mirror of
https://github.com/ToolJet/ToolJet
synced 2026-04-26 07:57:17 +00:00
783ed2133c
* archived user cannot login or perform authenticated actions * fix spec * invalidate invite token on archive
222 lines
7.8 KiB
TypeScript
222 lines
7.8 KiB
TypeScript
/* eslint-disable @typescript-eslint/no-unused-vars */
|
|
import * as request from 'supertest';
|
|
import { BadRequestException, INestApplication } from '@nestjs/common';
|
|
import { authHeaderForUser, clearDB, createUser, createNestAppInstance } from '../test.helper';
|
|
import Preview from 'twilio/lib/rest/Preview';
|
|
import { response } from 'express';
|
|
|
|
describe('organization users controller', () => {
|
|
let app: INestApplication;
|
|
|
|
beforeEach(async () => {
|
|
await clearDB();
|
|
});
|
|
|
|
beforeAll(async () => {
|
|
app = await createNestAppInstance();
|
|
});
|
|
|
|
it('should allow only admin to be able to invite new users', async () => {
|
|
// setup a pre existing user of different organization
|
|
await createUser(app, {
|
|
email: 'someUser@tooljet.io',
|
|
groups: ['admin', 'all_users'],
|
|
});
|
|
|
|
// setup organization and user setup to test against
|
|
const adminUserData = await createUser(app, {
|
|
email: 'admin@tooljet.io',
|
|
groups: ['admin', 'all_users'],
|
|
});
|
|
|
|
const organization = adminUserData.organization;
|
|
|
|
const developerUserData = await createUser(app, {
|
|
email: 'developer@tooljet.io',
|
|
groups: ['developer', 'all_users'],
|
|
organization,
|
|
});
|
|
|
|
const viewerUserData = await createUser(app, {
|
|
email: 'viewer@tooljet.io',
|
|
groups: ['viewer', 'all_users'],
|
|
organization,
|
|
});
|
|
|
|
await request(app.getHttpServer())
|
|
.post(`/api/organization_users/`)
|
|
.set('Authorization', authHeaderForUser(adminUserData.user))
|
|
.send({ email: 'test@tooljet.io', groups: ['Viewer', 'all_users'] })
|
|
.expect(201);
|
|
|
|
await request(app.getHttpServer())
|
|
.post(`/api/organization_users/`)
|
|
.set('Authorization', authHeaderForUser(developerUserData.user))
|
|
.send({ email: 'test2@tooljet.io', groups: ['Viewer', 'all_users'] })
|
|
.expect(403);
|
|
|
|
await request(app.getHttpServer())
|
|
.post(`/api/organization_users/`)
|
|
.set('Authorization', authHeaderForUser(viewerUserData.user))
|
|
.send({ email: 'test3@tooljet.io', groups: ['Viewer', 'all_users'] })
|
|
.expect(403);
|
|
});
|
|
|
|
describe('POST /api/organization_users/:id/archive', () => {
|
|
it('should allow only authenticated users to archive org users', async () => {
|
|
await request(app.getHttpServer()).post('/api/organization_users/random-id/archive/').expect(401);
|
|
});
|
|
|
|
it('should throw error when trying to remove last active admin', async () => {
|
|
const adminUserData = await createUser(app, {
|
|
email: 'admin@tooljet.io',
|
|
groups: ['admin', 'all_users'],
|
|
status: 'active',
|
|
});
|
|
const organization = adminUserData.organization;
|
|
const anotherAdminUserData = await createUser(app, {
|
|
email: 'another-admin@tooljet.io',
|
|
groups: ['admin', 'all_users'],
|
|
status: 'active',
|
|
organization,
|
|
});
|
|
|
|
const _archivedAdmin = await createUser(app, {
|
|
email: 'archived-admin@tooljet.io',
|
|
groups: ['admin', 'all_users'],
|
|
status: 'archived',
|
|
organization,
|
|
});
|
|
|
|
await request(app.getHttpServer())
|
|
.post(`/api/organization_users/${anotherAdminUserData.orgUser.id}/archive/`)
|
|
.set('Authorization', authHeaderForUser(adminUserData.user))
|
|
.expect(201);
|
|
|
|
const response = await request(app.getHttpServer())
|
|
.post(`/api/organization_users/${adminUserData.orgUser.id}/archive/`)
|
|
.set('Authorization', authHeaderForUser(adminUserData.user));
|
|
|
|
expect(response.statusCode).toEqual(400);
|
|
expect(response.body.message).toEqual('Atleast one active admin is required.');
|
|
});
|
|
|
|
it('should allow only admin users to archive org users', async () => {
|
|
const adminUserData = await createUser(app, {
|
|
email: 'admin@tooljet.io',
