ToolJet/server/test/controllers/app.e2e-spec.ts

/* eslint-disable @typescript-eslint/no-unused-vars */
import * as request from 'supertest';
import { INestApplication } from '@nestjs/common';
import { Repository } from 'typeorm';
import { User } from 'src/entities/user.entity';
import { clearDB, createUser, createNestAppInstance, authHeaderForUser } from '../test.helper';
import { OrganizationUser } from 'src/entities/organization_user.entity';

describe('Authentication', () => {
  let app: INestApplication;
  let userRepository: Repository<User>;
  let orgUserRepository: Repository<OrganizationUser>;
  const originalEnv = process.env;

  beforeEach(async () => {
    await clearDB();
    await createUser(app, { email: 'admin@tooljet.io' });
  });

  beforeAll(async () => {
    app = await createNestAppInstance();

    userRepository = app.get('UserRepository');
    orgUserRepository = app.get('OrganizationUserRepository');
  });

  it('should create new users', async () => {
    const response = await request(app.getHttpServer()).post('/api/signup').send({ email: 'test@tooljet.io' });
    expect(response.statusCode).toBe(201);

    const id = response.body['id'];
    const user = await userRepository.findOne(id, {
      relations: ['organization'],
    });

    expect(user.organization.name).toBe('Untitled organization');

    const groupPermissions = await user.groupPermissions;
    const groupNames = groupPermissions.map((x) => x.group);

    expect(new Set(['all_users', 'admin'])).toEqual(new Set(groupNames));

    const adminGroup = groupPermissions.find((x) => x.group == 'admin');
    expect(adminGroup.appCreate).toBeTruthy();
    expect(adminGroup.appDelete).toBeTruthy();
    expect(adminGroup.folderCreate).toBeTruthy();

    const allUserGroup = groupPermissions.find((x) => x.group == 'all_users');
    expect(allUserGroup.appCreate).toBeFalsy();
    expect(allUserGroup.appDelete).toBeFalsy();
    expect(allUserGroup.folderCreate).toBeFalsy();
  });

  it('authenticate if valid credentials', async () => {
    await request(app.getHttpServer())
      .post('/api/authenticate')
      .send({ email: 'admin@tooljet.io', password: 'password' })
      .expect(201);
  });

  it('throw 401 if user is archived', async () => {
    await createUser(app, { email: 'user@tooljet.io', status: 'archived' });

    await request(app.getHttpServer())
      .post('/api/authenticate')
      .send({ email: 'user@tooljet.io', password: 'password' })
      .expect(401);

    const adminUser = await userRepository.findOne({ email: 'admin@tooljet.io' });
    await orgUserRepository.update({ userId: adminUser.id }, { status: 'archived' });

    await request(app.getHttpServer())
      .get('/api/organizations/users')
      .set('Authorization', authHeaderForUser(adminUser))
      .expect(401);
  });

  it('throw 401 if invalid credentials', async () => {
    await request(app.getHttpServer())
      .post('/api/authenticate')
      .send({ email: 'amdin@tooljet.io', password: 'pwd' })
      .expect(401);
  });

  describe('if password login is disabled', () => {
    beforeAll(async () => {
      process.env = { ...originalEnv, DISABLE_PASSWORD_LOGIN: 'true' };
    });

    it('should not create new users', async () => {
      const response = await request(app.getHttpServer()).post('/api/signup').send({ email: 'test@tooljet.io' });
      expect(response.statusCode).toBe(403);
    });

    it('does authenticate if valid credentials', async () => {
      await request(app.getHttpServer())
        .post('/api/authenticate')
        .send({ email: 'admin@tooljet.io', password: 'password' })
        .expect(403);
    });

    afterAll(async () => {
      process.env = { ...originalEnv };
    });
  });

