n8n/packages/cli/test/integration/invitations.api.test.ts

421 lines
12 KiB
TypeScript

import validator from 'validator';
import type { SuperAgentTest } from 'supertest';
import type { User } from '@db/entities/User';
import { compareHash } from '@/UserManagement/UserManagementHelper';
import { UserManagementMailer } from '@/UserManagement/email/UserManagementMailer';
import Container from 'typedi';
import { UserRepository } from '@db/repositories/user.repository';
import { mockInstance } from '../shared/mocking';
import {
randomEmail,
randomInvalidPassword,
randomName,
randomValidPassword,
} from './shared/random';
import * as testDb from './shared/testDb';
import * as utils from './shared/utils/';
import { getGlobalAdminRole, getGlobalMemberRole } from './shared/db/roles';
import { createMember, createOwner, createUser, createUserShell } from './shared/db/users';
import { ExternalHooks } from '@/ExternalHooks';
import { InternalHooks } from '@/InternalHooks';
import type { UserInvitationResponse } from './shared/utils/users';
import {
assertInviteUserSuccessResponse,
assertInvitedUsersOnDb,
assertInviteUserErrorResponse,
} from './shared/utils/users';
import { mocked } from 'jest-mock';
import { License } from '@/License';
mockInstance(InternalHooks);
const license = mockInstance(License, {
isAdvancedPermissionsLicensed: jest.fn().mockReturnValue(true),
isWithinUsersLimit: jest.fn().mockReturnValue(true),
});
const externalHooks = mockInstance(ExternalHooks);
const mailer = mockInstance(UserManagementMailer, { isEmailSetUp: true });
const testServer = utils.setupTestServer({ endpointGroups: ['invitations'] });
describe('POST /invitations/:id/accept', () => {
let owner: User;
let authlessAgent: SuperAgentTest;
beforeAll(async () => {
await testDb.truncate(['User']);
owner = await createOwner();
authlessAgent = testServer.authlessAgent;
});
test('should fill out a member shell', async () => {
const globalMemberRole = await getGlobalMemberRole();
const memberShell = await createUserShell(globalMemberRole);
const memberData = {
inviterId: owner.id,
firstName: randomName(),
lastName: randomName(),
password: randomValidPassword(),
};
const response = await authlessAgent
.post(`/invitations/${memberShell.id}/accept`)
.send(memberData)
.expect(200);
const {
id,
email,
firstName,
lastName,
personalizationAnswers,
password,
globalRole,
isPending,
apiKey,
} = response.body.data;
expect(validator.isUUID(id)).toBe(true);
expect(email).toBeDefined();
expect(firstName).toBe(memberData.firstName);
expect(lastName).toBe(memberData.lastName);
expect(personalizationAnswers).toBeNull();
expect(password).toBeUndefined();
expect(isPending).toBe(false);
expect(globalRole.scope).toBe('global');
expect(globalRole.name).toBe('member');
expect(apiKey).not.toBeDefined();
const authToken = utils.getAuthToken(response);
expect(authToken).toBeDefined();
const storedMember = await Container.get(UserRepository).findOneByOrFail({
id: memberShell.id,
});
expect(storedMember.firstName).toBe(memberData.firstName);
expect(storedMember.lastName).toBe(memberData.lastName);
expect(storedMember.password).not.toBe(memberData.password);
});
test('should fill out an admin shell', async () => {
const globalAdminRole = await getGlobalAdminRole();
const adminShell = await createUserShell(globalAdminRole);
const memberData = {
inviterId: owner.id,
firstName: randomName(),
lastName: randomName(),
password: randomValidPassword(),
};
const response = await authlessAgent
.post(`/invitations/${adminShell.id}/accept`)
.send(memberData)
.expect(200);
const {
id,
email,
firstName,
lastName,
personalizationAnswers,
password,
globalRole,
isPending,
apiKey,
} = response.body.data;
expect(validator.isUUID(id)).toBe(true);
expect(email).toBeDefined();
