mirror of
https://github.com/n8n-io/n8n.git
synced 2024-11-14 08:34:07 -08:00
344 lines
8.8 KiB
TypeScript
344 lines
8.8 KiB
TypeScript
import type express from 'express';
|
|
import validator from 'validator';
|
|
import { v4 as uuid } from 'uuid';
|
|
|
|
import config from '@/config';
|
|
import type { Role } from '@/databases/entities/Role';
|
|
import { randomApiKey } from '../shared/random';
|
|
|
|
import * as utils from '../shared/utils';
|
|
import * as testDb from '../shared/testDb';
|
|
|
|
import { License } from '@/License';
|
|
|
|
let app: express.Application;
|
|
let globalOwnerRole: Role;
|
|
let globalMemberRole: Role;
|
|
|
|
const licenseLike = {
|
|
getUsersLimit: jest.fn().mockReturnValue(-1),
|
|
};
|
|
|
|
utils.mockInstance(License, licenseLike);
|
|
|
|
beforeAll(async () => {
|
|
app = await utils.initTestServer({
|
|
endpointGroups: ['publicApi'],
|
|
applyAuth: false,
|
|
enablePublicAPI: true,
|
|
});
|
|
|
|
await testDb.init();
|
|
|
|
const [fetchedGlobalOwnerRole, fetchedGlobalMemberRole] = await testDb.getAllRoles();
|
|
|
|
globalOwnerRole = fetchedGlobalOwnerRole;
|
|
globalMemberRole = fetchedGlobalMemberRole;
|
|
});
|
|
|
|
beforeEach(async () => {
|
|
// do not combine calls - shared tables must be cleared first and separately
|
|
await testDb.truncate(['SharedCredentials', 'SharedWorkflow']);
|
|
await testDb.truncate(['User', 'Workflow', 'Credentials']);
|
|
|
|
config.set('userManagement.disabled', false);
|
|
config.set('userManagement.isInstanceOwnerSetUp', true);
|
|
config.set('userManagement.emails.mode', 'smtp');
|
|
});
|
|
|
|
afterAll(async () => {
|
|
await testDb.terminate();
|
|
});
|
|
|
|
describe('With license unlimited quota:users', () => {
|
|
test('GET /users should fail due to missing API Key', async () => {
|
|
const owner = await testDb.createUser({ globalRole: globalOwnerRole });
|
|
|
|
const authOwnerAgent = utils.createAgent(app, {
|
|
apiPath: 'public',
|
|
version: 1,
|
|
auth: true,
|
|
user: owner,
|
|
});
|
|
|
|
await testDb.createUser();
|
|
|
|
const response = await authOwnerAgent.get('/users');
|
|
|
|
expect(response.statusCode).toBe(401);
|
|
});
|
|
|
|
test('GET /users should fail due to invalid API Key', async () => {
|
|
const owner = await testDb.createUser({ globalRole: globalOwnerRole, apiKey: randomApiKey() });
|
|
|
|
owner.apiKey = null;
|
|
|
|
const authOwnerAgent = utils.createAgent(app, {
|
|
apiPath: 'public',
|
|
version: 1,
|
|
auth: true,
|
|
user: owner,
|
|
});
|
|
|
|
const response = await authOwnerAgent.get('/users');
|
|
|
|
expect(response.statusCode).toBe(401);
|
|
});
|
|
|
|
test('GET /users should fail due to member trying to access owner only endpoint', async () => {
|
|
const member = await testDb.createUser({ apiKey: randomApiKey() });
|
|
|
|
const authOwnerAgent = utils.createAgent(app, {
|
|
apiPath: 'public',
|
|
version: 1,
|
|
auth: true,
|
|
user: member,
|
|
});
|
|
|
|
const response = await authOwnerAgent.get('/users');
|
|
|
|
expect(response.statusCode).toBe(403);
|
|
});
|
|
|
|
test('GET /users should return all users', async () => {
|
|
const owner = await testDb.createUser({ globalRole: globalOwnerRole, apiKey: randomApiKey() });
|
|
|
|
const authOwnerAgent = utils.createAgent(app, {
|
|
apiPath: 'public',
|
|
