Elgato_dark/ToolJet
1
0
Fork 0
mirror of https://github.com/ToolJet/ToolJet synced 2026-05-03 21:38:42 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
ToolJet/server/test/controllers/oauth.e2e-spec.ts

180 lines
5.5 KiB
TypeScript
Raw Normal View History

Feature/merge google sso to community edition (#1420) * SSO 🔥 (#2) * Add rough implementation of google SSO * Use env variables for storing Google Oauth client id * Set organization user to active when a new user is created via sso This commit also fetches first name and last name from the payload received from google. Also adds some refactoring. * Apply proper styles to google login button * Refactor oauth controller * Move google specific logic to a separate service * Fail sign-in if google could not verify idToken * Refactoring update for GoogleOAuthService * Change env variable name for google sso client id * Show Google sign-in button only if client id env variable is given * Add SSO_GOOGLE_OAUTH2_CLIENT_ID to app.json * Whitelist apis.google.com in CSP * Add accounts.google.com to CSP * Add documentation for Google SSO * Add e2e tests for Google SSO * Resolve minor linting issues * Avoid use of raw query in migration for SSO ID This commit also adds an index for SSO ID * Verify domain of user's email id for single sign on * Add documentation for RESTRICTED_DOMAIN env variable in SSO * Move SSO controllers and services to ee folder * Move GoogleLoginButton to ee folder * Test the restricted domain verification for Google SSO * Remove unnecessary console.log * Apply better styles to Sign in with google button * Remove documentation for Google SSO This will be added to the community edition repo * Remove unnecessary static images * Fetch Google OAuth2 client id from server instead of client env (#3) * Check for existing email when signing in via SSO (#4) * hotfix oauth service return type * hotfix sso user creation * Allow disabling sign-up via SSO (#5) * hotfix file input change on import/export * Align SSO button on login box center (#6) * Fix: group permission not being set on sso (#7) * fixes group permission not being set on sso * update specs for sso * lint fix * add user id on login response * decamelize keys on login response * fix specs Co-authored-by: Akshay Sasidharan <akshaysasidharan93@gmail.com> Co-authored-by: navaneeth <navaneethpk@outlook.com>
2021-11-17 11:21:50 +00:00
import * as request from 'supertest';
import { INestApplication } from '@nestjs/common';
import { clearDB, createUser, createNestAppInstance } from '../test.helper';
import { OAuth2Client } from 'google-auth-library';
describe('oauth controller', () => {
let app: INestApplication;
Chore: Setup pipeline (#1539) * github actions for PR and push to develop branch * test workflow * move to workflows folder * add setup node action * modify build * specify npm version * config unit test * specify host postgres * specify container to run on * add postgresql dependency * add specify ws adapter for test * add e2e test * fix linting * only log errors on tests * update eslint config * fix linting * run e2e test in silent mode * fix library app spec * dont send email on test env * fix org scope * mock env vars * remove reset modules * force colors * explicitly close db connection * add eslint rule for floating promises * update workflow * fix floating promise * fix lint * update workflow * run on all push and pulls * update lint check files * simplify workflow * increase js heap size on env * separate lint and build Co-authored-by: arpitnath <arpitnath42@gmail.com>
2021-12-10 03:13:05 +00:00
const originalEnv = process.env;
