n8n/packages/cli/test/integration/variables.test.ts

import type { Application } from 'express';

import type { User } from '@/databases/entities/User';
import * as testDb from './shared/testDb';
import * as utils from './shared/utils';
import config from '@/config';

import type { AuthAgent } from './shared/types';
import { License } from '@/License';

// mock that credentialsSharing is not enabled
let app: Application;
let ownerUser: User;
let memberUser: User;
let authAgent: AuthAgent;
let variablesSpy: jest.SpyInstance<boolean>;
const licenseLike = {
	isVariablesEnabled: jest.fn().mockReturnValue(true),
	getVariablesLimit: jest.fn().mockReturnValue(-1),
	isWithinUsersLimit: jest.fn().mockReturnValue(true),
};

beforeAll(async () => {
	app = await utils.initTestServer({ endpointGroups: ['variables'] });

	await utils.initConfigFile();
	utils.mockInstance(License, licenseLike);

	ownerUser = await testDb.createOwner();
	memberUser = await testDb.createUser();

	authAgent = utils.createAuthAgent(app);
	config.set('userManagement.isInstanceOwnerSetUp', true);
});

beforeEach(async () => {
	await testDb.truncate(['Variables']);
	licenseLike.isVariablesEnabled.mockReturnValue(true);
	licenseLike.getVariablesLimit.mockReturnValue(-1);
});

afterAll(async () => {
	await testDb.terminate();
});

// ----------------------------------------
// GET /variables - fetch all variables
// ----------------------------------------

test('GET /variables should return all variables for an owner', async () => {
	await Promise.all([
		testDb.createVariable('test1', 'value1'),
		testDb.createVariable('test2', 'value2'),
	]);

	const response = await authAgent(ownerUser).get('/variables');
	expect(response.statusCode).toBe(200);
	expect(response.body.data.length).toBe(2);
});

test('GET /variables should return all variables for a member', async () => {
	await Promise.all([
		testDb.createVariable('test1', 'value1'),
		testDb.createVariable('test2', 'value2'),
	]);

	const response = await authAgent(memberUser).get('/variables');
	expect(response.statusCode).toBe(200);
	expect(response.body.data.length).toBe(2);
});

// ----------------------------------------
// GET /variables/:id - get a single variable
// ----------------------------------------

test('GET /variables/:id should return a single variable for an owner', async () => {
	const [var1, var2] = await Promise.all([
		testDb.createVariable('test1', 'value1'),
		testDb.createVariable('test2', 'value2'),
	]);

	const response1 = await authAgent(ownerUser).get(`/variables/${var1.id}`);
	expect(response1.statusCode).toBe(200);
	expect(response1.body.data.key).toBe('test1');

	const response2 = await authAgent(ownerUser).get(`/variables/${var2.id}`);
	expect(response2.statusCode).toBe(200);
	expect(response2.body.data.key).toBe('test2');
});

test('GET /variables/:id should return a single variable for a member', async () => {
	const [var1, var2] = await Promise.all([
		testDb.createVariable('test1', 'value1'),
		testDb.createVariable('test2', 'value2'),
	]);

	const response1 = await authAgent(memberUser).get(`/variables/${var1.id}`);
	expect(response1.statusCode).toBe(200);
	expect(response1.body.data.key).toBe('test1');

	const response2 = await authAgent(memberUser).get(`/variables/${var2.id}`);
	expect(response2.statusCode).toBe(200);
	expect(response2.body.data.key).toBe('test2');
});

// ----------------------------------------
// POST /variables - create a new variable
// ----------------------------------------

test('POST /variables should create a new credential and return it for an owner', async () => {
	const toCreate = {
		key: 'create1',
		value: 'createvalue1',
	};
	const response = await authAgent(ownerUser).post('/variables').send(toCreate);
	expect(response.statusCode).toBe(200);
	expect(response.body.data.key).toBe(toCreate.key);
	expect(response.body.data.value).toBe(toCreate.value);

	const [byId, byKey] = await Promise.all([
		testDb.getVariableById(response.body.data.id),
		testDb.getVariableByKey(toCreate.key),
	]);

	expect(byId).not.toBeNull();
	expect(byId!.key).toBe(toCreate.key);
	expect(byId!.value).toBe(toCreate.value);

	expect(byKey).not.toBeNull();
	expect(byKey!.id).toBe(response.body.data.id);
	expect(byKey!.value).toBe(toCreate.value);
});

