Elgato_dark/ToolJet
1
0
Fork 0
mirror of https://github.com/ToolJet/ToolJet synced 2026-04-21 21:47:17 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 7
ToolJet/server/test/controllers/organization_users.e2e-spec.ts
Muhsin Shah C P 32740743e1
[Improvement] URLs scoped with workspace id (#5487) 
* add: new URL prefix

* fix: working on home page

* add: profile path

* playing with rxjs

* removed context part

* working on path changes

* changing routes
- TODO: replace the workspaceId with actual id

* redo: public apps path

* initial commit

* added authorize API

* remove privileges from auth response

* fixed some api issue
- added subscriptions

* fix: redirect url workspace-id null issue

* fix: switch workspace

* fix: organization list mapping
- menu item paths

* fix: preview url
- editor, viewer permission mapping

* jwt fix

* fix: some url issue
- permission mappings
- workspace login

* fixed some issues
- user invite workspace-id
- org settings menu item default selected item issue

* app viewer fixes

* fixing workspace login issues

* fix

* fixing issues
- tooljet db
- path issues
- refatoring the code

* fix: workspace vars permissions

* fix: multi-page handle

* fix: create app from template

* fix: bulk user upload

* fix: import app
- clone app
- upload profile image

* fix: onboarding

* fix: log out

* fixed multi-workspace logout issue

* fix: launch btn

* fix: oauth2

* fixes

* fix: sso login

* fix: workspace sso login

* fixing sso issues

* fix: moved list of orgs to rxjs
- fixed switching issues

* reverting some changes

* fixed some minor bugs

* fixing sso redirect url issues

* fix: switching network timing issues

* fix: back to workspace-id

* fix: tj-database
- refactored the code - removed org id from some pages
- will get the org id from the service file only

* fix: multi-pages

* fix: infinite loop issue

* fixing workspace switching issue

* fixes
- comment link
- logout & private route redirect url

* fix: wrong uuid error

* fixing subpath
- fixed most of the places
- need to test & fix workspace login, sso, new account

* fix: subpath workspace login

* fix: rxjs handle bug

* Revert "fix: tj-database"

This reverts commit 9632ec2ff0.

* fix: reverted tj-db changes

* fix: subpath sso

* typo fix

* fix: existing session issues

* new: switch workspace page

* fix: modal dark-mode

* added default sso support

* fixes
- subpath workspace switching
- handle wrong routes

* fix: manager user button
- refactored the code

* removed SINGLE Workspace feature

* rebase

* add: change modal text

* fix: added validation

* fixed private app 401 issue

* initial commit

* fix: logged out session multi-tab issue

* refactoring the code

* fix: redirect url issue

* added auth-token in cookies

* Fix: failing e2e specs

* added session API

* fix: backend session guard

* fix: removing user details from local storage

* fix: null wid

* undo and redo

* fix: login page

* fix: viewer login redirection

* fix: login page redirection

* fix: public apps logout issue

* added session storage and scheduler

* added profile api

* fix: sso login
- switch workspace
- login page
- setup admin

* working on fixes

* fix: socket issue

* fix: setup admin api

* connected profile & logout apis

* fix: malfunctioned auth token case

* fix: realtime avatar

* fix: profile avatar

* fix: Realtime cursors avatar

* setting max age for auth token cookie

* add: Go to login page if logout api returns 401

* fix: subpath login

* fix

* fix: app logout [viewer]

* fix: authorize page

* remove expiry from jwt

* fix: integrations route
- session api

* small fix

* fix: updated profile

* fix: workspace login [logged user]

* fix: oauth and another workspace page issue

* fixed app preview logout issue

* subpath fix

* fix: subpath app id

* fix: selected state didnt change for apps page [subpath]

* fix

* add cookie parser to test app

* specs added

* increased user session expiry time

* test: session & new apis

* working on test cases

* fix: onboarding issue

* fixing specs

* fix: test cases

* fix: removing profile api calls

* some fixes

* fixing rebase issues

* fix: global ds issues

* fix: app is crashing

* fix: back to text

* fix: oauth test cases

* fix: test-helper

* fix: onboarding test cases

* fix: tests again

* refactoring the code

* latest develop merging precautions
- fixed a minor null issue

* fix: typo

* fix :menu issues due to the merging

* fix: - clicking on tooljet logo didnt redirect to login page for public apps
- private app preview doesnt load after login

* subpath fixes

* fixed back to issue

* PR changes

* fix: spec fixes for EE

* doc: URL scoped for workspace

---------

Co-authored-by: gsmithun4 <gsmithun4@gmail.com>
Co-authored-by: Shubhendra <withshubh@gmail.com>
2023-04-06 16:42:58 +05:30