  afterAll(async () => {
    await app.close();
  });
});
Fix linting errors across the app (#785) * eslint-setup: rules for frontend and server * setup pre-commit:hook * frontend:eslint fixes * frontend eslint errors and warning fixed * eslint:fix for ./server * fix server/test: expectatin string lint/error * pre-commit:updated * removed unwanted install cmd from docker file * recommended settings and extension for vscode * husky prepare script added * updated extension recommendations * added prettier as recommended extension * added pre-commit to package.json * remove .prettierrc file * resolve changes * resolve changes 2021-09-21 13:48:28 +00:00			`/* eslint-disable @typescript-eslint/no-unused-vars */`
Initial commit for nestjs 2021-07-08 05:40:27 +00:00			`import * as request from 'supertest';`
E2E tests for login endpoint 2021-07-08 16:43:23 +00:00			`import { INestApplication } from '@nestjs/common';`
			`import { Repository } from 'typeorm';`
Endpoint: create datasource with encrypted credentials 2021-07-12 10:36:53 +00:00			`import { User } from 'src/entities/user.entity';`
Fix: Archived user cannot login or perform authenticated actions (#1749) * archived user cannot login or perform authenticated actions * fix spec * invalidate invite token on archive 2022-01-07 09:16:23 +00:00			`import { clearDB, createUser, createNestAppInstance, authHeaderForUser } from '../test.helper';`
			`import { OrganizationUser } from 'src/entities/organization_user.entity';`
Initial commit for nestjs 2021-07-08 05:40:27 +00:00
E2E tests for login endpoint 2021-07-08 16:43:23 +00:00			`describe('Authentication', () => {`
Initial commit for nestjs 2021-07-08 05:40:27 +00:00			`let app: INestApplication;`
E2E tests for login endpoint 2021-07-08 16:43:23 +00:00			`let userRepository: Repository<User>;`
Fix: Archived user cannot login or perform authenticated actions (#1749) * archived user cannot login or perform authenticated actions * fix spec * invalidate invite token on archive 2022-01-07 09:16:23 +00:00			`let orgUserRepository: Repository<OrganizationUser>;`
Feature/disable password login (#1585) * Add option to disable login/signup via username/password * Add documentation for disabling login via username/password 2021-12-15 17:23:07 +00:00			`const originalEnv = process.env;`
Policies and tests for organization user actions 2021-07-22 07:25:29 +00:00
			`beforeEach(async () => {`
			`await clearDB();`
Policies and tests for org user invitation 2021-07-22 09:41:50 +00:00			`await createUser(app, { email: 'admin@tooljet.io' });`
Policies and tests for organization user actions 2021-07-22 07:25:29 +00:00			`});`
Initial commit for nestjs 2021-07-08 05:40:27 +00:00
E2E tests for login endpoint 2021-07-08 16:43:23 +00:00			`beforeAll(async () => {`
Test helpers for creating Nest instance & apps 2021-07-22 14:22:14 +00:00			`app = await createNestAppInstance();`
E2E tests for login endpoint 2021-07-08 16:43:23 +00:00
			`userRepository = app.get('UserRepository');`
Fix: Archived user cannot login or perform authenticated actions (#1749) * archived user cannot login or perform authenticated actions * fix spec * invalidate invite token on archive 2022-01-07 09:16:23 +00:00			`orgUserRepository = app.get('OrganizationUserRepository');`
Initial commit for nestjs 2021-07-08 05:40:27 +00:00			`});`

Tests for organization users page 2021-07-20 09:10:11 +00:00			`it('should create new users', async () => {`
fix public app view and data query run (#1082) 2021-10-15 09:05:11 +00:00			`const response = await request(app.getHttpServer()).post('/api/signup').send({ email: 'test@tooljet.io' });`
Tests for organization users page 2021-07-20 09:10:11 +00:00			`expect(response.statusCode).toBe(201);`

