadRequestError } from '@/errors/response-errors/bad-request.error';
|
||||
import { NotFoundError } from '@/errors/response-errors/not-found.error';
|
||||
import { UnauthorizedError } from '@/errors/response-errors/unauthorized.error';
|
||||
import { CredentialsRepository } from '@/databases/repositories/credentials.repository';
|
||||
import * as utils from '@/utils';
|
||||
import { UserManagementMailer } from '@/UserManagement/email';
|
||||
|
||||
export const EECredentialsController = express.Router();
|
||||
|
||||
EECredentialsController.use((req, res, next) => {
|
||||
if (!Container.get(License).isSharingEnabled()) {
|
||||
// skip ee router and use free one
|
||||
next('router');
|
||||
return;
|
||||
}
|
||||
// use ee router
|
||||
next();
|
||||
});
|
||||
|
||||
/**
|
||||
* GET /credentials/:id
|
||||
*/
|
||||
EECredentialsController.get(
|
||||
'/:id(\\w+)',
|
||||
(req, res, next) => (req.params.id === 'new' ? next('router') : next()), // skip ee router and use free one for naming
|
||||
ResponseHelper.send(async (req: CredentialRequest.Get) => {
|
||||
const { id: credentialId } = req.params;
|
||||
const includeDecryptedData = req.query.includeData === 'true';
|
||||
|
||||
let credential = await Container.get(CredentialsRepository).findOne({
|
||||
where: { id: credentialId },
|
||||
relations: ['shared', 'shared.user'],
|
||||
});
|
||||
|
||||
if (!credential) {
|
||||
throw new NotFoundError(
|
||||
'Could not load the credential. If you think this is an error, ask the owner to share it with you again',
|
||||
);
|
||||
}
|
||||
|
||||
const userSharing = credential.shared?.find((shared) => shared.user.id === req.user.id);
|
||||
|
||||
if (!userSharing && !req.user.hasGlobalScope('credential:read')) {
|
||||
throw new UnauthorizedError('Forbidden.');
|
||||
}
|
||||
|
||||
credential = Container.get(OwnershipService).addOwnedByAndSharedWith(credential);
|
||||
|
||||
if (!includeDecryptedData || !userSharing || userSharing.role !== 'credential:owner') {
|
||||
const { data: _, ...rest } = credential;
|
||||
return { ...rest };
|
||||
}
|
||||
|
||||
const { data: _, ...rest } = credential;
|
||||
|
||||
const decryptedData = EECredentials.redact(EECredentials.decrypt(credential), credential);
|
||||
|
||||
return { data: decryptedData, ...rest };
|
||||
}),
|
||||
);
|
||||
|
||||
/**
|
||||
* POST /credentials/test
|
||||
*
|
||||
* Test if a credential is valid.
|
||||
*/
|
||||
EECredentialsController.post(
|
||||
'/test',
|
||||
ResponseHelper.send(async (req: CredentialRequest.Test): Promise<INodeCredentialTestResult> => {
|
||||
const { credentials } = req.body;
|
||||
|
||||
const credentialId = credentials.id;
|
||||
const { ownsCredential } = await EECredentials.isOwned(req.user, credentialId);
|
||||
|
||||
const sharing = await EECredentials.getSharing(req.user, credentialId, {
|
||||
allowGlobalScope: true,
|
||||
globalScope: 'credential:read',
|
||||
});
|
||||
if (!ownsCredential) {
|
||||
if (!sharing) {
|
||||
throw new UnauthorizedError('Forbidden');
|
||||
}
|
||||
|
||||
const decryptedData = EECredentials.decrypt(sharing.credentials);
|
||||
Object.assign(credentials, { data: decryptedData });
|
||||
}
|
||||
|
||||
const mergedCredentials = deepCopy(credentials);
|
||||
if (mergedCredentials.data && sharing?.credentials) {
|
||||
const decryptedData = EECredentials.decrypt(sharing.credentials);
|
||||
mergedCredentials.data = EECredentials.unredact(mergedCredentials.data, decryptedData);
|
||||
}
|
||||
|
||||
return await EECredentials.test(req.user, mergedCredentials);
|
||||
}),
|
||||
);
|
||||
|
||||
/**
|
||||
* (EE) PUT /credentials/:id/share
|
||||
*
|
||||
* Grant or remove users' access to a credential.
|
||||
*/
|
||||
|
||||
EECredentialsController.put(
|
||||
'/:credentialId/share',
|
||||
ResponseHelper.send(async (req: CredentialRequest.Share) => {
|
||||
const { credentialId } = req.params;
|
||||
const { shareWithIds } = req.body;
|
||||
|
||||
if (
|
||||
!Array.isArray(shareWithIds) ||
|
||||
!shareWithIds.every((userId) => typeof userId === 'string')
|
||||
) {
|
||||
throw new BadRequestError('Bad request');
|
||||
}
|
||||
|
||||
const isOwnedRes = await EECredentials.isOwned(req.user, credentialId);
|
||||
const { ownsCredential } = isOwnedRes;
|
||||
let { credential } = isOwnedRes;
|
||||
if (!ownsCredential || !credential) {
|
||||
credential = undefined;
|
||||
// Allow owners/admins to share
|
||||
if (req.user.hasGlobalScope('credential:share')) {
|
||||
const sharedRes = await EECredentials.getSharing(req.user, credentialId, {
|
||||
allowGlobalScope: true,
|
||||
globalScope: 'credential:share',
|
||||
});
|
||||
credential = sharedRes?.credentials;
|
||||
}
|
||||
if (!credential) {
|
||||
throw new UnauthorizedError('Forbidden');
|
||||
}
|
||||
}
|
||||
|
||||
