mirror of
https://github.com/Abdulazizzn/n8n-enterprise-unlocked.git
synced 2025-12-22 04:10:01 +00:00
feat: RBAC (#8922)
Signed-off-by: Oleg Ivaniv <me@olegivaniv.com> Co-authored-by: Val <68596159+valya@users.noreply.github.com> Co-authored-by: कारतोफ्फेलस्क्रिप्ट™ <aditya@netroy.in> Co-authored-by: Valya Bullions <valya@n8n.io> Co-authored-by: Danny Martini <danny@n8n.io> Co-authored-by: Danny Martini <despair.blue@gmail.com> Co-authored-by: Iván Ovejero <ivov.src@gmail.com> Co-authored-by: Omar Ajoue <krynble@gmail.com> Co-authored-by: oleg <me@olegivaniv.com> Co-authored-by: Michael Kret <michael.k@radency.com> Co-authored-by: Michael Kret <88898367+michael-radency@users.noreply.github.com> Co-authored-by: Elias Meire <elias@meire.dev> Co-authored-by: Giulio Andreini <andreini@netseven.it> Co-authored-by: Giulio Andreini <g.andreini@gmail.com> Co-authored-by: Ayato Hayashi <go12limchangyong@gmail.com>
This commit is contained in:
Csaba Tuncsik
@@ -8,6 +8,8 @@ import { mockInstance } from '../../shared/mocking';
|
||||
import * as testDb from '../shared/testDb';
|
||||
import { getAllCredentials, getAllSharedCredentials } from '../shared/db/credentials';
|
||||
import { createMember, createOwner } from '../shared/db/users';
|
||||
import { getPersonalProject } from '../shared/db/projects';
|
||||
import { nanoid } from 'nanoid';
|
||||
|
||||
const oclifConfig = new Config({ root: __dirname });
|
||||
|
||||
@@ -36,6 +38,7 @@ test('import:credentials should import a credential', async () => {
|
||||
// ARRANGE
|
||||
//
|
||||
const owner = await createOwner();
|
||||
const ownerProject = await getPersonalProject(owner);
|
||||
|
||||
//
|
||||
// ACT
|
||||
@@ -54,7 +57,11 @@ test('import:credentials should import a credential', async () => {
|
||||
expect(after).toMatchObject({
|
||||
credentials: [expect.objectContaining({ id: '123', name: 'cred-aws-test' })],
|
||||
sharings: [
|
||||
expect.objectContaining({ credentialsId: '123', userId: owner.id, role: 'credential:owner' }),
|
||||
expect.objectContaining({
|
||||
credentialsId: '123',
|
||||
projectId: ownerProject.id,
|
||||
role: 'credential:owner',
|
||||
}),
|
||||
],
|
||||
});
|
||||
});
|
||||
@@ -64,6 +71,7 @@ test('import:credentials should import a credential from separated files', async
|
||||
// ARRANGE
|
||||
//
|
||||
const owner = await createOwner();
|
||||
const ownerProject = await getPersonalProject(owner);
|
||||
|
||||
//
|
||||
// ACT
|
||||
@@ -92,7 +100,7 @@ test('import:credentials should import a credential from separated files', async
|
||||
sharings: [
|
||||
expect.objectContaining({
|
||||
credentialsId: '123',
|
||||
userId: owner.id,
|
||||
projectId: ownerProject.id,
|
||||
role: 'credential:owner',
|
||||
}),
|
||||
],
|
||||
@@ -104,6 +112,7 @@ test('`import:credentials --userId ...` should fail if the credential exists alr
|
||||
// ARRANGE
|
||||
//
|
||||
const owner = await createOwner();
|
||||
const ownerProject = await getPersonalProject(owner);
|
||||
const member = await createMember();
|
||||
|
||||
// import credential the first time, assigning it to the owner
|
||||
@@ -122,7 +131,7 @@ test('`import:credentials --userId ...` should fail if the credential exists alr
|
||||
sharings: [
|
||||
expect.objectContaining({
|
||||
credentialsId: '123',
|
||||
userId: owner.id,
|
||||
projectId: ownerProject.id,
|
||||
role: 'credential:owner',
|
||||
}),
|
||||
],
|
||||
@@ -140,7 +149,7 @@ test('`import:credentials --userId ...` should fail if the credential exists alr
|
||||
`--userId=${member.id}`,
|
||||
]),
|
||||
).rejects.toThrowError(
|
||||
`The credential with id "123" is already owned by the user with the id "${owner.id}". It can't be re-owned by the user with the id "${member.id}"`,
|
||||
`The credential with ID "123" is already owned by the user with the ID "${owner.id}". It can't be re-owned by the user with the ID "${member.id}"`,
|
||||
);
|
||||
|
||||
//
|
||||
@@ -162,19 +171,20 @@ test('`import:credentials --userId ...` should fail if the credential exists alr
|
||||
sharings: [
|
||||
expect.objectContaining({
|
||||
credentialsId: '123',
|
||||
userId: owner.id,
|
||||
projectId: ownerProject.id,
|
||||
role: 'credential:owner',
|
||||
}),
|
||||
],
|
||||
});
|
||||
});
|
||||
|
||||
test("only update credential, don't create or update owner if `--userId` is not passed", async () => {
|
||||
test("only update credential, don't create or update owner if neither `--userId` nor `--projectId` is passed", async () => {
