admin/n8n-enterprise-unlocked
1
0
Fork 0
mirror of https://github.com/Abdulazizzn/n8n-enterprise-unlocked.git synced 2025-12-17 18:12:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor(core): Standardize filename casing for services and Public API (no-changelog) (#10579)

Browse Source
This commit is contained in:
Iván Ovejero
2024-08-28 13:59:27 +02:00
committed by GitHub
parent dca797e4db
commit d7241cfc3a
226 changed files with 177 additions and 172 deletions
Download Patch File Download Diff File Expand all files Collapse all files

339
packages/cli/test/integration/public-api/credentials.test.ts Normal file
View File

@@ -0,0 +1,339 @@
import { Container } from 'typedi';
import { randomString } from 'n8n-workflow';
import type { User } from '@/databases/entities/User';
import { CredentialsRepository } from '@/databases/repositories/credentials.repository';
import { SharedCredentialsRepository } from '@/databases/repositories/shared-credentials.repository';
import { randomApiKey, randomName } from '../shared/random';
import * as utils from '../shared/utils/';
import type { CredentialPayload, SaveCredentialFunction } from '../shared/types';
import * as testDb from '../shared/test-db';
import { affixRoleToSaveCredential, createCredentials } from '../shared/db/credentials';
import { addApiKey, createUser, createUserShell } from '../shared/db/users';
import type { SuperAgentTest } from '../shared/types';
import { createTeamProject } from '@test-integration/db/projects';
let owner: User;
let member: User;
let authOwnerAgent: SuperAgentTest;
let authMemberAgent: SuperAgentTest;
let saveCredential: SaveCredentialFunction;
const testServer = utils.setupTestServer({ endpointGroups: ['publicApi'] });
beforeAll(async () => {
owner = await addApiKey(await createUserShell('global:owner'));
member = await createUser({ role: 'global:member', apiKey: randomApiKey() });
authOwnerAgent = testServer.publicApiAgentFor(owner);
authMemberAgent = testServer.publicApiAgentFor(member);
saveCredential = affixRoleToSaveCredential('credential:owner');
await utils.initCredentialsTypes();
});
beforeEach(async () => {
await testDb.truncate(['SharedCredentials', 'Credentials']);
});
describe('POST /credentials', () => {
test('should create credentials', async () => {
const payload = {
name: 'test credential',
type: 'githubApi',
data: {
accessToken: 'abcdefghijklmnopqrstuvwxyz',
user: 'test',
server: 'testServer',
},
};
const response = await authOwnerAgent.post('/credentials').send(payload);
expect(response.statusCode).toBe(200);
const { id, name, type } = response.body;
expect(name).toBe(payload.name);
expect(type).toBe(payload.type);
const credential = await Container.get(CredentialsRepository).findOneByOrFail({ id });
expect(credential.name).toBe(payload.name);
expect(credential.type).toBe(payload.type);
expect(credential.data).not.toBe(payload.data);
const sharedCredential = await Container.get(SharedCredentialsRepository).findOneOrFail({
relations: { credentials: true },
where: {
credentialsId: credential.id,
project: {
type: 'personal',
projectRelations: {
userId: owner.id,
},
},
},
});
expect(sharedCredential.role).toEqual('credential:owner');
expect(sharedCredential.credentials.name).toBe(payload.name);
});
test('should fail with invalid inputs', async () => {
for (const invalidPayload of INVALID_PAYLOADS) {
const response = await authOwnerAgent.post('/credentials').send(invalidPayload);
expect(response.statusCode === 400 || response.statusCode === 415).toBe(true);
}
});
});
describe('DELETE /credentials/:id', () => {
test('should delete owned cred for owner', async () => {
const savedCredential = await saveCredential(dbCredential(), { user: owner });
const response = await authOwnerAgent.delete(`/credentials/${savedCredential.id}`);
expect(response.statusCode).toBe(200);
const { name, type } = response.body;
expect(name).toBe(savedCredential.name);
expect(type).toBe(savedCredential.type);
const deletedCredential = await Container.get(CredentialsRepository).findOneBy({
id: savedCredential.id,
});
expect(deletedCredential).toBeNull(); // deleted
const deletedSharedCredential = await Container.get(SharedCredentialsRepository).findOneBy({});
expect(deletedSharedCredential).toBeNull(); // deleted
});
test('should delete non-owned cred for owner', async () => {
const savedCredential = await saveCredential(dbCredential(), { user: member });
const response = await authOwnerAgent.delete(`/credentials/${savedCredential.id}`);
expect(response.statusCode).toBe(200);
const deletedCredential = await Container.get(CredentialsRepository).findOneBy({
id: savedCredential.id,
});
expect(deletedCredential).toBeNull(); // deleted
const deletedSharedCredential = await Container.get(SharedCredentialsRepository).findOneBy({});
expect(deletedSharedCredential).toBeNull(); // deleted
});
test('should delete owned cred for member', async () => {
const savedCredential = await saveCredential(dbCredential(), { user: member });
const response = await authMemberAgent.delete(`/credentials/${savedCredential.id}`);
expect(response.statusCode).toBe(200);
const { name, type } = response.body;
expect(name).toBe(savedCredential.name);
expect(type).toBe(savedCredential.type);
const deletedCredential = await Container.get(CredentialsRepository).findOneBy({
id: savedCredential.id,
});
expect(deletedCredential).toBeNull(); // deleted
const deletedSharedCredential = await Container.get(SharedCredentialsRepository).findOneBy({});
expect(deletedSharedCredential).toBeNull(); // deleted
});
test('should delete owned cred for member but leave others untouched', async () => {
const anotherMember = await createUser({
role: 'global:member',
apiKey: randomApiKey(),
});
const savedCredential = await saveCredential(dbCredential(), { user: member });
const notToBeChangedCredential = await saveCredential(dbCredential(), { user: member });
const notToBeChangedCredential2 = await saveCredential(dbCredential(), {
user: anotherMember,
});
const response = await authMemberAgent.delete(`/credentials/${savedCredential.id}`);
expect(response.statusCode).toBe(200);
const { name, type } = response.body;
expect(name).toBe(savedCredential.name);
expect(type).toBe(savedCredential.type);
const deletedCredential = await Container.get(CredentialsRepository).findOneBy({
id: savedCredential.id,
});
expect(deletedCredential).toBeNull(); // deleted
const deletedSharedCredential = await Container.get(SharedCredentialsRepository).findOne({
where: {
credentialsId: savedCredential.id,
},
});
expect(deletedSharedCredential).toBeNull(); // deleted
await Promise.all(
[notToBeChangedCredential, notToBeChangedCredential2].map(async (credential) => {
const untouchedCredential = await Container.get(CredentialsRepository).findOneBy({
id: credential.id,
});
expect(untouchedCredential).toEqual(credential); // not deleted
const untouchedSharedCredential = await Container.get(SharedCredentialsRepository).findOne({
where: {
credentialsId: credential.id,
},
});
expect(untouchedSharedCredential).toBeDefined(); // not deleted
}),
);
});
test('should not delete non-owned cred for member', async () => {
const savedCredential = await saveCredential(dbCredential(), { user: owner });
const response = await authMemberAgent.delete(`/credentials/${savedCredential.id}`);
expect(response.statusCode).toBe(403);
const shellCredential = await Container.get(CredentialsRepository).findOneBy({
id: savedCredential.id,
});
expect(shellCredential).toBeDefined(); // not deleted
const deletedSharedCredential = await Container.get(SharedCredentialsRepository).findOneBy({});
expect(deletedSharedCredential).toBeDefined(); // not deleted
});
test('should fail if cred not found', async () => {
const response = await authOwnerAgent.delete('/credentials/123');
expect(response.statusCode).toBe(404);
});
});
describe('GET /credentials/schema/:credentialType', () => {
test('should fail due to not found type', async () => {
const response = await authOwnerAgent.get('/credentials/schema/testing');
expect(response.statusCode).toBe(404);
});
test('should retrieve credential type', async () => {
const response = await authOwnerAgent.get('/credentials/schema/ftp');
const { additionalProperties, type, properties, required } = response.body;
expect(additionalProperties).toBe(false);
expect(type).toBe('object');
expect(properties.host.type).toBe('string');
expect(properties.port.type).toBe('number');
expect(properties.username.type).toBe('string');
expect(properties.password.type).toBe('string');
expect(required).toEqual(expect.arrayContaining(['host', 'port']));
expect(response.statusCode).toBe(200);
});
});
describe('PUT /credentials/:id/transfer', () => {
test('should transfer credential to project', async () => {
/**
* Arrange
*/
const [firstProject, secondProject] = await Promise.all([
createTeamProject('first-project', owner),
createTeamProject('second-project', owner),
]);
const credentials = await createCredentials(
{ name: 'Test', type: 'test', data: '' },
firstProject,
);
/**
* Act
*/
const response = await authOwnerAgent.put(`/credentials/${credentials.id}/transfer`).send({
destinationProjectId: secondProject.id,
});
/**
* Assert
*/
expect(response.statusCode).toBe(204);
});
test('if no destination project, should reject', async () => {
/**
* Arrange
*/
const project = await createTeamProject('first-project', member);
const credentials = await createCredentials({ name: 'Test', type: 'test', data: '' }, project);
/**
* Act
*/
const response = await authOwnerAgent.put(`/credentials/${credentials.id}/transfer`).send({});
/**
* Assert
*/
expect(response.statusCode).toBe(400);
});
});
const credentialPayload = (): CredentialPayload => ({
name: randomName(),
type: 'githubApi',
data: {
accessToken: randomString(6, 16),
server: randomString(1, 10),
user: randomString(1, 10),
},
});
const dbCredential = () => {
const credential = credentialPayload();
return credential;
};
const INVALID_PAYLOADS = [
{
type: randomName(),
data: { accessToken: randomString(6, 16) },
},
{
name: randomName(),
data: { accessToken: randomString(6, 16) },
},
{
name: randomName(),
type: randomName(),
},
{},
[],
undefined,
];