const ownerIds = (
|
||||
await EECredentials.getSharings(Db.getConnection().createEntityManager(), credentialId, [
|
||||
'shared',
|
||||
])
|
||||
)
|
||||
.filter((e) => e.role === 'credential:owner')
|
||||
.map((e) => e.userId);
|
||||
|
||||
let amountRemoved: number | null = null;
|
||||
let newShareeIds: string[] = [];
|
||||
await Db.transaction(async (trx) => {
|
||||
// remove all sharings that are not supposed to exist anymore
|
||||
const { affected } = await Container.get(CredentialsRepository).pruneSharings(
|
||||
trx,
|
||||
credentialId,
|
||||
[...ownerIds, ...shareWithIds],
|
||||
);
|
||||
if (affected) amountRemoved = affected;
|
||||
|
||||
const sharings = await EECredentials.getSharings(trx, credentialId);
|
||||
|
||||
// extract the new sharings that need to be added
|
||||
newShareeIds = utils.rightDiff(
|
||||
[sharings, (sharing) => sharing.userId],
|
||||
[shareWithIds, (shareeId) => shareeId],
|
||||
);
|
||||
|
||||
if (newShareeIds.length) {
|
||||
await EECredentials.share(trx, credential!, newShareeIds);
|
||||
}
|
||||
});
|
||||
|
||||
void Container.get(InternalHooks).onUserSharedCredentials({
|
||||
user: req.user,
|
||||
credential_name: credential.name,
|
||||
credential_type: credential.type,
|
||||
credential_id: credential.id,
|
||||
user_id_sharer: req.user.id,
|
||||
user_ids_sharees_added: newShareeIds,
|
||||
sharees_removed: amountRemoved,
|
||||
});
|
||||
|
||||
await Container.get(UserManagementMailer).notifyCredentialsShared({
|
||||
sharer: req.user,
|
||||
newShareeIds,
|
||||
credentialsName: credential.name,
|
||||
});
|
||||
}),
|
||||
);
|
|
@ -1,62 +1,100 @@
|
|||
import express from 'express';
|
||||
import type { INodeCredentialTestResult } from 'n8n-workflow';
|
||||
import { deepCopy } from 'n8n-workflow';
|
||||
|
||||
import * as ResponseHelper from '@/ResponseHelper';
|
||||
import config from '@/config';
|
||||
import { EECredentialsController } from './credentials.controller.ee';
|
||||
import { CredentialsService } from './credentials.service';
|
||||
|
||||
import type { ICredentialsDb } from '@/Interfaces';
|
||||
import type { CredentialRequest, ListQuery } from '@/requests';
|
||||
import { Container } from 'typedi';
|
||||
import { CredentialRequest, ListQuery } from '@/requests';
|
||||
import { InternalHooks } from '@/InternalHooks';
|
||||
import { listQueryMiddleware } from '@/middlewares';
|
||||
import { Logger } from '@/Logger';
|
||||
import { NotFoundError } from '@/errors/response-errors/not-found.error';
|
||||
import { UnauthorizedError } from '@/errors/response-errors/unauthorized.error';
|
||||
import { NamingService } from '@/services/naming.service';
|
||||
import { License } from '@/License';
|
||||
import { CredentialsRepository } from '@/databases/repositories/credentials.repository';
|
||||
import { OwnershipService } from '@/services/ownership.service';
|
||||
import { EnterpriseCredentialsService } from './credentials.service.ee';
|
||||
import { Authorized, Delete, Get, Licensed, Patch, Post, Put, RestController } from '@/decorators';
|
||||
import { BadRequestError } from '@/errors/response-errors/bad-request.error';
|
||||
import { UserManagementMailer } from '@/UserManagement/email';
|
||||
import * as Db from '@/Db';
|
||||
import * as utils from '@/utils';
|
||||
import { listQueryMiddleware } from '@/middlewares';
|
||||
|
||||
export const credentialsController = express.Router();
|
||||
credentialsController.use('/', EECredentialsController);
|
||||
@Authorized()
|
||||
@RestController('/credentials')
|
||||
export class CredentialsController {
|
||||
constructor(
|
||||
private readonly credentialsService: CredentialsService,
|
||||
private readonly enterpriseCredentialsService: EnterpriseCredentialsService,
|
||||
private readonly credentialsRepository: CredentialsRepository,
|
||||
private readonly namingService: NamingService,
|
||||
private readonly license: License,
|
||||
private readonly logger: Logger,
|
||||
private readonly ownershipService: OwnershipService,
|
||||
private readonly internalHooks: InternalHooks,
|
||||
private readonly userManagementMailer: UserManagementMailer,
|
||||
) {}
|
||||
|
||||
/**
|
||||
* GET /credentials
|
||||
*/
|
||||
credentialsController.get(
|
||||
'/',
|
||||
listQueryMiddleware,
|
||||
ResponseHelper.send(async (req: ListQuery.Request) => {
|
||||
return await CredentialsService.getMany(req.user, { listQueryOptions: req.listQueryOptions });
|
||||
}),
|
||||
);
|
||||
@Get('/', { middlewares: listQueryMiddleware })
|
||||
async getMany(req: ListQuery.Request) {
|
||||
return await this.credentialsService.getMany(req.user, {
|
||||
listQueryOptions: req.listQueryOptions,
|
||||
});
|
||||
}
|
||||
|
||||
/**
|
||||
* GET /credentials/new
|
||||
*
|
||||
* Generate a unique credential name.
