groot/automatisch
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore: Remove authentication cases from individual tests

Browse Source
This commit is contained in:
Faruk AYDIN
2024-01-15 15:27:30 +01:00
parent 782fa67320
commit 55c391afc8
8 changed files with 841 additions and 1004 deletions
Download Patch File Download Diff File Expand all files Collapse all files

134
packages/backend/src/graphql/queries/get-current-user.test.js
View File

@@ -6,100 +6,74 @@ import { createRole } from '../../../test/factories/role';
import { createUser } from '../../../test/factories/user'; import { createUser } from '../../../test/factories/user';
describe('graphQL getCurrentUser query', () => { describe('graphQL getCurrentUser query', () => {
describe('with unauthenticated user', () => { let role, currentUser, token, requestObject;
it('should throw not authorized error', async () => {
const invalidUserToken = 'invalid-token';
const query = ` beforeEach(async () => {
query { role = await createRole({
getCurrentUser { key: 'sample',
id name: 'sample',
email
}
}
`;
const response = await request(app)
.post('/graphql')
.set('Authorization', invalidUserToken)
.send({ query })
.expect(200);
expect(response.body.errors).toBeDefined();
expect(response.body.errors[0].message).toEqual('Not Authorised!');
}); });
currentUser = await createUser({
roleId: role.id,
});
token = createAuthTokenByUserId(currentUser.id);
requestObject = request(app).post('/graphql').set('Authorization', token);
}); });
describe('with authenticated user', () => { it('should return user data', async () => {
let role, currentUser, token, requestObject; const query = `
query {
beforeEach(async () => { getCurrentUser {
role = await createRole({ id
key: 'sample', email
name: 'sample', fullName
}); email
createdAt
currentUser = await createUser({ updatedAt
roleId: role.id, role {
});
token = createAuthTokenByUserId(currentUser.id);
requestObject = request(app).post('/graphql').set('Authorization', token);
});
it('should return user data', async () => {
const query = `
query {
getCurrentUser {
id id
email name
fullName
email
createdAt
updatedAt
role {
id
name
}
} }
} }
`; }
`;
const response = await requestObject.send({ query }).expect(200); const response = await requestObject.send({ query }).expect(200);
const expectedResponsePayload = { const expectedResponsePayload = {
data: { data: {
getCurrentUser: { getCurrentUser: {
createdAt: currentUser.createdAt.getTime().toString(), createdAt: currentUser.createdAt.getTime().toString(),
email: currentUser.email, email: currentUser.email,
fullName: currentUser.fullName, fullName: currentUser.fullName,
id: currentUser.id, id: currentUser.id,
role: { id: role.id, name: role.name }, role: { id: role.id, name: role.name },
updatedAt: currentUser.updatedAt.getTime().toString(), updatedAt: currentUser.updatedAt.getTime().toString(),
},
}, },
}; },
};
expect(response.body).toEqual(expectedResponsePayload); expect(response.body).toEqual(expectedResponsePayload);
}); });
it('should not return user password', async () => { it('should not return user password', async () => {
const query = ` const query = `
query { query {
getCurrentUser { getCurrentUser {
id id
email email
password password
}
} }
`; }
`;
const response = await requestObject.send({ query }).expect(400); const response = await requestObject.send({ query }).expect(400);
expect(response.body.errors).toBeDefined(); expect(response.body.errors).toBeDefined();
expect(response.body.errors[0].message).toEqual( expect(response.body.errors[0].message).toEqual(
'Cannot query field "password" on type "User".' 'Cannot query field "password" on type "User".'
); );
});
}); });
}); });

