groot/automatisch
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: groot:aut-1374
Branches Tags
groot:main groot:AUT-1372 groot:aut-1375 groot:AUT-1379 groot:AUT-1376-new groot:AUT-1371 groot:AUT-1351 groot:aut-1374 groot:test-coverage-test groot:AUT-1281 groot:aut-1332 groot:dependabot/npm_and_yarn/http-proxy-middleware-2.0.7 groot:AUT-1324 groot:dependabot/npm_and_yarn/express-4.20.0 groot:dependabot/npm_and_yarn/rollup-2.79.2 groot:AUT-1252 groot:dependabot/npm_and_yarn/vite-3.2.11 groot:dependabot/npm_and_yarn/micromatch-4.0.8 groot:dependabot/npm_and_yarn/webpack-5.94.0 groot:dependabot/npm_and_yarn/axios-1.7.4 groot:aut-1180 groot:stringify-json-formatter groot:test-async-and-skippable-before-request groot:temp-branch groot:AUT-157-AUT-496 groot:AUT-1036 groot:AUT-1031 groot:AUT-1030 groot:AUT-1029 groot:AUT-1028 groot:AUT-1027 groot:AUT-1026 groot:AUT-1025 groot:AUT-1024 groot:AUT-1023 groot:AUT-1022 groot:AUT-1020 groot:AUT-1019 groot:AUT-1018 groot:AUT-1017 groot:AUT-1016 groot:AUT-1011 groot:ntfy-new-fields groot:AUT-1008 groot:AUT-1006 groot:AUT-1005 groot:AUT-1000 groot:AUT-999 groot:AUT-998 groot:AUT-997 groot:AUT-996 groot:AUT-995 groot:AUT-992 groot:AUT-991 groot:AUT-990 groot:AUT-989 groot:AUT-987 groot:AUT-986 groot:AUT-985 groot:AUT-659 groot:AUT-980 groot:AUT-961 groot:AUT-960 groot:AUT-979 groot:AUT-978 groot:changedetection groot:custom-deployment groot:AUT-972 groot:AUT-971 groot:AUT-970 groot:AUT-969 groot:fix-vtiger-url groot:AUT-964 groot:AUT-962 groot:AUT-959 groot:AUT-958 groot:AUT-957 groot:gitea groot:replace-with-regex groot:AUT-948 groot:AUT-947 groot:AUT-946 groot:AUT-938 groot:AUT-937 groot:AUT-934 groot:gmail-integration groot:decode-html-entities groot:hubspot-update-contact groot:AUT-804 groot:AUT-803 groot:AUT-802 groot:AUT-798 groot:AUT-797 groot:AUT-796 groot:AUT-794 groot:AUT-879 groot:AUT-754 groot:static-can-custom-connect groot:static-can-connect groot:AUT-860 groot:test-docs-changes groot:snackbar-over-chatbot groot:custom-seed-user-info groot:AUT-758 groot:AUT-757 groot:AUT-756 groot:helix-new-endpoint groot:AUT-755 groot:AUT-785 groot:hubspot-docs groot:AUT-786 groot:AUT-783 groot:AUT-770 groot:AUT-741 groot:AUT-740 groot:AUT-739 groot:AUT-738 groot:AUT-737 groot:AUT-736 groot:AUT-735 groot:AUT-734 groot:AUT-733 groot:AUT-731 groot:dependabot/npm_and_yarn/nodemailer-6.9.9 groot:AUT-660 groot:AUT-657 groot:d-x groot:AUT-499 groot:AUT-500 groot:AUT-501 groot:AUT-503 groot:AUT-497 groot:AUT-432 groot:deployment-test groot:bin-js groot:remove-typescript groot:js-in-ts groot:custom-ais groot:shared-connections groot:AUT-405 groot:AUT-331 groot:AUT-388 groot:AUT-387 groot:AUT-366 groot:executions-test groot:gh-actions-leak groot:formatter-utilities groot:migrate-flow-editor groot:update-saml-auth-provider groot:add-loading groot:new-or-updated-spreadsheet-rows groot:execution-filters groot:update groot:feature/error-details groot:debug/memory-leak groot:new-find-project-merge-requests-actions
groot:v0.14.0 groot:v0.13.1 groot:v0.13.0 groot:v0.12.0 groot:v0.11.0 groot:v0.10.0 groot:v0.9.3 groot:v0.9.2 groot:v0.9.1 groot:v0.9.0 groot:v0.8.0 groot:v0.7.1 groot:v0.7.0 groot:v0.6.1 groot:v0.6.0 groot:v0.5.0 groot:v0.4.0 groot:v0.3.0 groot:v0.2.0 groot:v0.1.5 groot:v0.1.4 groot:v0.1.3 groot:v0.1.2 groot:v0.1.1 groot:v0.1.0 groot:@automatisch/cli@0.1.0
..
compare: groot:test-coverage-test
Branches Tags
groot:main groot:AUT-1372 groot:aut-1375 groot:AUT-1379 groot:AUT-1376-new groot:AUT-1371 groot:AUT-1351 groot:aut-1374 groot:test-coverage-test groot:AUT-1281 groot:aut-1332 groot:dependabot/npm_and_yarn/http-proxy-middleware-2.0.7 groot:AUT-1324 groot:dependabot/npm_and_yarn/express-4.20.0 groot:dependabot/npm_and_yarn/rollup-2.79.2 groot:AUT-1252 groot:dependabot/npm_and_yarn/vite-3.2.11 groot:dependabot/npm_and_yarn/micromatch-4.0.8 groot:dependabot/npm_and_yarn/webpack-5.94.0 groot:dependabot/npm_and_yarn/axios-1.7.4 groot:aut-1180 groot:stringify-json-formatter groot:test-async-and-skippable-before-request groot:temp-branch groot:AUT-157-AUT-496 groot:AUT-1036 groot:AUT-1031 groot:AUT-1030 groot:AUT-1029 groot:AUT-1028 groot:AUT-1027 groot:AUT-1026 groot:AUT-1025 groot:AUT-1024 groot:AUT-1023 groot:AUT-1022 groot:AUT-1020 groot:AUT-1019 groot:AUT-1018 groot:AUT-1017 groot:AUT-1016 groot:AUT-1011 groot:ntfy-new-fields groot:AUT-1008 groot:AUT-1006 groot:AUT-1005 groot:AUT-1000 groot:AUT-999 groot:AUT-998 groot:AUT-997 groot:AUT-996 groot:AUT-995 groot:AUT-992 groot:AUT-991 groot:AUT-990 groot:AUT-989 groot:AUT-987 groot:AUT-986 groot:AUT-985 groot:AUT-659 groot:AUT-980 groot:AUT-961 groot:AUT-960 groot:AUT-979 groot:AUT-978 groot:changedetection groot:custom-deployment groot:AUT-972 groot:AUT-971 groot:AUT-970 groot:AUT-969 groot:fix-vtiger-url groot:AUT-964 groot:AUT-962 groot:AUT-959 groot:AUT-958 groot:AUT-957 groot:gitea groot:replace-with-regex groot:AUT-948 groot:AUT-947 groot:AUT-946 groot:AUT-938 groot:AUT-937 groot:AUT-934 groot:gmail-integration groot:decode-html-entities groot:hubspot-update-contact groot:AUT-804 groot:AUT-803 groot:AUT-802 groot:AUT-798 groot:AUT-797 groot:AUT-796 groot:AUT-794 groot:AUT-879 groot:AUT-754 groot:static-can-custom-connect groot:static-can-connect groot:AUT-860 groot:test-docs-changes groot:snackbar-over-chatbot groot:custom-seed-user-info groot:AUT-758 groot:AUT-757 groot:AUT-756 groot:helix-new-endpoint groot:AUT-755 groot:AUT-785 groot:hubspot-docs groot:AUT-786 groot:AUT-783 groot:AUT-770 groot:AUT-741 groot:AUT-740 groot:AUT-739 groot:AUT-738 groot:AUT-737 groot:AUT-736 groot:AUT-735 groot:AUT-734 groot:AUT-733 groot:AUT-731 groot:dependabot/npm_and_yarn/nodemailer-6.9.9 groot:AUT-660 groot:AUT-657 groot:d-x groot:AUT-499 groot:AUT-500 groot:AUT-501 groot:AUT-503 groot:AUT-497 groot:AUT-432 groot:deployment-test groot:bin-js groot:remove-typescript groot:js-in-ts groot:custom-ais groot:shared-connections groot:AUT-405 groot:AUT-331 groot:AUT-388 groot:AUT-387 groot:AUT-366 groot:executions-test groot:gh-actions-leak groot:formatter-utilities groot:migrate-flow-editor groot:update-saml-auth-provider groot:add-loading groot:new-or-updated-spreadsheet-rows groot:execution-filters groot:update groot:feature/error-details groot:debug/memory-leak groot:new-find-project-merge-requests-actions
groot:v0.14.0 groot:v0.13.1 groot:v0.13.0 groot:v0.12.0 groot:v0.11.0 groot:v0.10.0 groot:v0.9.3 groot:v0.9.2 groot:v0.9.1 groot:v0.9.0 groot:v0.8.0 groot:v0.7.1 groot:v0.7.0 groot:v0.6.1 groot:v0.6.0 groot:v0.5.0 groot:v0.4.0 groot:v0.3.0 groot:v0.2.0 groot:v0.1.5 groot:v0.1.4 groot:v0.1.3 groot:v0.1.2 groot:v0.1.1 groot:v0.1.0 groot:@automatisch/cli@0.1.0