|
||||
*/
|
||||
credentialsController.get(
|
||||
'/new',
|
||||
ResponseHelper.send(async (req: CredentialRequest.NewName) => {
|
||||
@Get('/new')
|
||||
async generateUniqueName(req: CredentialRequest.NewName) {
|
||||
const requestedName = req.query.name ?? config.getEnv('credentials.defaultName');
|
||||
|
||||
return {
|
||||
name: await Container.get(NamingService).getUniqueCredentialName(requestedName),
|
||||
name: await this.namingService.getUniqueCredentialName(requestedName),
|
||||
};
|
||||
}),
|
||||
);
|
||||
}
|
||||
|
||||
@Get('/:id')
|
||||
async getOne(req: CredentialRequest.Get) {
|
||||
if (this.license.isSharingEnabled()) {
|
||||
const { id: credentialId } = req.params;
|
||||
const includeDecryptedData = req.query.includeData === 'true';
|
||||
|
||||
let credential = await this.credentialsRepository.findOne({
|
||||
where: { id: credentialId },
|
||||
relations: ['shared', 'shared.user'],
|
||||
});
|
||||
|
||||
if (!credential) {
|
||||
throw new NotFoundError(
|
||||
'Could not load the credential. If you think this is an error, ask the owner to share it with you again',
|
||||
);
|
||||
}
|
||||
|
||||
const userSharing = credential.shared?.find((shared) => shared.user.id === req.user.id);
|
||||
|
||||
if (!userSharing && !req.user.hasGlobalScope('credential:read')) {
|
||||
throw new UnauthorizedError('Forbidden.');
|
||||
}
|
||||
|
||||
credential = this.ownershipService.addOwnedByAndSharedWith(credential);
|
||||
|
||||
if (!includeDecryptedData || !userSharing || userSharing.role !== 'credential:owner') {
|
||||
const { data: _, ...rest } = credential;
|
||||
return { ...rest };
|
||||
}
|
||||
|
||||
const { data: _, ...rest } = credential;
|
||||
|
||||
const decryptedData = this.credentialsService.redact(
|
||||
this.credentialsService.decrypt(credential),
|
||||
credential,
|
||||
);
|
||||
|
||||
return { data: decryptedData, ...rest };
|
||||
}
|
||||
|
||||
// non-enterprise
|
||||
|
||||
/**
|
||||
* GET /credentials/:id
|
||||
*/
|
||||
credentialsController.get(
|
||||
'/:id(\\w+)',
|
||||
ResponseHelper.send(async (req: CredentialRequest.Get) => {
|
||||
const { id: credentialId } = req.params;
|
||||
const includeDecryptedData = req.query.includeData === 'true';
|
||||
|
||||
const sharing = await CredentialsService.getSharing(
|
||||
const sharing = await this.credentialsService.getSharing(
|
||||
req.user,
|
||||
credentialId,
|
||||
{ allowGlobalScope: true, globalScope: 'credential:read' },
|
||||
|
@ -75,52 +113,79 @@ credentialsController.get(
|
|||
return { ...rest };
|
||||
}
|
||||
|
||||
const decryptedData = CredentialsService.redact(
|
||||
CredentialsService.decrypt(credential),
|
||||
const decryptedData = this.credentialsService.redact(
|
||||
this.credentialsService.decrypt(credential),
|
||||
credential,
|
||||
);
|
||||
|
||||
return { data: decryptedData, ...rest };
|
||||
}),
|
||||
);
|
||||
}
|
||||
|
||||
@Post('/test')
|
||||
async testCredentials(req: CredentialRequest.Test) {
|
||||
if (this.license.isSharingEnabled()) {
|
||||
const { credentials } = req.body;
|
||||
|
||||
const credentialId = credentials.id;
|
||||
const { ownsCredential } = await this.enterpriseCredentialsService.isOwned(
|
||||
req.user,
|
||||
credentialId,
|
||||
);
|
||||
|
||||
const sharing = await this.enterpriseCredentialsService.getSharing(req.user, credentialId, {
|
||||
allowGlobalScope: true,
|
||||
globalScope: 'credential:read',
|
||||
});
|
||||
if (!ownsCredential) {
|
||||
if (!sharing) {
|
||||
throw new UnauthorizedError('Forbidden');
|
||||
}
|
||||
|
||||
const decryptedData = this.credentialsService.decrypt(sharing.credentials);
|
||||
Object.assign(credentials, { data: decryptedData });
|
||||
}
|
||||
|
||||
const mergedCredentials = deepCopy(credentials);
|
||||
if (mergedCredentials.data && sharing?.credentials) {
|
||||
const decryptedData = this.credentialsService.decrypt(sharing.credentials);
|
||||
mergedCredentials.data = this.credentialsService.unredact(
|
||||
mergedCredentials.data,
|
||||
decryptedData,
|
||||
);
|
||||
}
|
||||
|
||||
return await this.credentialsService.test(req.user, mergedCredentials);
|
||||
}
|
||||
|
||||
// non-enterprise
|
||||
|
||||
/**
|
||||
* POST /credentials/test
|
||||
*
|
||||
* Test if a credential is valid.
|
||||
*/
|
||||
credentialsController.post(
|
||||
'/test',
|
||||
ResponseHelper.send(async (req: CredentialRequest.Test): Promise<INodeCredentialTestResult> => {
|
||||
const { credentials } = req.body;
|
||||
|
||||
const sharing = await CredentialsService.getSharing(req.user, credentials.id, {
|
||||
const sharing = await this.credentialsService.getSharing(req.user, credentials.id, {
|
||||
allowGlobalScope: true,
|
||||
globalScope: 'credential:read',
|
||||
});
|
||||
|
||||
const mergedCredentials = deepCopy(credentials);
|
||||
if (mergedCredentials.data && sharing?.credentials) {
|
||||
const decryptedData = CredentialsService.decrypt(sharing.credentials);
|
||||
mergedCredentials.data = CredentialsService.unredact(mergedCredentials.data, decryptedData);
|
||||
const decryptedData = this.credentialsService.decrypt(sharing.credentials);
|
||||
mergedCredentials.data = this.credentialsService.unredact(
|
||||
mergedCredentials.data,
|
||||
decryptedData,
|
||||
);
|
||||
}
|
||||
|
||||
return await CredentialsService.test(req.user, mergedCredentials);
|
||||
}),
|
||||
);
|
||||
return await this.credentialsService.test(req.user, mergedCredentials);
|
||||
}
|
||||
|
||||
/**
|
||||
* POST /credentials
|
||||
*/
|
||||
credentialsController.post(
|
||||
'/',
|
||||
ResponseHelper.send(async (req: CredentialRequest.Create) => {
|
||||
const newCredential = await CredentialsService.prepareCreateData(req.body);
|
||||
@Post('/')
|
||||
async createCredentials(req: CredentialRequest.Create) {
|
||||
const newCredential = await this.credentialsService.prepareCreateData(req.body);
|
||||
|
||||
const encryptedData = CredentialsService.createEncryptedData(null, newCredential);
|
||||
const credential = await CredentialsService.save(newCredential, encryptedData, req.user);
|
||||
const encryptedData = this.credentialsService.createEncryptedData(null, newCredential);
|
||||
const credential = await this.credentialsService.save(newCredential, encryptedData, req.user);
