feat: show api error message when logging in fails

fix: variable chip label disappearing

packages/backend/bin/database/utils.js

@@ -10,7 +10,7 @@ import process from 'process';
 async function fetchAdminRole() {
   const role = await Role.query()
     .where({
-      key: 'admin',
+      name: 'Admin',
     })
     .limit(1)
     .first();

packages/backend/package.json

@@ -23,8 +23,6 @@
   "dependencies": {
     "@bull-board/express": "^3.10.1",
     "@casl/ability": "^6.5.0",
-    "@graphql-tools/graphql-file-loader": "^7.3.4",
-    "@graphql-tools/load": "^7.5.2",
     "@node-saml/passport-saml": "^4.0.4",
     "@rudderstack/rudder-sdk-node": "^1.1.2",
     "@sentry/node": "^7.42.0",
@@ -39,13 +37,9 @@
     "debug": "~2.6.9",
     "dotenv": "^10.0.0",
     "express": "~4.18.2",
-    "express-async-handler": "^1.2.0",
+    "express-async-errors": "^3.1.1",
     "express-basic-auth": "^1.2.1",
-    "express-graphql": "^0.12.0",
     "fast-xml-parser": "^4.0.11",
-    "graphql-middleware": "^6.1.15",
-    "graphql-shield": "^7.5.0",
-    "graphql-tools": "^8.2.0",
     "handlebars": "^4.7.7",
     "http-errors": "~1.6.3",
     "http-proxy-agent": "^7.0.0",
@@ -107,7 +101,9 @@
     "access": "public"
   },
   "nodemonConfig": {
-    "watch": [ "src/" ],
+    "watch": [
+      "src/"
+    ],
     "ext": "js"
   }
 }

packages/backend/src/app.js

@@ -1,5 +1,6 @@
 import createError from 'http-errors';
 import express from 'express';
+import 'express-async-errors';
 import cors from 'cors';
 
 import appConfig from './config/app.js';

packages/backend/src/apps/airtable/index.js

@@ -12,7 +12,7 @@ export default defineApp({
   apiBaseUrl: 'https://api.airtable.com',
   iconUrl: '{BASE_URL}/apps/airtable/assets/favicon.svg',
   authDocUrl: '{DOCS_URL}/apps/airtable/connection',
-  primaryColor: 'FFBF00',
+  primaryColor: '#FFBF00',
   supportsConnections: true,
   beforeRequest: [addAuthHeader],
   auth,

packages/backend/src/apps/appwrite/index.js

@@ -12,7 +12,7 @@ export default defineApp({
   apiBaseUrl: 'https://cloud.appwrite.io',
   iconUrl: '{BASE_URL}/apps/appwrite/assets/favicon.svg',
   authDocUrl: '{DOCS_URL}/apps/appwrite/connection',
-  primaryColor: 'FD366E',
+  primaryColor: '#FD366E',
   supportsConnections: true,
   beforeRequest: [setBaseUrl, addAuthHeader],
   auth,

packages/backend/src/apps/azure-openai/index.js

@@ -12,7 +12,7 @@ export default defineApp({
   apiBaseUrl: '',
   iconUrl: '{BASE_URL}/apps/azure-openai/assets/favicon.svg',
   authDocUrl: '{DOCS_URL}/apps/azure-openai/connection',
-  primaryColor: '000000',
+  primaryColor: '#000000',
   supportsConnections: true,
   beforeRequest: [setBaseUrl, addAuthHeader],
   auth,

packages/backend/src/apps/carbone/index.js

@@ -11,7 +11,7 @@ export default defineApp({
   supportsConnections: true,
   baseUrl: 'https://carbone.io',
   apiBaseUrl: 'https://api.carbone.io',
-  primaryColor: '6f42c1',
+  primaryColor: '#6f42c1',
   beforeRequest: [addAuthHeader],
   auth,
   actions,

packages/backend/src/apps/clickup/index.js

@@ -12,8 +12,8 @@ export default defineApp({
   baseUrl: 'https://clickup.com',
   apiBaseUrl: 'https://api.clickup.com/api',
   iconUrl: '{BASE_URL}/apps/clickup/assets/favicon.svg',
-  authDocUrl: 'https://automatisch.io/docs/apps/clickup/connection',
-  primaryColor: 'FD71AF',
+  authDocUrl: '{DOCS_URL}/apps/clickup/connection',
+  primaryColor: '#FD71AF',
   supportsConnections: true,
   beforeRequest: [addAuthHeader],
   auth,