expect(firstName).toBe(memberData.firstName);
expect(lastName).toBe(memberData.lastName);
expect(personalizationAnswers).toBeNull();
expect(password).toBeUndefined();
expect(isPending).toBe(false);
expect(globalRole.scope).toBe('global');
expect(globalRole.name).toBe('admin');
expect(apiKey).not.toBeDefined();
const authToken = utils.getAuthToken(response);
expect(authToken).toBeDefined();
const storedAdmin = await Container.get(UserRepository).findOneByOrFail({
id: adminShell.id,
});
expect(storedAdmin.firstName).toBe(memberData.firstName);
expect(storedAdmin.lastName).toBe(memberData.lastName);
expect(storedAdmin.password).not.toBe(memberData.password);
});
test('should fail with invalid payloads', async () => {
const memberShellEmail = randomEmail();
const globalMemberRole = await getGlobalMemberRole();
const memberShell = await Container.get(UserRepository).save({
email: memberShellEmail,
globalRole: globalMemberRole,
});
const invalidPayloads = [
{
firstName: randomName(),
lastName: randomName(),
password: randomValidPassword(),
},
{
inviterId: owner.id,
firstName: randomName(),
password: randomValidPassword(),
},
{
inviterId: owner.id,
firstName: randomName(),
password: randomValidPassword(),
},
{
inviterId: owner.id,
firstName: randomName(),
lastName: randomName(),
},
{
inviterId: owner.id,
firstName: randomName(),
lastName: randomName(),
password: randomInvalidPassword(),
},
];
for (const invalidPayload of invalidPayloads) {
await authlessAgent
.post(`/invitations/${memberShell.id}/accept`)
.send(invalidPayload)
.expect(400);
const storedMemberShell = await Container.get(UserRepository).findOneOrFail({
where: { email: memberShellEmail },
});
expect(storedMemberShell.firstName).toBeNull();
expect(storedMemberShell.lastName).toBeNull();
expect(storedMemberShell.password).toBeNull();
}
});
test('should fail with already accepted invite', async () => {
const globalMemberRole = await getGlobalMemberRole();
const member = await createUser({ globalRole: globalMemberRole });
const memberData = {
inviterId: owner.id,
firstName: randomName(),
lastName: randomName(),
password: randomValidPassword(),
};
await authlessAgent.post(`/invitations/${member.id}/accept`).send(memberData).expect(400);
const storedMember = await Container.get(UserRepository).findOneOrFail({
where: { email: member.email },
});
expect(storedMember.firstName).not.toBe(memberData.firstName);
expect(storedMember.lastName).not.toBe(memberData.lastName);
expect(storedMember.password).not.toBe(memberData.password);
const comparisonResult = await compareHash(member.password, storedMember.password);
expect(comparisonResult).toBe(false);
});
});
describe('POST /invitations', () => {
let owner: User;
let member: User;
let ownerAgent: SuperAgentTest;
beforeAll(async () => {
await testDb.truncate(['User']);
owner = await createOwner();
member = await createMember();
ownerAgent = testServer.authAgentFor(owner);
});
test('should fail with invalid payloads', async () => {
const invalidPayloads = [
randomEmail(),
[randomEmail()],
{},
[{ name: randomName() }],
[{ email: randomName() }],
];
await Promise.all(
invalidPayloads.map(async (invalidPayload) => {
await ownerAgent.post('/invitations').send(invalidPayload).expect(400);
const usersCount = await Container.get(UserRepository).count();
expect(usersCount).toBe(2); // DB unaffected
}),
);
});
test('should return 200 on empty payload', async () => {
const response = await ownerAgent.post('/invitations').send([]).expect(200);
expect(response.body.data).toStrictEqual([]);
const usersCount = await Container.get(UserRepository).count();
expect(usersCount).toBe(2);
});
test('should return 200 if emailing is not set up', async () => {
mailer.invite.mockResolvedValue({ emailSent: false });