|
||||
//
|
||||
// ARRANGE
|
||||
//
|
||||
await createOwner();
|
||||
const member = await createMember();
|
||||
const memberProject = await getPersonalProject(member);
|
||||
|
||||
// import credential the first time, assigning it to a member
|
||||
await importCredential([
|
||||
@@ -192,7 +202,7 @@ test("only update credential, don't create or update owner if `--userId` is not
|
||||
sharings: [
|
||||
expect.objectContaining({
|
||||
credentialsId: '123',
|
||||
userId: member.id,
|
||||
projectId: memberProject.id,
|
||||
role: 'credential:owner',
|
||||
}),
|
||||
],
|
||||
@@ -225,9 +235,93 @@ test("only update credential, don't create or update owner if `--userId` is not
|
||||
sharings: [
|
||||
expect.objectContaining({
|
||||
credentialsId: '123',
|
||||
userId: member.id,
|
||||
projectId: memberProject.id,
|
||||
role: 'credential:owner',
|
||||
}),
|
||||
],
|
||||
});
|
||||
});
|
||||
|
||||
test('`import:credential --projectId ...` should fail if the credential already exists and is owned by another project', async () => {
|
||||
//
|
||||
// ARRANGE
|
||||
//
|
||||
const owner = await createOwner();
|
||||
const ownerProject = await getPersonalProject(owner);
|
||||
const member = await createMember();
|
||||
const memberProject = await getPersonalProject(member);
|
||||
|
||||
// import credential the first time, assigning it to the owner
|
||||
await importCredential([
|
||||
'--input=./test/integration/commands/importCredentials/credentials.json',
|
||||
`--userId=${owner.id}`,
|
||||
]);
|
||||
|
||||
// making sure the import worked
|
||||
const before = {
|
||||
credentials: await getAllCredentials(),
|
||||
sharings: await getAllSharedCredentials(),
|
||||
};
|
||||
expect(before).toMatchObject({
|
||||
credentials: [expect.objectContaining({ id: '123', name: 'cred-aws-test' })],
|
||||
sharings: [
|
||||
expect.objectContaining({
|
||||
credentialsId: '123',
|
||||
projectId: ownerProject.id,
|
||||
role: 'credential:owner',
|
||||
}),
|
||||
],
|
||||
});
|
||||
|
||||
//
|
||||
// ACT
|
||||
//
|
||||
|
||||
// Import again while updating the name we try to assign the
|
||||
// credential to another user.
|
||||
await expect(
|
||||
importCredential([
|
||||
'--input=./test/integration/commands/importCredentials/credentials-updated.json',
|
||||
`--projectId=${memberProject.id}`,
|
||||
]),
|
||||
).rejects.toThrowError(
|
||||
`The credential with ID "123" is already owned by the user with the ID "${owner.id}". It can't be re-owned by the project with the ID "${memberProject.id}".`,
|
||||
);
|
||||
|
||||
//
|
||||
// ASSERT
|
||||
//
|
||||
const after = {
|
||||
credentials: await getAllCredentials(),
|
||||
sharings: await getAllSharedCredentials(),
|
||||
};
|
||||
|
||||
expect(after).toMatchObject({
|
||||
credentials: [
|
||||
expect.objectContaining({
|
||||
id: '123',
|
||||
// only the name was updated
|
||||
name: 'cred-aws-test',
|
||||
}),
|
||||
],
|
||||
sharings: [
|
||||
expect.objectContaining({
|
||||
credentialsId: '123',
|
||||
projectId: ownerProject.id,
|
||||
role: 'credential:owner',
|
||||
}),
|
||||
],
|
||||
});
|
||||
});
|
||||
|
||||
test('`import:credential --projectId ... --userId ...` fails explaining that only one of the options can be used at a time', async () => {
|
||||
await expect(
|
||||
importCredential([
|
||||
'--input=./test/integration/commands/importCredentials/credentials-updated.json',
|
||||
`--projectId=${nanoid()}`,
|
||||
`--userId=${nanoid()}`,
|
||||
]),
|
||||
).rejects.toThrowError(
|
||||
'You cannot use `--userId` and `--projectId` together. Use one or the other.',
|
||||
);
|
||||
});
|
||||
|
||||
@@ -8,6 +8,8 @@ import { mockInstance } from '../../shared/mocking';
|
||||
import * as testDb from '../shared/testDb';
|
||||
import { getAllSharedWorkflows, getAllWorkflows } from '../shared/db/workflows';
|
||||
import { createMember, createOwner } from '../shared/db/users';
|
||||
import { getPersonalProject } from '../shared/db/projects';
|
||||
import { nanoid } from 'nanoid';
|
||||
|
||||
const oclifConfig = new Config({ root: __dirname });
|
||||
|
||||
@@ -36,6 +38,7 @@ test('import:workflow should import active workflow and deactivate it', async ()
|
||||
// ARRANGE
|
||||
//
|
||||
const owner = await createOwner();
|
||||
const ownerProject = await getPersonalProject(owner);
|
||||
|
||||
//
|
||||
// ACT
|
||||
@@ -58,8 +61,16 @@ test('import:workflow should import active workflow and deactivate it', async ()