619
packages/backend/src/graphql/queries/get-executions.test.js
View File

@@ -40,307 +40,291 @@ describe('graphQL getExecutions query', () => {
} }
`; `;
const invalidToken = 'invalid-token'; describe('and without correct permissions', () => {
describe('with unauthenticated user', () => {
it('should throw not authorized error', async () => { it('should throw not authorized error', async () => {
const userWithoutPermissions = await createUser();
const token = createAuthTokenByUserId(userWithoutPermissions.id);
const response = await request(app) const response = await request(app)
.post('/graphql') .post('/graphql')
.set('Authorization', invalidToken) .set('Authorization', token)
.send({ query }) .send({ query })
.expect(200); .expect(200);
expect(response.body.errors).toBeDefined(); expect(response.body.errors).toBeDefined();
expect(response.body.errors[0].message).toEqual('Not Authorised!'); expect(response.body.errors[0].message).toEqual('Not authorized!');
}); });
}); });
describe('with authenticated user', () => { describe('and with correct permission', () => {
describe('and without permissions', () => { let role,
it('should throw not authorized error', async () => { currentUser,
const userWithoutPermissions = await createUser(); anotherUser,
const token = createAuthTokenByUserId(userWithoutPermissions.id); token,
flowOne,
stepOneForFlowOne,
stepTwoForFlowOne,
executionOne,
flowTwo,
stepOneForFlowTwo,
stepTwoForFlowTwo,
executionTwo,
flowThree,
stepOneForFlowThree,
stepTwoForFlowThree,
executionThree,
expectedResponseForExecutionOne,
expectedResponseForExecutionTwo,
expectedResponseForExecutionThree;
beforeEach(async () => {
role = await createRole({
key: 'sample',
name: 'sample',
});
currentUser = await createUser({
roleId: role.id,
fullName: 'Current User',
});
anotherUser = await createUser();
token = createAuthTokenByUserId(currentUser.id);
flowOne = await createFlow({
userId: currentUser.id,
});
stepOneForFlowOne = await createStep({
flowId: flowOne.id,
});
stepTwoForFlowOne = await createStep({
flowId: flowOne.id,
});
executionOne = await createExecution({
flowId: flowOne.id,
});
await createExecutionStep({
executionId: executionOne.id,
stepId: stepOneForFlowOne.id,
status: 'success',
});
await createExecutionStep({
executionId: executionOne.id,
stepId: stepTwoForFlowOne.id,
status: 'success',
});
flowTwo = await createFlow({
userId: currentUser.id,
});
stepOneForFlowTwo = await createStep({
flowId: flowTwo.id,
});
stepTwoForFlowTwo = await createStep({
flowId: flowTwo.id,
});
executionTwo = await createExecution({
flowId: flowTwo.id,
});
await createExecutionStep({
executionId: executionTwo.id,
stepId: stepOneForFlowTwo.id,
status: 'success',
});
await createExecutionStep({
executionId: executionTwo.id,
stepId: stepTwoForFlowTwo.id,
status: 'failure',
});
flowThree = await createFlow({
userId: anotherUser.id,
});
stepOneForFlowThree = await createStep({
flowId: flowThree.id,
});
stepTwoForFlowThree = await createStep({
flowId: flowThree.id,
});
executionThree = await createExecution({
flowId: flowThree.id,
});
await createExecutionStep({
executionId: executionThree.id,
stepId: stepOneForFlowThree.id,
status: 'success',
});
await createExecutionStep({
executionId: executionThree.id,
stepId: stepTwoForFlowThree.id,
status: 'failure',
});
expectedResponseForExecutionOne = {
node: {
createdAt: executionOne.createdAt.getTime().toString(),
flow: {
active: flowOne.active,
id: flowOne.id,
name: flowOne.name,
steps: [
{
iconUrl: `${appConfig.baseUrl}/apps/${stepOneForFlowOne.appKey}/assets/favicon.svg`,
},
{
iconUrl: `${appConfig.baseUrl}/apps/${stepTwoForFlowOne.appKey}/assets/favicon.svg`,
},
],
},
id: executionOne.id,
status: 'success',
testRun: executionOne.testRun,
updatedAt: executionOne.updatedAt.getTime().toString(),
},
};
expectedResponseForExecutionTwo = {
node: {
createdAt: executionTwo.createdAt.getTime().toString(),
flow: {
active: flowTwo.active,
id: flowTwo.id,
name: flowTwo.name,
steps: [
{
iconUrl: `${appConfig.baseUrl}/apps/${stepTwoForFlowTwo.appKey}/assets/favicon.svg`,
},
{
iconUrl: `${appConfig.baseUrl}/apps/${stepTwoForFlowTwo.appKey}/assets/favicon.svg`,
},
],
},
id: executionTwo.id,
status: 'failure',
testRun: executionTwo.testRun,
updatedAt: executionTwo.updatedAt.getTime().toString(),
},
};
expectedResponseForExecutionThree = {
node: {
createdAt: executionThree.createdAt.getTime().toString(),
flow: {
active: flowThree.active,
id: flowThree.id,
name: flowThree.name,
steps: [
{
iconUrl: `${appConfig.baseUrl}/apps/${stepOneForFlowThree.appKey}/assets/favicon.svg`,
},
{
iconUrl: `${appConfig.baseUrl}/apps/${stepTwoForFlowThree.appKey}/assets/favicon.svg`,
},
],
},
id: executionThree.id,
status: 'failure',
testRun: executionThree.testRun,
updatedAt: executionThree.updatedAt.getTime().toString(),
},
};
});
describe('and with isCreator condition', () => {
beforeEach(async () => {
await createPermission({
action: 'read',
subject: 'Execution',
roleId: role.id,
conditions: ['isCreator'],
});
});
it('should return executions data of the current user', async () => {
const response = await request(app) const response = await request(app)
.post('/graphql') .post('/graphql')
.set('Authorization', token) .set('Authorization', token)
.send({ query }) .send({ query })
.expect(200); .expect(200);
expect(response.body.errors).toBeDefined(); const expectedResponsePayload = {
expect(response.body.errors[0].message).toEqual('Not authorized!'); data: {
getExecutions: {
edges: [
expectedResponseForExecutionTwo,
expectedResponseForExecutionOne,
],
pageInfo: { currentPage: 1, totalPages: 1 },
},
},
};
expect(response.body).toEqual(expectedResponsePayload);
}); });
}); });
describe('and with correct permission', () => { describe('and without isCreator condition', () => {
let role,
currentUser,
anotherUser,
token,
flowOne,
stepOneForFlowOne,
stepTwoForFlowOne,
executionOne,
flowTwo,
stepOneForFlowTwo,
stepTwoForFlowTwo,
executionTwo,
flowThree,
stepOneForFlowThree,
stepTwoForFlowThree,
executionThree,
expectedResponseForExecutionOne,
expectedResponseForExecutionTwo,
expectedResponseForExecutionThree;
beforeEach(async () => { beforeEach(async () => {
role = await createRole({ await createPermission({
key: 'sample', action: 'read',
name: 'sample', subject: 'Execution',
});
currentUser = await createUser({
roleId: role.id, roleId: role.id,
fullName: 'Current User', conditions: [],
});
anotherUser = await createUser();
token = createAuthTokenByUserId(currentUser.id);
flowOne = await createFlow({
userId: currentUser.id,
});
stepOneForFlowOne = await createStep({
flowId: flowOne.id,
});
stepTwoForFlowOne = await createStep({
flowId: flowOne.id,
});
executionOne = await createExecution({
flowId: flowOne.id,
});
await createExecutionStep({
executionId: executionOne.id,
stepId: stepOneForFlowOne.id,
status: 'success',
});
await createExecutionStep({
executionId: executionOne.id,
stepId: stepTwoForFlowOne.id,
status: 'success',
});
flowTwo = await createFlow({
userId: currentUser.id,
});
stepOneForFlowTwo = await createStep({
flowId: flowTwo.id,
});
stepTwoForFlowTwo = await createStep({
flowId: flowTwo.id,
});
executionTwo = await createExecution({
flowId: flowTwo.id,
});
await createExecutionStep({
executionId: executionTwo.id,
stepId: stepOneForFlowTwo.id,
status: 'success',
});
await createExecutionStep({
executionId: executionTwo.id,
stepId: stepTwoForFlowTwo.id,
status: 'failure',
});
flowThree = await createFlow({
userId: anotherUser.id,
});
stepOneForFlowThree = await createStep({
flowId: flowThree.id,
});
stepTwoForFlowThree = await createStep({
