mirror of
https://github.com/n8n-io/n8n.git
synced 2024-12-27 13:39:44 -08:00
9e93980957
Co-authored-by: कारतोफ्फेलस्क्रिप्ट™ <aditya@netroy.in>
141 lines
4.7 KiB
TypeScript
141 lines
4.7 KiB
TypeScript
import Container from 'typedi';
|
|
import jwt from 'jsonwebtoken';
|
|
import { Logger } from '@/Logger';
|
|
import config from '@/config';
|
|
import { User } from '@db/entities/User';
|
|
import { UserRepository } from '@db/repositories/user.repository';
|
|
import { UserService } from '@/services/user.service';
|
|
import { mockInstance } from '../../shared/mocking';
|
|
import { v4 as uuid } from 'uuid';
|
|
import { InternalHooks } from '@/InternalHooks';
|
|
|
|
describe('UserService', () => {
|
|
config.set('userManagement.jwtSecret', 'random-secret');
|
|
|
|
mockInstance(Logger);
|
|
mockInstance(InternalHooks);
|
|
|
|
const userRepository = mockInstance(UserRepository);
|
|
const userService = Container.get(UserService);
|
|
|
|
const commonMockUser = Object.assign(new User(), {
|
|
id: uuid(),
|
|
password: 'passwordHash',
|
|
});
|
|
|
|
describe('toPublic', () => {
|
|
it('should remove sensitive properties', async () => {
|
|
const mockUser = Object.assign(new User(), {
|
|
id: uuid(),
|
|
password: 'passwordHash',
|
|
mfaEnabled: false,
|
|
mfaSecret: 'test',
|
|
mfaRecoveryCodes: ['test'],
|
|
updatedAt: new Date(),
|
|
authIdentities: [],
|
|
});
|
|
|
|
type MaybeSensitiveProperties = Partial<
|
|
Pick<User, 'password' | 'mfaSecret' | 'mfaRecoveryCodes' | 'updatedAt' | 'authIdentities'>
|
|
>;
|
|
|
|
// to prevent typechecking from blocking assertions
|
|
const publicUser: MaybeSensitiveProperties = await userService.toPublic(mockUser);
|
|
|
|
expect(publicUser.password).toBeUndefined();
|
|
expect(publicUser.mfaSecret).toBeUndefined();
|
|
expect(publicUser.mfaRecoveryCodes).toBeUndefined();
|
|
expect(publicUser.updatedAt).toBeUndefined();
|
|
expect(publicUser.authIdentities).toBeUndefined();
|
|
});
|
|
|
|
it('should add scopes if requested', async () => {
|
|
const scoped = await userService.toPublic(commonMockUser, { withScopes: true });
|
|
const unscoped = await userService.toPublic(commonMockUser);
|
|
|
|
expect(scoped.globalScopes).toEqual([]);
|
|
expect(unscoped.globalScopes).toBeUndefined();
|
|
});
|
|
|
|
it('should add invite URL if requested', async () => {
|
|
const firstUser = Object.assign(new User(), { id: uuid() });
|
|
const secondUser = Object.assign(new User(), { id: uuid(), isPending: true });
|
|
|
|
const withoutUrl = await userService.toPublic(secondUser);
|
|
const withUrl = await userService.toPublic(secondUser, {
|
|
withInviteUrl: true,
|
|
inviterId: firstUser.id,
|
|
});
|
|
|
|
expect(withoutUrl.inviteAcceptUrl).toBeUndefined();
|
|
|
|
const url = new URL(withUrl.inviteAcceptUrl ?? '');
|
|
|
|
expect(url.searchParams.get('inviterId')).toBe(firstUser.id);
|
|
expect(url.searchParams.get('inviteeId')).toBe(secondUser.id);
|
|
});
|
|
});
|
|
|
|
describe('generatePasswordResetToken', () => {
|
|
it('should generate valid password-reset tokens', () => {
|
|
const token = userService.generatePasswordResetToken(commonMockUser);
|
|
|
|
const decoded = jwt.decode(token) as jwt.JwtPayload;
|
|
|
|
if (!decoded.exp) fail('Token does not contain expiry');
|
|
if (!decoded.iat) fail('Token does not contain issued-at');
|
|
|
|
expect(decoded.sub).toEqual(commonMockUser.id);
|
|
expect(decoded.exp - decoded.iat).toEqual(1200); // Expires in 20 minutes
|
|
expect(decoded.passwordSha).toEqual(
|
|
'31513c5a9e3c5afe5c06d5675ace74e8bc3fadd9744ab5d89c311f2a62ccbd39',
|
|
);
|
|
});
|
|
});
|
|
|
|
describe('resolvePasswordResetToken', () => {
|
|
it('should not return a user if the token in invalid', async () => {
|
|
const user = await userService.resolvePasswordResetToken('invalid-token');
|
|
|
|
expect(user).toBeUndefined();
|
|
});
|
|
|
|
it('should not return a user if the token in expired', async () => {
|
|
const token = userService.generatePasswordResetToken(commonMockUser, '-1h');
|
|
|
|
const user = await userService.resolvePasswordResetToken(token);
|
|
|
|
expect(user).toBeUndefined();
|
|
});
|
|
|
|
it('should not return a user if the user does not exist in the DB', async () => {
|
|
userRepository.findOne.mockResolvedValueOnce(null);
|
|
const token = userService.generatePasswordResetToken(commonMockUser);
|
|
|
|
const user = await userService.resolvePasswordResetToken(token);
|
|
|
|
expect(user).toBeUndefined();
|
|
});
|
|
|
|
it('should not return a user if the password sha does not match', async () => {
|
|
const token = userService.generatePasswordResetToken(commonMockUser);
|
|
const updatedUser = Object.create(commonMockUser);
|
|
updatedUser.password = 'something-else';
|
|
userRepository.findOne.mockResolvedValueOnce(updatedUser);
|
|
|
|
const user = await userService.resolvePasswordResetToken(token);
|
|
|
|
expect(user).toBeUndefined();
|
|
});
|
|
|
|
it('should not return the user if all checks pass', async () => {
|
|
const token = userService.generatePasswordResetToken(commonMockUser);
|
|
userRepository.findOne.mockResolvedValueOnce(commonMockUser);
|
|
|
|
const user = await userService.resolvePasswordResetToken(token);
|
|
|
|
expect(user).toEqual(commonMockUser);
|
|
});
|
|
});
|
|
});
|