|
||||
expect.objectContaining({ name: 'inactive-workflow', active: false }),
|
||||
],
|
||||
sharings: [
|
||||
expect.objectContaining({ workflowId: '998', userId: owner.id, role: 'workflow:owner' }),
|
||||
expect.objectContaining({ workflowId: '999', userId: owner.id, role: 'workflow:owner' }),
|
||||
expect.objectContaining({
|
||||
workflowId: '998',
|
||||
projectId: ownerProject.id,
|
||||
role: 'workflow:owner',
|
||||
}),
|
||||
expect.objectContaining({
|
||||
workflowId: '999',
|
||||
projectId: ownerProject.id,
|
||||
role: 'workflow:owner',
|
||||
}),
|
||||
],
|
||||
});
|
||||
});
|
||||
@@ -69,6 +80,7 @@ test('import:workflow should import active workflow from combined file and deact
|
||||
// ARRANGE
|
||||
//
|
||||
const owner = await createOwner();
|
||||
const ownerProject = await getPersonalProject(owner);
|
||||
|
||||
//
|
||||
// ACT
|
||||
@@ -90,8 +102,16 @@ test('import:workflow should import active workflow from combined file and deact
|
||||
expect.objectContaining({ name: 'inactive-workflow', active: false }),
|
||||
],
|
||||
sharings: [
|
||||
expect.objectContaining({ workflowId: '998', userId: owner.id, role: 'workflow:owner' }),
|
||||
expect.objectContaining({ workflowId: '999', userId: owner.id, role: 'workflow:owner' }),
|
||||
expect.objectContaining({
|
||||
workflowId: '998',
|
||||
projectId: ownerProject.id,
|
||||
role: 'workflow:owner',
|
||||
}),
|
||||
expect.objectContaining({
|
||||
workflowId: '999',
|
||||
projectId: ownerProject.id,
|
||||
role: 'workflow:owner',
|
||||
}),
|
||||
],
|
||||
});
|
||||
});
|
||||
@@ -101,6 +121,7 @@ test('`import:workflow --userId ...` should fail if the workflow exists already
|
||||
// ARRANGE
|
||||
//
|
||||
const owner = await createOwner();
|
||||
const ownerProject = await getPersonalProject(owner);
|
||||
const member = await createMember();
|
||||
|
||||
// Import workflow the first time, assigning it to a member.
|
||||
@@ -119,7 +140,7 @@ test('`import:workflow --userId ...` should fail if the workflow exists already
|
||||
sharings: [
|
||||
expect.objectContaining({
|
||||
workflowId: '998',
|
||||
userId: owner.id,
|
||||
projectId: ownerProject.id,
|
||||
role: 'workflow:owner',
|
||||
}),
|
||||
],
|
||||
@@ -136,7 +157,7 @@ test('`import:workflow --userId ...` should fail if the workflow exists already
|
||||
`--userId=${member.id}`,
|
||||
]),
|
||||
).rejects.toThrowError(
|
||||
`The credential with id "998" is already owned by the user with the id "${owner.id}". It can't be re-owned by the user with the id "${member.id}"`,
|
||||
`The credential with ID "998" is already owned by the user with the ID "${owner.id}". It can't be re-owned by the user with the ID "${member.id}"`,
|
||||
);
|
||||
|
||||
//
|
||||
@@ -152,7 +173,7 @@ test('`import:workflow --userId ...` should fail if the workflow exists already
|
||||
sharings: [
|
||||
expect.objectContaining({
|
||||
workflowId: '998',
|
||||
userId: owner.id,
|
||||
projectId: ownerProject.id,
|
||||
role: 'workflow:owner',
|
||||
}),
|
||||
],
|
||||
@@ -165,6 +186,7 @@ test("only update the workflow, don't create or update the owner if `--userId` i
|
||||
//
|
||||
await createOwner();
|
||||
const member = await createMember();
|
||||
const memberProject = await getPersonalProject(member);
|
||||
|
||||
// Import workflow the first time, assigning it to a member.
|
||||
await importWorkflow([
|
||||
@@ -182,7 +204,7 @@ test("only update the workflow, don't create or update the owner if `--userId` i
|
||||
sharings: [
|
||||
expect.objectContaining({
|
||||
workflowId: '998',
|
||||
userId: member.id,
|
||||
projectId: memberProject.id,
|
||||
role: 'workflow:owner',
|
||||
}),
|
||||
],
|
||||
@@ -209,9 +231,86 @@ test("only update the workflow, don't create or update the owner if `--userId` i
|
||||
sharings: [
|
||||
expect.objectContaining({
|
||||
workflowId: '998',
|
||||
userId: member.id,
|
||||
projectId: memberProject.id,
|
||||
role: 'workflow:owner',
|
||||
}),
|
||||
],
|
||||
});
|
||||
});
|
||||
|
||||
test('`import:workflow --projectId ...` should fail if the credential already exists and is owned by another project', async () => {
|
||||
//
|
||||
// ARRANGE
|
||||
//
|
||||
const owner = await createOwner();
|
||||
const ownerProject = await getPersonalProject(owner);
|
||||
const member = await createMember();
|
||||
const memberProject = await getPersonalProject(member);
|
||||
|
||||
// Import workflow the first time, assigning it to a member.