flowId: flowThree.id,
});
executionThree = await createExecution({
flowId: flowThree.id,
});
await createExecutionStep({
executionId: executionThree.id,
stepId: stepOneForFlowThree.id,
status: 'success',
});
await createExecutionStep({
executionId: executionThree.id,
stepId: stepTwoForFlowThree.id,
status: 'failure',
});
expectedResponseForExecutionOne = {
node: {
createdAt: executionOne.createdAt.getTime().toString(),
flow: {
active: flowOne.active,
id: flowOne.id,
name: flowOne.name,
steps: [
{
iconUrl: `${appConfig.baseUrl}/apps/${stepOneForFlowOne.appKey}/assets/favicon.svg`,
},
{
iconUrl: `${appConfig.baseUrl}/apps/${stepTwoForFlowOne.appKey}/assets/favicon.svg`,
},
],
},
id: executionOne.id,
status: 'success',
testRun: executionOne.testRun,
updatedAt: executionOne.updatedAt.getTime().toString(),
},
};
expectedResponseForExecutionTwo = {
node: {
createdAt: executionTwo.createdAt.getTime().toString(),
flow: {
active: flowTwo.active,
id: flowTwo.id,
name: flowTwo.name,
steps: [
{
iconUrl: `${appConfig.baseUrl}/apps/${stepTwoForFlowTwo.appKey}/assets/favicon.svg`,
},
{
iconUrl: `${appConfig.baseUrl}/apps/${stepTwoForFlowTwo.appKey}/assets/favicon.svg`,
},
],
},
id: executionTwo.id,
status: 'failure',
testRun: executionTwo.testRun,
updatedAt: executionTwo.updatedAt.getTime().toString(),
},
};
expectedResponseForExecutionThree = {
node: {
createdAt: executionThree.createdAt.getTime().toString(),
flow: {
active: flowThree.active,
id: flowThree.id,
name: flowThree.name,
steps: [
{
iconUrl: `${appConfig.baseUrl}/apps/${stepOneForFlowThree.appKey}/assets/favicon.svg`,
},
{
iconUrl: `${appConfig.baseUrl}/apps/${stepTwoForFlowThree.appKey}/assets/favicon.svg`,
},
],
},
id: executionThree.id,
status: 'failure',
testRun: executionThree.testRun,
updatedAt: executionThree.updatedAt.getTime().toString(),
},
};
});
describe('and with isCreator condition', () => {
beforeEach(async () => {
await createPermission({
action: 'read',
subject: 'Execution',
roleId: role.id,
conditions: ['isCreator'],
});
});
it('should return executions data of the current user', async () => {
const response = await request(app)
.post('/graphql')
.set('Authorization', token)
.send({ query })
.expect(200);
const expectedResponsePayload = {
data: {
getExecutions: {
edges: [
expectedResponseForExecutionTwo,
expectedResponseForExecutionOne,
],
pageInfo: { currentPage: 1, totalPages: 1 },
},
},
};
expect(response.body).toEqual(expectedResponsePayload);
}); });
}); });
describe('and without isCreator condition', () => { it('should return executions data of all users', async () => {
beforeEach(async () => { const response = await request(app)
await createPermission({ .post('/graphql')
action: 'read', .set('Authorization', token)
subject: 'Execution', .send({ query })
roleId: role.id, .expect(200);
conditions: [],
});
});
it('should return executions data of all users', async () => { const expectedResponsePayload = {
const response = await request(app) data: {
.post('/graphql') getExecutions: {
.set('Authorization', token) edges: [
.send({ query }) expectedResponseForExecutionThree,
.expect(200); expectedResponseForExecutionTwo,
expectedResponseForExecutionOne,
const expectedResponsePayload = { ],
data: { pageInfo: { currentPage: 1, totalPages: 1 },
getExecutions: {
edges: [
expectedResponseForExecutionThree,
expectedResponseForExecutionTwo,
expectedResponseForExecutionOne,
],
pageInfo: { currentPage: 1, totalPages: 1 },
},
}, },
}; },
};
expect(response.body).toEqual(expectedResponsePayload); expect(response.body).toEqual(expectedResponsePayload);
});
});
describe('and with filters', () => {
beforeEach(async () => {
await createPermission({
action: 'read',
subject: 'Execution',
roleId: role.id,
conditions: [],
}); });
}); });
describe('and with filters', () => { it('should return executions data for the specified flow', async () => {
beforeEach(async () => { const query = `
await createPermission({
action: 'read',
subject: 'Execution',
roleId: role.id,
conditions: [],
});
});
it('should return executions data for the specified flow', async () => {
const query = `
query { query {
getExecutions(limit: 10, offset: 0, filters: { flowId: "${flowOne.id}" }) { getExecutions(limit: 10, offset: 0, filters: { flowId: "${flowOne.id}" }) {
pageInfo { pageInfo {
@@ -368,26 +352,26 @@ describe('graphQL getExecutions query', () => {
} }
`; `;
const response = await request(app) const response = await request(app)
.post('/graphql') .post('/graphql')
.set('Authorization', token) .set('Authorization', token)
.send({ query }) .send({ query })
.expect(200); .expect(200);
const expectedResponsePayload = { const expectedResponsePayload = {
data: { data: {
getExecutions: { getExecutions: {
edges: [expectedResponseForExecutionOne], edges: [expectedResponseForExecutionOne],
pageInfo: { currentPage: 1, totalPages: 1 }, pageInfo: { currentPage: 1, totalPages: 1 },
},
}, },
}; },
};
expect(response.body).toEqual(expectedResponsePayload); expect(response.body).toEqual(expectedResponsePayload);
}); });
it('should return only executions data with success status', async () => { it('should return only executions data with success status', async () => {
const query = ` const query = `
query { query {
getExecutions(limit: 10, offset: 0, filters: { status: "success" }) { getExecutions(limit: 10, offset: 0, filters: { status: "success" }) {
pageInfo { pageInfo {
@@ -415,30 +399,30 @@ describe('graphQL getExecutions query', () => {
} }
`; `;
const response = await request(app) const response = await request(app)
.post('/graphql') .post('/graphql')
.set('Authorization', token) .set('Authorization', token)
.send({ query }) .send({ query })
.expect(200); .expect(200);
const expectedResponsePayload = { const expectedResponsePayload = {
data: { data: {
getExecutions: { getExecutions: {
edges: [expectedResponseForExecutionOne], edges: [expectedResponseForExecutionOne],
pageInfo: { currentPage: 1, totalPages: 1 }, pageInfo: { currentPage: 1, totalPages: 1 },
},
}, },
}; },
};
expect(response.body).toEqual(expectedResponsePayload); expect(response.body).toEqual(expectedResponsePayload);
}); });
it('should return only executions data within date range', async () => { it('should return only executions data within date range', async () => {
const createdAtFrom = executionOne.createdAt.getTime().toString(); const createdAtFrom = executionOne.createdAt.getTime().toString();
const createdAtTo = executionOne.createdAt.getTime().toString(); const createdAtTo = executionOne.createdAt.getTime().toString();
const query = ` const query = `
query { query {
getExecutions(limit: 10, offset: 0, filters: { createdAt: { from: "${createdAtFrom}", to: "${createdAtTo}" }}) { getExecutions(limit: 10, offset: 0, filters: { createdAt: { from: "${createdAtFrom}", to: "${createdAtTo}" }}) {
pageInfo { pageInfo {
@@ -466,23 +450,22 @@ describe('graphQL getExecutions query', () => {
} }
`; `;
const response = await request(app) const response = await request(app)
.post('/graphql') .post('/graphql')
.set('Authorization', token) .set('Authorization', token)
.send({ query }) .send({ query })
.expect(200); .expect(200);
const expectedResponsePayload = { const expectedResponsePayload = {
data: { data: {
getExecutions: { getExecutions: {
edges: [expectedResponseForExecutionOne], edges: [expectedResponseForExecutionOne],
pageInfo: { currentPage: 1, totalPages: 1 }, pageInfo: { currentPage: 1, totalPages: 1 },
},
}, },
}; },
};
expect(response.body).toEqual(expectedResponsePayload); expect(response.body).toEqual(expectedResponsePayload);
});
}); });
}); });
}); });

