mirror of
https://github.com/n8n-io/n8n.git
synced 2025-01-11 04:47:29 -08:00
8e0ae3cf8c
This PR: - Creates `InvitationController` - Moves `POST /users` to `POST /invitations` and move related test to `invitations.api.tests` - Moves `POST /users/:id` to `POST /invitations/:id/accept` and move related test to `invitations.api.tests` - Adjusts FE to use new endpoints - Moves all the invitation logic to the `UserService` --------- Co-authored-by: कारतोफ्फेलस्क्रिप्ट™ <aditya@netroy.in>
54 lines
1.8 KiB
TypeScript
54 lines
1.8 KiB
TypeScript
import type { SuperAgentTest } from 'supertest';
|
|
import * as utils from './shared/utils/';
|
|
import { getGlobalMemberRole } from './shared/db/roles';
|
|
import { createUser } from './shared/db/users';
|
|
|
|
describe('Auth Middleware', () => {
|
|
const testServer = utils.setupTestServer({
|
|
endpointGroups: ['me', 'auth', 'owner', 'users', 'invitations'],
|
|
});
|
|
|
|
/** Routes requiring a valid `n8n-auth` cookie for a user, either owner or member. */
|
|
const ROUTES_REQUIRING_AUTHENTICATION: Readonly<Array<[string, string]>> = [
|
|
['PATCH', '/me'],
|
|
['PATCH', '/me/password'],
|
|
['POST', '/me/survey'],
|
|
['POST', '/owner/setup'],
|
|
['GET', '/non-existent'],
|
|
];
|
|
|
|
/** Routes requiring a valid `n8n-auth` cookie for an owner. */
|
|
const ROUTES_REQUIRING_AUTHORIZATION: Readonly<Array<[string, string]>> = [
|
|
['POST', '/invitations'],
|
|
['DELETE', '/users/123'],
|
|
['POST', '/owner/setup'],
|
|
];
|
|
|
|
describe('Routes requiring Authentication', () => {
|
|
ROUTES_REQUIRING_AUTHENTICATION.concat(ROUTES_REQUIRING_AUTHORIZATION).forEach(
|
|
([method, endpoint]) => {
|
|
test(`${method} ${endpoint} should return 401 Unauthorized if no cookie`, async () => {
|
|
const { statusCode } = await testServer.authlessAgent[method.toLowerCase()](endpoint);
|
|
expect(statusCode).toBe(401);
|
|
});
|
|
},
|
|
);
|
|
});
|
|
|
|
describe('Routes requiring Authorization', () => {
|
|
let authMemberAgent: SuperAgentTest;
|
|
beforeAll(async () => {
|
|
const globalMemberRole = await getGlobalMemberRole();
|
|
const member = await createUser({ globalRole: globalMemberRole });
|
|
authMemberAgent = testServer.authAgentFor(member);
|
|
});
|
|
|
|
ROUTES_REQUIRING_AUTHORIZATION.forEach(async ([method, endpoint]) => {
|
|
test(`${method} ${endpoint} should return 403 Forbidden for member`, async () => {
|
|
const { statusCode } = await authMemberAgent[method.toLowerCase()](endpoint);
|
|
expect(statusCode).toBe(403);
|
|
});
|
|
});
|
|
});
|
|
});
|