version: 1,
|
|
auth: true,
|
|
user: owner,
|
|
});
|
|
|
|
await testDb.createUser();
|
|
|
|
const response = await authOwnerAgent.get('/users');
|
|
|
|
expect(response.statusCode).toBe(200);
|
|
expect(response.body.data.length).toBe(2);
|
|
expect(response.body.nextCursor).toBeNull();
|
|
|
|
for (const user of response.body.data) {
|
|
const {
|
|
id,
|
|
email,
|
|
firstName,
|
|
lastName,
|
|
personalizationAnswers,
|
|
globalRole,
|
|
password,
|
|
resetPasswordToken,
|
|
isPending,
|
|
createdAt,
|
|
updatedAt,
|
|
} = user;
|
|
|
|
expect(validator.isUUID(id)).toBe(true);
|
|
expect(email).toBeDefined();
|
|
expect(firstName).toBeDefined();
|
|
expect(lastName).toBeDefined();
|
|
expect(personalizationAnswers).toBeUndefined();
|
|
expect(password).toBeUndefined();
|
|
expect(resetPasswordToken).toBeUndefined();
|
|
expect(isPending).toBe(false);
|
|
expect(globalRole).toBeUndefined();
|
|
expect(createdAt).toBeDefined();
|
|
expect(updatedAt).toBeDefined();
|
|
}
|
|
});
|
|
|
|
test('GET /users/:identifier should fail due to missing API Key', async () => {
|
|
const owner = await testDb.createUser({ globalRole: globalOwnerRole });
|
|
|
|
const authOwnerAgent = utils.createAgent(app, {
|
|
apiPath: 'public',
|
|
version: 1,
|
|
auth: true,
|
|
user: owner,
|
|
});
|
|
|
|
await testDb.createUser();
|
|
|
|
const response = await authOwnerAgent.get(`/users/${owner.id}`);
|
|
|
|
expect(response.statusCode).toBe(401);
|
|
});
|
|
|
|
test('GET /users/:identifier should fail due to invalid API Key', async () => {
|
|
const owner = await testDb.createUser({ globalRole: globalOwnerRole, apiKey: randomApiKey() });
|
|
|
|
owner.apiKey = null;
|
|
|
|
const authOwnerAgent = utils.createAgent(app, {
|
|
apiPath: 'public',
|
|
version: 1,
|
|
auth: true,
|
|
user: owner,
|
|
});
|
|
|
|
const response = await authOwnerAgent.get(`/users/${owner.id}`);
|
|
|
|
expect(response.statusCode).toBe(401);
|
|
});
|
|
|
|
test('GET /users/:identifier should fail due to member trying to access owner only endpoint', async () => {
|
|
const member = await testDb.createUser({ apiKey: randomApiKey() });
|
|
|
|
const authOwnerAgent = utils.createAgent(app, {
|
|
apiPath: 'public',
|
|
version: 1,
|
|
auth: true,
|
|
user: member,
|
|
});
|
|
|
|
const response = await authOwnerAgent.get(`/users/${member.id}`);
|
|
|
|
expect(response.statusCode).toBe(403);
|
|
});
|
|
|
|
test('GET /users/:email with non-existing email should return 404', async () => {
|
|
const owner = await testDb.createUser({ globalRole: globalOwnerRole, apiKey: randomApiKey() });
|
|
|
|
const authOwnerAgent = utils.createAgent(app, {
|
|
apiPath: 'public',
|
|
version: 1,
|
|
auth: true,
|
|
user: owner,
|
|
});
|
|
|
|
const response = await authOwnerAgent.get('/users/jhondoe@gmail.com');
|
|
|
|
expect(response.statusCode).toBe(404);
|
|
});
|
|
|
|
test('GET /users/:id with non-existing id should return 404', async () => {
|
|
const owner = await testDb.createUser({ globalRole: globalOwnerRole, apiKey: randomApiKey() });
|
|
|
|
const authOwnerAgent = utils.createAgent(app, {
|
|
apiPath: 'public',
|
|
version: 1,
|
|
auth: true,
|
|
user: owner,
|
|
});
|
|
|
|
const response = await authOwnerAgent.get(`/users/${uuid()}`);
|
|
|
|
expect(response.statusCode).toBe(404);
|
|
});