360
packages/backend/src/graphql/queries/get-flow.test.js
View File

@@ -40,222 +40,200 @@ describe('graphQL getFlow query', () => {
`; `;
}; };
describe('with unauthenticated user', () => { describe('and without permissions', () => {
it('should throw not authorized error', async () => { it('should throw not authorized error', async () => {
const invalidToken = 'invalid-token'; const userWithoutPermissions = await createUser();
const token = createAuthTokenByUserId(userWithoutPermissions.id);
const flow = await createFlow(); const flow = await createFlow();
const response = await request(app) const response = await request(app)
.post('/graphql') .post('/graphql')
.set('Authorization', invalidToken) .set('Authorization', token)
.send({ query: query(flow.id) }) .send({ query: query(flow.id) })
.expect(200); .expect(200);
expect(response.body.errors).toBeDefined(); expect(response.body.errors).toBeDefined();
expect(response.body.errors[0].message).toEqual('Not Authorised!'); expect(response.body.errors[0].message).toEqual('Not authorized!');
}); });
}); });
describe('with authenticated user', () => { describe('and with correct permission', () => {
describe('and without permissions', () => { let currentUser, currentUserRole, currentUserFlow;
it('should throw not authorized error', async () => {
const userWithoutPermissions = await createUser(); beforeEach(async () => {
const token = createAuthTokenByUserId(userWithoutPermissions.id); currentUserRole = await createRole();
const flow = await createFlow(); currentUser = await createUser({ roleId: currentUserRole.id });
currentUserFlow = await createFlow({ userId: currentUser.id });
});
describe('and with isCreator condition', () => {
it('should return executions data of the current user', async () => {
await createPermission({
action: 'read',
subject: 'Flow',
roleId: currentUserRole.id,
conditions: ['isCreator'],
});
const triggerStep = await createStep({
flowId: currentUserFlow.id,
type: 'trigger',
key: 'catchRawWebhook',
webhookPath: `/webhooks/flows/${currentUserFlow.id}`,
});
const actionConnection = await createConnection({
userId: currentUser.id,
formattedData: {
screenName: 'Test',
authenticationKey: 'test key',
},
});
const actionStep = await createStep({
flowId: currentUserFlow.id,
type: 'action',
connectionId: actionConnection.id,
key: 'translateText',
});
const token = createAuthTokenByUserId(currentUser.id);
const response = await request(app) const response = await request(app)
.post('/graphql') .post('/graphql')
.set('Authorization', token) .set('Authorization', token)
.send({ query: query(flow.id) }) .send({ query: query(currentUserFlow.id) })
.expect(200); .expect(200);
expect(response.body.errors).toBeDefined(); const expectedResponsePayload = {
expect(response.body.errors[0].message).toEqual('Not authorized!'); data: {
getFlow: {
active: currentUserFlow.active,
id: currentUserFlow.id,
name: currentUserFlow.name,
status: 'draft',
steps: [
{
appKey: triggerStep.appKey,
connection: null,
iconUrl: `${appConfig.baseUrl}/apps/${triggerStep.appKey}/assets/favicon.svg`,
id: triggerStep.id,
key: 'catchRawWebhook',
parameters: {},
position: 1,
status: triggerStep.status,
type: 'trigger',
webhookUrl: `${appConfig.baseUrl}/webhooks/flows/${currentUserFlow.id}`,
},
{
appKey: actionStep.appKey,
connection: {
createdAt: actionConnection.createdAt.getTime().toString(),
id: actionConnection.id,
verified: actionConnection.verified,
},
iconUrl: `${appConfig.baseUrl}/apps/${actionStep.appKey}/assets/favicon.svg`,
id: actionStep.id,
key: 'translateText',
parameters: {},
position: 1,
status: actionStep.status,
type: 'action',
webhookUrl: 'http://localhost:3000/null',
},
],
},
},
};
expect(response.body).toEqual(expectedResponsePayload);
}); });
}); });
describe('and with correct permission', () => { describe('and without isCreator condition', () => {
let currentUser, currentUserRole, currentUserFlow; it('should return executions data of all users', async () => {
await createPermission({
beforeEach(async () => { action: 'read',
currentUserRole = await createRole(); subject: 'Flow',
currentUser = await createUser({ roleId: currentUserRole.id }); roleId: currentUserRole.id,
currentUserFlow = await createFlow({ userId: currentUser.id }); conditions: [],
});
describe('and with isCreator condition', () => {
it('should return executions data of the current user', async () => {
await createPermission({
action: 'read',
subject: 'Flow',
roleId: currentUserRole.id,
conditions: ['isCreator'],
});
const triggerStep = await createStep({
flowId: currentUserFlow.id,
type: 'trigger',
key: 'catchRawWebhook',
webhookPath: `/webhooks/flows/${currentUserFlow.id}`,
});
const actionConnection = await createConnection({
userId: currentUser.id,
formattedData: {
screenName: 'Test',
authenticationKey: 'test key',
},
});
const actionStep = await createStep({
flowId: currentUserFlow.id,
type: 'action',
connectionId: actionConnection.id,
key: 'translateText',
});
const token = createAuthTokenByUserId(currentUser.id);
const response = await request(app)
.post('/graphql')
.set('Authorization', token)
.send({ query: query(currentUserFlow.id) })
.expect(200);
const expectedResponsePayload = {
data: {
getFlow: {
active: currentUserFlow.active,
id: currentUserFlow.id,
name: currentUserFlow.name,
status: 'draft',
steps: [
{
appKey: triggerStep.appKey,
connection: null,
iconUrl: `${appConfig.baseUrl}/apps/${triggerStep.appKey}/assets/favicon.svg`,
id: triggerStep.id,
key: 'catchRawWebhook',
parameters: {},
position: 1,
status: triggerStep.status,
type: 'trigger',
webhookUrl: `${appConfig.baseUrl}/webhooks/flows/${currentUserFlow.id}`,
},
{
appKey: actionStep.appKey,
connection: {
createdAt: actionConnection.createdAt
.getTime()
.toString(),
id: actionConnection.id,
verified: actionConnection.verified,
},
iconUrl: `${appConfig.baseUrl}/apps/${actionStep.appKey}/assets/favicon.svg`,
id: actionStep.id,
key: 'translateText',
parameters: {},
position: 1,
status: actionStep.status,
type: 'action',
webhookUrl: 'http://localhost:3000/null',
},
],
},
},
};
expect(response.body).toEqual(expectedResponsePayload);
}); });
});
describe('and without isCreator condition', () => { const anotherUser = await createUser();
it('should return executions data of all users', async () => { const anotherUserFlow = await createFlow({ userId: anotherUser.id });
await createPermission({
action: 'read',
subject: 'Flow',
roleId: currentUserRole.id,
conditions: [],
});
const anotherUser = await createUser(); const triggerStep = await createStep({
const anotherUserFlow = await createFlow({ userId: anotherUser.id }); flowId: anotherUserFlow.id,
type: 'trigger',
const triggerStep = await createStep({ key: 'catchRawWebhook',
flowId: anotherUserFlow.id, webhookPath: `/webhooks/flows/${anotherUserFlow.id}`,
type: 'trigger',
key: 'catchRawWebhook',
webhookPath: `/webhooks/flows/${anotherUserFlow.id}`,
});
const actionConnection = await createConnection({
userId: anotherUser.id,
formattedData: {
screenName: 'Test',
authenticationKey: 'test key',
},
});
const actionStep = await createStep({
flowId: anotherUserFlow.id,
type: 'action',
connectionId: actionConnection.id,
key: 'translateText',
});
const token = createAuthTokenByUserId(currentUser.id);
const response = await request(app)
.post('/graphql')
.set('Authorization', token)
.send({ query: query(anotherUserFlow.id) })
.expect(200);
const expectedResponsePayload = {
data: {
getFlow: {
active: anotherUserFlow.active,
id: anotherUserFlow.id,
name: anotherUserFlow.name,
status: 'draft',
steps: [
{
appKey: triggerStep.appKey,
connection: null,
iconUrl: `${appConfig.baseUrl}/apps/${triggerStep.appKey}/assets/favicon.svg`,
id: triggerStep.id,
key: 'catchRawWebhook',
parameters: {},
position: 1,
status: triggerStep.status,
type: 'trigger',
webhookUrl: `${appConfig.baseUrl}/webhooks/flows/${anotherUserFlow.id}`,
},
{
appKey: actionStep.appKey,
connection: {
createdAt: actionConnection.createdAt
.getTime()
.toString(),
id: actionConnection.id,
verified: actionConnection.verified,
},
iconUrl: `${appConfig.baseUrl}/apps/${actionStep.appKey}/assets/favicon.svg`,
id: actionStep.id,
key: 'translateText',
parameters: {},
position: 1,
status: actionStep.status,
type: 'action',
webhookUrl: 'http://localhost:3000/null',
},
],
},
},
};
expect(response.body).toEqual(expectedResponsePayload);
}); });
const actionConnection = await createConnection({
userId: anotherUser.id,
formattedData: {
screenName: 'Test',
authenticationKey: 'test key',
},
});
const actionStep = await createStep({
flowId: anotherUserFlow.id,
type: 'action',
connectionId: actionConnection.id,
key: 'translateText',
});
const token = createAuthTokenByUserId(currentUser.id);
const response = await request(app)
.post('/graphql')
.set('Authorization', token)
.send({ query: query(anotherUserFlow.id) })
.expect(200);
const expectedResponsePayload = {
data: {
getFlow: {
active: anotherUserFlow.active,
id: anotherUserFlow.id,
name: anotherUserFlow.name,
status: 'draft',
steps: [
{
appKey: triggerStep.appKey,
connection: null,
iconUrl: `${appConfig.baseUrl}/apps/${triggerStep.appKey}/assets/favicon.svg`,
id: triggerStep.id,
key: 'catchRawWebhook',
parameters: {},
position: 1,
status: triggerStep.status,
type: 'trigger',
webhookUrl: `${appConfig.baseUrl}/webhooks/flows/${anotherUserFlow.id}`,
},
{
appKey: actionStep.appKey,
connection: {
createdAt: actionConnection.createdAt.getTime().toString(),
id: actionConnection.id,
verified: actionConnection.verified,
},
iconUrl: `${appConfig.baseUrl}/apps/${actionStep.appKey}/assets/favicon.svg`,
id: actionStep.id,
key: 'translateText',
parameters: {},
position: 1,
status: actionStep.status,
type: 'action',
webhookUrl: 'http://localhost:3000/null',
},
],
},
},
};
expect(response.body).toEqual(expectedResponsePayload);
}); });
}); });
}); });