Feature/merge google sso to community edition (#1420) * SSO 🔥 (#2) * Add rough implementation of google SSO * Use env variables for storing Google Oauth client id * Set organization user to active when a new user is created via sso This commit also fetches first name and last name from the payload received from google. Also adds some refactoring. * Apply proper styles to google login button * Refactor oauth controller * Move google specific logic to a separate service * Fail sign-in if google could not verify idToken * Refactoring update for GoogleOAuthService * Change env variable name for google sso client id * Show Google sign-in button only if client id env variable is given * Add SSO_GOOGLE_OAUTH2_CLIENT_ID to app.json * Whitelist apis.google.com in CSP * Add accounts.google.com to CSP * Add documentation for Google SSO * Add e2e tests for Google SSO * Resolve minor linting issues * Avoid use of raw query in migration for SSO ID This commit also adds an index for SSO ID * Verify domain of user's email id for single sign on * Add documentation for RESTRICTED_DOMAIN env variable in SSO * Move SSO controllers and services to ee folder * Move GoogleLoginButton to ee folder * Test the restricted domain verification for Google SSO * Remove unnecessary console.log * Apply better styles to Sign in with google button * Remove documentation for Google SSO This will be added to the community edition repo * Remove unnecessary static images * Fetch Google OAuth2 client id from server instead of client env (#3) * Check for existing email when signing in via SSO (#4) * hotfix oauth service return type * hotfix sso user creation * Allow disabling sign-up via SSO (#5) * hotfix file input change on import/export * Align SSO button on login box center (#6) * Fix: group permission not being set on sso (#7) * fixes group permission not being set on sso * update specs for sso * lint fix * add user id on login response * decamelize keys on login response * fix specs Co-authored-by: Akshay Sasidharan <akshaysasidharan93@gmail.com> Co-authored-by: navaneeth <navaneethpk@outlook.com>
2021-11-17 11:21:50 +00:00
beforeEach(async () => {
await clearDB();
});
beforeAll(async () => {
app = await createNestAppInstance();
Chore: Setup pipeline (#1539) * github actions for PR and push to develop branch * test workflow * move to workflows folder * add setup node action * modify build * specify npm version * config unit test * specify host postgres * specify container to run on * add postgresql dependency * add specify ws adapter for test * add e2e test * fix linting * only log errors on tests * update eslint config * fix linting * run e2e test in silent mode * fix library app spec * dont send email on test env * fix org scope * mock env vars * remove reset modules * force colors * explicitly close db connection * add eslint rule for floating promises * update workflow * fix floating promise * fix lint * update workflow * run on all push and pulls * update lint check files * simplify workflow * increase js heap size on env * separate lint and build Co-authored-by: arpitnath <arpitnath42@gmail.com>
2021-12-10 03:13:05 +00:00
process.env = { ...originalEnv, SSO_GOOGLE_OAUTH2_CLIENT_ID: 'apps.googleusercontent.com' };
Feature/merge google sso to community edition (#1420) * SSO 🔥 (#2) * Add rough implementation of google SSO * Use env variables for storing Google Oauth client id * Set organization user to active when a new user is created via sso This commit also fetches first name and last name from the payload received from google. Also adds some refactoring. * Apply proper styles to google login button * Refactor oauth controller * Move google specific logic to a separate service * Fail sign-in if google could not verify idToken * Refactoring update for GoogleOAuthService * Change env variable name for google sso client id * Show Google sign-in button only if client id env variable is given * Add SSO_GOOGLE_OAUTH2_CLIENT_ID to app.json * Whitelist apis.google.com in CSP * Add accounts.google.com to CSP * Add documentation for Google SSO * Add e2e tests for Google SSO * Resolve minor linting issues * Avoid use of raw query in migration for SSO ID This commit also adds an index for SSO ID * Verify domain of user's email id for single sign on * Add documentation for RESTRICTED_DOMAIN env variable in SSO * Move SSO controllers and services to ee folder * Move GoogleLoginButton to ee folder * Test the restricted domain verification for Google SSO * Remove unnecessary console.log * Apply better styles to Sign in with google button * Remove documentation for Google SSO This will be added to the community edition repo * Remove unnecessary static images * Fetch