			`const id = response.body['id'];`
Fix: folder create permission (#1518) * fix folder create permission * scope migration 2021-12-06 19:07:19 +00:00			`const user = await userRepository.findOne(id, {`
			`relations: ['organization'],`
			`});`
Tests for organization users page 2021-07-20 09:10:11 +00:00
Fix: folder create permission (#1518) * fix folder create permission * scope migration 2021-12-06 19:07:19 +00:00			`expect(user.organization.name).toBe('Untitled organization');`
Feature: User access management 🔥 (#918) * create migrations for group permissions setup * define new entities and relationships * revise migrations * rename columns * add migration to populate permission groups for existing users * Feature: User access permission group usage (#883) * create migrations for group permissions setup * define new entities and relationships * revise migrations * rename columns * add migration to populate permission groups for existing users * revise migrations * hide roles usage * setup group permissions for apps and users * fix defaultChecked * fix update permission checkbox * fix casl ability check to have params passed * fix casl apps abilities to check with app specific permission * add ability to delete groups * conditionally render edit and delete options for all and admin users * fix user role to group migration * revise group management pages to disallow updating default group * move manage users and groups to navbar dropdown * show only addable apps and users on dropdowns * rename header as profile settings * scope addable apps and users by organization * scope viewable apps on homepage * hide manage groups link from non admins * make permissions to be used with radio input * add loading state for add apps/users buttons * revise unit tests * revise migrations * fix e2e tests * comment out dead code * fix seeds script * handle folder count * captalize error toast * hide manage users dropdown for non admins * show fobidden error on blank homepage * fix folder app count * fix invalid state set * make group name clickable for edit instead * users with edit permission can deploy apps * not show edit link on homepage if user dont have update permission * remove unused entity from merge * remove roles usage from manage org users page * fix folder count and blank slate on homepage * disable add buttons if there is no selections * humanize default groups on view * make app added onto groups have read permission by default * not show app menu if user is not admin * remove admin users from group user addition dropdown * create default permissions for app cloned * fix querying index page without page params * fix admin scoped out from group add * remove apps from header * fix invitation url not shown * scope admin deletion check by org * scope public apps by organization * add specs for group permissions e2e * removed unused entity and add group permissions spec * remove console logs * remove unused permission * scope public app count by org * remove console log * refactor manage group permission resources component * update group permssion in org scope 2021-10-11 15:15:58 +00:00
			`const groupPermissions = await user.groupPermissions;`
			`const groupNames = groupPermissions.map((x) => x.group);`

			`expect(new Set(['all_users', 'admin'])).toEqual(new Set(groupNames));`
Fix: folder create permission (#1518) * fix folder create permission * scope migration 2021-12-06 19:07:19 +00:00
			`const adminGroup = groupPermissions.find((x) => x.group == 'admin');`
			`expect(adminGroup.appCreate).toBeTruthy();`
			`expect(adminGroup.appDelete).toBeTruthy();`
			`expect(adminGroup.folderCreate).toBeTruthy();`

			`const allUserGroup = groupPermissions.find((x) => x.group == 'all_users');`
			`expect(allUserGroup.appCreate).toBeFalsy();`
			`expect(allUserGroup.appDelete).toBeFalsy();`
			`expect(allUserGroup.folderCreate).toBeFalsy();`
Tests for organization users page 2021-07-20 09:10:11 +00:00			`});`

Feature: User access management 🔥 (#918) * create migrations for group permissions setup * define new entities and relationships * revise migrations * rename columns * add migration to populate permission groups for existing users * Feature: User access permission group usage (#883) * create migrations for group permissions setup * define new entities and relationships * revise migrations * rename columns * add migration to populate permission groups for existing users * revise migrations * hide roles usage * setup group permissions for apps and users * fix defaultChecked * fix update permission checkbox * fix casl ability check to have params passed * fix casl apps abilities to check with app specific permission * add ability to delete groups * conditionally render edit and delete options for all and admin users * fix user role to group migration * revise group management pages to disallow updating default group * move manage users and groups to navbar dropdown * show only addable apps and users on dropdowns * rename header as profile settings * scope addable apps and users by organization * scope viewable apps on homepage * hide manage groups link from non admins * make permissions to be used with radio input * add loading state for add apps/users buttons * revise unit tests * revise migrations * fix e2e tests * comment out dead code * fix seeds script * handle folder count * captalize error toast * hide manage users dropdown for non admins * show fobidden error on blank homepage * fix folder app count * fix invalid state set * make group name clickable for edit instead * users with edit permission can deploy apps * not show edit link on homepage if user dont have update permission * remove unused entity from merge * remove roles usage from manage org users page * fix folder count and blank slate on homepage * disable add buttons if there is no selections * humanize default groups on view * make app added onto groups have read permission by default * not show app menu if user is not admin * remove admin users from group user addition dropdown * create default permissions for app cloned * fix querying index page without page params * fix admin scoped out from group add * remove apps from header * fix invitation url not shown * scope admin deletion check by org * scope public apps by organization * add specs for group permissions e2e * removed unused entity and add group permissions spec * remove console logs * remove unused permission * scope public app count by org * remove console log * refactor manage group permission resources component * update group permssion in org scope 2021-10-11 15:15:58 +00:00			`it('authenticate if valid credentials', async () => {`
			`await request(app.getHttpServer())`
fix public app view and data query run (#1082) 2021-10-15 09:05:11 +00:00			`.post('/api/authenticate')`
Policies and tests for organization user actions 2021-07-22 07:25:29 +00:00			`.send({ email: 'admin@tooljet.io', password: 'password' })`
Fix linting errors across the app (#785) * eslint-setup: rules for frontend and server * setup pre-commit:hook * frontend:eslint fixes * frontend eslint errors and warning fixed * eslint:fix for ./server * fix server/test: expectatin string lint/error * pre-commit:updated * removed unwanted install cmd from docker file * recommended settings and extension for vscode * husky prepare script added * updated extension recommendations * added prettier as recommended extension * added pre-commit to package.json * remove .prettierrc file * resolve changes * resolve changes 2021-09-21 13:48:28 +00:00			`.expect(201);`
E2E tests for login endpoint 2021-07-08 16:43:23 +00:00			`});`