|
||||
|
||||
void Container.get(InternalHooks).onUserCreatedCredentials({
|
||||
void this.internalHooks.onUserCreatedCredentials({
|
||||
user: req.user,
|
||||
credential_name: newCredential.name,
|
||||
credential_type: credential.type,
|
||||
|
@ -129,18 +194,13 @@ credentialsController.post(
|
|||
});
|
||||
|
||||
return credential;
|
||||
}),
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* PATCH /credentials/:id
|
||||
*/
|
||||
credentialsController.patch(
|
||||
'/:id(\\w+)',
|
||||
ResponseHelper.send(async (req: CredentialRequest.Update): Promise<ICredentialsDb> => {
|
||||
@Patch('/:id')
|
||||
async updateCredentials(req: CredentialRequest.Update) {
|
||||
const { id: credentialId } = req.params;
|
||||
|
||||
const sharing = await CredentialsService.getSharing(
|
||||
const sharing = await this.credentialsService.getSharing(
|
||||
req.user,
|
||||
credentialId,
|
||||
{
|
||||
|
@ -151,42 +211,36 @@ credentialsController.patch(
|
|||
);
|
||||
|
||||
if (!sharing) {
|
||||
Container.get(Logger).info(
|
||||
'Attempt to update credential blocked due to lack of permissions',
|
||||
{
|
||||
credentialId,
|
||||
userId: req.user.id,
|
||||
},
|
||||
);
|
||||
this.logger.info('Attempt to update credential blocked due to lack of permissions', {
|
||||
credentialId,
|
||||
userId: req.user.id,
|
||||
});
|
||||
throw new NotFoundError(
|
||||
'Credential to be updated not found. You can only update credentials owned by you',
|
||||
);
|
||||
}
|
||||
|
||||
if (sharing.role !== 'credential:owner' && !req.user.hasGlobalScope('credential:update')) {
|
||||
Container.get(Logger).info(
|
||||
'Attempt to update credential blocked due to lack of permissions',
|
||||
{
|
||||
credentialId,
|
||||
userId: req.user.id,
|
||||
},
|
||||
);
|
||||
this.logger.info('Attempt to update credential blocked due to lack of permissions', {
|
||||
credentialId,
|
||||
userId: req.user.id,
|
||||
});
|
||||
throw new UnauthorizedError('You can only update credentials owned by you');
|
||||
}
|
||||
|
||||
const { credentials: credential } = sharing;
|
||||
|
||||
const decryptedData = CredentialsService.decrypt(credential);
|
||||
const preparedCredentialData = await CredentialsService.prepareUpdateData(
|
||||
const decryptedData = this.credentialsService.decrypt(credential);
|
||||
const preparedCredentialData = await this.credentialsService.prepareUpdateData(
|
||||
req.body,
|
||||
decryptedData,
|
||||
);
|
||||
const newCredentialData = CredentialsService.createEncryptedData(
|
||||
const newCredentialData = this.credentialsService.createEncryptedData(
|
||||
credentialId,
|
||||
preparedCredentialData,
|
||||
);
|
||||
|
||||
const responseData = await CredentialsService.update(credentialId, newCredentialData);
|
||||
const responseData = await this.credentialsService.update(credentialId, newCredentialData);
|
||||
|
||||
if (responseData === null) {
|
||||
throw new NotFoundError(`Credential ID "${credentialId}" could not be found to be updated.`);
|
||||
|
@ -195,21 +249,16 @@ credentialsController.patch(
|
|||
// Remove the encrypted data as it is not needed in the frontend
|
||||
const { data: _, ...rest } = responseData;
|
||||
|
||||
Container.get(Logger).verbose('Credential updated', { credentialId });
|
||||
this.logger.verbose('Credential updated', { credentialId });
|
||||
|
||||
return { ...rest };
|
||||
}),
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* DELETE /credentials/:id
|
||||
*/
|
||||
credentialsController.delete(
|
||||
'/:id(\\w+)',
|
||||
ResponseHelper.send(async (req: CredentialRequest.Delete) => {
|
||||
@Delete('/:id')
|
||||
async deleteCredentials(req: CredentialRequest.Delete) {
|
||||
const { id: credentialId } = req.params;
|
||||
|
||||
const sharing = await CredentialsService.getSharing(
|
||||
const sharing = await this.credentialsService.getSharing(
|
||||
req.user,
|
||||
credentialId,
|
||||
{
|
||||
|
@ -220,33 +269,112 @@ credentialsController.delete(
|
|||
);
|
||||
|
||||
if (!sharing) {
|
||||
Container.get(Logger).info(
|
||||
'Attempt to delete credential blocked due to lack of permissions',
|
||||
{
|
||||
credentialId,
|
||||
userId: req.user.id,
|
||||
},
|
||||
);
|
||||
this.logger.info('Attempt to delete credential blocked due to lack of permissions', {
|
||||
credentialId,
|
||||
userId: req.user.id,
|
||||
});
|
||||
throw new NotFoundError(
|
||||
'Credential to be deleted not found. You can only removed credentials owned by you',
|
||||
);
|
||||
}
|
||||
|
||||
if (sharing.role !== 'credential:owner' && !req.user.hasGlobalScope('credential:delete')) {
|
||||
Container.get(Logger).info(
|
||||
'Attempt to delete credential blocked due to lack of permissions',
|
||||
{
|
||||
credentialId,
|
||||
userId: req.user.id,
|
||||
},
|
||||
);
|
||||
this.logger.info('Attempt to delete credential blocked due to lack of permissions', {
|
||||
credentialId,
|
||||
userId: req.user.id,
|
||||
});
|
||||
throw new UnauthorizedError('You can only remove credentials owned by you');
|
||||
}
|
||||
|
||||
const { credentials: credential } = sharing;
|
||||
|
||||
await CredentialsService.delete(credential);
|
||||
await this.credentialsService.delete(credential);
|
||||
|
||||
return true;
|
||||
}),
|
||||
);
|
||||
}
|
||||
|
||||
@Licensed('feat:sharing')
|
||||
@Put('/:id/share')
|
||||
async shareCredentials(req: CredentialRequest.Share) {
|
||||
const { id: credentialId } = req.params;
|
||||
const { shareWithIds } = req.body;
|
||||
|
||||
if (
|
||||
!Array.isArray(shareWithIds) ||
|
||||
!shareWithIds.every((userId) => typeof userId === 'string')
|
||||
) {
|
||||
throw new BadRequestError('Bad request');
|
||||
}
|
||||
|
||||
const isOwnedRes = await this.enterpriseCredentialsService.isOwned(req.user, credentialId);
|
||||
const { ownsCredential } = isOwnedRes;
|
||||
let { credential } = isOwnedRes;
|
||||
if (!ownsCredential || !credential) {
|
||||
credential = undefined;
|
||||
// Allow owners/admins to share
|
||||
if (req.user.hasGlobalScope('credential:share')) {
|
||||
const sharedRes = await this.enterpriseCredentialsService.getSharing(
|
||||
req.user,
|
||||
credentialId,
|
||||
{
|
||||
allowGlobalScope: true,
|
||||
globalScope: 'credential:share',
|
||||