156
packages/backend/src/graphql/queries/get-role.ee.test.js
View File

@@ -17,7 +17,6 @@ describe('graphQL getRole query', () => {
userWithoutPermissions, userWithoutPermissions,
tokenWithPermissions, tokenWithPermissions,
tokenWithoutPermissions, tokenWithoutPermissions,
invalidToken,
permissionOne, permissionOne,
permissionTwo; permissionTwo;
@@ -74,108 +73,91 @@ describe('graphQL getRole query', () => {
tokenWithoutPermissions = createAuthTokenByUserId( tokenWithoutPermissions = createAuthTokenByUserId(
userWithoutPermissions.id userWithoutPermissions.id
); );
invalidToken = 'invalid-token';
}); });
describe('with unauthenticated user', () => { describe('and with valid license', () => {
it('should throw not authorized error', async () => { beforeEach(async () => {
const response = await request(app) vi.spyOn(license, 'hasValidLicense').mockResolvedValue(true);
.post('/graphql')
.set('Authorization', invalidToken)
.send({ query: queryWithValidRole })
.expect(200);
expect(response.body.errors).toBeDefined();
expect(response.body.errors[0].message).toEqual('Not Authorised!');
}); });
});
describe('with authenticated user', () => { describe('and without permissions', () => {
describe('and with valid license', () => { it('should throw not authorized error', async () => {
beforeEach(async () => { const response = await request(app)
vi.spyOn(license, 'hasValidLicense').mockResolvedValue(true); .post('/graphql')
.set('Authorization', tokenWithoutPermissions)
.send({ query: queryWithValidRole })
.expect(200);
expect(response.body.errors).toBeDefined();
expect(response.body.errors[0].message).toEqual('Not authorized!');
}); });
});
describe('and without permissions', () => { describe('and correct permissions', () => {
it('should throw not authorized error', async () => { it('should return role data for a valid role id', async () => {
const response = await request(app) const response = await request(app)
.post('/graphql') .post('/graphql')
.set('Authorization', tokenWithoutPermissions) .set('Authorization', tokenWithPermissions)
.send({ query: queryWithValidRole }) .send({ query: queryWithValidRole })
.expect(200); .expect(200);
expect(response.body.errors).toBeDefined(); const expectedResponsePayload = {
expect(response.body.errors[0].message).toEqual('Not authorized!'); data: {
}); getRole: {
}); description: validRole.description,
id: validRole.id,
describe('and correct permissions', () => { isAdmin: validRole.key === 'admin',
it('should return role data for a valid role id', async () => { key: validRole.key,
const response = await request(app) name: validRole.name,
.post('/graphql') permissions: [
.set('Authorization', tokenWithPermissions) {
.send({ query: queryWithValidRole }) action: permissionOne.action,
.expect(200); conditions: permissionOne.conditions,
id: permissionOne.id,
const expectedResponsePayload = { subject: permissionOne.subject,
data: { },
getRole: { {
description: validRole.description, action: permissionTwo.action,
id: validRole.id, conditions: permissionTwo.conditions,
isAdmin: validRole.key === 'admin', id: permissionTwo.id,
key: validRole.key, subject: permissionTwo.subject,
name: validRole.name, },
permissions: [ ],
{
action: permissionOne.action,
conditions: permissionOne.conditions,
id: permissionOne.id,
subject: permissionOne.subject,
},
{
action: permissionTwo.action,
conditions: permissionTwo.conditions,
id: permissionTwo.id,
subject: permissionTwo.subject,
},
],
},
}, },
}; },
};
expect(response.body).toEqual(expectedResponsePayload); expect(response.body).toEqual(expectedResponsePayload);
}); });
it('should return not found for invalid role id', async () => { it('should return not found for invalid role id', async () => {
const response = await request(app) const response = await request(app)
.post('/graphql') .post('/graphql')
.set('Authorization', tokenWithPermissions) .set('Authorization', tokenWithPermissions)
.send({ query: queryWithInvalidRole }) .send({ query: queryWithInvalidRole })
.expect(200); .expect(200);
expect(response.body.errors).toBeDefined(); expect(response.body.errors).toBeDefined();
expect(response.body.errors[0].message).toEqual('NotFoundError'); expect(response.body.errors[0].message).toEqual('NotFoundError');
});
}); });
}); });
});
describe('and without valid license', () => { describe('and without valid license', () => {
beforeEach(async () => { beforeEach(async () => {
vi.spyOn(license, 'hasValidLicense').mockResolvedValue(false); vi.spyOn(license, 'hasValidLicense').mockResolvedValue(false);
}); });
describe('and correct permissions', () => { describe('and correct permissions', () => {
it('should throw not authorized error', async () => { it('should throw not authorized error', async () => {
const response = await request(app) const response = await request(app)
.post('/graphql') .post('/graphql')
.set('Authorization', tokenWithPermissions) .set('Authorization', tokenWithPermissions)
.send({ query: queryWithInvalidRole }) .send({ query: queryWithInvalidRole })
.expect(200); .expect(200);
expect(response.body.errors).toBeDefined(); expect(response.body.errors).toBeDefined();
expect(response.body.errors[0].message).toEqual('Not authorized!'); expect(response.body.errors[0].message).toEqual('Not authorized!');
});
}); });
}); });
}); });