Google OAuth2 client id from server instead of client env (#3) * Check for existing email when signing in via SSO (#4) * hotfix oauth service return type * hotfix sso user creation * Allow disabling sign-up via SSO (#5) * hotfix file input change on import/export * Align SSO button on login box center (#6) * Fix: group permission not being set on sso (#7) * fixes group permission not being set on sso * update specs for sso * lint fix * add user id on login response * decamelize keys on login response * fix specs Co-authored-by: Akshay Sasidharan <akshaysasidharan93@gmail.com> Co-authored-by: navaneeth <navaneethpk@outlook.com>
2021-11-17 11:21:50 +00:00
});
describe('sign in via Google OAuth', () => {
it('should return login info when the user does not exist', async () => {
const googleVerifyMock = jest.spyOn(OAuth2Client.prototype, 'verifyIdToken');
googleVerifyMock.mockImplementation(() => ({
getPayload: () => ({
sub: 'someSSOId',
email: 'ssoUser@tooljet.io',
name: 'SSO User',
hd: 'tooljet.io',
}),
}));
// Calling the createUser helper function to have an Organization created. This user is irrelevant for the test
await createUser(app, { email: 'anotherUser@tooljet.io', role: 'admin' });
const token = ['someStuff'];
const response = await request(app.getHttpServer()).post('/api/oauth/sign-in').send({ token });
expect(googleVerifyMock).toHaveBeenCalledWith({
idToken: token,
audience: expect.anything(),
});
expect(response.statusCode).toBe(201);
Fix failing oauth specs due to change in permissions (#1422)
2021-11-21 04:14:54 +00:00
expect(Object.keys(response.body).sort()).toEqual(
[
Feature/merge google sso to community edition (#1420) * SSO 🔥 (#2) * Add rough implementation of google SSO * Use env variables for storing Google Oauth client id * Set organization user to active when a new user is created via sso This commit also fetches first name and last name from the payload received from google. Also adds some refactoring. * Apply proper styles to google login button * Refactor oauth controller * Move google specific logic to a separate service * Fail sign-in if google could not verify idToken * Refactoring update for GoogleOAuthService * Change env variable name for google sso client id * Show Google sign-in button only if client id env variable is given * Add SSO_GOOGLE_OAUTH2_CLIENT_ID to app.json * Whitelist apis.google.com in CSP * Add accounts.google.com to CSP * Add documentation for Google SSO * Add e2e tests for Google SSO * Resolve minor linting issues * Avoid use of raw query in migration for SSO ID This commit also adds an index for SSO ID * Verify domain of user's email id for single sign on * Add documentation for RESTRICTED_DOMAIN env variable in SSO * Move SSO controllers and services to ee folder * Move GoogleLoginButton to ee folder * Test the restricted domain verification for Google SSO * Remove unnecessary console.log * Apply better styles to Sign in with google button * Remove documentation for Google SSO This will be added to the community edition repo * Remove unnecessary static images * Fetch Google OAuth2 client id from server instead of client env (#3) * Check for existing email when signing in via SSO (#4) * hotfix oauth service return type * hotfix sso user creation * Allow disabling sign-up via SSO (#5) * hotfix file input change on import/export * Align SSO button on login box center (#6) * Fix: group permission not being set on sso (#7) * fixes group permission not being set on sso * update specs for sso * lint fix * add user id on login response * decamelize keys on login response * fix specs Co-authored-by: Akshay Sasidharan <akshaysasidharan93@gmail.com> Co-authored-by: navaneeth <navaneethpk@outlook.com>
2021-11-17 11:21:50 +00:00
'id',
'email',
'first_name',
'last_name',
'auth_token',
'admin',
'group_permissions',
'app_group_permissions',
Fix failing oauth specs due to change in permissions (#1422)
2021-11-21 04:14:54 +00:00
].sort()