test('POST /variables should not create a new credential and return it for a member', async () => {
	const toCreate = {
		key: 'create1',
		value: 'createvalue1',
	};
	const response = await authAgent(memberUser).post('/variables').send(toCreate);
	expect(response.statusCode).toBe(401);
	expect(response.body.data?.key).not.toBe(toCreate.key);
	expect(response.body.data?.value).not.toBe(toCreate.value);

	const byKey = await testDb.getVariableByKey(toCreate.key);
	expect(byKey).toBeNull();
});

test("POST /variables should not create a new credential and return it if the instance doesn't have a license", async () => {
	licenseLike.isVariablesEnabled.mockReturnValue(false);
	const toCreate = {
		key: 'create1',
		value: 'createvalue1',
	};
	const response = await authAgent(ownerUser).post('/variables').send(toCreate);
	expect(response.statusCode).toBe(400);
	expect(response.body.data?.key).not.toBe(toCreate.key);
	expect(response.body.data?.value).not.toBe(toCreate.value);

	const byKey = await testDb.getVariableByKey(toCreate.key);
	expect(byKey).toBeNull();
});

test('POST /variables should fail to create a new credential and if one with the same key exists', async () => {
	const toCreate = {
		key: 'create1',
		value: 'createvalue1',
	};
	await testDb.createVariable(toCreate.key, toCreate.value);
	const response = await authAgent(ownerUser).post('/variables').send(toCreate);
	expect(response.statusCode).toBe(500);
	expect(response.body.data?.key).not.toBe(toCreate.key);
	expect(response.body.data?.value).not.toBe(toCreate.value);
});

test('POST /variables should not fail if variable limit not reached', async () => {
	licenseLike.getVariablesLimit.mockReturnValue(5);
	let i = 1;
	let toCreate = {
		key: `create${i}`,
		value: `createvalue${i}`,
	};
	while (i < 3) {
		await testDb.createVariable(toCreate.key, toCreate.value);
		i++;
		toCreate = {
			key: `create${i}`,
			value: `createvalue${i}`,
		};
	}
	const response = await authAgent(ownerUser).post('/variables').send(toCreate);
	expect(response.statusCode).toBe(200);
	expect(response.body.data?.key).toBe(toCreate.key);
	expect(response.body.data?.value).toBe(toCreate.value);
});

test('POST /variables should fail if variable limit reached', async () => {
	licenseLike.getVariablesLimit.mockReturnValue(5);
	let i = 1;
	let toCreate = {
		key: `create${i}`,
		value: `createvalue${i}`,
	};
	while (i < 6) {
		await testDb.createVariable(toCreate.key, toCreate.value);
		i++;
		toCreate = {
			key: `create${i}`,
			value: `createvalue${i}`,
		};
	}
	const response = await authAgent(ownerUser).post('/variables').send(toCreate);
	expect(response.statusCode).toBe(400);
	expect(response.body.data?.key).not.toBe(toCreate.key);
	expect(response.body.data?.value).not.toBe(toCreate.value);
});

test('POST /variables should fail if key too long', async () => {
	const toCreate = {
		// 51 'a's
		key: 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa',
		value: 'value',
	};
	const response = await authAgent(ownerUser).post('/variables').send(toCreate);
	expect(response.statusCode).toBe(400);
	expect(response.body.data?.key).not.toBe(toCreate.key);
	expect(response.body.data?.value).not.toBe(toCreate.value);
});

test('POST /variables should fail if value too long', async () => {
	const toCreate = {
		key: 'key',
		// 256 'a's
		value:
			'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa',
	};
	const response = await authAgent(ownerUser).post('/variables').send(toCreate);
	expect(response.statusCode).toBe(400);
	expect(response.body.data?.key).not.toBe(toCreate.key);
	expect(response.body.data?.value).not.toBe(toCreate.value);
});

test("POST /variables should fail if key contain's prohibited characters", async () => {
	const toCreate = {
		// 51 'a's
		key: 'te$t',
		value: 'value',
	};
	const response = await authAgent(ownerUser).post('/variables').send(toCreate);
	expect(response.statusCode).toBe(400);
	expect(response.body.data?.key).not.toBe(toCreate.key);
	expect(response.body.data?.value).not.toBe(toCreate.value);
});