150
packages/backend/src/graphql/queries/get-roles.ee.test.js
View File

@@ -15,8 +15,7 @@ describe('graphQL getRoles query', () => {
userWithPermissions, userWithPermissions,
userWithoutPermissions, userWithoutPermissions,
tokenWithPermissions, tokenWithPermissions,
tokenWithoutPermissions, tokenWithoutPermissions;
invalidToken;
beforeEach(async () => { beforeEach(async () => {
currentUserRole = await createRole({ name: 'Current user role' }); currentUserRole = await createRole({ name: 'Current user role' });
@@ -53,99 +52,82 @@ describe('graphQL getRoles query', () => {
tokenWithoutPermissions = createAuthTokenByUserId( tokenWithoutPermissions = createAuthTokenByUserId(
userWithoutPermissions.id userWithoutPermissions.id
); );
invalidToken = 'invalid-token';
}); });
describe('with unauthenticated user', () => { describe('and with valid license', () => {
it('should throw not authorized error', async () => { beforeEach(async () => {
const response = await request(app) vi.spyOn(license, 'hasValidLicense').mockResolvedValue(true);
.post('/graphql')
.set('Authorization', invalidToken)
.send({ query })
.expect(200);
expect(response.body.errors).toBeDefined();
expect(response.body.errors[0].message).toEqual('Not Authorised!');
}); });
});
describe('with authenticated user', () => { describe('and without permissions', () => {
describe('and with valid license', () => { it('should throw not authorized error', async () => {
beforeEach(async () => { const response = await request(app)
vi.spyOn(license, 'hasValidLicense').mockResolvedValue(true); .post('/graphql')
}); .set('Authorization', tokenWithoutPermissions)
.send({ query })
.expect(200);
describe('and without permissions', () => { expect(response.body.errors).toBeDefined();
it('should throw not authorized error', async () => { expect(response.body.errors[0].message).toEqual('Not authorized!');
const response = await request(app)
.post('/graphql')
.set('Authorization', tokenWithoutPermissions)
.send({ query })
.expect(200);
expect(response.body.errors).toBeDefined();
expect(response.body.errors[0].message).toEqual('Not authorized!');
});
});
describe('and correct permissions', () => {
it('should return roles data', async () => {
const response = await request(app)
.post('/graphql')
.set('Authorization', tokenWithPermissions)
.send({ query })
.expect(200);
const expectedResponsePayload = {
data: {
getRoles: [
{
description: currentUserRole.description,
id: currentUserRole.id,
isAdmin: currentUserRole.key === 'admin',
key: currentUserRole.key,
name: currentUserRole.name,
},
{
description: roleOne.description,
id: roleOne.id,
isAdmin: roleOne.key === 'admin',
key: roleOne.key,
name: roleOne.name,
},
{
description: roleSecond.description,
id: roleSecond.id,
isAdmin: roleSecond.key === 'admin',
key: roleSecond.key,
name: roleSecond.name,
},
],
},
};
expect(response.body).toEqual(expectedResponsePayload);
});
}); });
}); });
describe('and without valid license', () => { describe('and correct permissions', () => {
beforeEach(async () => { it('should return roles data', async () => {
vi.spyOn(license, 'hasValidLicense').mockResolvedValue(false); const response = await request(app)
.post('/graphql')
.set('Authorization', tokenWithPermissions)
.send({ query })
.expect(200);
const expectedResponsePayload = {
data: {
getRoles: [
{
description: currentUserRole.description,
id: currentUserRole.id,
isAdmin: currentUserRole.key === 'admin',
key: currentUserRole.key,
name: currentUserRole.name,
},
{
description: roleOne.description,
id: roleOne.id,
isAdmin: roleOne.key === 'admin',
key: roleOne.key,
name: roleOne.name,
},
{
description: roleSecond.description,
id: roleSecond.id,
isAdmin: roleSecond.key === 'admin',
key: roleSecond.key,
name: roleSecond.name,
},
],
},
};
expect(response.body).toEqual(expectedResponsePayload);
}); });
});
});
describe('and correct permissions', () => { describe('and without valid license', () => {
it('should throw not authorized error', async () => { beforeEach(async () => {
const response = await request(app) vi.spyOn(license, 'hasValidLicense').mockResolvedValue(false);
.post('/graphql') });
.set('Authorization', tokenWithPermissions)
.send({ query })
.expect(200);
expect(response.body.errors).toBeDefined(); describe('and correct permissions', () => {
expect(response.body.errors[0].message).toEqual('Not authorized!'); it('should throw not authorized error', async () => {
}); const response = await request(app)
.post('/graphql')
.set('Authorization', tokenWithPermissions)
.send({ query })
.expect(200);
expect(response.body.errors).toBeDefined();
expect(response.body.errors[0].message).toEqual('Not authorized!');
}); });
}); });
}); });