1 Commits
aut-1374 ... test-cover

Author SHA1 Message Date
Ali BARIN
f36155f3a5 chore(coverage): add redundant code to test coverage threshold 2024-11-25 09:01:26 +00:00
31 changed files with 325 additions and 1347 deletions
Expand all files Collapse all files

13
.github/workflows/playwright.yml vendored
View File

@@ -3,13 +3,12 @@ on:
push:
branches:
- main
# TODO: Add pull request after optimizing the total excecution time of the test suite.
# pull_request:
# paths:
# - 'packages/backend/**'
# - 'packages/e2e-tests/**'
# - 'packages/web/**'
# - '!packages/backend/src/apps/**'
pull_request:
paths:
- 'packages/backend/**'
- 'packages/e2e-tests/**'
- 'packages/web/**'
- '!packages/backend/src/apps/**'
workflow_dispatch:
env:

2
packages/backend/src/config/redis.js
View File

@@ -13,7 +13,7 @@ if (appConfig.redisSentinelHost) {
{
host: appConfig.redisSentinelHost,
port: appConfig.redisSentinelPort,
},
}
];
redisConfig.sentinelUsername = appConfig.redisSentinelUsername;

2
packages/backend/src/controllers/api/v1/admin/saml-auth-providers/get-role-mappings.ee.js
View File

@@ -7,7 +7,7 @@ export default async (request, response) => {
.throwIfNotFound();
const roleMappings = await samlAuthProvider
.$relatedQuery('roleMappings')
.$relatedQuery('samlAuthProvidersRoleMappings')
.orderBy('remote_role_name', 'asc');
renderObject(response, roleMappings);

9
packages/backend/src/controllers/api/v1/admin/saml-auth-providers/update-role-mappings.ee.js
View File

@@ -8,14 +8,15 @@ export default async (request, response) => {
.findById(samlAuthProviderId)
.throwIfNotFound();
const roleMappings = await samlAuthProvider.updateRoleMappings(
roleMappingsParams(request)
const samlAuthProvidersRoleMappings =
await samlAuthProvider.updateRoleMappings(
samlAuthProvidersRoleMappingsParams(request)
);
renderObject(response, roleMappings);
renderObject(response, samlAuthProvidersRoleMappings);
};
const roleMappingsParams = (request) => {
const samlAuthProvidersRoleMappingsParams = (request) => {
const roleMappings = request.body;
return roleMappings.map(({ roleId, remoteRoleName }) => ({

38
packages/backend/src/controllers/api/v1/admin/saml-auth-providers/update-role-mappings.ee.test.js
View File

@@ -6,7 +6,7 @@ import createAuthTokenByUserId from '../../../../../helpers/create-auth-token-by
import { createRole } from '../../../../../../test/factories/role.js';
import { createUser } from '../../../../../../test/factories/user.js';
import { createSamlAuthProvider } from '../../../../../../test/factories/saml-auth-provider.ee.js';
import { createRoleMapping } from '../../../../../../test/factories/role-mapping.js';
import { createSamlAuthProvidersRoleMapping } from '../../../../../../test/factories/saml-auth-providers-role-mapping.js';
import createRoleMappingsMock from '../../../../../../test/mocks/rest/api/v1/admin/saml-auth-providers/update-role-mappings.ee.js';
import * as license from '../../../../../helpers/license.ee.js';
@@ -21,12 +21,12 @@ describe('PATCH /api/v1/admin/saml-auth-providers/:samlAuthProviderId/role-mappi
samlAuthProvider = await createSamlAuthProvider();
await createRoleMapping({
await createSamlAuthProvidersRoleMapping({
samlAuthProviderId: samlAuthProvider.id,
remoteRoleName: 'Viewer',
});
await createRoleMapping({
await createSamlAuthProvidersRoleMapping({
samlAuthProviderId: samlAuthProvider.id,
remoteRoleName: 'Editor',
});
@@ -64,7 +64,7 @@ describe('PATCH /api/v1/admin/saml-auth-providers/:samlAuthProviderId/role-mappi
it('should delete role mappings when given empty role mappings', async () => {
const existingRoleMappings = await samlAuthProvider.$relatedQuery(
'roleMappings'
'samlAuthProvidersRoleMappings'
);
expect(existingRoleMappings.length).toBe(2);
@@ -149,4 +149,34 @@ describe('PATCH /api/v1/admin/saml-auth-providers/:samlAuthProviderId/role-mappi
.send(roleMappings)
.expect(404);
});
it('should not delete existing role mapping when error thrown', async () => {
const roleMappings = [
{
roleId: userRole.id,
remoteRoleName: {
invalid: 'data',
},
},
];
const roleMappingsBeforeRequest = await samlAuthProvider.$relatedQuery(
'samlAuthProvidersRoleMappings'
);
await request(app)
.patch(
`/api/v1/admin/saml-auth-providers/${samlAuthProvider.id}/role-mappings`
)
.set('Authorization', token)
.send(roleMappings)
.expect(422);
const roleMappingsAfterRequest = await samlAuthProvider.$relatedQuery(
'samlAuthProvidersRoleMappings'
);
expect(roleMappingsBeforeRequest).toStrictEqual(roleMappingsAfterRequest);
expect(roleMappingsAfterRequest.length).toBe(2);
});
});

52
packages/backend/src/db/migrations/20241125141647_rename_saml_auth_providers_role_mappings_as_role_mappings.js
View File

@@ -1,52 +0,0 @@
export async function up(knex) {
await knex.schema.createTable('role_mappings', (table) => {
table.uuid('id').primary().defaultTo(knex.raw('gen_random_uuid()'));
table
.uuid('saml_auth_provider_id')
.references('id')
.inTable('saml_auth_providers');
table.uuid('role_id').references('id').inTable('roles');
table.string('remote_role_name').notNullable();
table.unique(['saml_auth_provider_id', 'remote_role_name']);
table.timestamps(true, true);
});
const existingRoleMappings = await knex('saml_auth_providers_role_mappings');
if (existingRoleMappings.length) {
await knex('role_mappings').insert(existingRoleMappings);
}
return await knex.schema.dropTable('saml_auth_providers_role_mappings');
}
export async function down(knex) {
await knex.schema.createTable(
'saml_auth_providers_role_mappings',
(table) => {
table.uuid('id').primary().defaultTo(knex.raw('gen_random_uuid()'));
table
.uuid('saml_auth_provider_id')
.references('id')
.inTable('saml_auth_providers');
table.uuid('role_id').references('id').inTable('roles');
table.string('remote_role_name').notNullable();
table.unique(['saml_auth_provider_id', 'remote_role_name']);
table.timestamps(true, true);
}
);
const existingRoleMappings = await knex('role_mappings');
if (existingRoleMappings.length) {
await knex('saml_auth_providers_role_mappings').insert(
existingRoleMappings
);
}
return await knex.schema.dropTable('role_mappings');
}

2
packages/backend/src/helpers/create-bull-board-handler.js
View File

@@ -12,7 +12,7 @@ import appConfig from '../config/app.js';
const serverAdapter = new ExpressAdapter();
const queues = [
new BullMQAdapter(flowQueue.queue),
new BullMQAdapter(flowQueue),
new BullMQAdapter(triggerQueue),
new BullMQAdapter(actionQueue),
new BullMQAdapter(emailQueue),

2
packages/backend/src/helpers/find-or-create-user-by-saml-identity.ee.js
View File

@@ -30,7 +30,7 @@ const findOrCreateUserBySamlIdentity = async (
: [mappedUser.role];
const samlAuthProviderRoleMapping = await samlAuthProvider
.$relatedQuery('roleMappings')
.$relatedQuery('samlAuthProvidersRoleMappings')
.whereIn('remote_role_name', mappedRoles)
.limit(1)
.first();