|
||||
await importWorkflow([
|
||||
'--input=./test/integration/commands/importWorkflows/combined-with-update/original.json',
|
||||
`--userId=${owner.id}`,
|
||||
]);
|
||||
|
||||
const before = {
|
||||
workflows: await getAllWorkflows(),
|
||||
sharings: await getAllSharedWorkflows(),
|
||||
};
|
||||
// Make sure the workflow and sharing have been created.
|
||||
expect(before).toMatchObject({
|
||||
workflows: [expect.objectContaining({ id: '998', name: 'active-workflow' })],
|
||||
sharings: [
|
||||
expect.objectContaining({
|
||||
workflowId: '998',
|
||||
projectId: ownerProject.id,
|
||||
role: 'workflow:owner',
|
||||
}),
|
||||
],
|
||||
});
|
||||
|
||||
//
|
||||
// ACT
|
||||
//
|
||||
// Import the same workflow again, with another name but the same ID, and try
|
||||
// to assign it to the member.
|
||||
await expect(
|
||||
importWorkflow([
|
||||
'--input=./test/integration/commands/importWorkflows/combined-with-update/updated.json',
|
||||
`--projectId=${memberProject.id}`,
|
||||
]),
|
||||
).rejects.toThrowError(
|
||||
`The credential with ID "998" is already owned by the user with the ID "${owner.id}". It can't be re-owned by the project with the ID "${memberProject.id}"`,
|
||||
);
|
||||
|
||||
//
|
||||
// ASSERT
|
||||
//
|
||||
const after = {
|
||||
workflows: await getAllWorkflows(),
|
||||
sharings: await getAllSharedWorkflows(),
|
||||
};
|
||||
// Make sure there is no new sharing and that the name DID NOT change.
|
||||
expect(after).toMatchObject({
|
||||
workflows: [expect.objectContaining({ id: '998', name: 'active-workflow' })],
|
||||
sharings: [
|
||||
expect.objectContaining({
|
||||
workflowId: '998',
|
||||
projectId: ownerProject.id,
|
||||
role: 'workflow:owner',
|
||||
}),
|
||||
],
|
||||
});
|
||||
});
|
||||
|
||||
test('`import:workflow --projectId ... --userId ...` fails explaining that only one of the options can be used at a time', async () => {
|
||||
await expect(
|
||||
importWorkflow([
|
||||
'--input=./test/integration/commands/importWorkflows/combined-with-update/updated.json',
|
||||
`--userId=${nanoid()}`,
|
||||
`--projectId=${nanoid()}`,
|
||||
]),
|
||||
).rejects.toThrowError(
|
||||
'You cannot use `--userId` and `--projectId` together. Use one or the other.',
|
||||
);
|
||||
});
|
||||
|
||||
381
packages/cli/test/integration/commands/ldap/reset.test.ts
Normal file
381
packages/cli/test/integration/commands/ldap/reset.test.ts
Normal file
@@ -0,0 +1,381 @@
|
||||
import { Reset } from '@/commands/ldap/reset';
|
||||
import { Config } from '@oclif/core';
|
||||
|
||||
import * as testDb from '../../shared/testDb';
|
||||
import { LoadNodesAndCredentials } from '@/LoadNodesAndCredentials';
|
||||
import { mockInstance } from '../../../shared/mocking';
|
||||
import { InternalHooks } from '@/InternalHooks';
|
||||
import { createLdapUser, createMember, getUserById } from '../../shared/db/users';
|
||||
import { createWorkflow } from '../../shared/db/workflows';
|
||||
import { randomCredentialPayload } from '../../shared/random';
|
||||
import { saveCredential } from '../../shared/db/credentials';
|
||||
import Container from 'typedi';
|
||||
import { WorkflowRepository } from '@/databases/repositories/workflow.repository';
|
||||
import { CredentialsRepository } from '@/databases/repositories/credentials.repository';
|
||||
import { EntityNotFoundError } from '@n8n/typeorm';
|
||||
import { Push } from '@/push';
|
||||
import { SharedWorkflowRepository } from '@/databases/repositories/sharedWorkflow.repository';
|
||||
import { SharedCredentialsRepository } from '@/databases/repositories/sharedCredentials.repository';
|
||||
import { createTeamProject, findProject, getPersonalProject } from '../../shared/db/projects';
|
||||
import { WaitTracker } from '@/WaitTracker';
|
||||
import { getLdapSynchronizations, saveLdapSynchronization } from '@/Ldap/helpers';
|
||||
import { createLdapConfig } from '../../shared/ldap';
|
||||
import { LdapService } from '@/Ldap/ldap.service';
|
||||
import { v4 as uuid } from 'uuid';
|
||||
|
||||
const oclifConfig = new Config({ root: __dirname });
|
||||
|
||||
async function resetLDAP(argv: string[]) {
|
||||
const cmd = new Reset(argv, oclifConfig);
|
||||
try {
|
||||
await cmd.init();
|
||||
} catch (error) {
|
||||
console.error(error);
|
||||
throw error;
|
||||
}
|
||||
await cmd.run();
|
||||
}
|
||||
|
||||
beforeAll(async () => {
|
||||
mockInstance(Push);
|
||||
mockInstance(InternalHooks);
|
||||
mockInstance(LoadNodesAndCredentials);
|
||||
// This needs to be mocked, otherwise the time setInterval would prevent jest
|
||||
// from exiting properly.
