feat(API): Implement users account quota guards (#6434)

* feat(cli): Implement users account quota guards Signed-off-by: Oleg Ivaniv <me@olegivaniv.com> * Remove comment Signed-off-by: Oleg Ivaniv <me@olegivaniv.com> * Address PR comments - Getting `usersQuota` from `Settings` repo - Revert `isUserManagementEnabled` helper - Fix FE listing of users Signed-off-by: Oleg Ivaniv <me@olegivaniv.com> * Refactor isWithinUserQuota getter and fix tests Signed-off-by: Oleg Ivaniv <me@olegivaniv.com> * Revert testDb.ts changes Signed-off-by: Oleg Ivaniv <me@olegivaniv.com> * Cleanup & improve types Signed-off-by: Oleg Ivaniv <me@olegivaniv.com> * Fix duplicated method * Fix failing test * Remove `isUserManagementEnabled` completely Signed-off-by: Oleg Ivaniv <me@olegivaniv.com> * Check for globalRole.name to determine if user is owner Signed-off-by: Oleg Ivaniv <me@olegivaniv.com> * Fix unit tests Signed-off-by: Oleg Ivaniv <me@olegivaniv.com> * Set isInstanceOwnerSetUp in specs * Fix SettingsUserView UM Signed-off-by: Oleg Ivaniv <me@olegivaniv.com> * refactor: License typings suggestions for users quota guards (#6636) refactor: License typings suggestions * Update packages/cli/src/Ldap/helpers.ts Co-authored-by: Iván Ovejero <ivov.src@gmail.com> * Update packages/cli/test/integration/shared/utils.ts Co-authored-by: Iván Ovejero <ivov.src@gmail.com> * Address PR comments Signed-off-by: Oleg Ivaniv <me@olegivaniv.com> * Use 403 for all user quota related errors Signed-off-by: Oleg Ivaniv <me@olegivaniv.com> --------- Signed-off-by: Oleg Ivaniv <me@olegivaniv.com> Co-authored-by: Iván Ovejero <ivov.src@gmail.com>
2025-12-17 01:56:46 +00:00 · 2023-07-12 14:11:46 +02:00
parent 26046f6fe8
commit e5620ab1e4
33 changed files with 271 additions and 94 deletions
--- a/packages/cli/test/integration/auth.api.test.ts
+++ b/packages/cli/test/integration/auth.api.test.ts
@@ -1,5 +1,7 @@
 import type { Application } from 'express';
 import type { SuperAgentTest } from 'supertest';
+import { Container } from 'typedi';
+import { License } from '@/License';
 import validator from 'validator';
 import config from '@/config';
 import * as Db from '@/Db';
@@ -84,6 +86,26 @@ describe('POST /login', () => {
 		const authToken = utils.getAuthToken(response);
 		expect(authToken).toBeDefined();
 	});
+
+	test('should throw AuthError for non-owner if not within users limit quota', async () => {
+		jest.spyOn(Container.get(License), 'isWithinUsersLimit').mockReturnValueOnce(false);
+		const member = await testDb.createUserShell(globalMemberRole);
+
+		const response = await authAgent(member).get('/login');
+		expect(response.statusCode).toBe(401);
+	});
+
+	test('should not throw AuthError for owner if not within users limit quota', async () => {
+		jest.spyOn(Container.get(License), 'isWithinUsersLimit').mockReturnValueOnce(false);
+		const ownerUser = await testDb.createUser({
+			password: randomValidPassword(),
+			globalRole: globalOwnerRole,
+			isOwner: true,
+		});
+
+		const response = await authAgent(ownerUser).get('/login');
+		expect(response.statusCode).toBe(200);
+	});
 });

 describe('GET /login', () => {
@@ -292,6 +314,18 @@ describe('GET /resolve-signup-token', () => {
 		});
 	});

+	test('should return 403 if user quota reached', async () => {
+		jest.spyOn(Container.get(License), 'isWithinUsersLimit').mockReturnValueOnce(false);
+		const memberShell = await testDb.createUserShell(globalMemberRole);
+
+		const response = await authOwnerAgent
+			.get('/resolve-signup-token')
+			.query({ inviterId: owner.id })
+			.query({ inviteeId: memberShell.id });
+
+		expect(response.statusCode).toBe(403);
+	});
+
 	test('should fail with invalid inputs', async () => {
 		const { id: inviteeId } = await testDb.createUser({ globalRole: globalMemberRole });