538
packages/cli/test/integration/public-api/executions.test.ts Normal file
View File

@@ -0,0 +1,538 @@
import type { User } from '@/databases/entities/User';
import type { ActiveWorkflowManager } from '@/active-workflow-manager';
import { randomApiKey } from '../shared/random';
import * as utils from '../shared/utils/';
import * as testDb from '../shared/test-db';
import { createUser } from '../shared/db/users';
import {
createManyWorkflows,
createWorkflow,
shareWorkflowWithUsers,
} from '../shared/db/workflows';
import {
createErrorExecution,
createExecution,
createManyExecutions,
createSuccessfulExecution,
createWaitingExecution,
} from '../shared/db/executions';
import type { SuperAgentTest } from '../shared/types';
import { mockInstance } from '@test/mocking';
import { Telemetry } from '@/telemetry';
import { createTeamProject } from '@test-integration/db/projects';
import type { ExecutionEntity } from '@/databases/entities/execution-entity';
let owner: User;
let user1: User;
let user2: User;
let authOwnerAgent: SuperAgentTest;
let authUser1Agent: SuperAgentTest;
let authUser2Agent: SuperAgentTest;
let workflowRunner: ActiveWorkflowManager;
mockInstance(Telemetry);
const testServer = utils.setupTestServer({ endpointGroups: ['publicApi'] });
beforeAll(async () => {
owner = await createUser({ role: 'global:owner', apiKey: randomApiKey() });
user1 = await createUser({ role: 'global:member', apiKey: randomApiKey() });
user2 = await createUser({ role: 'global:member', apiKey: randomApiKey() });
// TODO: mock BinaryDataService instead
await utils.initBinaryDataService();
await utils.initNodeTypes();
workflowRunner = await utils.initActiveWorkflowManager();
});
beforeEach(async () => {
await testDb.truncate([
'SharedCredentials',
'SharedWorkflow',
'Workflow',
'Credentials',
'Execution',
'Settings',
]);
authOwnerAgent = testServer.publicApiAgentFor(owner);
authUser1Agent = testServer.publicApiAgentFor(user1);
authUser2Agent = testServer.publicApiAgentFor(user2);
});
afterEach(async () => {
await workflowRunner?.removeAll();
});
const testWithAPIKey =
(method: 'get' | 'post' | 'put' | 'delete', url: string, apiKey: string | null) => async () => {
void authOwnerAgent.set({ 'X-N8N-API-KEY': apiKey });
const response = await authOwnerAgent[method](url);
expect(response.statusCode).toBe(401);
};
describe('GET /executions/:id', () => {
test('should fail due to missing API Key', testWithAPIKey('get', '/executions/1', null));
test('should fail due to invalid API Key', testWithAPIKey('get', '/executions/1', 'abcXYZ'));
test('owner should be able to get an execution owned by him', async () => {
const workflow = await createWorkflow({}, owner);
const execution = await createSuccessfulExecution(workflow);
const response = await authOwnerAgent.get(`/executions/${execution.id}`);
expect(response.statusCode).toBe(200);
const {
id,
finished,
mode,
retryOf,
retrySuccessId,
startedAt,
stoppedAt,
workflowId,
waitTill,
} = response.body;
expect(id).toBeDefined();
expect(finished).toBe(true);
expect(mode).toEqual(execution.mode);
expect(retrySuccessId).toBeNull();
expect(retryOf).toBeNull();
expect(startedAt).not.toBeNull();
expect(stoppedAt).not.toBeNull();
expect(workflowId).toBe(execution.workflowId);
expect(waitTill).toBeNull();
});
test('owner should be able to read executions of other users', async () => {
const workflow = await createWorkflow({}, user1);
const execution = await createSuccessfulExecution(workflow);
const response = await authOwnerAgent.get(`/executions/${execution.id}`);
expect(response.statusCode).toBe(200);
});
test('member should be able to fetch his own executions', async () => {
const workflow = await createWorkflow({}, user1);
const execution = await createSuccessfulExecution(workflow);
const response = await authUser1Agent.get(`/executions/${execution.id}`);
expect(response.statusCode).toBe(200);
});
test('member should not be able to fetch custom data when includeData is not set', async () => {
const workflow = await createWorkflow({}, user1);
const execution = await createExecution(
{
finished: true,
status: 'success',
metadata: [
{ key: 'test1', value: 'value1' },
{ key: 'test2', value: 'value2' },
],
},
workflow,
);
const response = await authUser1Agent.get(`/executions/${execution.id}`);
expect(response.statusCode).toBe(200);
expect(response.body.customData).toBeUndefined();
});
test('member should be able to fetch custom data when includeData=true', async () => {
const workflow = await createWorkflow({}, user1);
const execution = await createExecution(
{
finished: true,
status: 'success',
metadata: [
{ key: 'test1', value: 'value1' },
{ key: 'test2', value: 'value2' },
],
},
workflow,
);
const response = await authUser1Agent.get(`/executions/${execution.id}?includeData=true`);
expect(response.statusCode).toBe(200);
expect(response.body.customData).toEqual({
test1: 'value1',
test2: 'value2',
});
});
test('member should not get an execution of another user without the workflow being shared', async () => {
const workflow = await createWorkflow({}, owner);
const execution = await createSuccessfulExecution(workflow);
const response = await authUser1Agent.get(`/executions/${execution.id}`);
expect(response.statusCode).toBe(404);
});
test('member should be able to fetch executions of workflows shared with him', async () => {
testServer.license.enable('feat:sharing');
const workflow = await createWorkflow({}, user1);
const execution = await createSuccessfulExecution(workflow);
await shareWorkflowWithUsers(workflow, [user2]);
const response = await authUser2Agent.get(`/executions/${execution.id}`);
expect(response.statusCode).toBe(200);
});
});
describe('DELETE /executions/:id', () => {
test('should fail due to missing API Key', testWithAPIKey('delete', '/executions/1', null));
test('should fail due to invalid API Key', testWithAPIKey('delete', '/executions/1', 'abcXYZ'));
test('should delete an execution', async () => {
const workflow = await createWorkflow({}, owner);
const execution = await createSuccessfulExecution(workflow);
const response = await authOwnerAgent.delete(`/executions/${execution.id}`);
expect(response.statusCode).toBe(200);
const {
id,
finished,
mode,
retryOf,
retrySuccessId,
startedAt,
stoppedAt,
workflowId,
waitTill,
} = response.body;
expect(id).toBeDefined();
expect(finished).toBe(true);
expect(mode).toEqual(execution.mode);
expect(retrySuccessId).toBeNull();
expect(retryOf).toBeNull();
expect(startedAt).not.toBeNull();
expect(stoppedAt).not.toBeNull();
expect(workflowId).toBe(execution.workflowId);
expect(waitTill).toBeNull();
await authOwnerAgent.get(`/executions/${execution.id}`).expect(404);
});
});
describe('GET /executions', () => {
test('should fail due to missing API Key', testWithAPIKey('get', '/executions', null));
test('should fail due to invalid API Key', testWithAPIKey('get', '/executions', 'abcXYZ'));
test('should retrieve all successful executions', async () => {
const workflow = await createWorkflow({}, owner);
const successfulExecution = await createSuccessfulExecution(workflow);
await createErrorExecution(workflow);
const response = await authOwnerAgent.get('/executions').query({
status: 'success',
});
expect(response.statusCode).toBe(200);
expect(response.body.data.length).toBe(1);
expect(response.body.nextCursor).toBe(null);
const {
id,
finished,
mode,
retryOf,
retrySuccessId,
startedAt,
stoppedAt,
workflowId,
waitTill,
} = response.body.data[0];
expect(id).toBeDefined();
expect(finished).toBe(true);
expect(mode).toEqual(successfulExecution.mode);
expect(retrySuccessId).toBeNull();
expect(retryOf).toBeNull();
expect(startedAt).not.toBeNull();
expect(stoppedAt).not.toBeNull();
expect(workflowId).toBe(successfulExecution.workflowId);
expect(waitTill).toBeNull();
});
test('should paginate two executions', async () => {