|
||||
mockInstance(WaitTracker);
|
||||
await testDb.init();
|
||||
});
|
||||
|
||||
afterAll(async () => {
|
||||
await testDb.terminate();
|
||||
});
|
||||
|
||||
test('fails if neither `--userId` nor `--projectId` nor `--deleteWorkflowsAndCredentials` is passed', async () => {
|
||||
await expect(resetLDAP([])).rejects.toThrowError(
|
||||
'You must use exactly one of `--userId`, `--projectId` or `--deleteWorkflowsAndCredentials`.',
|
||||
);
|
||||
});
|
||||
|
||||
test.each([
|
||||
[`--userId=${uuid()}`, `--projectId=${uuid()}`, '--deleteWorkflowsAndCredentials'],
|
||||
|
||||
[`--userId=${uuid()}`, `--projectId=${uuid()}`],
|
||||
[`--userId=${uuid()}`, '--deleteWorkflowsAndCredentials'],
|
||||
|
||||
['--deleteWorkflowsAndCredentials', `--projectId=${uuid()}`],
|
||||
])(
|
||||
'fails if more than one of `--userId`, `--projectId`, `--deleteWorkflowsAndCredentials` are passed',
|
||||
async (...argv) => {
|
||||
await expect(resetLDAP(argv)).rejects.toThrowError(
|
||||
'You must use exactly one of `--userId`, `--projectId` or `--deleteWorkflowsAndCredentials`.',
|
||||
);
|
||||
},
|
||||
);
|
||||
|
||||
describe('--deleteWorkflowsAndCredentials', () => {
|
||||
test('deletes personal projects, workflows and credentials owned by LDAP managed users', async () => {
|
||||
//
|
||||
// ARRANGE
|
||||
//
|
||||
const member = await createLdapUser({ role: 'global:member' }, uuid());
|
||||
const memberProject = await getPersonalProject(member);
|
||||
const workflow = await createWorkflow({}, member);
|
||||
const credential = await saveCredential(randomCredentialPayload(), {
|
||||
user: member,
|
||||
role: 'credential:owner',
|
||||
});
|
||||
|
||||
const normalMember = await createMember();
|
||||
const workflow2 = await createWorkflow({}, normalMember);
|
||||
const credential2 = await saveCredential(randomCredentialPayload(), {
|
||||
user: normalMember,
|
||||
role: 'credential:owner',
|
||||
});
|
||||
|
||||
//
|
||||
// ACT
|
||||
//
|
||||
await resetLDAP(['--deleteWorkflowsAndCredentials']);
|
||||
|
||||
//
|
||||
// ASSERT
|
||||
//
|
||||
// LDAP user is deleted
|
||||
await expect(getUserById(member.id)).rejects.toThrowError(EntityNotFoundError);
|
||||
await expect(findProject(memberProject.id)).rejects.toThrowError(EntityNotFoundError);
|
||||
await expect(
|
||||
Container.get(WorkflowRepository).findOneBy({ id: workflow.id }),
|
||||
).resolves.toBeNull();
|
||||
await expect(
|
||||
Container.get(CredentialsRepository).findOneBy({ id: credential.id }),
|
||||
).resolves.toBeNull();
|
||||
|
||||
// Non LDAP user is not deleted
|
||||
await expect(getUserById(normalMember.id)).resolves.not.toThrowError();
|
||||
await expect(
|
||||
Container.get(WorkflowRepository).findOneBy({ id: workflow2.id }),
|
||||
).resolves.not.toBeNull();
|
||||
await expect(
|
||||
Container.get(CredentialsRepository).findOneBy({ id: credential2.id }),
|
||||
).resolves.not.toBeNull();
|
||||
});
|
||||
|
||||
test('deletes the LDAP sync history', async () => {
|
||||
//
|
||||
// ARRANGE
|
||||
//
|
||||
await saveLdapSynchronization({
|
||||
created: 1,
|
||||
disabled: 1,
|
||||
scanned: 1,
|
||||
updated: 1,
|
||||
endedAt: new Date(),
|
||||
startedAt: new Date(),
|
||||
error: '',
|
||||
runMode: 'dry',
|
||||
status: 'success',
|
||||
});
|
||||
|
||||
//
|
||||
// ACT
|
||||
//
|
||||
await resetLDAP(['--deleteWorkflowsAndCredentials']);
|
||||
|
||||
//
|
||||
// ASSERT
|
||||
//
|
||||
await expect(getLdapSynchronizations(0, 10)).resolves.toHaveLength(0);
|
||||
});
|
||||
|
||||
test('resets LDAP settings', async () => {
|
||||
//
|
||||
// ARRANGE
|
||||
//
|
||||
await createLdapConfig();
|
||||
await expect(Container.get(LdapService).loadConfig()).resolves.toMatchObject({
