mirror of
https://github.com/ToolJet/ToolJet
synced 2026-05-05 14:28:42 +00:00
32740743e1
* add: new URL prefix
* fix: working on home page
* add: profile path
* playing with rxjs
* removed context part
* working on path changes
* changing routes
- TODO: replace the workspaceId with actual id
* redo: public apps path
* initial commit
* added authorize API
* remove privileges from auth response
* fixed some api issue
- added subscriptions
* fix: redirect url workspace-id null issue
* fix: switch workspace
* fix: organization list mapping
- menu item paths
* fix: preview url
- editor, viewer permission mapping
* jwt fix
* fix: some url issue
- permission mappings
- workspace login
* fixed some issues
- user invite workspace-id
- org settings menu item default selected item issue
* app viewer fixes
* fixing workspace login issues
* fix
* fixing issues
- tooljet db
- path issues
- refatoring the code
* fix: workspace vars permissions
* fix: multi-page handle
* fix: create app from template
* fix: bulk user upload
* fix: import app
- clone app
- upload profile image
* fix: onboarding
* fix: log out
* fixed multi-workspace logout issue
* fix: launch btn
* fix: oauth2
* fixes
* fix: sso login
* fix: workspace sso login
* fixing sso issues
* fix: moved list of orgs to rxjs
- fixed switching issues
* reverting some changes
* fixed some minor bugs
* fixing sso redirect url issues
* fix: switching network timing issues
* fix: back to workspace-id
* fix: tj-database
- refactored the code - removed org id from some pages
- will get the org id from the service file only
* fix: multi-pages
* fix: infinite loop issue
* fixing workspace switching issue
* fixes
- comment link
- logout & private route redirect url
* fix: wrong uuid error
* fixing subpath
- fixed most of the places
- need to test & fix workspace login, sso, new account
* fix: subpath workspace login
* fix: rxjs handle bug
* Revert "fix: tj-database"
This reverts commit 9632ec2ff0.
* fix: reverted tj-db changes
* fix: subpath sso
* typo fix
* fix: existing session issues
* new: switch workspace page
* fix: modal dark-mode
* added default sso support
* fixes
- subpath workspace switching
- handle wrong routes
* fix: manager user button
- refactored the code
* removed SINGLE Workspace feature
* rebase
* add: change modal text
* fix: added validation
* fixed private app 401 issue
* initial commit
* fix: logged out session multi-tab issue
* refactoring the code
* fix: redirect url issue
* added auth-token in cookies
* Fix: failing e2e specs
* added session API
* fix: backend session guard
* fix: removing user details from local storage
* fix: null wid
* undo and redo
* fix: login page
* fix: viewer login redirection
* fix: login page redirection
* fix: public apps logout issue
* added session storage and scheduler
* added profile api
* fix: sso login
- switch workspace
- login page
- setup admin
* working on fixes
* fix: socket issue
* fix: setup admin api
* connected profile & logout apis
* fix: malfunctioned auth token case
* fix: realtime avatar
* fix: profile avatar
* fix: Realtime cursors avatar
* setting max age for auth token cookie
* add: Go to login page if logout api returns 401
* fix: subpath login
* fix
* fix: app logout [viewer]
* fix: authorize page
* remove expiry from jwt
* fix: integrations route