const workflow = await createWorkflow({}, owner);
const firstSuccessfulExecution = await createSuccessfulExecution(workflow);
const secondSuccessfulExecution = await createSuccessfulExecution(workflow);
await createErrorExecution(workflow);
const firstExecutionResponse = await authOwnerAgent.get('/executions').query({
status: 'success',
limit: 1,
});
expect(firstExecutionResponse.statusCode).toBe(200);
expect(firstExecutionResponse.body.data.length).toBe(1);
expect(firstExecutionResponse.body.nextCursor).toBeDefined();
const secondExecutionResponse = await authOwnerAgent.get('/executions').query({
status: 'success',
limit: 1,
cursor: firstExecutionResponse.body.nextCursor,
});
expect(secondExecutionResponse.statusCode).toBe(200);
expect(secondExecutionResponse.body.data.length).toBe(1);
expect(secondExecutionResponse.body.nextCursor).toBeNull();
const successfulExecutions = [firstSuccessfulExecution, secondSuccessfulExecution];
const executions = [...firstExecutionResponse.body.data, ...secondExecutionResponse.body.data];
for (let i = 0; i < executions.length; i++) {
const {
id,
finished,
mode,
retryOf,
retrySuccessId,
startedAt,
stoppedAt,
workflowId,
waitTill,
} = executions[i];
expect(id).toBeDefined();
expect(finished).toBe(true);
expect(mode).toEqual(successfulExecutions[i].mode);
expect(retrySuccessId).toBeNull();
expect(retryOf).toBeNull();
expect(startedAt).not.toBeNull();
expect(stoppedAt).not.toBeNull();
expect(workflowId).toBe(successfulExecutions[i].workflowId);
expect(waitTill).toBeNull();
}
});
test('should retrieve all error executions', async () => {
const workflow = await createWorkflow({}, owner);
await createSuccessfulExecution(workflow);
const errorExecution = await createErrorExecution(workflow);
const response = await authOwnerAgent.get('/executions').query({
status: 'error',
});
expect(response.statusCode).toBe(200);
expect(response.body.data.length).toBe(1);
expect(response.body.nextCursor).toBe(null);
const {
id,
finished,
mode,
retryOf,
retrySuccessId,
startedAt,
stoppedAt,
workflowId,
waitTill,
} = response.body.data[0];
expect(id).toBeDefined();
expect(finished).toBe(false);
expect(mode).toEqual(errorExecution.mode);
expect(retrySuccessId).toBeNull();
expect(retryOf).toBeNull();
expect(startedAt).not.toBeNull();
expect(stoppedAt).not.toBeNull();
expect(workflowId).toBe(errorExecution.workflowId);
expect(waitTill).toBeNull();
});
test('should return all waiting executions', async () => {
const workflow = await createWorkflow({}, owner);
await createSuccessfulExecution(workflow);
await createErrorExecution(workflow);
const waitingExecution = await createWaitingExecution(workflow);
const response = await authOwnerAgent.get('/executions').query({
status: 'waiting',
});
expect(response.statusCode).toBe(200);
expect(response.body.data.length).toBe(1);
expect(response.body.nextCursor).toBe(null);
const {
id,
finished,
mode,
retryOf,
retrySuccessId,
startedAt,
stoppedAt,
workflowId,
waitTill,
} = response.body.data[0];
expect(id).toBeDefined();
expect(finished).toBe(false);
expect(mode).toEqual(waitingExecution.mode);
expect(retrySuccessId).toBeNull();
expect(retryOf).toBeNull();
expect(startedAt).not.toBeNull();
expect(stoppedAt).not.toBeNull();
expect(workflowId).toBe(waitingExecution.workflowId);
expect(new Date(waitTill).getTime()).toBeGreaterThan(Date.now() - 1000);
});
test('should retrieve all executions of specific workflow', async () => {
const [workflow, workflow2] = await createManyWorkflows(2, {}, owner);
const savedExecutions = await createManyExecutions(2, workflow, createSuccessfulExecution);
await createManyExecutions(2, workflow2, createSuccessfulExecution);
const response = await authOwnerAgent.get('/executions').query({
workflowId: workflow.id,
});
expect(response.statusCode).toBe(200);
expect(response.body.data.length).toBe(2);
expect(response.body.nextCursor).toBe(null);
for (const execution of response.body.data) {
const {
id,
finished,
mode,
retryOf,
retrySuccessId,
startedAt,
stoppedAt,
workflowId,
waitTill,
} = execution;
expect(savedExecutions.some((exec) => exec.id === id)).toBe(true);
expect(finished).toBe(true);
expect(mode).toBeDefined();
expect(retrySuccessId).toBeNull();
expect(retryOf).toBeNull();
expect(startedAt).not.toBeNull();
expect(stoppedAt).not.toBeNull();
expect(workflowId).toBe(workflow.id);
expect(waitTill).toBeNull();
}
});
test('should return executions filtered by project ID', async () => {
/**
* Arrange
*/
const [firstProject, secondProject] = await Promise.all([
createTeamProject(),
createTeamProject(),
]);
const [firstWorkflow, secondWorkflow] = await Promise.all([
createWorkflow({}, firstProject),
createWorkflow({}, secondProject),
]);
const [firstExecution, secondExecution, _] = await Promise.all([
createExecution({}, firstWorkflow),
createExecution({}, firstWorkflow),
createExecution({}, secondWorkflow),
]);
/**
* Act
*/
const response = await authOwnerAgent.get('/executions').query({
projectId: firstProject.id,
});
/**
* Assert
*/
expect(response.statusCode).toBe(200);
expect(response.body.data.length).toBe(2);
expect(response.body.nextCursor).toBeNull();
expect(response.body.data.map((execution: ExecutionEntity) => execution.id)).toEqual(
expect.arrayContaining([firstExecution.id, secondExecution.id]),
);
});
test('owner should retrieve all executions regardless of ownership', async () => {
const [firstWorkflowForUser1, secondWorkflowForUser1] = await createManyWorkflows(2, {}, user1);
await createManyExecutions(2, firstWorkflowForUser1, createSuccessfulExecution);
await createManyExecutions(2, secondWorkflowForUser1, createSuccessfulExecution);
const [firstWorkflowForUser2, secondWorkflowForUser2] = await createManyWorkflows(2, {}, user2);
await createManyExecutions(2, firstWorkflowForUser2, createSuccessfulExecution);
await createManyExecutions(2, secondWorkflowForUser2, createSuccessfulExecution);
const response = await authOwnerAgent.get('/executions');
expect(response.statusCode).toBe(200);
expect(response.body.data.length).toBe(8);
expect(response.body.nextCursor).toBe(null);
});
test('member should not see executions of workflows not shared with him', async () => {
const [firstWorkflowForUser1, secondWorkflowForUser1] = await createManyWorkflows(2, {}, user1);
await createManyExecutions(2, firstWorkflowForUser1, createSuccessfulExecution);
await createManyExecutions(2, secondWorkflowForUser1, createSuccessfulExecution);
const [firstWorkflowForUser2, secondWorkflowForUser2] = await createManyWorkflows(2, {}, user2);
await createManyExecutions(2, firstWorkflowForUser2, createSuccessfulExecution);
await createManyExecutions(2, secondWorkflowForUser2, createSuccessfulExecution);
const response = await authUser1Agent.get('/executions');
expect(response.statusCode).toBe(200);
expect(response.body.data.length).toBe(4);
expect(response.body.nextCursor).toBe(null);
});
test('member should also see executions of workflows shared with him', async () => {
testServer.license.enable('feat:sharing');
const [firstWorkflowForUser1, secondWorkflowForUser1] = await createManyWorkflows(2, {}, user1);
await createManyExecutions(2, firstWorkflowForUser1, createSuccessfulExecution);
await createManyExecutions(2, secondWorkflowForUser1, createSuccessfulExecution);
const [firstWorkflowForUser2, secondWorkflowForUser2] = await createManyWorkflows(2, {}, user2);
await createManyExecutions(2, firstWorkflowForUser2, createSuccessfulExecution);
await createManyExecutions(2, secondWorkflowForUser2, createSuccessfulExecution);
await shareWorkflowWithUsers(firstWorkflowForUser2, [user1]);
const response = await authUser1Agent.get('/executions');
expect(response.statusCode).toBe(200);
expect(response.body.data.length).toBe(6);
expect(response.body.nextCursor).toBe(null);
});
});

