mirror of
https://github.com/n8n-io/n8n.git
synced 2025-01-21 17:40:48 -08:00
5156313074
Some checks are pending
Test Master / install-and-build (push) Waiting to run
Test Master / Unit tests (18.x) (push) Blocked by required conditions
Test Master / Unit tests (20.x) (push) Blocked by required conditions
Test Master / Unit tests (22.4) (push) Blocked by required conditions
Test Master / Lint (push) Blocked by required conditions
Test Master / Notify Slack on failure (push) Blocked by required conditions
Benchmark Docker Image CI / build (push) Waiting to run
360 lines
11 KiB
TypeScript
360 lines
11 KiB
TypeScript
import { EntityNotFoundError } from '@n8n/typeorm';
|
|
import { Container } from 'typedi';
|
|
import { v4 as uuid } from 'uuid';
|
|
|
|
import { Reset } from '@/commands/ldap/reset';
|
|
import { CredentialsRepository } from '@/databases/repositories/credentials.repository';
|
|
import { SharedCredentialsRepository } from '@/databases/repositories/shared-credentials.repository';
|
|
import { SharedWorkflowRepository } from '@/databases/repositories/shared-workflow.repository';
|
|
import { WorkflowRepository } from '@/databases/repositories/workflow.repository';
|
|
import { getLdapSynchronizations, saveLdapSynchronization } from '@/ldap/helpers.ee';
|
|
import { LdapService } from '@/ldap/ldap.service.ee';
|
|
import { LoadNodesAndCredentials } from '@/load-nodes-and-credentials';
|
|
import { Push } from '@/push';
|
|
import { Telemetry } from '@/telemetry';
|
|
import { setupTestCommand } from '@test-integration/utils/test-command';
|
|
|
|
import { mockInstance } from '../../../shared/mocking';
|
|
import { saveCredential } from '../../shared/db/credentials';
|
|
import { createTeamProject, findProject, getPersonalProject } from '../../shared/db/projects';
|
|
import { createLdapUser, createMember, getUserById } from '../../shared/db/users';
|
|
import { createWorkflow } from '../../shared/db/workflows';
|
|
import { createLdapConfig } from '../../shared/ldap';
|
|
import { randomCredentialPayload } from '../../shared/random';
|
|
|
|
mockInstance(Telemetry);
|
|
|
|
mockInstance(Push);
|
|
mockInstance(LoadNodesAndCredentials);
|
|
const command = setupTestCommand(Reset);
|
|
|
|
test('fails if neither `--userId` nor `--projectId` nor `--deleteWorkflowsAndCredentials` is passed', async () => {
|
|
await expect(command.run()).rejects.toThrowError(
|
|
'You must use exactly one of `--userId`, `--projectId` or `--deleteWorkflowsAndCredentials`.',
|
|
);
|
|
});
|
|
|
|
test.each([
|
|
[`--userId=${uuid()}`, `--projectId=${uuid()}`, '--deleteWorkflowsAndCredentials'],
|
|
|
|
[`--userId=${uuid()}`, `--projectId=${uuid()}`],
|
|
[`--userId=${uuid()}`, '--deleteWorkflowsAndCredentials'],
|
|
|
|
['--deleteWorkflowsAndCredentials', `--projectId=${uuid()}`],
|
|
])(
|
|
'fails if more than one of `--userId`, `--projectId`, `--deleteWorkflowsAndCredentials` are passed',
|
|
async (...argv) => {
|
|
await expect(command.run(argv)).rejects.toThrowError(
|
|
'You must use exactly one of `--userId`, `--projectId` or `--deleteWorkflowsAndCredentials`.',
|
|
);
|
|
},
|
|
);
|
|
|
|
describe('--deleteWorkflowsAndCredentials', () => {
|
|
test('deletes personal projects, workflows and credentials owned by LDAP managed users', async () => {
|
|
//
|
|
// ARRANGE
|
|
//
|
|
const member = await createLdapUser({ role: 'global:member' }, uuid());
|
|
const memberProject = await getPersonalProject(member);
|
|