46
packages/backend/src/helpers/user-ability.test.js
View File

@@ -1,46 +0,0 @@
import { describe, expect, it } from 'vitest';
import userAbility from './user-ability.js';
describe('userAbility', () => {
it('should return PureAbility instantiated with user permissions', () => {
const user = {
permissions: [
{
subject: 'Flow',
action: 'read',
conditions: ['isCreator'],
},
],
role: {
name: 'User',
},
};
const ability = userAbility(user);
expect(ability.rules).toStrictEqual(user.permissions);
});
it('should return permission-less PureAbility for user with no role', () => {
const user = {
permissions: [
{
subject: 'Flow',
action: 'read',
conditions: ['isCreator'],
},
],
role: null,
};
const ability = userAbility(user);
expect(ability.rules).toStrictEqual([]);
});
it('should return permission-less PureAbility for user with no permissions', () => {
const user = { permissions: null, role: { name: 'User' } };
const ability = userAbility(user);
expect(ability.rules).toStrictEqual([]);
});
});

30
packages/backend/src/models/__snapshots__/role-mapping.ee.test.js.snap
View File

@@ -1,30 +0,0 @@
// Vitest Snapshot v1, https://vitest.dev/guide/snapshot.html
exports[`RoleMapping model > jsonSchema should have the correct schema 1`] = `
{
"properties": {
"id": {
"format": "uuid",
"type": "string",
},
"remoteRoleName": {
"minLength": 1,
"type": "string",
},
"roleId": {
"format": "uuid",
"type": "string",
},
"samlAuthProviderId": {
"format": "uuid",
"type": "string",
},
},
"required": [
"samlAuthProviderId",
"roleId",
"remoteRoleName",
],
"type": "object",
}
`;

2
packages/backend/src/models/__snapshots__/saml-auth-providers-role-mapping.ee.test.js.snap
View File

@@ -1,6 +1,6 @@
// Vitest Snapshot v1, https://vitest.dev/guide/snapshot.html
exports[`RoleMapping model > jsonSchema should have the correct schema 1`] = `
exports[`SamlAuthProvidersRoleMapping model > jsonSchema should have the correct schema 1`] = `
{
"properties": {
"id": {

5
packages/backend/src/models/flow.js
View File

@@ -386,7 +386,10 @@ class Flow extends Base {
}
);
} else {
await flowQueue.removeRepeatableJobById(this.id);
const repeatableJobs = await flowQueue.getRepeatableJobs();
const job = repeatableJobs.find((job) => job.id === this.id);
await flowQueue.removeRepeatableByKey(job.key);
}
}

29
packages/backend/src/models/saml-auth-provider.ee.js
View File

@@ -5,7 +5,7 @@ import appConfig from '../config/app.js';
import axios from '../helpers/axios-with-proxy.js';
import Base from './base.js';
import Identity from './identity.ee.js';
import RoleMapping from './role-mapping.ee.js';
import SamlAuthProvidersRoleMapping from './saml-auth-providers-role-mapping.ee.js';
class SamlAuthProvider extends Base {
static tableName = 'saml_auth_providers';
@@ -53,12 +53,12 @@ class SamlAuthProvider extends Base {
to: 'saml_auth_providers.id',
},
},
roleMappings: {
samlAuthProvidersRoleMappings: {
relation: Base.HasManyRelation,
modelClass: RoleMapping,
modelClass: SamlAuthProvidersRoleMapping,
join: {
from: 'saml_auth_providers.id',
to: 'role_mappings.saml_auth_provider_id',
to: 'saml_auth_providers_role_mappings.saml_auth_provider_id',
},
},
});
@@ -133,22 +133,27 @@ class SamlAuthProvider extends Base {
}
async updateRoleMappings(roleMappings) {
await this.$relatedQuery('roleMappings').delete();
return await SamlAuthProvider.transaction(async (trx) => {
await this.$relatedQuery('samlAuthProvidersRoleMappings', trx).delete();
if (isEmpty(roleMappings)) {
return [];
}
const roleMappingsData = roleMappings.map((roleMapping) => ({
...roleMapping,
const samlAuthProvidersRoleMappingsData = roleMappings.map(
(samlAuthProvidersRoleMapping) => ({
...samlAuthProvidersRoleMapping,
samlAuthProviderId: this.id,
}));
const newRoleMappings = await RoleMapping.query().insertAndFetch(
roleMappingsData
})
);
return newRoleMappings;
const samlAuthProvidersRoleMappings =
await SamlAuthProvidersRoleMapping.query(trx).insertAndFetch(
samlAuthProvidersRoleMappingsData
);
return samlAuthProvidersRoleMappings;
});
}
}

157
packages/backend/src/models/saml-auth-provider.ee.test.js
View File

@@ -1,14 +1,9 @@
import { vi, beforeEach, describe, it, expect } from 'vitest';
import { v4 as uuidv4 } from 'uuid';
import { vi, describe, it, expect } from 'vitest';
import SamlAuthProvider from '../models/saml-auth-provider.ee';
import RoleMapping from '../models/role-mapping.ee';
import axios from '../helpers/axios-with-proxy.js';
import SamlAuthProvidersRoleMapping from '../models/saml-auth-providers-role-mapping.ee';
import Identity from './identity.ee';
import Base from './base';
import appConfig from '../config/app';
import { createSamlAuthProvider } from '../../test/factories/saml-auth-provider.ee.js';
import { createRoleMapping } from '../../test/factories/role-mapping.js';
import { createRole } from '../../test/factories/role.js';
describe('SamlAuthProvider model', () => {
it('tableName should return correct name', () => {
@@ -31,12 +26,12 @@ describe('SamlAuthProvider model', () => {
to: 'saml_auth_providers.id',
},
},
roleMappings: {
samlAuthProvidersRoleMappings: {
relation: Base.HasManyRelation,
modelClass: RoleMapping,
modelClass: SamlAuthProvidersRoleMapping,
join: {
from: 'saml_auth_providers.id',
to: 'role_mappings.saml_auth_provider_id',
to: 'saml_auth_providers_role_mappings.saml_auth_provider_id',
},
},
};
@@ -86,146 +81,4 @@ describe('SamlAuthProvider model', () => {
'https://example.com/saml/logout'
);
});
it('config should return the correct configuration object', () => {
const samlAuthProvider = new SamlAuthProvider();
samlAuthProvider.certificate = 'sample-certificate';
samlAuthProvider.signatureAlgorithm = 'sha256';
samlAuthProvider.entryPoint = 'https://example.com/saml';
samlAuthProvider.issuer = 'sample-issuer';
vi.spyOn(appConfig, 'baseUrl', 'get').mockReturnValue(
'https://automatisch.io'
);
const expectedConfig = {
callbackUrl: 'https://automatisch.io/login/saml/sample-issuer/callback',
cert: 'sample-certificate',
entryPoint: 'https://example.com/saml',
issuer: 'sample-issuer',
signatureAlgorithm: 'sha256',
logoutUrl: 'https://example.com/saml',
};
expect(samlAuthProvider.config).toStrictEqual(expectedConfig);
});
it('generateLogoutRequestBody should return a correctly encoded SAML logout request', () => {
vi.mock('uuid', () => ({
v4: vi.fn(),
}));
const samlAuthProvider = new SamlAuthProvider();
samlAuthProvider.entryPoint = 'https://example.com/saml';
samlAuthProvider.issuer = 'sample-issuer';
const mockUuid = '123e4567-e89b-12d3-a456-426614174000';
uuidv4.mockReturnValue(mockUuid);
const sessionId = 'test-session-id';
const logoutRequest = samlAuthProvider.generateLogoutRequestBody(sessionId);
const expectedLogoutRequest = `
<samlp:LogoutRequest
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
ID="${mockUuid}"
Version="2.0"
IssueInstant="${new Date().toISOString()}"
Destination="https://example.com/saml">
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">sample-issuer</saml:Issuer>
<samlp:SessionIndex>test-session-id</samlp:SessionIndex>
</samlp:LogoutRequest>
`;
const expectedEncodedRequest = Buffer.from(expectedLogoutRequest).toString(
'base64'
);
expect(logoutRequest).toBe(expectedEncodedRequest);
});
it('terminateRemoteSession should send the correct POST request and return the response', async () => {
vi.mock('../helpers/axios-with-proxy.js', () => ({
default: {
post: vi.fn(),
},
}));
const samlAuthProvider = new SamlAuthProvider();
samlAuthProvider.entryPoint = 'https://example.com/saml';
samlAuthProvider.generateLogoutRequestBody = vi
.fn()
.mockReturnValue('mockEncodedLogoutRequest');
const sessionId = 'test-session-id';
const mockResponse = { data: 'Logout Successful' };
axios.post.mockResolvedValue(mockResponse);
const response = await samlAuthProvider.terminateRemoteSession(sessionId);
expect(samlAuthProvider.generateLogoutRequestBody).toHaveBeenCalledWith(
sessionId
);
expect(axios.post).toHaveBeenCalledWith(
'https://example.com/saml',
'SAMLRequest=mockEncodedLogoutRequest',
{
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
},
}
);
expect(response).toBe(mockResponse);
});
describe('updateRoleMappings', () => {
let samlAuthProvider;
beforeEach(async () => {
samlAuthProvider = await createSamlAuthProvider();
});
it('should remove all existing role mappings', async () => {
await createRoleMapping({
samlAuthProviderId: samlAuthProvider.id,
remoteRoleName: 'Admin',
});
await createRoleMapping({
samlAuthProviderId: samlAuthProvider.id,
remoteRoleName: 'User',
});
await samlAuthProvider.updateRoleMappings([]);
const roleMappings = await samlAuthProvider.$relatedQuery('roleMappings');
expect(roleMappings).toStrictEqual([]);
});
it('should return the updated role mappings when new ones are provided', async () => {
const adminRole = await createRole({ name: 'Admin' });
const userRole = await createRole({ name: 'User' });
const newRoleMappings = [
{ remoteRoleName: 'Admin', roleId: adminRole.id },
{ remoteRoleName: 'User', roleId: userRole.id },
];
const result = await samlAuthProvider.updateRoleMappings(newRoleMappings);
const refetchedRoleMappings = await samlAuthProvider.$relatedQuery(
'roleMappings'
);
expect(result).toStrictEqual(refetchedRoleMappings);
});
});
});