|
|
|
|
test('GET /users/:email should return a user', async () => {
|
|
const owner = await testDb.createUser({ globalRole: globalOwnerRole, apiKey: randomApiKey() });
|
|
|
|
const authOwnerAgent = utils.createAgent(app, {
|
|
apiPath: 'public',
|
|
version: 1,
|
|
auth: true,
|
|
user: owner,
|
|
});
|
|
|
|
const response = await authOwnerAgent.get(`/users/${owner.email}`);
|
|
|
|
expect(response.statusCode).toBe(200);
|
|
|
|
const {
|
|
id,
|
|
email,
|
|
firstName,
|
|
lastName,
|
|
personalizationAnswers,
|
|
globalRole,
|
|
password,
|
|
resetPasswordToken,
|
|
isPending,
|
|
createdAt,
|
|
updatedAt,
|
|
} = response.body;
|
|
|
|
expect(validator.isUUID(id)).toBe(true);
|
|
expect(email).toBeDefined();
|
|
expect(firstName).toBeDefined();
|
|
expect(lastName).toBeDefined();
|
|
expect(personalizationAnswers).toBeUndefined();
|
|
expect(password).toBeUndefined();
|
|
expect(resetPasswordToken).toBeUndefined();
|
|
expect(isPending).toBe(false);
|
|
expect(globalRole).toBeUndefined();
|
|
expect(createdAt).toBeDefined();
|
|
expect(updatedAt).toBeDefined();
|
|
});
|
|
|
|
test('GET /users/:id should return a pending user', async () => {
|
|
const owner = await testDb.createUser({ globalRole: globalOwnerRole, apiKey: randomApiKey() });
|
|
|
|
const { id: memberId } = await testDb.createUserShell(globalMemberRole);
|
|
|
|
const authOwnerAgent = utils.createAgent(app, {
|
|
apiPath: 'public',
|
|
version: 1,
|
|
auth: true,
|
|
user: owner,
|
|
});
|
|
|
|
const response = await authOwnerAgent.get(`/users/${memberId}`);
|
|
|
|
expect(response.statusCode).toBe(200);
|
|
|
|
const {
|
|
id,
|
|
email,
|
|
firstName,
|
|
lastName,
|
|
personalizationAnswers,
|
|
globalRole,
|
|
password,
|
|
resetPasswordToken,
|
|
isPending,
|
|
createdAt,
|
|
updatedAt,
|
|
} = response.body;
|
|
|
|
expect(validator.isUUID(id)).toBe(true);
|
|
expect(email).toBeDefined();
|
|
expect(firstName).toBeDefined();
|
|
expect(lastName).toBeDefined();
|
|
expect(personalizationAnswers).toBeUndefined();
|
|
expect(password).toBeUndefined();
|
|
expect(resetPasswordToken).toBeUndefined();
|
|
expect(globalRole).toBeUndefined();
|
|
expect(createdAt).toBeDefined();
|
|
expect(isPending).toBeDefined();
|
|
expect(isPending).toBeTruthy();
|
|
expect(updatedAt).toBeDefined();
|
|
});
|
|
});
|
|
|
|
describe('With license without quota:users', () => {
|
|
beforeEach(async () => {
|
|
utils.mockInstance(License, { getUsersLimit: jest.fn().mockReturnValue(null) });
|
|
});
|
|
|
|
test('GET /users should fail due to invalid license', async () => {
|
|
const member = await testDb.createUser({ apiKey: randomApiKey() });
|
|
const authOwnerAgent = utils.createAgent(app, {
|
|
apiPath: 'public',
|
|
version: 1,
|
|
auth: true,
|
|
user: member,
|
|
});
|
|
const response = await authOwnerAgent.get('/users');
|
|
expect(response.statusCode).toBe(403);
|
|
});
|
|
|
|
test('GET /users/:id should fail due to invalid license', async () => {
|
|
const member = await testDb.createUser({ apiKey: randomApiKey() });
|
|
const authOwnerAgent = utils.createAgent(app, {
|
|
apiPath: 'public',
|
|
version: 1,
|
|
auth: true,
|
|
user: member,
|
|
});
|
|
const response = await authOwnerAgent.get(`/users/${member.id}`);
|
|
expect(response.statusCode).toBe(403);
|
|
});
|
|
});
|