401
packages/cli/test/integration/public-api/projects.test.ts Normal file
View File

@@ -0,0 +1,401 @@
import { setupTestServer } from '@test-integration/utils';
import { createMember, createOwner } from '@test-integration/db/users';
import * as testDb from '../shared/test-db';
import { FeatureNotLicensedError } from '@/errors/feature-not-licensed.error';
import { createTeamProject, getProjectByNameOrFail } from '@test-integration/db/projects';
import { mockInstance } from '@test/mocking';
import { Telemetry } from '@/telemetry';
describe('Projects in Public API', () => {
const testServer = setupTestServer({ endpointGroups: ['publicApi'] });
mockInstance(Telemetry);
beforeAll(async () => {
await testDb.init();
});
beforeEach(async () => {
await testDb.truncate(['Project', 'User']);
});
describe('GET /projects', () => {
it('if licensed, should return all projects with pagination', async () => {
/**
* Arrange
*/
testServer.license.setQuota('quota:maxTeamProjects', -1);
testServer.license.enable('feat:projectRole:admin');
const owner = await createOwner({ withApiKey: true });
const projects = await Promise.all([
createTeamProject(),
createTeamProject(),
createTeamProject(),
]);
/**
* Act
*/
const response = await testServer.publicApiAgentFor(owner).get('/projects');
/**
* Assert
*/
expect(response.status).toBe(200);
expect(response.body).toHaveProperty('data');
expect(response.body).toHaveProperty('nextCursor');
expect(Array.isArray(response.body.data)).toBe(true);
expect(response.body.data.length).toBe(projects.length + 1); // +1 for the owner's personal project
projects.forEach(({ id, name }) => {
expect(response.body.data).toContainEqual(expect.objectContaining({ id, name }));
});
});
it('if not authenticated, should reject', async () => {
/**
* Arrange
*/
const owner = await createOwner({ withApiKey: false });
/**
* Act
*/
const response = await testServer.publicApiAgentFor(owner).get('/projects');
/**
* Assert
*/
expect(response.status).toBe(401);
expect(response.body).toHaveProperty('message', "'X-N8N-API-KEY' header required");
});
it('if not licensed, should reject', async () => {
/**
* Arrange
*/
const owner = await createOwner({ withApiKey: true });
/**
* Act
*/
const response = await testServer.publicApiAgentFor(owner).get('/projects');
/**
* Assert
*/
expect(response.status).toBe(403);
expect(response.body).toHaveProperty(
'message',
new FeatureNotLicensedError('feat:projectRole:admin').message,
);
});
it('if missing scope, should reject', async () => {
/**
* Arrange
*/
testServer.license.setQuota('quota:maxTeamProjects', -1);
testServer.license.enable('feat:projectRole:admin');
const owner = await createMember({ withApiKey: true });
/**
* Act
*/
const response = await testServer.publicApiAgentFor(owner).get('/projects');
/**
* Assert
*/
expect(response.status).toBe(403);
expect(response.body).toHaveProperty('message', 'Forbidden');
});
});
describe('POST /projects', () => {
it('if licensed, should create a new project', async () => {
/**
* Arrange
*/
testServer.license.setQuota('quota:maxTeamProjects', -1);
testServer.license.enable('feat:projectRole:admin');
const owner = await createOwner({ withApiKey: true });
const projectPayload = { name: 'some-project' };
/**
* Act
*/
const response = await testServer
.publicApiAgentFor(owner)
.post('/projects')
.send(projectPayload);
/**
* Assert
*/
expect(response.status).toBe(201);
expect(response.body).toEqual({
name: 'some-project',
type: 'team',
id: expect.any(String),
createdAt: expect.any(String),
updatedAt: expect.any(String),
role: 'project:admin',
scopes: expect.any(Array),
});
await expect(getProjectByNameOrFail(projectPayload.name)).resolves.not.toThrow();
});
it('if not authenticated, should reject', async () => {
/**
* Arrange
*/
const owner = await createOwner({ withApiKey: false });
const projectPayload = { name: 'some-project' };
/**
* Act
*/
const response = await testServer
.publicApiAgentFor(owner)
.post('/projects')
.send(projectPayload);
/**
* Assert
*/
expect(response.status).toBe(401);
expect(response.body).toHaveProperty('message', "'X-N8N-API-KEY' header required");
});
it('if not licensed, should reject', async () => {
/**
* Arrange
*/
const owner = await createOwner({ withApiKey: true });
const projectPayload = { name: 'some-project' };
/**
* Act
*/
const response = await testServer
.publicApiAgentFor(owner)
.post('/projects')
.send(projectPayload);
/**
* Assert
*/
expect(response.status).toBe(403);
expect(response.body).toHaveProperty(
'message',
new FeatureNotLicensedError('feat:projectRole:admin').message,
);
});
it('if missing scope, should reject', async () => {
/**
* Arrange
*/
testServer.license.setQuota('quota:maxTeamProjects', -1);
testServer.license.enable('feat:projectRole:admin');
const member = await createMember({ withApiKey: true });
const projectPayload = { name: 'some-project' };
/**
* Act
*/
const response = await testServer
.publicApiAgentFor(member)
.post('/projects')
.send(projectPayload);
/**
* Assert
*/
expect(response.status).toBe(403);
expect(response.body).toHaveProperty('message', 'Forbidden');
});
});
describe('DELETE /projects/:id', () => {
it('if licensed, should delete a project', async () => {
/**
* Arrange
*/
testServer.license.setQuota('quota:maxTeamProjects', -1);
testServer.license.enable('feat:projectRole:admin');
const owner = await createOwner({ withApiKey: true });
const project = await createTeamProject();
/**
* Act
*/
const response = await testServer.publicApiAgentFor(owner).delete(`/projects/${project.id}`);
/**
* Assert
*/
expect(response.status).toBe(204);
await expect(getProjectByNameOrFail(project.id)).rejects.toThrow();
});
it('if not authenticated, should reject', async () => {
/**
* Arrange
*/
const owner = await createOwner({ withApiKey: false });
const project = await createTeamProject();
/**
* Act
*/
const response = await testServer.publicApiAgentFor(owner).delete(`/projects/${project.id}`);
/**
* Assert
*/
expect(response.status).toBe(401);
expect(response.body).toHaveProperty('message', "'X-N8N-API-KEY' header required");
});
it('if not licensed, should reject', async () => {
/**
* Arrange
*/
const owner = await createOwner({ withApiKey: true });
const project = await createTeamProject();
/**
* Act
*/
const response = await testServer.publicApiAgentFor(owner).delete(`/projects/${project.id}`);
/**
* Assert
*/
expect(response.status).toBe(403);
expect(response.body).toHaveProperty(
'message',
new FeatureNotLicensedError('feat:projectRole:admin').message,
);
});
it('if missing scope, should reject', async () => {
/**
* Arrange
*/
testServer.license.setQuota('quota:maxTeamProjects', -1);
testServer.license.enable('feat:projectRole:admin');
const member = await createMember({ withApiKey: true });
const project = await createTeamProject();
/**
* Act
*/
const response = await testServer.publicApiAgentFor(member).delete(`/projects/${project.id}`);
/**
* Assert
*/
expect(response.status).toBe(403);
expect(response.body).toHaveProperty('message', 'Forbidden');
});
});
describe('PUT /projects/:id', () => {
it('if licensed, should update a project', async () => {
/**
* Arrange
*/
testServer.license.setQuota('quota:maxTeamProjects', -1);
testServer.license.enable('feat:projectRole:admin');
const owner = await createOwner({ withApiKey: true });
const project = await createTeamProject('old-name');
/**
* Act
*/
const response = await testServer
.publicApiAgentFor(owner)
.put(`/projects/${project.id}`)
.send({ name: 'new-name' });
/**
* Assert
*/
expect(response.status).toBe(204);
await expect(getProjectByNameOrFail('new-name')).resolves.not.toThrow();
});
it('if not authenticated, should reject', async () => {
/**
* Arrange
*/
const owner = await createOwner({ withApiKey: false });
const project = await createTeamProject();
/**
* Act
*/
const response = await testServer
.publicApiAgentFor(owner)
.put(`/projects/${project.id}`)
.send({ name: 'new-name' });
/**
* Assert
*/
expect(response.status).toBe(401);
expect(response.body).toHaveProperty('message', "'X-N8N-API-KEY' header required");
});
it('if not licensed, should reject', async () => {
/**
* Arrange
*/
const owner = await createOwner({ withApiKey: true });
const project = await createTeamProject();
/**
* Act
*/
const response = await testServer
.publicApiAgentFor(owner)
.put(`/projects/${project.id}`)
.send({ name: 'new-name' });
/**
* Assert
*/
expect(response.status).toBe(403);
expect(response.body).toHaveProperty(
'message',
new FeatureNotLicensedError('feat:projectRole:admin').message,
);
});
it('if missing scope, should reject', async () => {
/**
* Arrange
*/
testServer.license.setQuota('quota:maxTeamProjects', -1);
testServer.license.enable('feat:projectRole:admin');
const member = await createMember({ withApiKey: true });
const project = await createTeamProject();
/**
* Act
*/
const response = await testServer
.publicApiAgentFor(member)
.put(`/projects/${project.id}`)
.send({ name: 'new-name' });
/**
* Assert
*/
expect(response.status).toBe(403);
expect(response.body).toHaveProperty('message', 'Forbidden');
});
});
});