|
|
groups: ['admin', 'all_users'],
|
|
status: 'active',
|
|
});
|
|
const organization = adminUserData.organization;
|
|
const developerUserData = await createUser(app, {
|
|
email: 'developer@tooljet.io',
|
|
groups: ['developer', 'all_users'],
|
|
organization,
|
|
});
|
|
const viewerUserData = await createUser(app, {
|
|
email: 'viewer@tooljet.io',
|
|
groups: ['viewer', 'all_users'],
|
|
organization,
|
|
});
|
|
|
|
await request(app.getHttpServer())
|
|
.post(`/api/organization_users/${viewerUserData.orgUser.id}/archive/`)
|
|
.set('Authorization', authHeaderForUser(developerUserData.user))
|
|
.expect(403);
|
|
|
|
await viewerUserData.orgUser.reload();
|
|
expect(viewerUserData.orgUser.status).toBe('invited');
|
|
|
|
await request(app.getHttpServer())
|
|
.post(`/api/organization_users/${viewerUserData.orgUser.id}/archive/`)
|
|
.set('Authorization', authHeaderForUser(adminUserData.user))
|
|
.expect(201);
|
|
|
|
await viewerUserData.orgUser.reload();
|
|
expect(viewerUserData.orgUser.status).toBe('archived');
|
|
});
|
|
});
|
|
|
|
describe('POST /api/organization_users/:id/unarchive', () => {
|
|
it('should allow only authenticated users to unarchive org users', async () => {
|
|
await request(app.getHttpServer()).post('/api/organization_users/random-id/unarchive/').expect(401);
|
|
});
|
|
|
|
it('should allow only admin users to unarchive org users', async () => {
|
|
const adminUserData = await createUser(app, {
|
|
email: 'admin@tooljet.io',
|
|
status: 'active',
|
|
groups: ['admin', 'all_users'],
|
|
});
|
|
const organization = adminUserData.organization;
|
|
const developerUserData = await createUser(app, {
|
|
email: 'developer@tooljet.io',
|
|
status: 'active',
|
|
groups: ['developer', 'all_users'],
|
|
organization,
|
|
});
|
|
const viewerUserData = await createUser(app, {
|
|
email: 'viewer@tooljet.io',
|
|
status: 'archived',
|
|
invitationToken: 'old-token',
|
|
password: 'old-password',
|
|
groups: ['viewer', 'all_users'],
|
|
organization,
|
|
});
|
|
|
|
await request(app.getHttpServer())
|
|
.post(`/api/organization_users/${viewerUserData.orgUser.id}/unarchive/`)
|
|
.set('Authorization', authHeaderForUser(developerUserData.user))
|
|
.expect(403);
|
|
|
|
await viewerUserData.orgUser.reload();
|
|
expect(viewerUserData.orgUser.status).toBe('archived');
|
|
|
|
await request(app.getHttpServer())
|
|
.post(`/api/organization_users/${viewerUserData.orgUser.id}/unarchive/`)
|
|
.set('Authorization', authHeaderForUser(developerUserData.user))
|
|
.expect(403);
|
|
|
|
await viewerUserData.orgUser.reload();
|
|
expect(viewerUserData.orgUser.status).toBe('archived');
|
|
|
|
await request(app.getHttpServer())
|
|
.post(`/api/organization_users/${viewerUserData.orgUser.id}/unarchive/`)
|
|
.set('Authorization', authHeaderForUser(adminUserData.user))
|
|
.expect(201);
|
|
|
|
await viewerUserData.orgUser.reload();
|
|
await viewerUserData.user.reload();
|
|
expect(viewerUserData.orgUser.status).toBe('invited');
|
|
expect(viewerUserData.user.invitationToken).not.toBe('old-token');
|
|
expect(viewerUserData.user.password).not.toBe('old-password');
|
|
});
|
|
|
|
it('should allow unarchive if user is already archived', async () => {
|
|
const adminUserData = await createUser(app, {
|
|
email: 'admin@tooljet.io',
|
|
status: 'active',
|
|
groups: ['admin', 'all_users'],
|
|
});
|
|
const organization = adminUserData.organization;
|
|
const developerUserData = await createUser(app, {
|
|
email: 'developer@tooljet.io',
|
|
status: 'active',
|
|
groups: ['developer', 'all_users'],
|
|
organization,
|
|
});
|
|
|
|
await request(app.getHttpServer())
|
|
.post(`/api/organization_users/${developerUserData.orgUser.id}/unarchive/`)
|
|
.set('Authorization', authHeaderForUser(adminUserData.user))
|
|
.expect(201);
|
|
|
|
await developerUserData.orgUser.reload();
|
|
expect(developerUserData.orgUser.status).toBe('active');
|
|
});
|
|
});
|
|
|
|
afterAll(async () => {
|
|
await app.close();
|
|
});
|
|
});
|