const workflow = await createWorkflow({}, member);
|
|
const credential = await saveCredential(randomCredentialPayload(), {
|
|
user: member,
|
|
role: 'credential:owner',
|
|
});
|
|
|
|
const normalMember = await createMember();
|
|
const workflow2 = await createWorkflow({}, normalMember);
|
|
const credential2 = await saveCredential(randomCredentialPayload(), {
|
|
user: normalMember,
|
|
role: 'credential:owner',
|
|
});
|
|
|
|
//
|
|
// ACT
|
|
//
|
|
await command.run(['--deleteWorkflowsAndCredentials']);
|
|
|
|
//
|
|
// ASSERT
|
|
//
|
|
// LDAP user is deleted
|
|
await expect(getUserById(member.id)).rejects.toThrowError(EntityNotFoundError);
|
|
await expect(findProject(memberProject.id)).rejects.toThrowError(EntityNotFoundError);
|
|
await expect(
|
|
Container.get(WorkflowRepository).findOneBy({ id: workflow.id }),
|
|
).resolves.toBeNull();
|
|
await expect(
|
|
Container.get(CredentialsRepository).findOneBy({ id: credential.id }),
|
|
).resolves.toBeNull();
|
|
|
|
// Non LDAP user is not deleted
|
|
await expect(getUserById(normalMember.id)).resolves.not.toThrowError();
|
|
await expect(
|
|
Container.get(WorkflowRepository).findOneBy({ id: workflow2.id }),
|
|
).resolves.not.toBeNull();
|
|
await expect(
|
|
Container.get(CredentialsRepository).findOneBy({ id: credential2.id }),
|
|
).resolves.not.toBeNull();
|
|
});
|
|
|
|
test('deletes the LDAP sync history', async () => {
|
|
//
|
|
// ARRANGE
|
|
//
|
|
await saveLdapSynchronization({
|
|
created: 1,
|
|
disabled: 1,
|
|
scanned: 1,
|
|
updated: 1,
|
|
endedAt: new Date(),
|
|
startedAt: new Date(),
|
|
error: '',
|
|
runMode: 'dry',
|
|
status: 'success',
|
|
});
|
|
|
|
//
|
|
// ACT
|
|
//
|
|
await command.run(['--deleteWorkflowsAndCredentials']);
|
|
|
|
//
|
|
// ASSERT
|
|
//
|
|
await expect(getLdapSynchronizations(0, 10)).resolves.toHaveLength(0);
|
|
});
|
|
|
|
test('resets LDAP settings', async () => {
|
|
//
|
|
// ARRANGE
|
|
//
|
|
await createLdapConfig();
|
|
await expect(Container.get(LdapService).loadConfig()).resolves.toMatchObject({
|
|
loginEnabled: true,
|
|
});
|
|
|
|
//
|
|
// ACT
|
|
//
|
|
await command.run(['--deleteWorkflowsAndCredentials']);
|
|
|
|
//
|
|
// ASSERT
|
|
//
|
|
await expect(Container.get(LdapService).loadConfig()).resolves.toMatchObject({
|
|
loginEnabled: false,
|
|
});
|
|
});
|
|
});
|
|
|
|
describe('--userId', () => {
|
|
test('fails if the user does not exist', async () => {
|
|
const userId = uuid();
|
|
await expect(command.run([`--userId=${userId}`])).rejects.toThrowError(
|
|
`Could not find the user with the ID ${userId} or their personalProject.`,
|
|
);
|
|
});
|
|
|
|
test('fails if the user to migrate to is also an LDAP user', async () => {
|
|
//
|
|
// ARRANGE
|
|
//
|
|
const member = await createLdapUser({ role: 'global:member' }, uuid());
|
|
|
|
await expect(command.run([`--userId=${member.id}`])).rejects.toThrowError(
|
|
`Can't migrate workflows and credentials to the user with the ID ${member.id}. That user was created via LDAP and will be deleted as well.`,
|
|
);
|
|
});
|
|
|
|
test("transfers all workflows and credentials to the user's personal project", async () => {
|
|
//
|
|
// ARRANGE
|
|
//
|
|
const member = await createLdapUser({ role: 'global:member' }, uuid());
|
|
const memberProject = await getPersonalProject(member);
|
|
const workflow = await createWorkflow({}, member);
|
|
const credential = await saveCredential(randomCredentialPayload(), {
|
|
user: member,
|
|
role: 'credential:owner',
|
|