// ----------------------------------------
// PATCH /variables/:id - change a variable
// ----------------------------------------

test('PATCH /variables/:id should modify existing credential if use is an owner', async () => {
	const variable = await testDb.createVariable('test1', 'value1');
	const toModify = {
		key: 'create1',
		value: 'createvalue1',
	};
	const response = await authAgent(ownerUser).patch(`/variables/${variable.id}`).send(toModify);
	expect(response.statusCode).toBe(200);
	expect(response.body.data.key).toBe(toModify.key);
	expect(response.body.data.value).toBe(toModify.value);

	const [byId, byKey] = await Promise.all([
		testDb.getVariableById(response.body.data.id),
		testDb.getVariableByKey(toModify.key),
	]);

	expect(byId).not.toBeNull();
	expect(byId!.key).toBe(toModify.key);
	expect(byId!.value).toBe(toModify.value);

	expect(byKey).not.toBeNull();
	expect(byKey!.id).toBe(response.body.data.id);
	expect(byKey!.value).toBe(toModify.value);
});

test('PATCH /variables/:id should modify existing credential if use is an owner', async () => {
	const variable = await testDb.createVariable('test1', 'value1');
	const toModify = {
		key: 'create1',
		value: 'createvalue1',
	};
	const response = await authAgent(ownerUser).patch(`/variables/${variable.id}`).send(toModify);
	expect(response.statusCode).toBe(200);
	expect(response.body.data.key).toBe(toModify.key);
	expect(response.body.data.value).toBe(toModify.value);

	const [byId, byKey] = await Promise.all([
		testDb.getVariableById(response.body.data.id),
		testDb.getVariableByKey(toModify.key),
	]);

	expect(byId).not.toBeNull();
	expect(byId!.key).toBe(toModify.key);
	expect(byId!.value).toBe(toModify.value);

	expect(byKey).not.toBeNull();
	expect(byKey!.id).toBe(response.body.data.id);
	expect(byKey!.value).toBe(toModify.value);
});

test('PATCH /variables/:id should not modify existing credential if use is a member', async () => {
	const variable = await testDb.createVariable('test1', 'value1');
	const toModify = {
		key: 'create1',
		value: 'createvalue1',
	};
	const response = await authAgent(memberUser).patch(`/variables/${variable.id}`).send(toModify);
	expect(response.statusCode).toBe(401);
	expect(response.body.data?.key).not.toBe(toModify.key);
	expect(response.body.data?.value).not.toBe(toModify.value);

	const byId = await testDb.getVariableById(variable.id);
	expect(byId).not.toBeNull();
	expect(byId!.key).not.toBe(toModify.key);
	expect(byId!.value).not.toBe(toModify.value);
});

test('PATCH /variables/:id should not modify existing credential if one with the same key exists', async () => {
	const toModify = {
		key: 'create1',
		value: 'createvalue1',
	};
	const [var1, var2] = await Promise.all([
		testDb.createVariable('test1', 'value1'),
		testDb.createVariable(toModify.key, toModify.value),
	]);
	const response = await authAgent(ownerUser).patch(`/variables/${var1.id}`).send(toModify);
	expect(response.statusCode).toBe(500);
	expect(response.body.data?.key).not.toBe(toModify.key);
	expect(response.body.data?.value).not.toBe(toModify.value);

	const byId = await testDb.getVariableById(var1.id);
	expect(byId).not.toBeNull();
	expect(byId!.key).toBe(var1.key);
	expect(byId!.value).toBe(var1.value);
});

// ----------------------------------------
// DELETE /variables/:id - change a variable
// ----------------------------------------

test('DELETE /variables/:id should delete a single credential for an owner', async () => {
	const [var1, var2, var3] = await Promise.all([
		testDb.createVariable('test1', 'value1'),
		testDb.createVariable('test2', 'value2'),
		testDb.createVariable('test3', 'value3'),
	]);

	const delResponse = await authAgent(ownerUser).delete(`/variables/${var1.id}`);
	expect(delResponse.statusCode).toBe(200);

	const byId = await testDb.getVariableById(var1.id);
	expect(byId).toBeNull();

	const getResponse = await authAgent(ownerUser).get('/variables');
	expect(getResponse.body.data.length).toBe(2);
});

test('DELETE /variables/:id should not delete a single credential for a member', async () => {
	const [var1, var2, var3] = await Promise.all([
		testDb.createVariable('test1', 'value1'),
		testDb.createVariable('test2', 'value2'),
		testDb.createVariable('test3', 'value3'),
	]);

	const delResponse = await authAgent(memberUser).delete(`/variables/${var1.id}`);
	expect(delResponse.statusCode).toBe(401);

	const byId = await testDb.getVariableById(var1.id);
	expect(byId).not.toBeNull();

	const getResponse = await authAgent(memberUser).get('/variables');
	expect(getResponse.body.data.length).toBe(3);
});