Feature/merge google sso to community edition (#1420) * SSO 🔥 (#2) * Add rough implementation of google SSO * Use env variables for storing Google Oauth client id * Set organization user to active when a new user is created via sso This commit also fetches first name and last name from the payload received from google. Also adds some refactoring. * Apply proper styles to google login button * Refactor oauth controller * Move google specific logic to a separate service * Fail sign-in if google could not verify idToken * Refactoring update for GoogleOAuthService * Change env variable name for google sso client id * Show Google sign-in button only if client id env variable is given * Add SSO_GOOGLE_OAUTH2_CLIENT_ID to app.json * Whitelist apis.google.com in CSP * Add accounts.google.com to CSP * Add documentation for Google SSO * Add e2e tests for Google SSO * Resolve minor linting issues * Avoid use of raw query in migration for SSO ID This commit also adds an index for SSO ID * Verify domain of user's email id for single sign on * Add documentation for RESTRICTED_DOMAIN env variable in SSO * Move SSO controllers and services to ee folder * Move GoogleLoginButton to ee folder * Test the restricted domain verification for Google SSO * Remove unnecessary console.log * Apply better styles to Sign in with google button * Remove documentation for Google SSO This will be added to the community edition repo * Remove unnecessary static images * Fetch Google OAuth2 client id from server instead of client env (#3) * Check for existing email when signing in via SSO (#4) * hotfix oauth service return type * hotfix sso user creation * Allow disabling sign-up via SSO (#5) * hotfix file input change on import/export * Align SSO button on login box center (#6) * Fix: group permission not being set on sso (#7) * fixes group permission not being set on sso * update specs for sso * lint fix * add user id on login response * decamelize keys on login response * fix specs Co-authored-by: Akshay Sasidharan <akshaysasidharan93@gmail.com> Co-authored-by: navaneeth <navaneethpk@outlook.com>
2021-11-17 11:21:50 +00:00
);
const { email, first_name, last_name, admin, group_permissions, app_group_permissions } = response.body;
expect(email).toEqual('ssoUser@tooljet.io');
expect(first_name).toEqual('SSO');
expect(last_name).toEqual('User');
expect(admin).toBeFalsy();
expect(group_permissions).toHaveLength(1);
expect(group_permissions[0].group).toEqual('all_users');
Fix failing oauth specs due to change in permissions (#1422)
2021-11-21 04:14:54 +00:00
expect(Object.keys(group_permissions[0]).sort()).toEqual(
[
'id',
'organization_id',
'group',
'app_create',
'app_delete',
'updated_at',
'created_at',
'folder_create',
].sort()
Feature/merge google sso to community edition (#1420) * SSO 🔥 (#2) * Add rough implementation of google SSO * Use env variables for storing Google Oauth client id * Set organization user to active when a new user is created via sso This commit also fetches first name and last name from the payload received from google. Also adds some refactoring. * Apply proper styles to google login button * Refactor oauth controller * Move google specific logic to a separate service * Fail sign-in if google could not verify idToken * Refactoring update for GoogleOAuthService * Change env variable name for google sso client id * Show Google sign-in button only if client id env variable is given * Add SSO_GOOGLE_OAUTH2_CLIENT_ID to app.json * Whitelist apis.google.com in CSP * Add accounts.google.com to CSP * Add documentation for Google SSO * Add e2e tests for Google SSO * Resolve minor linting issues * Avoid use of raw query in migration for SSO ID This commit also adds an index for SSO ID * Verify domain of user's email id for single sign on * Add documentation for RESTRICTED_DOMAIN env variable in SSO * Move SSO controllers and services to ee folder * Move GoogleLoginButton to ee folder * Test the restricted domain verification for Google SSO * Remove unnecessary console.log * Apply better styles to Sign in with google button * Remove documentation for Google SSO This will be added to the community edition repo * Remove unnecessary static images * Fetch Google OAuth2 client id from server instead of client env (#3) * Check for existing email when signing in via SSO (#4) * hotfix oauth service return type * hotfix sso user creation * Allow disabling sign-up via SSO (#5) * hotfix file input change on import/export * Align SSO button on login box center (#6) * Fix: group permission not being set on sso (#7) * fixes group permission not being set on sso * update specs for sso * lint fix * add user id on login response * decamelize keys on login response * fix specs Co-authored-by: Akshay Sasidharan <akshaysasidharan93@gmail.com> Co-authored-by: navaneeth <navaneethpk@outlook.com>