packages/backend/src/apps/code/index.js

@@ -8,7 +8,7 @@ export default defineApp({
   apiBaseUrl: '',
   iconUrl: '{BASE_URL}/apps/code/assets/favicon.svg',
   authDocUrl: '{DOCS_URL}/apps/code/connection',
-  primaryColor: '000000',
+  primaryColor: '#000000',
   supportsConnections: false,
   actions,
 });

packages/backend/src/apps/cryptography/index.js

@@ -9,6 +9,6 @@ export default defineApp({
   supportsConnections: false,
   baseUrl: '',
   apiBaseUrl: '',
-  primaryColor: '001F52',
+  primaryColor: '#001F52',
   actions,
 });

packages/backend/src/apps/datastore/index.js

@@ -9,6 +9,6 @@ export default defineApp({
   supportsConnections: false,
   baseUrl: '',
   apiBaseUrl: '',
-  primaryColor: '001F52',
+  primaryColor: '#001F52',
   actions,
 });

packages/backend/src/apps/deepl/index.js

@@ -11,7 +11,7 @@ export default defineApp({
   supportsConnections: true,
   baseUrl: 'https://deepl.com',
   apiBaseUrl: 'https://api.deepl.com',
-  primaryColor: '0d2d45',
+  primaryColor: '#0d2d45',
   beforeRequest: [addAuthHeader],
   auth,
   actions,

packages/backend/src/apps/delay/index.js

@@ -9,6 +9,6 @@ export default defineApp({
   supportsConnections: false,
   baseUrl: '',
   apiBaseUrl: '',
-  primaryColor: '001F52',
+  primaryColor: '#001F52',
   actions,
 });

packages/backend/src/apps/discord/index.js

@@ -14,7 +14,7 @@ export default defineApp({
   supportsConnections: true,
   baseUrl: 'https://discord.com',
   apiBaseUrl: 'https://discord.com/api',
-  primaryColor: '5865f2',
+  primaryColor: '#5865f2',
   beforeRequest: [addAuthHeader],
   auth,
   dynamicData,

packages/backend/src/apps/disqus/index.js

@@ -11,7 +11,7 @@ export default defineApp({
   apiBaseUrl: 'https://disqus.com/api',
   iconUrl: '{BASE_URL}/apps/disqus/assets/favicon.svg',
   authDocUrl: '{DOCS_URL}/apps/disqus/connection',
-  primaryColor: '2E9FFF',
+  primaryColor: '#2E9FFF',
   supportsConnections: true,
   beforeRequest: [addAuthHeader],
   auth,

packages/backend/src/apps/dropbox/index.js

@@ -11,7 +11,7 @@ export default defineApp({
   supportsConnections: true,
   baseUrl: 'https://dropbox.com',
   apiBaseUrl: 'https://api.dropboxapi.com',
-  primaryColor: '0061ff',
+  primaryColor: '#0061ff',
   beforeRequest: [addAuthHeader],
   auth,
   actions,

packages/backend/src/apps/filter/index.js

@@ -9,6 +9,6 @@ export default defineApp({
   supportsConnections: false,
   baseUrl: '',
   apiBaseUrl: '',
-  primaryColor: '001F52',
+  primaryColor: '#001F52',
   actions,
 });

packages/backend/src/apps/flickr/index.js

@@ -10,7 +10,7 @@ export default defineApp({
   iconUrl: '{BASE_URL}/apps/flickr/assets/favicon.svg',
   authDocUrl: '{DOCS_URL}/apps/flickr/connection',
   docUrl: 'https://automatisch.io/docs/flickr',
-  primaryColor: '000000',
+  primaryColor: '#000000',
   supportsConnections: true,
   baseUrl: 'https://www.flickr.com/',
   apiBaseUrl: 'https://www.flickr.com/services',

packages/backend/src/apps/flowers-software/index.js

@@ -11,7 +11,7 @@ export default defineApp({
   supportsConnections: true,
   baseUrl: 'https://flowers-software.com',
   apiBaseUrl: 'https://webapp.flowers-software.com/api',
-  primaryColor: '02AFC7',
+  primaryColor: '#02AFC7',
   beforeRequest: [addAuthHeader],
   auth,
   triggers,

packages/backend/src/apps/formatter/index.js

@@ -10,7 +10,7 @@ export default defineApp({
   supportsConnections: false,
   baseUrl: '',
   apiBaseUrl: '',
-  primaryColor: '001F52',
+  primaryColor: '#001F52',
   actions,
   dynamicFields,
 });

packages/backend/src/apps/ghost/index.js

@@ -11,7 +11,7 @@ export default defineApp({
   apiBaseUrl: '',
   iconUrl: '{BASE_URL}/apps/ghost/assets/favicon.svg',
   authDocUrl: '{DOCS_URL}/apps/ghost/connection',
-  primaryColor: '15171A',
+  primaryColor: '#15171A',
   supportsConnections: true,
   beforeRequest: [setBaseUrl, addAuthHeader],
   auth,