8
packages/backend/src/models/role-mapping.ee.js → packages/backend/src/models/saml-auth-providers-role-mapping.ee.js
View File

@@ -1,8 +1,8 @@
import Base from './base.js';
import SamlAuthProvider from './saml-auth-provider.ee.js';
class RoleMapping extends Base {
static tableName = 'role_mappings';
class SamlAuthProvidersRoleMapping extends Base {
static tableName = 'saml_auth_providers_role_mappings';
static jsonSchema = {
type: 'object',
@@ -21,11 +21,11 @@ class RoleMapping extends Base {
relation: Base.BelongsToOneRelation,
modelClass: SamlAuthProvider,
join: {
from: 'role_mappings.saml_auth_provider_id',
from: 'saml_auth_providers_role_mappings.saml_auth_provider_id',
to: 'saml_auth_providers.id',
},
},
});
}
export default RoleMapping;
export default SamlAuthProvidersRoleMapping;

14
packages/backend/src/models/role-mapping.ee.test.js → packages/backend/src/models/saml-auth-providers-role-mapping.ee.test.js
View File

@@ -1,26 +1,28 @@
import { describe, it, expect } from 'vitest';
import RoleMapping from './role-mapping.ee';
import SamlAuthProvidersRoleMapping from '../models/saml-auth-providers-role-mapping.ee';
import SamlAuthProvider from './saml-auth-provider.ee';
import Base from './base';
describe('RoleMapping model', () => {
describe('SamlAuthProvidersRoleMapping model', () => {
it('tableName should return correct name', () => {
expect(RoleMapping.tableName).toBe('role_mappings');
expect(SamlAuthProvidersRoleMapping.tableName).toBe(
'saml_auth_providers_role_mappings'
);
});
it('jsonSchema should have the correct schema', () => {
expect(RoleMapping.jsonSchema).toMatchSnapshot();
expect(SamlAuthProvidersRoleMapping.jsonSchema).toMatchSnapshot();
});
it('relationMappings should return correct associations', () => {
const relationMappings = RoleMapping.relationMappings();
const relationMappings = SamlAuthProvidersRoleMapping.relationMappings();
const expectedRelations = {
samlAuthProvider: {
relation: Base.BelongsToOneRelation,
modelClass: SamlAuthProvider,
join: {
from: 'role_mappings.saml_auth_provider_id',
from: 'saml_auth_providers_role_mappings.saml_auth_provider_id',
to: 'saml_auth_providers.id',
},
},

144
packages/backend/src/models/user.js
View File

@@ -212,10 +212,6 @@ class User extends Base {
return `${appConfig.webAppUrl}/accept-invitation?token=${this.invitationToken}`;
}
get ability() {
return userAbility(this);
}
static async authenticate(email, password) {
const user = await User.query().findOne({
email: email?.toLowerCase() || null,
@@ -305,8 +301,14 @@ class User extends Base {
active: true,
});
const repeatableJobs = await flowQueue.getRepeatableJobs();
for (const flow of flows) {
await flowQueue.removeRepeatableJobById(flow.id);
const job = repeatableJobs.find((job) => job.id === flow.id);
if (job) {
await flowQueue.removeRepeatableByKey(job.key);
}
}
const executionIds = (
@@ -364,6 +366,18 @@ class User extends Base {
return now.getTime() - sentAt.getTime() < fourHoursInMilliseconds;
}
toTestTestCoverage() {
if (!this.resetPasswordTokenSentAt) {
return false;
}
const sentAt = new Date(this.resetPasswordTokenSentAt);
const now = new Date();
const fourHoursInMilliseconds = 1000 * 60 * 60 * 4;
return now.getTime() - sentAt.getTime() < fourHoursInMilliseconds;
}
async sendInvitationEmail() {
await this.generateInvitationToken();
@@ -581,6 +595,62 @@ class User extends Base {
return user;
}
async $beforeInsert(queryContext) {
await super.$beforeInsert(queryContext);
this.email = this.email.toLowerCase();
await this.generateHash();
if (appConfig.isCloud) {
this.startTrialPeriod();
}
}
async $beforeUpdate(opt, queryContext) {
await super.$beforeUpdate(opt, queryContext);
if (this.email) {
this.email = this.email.toLowerCase();
}
await this.generateHash();
}
async $afterInsert(queryContext) {
await super.$afterInsert(queryContext);
if (appConfig.isCloud) {
await this.$relatedQuery('usageData').insert({
userId: this.id,
consumedTaskCount: 0,
nextResetAt: DateTime.now().plus({ days: 30 }).toISODate(),
});
}
}
async $afterFind() {
if (await hasValidLicense()) return this;
if (Array.isArray(this.permissions)) {
this.permissions = this.permissions.filter((permission) => {
const restrictedSubjects = [
'App',
'Role',
'SamlAuthProvider',
'Config',
];
return !restrictedSubjects.includes(permission.subject);
});
}
return this;
}
get ability() {
return userAbility(this);
}
can(action, subject) {
const can = this.ability.can(action, subject);
@@ -596,68 +666,12 @@ class User extends Base {
return conditionMap;
}
lowercaseEmail() {
if (this.email) {
this.email = this.email.toLowerCase();
}
}
cannot(action, subject) {
const cannot = this.ability.cannot(action, subject);
async createUsageData() {
if (appConfig.isCloud) {
return await this.$relatedQuery('usageData').insertAndFetch({
userId: this.id,
consumedTaskCount: 0,
nextResetAt: DateTime.now().plus({ days: 30 }).toISODate(),
});
}
}
if (cannot) throw new NotAuthorizedError();
async omitEnterprisePermissionsWithoutValidLicense() {
if (await hasValidLicense()) {
return this;
}
if (Array.isArray(this.permissions)) {
this.permissions = this.permissions.filter((permission) => {
const restrictedSubjects = [
'App',
'Role',
'SamlAuthProvider',
'Config',
];
return !restrictedSubjects.includes(permission.subject);
});
}
}
async $beforeInsert(queryContext) {
await super.$beforeInsert(queryContext);
this.lowercaseEmail();
await this.generateHash();
if (appConfig.isCloud) {
this.startTrialPeriod();
}
}
async $beforeUpdate(opt, queryContext) {
await super.$beforeUpdate(opt, queryContext);
this.lowercaseEmail();
await this.generateHash();
}
async $afterInsert(queryContext) {
await super.$afterInsert(queryContext);
await this.createUsageData();
}
async $afterFind() {
await this.omitEnterprisePermissionsWithoutValidLicense();
return cannot;
}
}