2021-11-17 11:21:50 +00:00
);
expect(app_group_permissions).toHaveLength(0);
});
it('should be forbid logging in when the user does not exist and signups are disabled', async () => {
process.env.SSO_DISABLE_SIGNUP = 'true';
const googleVerifyMock = jest.spyOn(OAuth2Client.prototype, 'verifyIdToken');
googleVerifyMock.mockImplementation(() => ({
getPayload: () => ({
sub: 'someSSOId',
email: 'ssoUser@tooljet.io',
name: 'SSO User',
hd: 'tooljet.io',
}),
}));
// Calling the createUser helper function to have an Organization created. This user is irrelevant for the test
await createUser(app, { email: 'anotherUser@tooljet.io', role: 'admin' });
const token = ['someStuff'];
const response = await request(app.getHttpServer()).post('/api/oauth/sign-in').send({ token });
expect(googleVerifyMock).toHaveBeenCalledWith({
idToken: token,
audience: expect.anything(),
});
expect(response.statusCode).toBe(401);
process.env.SSO_DISABLE_SIGNUP = 'false';
});
it('should return login info when the user exists', async () => {
const googleVerifyMock = jest.spyOn(OAuth2Client.prototype, 'verifyIdToken');
googleVerifyMock.mockImplementation(() => ({
getPayload: () => ({
sub: 'someSSOId',
email: 'ssoUser@tooljet.io',
name: 'New name',
hd: 'tooljet.io',
}),
}));
await createUser(app, {
email: 'ssoUser@tooljet.io',
role: 'developer',
ssoId: 'someSSOId',
firstName: 'Existing',
lastName: 'Name',
groups: ['all_users', 'admin'],
});
const token = ['someStuff'];
const response = await request(app.getHttpServer()).post('/api/oauth/sign-in').send({ token });
expect(googleVerifyMock).toHaveBeenCalledWith({
idToken: token,
audience: expect.anything(),
});
expect(response.statusCode).toBe(201);
expect(new Set(Object.keys(response.body))).toEqual(
new Set([
'id',
'email',
'first_name',
'last_name',
'auth_token',
'admin',
'group_permissions',
'app_group_permissions',
])
);
const { email, first_name, last_name, admin, group_permissions, app_group_permissions } = response.body;
expect(email).toEqual('ssoUser@tooljet.io');
expect(first_name).toEqual('Existing');
expect(last_name).toEqual('Name');
expect(admin).toBeTruthy();
expect(group_permissions).toHaveLength(2);
Fix failing oauth specs due to change in permissions (#1422)
2021-11-21 04:14:54 +00:00
expect(group_permissions.map((p) => p.group).sort()).toEqual(['all_users', 'admin'].sort());
expect(Object.keys(group_permissions[0]).sort()).toEqual(
[
'id',
'organization_id',
'group',
'app_create',
'app_delete',
'folder_create',
'updated_at',
'created_at',
].sort()
Feature/merge google sso to community edition (#1420) * SSO 🔥 (#2) * Add rough implementation of google SSO * Use env variables for storing Google Oauth client id * Set organization user to active when a new user is created via sso This commit also fetches first name and last name from the payload received from google. Also adds some refactoring. * Apply proper styles to google login button * Refactor oauth controller * Move google specific logic to a separate service * Fail sign-in if google could not verify idToken * Refactoring update for GoogleOAuthService * Change env variable name for google sso client id * Show Google sign-in button only if client id env variable is given * Add SSO_GOOGLE_OAUTH2_CLIENT_ID to app.json * Whitelist apis.google.com in CSP * Add accounts.google.com to CSP * Add documentation for Google SSO * Add e2e tests for Google SSO * Resolve minor linting issues * Avoid use of raw query in migration for SSO ID This commit also adds an index for SSO ID * Verify domain of user's email id for single sign on * Add documentation for RESTRICTED_DOMAIN env variable in SSO * Move SSO controllers and services to ee folder * Move GoogleLoginButton to