|
||||
loginEnabled: true,
|
||||
});
|
||||
|
||||
//
|
||||
// ACT
|
||||
//
|
||||
await resetLDAP(['--deleteWorkflowsAndCredentials']);
|
||||
|
||||
//
|
||||
// ASSERT
|
||||
//
|
||||
await expect(Container.get(LdapService).loadConfig()).resolves.toMatchObject({
|
||||
loginEnabled: false,
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
describe('--userId', () => {
|
||||
test('fails if the user does not exist', async () => {
|
||||
const userId = uuid();
|
||||
await expect(resetLDAP([`--userId=${userId}`])).rejects.toThrowError(
|
||||
`Could not find the user with the ID ${userId} or their personalProject.`,
|
||||
);
|
||||
});
|
||||
|
||||
test('fails if the user to migrate to is also an LDAP user', async () => {
|
||||
//
|
||||
// ARRANGE
|
||||
//
|
||||
const member = await createLdapUser({ role: 'global:member' }, uuid());
|
||||
|
||||
await expect(resetLDAP([`--userId=${member.id}`])).rejects.toThrowError(
|
||||
`Can't migrate workflows and credentials to the user with the ID ${member.id}. That user was created via LDAP and will be deleted as well.`,
|
||||
);
|
||||
});
|
||||
|
||||
test("transfers all workflows and credentials to the user's personal project", async () => {
|
||||
//
|
||||
// ARRANGE
|
||||
//
|
||||
const member = await createLdapUser({ role: 'global:member' }, uuid());
|
||||
const memberProject = await getPersonalProject(member);
|
||||
const workflow = await createWorkflow({}, member);
|
||||
const credential = await saveCredential(randomCredentialPayload(), {
|
||||
user: member,
|
||||
role: 'credential:owner',
|
||||
});
|
||||
|
||||
const normalMember = await createMember();
|
||||
const normalMemberProject = await getPersonalProject(normalMember);
|
||||
const workflow2 = await createWorkflow({}, normalMember);
|
||||
const credential2 = await saveCredential(randomCredentialPayload(), {
|
||||
user: normalMember,
|
||||
role: 'credential:owner',
|
||||
});
|
||||
|
||||
//
|
||||
// ACT
|
||||
//
|
||||
await resetLDAP([`--userId=${normalMember.id}`]);
|
||||
|
||||
//
|
||||
// ASSERT
|
||||
//
|
||||
// LDAP user is deleted
|
||||
await expect(getUserById(member.id)).rejects.toThrowError(EntityNotFoundError);
|
||||
await expect(findProject(memberProject.id)).rejects.toThrowError(EntityNotFoundError);
|
||||
|
||||
// Their workflow and credential have been migrated to the normal user.
|
||||
await expect(
|
||||
Container.get(SharedWorkflowRepository).findOneBy({
|
||||
workflowId: workflow.id,
|
||||
projectId: normalMemberProject.id,
|
||||
}),
|
||||
).resolves.not.toBeNull();
|
||||
await expect(
|
||||
Container.get(SharedCredentialsRepository).findOneBy({
|
||||
credentialsId: credential.id,
|
||||
projectId: normalMemberProject.id,
|
||||
}),
|
||||
).resolves.not.toBeNull();
|
||||
|
||||
// Non LDAP user is not deleted
|
||||
await expect(getUserById(normalMember.id)).resolves.not.toThrowError();
|
||||
await expect(
|
||||
Container.get(WorkflowRepository).findOneBy({ id: workflow2.id }),
|
||||
).resolves.not.toBeNull();
|
||||
await expect(
|
||||
Container.get(CredentialsRepository).findOneBy({ id: credential2.id }),
|
||||
).resolves.not.toBeNull();
|
||||
});
|
||||
});
|
||||
|
||||
describe('--projectId', () => {
|
||||
test('fails if the project does not exist', async () => {
|
||||
const projectId = uuid();
|
||||
await expect(resetLDAP([`--projectId=${projectId}`])).rejects.toThrowError(
|
||||
`Could not find the project with the ID ${projectId}.`,
|
||||
);
|
||||
});
|
||||
|
||||
test('fails if the user to migrate to is also an LDAP user', async () => {
|
||||
//
|
||||
// ARRANGE
|
||||
//
|
||||
const member = await createLdapUser({ role: 'global:member' }, uuid());