771
packages/backend/src/models/user.test.js
View File

@@ -1,10 +1,8 @@
import { describe, it, expect, vi } from 'vitest';
import { DateTime, Duration } from 'luxon';
import appConfig from '../config/app.js';
import * as licenseModule from '../helpers/license.ee.js';
import Base from './base.js';
import AccessToken from './access-token.js';
import Config from './config.js';
import Connection from './connection.js';
import Execution from './execution.js';
import Flow from './flow.js';
@@ -21,7 +19,6 @@ import {
REMOVE_AFTER_30_DAYS_OR_150_JOBS,
REMOVE_AFTER_7_DAYS_OR_50_JOBS,
} from '../helpers/remove-job-configuration.js';
import * as userAbilityModule from '../helpers/user-ability.js';
import { createUser } from '../../test/factories/user.js';
import { createConnection } from '../../test/factories/connection.js';
import { createRole } from '../../test/factories/role.js';
@@ -29,9 +26,6 @@ import { createPermission } from '../../test/factories/permission.js';
import { createFlow } from '../../test/factories/flow.js';
import { createStep } from '../../test/factories/step.js';
import { createExecution } from '../../test/factories/execution.js';
import { createSubscription } from '../../test/factories/subscription.js';
import { createUsageData } from '../../test/factories/usage-data.js';
import Billing from '../helpers/billing/index.ee.js';
describe('User model', () => {
it('tableName should return correct name', () => {
@@ -207,6 +201,64 @@ describe('User model', () => {
expect(virtualAttributes).toStrictEqual(expectedAttributes);
});
it('acceptInvitationUrl should return accept invitation page URL with invitation token', async () => {
const user = new User();
user.invitationToken = 'invitation-token';
vi.spyOn(appConfig, 'webAppUrl', 'get').mockReturnValue(
'https://automatisch.io'
);
expect(user.acceptInvitationUrl).toBe(
'https://automatisch.io/accept-invitation?token=invitation-token'
);
});
describe('authenticate', () => {
it('should create and return the token for correct email and password', async () => {
const user = await createUser({
email: 'test-user@automatisch.io',
password: 'sample-password',
});
const token = await User.authenticate(
'test-user@automatisch.io',
'sample-password'
);
const persistedToken = await AccessToken.query().findOne({
userId: user.id,
});
expect(token).toBe(persistedToken.token);
});
it('should return undefined for existing email and incorrect password', async () => {
await createUser({
email: 'test-user@automatisch.io',
password: 'sample-password',
});
const token = await User.authenticate(
'test-user@automatisch.io',
'wrong-password'
);
expect(token).toBe(undefined);
});
it('should return undefined for non-existing email', async () => {
await createUser({
email: 'test-user@automatisch.io',
password: 'sample-password',
});
const token = await User.authenticate('non-existing-user@automatisch.io');
expect(token).toBe(undefined);
});
});
describe('authorizedFlows', () => {
it('should return user flows with isCreator condition', async () => {
const userRole = await createRole({ name: 'User' });
@@ -449,76 +501,6 @@ describe('User model', () => {
});
});
it('acceptInvitationUrl should return accept invitation page URL with invitation token', async () => {
const user = new User();
user.invitationToken = 'invitation-token';
vi.spyOn(appConfig, 'webAppUrl', 'get').mockReturnValue(
'https://automatisch.io'
);
expect(user.acceptInvitationUrl).toBe(
'https://automatisch.io/accept-invitation?token=invitation-token'
);
});
it('ability should return userAbility for the user', () => {
const user = new User();
user.fullName = 'Sample user';
const userAbilitySpy = vi
.spyOn(userAbilityModule, 'default')
.mockReturnValue('user-ability');
expect(user.ability).toStrictEqual('user-ability');
expect(userAbilitySpy).toHaveBeenNthCalledWith(1, user);
});
describe('authenticate', () => {
it('should create and return the token for correct email and password', async () => {
const user = await createUser({
email: 'test-user@automatisch.io',
password: 'sample-password',
});
const token = await User.authenticate(
'test-user@automatisch.io',
'sample-password'
);
const persistedToken = await AccessToken.query().findOne({
userId: user.id,
});
expect(token).toBe(persistedToken.token);
});
it('should return undefined for existing email and incorrect password', async () => {
await createUser({
email: 'test-user@automatisch.io',
password: 'sample-password',
});
const token = await User.authenticate(
'test-user@automatisch.io',
'wrong-password'
);
expect(token).toBe(undefined);
});
it('should return undefined for non-existing email', async () => {
await createUser({
email: 'test-user@automatisch.io',
password: 'sample-password',
});
const token = await User.authenticate('non-existing-user@automatisch.io');
expect(token).toBe(undefined);
});
});
describe('login', () => {
it('should return true when the given password matches with the user password', async () => {
const user = await createUser({ password: 'sample-password' });
@@ -893,641 +875,4 @@ describe('User model', () => {
vi.useRealTimers();
});
describe('isAllowedToRunFlows', () => {
it('should return true when Automatisch is self hosted', async () => {
const user = new User();
vi.spyOn(appConfig, 'isSelfHosted', 'get').mockReturnValue(true);
expect(await user.isAllowedToRunFlows()).toBe(true);
});
it('should return true when the user is in trial', async () => {
const user = new User();
vi.spyOn(user, 'inTrial').mockResolvedValue(true);
expect(await user.isAllowedToRunFlows()).toBe(true);
});
it('should return true when the user has active subscription and within quota limits', async () => {
const user = new User();
vi.spyOn(user, 'hasActiveSubscription').mockResolvedValue(true);
vi.spyOn(user, 'withinLimits').mockResolvedValue(true);
expect(await user.isAllowedToRunFlows()).toBe(true);
});
it('should return false when the user has active subscription over quota limits', async () => {
const user = new User();
vi.spyOn(user, 'hasActiveSubscription').mockResolvedValue(true);
vi.spyOn(user, 'withinLimits').mockResolvedValue(false);
expect(await user.isAllowedToRunFlows()).toBe(false);
});
it('should return false otherwise', async () => {
const user = new User();
expect(await user.isAllowedToRunFlows()).toBe(false);
});
});
describe('inTrial', () => {
it('should return false when Automatisch is self hosted', async () => {
const user = new User();
vi.spyOn(appConfig, 'isSelfHosted', 'get').mockReturnValue(true);
expect(await user.inTrial()).toBe(false);
});
it('should return false when the user does not have trial expiry date', async () => {
const user = new User();
vi.spyOn(appConfig, 'isSelfHosted', 'get').mockReturnValue(false);
expect(await user.inTrial()).toBe(false);
});
it('should return false when the user has an active subscription', async () => {
const user = new User();
user.trialExpiryDate = '2024-12-14';
vi.spyOn(appConfig, 'isSelfHosted', 'get').mockReturnValue(false);
const hasActiveSubscriptionSpy = vi
.spyOn(user, 'hasActiveSubscription')
.mockResolvedValue(true);
expect(await user.inTrial()).toBe(false);
expect(hasActiveSubscriptionSpy).toHaveBeenCalledOnce();
});
it('should return true when trial expiry date is in future', async () => {
vi.useFakeTimers();
const date = DateTime.fromObject(
{ year: 2024, month: 11, day: 12, hour: 17, minute: 30 },
{ zone: 'UTC+0' }
);
vi.setSystemTime(date);
const user = await createUser();
await user.startTrialPeriod();
const refetchedUser = await user.$query();
vi.spyOn(appConfig, 'isSelfHosted', 'get').mockReturnValue(false);
vi.spyOn(refetchedUser, 'hasActiveSubscription').mockResolvedValue(false);
expect(await refetchedUser.inTrial()).toBe(true);
vi.useRealTimers();
});
it('should return false when trial expiry date is in past', async () => {
vi.useFakeTimers();
const user = await createUser();
const presentDate = DateTime.fromObject(
{ year: 2024, month: 11, day: 17, hour: 11, minute: 30 },
{ zone: 'UTC+0' }
);
vi.setSystemTime(presentDate);
await user.startTrialPeriod();
const futureDate = DateTime.fromObject(
{ year: 2025, month: 1, day: 1 },
{ zone: 'UTC+0' }
);
vi.setSystemTime(futureDate);
const refetchedUser = await user.$query();
vi.spyOn(appConfig, 'isSelfHosted', 'get').mockReturnValue(false);
vi.spyOn(refetchedUser, 'hasActiveSubscription').mockResolvedValue(false);
expect(await refetchedUser.inTrial()).toBe(false);
vi.useRealTimers();
});
});
describe('hasActiveSubscription', () => {
it('should return true if current subscription is valid', async () => {
const user = await createUser();
await createSubscription({ userId: user.id, status: 'active' });
expect(await user.hasActiveSubscription()).toBe(true);
});
it('should return false if current subscription is not valid', async () => {
const user = await createUser();
await createSubscription({
userId: user.id,
status: 'deleted',
cancellationEffectiveDate: DateTime.now().minus({ day: 1 }).toString(),
});
expect(await user.hasActiveSubscription()).toBe(false);
});
it('should return false if Automatisch is not a cloud installation', async () => {
const user = new User();
vi.spyOn(appConfig, 'isCloud', 'get').mockReturnValue(false);
expect(await user.hasActiveSubscription()).toBe(false);
});
});
describe('withinLimits', () => {
it('should return true when the consumed task count is less than the quota', async () => {
const user = await createUser();
const subscription = await createSubscription({ userId: user.id });
await createUsageData({
subscriptionId: subscription.id,
userId: user.id,
consumedTaskCount: 100,
});
expect(await user.withinLimits()).toBe(true);
});
it('should return true when the consumed task count is less than the quota', async () => {
const user = await createUser();
const subscription = await createSubscription({ userId: user.id });
await createUsageData({
subscriptionId: subscription.id,
userId: user.id,
consumedTaskCount: 10000,
});
expect(await user.withinLimits()).toBe(false);
});
});
describe('getPlanAndUsage', () => {
it('should return plan and usage', async () => {
const user = await createUser();
const subscription = await createSubscription({ userId: user.id });
expect(await user.getPlanAndUsage()).toStrictEqual({
usage: {
task: 0,
},