337
packages/cli/test/integration/public-api/tags.test.ts Normal file
View File

@@ -0,0 +1,337 @@
import { Container } from 'typedi';
import type { User } from '@/databases/entities/User';
import { TagRepository } from '@/databases/repositories/tag.repository';
import { randomApiKey } from '../shared/random';
import * as utils from '../shared/utils/';
import * as testDb from '../shared/test-db';
import { createUser } from '../shared/db/users';
import { createTag } from '../shared/db/tags';
import type { SuperAgentTest } from '../shared/types';
let owner: User;
let member: User;
let authOwnerAgent: SuperAgentTest;
let authMemberAgent: SuperAgentTest;
const testServer = utils.setupTestServer({ endpointGroups: ['publicApi'] });
beforeAll(async () => {
owner = await createUser({
role: 'global:owner',
apiKey: randomApiKey(),
});
member = await createUser({
role: 'global:member',
apiKey: randomApiKey(),
});
});
beforeEach(async () => {
await testDb.truncate(['Tag']);
authOwnerAgent = testServer.publicApiAgentFor(owner);
authMemberAgent = testServer.publicApiAgentFor(member);
});
const testWithAPIKey =
(method: 'get' | 'post' | 'put' | 'delete', url: string, apiKey: string | null) => async () => {
void authOwnerAgent.set({ 'X-N8N-API-KEY': apiKey });
const response = await authOwnerAgent[method](url);
expect(response.statusCode).toBe(401);
};
describe('GET /tags', () => {
test('should fail due to missing API Key', testWithAPIKey('get', '/tags', null));
test('should fail due to invalid API Key', testWithAPIKey('get', '/tags', 'abcXYZ'));
test('should return all tags', async () => {
await Promise.all([createTag({}), createTag({}), createTag({})]);
const response = await authMemberAgent.get('/tags');
expect(response.statusCode).toBe(200);
expect(response.body.data.length).toBe(3);
expect(response.body.nextCursor).toBeNull();
for (const tag of response.body.data) {
const { id, name, createdAt, updatedAt } = tag;
expect(id).toBeDefined();
expect(name).toBeDefined();
expect(createdAt).toBeDefined();
expect(updatedAt).toBeDefined();
}
});
test('should return all tags with pagination', async () => {
await Promise.all([createTag({}), createTag({}), createTag({})]);
const response = await authMemberAgent.get('/tags?limit=1');
expect(response.statusCode).toBe(200);
expect(response.body.data.length).toBe(1);
expect(response.body.nextCursor).not.toBeNull();
const response2 = await authMemberAgent.get(`/tags?limit=1&cursor=${response.body.nextCursor}`);
expect(response2.statusCode).toBe(200);
expect(response2.body.data.length).toBe(1);
expect(response2.body.nextCursor).not.toBeNull();
expect(response2.body.nextCursor).not.toBe(response.body.nextCursor);
const responses = [...response.body.data, ...response2.body.data];
for (const tag of responses) {
const { id, name, createdAt, updatedAt } = tag;
expect(id).toBeDefined();
expect(name).toBeDefined();
expect(createdAt).toBeDefined();
expect(updatedAt).toBeDefined();
}
// check that we really received a different result
expect(response.body.data[0].id).not.toBe(response2.body.data[0].id);
});
});
describe('GET /tags/:id', () => {
test('should fail due to missing API Key', testWithAPIKey('get', '/tags/gZqmqiGAuo1dHT7q', null));
test(
'should fail due to invalid API Key',
testWithAPIKey('get', '/tags/gZqmqiGAuo1dHT7q', 'abcXYZ'),
);
test('should fail due to non-existing tag', async () => {
const response = await authOwnerAgent.get('/tags/gZqmqiGAuo1dHT7q');
expect(response.statusCode).toBe(404);
});
test('should retrieve tag', async () => {
// create tag
const tag = await createTag({});
const response = await authMemberAgent.get(`/tags/${tag.id}`);
expect(response.statusCode).toBe(200);
const { id, name, createdAt, updatedAt } = response.body;
expect(id).toEqual(tag.id);
expect(name).toEqual(tag.name);
expect(createdAt).toEqual(tag.createdAt.toISOString());
expect(updatedAt).toEqual(tag.updatedAt.toISOString());
});
});
describe('DELETE /tags/:id', () => {
test(
'should fail due to missing API Key',
testWithAPIKey('delete', '/tags/gZqmqiGAuo1dHT7q', null),
);
test(
'should fail due to invalid API Key',
testWithAPIKey('delete', '/tags/gZqmqiGAuo1dHT7q', 'abcXYZ'),
);
test('should fail due to non-existing tag', async () => {
const response = await authOwnerAgent.delete('/tags/gZqmqiGAuo1dHT7q');
expect(response.statusCode).toBe(404);
});
test('owner should delete the tag', async () => {
// create tag
const tag = await createTag({});
const response = await authOwnerAgent.delete(`/tags/${tag.id}`);
expect(response.statusCode).toBe(200);
const { id, name, createdAt, updatedAt } = response.body;