- session api
* small fix
* fix: updated profile
* fix: workspace login [logged user]
* fix: oauth and another workspace page issue
* fixed app preview logout issue
* subpath fix
* fix: subpath app id
* fix: selected state didnt change for apps page [subpath]
* fix
* add cookie parser to test app
* specs added
* increased user session expiry time
* test: session & new apis
* working on test cases
* fix: onboarding issue
* fixing specs
* fix: test cases
* fix: removing profile api calls
* some fixes
* fixing rebase issues
* fix: global ds issues
* fix: app is crashing
* fix: back to text
* fix: oauth test cases
* fix: test-helper
* fix: onboarding test cases
* fix: tests again
* refactoring the code
* latest develop merging precautions
- fixed a minor null issue
* fix: typo
* fix :menu issues due to the merging
* fix: - clicking on tooljet logo didnt redirect to login page for public apps
- private app preview doesnt load after login
* subpath fixes
* fixed back to issue
* PR changes
* fix: spec fixes for EE
* doc: URL scoped for workspace
---------
Co-authored-by: gsmithun4 <gsmithun4@gmail.com>
Co-authored-by: Shubhendra <withshubh@gmail.com>
453 lines
18 KiB
TypeScript
453 lines
18 KiB
TypeScript
import * as request from 'supertest';
|
|
import { INestApplication } from '@nestjs/common';
|
|
import { clearDB, createUser, createNestAppInstanceWithEnvMock, generateRedirectUrl } from '../../test.helper';
|
|
import { OAuth2Client } from 'google-auth-library';
|
|
import { Organization } from 'src/entities/organization.entity';
|
|
import { Repository } from 'typeorm';
|
|
|
|
describe('oauth controller', () => {
|
|
let app: INestApplication;
|
|
let orgRepository: Repository<Organization>;
|
|
let mockConfig;
|
|
|
|
const authResponseKeys = ['id', 'email', 'first_name', 'last_name', 'current_organization_id'].sort();
|
|
|
|
beforeEach(async () => {
|
|
await clearDB();
|
|
});
|
|
|
|
beforeAll(async () => {
|
|
({ app, mockConfig } = await createNestAppInstanceWithEnvMock());
|
|
orgRepository = app.get('OrganizationRepository');
|
|
});
|
|
|
|
afterEach(() => {
|
|
jest.resetAllMocks();
|
|
jest.clearAllMocks();
|
|
});
|
|
|
|
describe('SSO Login', () => {
|
|
let current_organization: Organization;
|
|
beforeEach(async () => {
|
|
const { organization } = await createUser(app, {
|
|
email: 'anotherUser@tooljet.io',
|
|
});
|
|
current_organization = organization;
|
|
});
|
|
|
|
describe('Multi-Workspace instance level SSO', () => {
|
|
beforeEach(() => {
|
|
jest.spyOn(mockConfig, 'get').mockImplementation((key: string) => {
|
|
switch (key) {
|
|
case 'SSO_GOOGLE_OAUTH2_CLIENT_ID':
|
|
return 'google-client-id';
|
|
case 'SSO_GIT_OAUTH2_CLIENT_ID':
|
|
return 'git-client-id';
|
|
case 'SSO_GIT_OAUTH2_CLIENT_SECRET':
|
|
return 'git-secret';
|
|
default:
|
|
return process.env[key];
|
|
}
|
|
});
|
|
});
|
|
describe('sign in via Google OAuth', () => {
|
|
const token = 'some-Token';
|
|
it('Workspace Login - should return 401 when the user does not exist and sign up is disabled', async () => {
|
|
await orgRepository.update(current_organization.id, { enableSignUp: false });
|
|
const googleVerifyMock = jest.spyOn(OAuth2Client.prototype, 'verifyIdToken');
|
|
googleVerifyMock.mockImplementation(() => ({
|
|
getPayload: () => ({
|
|
sub: 'someSSOId',
|
|