plan: {
id: subscription.paddlePlanId,
name: '10k - monthly',
limit: '10,000',
},
});
});
it('should return trial plan and usage if no subscription exists', async () => {
const user = await createUser();
expect(await user.getPlanAndUsage()).toStrictEqual({
usage: {
task: 0,
},
plan: {
id: null,
name: 'Free Trial',
limit: null,
},
});
});
it('should throw not found when the current usage data does not exist', async () => {
vi.spyOn(appConfig, 'isCloud', 'get').mockReturnValue(false);
const user = await createUser();
expect(() => user.getPlanAndUsage()).rejects.toThrow('NotFoundError');
});
});
describe('getInvoices', () => {
it('should return invoices for the current subscription', async () => {
const user = await createUser();
const subscription = await createSubscription({ userId: user.id });
const getInvoicesSpy = vi
.spyOn(Billing.paddleClient, 'getInvoices')
.mockResolvedValue('dummy-invoices');
expect(await user.getInvoices()).toBe('dummy-invoices');
expect(getInvoicesSpy).toHaveBeenCalledWith(
Number(subscription.paddleSubscriptionId)
);
});
it('should return empty array without any subscriptions', async () => {
const user = await createUser();
expect(await user.getInvoices()).toStrictEqual([]);
});
});
it.todo('getApps');
it('createAdmin should create admin with given data and mark the installation completed', async () => {
const adminRole = await createRole({ name: 'Admin' });
const markInstallationCompletedSpy = vi
.spyOn(Config, 'markInstallationCompleted')
.mockResolvedValue();
const adminUser = await User.createAdmin({
fullName: 'Sample admin',
email: 'admin@automatisch.io',
password: 'sample',
});
expect(adminUser).toMatchObject({
fullName: 'Sample admin',
email: 'admin@automatisch.io',
roleId: adminRole.id,
});
expect(markInstallationCompletedSpy).toHaveBeenCalledOnce();
expect(await adminUser.login('sample')).toBe(true);
});
describe('registerUser', () => {
it('should register user with user role and given data', async () => {
const userRole = await createRole({ name: 'User' });
const user = await User.registerUser({
fullName: 'Sample user',
email: 'user@automatisch.io',
password: 'sample-password',
});
expect(user).toMatchObject({
fullName: 'Sample user',
email: 'user@automatisch.io',
roleId: userRole.id,
});
expect(await user.login('sample-password')).toBe(true);
});
it('should throw not found error when user role does not exist', async () => {
expect(() =>
User.registerUser({
fullName: 'Sample user',
email: 'user@automatisch.io',
password: 'sample-password',
})
).rejects.toThrowError('NotFoundError');
});
});
describe('can', () => {
it('should return conditions for the given action and subject of the user', async () => {
const userRole = await createRole({ name: 'User' });
await createPermission({
roleId: userRole.id,
subject: 'Flow',
action: 'read',
conditions: ['isCreator'],
});
await createPermission({
roleId: userRole.id,
subject: 'Connection',
action: 'read',
conditions: [],
});
const user = await createUser({ roleId: userRole.id });
const userWithRoleAndPermissions = await user
.$query()
.withGraphFetched({ role: true, permissions: true });
expect(userWithRoleAndPermissions.can('read', 'Flow')).toStrictEqual({
isCreator: true,
});
expect(
userWithRoleAndPermissions.can('read', 'Connection')
).toStrictEqual({});
});
it('should return not authorized error when the user is not permitted for the given action and subject', async () => {
const userRole = await createRole({ name: 'User' });
const user = await createUser({ roleId: userRole.id });
const userWithRoleAndPermissions = await user
.$query()
.withGraphFetched({ role: true, permissions: true });
expect(() => userWithRoleAndPermissions.can('read', 'Flow')).toThrowError(
'The user is not authorized!'
);
});
});
it('lowercaseEmail should lowercase the user email', () => {
const user = new User();
user.email = 'USER@AUTOMATISCH.IO';
user.lowercaseEmail();
expect(user.email).toBe('user@automatisch.io');
});
describe('createUsageData', () => {
it('should create usage data if Automatisch is a cloud installation', async () => {
vi.spyOn(appConfig, 'isCloud', 'get').mockReturnValue(true);
const user = await createUser({
fullName: 'Sample user',
email: 'user@automatisch.io',
});
const usageData = await user.createUsageData();
const currentUsageData = await user.$relatedQuery('currentUsageData');
expect(usageData).toStrictEqual(currentUsageData);
});
it('should not create usage data if Automatisch is not a cloud installation', async () => {
vi.spyOn(appConfig, 'isCloud', 'get').mockReturnValue(false);
const user = await createUser({
fullName: 'Sample user',
email: 'user@automatisch.io',
});
const usageData = await user.createUsageData();
expect(usageData).toBe(undefined);
});
});
describe('omitEnterprisePermissionsWithoutValidLicense', () => {
it('should return user as-is with valid license', async () => {
const userRole = await createRole({ name: 'User' });
const user = await createUser({
fullName: 'Sample user',
email: 'user@automatisch.io',
roleId: userRole.id,
});
const readFlowPermission = await createPermission({
roleId: userRole.id,
subject: 'Flow',
action: 'read',
conditions: [],
});
await createPermission({
roleId: userRole.id,
subject: 'App',
action: 'read',
conditions: [],
});
await createPermission({
roleId: userRole.id,
subject: 'Role',
action: 'read',
conditions: [],
});
await createPermission({
roleId: userRole.id,
subject: 'Config',
action: 'read',
conditions: [],
});
await createPermission({
roleId: userRole.id,
subject: 'SamlAuthProvider',
action: 'read',
conditions: [],
});
const userWithRoleAndPermissions = await user
.$query()
.withGraphFetched({ role: true, permissions: true });
expect(userWithRoleAndPermissions.permissions).toStrictEqual([
readFlowPermission,
]);
});
it('should omit enterprise permissions without valid license', async () => {
vi.spyOn(licenseModule, 'hasValidLicense').mockResolvedValue(false);
const userRole = await createRole({ name: 'User' });
const user = await createUser({
fullName: 'Sample user',
email: 'user@automatisch.io',
roleId: userRole.id,
});
const readFlowPermission = await createPermission({
roleId: userRole.id,
subject: 'Flow',
action: 'read',
conditions: [],
});
await createPermission({
roleId: userRole.id,
subject: 'App',
action: 'read',
conditions: [],
});
await createPermission({
roleId: userRole.id,
subject: 'Role',
action: 'read',
conditions: [],
});
await createPermission({
roleId: userRole.id,
subject: 'Config',
action: 'read',
conditions: [],
});
await createPermission({
roleId: userRole.id,
subject: 'SamlAuthProvider',
action: 'read',
conditions: [],
});
const userWithRoleAndPermissions = await user
.$query()
.withGraphFetched({ role: true, permissions: true });
expect(userWithRoleAndPermissions.permissions).toStrictEqual([
readFlowPermission,
]);
});
});
describe('$beforeInsert', () => {
it('should call super.$beforeInsert', async () => {
const superBeforeInsertSpy = vi
.spyOn(User.prototype, '$beforeInsert')
.mockResolvedValue();
await createUser();
expect(superBeforeInsertSpy).toHaveBeenCalledOnce();
});
it('should lowercase the user email', async () => {
const user = await createUser({
fullName: 'Sample user',
email: 'USER@AUTOMATISCH.IO',
});
expect(user.email).toBe('user@automatisch.io');
});
it('should generate password hash', async () => {
const user = await createUser({
fullName: 'Sample user',
email: 'user@automatisch.io',
password: 'sample-password',
});
expect(user.password).not.toBe('sample-password');
expect(await user.login('sample-password')).toBe(true);
});
it('should start trial period if Automatisch is a cloud installation', async () => {
vi.spyOn(appConfig, 'isCloud', 'get').mockReturnValue(true);
const startTrialPeriodSpy = vi.spyOn(User.prototype, 'startTrialPeriod');
await createUser({
fullName: 'Sample user',
email: 'user@automatisch.io',
});
expect(startTrialPeriodSpy).toHaveBeenCalledOnce();
});
it('should not start trial period if Automatisch is not a cloud installation', async () => {
vi.spyOn(appConfig, 'isCloud', 'get').mockReturnValue(false);
const startTrialPeriodSpy = vi.spyOn(User.prototype, 'startTrialPeriod');
await createUser({
fullName: 'Sample user',
email: 'user@automatisch.io',
});
expect(startTrialPeriodSpy).not.toHaveBeenCalled();
});
});
describe('$beforeUpdate', () => {
it('should call super.$beforeUpdate', async () => {
const superBeforeUpdateSpy = vi
.spyOn(User.prototype, '$beforeUpdate')
.mockResolvedValue();
const user = await createUser({
fullName: 'Sample user',
email: 'user@automatisch.io',
});
await user.$query().patch({ fullName: 'Updated user name' });
expect(superBeforeUpdateSpy).toHaveBeenCalledOnce();
});
it('should lowercase the user email if given', async () => {
const user = await createUser({
fullName: 'Sample user',
email: 'user@automatisch.io',
});
await user.$query().patchAndFetch({ email: 'NEW_EMAIL@AUTOMATISCH.IO' });
expect(user.email).toBe('new_email@automatisch.io');
});
it('should generate password hash', async () => {
const user = await createUser({
fullName: 'Sample user',
email: 'user@automatisch.io',
password: 'sample-password',
});
await user.$query().patchAndFetch({ password: 'new-password' });
expect(user.password).not.toBe('new-password');
expect(await user.login('new-password')).toBe(true);
});
});
describe('$afterInsert', () => {
it('should call super.$afterInsert', async () => {
const superAfterInsertSpy = vi.spyOn(User.prototype, '$afterInsert');
await createUser({
fullName: 'Sample user',
email: 'user@automatisch.io',
});
expect(superAfterInsertSpy).toHaveBeenCalledOnce();
});
it('should call createUsageData', async () => {
const createUsageDataSpy = vi.spyOn(User.prototype, 'createUsageData');
await createUser({
fullName: 'Sample user',
email: 'user@automatisch.io',
});
expect(createUsageDataSpy).toHaveBeenCalledOnce();
});
});
it('$afterFind should invoke omitEnterprisePermissionsWithoutValidLicense method', async () => {
const omitEnterprisePermissionsWithoutValidLicenseSpy = vi.spyOn(
User.prototype,
'omitEnterprisePermissionsWithoutValidLicense'
);
await createUser({
fullName: 'Sample user',
email: 'user@automatisch.io',
});
expect(
omitEnterprisePermissionsWithoutValidLicenseSpy
).toHaveBeenCalledOnce();
});
});