});
|
|
|
|
const normalMember = await createMember();
|
|
const normalMemberProject = await getPersonalProject(normalMember);
|
|
const workflow2 = await createWorkflow({}, normalMember);
|
|
const credential2 = await saveCredential(randomCredentialPayload(), {
|
|
user: normalMember,
|
|
role: 'credential:owner',
|
|
});
|
|
|
|
//
|
|
// ACT
|
|
//
|
|
await command.run([`--userId=${normalMember.id}`]);
|
|
|
|
//
|
|
// ASSERT
|
|
//
|
|
// LDAP user is deleted
|
|
await expect(getUserById(member.id)).rejects.toThrowError(EntityNotFoundError);
|
|
await expect(findProject(memberProject.id)).rejects.toThrowError(EntityNotFoundError);
|
|
|
|
// Their workflow and credential have been migrated to the normal user.
|
|
await expect(
|
|
Container.get(SharedWorkflowRepository).findOneBy({
|
|
workflowId: workflow.id,
|
|
projectId: normalMemberProject.id,
|
|
}),
|
|
).resolves.not.toBeNull();
|
|
await expect(
|
|
Container.get(SharedCredentialsRepository).findOneBy({
|
|
credentialsId: credential.id,
|
|
projectId: normalMemberProject.id,
|
|
}),
|
|
).resolves.not.toBeNull();
|
|
|
|
// Non LDAP user is not deleted
|
|
await expect(getUserById(normalMember.id)).resolves.not.toThrowError();
|
|
await expect(
|
|
Container.get(WorkflowRepository).findOneBy({ id: workflow2.id }),
|
|
).resolves.not.toBeNull();
|
|
await expect(
|
|
Container.get(CredentialsRepository).findOneBy({ id: credential2.id }),
|
|
).resolves.not.toBeNull();
|
|
});
|
|
});
|
|
|
|
describe('--projectId', () => {
|
|
test('fails if the project does not exist', async () => {
|
|
const projectId = uuid();
|
|
await expect(command.run([`--projectId=${projectId}`])).rejects.toThrowError(
|
|
`Could not find the project with the ID ${projectId}.`,
|
|
);
|
|
});
|
|
|
|
test('fails if the user to migrate to is also an LDAP user', async () => {
|
|
//
|
|
// ARRANGE
|
|
//
|
|
const member = await createLdapUser({ role: 'global:member' }, uuid());
|
|
const memberProject = await getPersonalProject(member);
|
|
|
|
await expect(command.run([`--projectId=${memberProject.id}`])).rejects.toThrowError(
|
|
`Can't migrate workflows and credentials to the project with the ID ${memberProject.id}. That project is a personal project belonging to a user that was created via LDAP and will be deleted as well.`,
|
|
);
|
|
});
|
|
|
|
test('transfers all workflows and credentials to a personal project', async () => {
|
|
//
|
|
// ARRANGE
|
|
//
|
|
const member = await createLdapUser({ role: 'global:member' }, uuid());
|
|
const memberProject = await getPersonalProject(member);
|
|
const workflow = await createWorkflow({}, member);
|
|
const credential = await saveCredential(randomCredentialPayload(), {
|
|
user: member,
|
|
role: 'credential:owner',
|
|
});
|
|
|
|
const normalMember = await createMember();
|
|
const normalMemberProject = await getPersonalProject(normalMember);
|
|
const workflow2 = await createWorkflow({}, normalMember);
|
|
const credential2 = await saveCredential(randomCredentialPayload(), {
|
|
user: normalMember,
|
|
role: 'credential:owner',
|
|
});
|
|
|
|
//
|
|
// ACT
|
|
//
|
|
await command.run([`--projectId=${normalMemberProject.id}`]);
|
|
|
|
//
|
|
// ASSERT
|
|
//
|
|
// LDAP user is deleted
|
|
await expect(getUserById(member.id)).rejects.toThrowError(EntityNotFoundError);
|
|
await expect(findProject(memberProject.id)).rejects.toThrowError(EntityNotFoundError);
|
|
|
|
// Their workflow and credential have been migrated to the normal user.