|
||||
const memberProject = await getPersonalProject(member);
|
||||
|
||||
await expect(resetLDAP([`--projectId=${memberProject.id}`])).rejects.toThrowError(
|
||||
`Can't migrate workflows and credentials to the project with the ID ${memberProject.id}. That project is a personal project belonging to a user that was created via LDAP and will be deleted as well.`,
|
||||
);
|
||||
});
|
||||
|
||||
test('transfers all workflows and credentials to a personal project', async () => {
|
||||
//
|
||||
// ARRANGE
|
||||
//
|
||||
const member = await createLdapUser({ role: 'global:member' }, uuid());
|
||||
const memberProject = await getPersonalProject(member);
|
||||
const workflow = await createWorkflow({}, member);
|
||||
const credential = await saveCredential(randomCredentialPayload(), {
|
||||
user: member,
|
||||
role: 'credential:owner',
|
||||
});
|
||||
|
||||
const normalMember = await createMember();
|
||||
const normalMemberProject = await getPersonalProject(normalMember);
|
||||
const workflow2 = await createWorkflow({}, normalMember);
|
||||
const credential2 = await saveCredential(randomCredentialPayload(), {
|
||||
user: normalMember,
|
||||
role: 'credential:owner',
|
||||
});
|
||||
|
||||
//
|
||||
// ACT
|
||||
//
|
||||
await resetLDAP([`--projectId=${normalMemberProject.id}`]);
|
||||
|
||||
//
|
||||
// ASSERT
|
||||
//
|
||||
// LDAP user is deleted
|
||||
await expect(getUserById(member.id)).rejects.toThrowError(EntityNotFoundError);
|
||||
await expect(findProject(memberProject.id)).rejects.toThrowError(EntityNotFoundError);
|
||||
|
||||
// Their workflow and credential have been migrated to the normal user.
|
||||
await expect(
|
||||
Container.get(SharedWorkflowRepository).findOneBy({
|
||||
workflowId: workflow.id,
|
||||
projectId: normalMemberProject.id,
|
||||
}),
|
||||
).resolves.not.toBeNull();
|
||||
await expect(
|
||||
Container.get(SharedCredentialsRepository).findOneBy({
|
||||
credentialsId: credential.id,
|
||||
projectId: normalMemberProject.id,
|
||||
}),
|
||||
).resolves.not.toBeNull();
|
||||
|
||||
// Non LDAP user is not deleted
|
||||
await expect(getUserById(normalMember.id)).resolves.not.toThrowError();
|
||||
await expect(
|
||||
Container.get(WorkflowRepository).findOneBy({ id: workflow2.id }),
|
||||
).resolves.not.toBeNull();
|
||||
await expect(
|
||||
Container.get(CredentialsRepository).findOneBy({ id: credential2.id }),
|
||||
).resolves.not.toBeNull();
|
||||
});
|
||||
|
||||
test('transfers all workflows and credentials to a team project', async () => {
|
||||
//
|
||||
// ARRANGE
|
||||
//
|
||||
const member = await createLdapUser({ role: 'global:member' }, uuid());
|
||||
const memberProject = await getPersonalProject(member);
|
||||
const workflow = await createWorkflow({}, member);
|
||||
const credential = await saveCredential(randomCredentialPayload(), {
|
||||
user: member,
|
||||
role: 'credential:owner',
|
||||
});
|
||||
|
||||
const normalMember = await createMember();
|
||||
const workflow2 = await createWorkflow({}, normalMember);
|
||||
const credential2 = await saveCredential(randomCredentialPayload(), {
|
||||
user: normalMember,
|
||||
role: 'credential:owner',
|
||||
});
|
||||
|
||||
const teamProject = await createTeamProject();
|
||||
|
||||
//
|
||||
// ACT
|
||||
//
|
||||
await resetLDAP([`--projectId=${teamProject.id}`]);
|
||||
|
||||
//
|
||||
// ASSERT
|
||||
//
|
||||
// LDAP user is deleted
|
||||
await expect(getUserById(member.id)).rejects.toThrowError(EntityNotFoundError);
|
||||
await expect(findProject(memberProject.id)).rejects.toThrowError(EntityNotFoundError);
|
||||
|
||||
// Their workflow and credential have been migrated to the team project.