expect(id).toEqual(tag.id);
expect(name).toEqual(tag.name);
expect(createdAt).toEqual(tag.createdAt.toISOString());
expect(updatedAt).toEqual(tag.updatedAt.toISOString());
// make sure the tag actually deleted from the db
const deletedTag = await Container.get(TagRepository).findOneBy({
id: tag.id,
});
expect(deletedTag).toBeNull();
});
test('non-owner should not delete tag', async () => {
// create tag
const tag = await createTag({});
const response = await authMemberAgent.delete(`/tags/${tag.id}`);
expect(response.statusCode).toBe(403);
const { message } = response.body;
expect(message).toEqual('Forbidden');
// make sure the tag was not deleted from the db
const notDeletedTag = await Container.get(TagRepository).findOneBy({
id: tag.id,
});
expect(notDeletedTag).not.toBeNull();
});
});
describe('POST /tags', () => {
test('should fail due to missing API Key', testWithAPIKey('post', '/tags', null));
test('should fail due to invalid API Key', testWithAPIKey('post', '/tags', 'abcXYZ'));
test('should fail due to invalid body', async () => {
const response = await authOwnerAgent.post('/tags').send({});
expect(response.statusCode).toBe(400);
});
test('should create tag', async () => {
const payload = {
name: 'Tag 1',
};
const response = await authMemberAgent.post('/tags').send(payload);
expect(response.statusCode).toBe(201);
const { id, name, createdAt, updatedAt } = response.body;
expect(id).toBeDefined();
expect(name).toBe(payload.name);
expect(createdAt).toBeDefined();
expect(updatedAt).toEqual(createdAt);
// check if created tag in DB
const tag = await Container.get(TagRepository).findOne({
where: {
id,
},
});
expect(tag?.name).toBe(name);
expect(tag?.createdAt.toISOString()).toEqual(createdAt);
expect(tag?.updatedAt.toISOString()).toEqual(updatedAt);
});
test('should not create tag if tag with same name exists', async () => {
const tag = {
name: 'Tag 1',
};
// create tag
await createTag(tag);
const response = await authMemberAgent.post('/tags').send(tag);
expect(response.statusCode).toBe(409);
const { message } = response.body;
expect(message).toBe('Tag already exists');
});
});
describe('PUT /tags/:id', () => {
test('should fail due to missing API Key', testWithAPIKey('put', '/tags/gZqmqiGAuo1dHT7q', null));
test(
'should fail due to invalid API Key',
testWithAPIKey('put', '/tags/gZqmqiGAuo1dHT7q', 'abcXYZ'),
);
test('should fail due to non-existing tag', async () => {
const response = await authOwnerAgent.put('/tags/gZqmqiGAuo1dHT7q').send({
name: 'testing',
});
expect(response.statusCode).toBe(404);
});
test('should fail due to invalid body', async () => {
const response = await authOwnerAgent.put('/tags/gZqmqiGAuo1dHT7q').send({});
expect(response.statusCode).toBe(400);
});
test('should update tag', async () => {
const tag = await createTag({});
const payload = {
name: 'New name',
};
const response = await authOwnerAgent.put(`/tags/${tag.id}`).send(payload);
const { id, name, updatedAt } = response.body;
expect(response.statusCode).toBe(200);
expect(id).toBe(tag.id);
expect(name).toBe(payload.name);
expect(updatedAt).not.toBe(tag.updatedAt.toISOString());
// check updated tag in DB
const dbTag = await Container.get(TagRepository).findOne({
where: {
id,
},
});
expect(dbTag?.name).toBe(payload.name);
expect(dbTag?.updatedAt.getTime()).toBeGreaterThan(tag.updatedAt.getTime());
});
test('should fail if there is already a tag with a the new name', async () => {
const toUpdateTag = await createTag({});
const otherTag = await createTag({ name: 'Some name' });
const payload = {
name: otherTag.name,
};
const response = await authOwnerAgent.put(`/tags/${toUpdateTag.id}`).send(payload);
expect(response.statusCode).toBe(409);
const { message } = response.body;
expect(message).toBe('Tag already exists');
// check tags haven't be updated in DB
const toUpdateTagFromDb = await Container.get(TagRepository).findOne({
where: {
id: toUpdateTag.id,
},
});
expect(toUpdateTagFromDb?.name).toEqual(toUpdateTag.name);
expect(toUpdateTagFromDb?.createdAt.toISOString()).toEqual(toUpdateTag.createdAt.toISOString());
expect(toUpdateTagFromDb?.updatedAt.toISOString()).toEqual(toUpdateTag.updatedAt.toISOString());
const otherTagFromDb = await Container.get(TagRepository).findOne({
where: {
id: otherTag.id,
},
});
expect(otherTagFromDb?.name).toEqual(otherTag.name);
expect(otherTagFromDb?.createdAt.toISOString()).toEqual(otherTag.createdAt.toISOString());
expect(otherTagFromDb?.updatedAt.toISOString()).toEqual(otherTag.updatedAt.toISOString());
});
});

266
packages/cli/test/integration/public-api/users.ee.test.ts Normal file
View File

