mirror of
https://github.com/ToolJet/ToolJet
synced 2026-05-21 07:59:01 +00:00
d88139d5b7
* SSO 🔥 (#2) * Add rough implementation of google SSO * Use env variables for storing Google Oauth client id * Set organization user to active when a new user is created via sso This commit also fetches first name and last name from the payload received from google. Also adds some refactoring. * Apply proper styles to google login button * Refactor oauth controller * Move google specific logic to a separate service * Fail sign-in if google could not verify idToken * Refactoring update for GoogleOAuthService * Change env variable name for google sso client id * Show Google sign-in button only if client id env variable is given * Add SSO_GOOGLE_OAUTH2_CLIENT_ID to app.json * Whitelist apis.google.com in CSP * Add accounts.google.com to CSP * Add documentation for Google SSO * Add e2e tests for Google SSO * Resolve minor linting issues * Avoid use of raw query in migration for SSO ID This commit also adds an index for SSO ID * Verify domain of user's email id for single sign on * Add documentation for RESTRICTED_DOMAIN env variable in SSO * Move SSO controllers and services to ee folder * Move GoogleLoginButton to ee folder * Test the restricted domain verification for Google SSO * Remove unnecessary console.log * Apply better styles to Sign in with google button * Remove documentation for Google SSO This will be added to the community edition repo * Remove unnecessary static images * Fetch Google OAuth2 client id from server instead of client env (#3) * Check for existing email when signing in via SSO (#4) * hotfix oauth service return type * hotfix sso user creation * Allow disabling sign-up via SSO (#5) * hotfix file input change on import/export * Align SSO button on login box center (#6) * Fix: group permission not being set on sso (#7) * fixes group permission not being set on sso * update specs for sso * lint fix * add user id on login response * decamelize keys on login response * fix specs Co-authored-by: Akshay Sasidharan <akshaysasidharan93@gmail.com> Co-authored-by: navaneeth <navaneethpk@outlook.com>
158 lines
5.1 KiB
TypeScript
158 lines
5.1 KiB
TypeScript
import * as request from 'supertest';
|
|
import { INestApplication } from '@nestjs/common';
|
|
import { clearDB, createUser, createNestAppInstance } from '../test.helper';
|
|
import { OAuth2Client } from 'google-auth-library';
|
|
|
|
describe('oauth controller', () => {
|
|
let app: INestApplication;
|
|
|
|
beforeEach(async () => {
|
|
await clearDB();
|
|
});
|
|
|
|
beforeAll(async () => {
|
|
app = await createNestAppInstance();
|
|
});
|
|
|
|
describe('sign in via Google OAuth', () => {
|
|
it('should return login info when the user does not exist', async () => {
|
|
const googleVerifyMock = jest.spyOn(OAuth2Client.prototype, 'verifyIdToken');
|
|
googleVerifyMock.mockImplementation(() => ({
|
|
getPayload: () => ({
|
|
sub: 'someSSOId',
|
|
email: 'ssoUser@tooljet.io',
|
|
name: 'SSO User',
|
|
hd: 'tooljet.io',
|
|
}),
|
|
}));
|
|
|
|
// Calling the createUser helper function to have an Organization created. This user is irrelevant for the test
|
|
await createUser(app, { email: 'anotherUser@tooljet.io', role: 'admin' });
|
|
|
|
const token = ['someStuff'];
|
|
|
|
const response = await request(app.getHttpServer()).post('/api/oauth/sign-in').send({ token });
|
|
|
|
expect(googleVerifyMock).toHaveBeenCalledWith({
|
|
idToken: token,
|
|
audience: expect.anything(),
|
|
});
|
|
|
|
expect(response.statusCode).toBe(201);
|
|
expect(new Set(Object.keys(response.body))).toEqual(