packages/backend/src/apps/github/index.js

@@ -12,7 +12,7 @@ export default defineApp({
   apiBaseUrl: 'https://api.github.com',
   iconUrl: '{BASE_URL}/apps/github/assets/favicon.svg',
   authDocUrl: '{DOCS_URL}/apps/github/connection',
-  primaryColor: '000000',
+  primaryColor: '#000000',
   supportsConnections: true,
   beforeRequest: [addAuthHeader],
   auth,

packages/backend/src/apps/gitlab/index.js

@@ -12,7 +12,7 @@ export default defineApp({
   apiBaseUrl: 'https://gitlab.com',
   iconUrl: '{BASE_URL}/apps/gitlab/assets/favicon.svg',
   authDocUrl: '{DOCS_URL}/apps/gitlab/connection',
-  primaryColor: 'FC6D26',
+  primaryColor: '#FC6D26',
   supportsConnections: true,
   beforeRequest: [setBaseUrl, addAuthHeader],
   auth,

packages/backend/src/apps/google-calendar/index.js

@@ -11,7 +11,7 @@ export default defineApp({
   apiBaseUrl: 'https://www.googleapis.com/calendar',
   iconUrl: '{BASE_URL}/apps/google-calendar/assets/favicon.svg',
   authDocUrl: '{DOCS_URL}/apps/google-calendar/connection',
-  primaryColor: '448AFF',
+  primaryColor: '#448AFF',
   supportsConnections: true,
   beforeRequest: [addAuthHeader],
   auth,

packages/backend/src/apps/google-drive/index.js

@@ -11,7 +11,7 @@ export default defineApp({
   apiBaseUrl: 'https://www.googleapis.com/drive',
   iconUrl: '{BASE_URL}/apps/google-drive/assets/favicon.svg',
   authDocUrl: '{DOCS_URL}/apps/google-drive/connection',
-  primaryColor: '1FA463',
+  primaryColor: '#1FA463',
   supportsConnections: true,
   beforeRequest: [addAuthHeader],
   auth,

packages/backend/src/apps/google-forms/index.js

@@ -11,7 +11,7 @@ export default defineApp({
   apiBaseUrl: 'https://forms.googleapis.com',
   iconUrl: '{BASE_URL}/apps/google-forms/assets/favicon.svg',
   authDocUrl: '{DOCS_URL}/apps/google-forms/connection',
-  primaryColor: '673AB7',
+  primaryColor: '#673AB7',
   supportsConnections: true,
   beforeRequest: [addAuthHeader],
   auth,

packages/backend/src/apps/google-sheets/index.js

@@ -13,7 +13,7 @@ export default defineApp({
   apiBaseUrl: 'https://sheets.googleapis.com',
   iconUrl: '{BASE_URL}/apps/google-sheets/assets/favicon.svg',
   authDocUrl: '{DOCS_URL}/apps/google-sheets/connection',
-  primaryColor: '0F9D58',
+  primaryColor: '#0F9D58',
   supportsConnections: true,
   beforeRequest: [addAuthHeader],
   auth,

packages/backend/src/apps/google-tasks/index.js

@@ -12,7 +12,7 @@ export default defineApp({
   apiBaseUrl: 'https://tasks.googleapis.com',
   iconUrl: '{BASE_URL}/apps/google-tasks/assets/favicon.svg',
   authDocUrl: '{DOCS_URL}/apps/google-tasks/connection',
-  primaryColor: '0066DA',
+  primaryColor: '#0066DA',
   supportsConnections: true,
   beforeRequest: [addAuthHeader],
   auth,

packages/backend/src/apps/helix/index.js

@@ -11,7 +11,7 @@ export default defineApp({
   apiBaseUrl: 'https://app.tryhelix.ai',
   iconUrl: '{BASE_URL}/apps/helix/assets/favicon.svg',
   authDocUrl: '{DOCS_URL}/apps/helix/connection',
-  primaryColor: '000000',
+  primaryColor: '#000000',
   supportsConnections: true,
   beforeRequest: [setBaseUrl, addAuthHeader],
   auth,

packages/backend/src/apps/http-request/index.js

@@ -9,6 +9,6 @@ export default defineApp({
   supportsConnections: false,
   baseUrl: '',
   apiBaseUrl: '',
-  primaryColor: '000000',
+  primaryColor: '#000000',
   actions,
 });