|
|
await expect(
|
|
Container.get(SharedWorkflowRepository).findOneBy({
|
|
workflowId: workflow.id,
|
|
projectId: normalMemberProject.id,
|
|
}),
|
|
).resolves.not.toBeNull();
|
|
await expect(
|
|
Container.get(SharedCredentialsRepository).findOneBy({
|
|
credentialsId: credential.id,
|
|
projectId: normalMemberProject.id,
|
|
}),
|
|
).resolves.not.toBeNull();
|
|
|
|
// Non LDAP user is not deleted
|
|
await expect(getUserById(normalMember.id)).resolves.not.toThrowError();
|
|
await expect(
|
|
Container.get(WorkflowRepository).findOneBy({ id: workflow2.id }),
|
|
).resolves.not.toBeNull();
|
|
await expect(
|
|
Container.get(CredentialsRepository).findOneBy({ id: credential2.id }),
|
|
).resolves.not.toBeNull();
|
|
});
|
|
|
|
test('transfers all workflows and credentials to a team project', async () => {
|
|
//
|
|
// ARRANGE
|
|
//
|
|
const member = await createLdapUser({ role: 'global:member' }, uuid());
|
|
const memberProject = await getPersonalProject(member);
|
|
const workflow = await createWorkflow({}, member);
|
|
const credential = await saveCredential(randomCredentialPayload(), {
|
|
user: member,
|
|
role: 'credential:owner',
|
|
});
|
|
|
|
const normalMember = await createMember();
|
|
const workflow2 = await createWorkflow({}, normalMember);
|
|
const credential2 = await saveCredential(randomCredentialPayload(), {
|
|
user: normalMember,
|
|
role: 'credential:owner',
|
|
});
|
|
|
|
const teamProject = await createTeamProject();
|
|
|
|
//
|
|
// ACT
|
|
//
|
|
await command.run([`--projectId=${teamProject.id}`]);
|
|
|
|
//
|
|
// ASSERT
|
|
//
|
|
// LDAP user is deleted
|
|
await expect(getUserById(member.id)).rejects.toThrowError(EntityNotFoundError);
|
|
await expect(findProject(memberProject.id)).rejects.toThrowError(EntityNotFoundError);
|
|
|
|
// Their workflow and credential have been migrated to the team project.
|
|
await expect(
|
|
Container.get(SharedWorkflowRepository).findOneBy({
|
|
workflowId: workflow.id,
|
|
projectId: teamProject.id,
|
|
}),
|
|
).resolves.not.toBeNull();
|
|
await expect(
|
|
Container.get(SharedCredentialsRepository).findOneBy({
|
|
credentialsId: credential.id,
|
|
projectId: teamProject.id,
|
|
}),
|
|
).resolves.not.toBeNull();
|
|
|
|
// Non LDAP user is not deleted
|
|
await expect(getUserById(normalMember.id)).resolves.not.toThrowError();
|
|
await expect(
|
|
Container.get(WorkflowRepository).findOneBy({ id: workflow2.id }),
|
|
).resolves.not.toBeNull();
|
|
await expect(
|
|
Container.get(CredentialsRepository).findOneBy({ id: credential2.id }),
|
|
).resolves.not.toBeNull();
|
|
});
|
|
});
|