292 lines
10 KiB
TypeScript
Raw Blame History

/* eslint-disable @typescript-eslint/no-unused-vars */
import * as request from 'supertest';
import { BadRequestException, INestApplication } from '@nestjs/common';
import { authHeaderForUser, clearDB, createUser, createNestAppInstance, authenticateUser } from '../test.helper';
describe('organization users controller', () => {
let app: INestApplication;
beforeEach(async () => {
await clearDB();
});
beforeAll(async () => {
app = await createNestAppInstance();
});
it('should allow only admin to be able to invite new users', async () => {
// setup a pre existing user of different organization
await createUser(app, {
email: 'someUser@tooljet.io',
groups: ['admin', 'all_users'],
});
// setup organization and user setup to test against
const adminUserData = await createUser(app, {
email: 'admin@tooljet.io',
groups: ['admin', 'all_users'],
});
const organization = adminUserData.organization;
let loggedUser = await authenticateUser(app);
adminUserData['tokenCookie'] = loggedUser.tokenCookie;
const developerUserData = await createUser(app, {
email: 'developer@tooljet.io',
groups: ['developer', 'all_users'],
organization,
});
loggedUser = await authenticateUser(app, 'developer@tooljet.io');
developerUserData['tokenCookie'] = loggedUser.tokenCookie;
const viewerUserData = await createUser(app, {
email: 'viewer@tooljet.io',
groups: ['viewer', 'all_users'],
organization,
});
loggedUser = await authenticateUser(app, 'viewer@tooljet.io');
viewerUserData['tokenCookie'] = loggedUser.tokenCookie;
await request(app.getHttpServer())
.post(`/api/organization_users/`)
.set('tj-workspace-id', adminUserData.user.defaultOrganizationId)
.set('Cookie', adminUserData['tokenCookie'])
.send({ email: 'test@tooljet.io' })
.expect(201);
await request(app.getHttpServer())
.post(`/api/organization_users/`)
.set('tj-workspace-id', developerUserData.user.defaultOrganizationId)
.set('Cookie', developerUserData['tokenCookie'])
.send({ email: 'test2@tooljet.io' })
.expect(403);
await request(app.getHttpServer())
.post(`/api/organization_users/`)
.set('tj-workspace-id', viewerUserData.user.defaultOrganizationId)
.set('Cookie', viewerUserData['tokenCookie'])
.send({ email: 'test3@tooljet.io' })
.expect(403);
});
describe('POST /api/organization_users/:id/archive', () => {
it('should allow only authenticated users to archive org users', async () => {
await request(app.getHttpServer()).post('/api/organization_users/random-id/archive/').expect(401);
});
it('should throw error when trying to remove last active admin', async () => {
const adminUserData = await createUser(app, {
email: 'admin@tooljet.io',
groups: ['admin', 'all_users'],
status: 'active',
});
const loggedUser = await authenticateUser(app);
adminUserData['tokenCookie'] = loggedUser.tokenCookie;
const organization = adminUserData.organization;
const anotherAdminUserData = await createUser(app, {
email: 'another-admin@tooljet.io',
groups: ['admin', 'all_users'],
status: 'active',
organization,
});
const _archivedAdmin = await createUser(app, {
email: 'archived-admin@tooljet.io',
groups: ['admin', 'all_users'],
status: 'archived',
organization,
});
await request(app.getHttpServer())
.post(`/api/organization_users/${anotherAdminUserData.orgUser.id}/archive/`)
.set('tj-workspace-id', adminUserData.user.defaultOrganizationId)
.set('Cookie', adminUserData['tokenCookie'])
.expect(201);
const response = await request(app.getHttpServer())
.post(`/api/organization_users/${adminUserData.orgUser.id}/archive/`)
.set('tj-workspace-id', adminUserData.user.defaultOrganizationId)
.set('Cookie', adminUserData['tokenCookie']);
expect(response.statusCode).toEqual(400);
expect(response.body.message).toEqual('Atleast one active admin is required.');
});
it('should allow only admin users to archive org users', async () => {
const adminUserData = await createUser(app, {
email: 'admin@tooljet.io',
groups: ['admin', 'all_users'],
});
let loggedUser = await authenticateUser(app);
adminUserData['tokenCookie'] = loggedUser.tokenCookie;
const organization = adminUserData.organization;
const developerUserData = await createUser(app, {
email: 'developer@tooljet.io',
groups: ['developer', 'all_users'],
organization,
});
loggedUser = await authenticateUser(app, 'developer@tooljet.io');
developerUserData['tokenCookie'] = loggedUser.tokenCookie;
const viewerUserData = await createUser(app, {
email: 'viewer@tooljet.io',
groups: ['viewer', 'all_users'],
organization,
status: 'invited',
});
await request(app.getHttpServer())
.post(`/api/organization_users/${viewerUserData.orgUser.id}/archive/`)