|
|
new Set([
|
|
'id',
|
|
'email',
|
|
'first_name',
|
|
'last_name',
|
|
'auth_token',
|
|
'admin',
|
|
'group_permissions',
|
|
'app_group_permissions',
|
|
])
|
|
);
|
|
|
|
const { email, first_name, last_name, admin, group_permissions, app_group_permissions } = response.body;
|
|
|
|
expect(email).toEqual('ssoUser@tooljet.io');
|
|
expect(first_name).toEqual('SSO');
|
|
expect(last_name).toEqual('User');
|
|
expect(admin).toBeFalsy();
|
|
expect(group_permissions).toHaveLength(1);
|
|
expect(group_permissions[0].group).toEqual('all_users');
|
|
expect(new Set(Object.keys(group_permissions[0]))).toEqual(
|
|
new Set(['id', 'organization_id', 'group', 'app_create', 'app_delete', 'updated_at', 'created_at'])
|
|
);
|
|
expect(app_group_permissions).toHaveLength(0);
|
|
});
|
|
|
|
it('should be forbid logging in when the user does not exist and signups are disabled', async () => {
|
|
process.env.SSO_DISABLE_SIGNUP = 'true';
|
|
const googleVerifyMock = jest.spyOn(OAuth2Client.prototype, 'verifyIdToken');
|
|
googleVerifyMock.mockImplementation(() => ({
|
|
getPayload: () => ({
|
|
sub: 'someSSOId',
|
|
email: 'ssoUser@tooljet.io',
|
|
name: 'SSO User',
|
|
hd: 'tooljet.io',
|
|
}),
|
|
}));
|
|
|
|
// Calling the createUser helper function to have an Organization created. This user is irrelevant for the test
|
|
await createUser(app, { email: 'anotherUser@tooljet.io', role: 'admin' });
|
|
|
|
const token = ['someStuff'];
|
|
|
|
const response = await request(app.getHttpServer()).post('/api/oauth/sign-in').send({ token });
|
|
|
|
expect(googleVerifyMock).toHaveBeenCalledWith({
|
|
idToken: token,
|
|
audience: expect.anything(),
|
|
});
|
|
|
|
expect(response.statusCode).toBe(401);
|
|
process.env.SSO_DISABLE_SIGNUP = 'false';
|
|
});
|
|
|
|
it('should return login info when the user exists', async () => {
|
|
const googleVerifyMock = jest.spyOn(OAuth2Client.prototype, 'verifyIdToken');
|
|
googleVerifyMock.mockImplementation(() => ({
|
|
getPayload: () => ({
|
|
sub: 'someSSOId',
|
|
email: 'ssoUser@tooljet.io',
|
|
name: 'New name',
|
|
hd: 'tooljet.io',
|
|
}),
|
|
}));
|
|
|
|
await createUser(app, {
|
|
email: 'ssoUser@tooljet.io',
|
|
role: 'developer',
|
|
ssoId: 'someSSOId',
|
|
firstName: 'Existing',
|
|
lastName: 'Name',
|
|
groups: ['all_users', 'admin'],
|
|
});
|
|
|
|
const token = ['someStuff'];
|
|
|
|
const response = await request(app.getHttpServer()).post('/api/oauth/sign-in').send({ token });
|
|
|
|
expect(googleVerifyMock).toHaveBeenCalledWith({
|
|
idToken: token,
|
|
audience: expect.anything(),
|
|
});
|
|
|
|
expect(response.statusCode).toBe(201);
|
|
expect(new Set(Object.keys(response.body))).toEqual(
|
|
new Set([
|
|
'id',
|
|
'email',
|
|
'first_name',
|
|
'last_name',
|
|
'auth_token',
|
|
'admin',
|
|
'group_permissions',
|
|
'app_group_permissions',
|
|
])
|
|
);
|
|
|
|
const { email, first_name, last_name, admin, group_permissions, app_group_permissions } = response.body;
|
|
|
|
expect(email).toEqual('ssoUser@tooljet.io');
|
|
expect(first_name).toEqual('Existing');
|
|
expect(last_name).toEqual('Name');
|
|
expect(admin).toBeTruthy();
|
|
expect(group_permissions).toHaveLength(2);
|
|
expect(new Set(group_permissions.map((p) => p.group))).toEqual(new Set(['all_users', 'admin']));
|
|
expect(new Set(Object.keys(group_permissions[0]))).toEqual(
|
|
new Set(['id', 'organization_id', 'group', 'app_create', 'app_delete', 'updated_at', 'created_at'])
|
|
);
|
|
expect(app_group_permissions).toHaveLength(0);
|
|
});
|
|
});
|
|
|
|
afterAll(async () => {
|
|
await app.close();
|
|
});
|
|
});
|