Fix: Archived user cannot login or perform authenticated actions (#1749) * archived user cannot login or perform authenticated actions * fix spec * invalidate invite token on archive 2022-01-07 09:16:23 +00:00			`it('throw 401 if user is archived', async () => {`
			`await createUser(app, { email: 'user@tooljet.io', status: 'archived' });`

			`await request(app.getHttpServer())`
			`.post('/api/authenticate')`
			`.send({ email: 'user@tooljet.io', password: 'password' })`
			`.expect(401);`

			`const adminUser = await userRepository.findOne({ email: 'admin@tooljet.io' });`
			`await orgUserRepository.update({ userId: adminUser.id }, { status: 'archived' });`

			`await request(app.getHttpServer())`
			`.get('/api/organizations/users')`
			`.set('Authorization', authHeaderForUser(adminUser))`
			`.expect(401);`
			`});`

Feature: User access management 🔥 (#918) * create migrations for group permissions setup * define new entities and relationships * revise migrations * rename columns * add migration to populate permission groups for existing users * Feature: User access permission group usage (#883) * create migrations for group permissions setup * define new entities and relationships * revise migrations * rename columns * add migration to populate permission groups for existing users * revise migrations * hide roles usage * setup group permissions for apps and users * fix defaultChecked * fix update permission checkbox * fix casl ability check to have params passed * fix casl apps abilities to check with app specific permission * add ability to delete groups * conditionally render edit and delete options for all and admin users * fix user role to group migration * revise group management pages to disallow updating default group * move manage users and groups to navbar dropdown * show only addable apps and users on dropdowns * rename header as profile settings * scope addable apps and users by organization * scope viewable apps on homepage * hide manage groups link from non admins * make permissions to be used with radio input * add loading state for add apps/users buttons * revise unit tests * revise migrations * fix e2e tests * comment out dead code * fix seeds script * handle folder count * captalize error toast * hide manage users dropdown for non admins * show fobidden error on blank homepage * fix folder app count * fix invalid state set * make group name clickable for edit instead * users with edit permission can deploy apps * not show edit link on homepage if user dont have update permission * remove unused entity from merge * remove roles usage from manage org users page * fix folder count and blank slate on homepage * disable add buttons if there is no selections * humanize default groups on view * make app added onto groups have read permission by default * not show app menu if user is not admin * remove admin users from group user addition dropdown * create default permissions for app cloned * fix querying index page without page params * fix admin scoped out from group add * remove apps from header * fix invitation url not shown * scope admin deletion check by org * scope public apps by organization * add specs for group permissions e2e * removed unused entity and add group permissions spec * remove console logs * remove unused permission * scope public app count by org * remove console log * refactor manage group permission resources component * update group permssion in org scope 2021-10-11 15:15:58 +00:00			`it('throw 401 if invalid credentials', async () => {`
			`await request(app.getHttpServer())`
fix public app view and data query run (#1082) 2021-10-15 09:05:11 +00:00			`.post('/api/authenticate')`
Feature: User access management 🔥 (#918) * create migrations for group permissions setup * define new entities and relationships * revise migrations * rename columns * add migration to populate permission groups for existing users * Feature: User access permission group usage (#883) * create migrations for group permissions setup * define new entities and relationships * revise migrations * rename columns * add migration to populate permission groups for existing users * revise migrations * hide roles usage * setup group permissions for apps and users * fix defaultChecked * fix update permission checkbox * fix casl ability check to have params passed * fix casl apps abilities to check