|
||||
await expect(
|
||||
Container.get(SharedWorkflowRepository).findOneBy({
|
||||
workflowId: workflow.id,
|
||||
projectId: teamProject.id,
|
||||
}),
|
||||
).resolves.not.toBeNull();
|
||||
await expect(
|
||||
Container.get(SharedCredentialsRepository).findOneBy({
|
||||
credentialsId: credential.id,
|
||||
projectId: teamProject.id,
|
||||
}),
|
||||
).resolves.not.toBeNull();
|
||||
|
||||
// Non LDAP user is not deleted
|
||||
await expect(getUserById(normalMember.id)).resolves.not.toThrowError();
|
||||
await expect(
|
||||
Container.get(WorkflowRepository).findOneBy({ id: workflow2.id }),
|
||||
).resolves.not.toBeNull();
|
||||
await expect(
|
||||
Container.get(CredentialsRepository).findOneBy({ id: credential2.id }),
|
||||
).resolves.not.toBeNull();
|
||||
});
|
||||
});
|
||||
@@ -7,7 +7,16 @@ import { UserRepository } from '@db/repositories/user.repository';
|
||||
|
||||
import { mockInstance } from '../../shared/mocking';
|
||||
import * as testDb from '../shared/testDb';
|
||||
import { createUser } from '../shared/db/users';
|
||||
import { createMember, createUser } from '../shared/db/users';
|
||||
import { createWorkflow } from '../shared/db/workflows';
|
||||
import { SharedWorkflowRepository } from '@/databases/repositories/sharedWorkflow.repository';
|
||||
import { getPersonalProject } from '../shared/db/projects';
|
||||
import { encryptCredentialData, saveCredential } from '../shared/db/credentials';
|
||||
import { randomCredentialPayload } from '../shared/random';
|
||||
import { SharedCredentialsRepository } from '@/databases/repositories/sharedCredentials.repository';
|
||||
import { CredentialsRepository } from '@/databases/repositories/credentials.repository';
|
||||
import { CredentialsEntity } from '@/databases/entities/CredentialsEntity';
|
||||
import { SettingsRepository } from '@/databases/repositories/settings.repository';
|
||||
|
||||
beforeAll(async () => {
|
||||
mockInstance(InternalHooks);
|
||||
@@ -25,20 +34,75 @@ afterAll(async () => {
|
||||
});
|
||||
|
||||
// eslint-disable-next-line n8n-local-rules/no-skipped-tests
|
||||
test.skip('user-management:reset should reset DB to default user state', async () => {
|
||||
await createUser({ role: 'global:owner' });
|
||||
test('user-management:reset should reset DB to default user state', async () => {
|
||||
//
|
||||
// ARRANGE
|
||||
//
|
||||
const owner = await createUser({ role: 'global:owner' });
|
||||
const ownerProject = await getPersonalProject(owner);
|
||||
|
||||
// should be deleted
|
||||
const member = await createMember();
|
||||
|
||||
// should be re-owned
|
||||
const workflow = await createWorkflow({}, member);
|
||||
const credential = await saveCredential(randomCredentialPayload(), {
|
||||
user: member,
|
||||
role: 'credential:owner',
|
||||
});
|
||||
|
||||
// dangling credentials should also be re-owned
|
||||
const danglingCredential = await Container.get(CredentialsRepository).save(
|
||||
await encryptCredentialData(Object.assign(new CredentialsEntity(), randomCredentialPayload())),
|
||||
);
|
||||
|
||||
// mark instance as set up
|
||||
await Container.get(SettingsRepository).update(
|
||||
{ key: 'userManagement.isInstanceOwnerSetUp' },
|
||||
{ value: 'true' },
|
||||
);
|
||||
|
||||
//
|
||||
// ACT
|
||||
//
|
||||
await Reset.run();
|
||||
|
||||
const user = await Container.get(UserRepository).findOneBy({ role: 'global:owner' });
|
||||
//
|
||||
// ASSERT
|
||||
//
|
||||
|
||||
if (!user) {
|
||||
fail('No owner found after DB reset to default user state');
|
||||
}
|
||||
// check if the owner account was reset:
|
||||
await expect(
|
||||
Container.get(UserRepository).findOneBy({ role: 'global:owner' }),
|
||||
).resolves.toMatchObject({
|
||||
email: null,
|
||||
firstName: null,
|
||||
lastName: null,
|
||||
password: null,
|
||||
personalizationAnswers: null,
|
||||
});
|
||||
|
||||
expect(user.email).toBeNull();
|
||||
expect(user.firstName).toBeNull();
|
||||
expect(user.lastName).toBeNull();
|
||||
expect(user.password).toBeNull();
|
||||
expect(user.personalizationAnswers).toBeNull();
|
||||
// all members were deleted:
|
||||
const members = await Container.get(UserRepository).findOneBy({ role: 'global:member' });
|
||||
expect(members).toBeNull();
|
||||
|
||||
// all workflows are owned by the owner:
|
||||
await expect(
|
||||
Container.get(SharedWorkflowRepository).findBy({ workflowId: workflow.id }),
|
||||
).resolves.toMatchObject([{ projectId: ownerProject.id, role: 'workflow:owner' }]);
|
||||
|
||||
// all credentials are owned by the owner
|
||||
await expect(
|
||||
Container.get(SharedCredentialsRepository).findBy({ credentialsId: credential.id }),
|
||||
).resolves.toMatchObject([{ projectId: ownerProject.id, role: 'credential:owner' }]);
|
||||
|
||||
// all dangling credentials are owned by the owner
|
||||
await expect(
|
||||
Container.get(SharedCredentialsRepository).findBy({ credentialsId: danglingCredential.id }),
|
||||
).resolves.toMatchObject([{ projectId: ownerProject.id, role: 'credential:owner' }]);
|
||||
|
||||
// the instance is marked as not set up:
|
||||
await expect(
|
||||
Container.get(SettingsRepository).findBy({ key: 'userManagement.isInstanceOwnerSetUp' }),
|
||||
).resolves.toMatchObject([{ value: 'false' }]);
|
||||
});
|
||||
|
||||
Reference in New Issue
Block a user