@@ -0,0 +1,266 @@
import validator from 'validator';
import { v4 as uuid } from 'uuid';
import { License } from '@/license';
import { mockInstance } from '../../shared/mocking';
import { randomApiKey } from '../shared/random';
import * as utils from '../shared/utils/';
import * as testDb from '../shared/test-db';
import { createOwner, createUser, createUserShell } from '../shared/db/users';
import type { SuperAgentTest } from '../shared/types';
import { createTeamProject, linkUserToProject } from '@test-integration/db/projects';
import type { User } from '@/databases/entities/User';
mockInstance(License, {
getUsersLimit: jest.fn().mockReturnValue(-1),
});
const testServer = utils.setupTestServer({ endpointGroups: ['publicApi'] });
beforeEach(async () => {
await testDb.truncate(['SharedCredentials', 'SharedWorkflow', 'Workflow', 'Credentials', 'User']);
});
describe('With license unlimited quota:users', () => {
describe('GET /users', () => {
test('should fail due to missing API Key', async () => {
const owner = await createUser({ role: 'global:owner' });
const authOwnerAgent = testServer.publicApiAgentFor(owner);
await authOwnerAgent.get('/users').expect(401);
});
test('should fail due to invalid API Key', async () => {
const owner = await createUser({
role: 'global:owner',
apiKey: randomApiKey(),
});
owner.apiKey = 'invalid-key';
const authOwnerAgent = testServer.publicApiAgentFor(owner);
await authOwnerAgent.get('/users').expect(401);
});
test('should fail due to member trying to access owner only endpoint', async () => {
const member = await createUser({ apiKey: randomApiKey() });
const authMemberAgent = testServer.publicApiAgentFor(member);
await authMemberAgent.get('/users').expect(403);
});
test('should return all users', async () => {
const owner = await createUser({
role: 'global:owner',
apiKey: randomApiKey(),
});
const authOwnerAgent = testServer.publicApiAgentFor(owner);
await createUser();
const response = await authOwnerAgent.get('/users').expect(200);
expect(response.body.data.length).toBe(2);
expect(response.body.nextCursor).toBeNull();
for (const user of response.body.data) {
const {
id,
email,
firstName,
lastName,
personalizationAnswers,
role,
password,
isPending,
createdAt,
updatedAt,
} = user;
expect(validator.isUUID(id)).toBe(true);
expect(email).toBeDefined();
expect(firstName).toBeDefined();
expect(lastName).toBeDefined();
expect(personalizationAnswers).toBeUndefined();
expect(password).toBeUndefined();
expect(isPending).toBe(false);
expect(role).toBeUndefined();
expect(createdAt).toBeDefined();
expect(updatedAt).toBeDefined();
}
});
it('should return users filtered by project ID', async () => {
/**
* Arrange
*/
const [owner, firstMember, secondMember, thirdMember] = await Promise.all([
createOwner({ withApiKey: true }),
createUser({ role: 'global:member' }),
createUser({ role: 'global:member' }),
createUser({ role: 'global:member' }),
]);
const [firstProject, secondProject] = await Promise.all([
createTeamProject(),
createTeamProject(),
]);
await Promise.all([
linkUserToProject(firstMember, firstProject, 'project:admin'),
linkUserToProject(secondMember, firstProject, 'project:viewer'),
linkUserToProject(thirdMember, secondProject, 'project:admin'),
]);
/**
* Act
*/
const response = await testServer.publicApiAgentFor(owner).get('/users').query({
projectId: firstProject.id,
});
/**
* Assert
*/
expect(response.status).toBe(200);
expect(response.body.data.length).toBe(2);
expect(response.body.nextCursor).toBeNull();
expect(response.body.data.map((user: User) => user.id)).toEqual(
expect.arrayContaining([firstMember.id, secondMember.id]),
);
});
});
describe('GET /users/:id', () => {
test('should fail due to missing API Key', async () => {
const owner = await createUser({ role: 'global:owner' });
const authOwnerAgent = testServer.publicApiAgentFor(owner);
await authOwnerAgent.get(`/users/${owner.id}`).expect(401);
});
test('should fail due to invalid API Key', async () => {
const owner = await createUser({
role: 'global:owner',
apiKey: randomApiKey(),
});
owner.apiKey = 'invalid-key';
const authOwnerAgent = testServer.publicApiAgentFor(owner);
await authOwnerAgent.get(`/users/${owner.id}`).expect(401);
});
test('should fail due to member trying to access owner only endpoint', async () => {
const member = await createUser({ apiKey: randomApiKey() });
const authMemberAgent = testServer.publicApiAgentFor(member);
await authMemberAgent.get(`/users/${member.id}`).expect(403);
});
test('should return 404 for non-existing id ', async () => {
const owner = await createUser({
role: 'global:owner',
apiKey: randomApiKey(),
});
const authOwnerAgent = testServer.publicApiAgentFor(owner);
await authOwnerAgent.get(`/users/${uuid()}`).expect(404);
});
test('should return a pending user', async () => {
const owner = await createUser({
role: 'global:owner',
apiKey: randomApiKey(),
});
const { id: memberId } = await createUserShell('global:member');
const authOwnerAgent = testServer.publicApiAgentFor(owner);
const response = await authOwnerAgent.get(`/users/${memberId}`).expect(200);
const {
id,
email,
firstName,
lastName,
personalizationAnswers,
role,
password,
isPending,
createdAt,
updatedAt,
} = response.body;
expect(validator.isUUID(id)).toBe(true);
expect(email).toBeDefined();
expect(firstName).toBeDefined();
expect(lastName).toBeDefined();
expect(personalizationAnswers).toBeUndefined();
expect(password).toBeUndefined();
expect(role).toBeUndefined();
expect(createdAt).toBeDefined();
expect(isPending).toBeDefined();
expect(isPending).toBeTruthy();
expect(updatedAt).toBeDefined();
});
});
describe('GET /users/:email', () => {
test('with non-existing email should return 404', async () => {
const owner = await createUser({
role: 'global:owner',
apiKey: randomApiKey(),
});
const authOwnerAgent = testServer.publicApiAgentFor(owner);
await authOwnerAgent.get('/users/jhondoe@gmail.com').expect(404);
});
test('should return a user', async () => {
const owner = await createUser({
role: 'global:owner',
apiKey: randomApiKey(),
});
const authOwnerAgent = testServer.publicApiAgentFor(owner);
const response = await authOwnerAgent.get(`/users/${owner.email}`).expect(200);
const {
id,
email,
firstName,
lastName,
personalizationAnswers,
role,
password,
isPending,
createdAt,
updatedAt,
} = response.body;
expect(validator.isUUID(id)).toBe(true);
expect(email).toBeDefined();
expect(firstName).toBeDefined();
expect(lastName).toBeDefined();
expect(personalizationAnswers).toBeUndefined();
expect(password).toBeUndefined();
expect(isPending).toBe(false);
expect(role).toBeUndefined();
expect(createdAt).toBeDefined();
expect(updatedAt).toBeDefined();
});
});
});
describe('With license without quota:users', () => {
let authOwnerAgent: SuperAgentTest;
beforeEach(async () => {
mockInstance(License, { getUsersLimit: jest.fn().mockReturnValue(null) });
const owner = await createUser({
role: 'global:owner',
apiKey: randomApiKey(),
});
authOwnerAgent = testServer.publicApiAgentFor(owner);
});
test('GET /users should fail due to invalid license', async () => {
await authOwnerAgent.get('/users').expect(403);
});
test('GET /users/:id should fail due to invalid license', async () => {
await authOwnerAgent.get(`/users/${uuid()}`).expect(403);
});
});