},
|
||||
);
|
||||
credential = sharedRes?.credentials;
|
||||
}
|
||||
if (!credential) {
|
||||
throw new UnauthorizedError('Forbidden');
|
||||
}
|
||||
}
|
||||
|
||||
const ownerIds = (
|
||||
await this.enterpriseCredentialsService.getSharings(
|
||||
Db.getConnection().createEntityManager(),
|
||||
credentialId,
|
||||
['shared'],
|
||||
)
|
||||
)
|
||||
.filter((e) => e.role === 'credential:owner')
|
||||
.map((e) => e.userId);
|
||||
|
||||
let amountRemoved: number | null = null;
|
||||
let newShareeIds: string[] = [];
|
||||
await Db.transaction(async (trx) => {
|
||||
// remove all sharings that are not supposed to exist anymore
|
||||
const { affected } = await this.credentialsRepository.pruneSharings(trx, credentialId, [
|
||||
...ownerIds,
|
||||
...shareWithIds,
|
||||
]);
|
||||
if (affected) amountRemoved = affected;
|
||||
|
||||
const sharings = await this.enterpriseCredentialsService.getSharings(trx, credentialId);
|
||||
|
||||
// extract the new sharings that need to be added
|
||||
newShareeIds = utils.rightDiff(
|
||||
[sharings, (sharing) => sharing.userId],
|
||||
[shareWithIds, (shareeId) => shareeId],
|
||||
);
|
||||
|
||||
if (newShareeIds.length) {
|
||||
await this.enterpriseCredentialsService.share(trx, credential!, newShareeIds);
|
||||
}
|
||||
});
|
||||
|
||||
void this.internalHooks.onUserSharedCredentials({
|
||||
user: req.user,
|
||||
credential_name: credential.name,
|
||||
credential_type: credential.type,
|
||||
credential_id: credential.id,
|
||||
user_id_sharer: req.user.id,
|
||||
user_ids_sharees_added: newShareeIds,
|
||||
sharees_removed: amountRemoved,
|
||||
});
|
||||
|
||||
await this.userManagementMailer.notifyCredentialsShared({
|
||||
sharer: req.user,
|
||||
newShareeIds,
|
||||
credentialsName: credential.name,
|
||||
});
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,17 +1,20 @@
|
|||
import { Container } from 'typedi';
|
||||
import type { EntityManager, FindOptionsWhere } from 'typeorm';
|
||||
import { CredentialsEntity } from '@db/entities/CredentialsEntity';
|
||||
import type { SharedCredentials } from '@db/entities/SharedCredentials';
|
||||
import type { User } from '@db/entities/User';
|
||||
import { CredentialsService, type CredentialsGetSharedOptions } from './credentials.service';
|
||||
import { type CredentialsGetSharedOptions } from './credentials.service';
|
||||
import { SharedCredentialsRepository } from '@db/repositories/sharedCredentials.repository';
|
||||
import { UserRepository } from '@/databases/repositories/user.repository';
|
||||
import { CredentialsEntity } from '@/databases/entities/CredentialsEntity';
|
||||
import { Service } from 'typedi';
|
||||
|
||||
export class EECredentialsService extends CredentialsService {
|
||||
static async isOwned(
|
||||
user: User,
|
||||
credentialId: string,
|
||||
): Promise<{ ownsCredential: boolean; credential?: CredentialsEntity }> {
|
||||
@Service()
|
||||
export class EnterpriseCredentialsService {
|
||||
constructor(
|
||||
private readonly userRepository: UserRepository,
|
||||
private readonly sharedCredentialsRepository: SharedCredentialsRepository,
|
||||
) {}
|
||||
|
||||
async isOwned(user: User, credentialId: string) {
|
||||
const sharing = await this.getSharing(user, credentialId, { allowGlobalScope: false }, [
|
||||
'credentials',
|
||||
]);
|
||||
|
@ -26,12 +29,12 @@ export class EECredentialsService extends CredentialsService {
|
|||
/**
|
||||
* Retrieve the sharing that matches a user and a credential.
|
||||
*/
|
||||
static async getSharing(
|
||||
async getSharing(
|
||||
user: User,
|
||||
credentialId: string,
|
||||
options: CredentialsGetSharedOptions,
|
||||
relations: string[] = ['credentials'],
|
||||
): Promise<SharedCredentials | null> {
|
||||
) {
|
||||
const where: FindOptionsWhere<SharedCredentials> = { credentialsId: credentialId };
|
||||
|
||||
// Omit user from where if the requesting user has relevant
|
||||
|
@ -41,35 +44,28 @@ export class EECredentialsService extends CredentialsService {
|
|||
where.userId = user.id;
|
||||
}
|
||||
|
||||
return await Container.get(SharedCredentialsRepository).findOne({
|
||||
return await this.sharedCredentialsRepository.findOne({
|
||||
where,
|
||||
relations,
|
||||
});
|
||||
}
|
||||
|
||||
static async getSharings(
|
||||
transaction: EntityManager,
|
||||
credentialId: string,
|
||||
relations = ['shared'],
|
||||
): Promise<SharedCredentials[]> {
|
||||
async getSharings(transaction: EntityManager, credentialId: string, relations = ['shared']) {
|
||||
const credential = await transaction.findOne(CredentialsEntity, {
|
||||
where: { id: credentialId },
|
||||
relations,
|
||||
});
|
||||
|
||||
return credential?.shared ?? [];
|
||||
}
|
||||
|
||||
static async share(
|
||||
transaction: EntityManager,
|
||||
credential: CredentialsEntity,
|
||||
shareWithIds: string[],
|
||||
): Promise<SharedCredentials[]> {
|
||||
const users = await Container.get(UserRepository).getByIds(transaction, shareWithIds);
|
||||
async share(transaction: EntityManager, credential: CredentialsEntity, shareWithIds: string[]) {
|
||||
const users = await this.userRepository.getByIds(transaction, shareWithIds);
|
||||
|
||||
const newSharedCredentials = users
|
||||
.filter((user) => !user.isPending)
|
||||
.map((user) =>
|
||||
Container.get(SharedCredentialsRepository).create({
|
||||
this.sharedCredentialsRepository.create({
|
||||
credentialsId: credential.id,
|
||||
userId: user.id,
|
||||
role: 'credential:user',
|
||||
|
|
|
@ -3,15 +3,11 @@ import type {
|
|||
ICredentialDataDecryptedObject,
|
||||
ICredentialsDecrypted,
|
||||
ICredentialType,
|
||||
INodeCredentialTestResult,
|
||||
INodeProperties,
|
||||
} from 'n8n-workflow';
|
||||
import { CREDENTIAL_EMPTY_VALUE, deepCopy, NodeHelpers } from 'n8n-workflow';
|
||||
import { Container } from 'typedi';
|
||||
import type { FindOptionsWhere } from 'typeorm';
|
||||
|
||||
import type { Scope } from '@n8n/permissions';
|
||||
|
||||
import * as Db from '@/Db';
|
||||
import type { ICredentialsDb } from '@/Interfaces';
|
||||
import { CredentialsHelper, createCredentialsFromCredentialsEntity } from '@/CredentialsHelper';
|
||||
|
@ -27,20 +23,32 @@ import { OwnershipService } from '@/services/ownership.service';