.set('tj-workspace-id', developerUserData.user.defaultOrganizationId)
.set('Cookie', developerUserData['tokenCookie'])
.expect(403);
await viewerUserData.orgUser.reload();
expect(viewerUserData.orgUser.status).toBe('invited');
await request(app.getHttpServer())
.post(`/api/organization_users/${viewerUserData.orgUser.id}/archive/`)
.set('tj-workspace-id', adminUserData.user.defaultOrganizationId)
.set('Cookie', adminUserData['tokenCookie'])
.expect(201);
await viewerUserData.orgUser.reload();
expect(viewerUserData.orgUser.status).toBe('archived');
});
});
describe('POST /api/organization_users/:id/unarchive', () => {
it('should allow only authenticated users to unarchive org users', async () => {
await request(app.getHttpServer()).post('/api/organization_users/random-id/unarchive/').expect(401);
});
it('should allow only admin users to unarchive org users', async () => {
const adminUserData = await createUser(app, {
email: 'admin@tooljet.io',
status: 'active',
groups: ['admin', 'all_users'],
});
let loggedUser = await authenticateUser(app);
adminUserData['tokenCookie'] = loggedUser.tokenCookie;
const organization = adminUserData.organization;
const developerUserData = await createUser(app, {
email: 'developer@tooljet.io',
status: 'active',
groups: ['developer', 'all_users'],
organization,
});
loggedUser = await authenticateUser(app, 'developer@tooljet.io');
developerUserData['tokenCookie'] = loggedUser.tokenCookie;
const viewerUserData = await createUser(app, {
email: 'viewer@tooljet.io',
status: 'archived',
groups: ['viewer', 'all_users'],
organization,
});
loggedUser = await authenticateUser(app, 'viewer@tooljet.io');
viewerUserData['tokenCookie'] = loggedUser.tokenCookie;
await request(app.getHttpServer())
.post(`/api/organization_users/${viewerUserData.orgUser.id}/unarchive/`)
.set('tj-workspace-id', developerUserData.user.defaultOrganizationId)
.set('Cookie', developerUserData['tokenCookie'])
.expect(403);
await viewerUserData.orgUser.reload();
expect(viewerUserData.orgUser.status).toBe('archived');
await request(app.getHttpServer())
.post(`/api/organization_users/${viewerUserData.orgUser.id}/unarchive/`)
.set('tj-workspace-id', developerUserData.user.defaultOrganizationId)
.set('Cookie', developerUserData['tokenCookie'])
.expect(403);
await viewerUserData.orgUser.reload();
expect(viewerUserData.orgUser.status).toBe('archived');
await request(app.getHttpServer())
.post(`/api/organization_users/${viewerUserData.orgUser.id}/unarchive/`)
.set('tj-workspace-id', adminUserData.user.defaultOrganizationId)
.set('Cookie', adminUserData['tokenCookie'])
.expect(201);
await viewerUserData.orgUser.reload();
await viewerUserData.user.reload();
expect(viewerUserData.orgUser.status).toBe('invited');
expect(viewerUserData.user.invitationToken).not.toBe('');
expect(viewerUserData.user.password).not.toBe('old-password');
});
it('should not allow unarchive if user status is not archived', async () => {
const adminUserData = await createUser(app, {
email: 'admin@tooljet.io',
status: 'active',
groups: ['admin', 'all_users'],
});
const loggedUser = await authenticateUser(app);
adminUserData['tokenCookie'] = loggedUser.tokenCookie;
const organization = adminUserData.organization;
const developerUserData = await createUser(app, {
email: 'developer@tooljet.io',
status: 'active',
groups: ['developer', 'all_users'],
organization,
});
await request(app.getHttpServer())
.post(`/api/organization_users/${developerUserData.orgUser.id}/unarchive/`)
.set('tj-workspace-id', adminUserData.user.defaultOrganizationId)
.set('Cookie', adminUserData['tokenCookie'])
.expect(400);
await developerUserData.orgUser.reload();
expect(developerUserData.orgUser.status).toBe('active');
});
it('should not allow unarchive if user status is not archived', async () => {
const adminUserData = await createUser(app, {
email: 'admin@tooljet.io',
status: 'active',
groups: ['admin', 'all_users'],
});
const organization = adminUserData.organization;
const developerUserData = await createUser(app, {
email: 'developer@tooljet.io',
status: 'invited',
groups: ['developer', 'all_users'],
organization,
});
const loggedUser = await authenticateUser(app);
adminUserData['tokenCookie'] = loggedUser.tokenCookie;
await request(app.getHttpServer())
.post(`/api/organization_users/${developerUserData.orgUser.id}/unarchive/`)
.set('tj-workspace-id', adminUserData.user.defaultOrganizationId)
.set('Cookie', adminUserData['tokenCookie'])
.expect(400);
await developerUserData.orgUser.reload();
expect(developerUserData.orgUser.status).toBe('invited');
});
});
afterAll(async () => {
await app.close();
});
});
Reference in a new issue View git blame Copy permalink