/* eslint-disable @typescript-eslint/no-unused-vars */ import * as request from 'supertest'; import { BadRequestException, INestApplication } from '@nestjs/common'; import { authHeaderForUser, clearDB, createUser, createNestAppInstance } from '../test.helper'; import Preview from 'twilio/lib/rest/Preview'; import { response } from 'express'; describe('organization users controller', () => { let app: INestApplication; beforeEach(async () => { await clearDB(); }); beforeAll(async () => { app = await createNestAppInstance(); }); it('should allow only admin to be able to invite new users', async () => { // setup a pre existing user of different organization await createUser(app, { email: 'someUser@tooljet.io', groups: ['admin', 'all_users'], }); // setup organization and user setup to test against const adminUserData = await createUser(app, { email: 'admin@tooljet.io', groups: ['admin', 'all_users'], }); const organization = adminUserData.organization; const developerUserData = await createUser(app, { email: 'developer@tooljet.io', groups: ['developer', 'all_users'], organization, }); const viewerUserData = await createUser(app, { email: 'viewer@tooljet.io', groups: ['viewer', 'all_users'], organization, }); await request(app.getHttpServer()) .post(`/api/organization_users/`) .set('Authorization', authHeaderForUser(adminUserData.user)) .send({ email: 'test@tooljet.io', groups: ['Viewer', 'all_users'] }) .expect(201); await request(app.getHttpServer()) .post(`/api/organization_users/`) .set('Authorization', authHeaderForUser(developerUserData.user)) .send({ email: 'test2@tooljet.io', groups: ['Viewer', 'all_users'] }) .expect(403); await request(app.getHttpServer()) .post(`/api/organization_users/`) .set('Authorization', authHeaderForUser(viewerUserData.user)) .send({ email: 'test3@tooljet.io', groups: ['Viewer', 'all_users'] }) .expect(403); }); describe('POST /api/organization_users/:id/archive', () => { it('should allow only authenticated users to archive org users', async () => { await request(app.getHttpServer()).post('/api/organization_users/random-id/archive/').expect(401); }); it('should throw error when trying to remove last active admin', async () => { const adminUserData = await createUser(app, { email: 'admin@tooljet.io', groups: ['admin', 'all_users'], status: 'active', }); const organization = adminUserData.organization; const anotherAdminUserData = await createUser(app, { email: 'another-admin@tooljet.io', groups: ['admin', 'all_users'], status: 'active', organization, }); const _archivedAdmin = await createUser(app, { email: 'archived-admin@tooljet.io', groups: ['admin', 'all_users'], status: 'archived', organization, }); await request(app.getHttpServer()) .post(`/api/organization_users/${anotherAdminUserData.orgUser.id}/archive/`) .set('Authorization', authHeaderForUser(adminUserData.user)) .expect(201); const response = await request(app.getHttpServer()) .post(`/api/organization_users/${adminUserData.orgUser.id}/archive/`) .set('Authorization', authHeaderForUser(adminUserData.user)); expect(response.statusCode).toEqual(400); expect(response.body.message).toEqual('Atleast one active admin is required.'); }); it('should allow only admin users to archive org users', async () => { const adminUserData = await createUser(app, { email: 'admin@tooljet.io', groups: ['admin', 'all_users'], status: 'active', }); const organization = adminUserData.organization; const developerUserData = await createUser(app, { email: 'developer@tooljet.io', groups: ['developer', 'all_users'], organization, }); const viewerUserData = await createUser(app, { email: 'viewer@tooljet.io', groups: ['viewer', 'all_users'], organization, }); await request(app.getHttpServer()) .post(`/api/organization_users/${viewerUserData.orgUser.id}/archive/`) .set('Authorization', authHeaderForUser(developerUserData.user)) .expect(403); await viewerUserData.orgUser.reload(); expect(viewerUserData.orgUser.status).toBe('invited'); await request(app.getHttpServer()) .post(`/api/organization_users/${viewerUserData.orgUser.id}/archive/`) .set('Authorization', authHeaderForUser(adminUserData.user)) .expect(201); await viewerUserData.orgUser.reload(); expect(viewerUserData.orgUser.status).toBe('archived'); }); }); describe('POST /api/organization_users/:id/unarchive', () => { it('should allow only authenticated users to unarchive org users', async () => { await request(app.getHttpServer()).post('/api/organization_users/random-id/unarchive/').expect(401); }); it('should allow only admin users to unarchive org users', async () => { const adminUserData = await createUser(app, { email: 'admin@tooljet.io', status: 'active', groups: ['admin', 'all_users'], }); const organization = adminUserData.organization; const developerUserData = await createUser(app, { email: 'developer@tooljet.io', status: 'active', groups: ['developer', 'all_users'], organization, }); const viewerUserData = await createUser(app, { email: 'viewer@tooljet.io', status: 'archived', invitationToken: 'old-token', password: 'old-password', groups: ['viewer', 'all_users'], organization, }); await request(app.getHttpServer()) .post(`/api/organization_users/${viewerUserData.orgUser.id}/unarchive/`) .set('Authorization', authHeaderForUser(developerUserData.user)) .expect(403); await viewerUserData.orgUser.reload(); expect(viewerUserData.orgUser.status).toBe('archived'); await request(app.getHttpServer()) .post(`/api/organization_users/${viewerUserData.orgUser.id}/unarchive/`) .set('Authorization', authHeaderForUser(developerUserData.user)) .expect(403); await viewerUserData.orgUser.reload(); expect(viewerUserData.orgUser.status).toBe('archived'); await request(app.getHttpServer()) .post(`/api/organization_users/${viewerUserData.orgUser.id}/unarchive/`) .set('Authorization', authHeaderForUser(adminUserData.user)) .expect(201); await viewerUserData.orgUser.reload(); await viewerUserData.user.reload(); expect(viewerUserData.orgUser.status).toBe('invited'); expect(viewerUserData.user.invitationToken).not.toBe('old-token'); expect(viewerUserData.user.password).not.toBe('old-password'); }); it('should allow unarchive if user is already archived', async () => { const adminUserData = await createUser(app, { email: 'admin@tooljet.io', status: 'active', groups: ['admin', 'all_users'], }); const organization = adminUserData.organization; const developerUserData = await createUser(app, { email: 'developer@tooljet.io', status: 'active', groups: ['developer', 'all_users'], organization, }); await request(app.getHttpServer()) .post(`/api/organization_users/${developerUserData.orgUser.id}/unarchive/`) .set('Authorization', authHeaderForUser(adminUserData.user)) .expect(201); await developerUserData.orgUser.reload(); expect(developerUserData.orgUser.status).toBe('active'); }); }); afterAll(async () => { await app.close(); }); });