|
|||
import { Logger } from '@/Logger';
|
||||
import { CredentialsRepository } from '@db/repositories/credentials.repository';
|
||||
import { SharedCredentialsRepository } from '@db/repositories/sharedCredentials.repository';
|
||||
import { Service } from 'typedi';
|
||||
|
||||
export type CredentialsGetSharedOptions =
|
||||
| { allowGlobalScope: true; globalScope: Scope }
|
||||
| { allowGlobalScope: false };
|
||||
|
||||
@Service()
|
||||
export class CredentialsService {
|
||||
static async get(where: FindOptionsWhere<ICredentialsDb>, options?: { relations: string[] }) {
|
||||
return await Container.get(CredentialsRepository).findOne({
|
||||
constructor(
|
||||
private readonly credentialsRepository: CredentialsRepository,
|
||||
private readonly sharedCredentialsRepository: SharedCredentialsRepository,
|
||||
private readonly ownershipService: OwnershipService,
|
||||
private readonly logger: Logger,
|
||||
private readonly credenntialsHelper: CredentialsHelper,
|
||||
private readonly externalHooks: ExternalHooks,
|
||||
private readonly credentialTypes: CredentialTypes,
|
||||
) {}
|
||||
|
||||
async get(where: FindOptionsWhere<ICredentialsDb>, options?: { relations: string[] }) {
|
||||
return await this.credentialsRepository.findOne({
|
||||
relations: options?.relations,
|
||||
where,
|
||||
});
|
||||
}
|
||||
|
||||
static async getMany(
|
||||
async getMany(
|
||||
user: User,
|
||||
options: { listQueryOptions?: ListQuery.Options; onlyOwn?: boolean } = {},
|
||||
) {
|
||||
|
@ -48,31 +56,29 @@ export class CredentialsService {
|
|||
const isDefaultSelect = !options.listQueryOptions?.select;
|
||||
|
||||
if (returnAll) {
|
||||
const credentials = await Container.get(CredentialsRepository).findMany(
|
||||
options.listQueryOptions,
|
||||
);
|
||||
const credentials = await this.credentialsRepository.findMany(options.listQueryOptions);
|
||||
|
||||
return isDefaultSelect
|
||||
? credentials.map((c) => Container.get(OwnershipService).addOwnedByAndSharedWith(c))
|
||||
? credentials.map((c) => this.ownershipService.addOwnedByAndSharedWith(c))
|
||||
: credentials;
|
||||
}
|
||||
|
||||
const ids = await Container.get(SharedCredentialsRepository).getAccessibleCredentials(user.id);
|
||||
const ids = await this.sharedCredentialsRepository.getAccessibleCredentials(user.id);
|
||||
|
||||
const credentials = await Container.get(CredentialsRepository).findMany(
|
||||
const credentials = await this.credentialsRepository.findMany(
|
||||
options.listQueryOptions,
|
||||
ids, // only accessible credentials
|
||||
);
|
||||
|
||||
return isDefaultSelect
|
||||
? credentials.map((c) => Container.get(OwnershipService).addOwnedByAndSharedWith(c))
|
||||
? credentials.map((c) => this.ownershipService.addOwnedByAndSharedWith(c))
|
||||
: credentials;
|
||||
}
|
||||
|
||||
/**
|
||||
* Retrieve the sharing that matches a user and a credential.
|
||||
*/
|
||||
static async getSharing(
|
||||
async getSharing(
|
||||
user: User,
|
||||
credentialId: string,
|
||||
options: CredentialsGetSharedOptions,
|
||||
|
@ -88,17 +94,17 @@ export class CredentialsService {
|
|||
where.role = 'credential:owner';
|
||||
}
|
||||
|
||||
return await Container.get(SharedCredentialsRepository).findOne({ where, relations });
|
||||
return await this.sharedCredentialsRepository.findOne({ where, relations });
|
||||
}
|
||||
|
||||
static async prepareCreateData(
|
||||
async prepareCreateData(
|
||||
data: CredentialRequest.CredentialProperties,
|
||||
): Promise<CredentialsEntity> {
|
||||
const { id, ...rest } = data;
|
||||
|
||||
// This saves us a merge but requires some type casting. These
|
||||
// types are compatible for this case.
|
||||
const newCredentials = Container.get(CredentialsRepository).create(rest as ICredentialsDb);
|
||||
const newCredentials = this.credentialsRepository.create(rest as ICredentialsDb);
|
||||
|
||||
await validateEntity(newCredentials);
|
||||
|
||||
|
@ -110,7 +116,7 @@ export class CredentialsService {
|
|||
return newCredentials;
|
||||
}
|
||||
|
||||
static async prepareUpdateData(
|
||||
async prepareUpdateData(
|
||||
data: CredentialRequest.CredentialProperties,
|
||||
decryptedData: ICredentialDataDecryptedObject,
|
||||
): Promise<CredentialsEntity> {
|
||||
|
@ -121,7 +127,7 @@ export class CredentialsService {
|
|||
|
||||
// This saves us a merge but requires some type casting. These
|
||||
// types are compatible for this case.
|
||||
const updateData = Container.get(CredentialsRepository).create(mergedData as ICredentialsDb);
|
||||
const updateData = this.credentialsRepository.create(mergedData as ICredentialsDb);
|
||||
|
||||
await validateEntity(updateData);
|
||||
|
||||
|
@ -141,7 +147,7 @@ export class CredentialsService {
|
|||
return updateData;
|
||||
}
|
||||
|
||||
static createEncryptedData(credentialId: string | null, data: CredentialsEntity): ICredentialsDb {
|
||||
createEncryptedData(credentialId: string | null, data: CredentialsEntity): ICredentialsDb {
|
||||
const credentials = new Credentials(
|
||||
{ id: credentialId, name: data.name },
|
||||
data.type,
|
||||
|
@ -158,35 +164,28 @@ export class CredentialsService {
|
|||
return newCredentialData;
|
||||
}
|
||||
|
||||
static decrypt(credential: CredentialsEntity): ICredentialDataDecryptedObject {
|
||||
decrypt(credential: CredentialsEntity) {
|
||||
const coreCredential = createCredentialsFromCredentialsEntity(credential);
|
||||
return coreCredential.getData();
|
||||
}
|
||||
|
||||
static async update(
|
||||
credentialId: string,
|
||||
newCredentialData: ICredentialsDb,
|
||||
): Promise<ICredentialsDb | null> {
|
||||
await Container.get(ExternalHooks).run('credentials.update', [newCredentialData]);
|
||||
async update(credentialId: string, newCredentialData: ICredentialsDb) {
|
||||
await this.externalHooks.run('credentials.update', [newCredentialData]);
|
||||
|
||||
// Update the credentials in DB
|
||||
await Container.get(CredentialsRepository).update(credentialId, newCredentialData);
|
||||
await this.credentialsRepository.update(credentialId, newCredentialData);
|
||||
|
||||
// We sadly get nothing back from "update". Neither if it updated a record
|
||||
// nor the new value. So query now the updated entry.