with app specific permission * add ability to delete groups * conditionally render edit and delete options for all and admin users * fix user role to group migration * revise group management pages to disallow updating default group * move manage users and groups to navbar dropdown * show only addable apps and users on dropdowns * rename header as profile settings * scope addable apps and users by organization * scope viewable apps on homepage * hide manage groups link from non admins * make permissions to be used with radio input * add loading state for add apps/users buttons * revise unit tests * revise migrations * fix e2e tests * comment out dead code * fix seeds script * handle folder count * captalize error toast * hide manage users dropdown for non admins * show fobidden error on blank homepage * fix folder app count * fix invalid state set * make group name clickable for edit instead * users with edit permission can deploy apps * not show edit link on homepage if user dont have update permission * remove unused entity from merge * remove roles usage from manage org users page * fix folder count and blank slate on homepage * disable add buttons if there is no selections * humanize default groups on view * make app added onto groups have read permission by default * not show app menu if user is not admin * remove admin users from group user addition dropdown * create default permissions for app cloned * fix querying index page without page params * fix admin scoped out from group add * remove apps from header * fix invitation url not shown * scope admin deletion check by org * scope public apps by organization * add specs for group permissions e2e * removed unused entity and add group permissions spec * remove console logs * remove unused permission * scope public app count by org * remove console log * refactor manage group permission resources component * update group permssion in org scope 2021-10-11 15:15:58 +00:00			`.send({ email: 'amdin@tooljet.io', password: 'pwd' })`
Fix linting errors across the app (#785) * eslint-setup: rules for frontend and server * setup pre-commit:hook * frontend:eslint fixes * frontend eslint errors and warning fixed * eslint:fix for ./server * fix server/test: expectatin string lint/error * pre-commit:updated * removed unwanted install cmd from docker file * recommended settings and extension for vscode * husky prepare script added * updated extension recommendations * added prettier as recommended extension * added pre-commit to package.json * remove .prettierrc file * resolve changes * resolve changes 2021-09-21 13:48:28 +00:00			`.expect(401);`
Hashing passwords using beforeInsert & beforeUpdate 2021-07-10 07:01:13 +00:00			`});`

Feature/disable password login (#1585) * Add option to disable login/signup via username/password * Add documentation for disabling login via username/password 2021-12-15 17:23:07 +00:00			`describe('if password login is disabled', () => {`
			`beforeAll(async () => {`
			`process.env = { ...originalEnv, DISABLE_PASSWORD_LOGIN: 'true' };`
			`});`

			`it('should not create new users', async () => {`
			`const response = await request(app.getHttpServer()).post('/api/signup').send({ email: 'test@tooljet.io' });`
			`expect(response.statusCode).toBe(403);`
			`});`

			`it('does authenticate if valid credentials', async () => {`
			`await request(app.getHttpServer())`
			`.post('/api/authenticate')`
			`.send({ email: 'admin@tooljet.io', password: 'password' })`
			`.expect(403);`
			`});`

			`afterAll(async () => {`
			`process.env = { ...originalEnv };`
			`});`
			`});`

E2E tests for login endpoint 2021-07-08 16:43:23 +00:00			`afterAll(async () => {`
			`await app.close();`
Initial commit for nestjs 2021-07-08 05:40:27 +00:00			`});`
Fix linting errors across the app (#785) * eslint-setup: rules for frontend and server * setup pre-commit:hook * frontend:eslint fixes * frontend eslint errors and warning fixed * eslint:fix for ./server * fix server/test: expectatin string lint/error * pre-commit:updated * removed unwanted install cmd from docker file * recommended settings and extension for vscode * husky prepare script added * updated extension recommendations * added prettier as recommended extension * added pre-commit to package.json * remove .prettierrc file * resolve changes * resolve changes 2021-09-21 13:48:28 +00:00			`});`