252
packages/cli/test/integration/public-api/users.test.ts Normal file
View File

@@ -0,0 +1,252 @@
import { setupTestServer } from '@test-integration/utils';
import * as testDb from '../shared/test-db';
import { createMember, createOwner, getUserById } from '@test-integration/db/users';
import { mockInstance } from '@test/mocking';
import { Telemetry } from '@/telemetry';
import { FeatureNotLicensedError } from '@/errors/feature-not-licensed.error';
describe('Users in Public API', () => {
const testServer = setupTestServer({ endpointGroups: ['publicApi'] });
mockInstance(Telemetry);
beforeAll(async () => {
await testDb.init();
});
beforeEach(async () => {
await testDb.truncate(['User']);
});
describe('POST /users', () => {
it('if not authenticated, should reject', async () => {
/**
* Arrange
*/
const owner = await createOwner({ withApiKey: false });
const payload = { email: 'test@test.com', role: 'global:admin' };
/**
* Act
*/
const response = await testServer.publicApiAgentFor(owner).post('/users').send(payload);
/**
* Assert
*/
expect(response.status).toBe(401);
});
it('if missing scope, should reject', async () => {
/**
* Arrange
*/
testServer.license.enable('feat:advancedPermissions');
const member = await createMember({ withApiKey: true });
const payload = [{ email: 'test@test.com', role: 'global:admin' }];
/**
* Act
*/
const response = await testServer.publicApiAgentFor(member).post('/users').send(payload);
/**
* Assert
*/
expect(response.status).toBe(403);
expect(response.body).toHaveProperty('message', 'Forbidden');
});
it('should create a user', async () => {
/**
* Arrange
*/
testServer.license.enable('feat:advancedPermissions');
const owner = await createOwner({ withApiKey: true });
const payload = [{ email: 'test@test.com', role: 'global:admin' }];
/**
* Act
*/
const response = await testServer.publicApiAgentFor(owner).post('/users').send(payload);
/**
* Assert
*/
expect(response.status).toBe(201);
expect(response.body).toHaveLength(1);
const [result] = response.body;
const { user: returnedUser, error } = result;
const payloadUser = payload[0];
expect(returnedUser).toHaveProperty('email', payload[0].email);
expect(typeof returnedUser.inviteAcceptUrl).toBe('string');
expect(typeof returnedUser.emailSent).toBe('boolean');
expect(error).toBe('');
const storedUser = await getUserById(returnedUser.id);
expect(returnedUser.id).toBe(storedUser.id);
expect(returnedUser.email).toBe(storedUser.email);
expect(returnedUser.email).toBe(payloadUser.email);
expect(storedUser.role).toBe(payloadUser.role);
});
});
describe('DELETE /users/:id', () => {
it('if not authenticated, should reject', async () => {
/**
* Arrange
*/
const owner = await createOwner({ withApiKey: false });
const member = await createMember();
/**
* Act
*/
const response = await testServer.publicApiAgentFor(owner).delete(`/users/${member.id}`);
/**
* Assert
*/
expect(response.status).toBe(401);
});
it('if missing scope, should reject', async () => {
/**
* Arrange
*/
testServer.license.enable('feat:advancedPermissions');
const firstMember = await createMember({ withApiKey: true });
const secondMember = await createMember();
/**
* Act
*/
const response = await testServer
.publicApiAgentFor(firstMember)
.delete(`/users/${secondMember.id}`);
/**
* Assert
*/
expect(response.status).toBe(403);
expect(response.body).toHaveProperty('message', 'Forbidden');
});
it('should delete a user', async () => {
/**
* Arrange
*/
testServer.license.enable('feat:advancedPermissions');
const owner = await createOwner({ withApiKey: true });
const member = await createMember();
/**
* Act
*/
const response = await testServer.publicApiAgentFor(owner).delete(`/users/${member.id}`);
/**
* Assert
*/
expect(response.status).toBe(204);
await expect(getUserById(member.id)).rejects.toThrow();
});
});
describe('PATCH /users/:id/role', () => {
it('if not authenticated, should reject', async () => {
/**
* Arrange
*/
const owner = await createOwner({ withApiKey: false });
const member = await createMember();
/**
* Act
*/
const response = await testServer.publicApiAgentFor(owner).patch(`/users/${member.id}/role`);
/**
* Assert
*/
expect(response.status).toBe(401);
});
it('if not licensed, should reject', async () => {
/**
* Arrange
*/
const owner = await createOwner({ withApiKey: true });
const member = await createMember();
const payload = { newRoleName: 'global:admin' };
/**
* Act
*/
const response = await testServer
.publicApiAgentFor(owner)
.patch(`/users/${member.id}/role`)
.send(payload);
/**
* Assert
*/
expect(response.status).toBe(403);
expect(response.body).toHaveProperty(
'message',
new FeatureNotLicensedError('feat:advancedPermissions').message,
);
});
it('if missing scope, should reject', async () => {
/**
* Arrange
*/
testServer.license.enable('feat:advancedPermissions');
const firstMember = await createMember({ withApiKey: true });
const secondMember = await createMember();
const payload = { newRoleName: 'global:admin' };
/**
* Act
*/
const response = await testServer
.publicApiAgentFor(firstMember)
.patch(`/users/${secondMember.id}/role`)
.send(payload);
/**
* Assert
*/
expect(response.status).toBe(403);
expect(response.body).toHaveProperty('message', 'Forbidden');
});
it("should change a user's role", async () => {
/**
* Arrange
*/
testServer.license.enable('feat:advancedPermissions');
const owner = await createOwner({ withApiKey: true });
const member = await createMember();
const payload = { newRoleName: 'global:admin' };
/**
* Act
*/
const response = await testServer
.publicApiAgentFor(owner)
.patch(`/users/${member.id}/role`)
.send(payload);
/**
* Assert
*/
expect(response.status).toBe(204);
const storedUser = await getUserById(member.id);
expect(storedUser.role).toBe(payload.newRoleName);
});
});
});

167
packages/cli/test/integration/public-api/variables.test.ts Normal file
View File

@@ -0,0 +1,167 @@
import { setupTestServer } from '@test-integration/utils';
import { createOwner } from '@test-integration/db/users';
import { createVariable, getVariableOrFail } from '@test-integration/db/variables';
import * as testDb from '../shared/test-db';
import { FeatureNotLicensedError } from '@/errors/feature-not-licensed.error';
describe('Variables in Public API', () => {
const testServer = setupTestServer({ endpointGroups: ['publicApi'] });
beforeAll(async () => {
await testDb.init();
});
beforeEach(async () => {
await testDb.truncate(['Variables', 'User']);
});
describe('GET /variables', () => {
it('if licensed, should return all variables with pagination', async () => {
/**
* Arrange
*/
testServer.license.enable('feat:variables');
const owner = await createOwner({ withApiKey: true });
const variables = await Promise.all([createVariable(), createVariable(), createVariable()]);
/**
* Act
*/
const response = await testServer.publicApiAgentFor(owner).get('/variables');
/**
* Assert
*/
expect(response.status).toBe(200);
expect(response.body).toHaveProperty('data');
expect(response.body).toHaveProperty('nextCursor');
expect(Array.isArray(response.body.data)).toBe(true);
expect(response.body.data.length).toBe(variables.length);
variables.forEach(({ id, key, value }) => {
expect(response.body.data).toContainEqual(expect.objectContaining({ id, key, value }));
});
});
it('if not licensed, should reject', async () => {
/**
* Arrange
*/
const owner = await createOwner({ withApiKey: true });
/**
* Act
*/
const response = await testServer.publicApiAgentFor(owner).get('/variables');
/**
* Assert
*/
expect(response.status).toBe(403);
expect(response.body).toHaveProperty(
'message',
new FeatureNotLicensedError('feat:variables').message,
);
});
});
describe('POST /variables', () => {
it('if licensed, should create a new variable', async () => {
/**
* Arrange
*/
testServer.license.enable('feat:variables');
const owner = await createOwner({ withApiKey: true });
const variablePayload = { key: 'key', value: 'value' };
/**
* Act
*/
const response = await testServer
.publicApiAgentFor(owner)
.post('/variables')
.send(variablePayload);
/**
* Assert
*/
expect(response.status).toBe(201);
await expect(getVariableOrFail(response.body.id)).resolves.toEqual(
expect.objectContaining(variablePayload),
);
});
it('if not licensed, should reject', async () => {
/**
* Arrange
*/
const owner = await createOwner({ withApiKey: true });
const variablePayload = { key: 'key', value: 'value' };
/**
* Act
*/
const response = await testServer
.publicApiAgentFor(owner)
.post('/variables')
.send(variablePayload);
/**
* Assert
*/
expect(response.status).toBe(403);
expect(response.body).toHaveProperty(
'message',
new FeatureNotLicensedError('feat:variables').message,
);
});
});
describe('DELETE /variables/:id', () => {
it('if licensed, should delete a variable', async () => {
/**
* Arrange
*/
testServer.license.enable('feat:variables');
const owner = await createOwner({ withApiKey: true });
const variable = await createVariable();
/**
* Act
*/
const response = await testServer
.publicApiAgentFor(owner)
.delete(`/variables/${variable.id}`);
/**
* Assert
*/
expect(response.status).toBe(204);
await expect(getVariableOrFail(variable.id)).rejects.toThrow();
});
it('if not licensed, should reject', async () => {
/**
* Arrange
*/
const owner = await createOwner({ withApiKey: true });
const variable = await createVariable();
/**
* Act
*/
const response = await testServer
.publicApiAgentFor(owner)
.delete(`/variables/${variable.id}`);
/**
* Assert
*/
expect(response.status).toBe(403);
expect(response.body).toHaveProperty(
'message',
new FeatureNotLicensedError('feat:variables').message,
);
});
});
});

1551
packages/cli/test/integration/public-api/workflows.test.ts Normal file
View File

File diff suppressed because it is too large Load Diff