|
||||
return await Container.get(CredentialsRepository).findOneBy({ id: credentialId });
|
||||
return await this.credentialsRepository.findOneBy({ id: credentialId });
|
||||
}
|
||||
|
||||
static async save(
|
||||
credential: CredentialsEntity,
|
||||
encryptedData: ICredentialsDb,
|
||||
user: User,
|
||||
): Promise<CredentialsEntity> {
|
||||
async save(credential: CredentialsEntity, encryptedData: ICredentialsDb, user: User) {
|
||||
// To avoid side effects
|
||||
const newCredential = new CredentialsEntity();
|
||||
Object.assign(newCredential, credential, encryptedData);
|
||||
|
||||
await Container.get(ExternalHooks).run('credentials.create', [encryptedData]);
|
||||
await this.externalHooks.run('credentials.create', [encryptedData]);
|
||||
|
||||
const result = await Db.transaction(async (transactionManager) => {
|
||||
const savedCredential = await transactionManager.save<CredentialsEntity>(newCredential);
|
||||
|
@ -205,39 +204,31 @@ export class CredentialsService {
|
|||
|
||||
return savedCredential;
|
||||
});
|
||||
Container.get(Logger).verbose('New credential created', {
|
||||
this.logger.verbose('New credential created', {
|
||||
credentialId: newCredential.id,
|
||||
ownerId: user.id,
|
||||
});
|
||||
return result;
|
||||
}
|
||||
|
||||
static async delete(credentials: CredentialsEntity): Promise<void> {
|
||||
await Container.get(ExternalHooks).run('credentials.delete', [credentials.id]);
|
||||
async delete(credentials: CredentialsEntity) {
|
||||
await this.externalHooks.run('credentials.delete', [credentials.id]);
|
||||
|
||||
await Container.get(CredentialsRepository).remove(credentials);
|
||||
await this.credentialsRepository.remove(credentials);
|
||||
}
|
||||
|
||||
static async test(
|
||||
user: User,
|
||||
credentials: ICredentialsDecrypted,
|
||||
): Promise<INodeCredentialTestResult> {
|
||||
const helper = Container.get(CredentialsHelper);
|
||||
return await helper.testCredentials(user, credentials.type, credentials);
|
||||
async test(user: User, credentials: ICredentialsDecrypted) {
|
||||
return await this.credenntialsHelper.testCredentials(user, credentials.type, credentials);
|
||||
}
|
||||
|
||||
// Take data and replace all sensitive values with a sentinel value.
|
||||
// This will replace password fields and oauth data.
|
||||
static redact(
|
||||
data: ICredentialDataDecryptedObject,
|
||||
credential: CredentialsEntity,
|
||||
): ICredentialDataDecryptedObject {
|
||||
redact(data: ICredentialDataDecryptedObject, credential: CredentialsEntity) {
|
||||
const copiedData = deepCopy(data);
|
||||
|
||||
const credTypes = Container.get(CredentialTypes);
|
||||
let credType: ICredentialType;
|
||||
try {
|
||||
credType = credTypes.getByName(credential.type);
|
||||
credType = this.credentialTypes.getByName(credential.type);
|
||||
} catch {
|
||||
// This _should_ only happen when testing. If it does happen in
|
||||
// production it means it's either a mangled credential or a
|
||||
|
@ -249,7 +240,7 @@ export class CredentialsService {
|
|||
const getExtendedProps = (type: ICredentialType) => {
|
||||
const props: INodeProperties[] = [];
|
||||
for (const e of type.extends ?? []) {
|
||||
const extendsType = credTypes.getByName(e);
|
||||
const extendsType = this.credentialTypes.getByName(e);
|
||||
const extendedProps = getExtendedProps(extendsType);
|
||||
NodeHelpers.mergeNodeProperties(props, extendedProps);
|
||||
}
|
||||
|
@ -287,7 +278,7 @@ export class CredentialsService {
|
|||
return copiedData;
|
||||
}
|
||||
|
||||
private static unredactRestoreValues(unmerged: any, replacement: any) {
|
||||
private unredactRestoreValues(unmerged: any, replacement: any) {
|
||||
// eslint-disable-next-line @typescript-eslint/no-unsafe-argument
|
||||
for (const [key, value] of Object.entries(unmerged)) {
|
||||
if (value === CREDENTIAL_BLANKING_VALUE || value === CREDENTIAL_EMPTY_VALUE) {
|
||||
|
@ -310,10 +301,10 @@ export class CredentialsService {
|
|||
|
||||
// Take unredacted data (probably from the DB) and merge it with
|
||||
// redacted data to create an unredacted version.