ee folder * Test the restricted domain verification for Google SSO * Remove unnecessary console.log * Apply better styles to Sign in with google button * Remove documentation for Google SSO This will be added to the community edition repo * Remove unnecessary static images * Fetch Google OAuth2 client id from server instead of client env (#3) * Check for existing email when signing in via SSO (#4) * hotfix oauth service return type * hotfix sso user creation * Allow disabling sign-up via SSO (#5) * hotfix file input change on import/export * Align SSO button on login box center (#6) * Fix: group permission not being set on sso (#7) * fixes group permission not being set on sso * update specs for sso * lint fix * add user id on login response * decamelize keys on login response * fix specs Co-authored-by: Akshay Sasidharan <akshaysasidharan93@gmail.com> Co-authored-by: navaneeth <navaneethpk@outlook.com>
2021-11-17 11:21:50 +00:00
);
expect(app_group_permissions).toHaveLength(0);
});
});
afterAll(async () => {
await app.close();
Chore: Setup pipeline (#1539) * github actions for PR and push to develop branch * test workflow * move to workflows folder * add setup node action * modify build * specify npm version * config unit test * specify host postgres * specify container to run on * add postgresql dependency * add specify ws adapter for test * add e2e test * fix linting * only log errors on tests * update eslint config * fix linting * run e2e test in silent mode * fix library app spec * dont send email on test env * fix org scope * mock env vars * remove reset modules * force colors * explicitly close db connection * add eslint rule for floating promises * update workflow * fix floating promise * fix lint * update workflow * run on all push and pulls * update lint check files * simplify workflow * increase js heap size on env * separate lint and build Co-authored-by: arpitnath <arpitnath42@gmail.com>
2021-12-10 03:13:05 +00:00
process.env = originalEnv;
Feature/merge google sso to community edition (#1420) * SSO 🔥 (#2) * Add rough implementation of google SSO * Use env variables for storing Google Oauth client id * Set organization user to active when a new user is created via sso This commit also fetches first name and last name from the payload received from google. Also adds some refactoring. * Apply proper styles to google login button * Refactor oauth controller * Move google specific logic to a separate service * Fail sign-in if google could not verify idToken * Refactoring update for GoogleOAuthService * Change env variable name for google sso client id * Show Google sign-in button only if client id env variable is given * Add SSO_GOOGLE_OAUTH2_CLIENT_ID to app.json * Whitelist apis.google.com in CSP * Add accounts.google.com to CSP * Add documentation for Google SSO * Add e2e tests for Google SSO * Resolve minor linting issues * Avoid use of raw query in migration for SSO ID This commit also adds an index for SSO ID * Verify domain of user's email id for single sign on * Add documentation for RESTRICTED_DOMAIN env variable in SSO * Move SSO controllers and services to ee folder * Move GoogleLoginButton to ee folder * Test the restricted domain verification for Google SSO * Remove unnecessary console.log * Apply better styles to Sign in with google button * Remove documentation for Google SSO This will be added to the community edition repo * Remove unnecessary static images * Fetch Google OAuth2 client id from server instead of client env (#3) * Check for existing email when signing in via SSO (#4) * hotfix oauth service return type * hotfix sso user creation * Allow disabling sign-up via SSO (#5) * hotfix file input change on import/export * Align SSO button on login box center (#6) * Fix: group permission not being set on sso (#7) * fixes group permission not being set on sso * update specs for sso * lint fix * add user id on login response * decamelize keys on login response * fix specs Co-authored-by: Akshay Sasidharan <akshaysasidharan93@gmail.com> Co-authored-by: navaneeth <navaneethpk@outlook.com>
2021-11-17 11:21:50 +00:00
});
});
Reference in a new issue Copy permalink