30
packages/backend/src/queues/base.js
View File

@@ -1,30 +0,0 @@
/* eslint-disable no-unused-vars */
class BaseQueue {
constructor(name) {
if (new.target === BaseQueue) {
throw new Error('Cannot instantiate abstract class BaseQueue directly.');
}
this.name = name;
}
// Abstract methods to be implemented by subclasses
async add(jobName, data, options) {
throw new Error('Method "add" must be implemented.');
}
async remove(jobId) {
throw new Error('Method "remove" must be implemented.');
}
async getRepeatableJobs() {
throw new Error('Method "getRepeatableJobs" must be implemented.');
}
async removeRepeatableJobByKey(jobKey) {
throw new Error('Method "removeRepeatableJobByKey" must be implemented.');
}
}
export default BaseQueue;

154
packages/backend/src/queues/bullmq.js
View File

@@ -1,154 +0,0 @@
import { Queue, Worker } from 'bullmq';
import redisConfig from '../config/redis.js';
import logger from '../helpers/logger.js';
import BaseQueue from './base.js';
const CONNECTION_REFUSED = 'ECONNREFUSED';
class BullMQQueue extends BaseQueue {
static queueOptions = {
connection: redisConfig,
};
constructor(name) {
super(name);
this.queue = new Queue(name, this.constructor.queueOptions);
this.workers = [];
this.setupErrorHandlers();
this.setupGracefulShutdown();
}
async add(jobName, data, options = {}) {
try {
const job = await this.queue.add(jobName, data, options);
return job;
} catch (error) {
logger.error(`Failed to add job to queue "${this.name}":`, error);
throw error;
}
}
async remove(jobId) {
try {
const job = await this.getJob(jobId);
if (job) {
await job.remove();
return true;
}
return false;
} catch (error) {
logger.error(`Failed to remove job from queue "${this.name}":`, error);
throw error;
}
}
async getJob(jobId) {
return await this.queue.getJob(jobId);
}
async getRepeatableJobById(jobId) {
const repeatableJobs = await this.getRepeatableJobs();
const job = repeatableJobs.find((job) => job.id === jobId);
return job;
}
async getRepeatableJobs() {
try {
return await this.queue.getRepeatableJobs();
} catch (error) {
logger.error(
`Failed to get repeatable jobs from queue "${this.name}":`,
error
);
throw error;
}
}
async removeRepeatableJobByKey(jobKey) {
try {
await this.queue.removeRepeatableByKey(jobKey);
return true;
} catch (error) {
logger.error(
`Failed to remove repeatable job from queue "${this.name}":`,
error
);
throw error;
}
}
async removeRepeatableJobById(jobId) {
const job = await this.getRepeatableJobById(jobId);
return await this.removeRepeatableJobByKey(job.key);
}
startWorker(processor, workerOptions = {}) {
const worker = new Worker(this.name, processor, {
...this.queueOptions,
...workerOptions,
});
worker.on('error', (error) => {
logger.error(`Worker error in queue "${this.name}":`, error);
});
this.workers.push(worker);
return worker;
}
setupErrorHandlers() {
this.queue.on('error', (error) => {
if (error.code === CONNECTION_REFUSED) {
logger.error(
'Make sure you have installed Redis and it is running.',
error
);
process.exit();
}
logger.error(`Queue error in "${this.name}":`, error);
});
}
setupGracefulShutdown() {
const shutdown = async () => {
logger.log(`Shutting down queue "${this.name}"...`);
try {
// Close all workers gracefully
for (const worker of this.workers) {
await worker.close();
}
await this.queue.close();
logger.log(`Queue "${this.name}" shut down successfully.`);
process.exit();
} catch (error) {
logger.error(`Error during shutdown of queue "${this.name}":`, error);
process.exit(1);
}
};
process.on('SIGTERM', shutdown);
process.on('SIGINT', shutdown);
}
}
export default BullMQQueue;

30
packages/backend/src/queues/flow.js
View File

@@ -1,5 +1,31 @@
import BullMQQueue from './bullmq.js';
import process from 'process';
import { Queue } from 'bullmq';
import redisConfig from '../config/redis.js';
import logger from '../helpers/logger.js';
const flowQueue = new BullMQQueue('flow');
const CONNECTION_REFUSED = 'ECONNREFUSED';
const redisConnection = {
connection: redisConfig,
};
const flowQueue = new Queue('flow', redisConnection);
process.on('SIGTERM', async () => {
await flowQueue.close();
});
flowQueue.on('error', (error) => {
if (error.code === CONNECTION_REFUSED) {
logger.error(
'Make sure you have installed Redis and it is running.',
error
);
process.exit();
}
logger.error('Error happened in flow queue!', error);
});
export default flowQueue;

2
packages/backend/src/serializers/index.js
View File

@@ -26,7 +26,7 @@ const serializers = {
Permission: permissionSerializer,
AdminSamlAuthProvider: adminSamlAuthProviderSerializer,
SamlAuthProvider: samlAuthProviderSerializer,
RoleMapping: samlAuthProviderRoleMappingSerializer,
SamlAuthProvidersRoleMapping: samlAuthProviderRoleMappingSerializer,
AppAuthClient: appAuthClientSerializer,
AppConfig: appConfigSerializer,
Flow: flowSerializer,

2
packages/backend/src/workers/flow.js
View File

@@ -79,7 +79,7 @@ worker.on('failed', async (job, err) => {
const flow = await Flow.query().findById(job.data.flowId);
if (!flow) {
await flowQueue.removeRepeatableJobByKey(job.repeatJobKey);
await flowQueue.removeRepeatableByKey(job.repeatJobKey);
const flowNotFoundErrorMessage = `
JOB ID: ${job.id} - FLOW ID: ${job.data.flowId} has been deleted from Redis because flow was not found!