email: 'ssouser@tooljet.io',
|
|
name: 'SSO User',
|
|
hd: 'tooljet.io',
|
|
}),
|
|
}));
|
|
await request(app.getHttpServer())
|
|
.post('/api/oauth/sign-in/common/google')
|
|
.send({ token, organizationId: current_organization.id })
|
|
.expect(401);
|
|
});
|
|
|
|
it('Workspace Login - should return 401 when inherit SSO is disabled', async () => {
|
|
await orgRepository.update(current_organization.id, { inheritSSO: false });
|
|
const googleVerifyMock = jest.spyOn(OAuth2Client.prototype, 'verifyIdToken');
|
|
googleVerifyMock.mockImplementation(() => ({
|
|
getPayload: () => ({
|
|
sub: 'someSSOId',
|
|
email: 'ssouser@tooljet.io',
|
|
name: 'SSO User',
|
|
hd: 'tooljet.io',
|
|
}),
|
|
}));
|
|
await request(app.getHttpServer())
|
|
.post('/api/oauth/sign-in/common/google')
|
|
.send({ token, organizationId: current_organization.id })
|
|
.expect(401);
|
|
});
|
|
|
|
it('Common Login - should return 401 when the user does not exist and sign up is disabled', async () => {
|
|
jest.spyOn(mockConfig, 'get').mockImplementation((key: string) => {
|
|
switch (key) {
|
|
case 'SSO_GOOGLE_OAUTH2_CLIENT_ID':
|
|
return 'google-client-id';
|
|
case 'SSO_GIT_OAUTH2_CLIENT_ID':
|
|
return 'git-client-id';
|
|
case 'SSO_GIT_OAUTH2_CLIENT_SECRET':
|
|
return 'git-secret';
|
|
case 'SSO_DISABLE_SIGNUPS':
|
|
return 'true';
|
|
default:
|
|
return process.env[key];
|
|
}
|
|
});
|
|
const googleVerifyMock = jest.spyOn(OAuth2Client.prototype, 'verifyIdToken');
|
|
googleVerifyMock.mockImplementation(() => ({
|
|
getPayload: () => ({
|
|
sub: 'someSSOId',
|
|
email: 'ssouser@tooljet.io',
|
|
name: 'SSO User',
|
|
hd: 'tooljet.io',
|
|
}),
|
|
}));
|
|
await request(app.getHttpServer()).post('/api/oauth/sign-in/common/google').send({ token }).expect(401);
|
|
});
|
|
|
|
it('Common Login - should return 401 when the user does not exist domain mismatch', async () => {
|
|
jest.spyOn(mockConfig, 'get').mockImplementation((key: string) => {
|
|
switch (key) {
|
|
case 'SSO_GOOGLE_OAUTH2_CLIENT_ID':
|
|
return 'google-client-id';
|
|
case 'SSO_GIT_OAUTH2_CLIENT_ID':
|
|
return 'git-client-id';
|
|
case 'SSO_GIT_OAUTH2_CLIENT_SECRET':
|
|
return 'git-secret';
|
|
case 'SSO_ACCEPTED_DOMAINS':
|
|
return 'tooljet.io,tooljet.com';
|
|
default:
|
|
return process.env[key];
|
|
}
|
|
});
|
|
const googleVerifyMock = jest.spyOn(OAuth2Client.prototype, 'verifyIdToken');
|
|
googleVerifyMock.mockImplementation(() => ({
|
|
getPayload: () => ({
|
|
sub: 'someSSOId',
|
|
email: 'ssouser@tooljett.io',
|
|
name: 'SSO User',
|
|
hd: 'tooljet.io',
|
|
}),
|
|
}));
|
|
await request(app.getHttpServer()).post('/api/oauth/sign-in/common/google').send({ token }).expect(401);
|
|
});
|
|
|
|
it('Workspace Login - should return 401 when the user does not exist domain mismatch', async () => {
|
|
jest.spyOn(mockConfig, 'get').mockImplementation((key: string) => {
|
|
switch (key) {
|
|
case 'SSO_GOOGLE_OAUTH2_CLIENT_ID':
|
|
return 'google-client-id';
|
|
case 'SSO_GIT_OAUTH2_CLIENT_ID':
|
|
return 'git-client-id';
|
|
case 'SSO_GIT_OAUTH2_CLIENT_SECRET':
|
|
return 'git-secret';
|
|
case 'SSO_ACCEPTED_DOMAINS':
|
|
return 'tooljett.io,tooljet.com';
|
|
default:
|
|
return process.env[key];
|
|
}
|
|
});
|
|
await orgRepository.update(current_organization.id, { domain: 'tooljet.io,tooljet.com' });
|
|