|
||||
static unredact(
|
||||
unredact(
|
||||
redactedData: ICredentialDataDecryptedObject,
|
||||
savedData: ICredentialDataDecryptedObject,
|
||||
): ICredentialDataDecryptedObject {
|
||||
) {
|
||||
// Replace any blank sentinel values with their saved version
|
||||
const mergedData = deepCopy(redactedData);
|
||||
this.unredactRestoreValues(mergedData, savedData);
|
||||
|
|
|
@ -161,7 +161,7 @@ export declare namespace CredentialRequest {
|
|||
|
||||
type Test = AuthenticatedRequest<{}, {}, INodeCredentialTestRequest>;
|
||||
|
||||
type Share = AuthenticatedRequest<{ credentialId: string }, {}, { shareWithIds: string[] }>;
|
||||
type Share = AuthenticatedRequest<{ id: string }, {}, { shareWithIds: string[] }>;
|
||||
}
|
||||
|
||||
// ----------------------------------
|
||||
|
|
|
@ -24,6 +24,7 @@ export class EnterpriseWorkflowService {
|
|||
private readonly sharedWorkflowRepository: SharedWorkflowRepository,
|
||||
private readonly workflowRepository: WorkflowRepository,
|
||||
private readonly credentialsRepository: CredentialsRepository,
|
||||
private readonly credentialsService: CredentialsService,
|
||||
) {}
|
||||
|
||||
async isOwned(
|
||||
|
@ -70,7 +71,7 @@ export class EnterpriseWorkflowService {
|
|||
currentUser: User,
|
||||
): Promise<void> {
|
||||
workflow.usedCredentials = [];
|
||||
const userCredentials = await CredentialsService.getMany(currentUser, { onlyOwn: true });
|
||||
const userCredentials = await this.credentialsService.getMany(currentUser, { onlyOwn: true });
|
||||
const credentialIdsUsedByWorkflow = new Set<string>();
|
||||
workflow.nodes.forEach((node) => {
|
||||
if (!node.credentials) {
|
||||
|
@ -139,7 +140,7 @@ export class EnterpriseWorkflowService {
|
|||
throw new NotFoundError('Workflow not found');
|
||||
}
|
||||
|
||||
const allCredentials = await CredentialsService.getMany(user);
|
||||
const allCredentials = await this.credentialsService.getMany(user);
|
||||
|
||||
try {
|
||||
return this.validateWorkflowCredentialUsage(workflow, previousVersion, allCredentials);
|
||||
|
|
|
@ -1,4 +1,3 @@
|
|||
import { Service } from 'typedi';
|
||||
import express from 'express';
|
||||
import { v4 as uuid } from 'uuid';
|
||||
import axios from 'axios';
|
||||
|
@ -40,7 +39,6 @@ import { WorkflowExecutionService } from './workflowExecution.service';
|
|||
import { WorkflowSharingService } from './workflowSharing.service';
|
||||
import { UserManagementMailer } from '@/UserManagement/email';
|
||||
|
||||
@Service()
|
||||
@Authorized()
|
||||
@RestController('/workflows')
|
||||
export class WorkflowsController {
|
||||
|
@ -62,6 +60,7 @@ export class WorkflowsController {
|
|||
private readonly userRepository: UserRepository,
|
||||
private readonly license: License,
|
||||
private readonly mailer: UserManagementMailer,
|
||||
private readonly credentialsService: CredentialsService,
|
||||
) {}
|
||||
|
||||
@Post('/')
|
||||
|
@ -92,7 +91,7 @@ export class WorkflowsController {
|
|||
// This is a new workflow, so we simply check if the user has access to
|
||||
// all used workflows
|
||||
|
||||
const allCredentials = await CredentialsService.getMany(req.user);
|
||||
const allCredentials = await this.credentialsService.getMany(req.user);
|
||||
|
||||
try {
|
||||
this.enterpriseWorkflowService.validateCredentialPermissionsToUser(
|
||||
|
|
|
@ -6,7 +6,6 @@ import type { IUser } from 'n8n-workflow';
|
|||
import type { ListQuery } from '@/requests';
|
||||
import type { User } from '@db/entities/User';
|
||||
import { SharedCredentialsRepository } from '@db/repositories/sharedCredentials.repository';
|
||||
import { License } from '@/License';
|
||||
|
||||
import { randomCredentialPayload } from './shared/random';
|
||||
import * as testDb from './shared/testDb';
|
||||
|
@ -19,8 +18,10 @@ import { UserManagementMailer } from '@/UserManagement/email';
|
|||
import { mockInstance } from '../shared/mocking';
|
||||
import config from '@/config';
|
||||
|
||||
const sharingSpy = jest.spyOn(License.prototype, 'isSharingEnabled').mockReturnValue(true);
|
||||
const testServer = utils.setupTestServer({ endpointGroups: ['credentials'] });
|
||||
const testServer = utils.setupTestServer({
|
||||
endpointGroups: ['credentials'],
|
||||
enabledFeatures: ['feat:sharing'],
|
||||
});
|
||||
|
||||
let owner: User;
|
||||
let member: User;
|
||||
|
@ -49,38 +50,6 @@ afterEach(() => {
|
|||
jest.clearAllMocks();
|
||||
});
|
||||
|
||||
// ----------------------------------------
|
||||
// dynamic router switching
|
||||
// ----------------------------------------
|
||||
describe('router should switch based on flag', () => {
|
||||
let savedCredentialId: string;
|
||||
|
||||
beforeEach(async () => {
|
||||
const savedCredential = await saveCredential(randomCredentialPayload(), { user: owner });
|
||||
savedCredentialId = savedCredential.id;
|
||||
});
|
||||
|
||||
test('when sharing is disabled', async () => {
|
||||
sharingSpy.mockReturnValueOnce(false);
|
||||
|
||||
await authOwnerAgent
|
||||
.put(`/credentials/${savedCredentialId}/share`)
|
||||
.send({ shareWithIds: [member.id] })
|
||||
.expect(404);
|
||||
|
||||
await authOwnerAgent.get(`/credentials/${savedCredentialId}`).send().expect(200);
|
||||
});
|
||||
|
||||
test('when sharing is enabled', async () => {
|
||||
await authOwnerAgent
|
||||
.put(`/credentials/${savedCredentialId}/share`)
|
||||
.send({ shareWithIds: [member.id] })
|
||||
.expect(200);
|
||||
|
||||
await authOwnerAgent.get(`/credentials/${savedCredentialId}`).send().expect(200);
|
||||
});
|
||||
});
|
||||
|
||||
// ----------------------------------------
|
||||
// GET /credentials - fetch all credentials
|
||||
// ----------------------------------------
|
||||
|
@ -521,6 +490,7 @@ describe('PUT /credentials/:id/share', () => {
|
|||
responses.forEach((response) => expect(response.statusCode).toBe(400));
|
||||
expect(mailer.notifyCredentialsShared).toHaveBeenCalledTimes(0);
|
||||
});
|
||||
|
||||
test('should unshare the credential', async () => {
|
||||
const savedCredential = await saveCredential(randomCredentialPayload(), { user: owner });
|
||||
|
||||
|
|
|
@ -123,8 +123,8 @@ export const setupTestServer = ({
|
|||
for (const group of endpointGroups) {
|
||||
switch (group) {
|
||||
case 'credentials':
|
||||
const { credentialsController } = await import('@/credentials/credentials.controller');
|
||||
app.use(`/${REST_PATH_SEGMENT}/credentials`, credentialsController);
|
||||
const { CredentialsController } = await import('@/credentials/credentials.controller');
|
||||
registerController(app, CredentialsController);
|
||||
break;
|
||||
|
||||
case 'workflows':
|
||||
|
|
Loading…
Reference in a new issue