const response = await ownerAgent
.post('/invitations')
.send([{ email: randomEmail() }])
.expect(200);
expect(response.body.data).toBeInstanceOf(Array);
expect(response.body.data.length).toBe(1);
const { user } = response.body.data[0];
expect(user.inviteAcceptUrl).toBeDefined();
const inviteUrl = new URL(user.inviteAcceptUrl);
expect(inviteUrl.searchParams.get('inviterId')).toBe(owner.id);
expect(inviteUrl.searchParams.get('inviteeId')).toBe(user.id);
});
test('should create member shell', async () => {
mailer.invite.mockResolvedValue({ emailSent: false });
const response = await ownerAgent
.post('/invitations')
.send([{ email: randomEmail() }])
.expect(200);
const [result] = response.body.data as UserInvitationResponse[];
const storedUser = await Container.get(UserRepository).findOneByOrFail({
id: result.user.id,
});
assertInvitedUsersOnDb(storedUser);
});
test('should create admin shell if licensed', async () => {
mailer.invite.mockResolvedValue({ emailSent: false });
const response = await ownerAgent
.post('/invitations')
.send([{ email: randomEmail(), role: 'admin' }])
.expect(200);
const [result] = response.body.data as UserInvitationResponse[];
const storedUser = await Container.get(UserRepository).findOneByOrFail({
id: result.user.id,
});
assertInvitedUsersOnDb(storedUser);
});
test('should fail to create admin shell if not licensed', async () => {
license.isAdvancedPermissionsLicensed.mockReturnValue(false);
mailer.invite.mockResolvedValue({ emailSent: false });
await ownerAgent
.post('/invitations')
.send([{ email: randomEmail(), role: 'admin' }])
.expect(403);
});
test('should email invites and create user shells but ignore existing', async () => {
externalHooks.run.mockClear();
mailer.invite.mockResolvedValue({ emailSent: true });
const globalMemberRole = await getGlobalMemberRole();
const memberShell = await createUserShell(globalMemberRole);
const newUser = randomEmail();
const shellUsers = [memberShell.email];
const usersToInvite = [newUser, ...shellUsers];
const usersToCreate = [newUser];
const existingUsers = [member.email];
const testEmails = [...usersToInvite, ...existingUsers];
const payload = testEmails.map((email) => ({ email }));
const response = await ownerAgent.post('/invitations').send(payload).expect(200);
const internalHooks = Container.get(InternalHooks);
expect(internalHooks.onUserTransactionalEmail).toHaveBeenCalledTimes(usersToInvite.length);
expect(externalHooks.run).toHaveBeenCalledTimes(1);
const [hookName, hookData] = externalHooks.run.mock.calls[0];
expect(hookName).toBe('user.invited');
expect(hookData?.[0]).toStrictEqual(usersToCreate);
const result = response.body.data as UserInvitationResponse[];
for (const invitationResponse of result) {
assertInviteUserSuccessResponse(invitationResponse);
const storedUser = await Container.get(UserRepository).findOneByOrFail({
id: invitationResponse.user.id,
});
assertInvitedUsersOnDb(storedUser);
}
const calls = mocked(internalHooks).onUserTransactionalEmail.mock.calls;
for (const [onUserTransactionalEmailParameter] of calls) {
expect(onUserTransactionalEmailParameter.user_id).toBeDefined();
expect(onUserTransactionalEmailParameter.message_type).toBe('New user invite');
expect(onUserTransactionalEmailParameter.public_api).toBe(false);
}
});
test('should return 200 when invite method throws error', async () => {
mailer.invite.mockImplementation(async () => {
throw new Error('failed to send email');
});
const response = await ownerAgent
.post('/invitations')
.send([{ email: randomEmail() }])
.expect(200);
expect(response.body.data).toBeInstanceOf(Array);
expect(response.body.data.length).toBe(1);
const [invitationResponse] = response.body.data;
assertInviteUserErrorResponse(invitationResponse);
});
});