const googleVerifyMock = jest.spyOn(OAuth2Client.prototype, 'verifyIdToken');
|
|
googleVerifyMock.mockImplementation(() => ({
|
|
getPayload: () => ({
|
|
sub: 'someSSOId',
|
|
email: 'ssouser@tooljett.io',
|
|
name: 'SSO User',
|
|
hd: 'tooljet.io',
|
|
}),
|
|
}));
|
|
await request(app.getHttpServer())
|
|
.post('/api/oauth/sign-in/common/google')
|
|
.send({ token, organizationId: current_organization.id })
|
|
.expect(401);
|
|
});
|
|
|
|
it('Common Login - should return redirect url when the user does not exist and domain matches and sign up is enabled', async () => {
|
|
jest.spyOn(mockConfig, 'get').mockImplementation((key: string) => {
|
|
switch (key) {
|
|
case 'SSO_GOOGLE_OAUTH2_CLIENT_ID':
|
|
return 'google-client-id';
|
|
case 'SSO_GIT_OAUTH2_CLIENT_ID':
|
|
return 'git-client-id';
|
|
case 'SSO_GIT_OAUTH2_CLIENT_SECRET':
|
|
return 'git-secret';
|
|
case 'SSO_ACCEPTED_DOMAINS':
|
|
return 'tooljet.io,tooljet.com';
|
|
default:
|
|
return process.env[key];
|
|
}
|
|
});
|
|
const googleVerifyMock = jest.spyOn(OAuth2Client.prototype, 'verifyIdToken');
|
|
googleVerifyMock.mockImplementation(() => ({
|
|
getPayload: () => ({
|
|
sub: 'someSSOId',
|
|
email: 'ssouser@tooljet.io',
|
|
name: 'SSO User',
|
|
hd: 'tooljet.io',
|
|
}),
|
|
}));
|
|
|
|
const response = await request(app.getHttpServer()).post('/api/oauth/sign-in/common/google').send({ token });
|
|
|
|
expect(googleVerifyMock).toHaveBeenCalledWith({
|
|
idToken: token,
|
|
audience: 'google-client-id',
|
|
});
|
|
|
|
const redirect_url = await generateRedirectUrl('ssouser@tooljet.io');
|
|
|
|
expect(response.statusCode).toBe(201);
|
|
expect(response.body.redirect_url).toEqual(redirect_url);
|
|
});
|
|
|
|
it('Workspace Login - should return redirect url when the user does not exist and domain matches and sign up is enabled', async () => {
|
|
await orgRepository.update(current_organization.id, { domain: 'tooljet.io,tooljet.com', enableSignUp: true });
|
|
const googleVerifyMock = jest.spyOn(OAuth2Client.prototype, 'verifyIdToken');
|
|
googleVerifyMock.mockImplementation(() => ({
|
|
getPayload: () => ({
|
|
sub: 'someSSOId',
|
|
email: 'ssouser@tooljet.io',
|
|
name: 'SSO User',
|
|
hd: 'tooljet.io',
|
|
}),
|
|
}));
|
|
|
|
const response = await request(app.getHttpServer())
|
|
.post('/api/oauth/sign-in/common/google')
|
|
.send({ token, organizationId: current_organization.id });
|
|
|
|
expect(googleVerifyMock).toHaveBeenCalledWith({
|
|
idToken: token,
|
|
audience: 'google-client-id',
|
|
});
|
|
|
|
const redirect_url = await generateRedirectUrl('ssouser@tooljet.io', current_organization);
|
|
|
|
expect(response.statusCode).toBe(201);
|
|
expect(response.body.redirect_url).toEqual(redirect_url);
|
|
});
|
|
|
|
it('Common Login - should return redirect url when the user does not exist and sign up is enabled', async () => {
|
|
const googleVerifyMock = jest.spyOn(OAuth2Client.prototype, 'verifyIdToken');
|
|
googleVerifyMock.mockImplementation(() => ({
|
|
getPayload: () => ({
|
|
sub: 'someSSOId',
|
|
email: 'ssouser@tooljet.io',
|
|
name: 'SSO User',
|
|
hd: 'tooljet.io',
|
|
}),
|
|
}));
|
|
|
|
const response = await request(app.getHttpServer()).post('/api/oauth/sign-in/common/google').send({ token });
|
|
|
|
expect(googleVerifyMock).toHaveBeenCalledWith({
|
|
idToken: token,