15
packages/backend/test/factories/role-mapping.js
View File

@@ -1,15 +1,16 @@
import { faker } from '@faker-js/faker';
import { createRole } from './role.js';
import RoleMapping from '../../src/models/role-mapping.ee.js';
import { createSamlAuthProvider } from './saml-auth-provider.ee.js';
import SamlAuthProviderRoleMapping from '../../src/models/saml-auth-providers-role-mapping.ee.js';
export const createRoleMapping = async (params = {}) => {
params.roleId = params.roleId || (await createRole()).id;
params.roleId = params?.roleId || (await createRole()).id;
params.samlAuthProviderId =
params.samlAuthProviderId || (await createSamlAuthProvider()).id;
params.remoteRoleName = params.remoteRoleName || faker.person.jobType();
params?.samlAuthProviderId || (await createSamlAuthProvider()).id;
const roleMapping = await RoleMapping.query().insertAndFetch(params);
params.remoteRoleName = params?.remoteRoleName || 'User';
return roleMapping;
const samlAuthProviderRoleMapping =
await SamlAuthProviderRoleMapping.query().insertAndFetch(params);
return samlAuthProviderRoleMapping;
};

16
packages/backend/test/factories/saml-auth-providers-role-mapping.js Normal file
View File

@@ -0,0 +1,16 @@
import { faker } from '@faker-js/faker';
import { createRole } from './role.js';
import SamlAuthProvidersRoleMapping from '../../src/models/saml-auth-providers-role-mapping.ee.js';
import { createSamlAuthProvider } from './saml-auth-provider.ee.js';
export const createSamlAuthProvidersRoleMapping = async (params = {}) => {
params.roleId = params.roleId || (await createRole()).id;
params.samlAuthProviderId =
params.samlAuthProviderId || (await createSamlAuthProvider()).id;
params.remoteRoleName = params.remoteRoleName || faker.person.jobType();
const samlAuthProvider =
await SamlAuthProvidersRoleMapping.query().insertAndFetch(params);
return samlAuthProvider;
};

2
packages/backend/test/mocks/rest/api/v1/admin/saml-auth-providers/get-role-mappings.ee.js
View File

@@ -15,7 +15,7 @@ const getRoleMappingsMock = async (roleMappings) => {
currentPage: null,
isArray: true,
totalPages: null,
type: 'RoleMapping',
type: 'SamlAuthProvidersRoleMapping',
},
};
};

2
packages/backend/test/mocks/rest/api/v1/admin/saml-auth-providers/update-role-mappings.ee.js
View File

@@ -15,7 +15,7 @@ const createRoleMappingsMock = async (roleMappings) => {
currentPage: null,
isArray: true,
totalPages: null,
type: 'RoleMapping',
type: 'SamlAuthProvidersRoleMapping',
},
};
};

38
packages/web/src/components/ForgotPasswordForm/index.ee.jsx
View File

@@ -1,8 +1,8 @@
import * as React from 'react';
import Paper from '@mui/material/Paper';
import Typography from '@mui/material/Typography';
import Alert from '@mui/material/Alert';
import LoadingButton from '@mui/lab/LoadingButton';
import { enqueueSnackbar } from 'notistack';
import useForgotPassword from 'hooks/useForgotPassword';
import Form from 'components/Form';
@@ -12,17 +12,25 @@ import useFormatMessage from 'hooks/useFormatMessage';
export default function ForgotPasswordForm() {
const formatMessage = useFormatMessage();
const {
mutate: forgotPassword,
mutateAsync: forgotPassword,
isPending: loading,
isSuccess,
isError,
error,
} = useForgotPassword();
const handleSubmit = ({ email }) => {
forgotPassword({
const handleSubmit = async (values) => {
const { email } = values;
try {
await forgotPassword({
email,
});
} catch (error) {
enqueueSnackbar(
error?.message || formatMessage('forgotPasswordForm.error'),
{
variant: 'error',
},
);
}
};
return (
@@ -49,16 +57,6 @@ export default function ForgotPasswordForm() {
margin="dense"
autoComplete="username"
/>
{isError && (
<Alert severity="error" sx={{ mt: 2 }}>
{error?.message || formatMessage('forgotPasswordForm.error')}
</Alert>
)}
{isSuccess && (
<Alert severity="success" sx={{ mt: 2 }}>
{formatMessage('forgotPasswordForm.instructionsSent')}
</Alert>
)}
<LoadingButton
type="submit"
variant="contained"
@@ -70,6 +68,14 @@ export default function ForgotPasswordForm() {
>
{formatMessage('forgotPasswordForm.submit')}
</LoadingButton>
{isSuccess && (
<Typography
variant="body1"
sx={{ color: (theme) => theme.palette.success.main }}
>
{formatMessage('forgotPasswordForm.instructionsSent')}
</Typography>
)}
</Form>
</Paper>
);

4
packages/web/src/components/LoginForm/index.jsx
View File

@@ -2,7 +2,6 @@ import * as React from 'react';
import { useNavigate, Link as RouterLink } from 'react-router-dom';
import Paper from '@mui/material/Paper';
import Link from '@mui/material/Link';
import Alert from '@mui/material/Alert';
import Typography from '@mui/material/Typography';
import LoadingButton from '@mui/lab/LoadingButton';
import useAuthentication from 'hooks/useAuthentication';
@@ -12,6 +11,7 @@ import Form from 'components/Form';
import TextField from 'components/TextField';
import useFormatMessage from 'hooks/useFormatMessage';
import useCreateAccessToken from 'hooks/useCreateAccessToken';
import { Alert } from '@mui/material';
function LoginForm() {
const isCloud = useCloud();
@@ -45,7 +45,7 @@ function LoginForm() {
const renderError = () => {
const errors = error?.response?.data?.errors?.general || [
error?.message || formatMessage('loginForm.error'),
formatMessage('loginForm.error'),
];
return errors.map((error) => (

29
packages/web/src/components/ResetPasswordForm/index.ee.jsx
View File

@@ -2,7 +2,6 @@ import { yupResolver } from '@hookform/resolvers/yup';
import LoadingButton from '@mui/lab/LoadingButton';
import Paper from '@mui/material/Paper';
import Typography from '@mui/material/Typography';
import Alert from '@mui/material/Alert';
import useEnqueueSnackbar from 'hooks/useEnqueueSnackbar';
import * as React from 'react';
import { useNavigate, useSearchParams } from 'react-router-dom';
@@ -31,8 +30,6 @@ export default function ResetPasswordForm() {
mutateAsync: resetPassword,
isPending,
isSuccess,
error,
isError,
} = useResetPassword();
const token = searchParams.get('token');
@@ -50,23 +47,14 @@ export default function ResetPasswordForm() {
},
});
navigate(URLS.LOGIN);
} catch {}
};
const renderError = () => {
if (!isError) {
return null;
}
const errors = error?.response?.data?.errors?.general || [
} catch (error) {
enqueueSnackbar(
error?.message || formatMessage('resetPasswordForm.error'),
];
return errors.map((error) => (
<Alert severity="error" sx={{ mt: 2 }}>
{error}
</Alert>
));
{
variant: 'error',
},
);
}
};
return (
@@ -108,6 +96,7 @@ export default function ResetPasswordForm() {
: ''
}
/>
<TextField
label={formatMessage(
'resetPasswordForm.confirmPasswordFieldLabel',
@@ -128,7 +117,7 @@ export default function ResetPasswordForm() {
: ''
}
/>
{renderError()}
<LoadingButton
type="submit"
variant="contained"

8
packages/web/src/pages/Authentication/RoleMappings.jsx
View File

@@ -66,8 +66,8 @@ function RoleMappings({ provider, providerLoading }) {
const enqueueSnackbar = useEnqueueSnackbar();
const {
mutateAsync: updateRoleMappings,
isPending: isUpdateRoleMappingsPending,
mutateAsync: updateSamlAuthProvidersRoleMappings,
isPending: isUpdateSamlAuthProvidersRoleMappingsPending,
} = useAdminUpdateSamlAuthProviderRoleMappings(provider?.id);
const { data, isLoading: isAdminSamlAuthProviderRoleMappingsLoading } =
@@ -79,7 +79,7 @@ function RoleMappings({ provider, providerLoading }) {
const handleRoleMappingsUpdate = async (values) => {
try {
if (provider?.id) {
await updateRoleMappings(
await updateSamlAuthProvidersRoleMappings(
values.roleMappings.map(({ roleId, remoteRoleName }) => ({
roleId,
remoteRoleName,
@@ -148,7 +148,7 @@ function RoleMappings({ provider, providerLoading }) {
variant="contained"
color="primary"
sx={{ boxShadow: 2 }}
loading={isUpdateRoleMappingsPending}
loading={isUpdateSamlAuthProvidersRoleMappingsPending}
>
{formatMessage('roleMappingsForm.save')}
</LoadingButton>