101
packages/backend/src/graphql/queries/get-trial-status.ee.test.js
View File

@@ -16,34 +16,46 @@ describe('graphQL getTrialStatus query', () => {
} }
`; `;
const invalidToken = 'invalid-token'; let user, userToken;
describe('with unauthenticated user', () => { beforeEach(async () => {
it('should throw not authorized error', async () => { const trialExpiryDate = DateTime.now().plus({ days: 30 }).toISODate();
user = await createUser({ trialExpiryDate });
userToken = createAuthTokenByUserId(user.id);
});
describe('and with cloud flag disabled', () => {
beforeEach(async () => {
vi.spyOn(appConfig, 'isCloud', 'get').mockReturnValue(false);
});
it('should return null', async () => {
const response = await request(app) const response = await request(app)
.post('/graphql') .post('/graphql')
.set('Authorization', invalidToken) .set('Authorization', userToken)
.send({ query }) .send({ query })
.expect(200); .expect(200);
expect(response.body.errors).toBeDefined(); const expectedResponsePayload = {
expect(response.body.errors[0].message).toEqual('Not Authorised!'); data: { getTrialStatus: null },
};
expect(response.body).toEqual(expectedResponsePayload);
}); });
}); });
describe('with authenticated user', () => { describe('and with cloud flag enabled', () => {
let user, userToken;
beforeEach(async () => { beforeEach(async () => {
const trialExpiryDate = DateTime.now().plus({ days: 30 }).toISODate(); vi.spyOn(appConfig, 'isCloud', 'get').mockReturnValue(true);
user = await createUser({ trialExpiryDate });
userToken = createAuthTokenByUserId(user.id);
}); });
describe('and with cloud flag disabled', () => { describe('and not in trial and has active subscription', () => {
beforeEach(async () => { beforeEach(async () => {
vi.spyOn(appConfig, 'isCloud', 'get').mockReturnValue(false); vi.spyOn(User.prototype, 'inTrial').mockResolvedValue(false);
vi.spyOn(User.prototype, 'hasActiveSubscription').mockResolvedValue(
true
);
}); });
it('should return null', async () => { it('should return null', async () => {
@@ -61,56 +73,27 @@ describe('graphQL getTrialStatus query', () => {
}); });
}); });
describe('and with cloud flag enabled', () => { describe('and in trial period', () => {
beforeEach(async () => { beforeEach(async () => {
vi.spyOn(appConfig, 'isCloud', 'get').mockReturnValue(true); vi.spyOn(User.prototype, 'inTrial').mockResolvedValue(true);
}); });
describe('and not in trial and has active subscription', () => { it('should return null', async () => {
beforeEach(async () => { const response = await request(app)
vi.spyOn(User.prototype, 'inTrial').mockResolvedValue(false); .post('/graphql')
vi.spyOn(User.prototype, 'hasActiveSubscription').mockResolvedValue( .set('Authorization', userToken)
true .send({ query })
); .expect(200);
});
it('should return null', async () => { const expectedResponsePayload = {
const response = await request(app) data: {
.post('/graphql') getTrialStatus: {
.set('Authorization', userToken) expireAt: new Date(user.trialExpiryDate).getTime().toString(),
.send({ query })
.expect(200);
const expectedResponsePayload = {
data: { getTrialStatus: null },
};
expect(response.body).toEqual(expectedResponsePayload);
});
});
describe('and in trial period', () => {
beforeEach(async () => {
vi.spyOn(User.prototype, 'inTrial').mockResolvedValue(true);
});
it('should return null', async () => {
const response = await request(app)
.post('/graphql')
.set('Authorization', userToken)
.send({ query })
.expect(200);
const expectedResponsePayload = {
data: {
getTrialStatus: {
expireAt: new Date(user.trialExpiryDate).getTime().toString(),
},
}, },
}; },
};
expect(response.body).toEqual(expectedResponsePayload); expect(response.body).toEqual(expectedResponsePayload);
});
}); });
}); });
}); });

164
packages/backend/src/graphql/queries/get-user.test.js
View File

@@ -8,37 +8,12 @@ import { createPermission } from '../../../test/factories/permission';
import { createUser } from '../../../test/factories/user'; import { createUser } from '../../../test/factories/user';
describe('graphQL getUser query', () => { describe('graphQL getUser query', () => {
describe('with unauthenticated user', () => { describe('and without permissions', () => {
it('should throw not authorized error', async () => { it('should throw not authorized error', async () => {
const invalidUserId = '123123123'; const userWithoutPermissions = await createUser();
const anotherUser = await createUser();
const query = ` const query = `
query {
getUser(id: "${invalidUserId}") {
id
email
}
}
`;
const response = await request(app)
.post('/graphql')
.set('Authorization', 'invalid-token')
.send({ query })
.expect(200);
expect(response.body.errors).toBeDefined();
expect(response.body.errors[0].message).toEqual('Not Authorised!');
});
});
describe('with authenticated user', () => {
describe('and without permissions', () => {
it('should throw not authorized error', async () => {
const userWithoutPermissions = await createUser();
const anotherUser = await createUser();
const query = `
query { query {
getUser(id: "${anotherUser.id}") { getUser(id: "${anotherUser.id}") {
id id
@@ -47,50 +22,48 @@ describe('graphQL getUser query', () => {
} }
`; `;
const token = createAuthTokenByUserId(userWithoutPermissions.id); const token = createAuthTokenByUserId(userWithoutPermissions.id);
const response = await request(app) const response = await request(app)
.post('/graphql') .post('/graphql')
.set('Authorization', token) .set('Authorization', token)
.send({ query }) .send({ query })
.expect(200); .expect(200);
expect(response.body.errors).toBeDefined(); expect(response.body.errors).toBeDefined();
expect(response.body.errors[0].message).toEqual('Not authorized!'); expect(response.body.errors[0].message).toEqual('Not authorized!');
});
});
describe('and correct permissions', () => {
let role, currentUser, anotherUser, token, requestObject;
beforeEach(async () => {
role = await createRole({
key: 'sample',
name: 'sample',
}); });
await createPermission({
action: 'read',
subject: 'User',
roleId: role.id,
});
currentUser = await createUser({
roleId: role.id,
});
anotherUser = await createUser({
roleId: role.id,
});
token = createAuthTokenByUserId(currentUser.id);
requestObject = request(app).post('/graphql').set('Authorization', token);
}); });
describe('and correct permissions', () => { it('should return user data for a valid user id', async () => {
let role, currentUser, anotherUser, token, requestObject; const query = `
beforeEach(async () => {
role = await createRole({
key: 'sample',
name: 'sample',
});
await createPermission({
action: 'read',
subject: 'User',
roleId: role.id,
});
currentUser = await createUser({
roleId: role.id,
});
anotherUser = await createUser({
roleId: role.id,
});
token = createAuthTokenByUserId(currentUser.id);
requestObject = request(app)
.post('/graphql')
.set('Authorization', token);
});
it('should return user data for a valid user id', async () => {
const query = `
query { query {
getUser(id: "${anotherUser.id}") { getUser(id: "${anotherUser.id}") {
id id
@@ -107,26 +80,26 @@ describe('graphQL getUser query', () => {
} }
`; `;
const response = await requestObject.send({ query }).expect(200); const response = await requestObject.send({ query }).expect(200);
const expectedResponsePayload = { const expectedResponsePayload = {
data: { data: {
getUser: { getUser: {
createdAt: anotherUser.createdAt.getTime().toString(), createdAt: anotherUser.createdAt.getTime().toString(),
email: anotherUser.email, email: anotherUser.email,
fullName: anotherUser.fullName, fullName: anotherUser.fullName,
id: anotherUser.id, id: anotherUser.id,
role: { id: role.id, name: role.name }, role: { id: role.id, name: role.name },
updatedAt: anotherUser.updatedAt.getTime().toString(), updatedAt: anotherUser.updatedAt.getTime().toString(),
},
}, },
}; },
};
expect(response.body).toEqual(expectedResponsePayload); expect(response.body).toEqual(expectedResponsePayload);
}); });
it('should not return user password for a valid user id', async () => { it('should not return user password for a valid user id', async () => {
const query = ` const query = `
query { query {
getUser(id: "${anotherUser.id}") { getUser(id: "${anotherUser.id}") {
id id
@@ -136,18 +109,18 @@ describe('graphQL getUser query', () => {
} }
`; `;
const response = await requestObject.send({ query }).expect(400); const response = await requestObject.send({ query }).expect(400);
expect(response.body.errors).toBeDefined(); expect(response.body.errors).toBeDefined();
expect(response.body.errors[0].message).toEqual( expect(response.body.errors[0].message).toEqual(
'Cannot query field "password" on type "User".' 'Cannot query field "password" on type "User".'
); );
}); });
it('should return not found for invalid user id', async () => { it('should return not found for invalid user id', async () => {
const invalidUserId = Crypto.randomUUID(); const invalidUserId = Crypto.randomUUID();
const query = ` const query = `
query { query {
getUser(id: "${invalidUserId}") { getUser(id: "${invalidUserId}") {
id id
@@ -164,11 +137,10 @@ describe('graphQL getUser query', () => {
} }
`; `;
const response = await requestObject.send({ query }).expect(200); const response = await requestObject.send({ query }).expect(200);
expect(response.body.errors).toBeDefined(); expect(response.body.errors).toBeDefined();
expect(response.body.errors[0].message).toEqual('NotFoundError'); expect(response.body.errors[0].message).toEqual('NotFoundError');
});
}); });
}); });
}); });