|
|
audience: 'google-client-id',
|
|
});
|
|
|
|
const redirect_url = await generateRedirectUrl('ssouser@tooljet.io');
|
|
|
|
expect(response.statusCode).toBe(201);
|
|
expect(response.body.redirect_url).toEqual(redirect_url);
|
|
});
|
|
|
|
it('Workspace Login - should return redirect url when the user does not exist and sign up is enabled', async () => {
|
|
await orgRepository.update(current_organization.id, { enableSignUp: true });
|
|
const googleVerifyMock = jest.spyOn(OAuth2Client.prototype, 'verifyIdToken');
|
|
googleVerifyMock.mockImplementation(() => ({
|
|
getPayload: () => ({
|
|
sub: 'someSSOId',
|
|
email: 'ssouser@tooljet.io',
|
|
name: 'SSO User',
|
|
hd: 'tooljet.io',
|
|
}),
|
|
}));
|
|
|
|
const response = await request(app.getHttpServer())
|
|
.post('/api/oauth/sign-in/common/google')
|
|
.send({ token, organizationId: current_organization.id });
|
|
|
|
expect(googleVerifyMock).toHaveBeenCalledWith({
|
|
idToken: token,
|
|
audience: 'google-client-id',
|
|
});
|
|
|
|
const redirect_url = await generateRedirectUrl('ssouser@tooljet.io', current_organization);
|
|
|
|
expect(response.statusCode).toBe(201);
|
|
expect(response.body.redirect_url).toEqual(redirect_url);
|
|
});
|
|
|
|
it('Common Login - should return login info when the user exist', async () => {
|
|
await createUser(app, {
|
|
firstName: 'SSO',
|
|
lastName: 'userExist',
|
|
email: 'anotheruser1@tooljet.io',
|
|
groups: ['all_users'],
|
|
organization: current_organization,
|
|
status: 'active',
|
|
});
|
|
const googleVerifyMock = jest.spyOn(OAuth2Client.prototype, 'verifyIdToken');
|
|
googleVerifyMock.mockImplementation(() => ({
|
|
getPayload: () => ({
|
|
sub: 'someSSOId',
|
|
email: 'anotheruser1@tooljet.io',
|
|
name: 'SSO User',
|
|
hd: 'tooljet.io',
|
|
}),
|
|
}));
|
|
|
|
const response = await request(app.getHttpServer()).post('/api/oauth/sign-in/common/google').send({ token });
|
|
|
|
expect(googleVerifyMock).toHaveBeenCalledWith({
|
|
idToken: token,
|
|
audience: 'google-client-id',
|
|
});
|
|
|
|
expect(response.statusCode).toBe(201);
|
|
expect(Object.keys(response.body).sort()).toEqual(authResponseKeys);
|
|
|
|
const { email, first_name, last_name, current_organization_id } = response.body;
|
|
|
|
expect(email).toEqual('anotheruser1@tooljet.io');
|
|
expect(first_name).toEqual('SSO');
|
|
expect(last_name).toEqual('userExist');
|
|
expect(current_organization_id).toBe(current_organization.id);
|
|
});
|
|
|
|
it('Workspace Login - should return login info when the user exist', async () => {
|
|
await createUser(app, {
|
|
firstName: 'SSO',
|
|
lastName: 'userExist',
|
|
email: 'anotheruser1@tooljet.io',
|
|
groups: ['all_users'],
|
|
organization: current_organization,
|
|
status: 'active',
|
|
});
|
|
const googleVerifyMock = jest.spyOn(OAuth2Client.prototype, 'verifyIdToken');
|
|
googleVerifyMock.mockImplementation(() => ({
|
|
getPayload: () => ({
|
|
sub: 'someSSOId',
|
|
email: 'anotheruser1@tooljet.io',
|
|
name: 'SSO User',
|
|
hd: 'tooljet.io',
|
|
}),
|
|
}));
|
|
|
|
const response = await request(app.getHttpServer())
|
|
.post('/api/oauth/sign-in/common/google')
|
|
.send({ token, organizationId: current_organization.id });
|
|
|
|
expect(googleVerifyMock).toHaveBeenCalledWith({
|
|
idToken: token,
|
|
audience: 'google-client-id',
|
|
});
|
|
|
|
expect(response.statusCode).toBe(201);
|
|
expect(Object.keys(response.body).sort()).toEqual(authResponseKeys);
|
|
|
|
const { email, first_name, last_name, admin, current_organization_id } = response.body;
|
|
|
|
expect(email).toEqual('anotheruser1@tooljet.io');
|
|
expect(first_name).toEqual('SSO');
|
|
expect(last_name).toEqual('userExist');
|
|
expect(admin).toBeFalsy();
|
|
expect(current_organization_id).toBe(current_organization.id);
|
|
});
|
|
|
|
it('Common Login - should return login info when the user exist but invited status', async () => {
|
|
const { orgUser } = await createUser(app, {
|
|
firstName: 'SSO',
|
|
lastName: 'userExist',
|
|
email: 'anotheruser1@tooljet.io',
|
|
groups: ['all_users'],
|
|
organization: current_organization,
|
|
status: 'invited',
|
|
});
|
|
const googleVerifyMock = jest.spyOn(OAuth2Client.prototype, 'verifyIdToken');
|
|
googleVerifyMock.mockImplementation(() => ({
|
|
getPayload: () => ({
|
|
sub: 'someSSOId',
|
|
email: 'anotheruser1@tooljet.io',
|
|
name: 'SSO User',
|
|
hd: 'tooljet.io',
|
|
}),
|
|
}));
|
|
|
|
const response = await request(app.getHttpServer()).post('/api/oauth/sign-in/common/google').send({ token });
|
|
|
|
expect(googleVerifyMock).toHaveBeenCalledWith({
|
|
idToken: token,
|
|
audience: 'google-client-id',
|
|
});
|
|
|
|
expect(response.statusCode).toBe(201);
|
|
expect(Object.keys(response.body).sort()).toEqual(authResponseKeys);
|
|
|
|
const { email, first_name, last_name, current_organization_id } = response.body;
|
|
|
|
expect(email).toEqual('anotheruser1@tooljet.io');
|
|
expect(first_name).toEqual('SSO');
|
|
expect(last_name).toEqual('userExist');
|
|
expect(current_organization_id).not.toBe(current_organization.id);
|
|
await orgUser.reload();
|
|
expect(orgUser.status).toEqual('invited');
|
|
});
|
|
|
|
it('Workspace Login - should return login info when the user exist but invited status', async () => {
|
|
const { orgUser } = await createUser(app, {
|
|
firstName: 'SSO',
|
|
lastName: 'userExist',
|
|
email: 'anotheruser1@tooljet.io',
|
|
groups: ['all_users'],
|
|
organization: current_organization,
|
|
status: 'invited',
|
|
});
|
|
const googleVerifyMock = jest.spyOn(OAuth2Client.prototype, 'verifyIdToken');
|
|
googleVerifyMock.mockImplementation(() => ({
|
|
getPayload: () => ({
|
|
sub: 'someSSOId',
|
|
email: 'anotheruser1@tooljet.io',
|
|
name: 'SSO User',
|
|
hd: 'tooljet.io',
|
|
}),
|
|
}));
|
|
|
|
const response = await request(app.getHttpServer())
|
|
.post('/api/oauth/sign-in/common/google')
|
|
.send({ token, organizationId: current_organization.id });
|
|
|
|
expect(googleVerifyMock).toHaveBeenCalledWith({
|
|
idToken: token,
|
|
audience: 'google-client-id',
|
|
});
|
|
|
|
expect(response.statusCode).toBe(201);
|
|
expect(Object.keys(response.body).sort()).toEqual(authResponseKeys);
|
|
|
|
const { email, first_name, last_name, current_organization_id } = response.body;
|
|
|
|
expect(email).toEqual('anotheruser1@tooljet.io');
|
|
expect(first_name).toEqual('SSO');
|
|
expect(last_name).toEqual('userExist');
|
|
expect(current_organization_id).toBe(current_organization.id);
|
|
await orgUser.reload();
|
|
expect(orgUser.status).toEqual('active');
|
|
});
|
|
});
|
|
});
|
|
});
|
|
|
|
afterAll(async () => {
|
|
await app.close();
|
|
});
|
|
});
|