161
packages/backend/src/graphql/queries/get-users.test.js
View File

@@ -30,111 +30,95 @@ describe('graphQL getUsers query', () => {
} }
`; `;
describe('with unauthenticated user', () => { describe('and without permissions', () => {
it('should throw not authorized error', async () => { it('should throw not authorized error', async () => {
const userWithoutPermissions = await createUser();
const token = createAuthTokenByUserId(userWithoutPermissions.id);
const response = await request(app) const response = await request(app)
.post('/graphql') .post('/graphql')
.set('Authorization', 'invalid-token') .set('Authorization', token)
.send({ query }) .send({ query })
.expect(200); .expect(200);
expect(response.body.errors).toBeDefined(); expect(response.body.errors).toBeDefined();
expect(response.body.errors[0].message).toEqual('Not Authorised!'); expect(response.body.errors[0].message).toEqual('Not authorized!');
}); });
}); });
describe('with authenticated user', () => { describe('and with correct permissions', () => {
describe('and without permissions', () => { let role, currentUser, anotherUser, token, requestObject;
it('should throw not authorized error', async () => {
const userWithoutPermissions = await createUser();
const token = createAuthTokenByUserId(userWithoutPermissions.id);
const response = await request(app) beforeEach(async () => {
.post('/graphql') role = await createRole({
.set('Authorization', token) key: 'sample',
.send({ query }) name: 'sample',
.expect(200);
expect(response.body.errors).toBeDefined();
expect(response.body.errors[0].message).toEqual('Not authorized!');
}); });
await createPermission({
action: 'read',
subject: 'User',
roleId: role.id,
});
currentUser = await createUser({
roleId: role.id,
fullName: 'Current User',
});
anotherUser = await createUser({
roleId: role.id,
fullName: 'Another User',
});
token = createAuthTokenByUserId(currentUser.id);
requestObject = request(app).post('/graphql').set('Authorization', token);
}); });
describe('and with correct permissions', () => { it('should return users data', async () => {
let role, currentUser, anotherUser, token, requestObject; const response = await requestObject.send({ query }).expect(200);
beforeEach(async () => { const expectedResponsePayload = {
role = await createRole({ data: {
key: 'sample', getUsers: {
name: 'sample', edges: [
}); {
node: {
await createPermission({ email: anotherUser.email,
action: 'read', fullName: anotherUser.fullName,
subject: 'User', id: anotherUser.id,
roleId: role.id, role: {
}); id: role.id,
name: role.name,
currentUser = await createUser({
roleId: role.id,
fullName: 'Current User',
});
anotherUser = await createUser({
roleId: role.id,
fullName: 'Another User',
});
token = createAuthTokenByUserId(currentUser.id);
requestObject = request(app)
.post('/graphql')
.set('Authorization', token);
});
it('should return users data', async () => {
const response = await requestObject.send({ query }).expect(200);
const expectedResponsePayload = {
data: {
getUsers: {
edges: [
{
node: {
email: anotherUser.email,
fullName: anotherUser.fullName,
id: anotherUser.id,
role: {
id: role.id,
name: role.name,
},
}, },
}, },
{
node: {
email: currentUser.email,
fullName: currentUser.fullName,
id: currentUser.id,
role: {
id: role.id,
name: role.name,
},
},
},
],
pageInfo: {
currentPage: 1,
totalPages: 1,
}, },
totalCount: 2, {
node: {
email: currentUser.email,
fullName: currentUser.fullName,
id: currentUser.id,
role: {
id: role.id,
name: role.name,
},
},
},
],
pageInfo: {
currentPage: 1,
totalPages: 1,
}, },
totalCount: 2,
}, },
}; },
};
expect(response.body).toEqual(expectedResponsePayload); expect(response.body).toEqual(expectedResponsePayload);
}); });
it('should not return users data with password', async () => { it('should not return users data with password', async () => {
const query = ` const query = `
query { query {
getUsers(limit: 10, offset: 0) { getUsers(limit: 10, offset: 0) {
pageInfo { pageInfo {
@@ -153,13 +137,12 @@ describe('graphQL getUsers query', () => {
} }
`; `;
const response = await requestObject.send({ query }).expect(400); const response = await requestObject.send({ query }).expect(400);
expect(response.body.errors).toBeDefined(); expect(response.body.errors).toBeDefined();
expect(response.body.errors[0].message).toEqual( expect(response.body.errors[0].message).toEqual(
'Cannot query field "password" on type "User".' 'Cannot query field "password" on type "User".'
); );
});
}); });
}); });
}); });