packages/backend/src/apps/hubspot/index.js

@@ -11,7 +11,7 @@ export default defineApp({
   supportsConnections: true,
   baseUrl: 'https://www.hubspot.com',
   apiBaseUrl: 'https://api.hubapi.com',
-  primaryColor: 'F95C35',
+  primaryColor: '#F95C35',
   beforeRequest: [addAuthHeader],
   auth,
   actions,

packages/backend/src/apps/invoice-ninja/index.js

@@ -13,7 +13,7 @@ export default defineApp({
   apiBaseUrl: 'https://invoicing.co/api',
   iconUrl: '{BASE_URL}/apps/invoice-ninja/assets/favicon.svg',
   authDocUrl: '{DOCS_URL}/apps/invoice-ninja/connection',
-  primaryColor: '000000',
+  primaryColor: '#000000',
   supportsConnections: true,
   beforeRequest: [setBaseUrl, addAuthHeader],
   auth,

packages/backend/src/apps/jotform/index.js

@@ -9,11 +9,11 @@ export default defineApp({
   name: 'Jotform',
   key: 'jotform',
   iconUrl: '{BASE_URL}/apps/jotform/assets/favicon.svg',
-  authDocUrl: 'https://automatisch.io/docs/apps/jotform/connection',
+  authDocUrl: '{DOCS_URL}/apps/jotform/connection',
   supportsConnections: true,
   baseUrl: 'https://www.jotform.com',
   apiBaseUrl: 'https://api.jotform.com',
-  primaryColor: 'FF6100',
+  primaryColor: '#FF6100',
   beforeRequest: [setBaseUrl, addAuthHeader],
   auth,
   triggers,

packages/backend/src/apps/mailchimp/index.js

@@ -12,8 +12,8 @@ export default defineApp({
   baseUrl: 'https://mailchimp.com',
   apiBaseUrl: '',
   iconUrl: '{BASE_URL}/apps/mailchimp/assets/favicon.svg',
-  authDocUrl: 'https://automatisch.io/docs/apps/mailchimp/connection',
-  primaryColor: '000000',
+  authDocUrl: '{DOCS_URL}/apps/mailchimp/connection',
+  primaryColor: '#000000',
   supportsConnections: true,
   beforeRequest: [setBaseUrl, addAuthHeader],
   auth,

packages/backend/src/apps/mailerlite/index.js

@@ -7,11 +7,11 @@ export default defineApp({
   name: 'MailerLite',
   key: 'mailerlite',
   iconUrl: '{BASE_URL}/apps/mailerlite/assets/favicon.svg',
-  authDocUrl: 'https://automatisch.io/docs/apps/mailerlite/connection',
+  authDocUrl: '{DOCS_URL}/apps/mailerlite/connection',
   supportsConnections: true,
   baseUrl: 'https://www.mailerlite.com',
   apiBaseUrl: 'https://connect.mailerlite.com/api',
-  primaryColor: '09C269',
+  primaryColor: '#09C269',
   beforeRequest: [addAuthHeader],
   auth,
   triggers,

packages/backend/src/apps/mattermost/index.js

@@ -13,7 +13,7 @@ export default defineApp({
   authDocUrl: '{DOCS_URL}/apps/mattermost/connection',
   baseUrl: 'https://mattermost.com',
   apiBaseUrl: '', // there is no cloud version of this app, user always need to provide address of own instance when creating connection
-  primaryColor: '4a154b',
+  primaryColor: '#4a154b',
   supportsConnections: true,
   beforeRequest: [setBaseUrl, addXRequestedWithHeader, addAuthHeader],
   auth,

packages/backend/src/apps/miro/index.js

@@ -11,7 +11,7 @@ export default defineApp({
   apiBaseUrl: 'https://api.miro.com',
   iconUrl: '{BASE_URL}/apps/miro/assets/favicon.svg',
   authDocUrl: '{DOCS_URL}/apps/miro/connection',
-  primaryColor: 'F2CA02',
+  primaryColor: '#F2CA02',
   supportsConnections: true,
   beforeRequest: [addAuthHeader],
   auth,

packages/backend/src/apps/notion/index.js

@@ -13,7 +13,7 @@ export default defineApp({
   apiBaseUrl: 'https://api.notion.com',
   iconUrl: '{BASE_URL}/apps/notion/assets/favicon.svg',
   authDocUrl: '{DOCS_URL}/apps/notion/connection',
-  primaryColor: '000000',
+  primaryColor: '#000000',
   supportsConnections: true,
   beforeRequest: [addAuthHeader, addNotionVersionHeader],
   auth,

packages/backend/src/apps/ntfy/index.js

@@ -11,7 +11,7 @@ export default defineApp({
   supportsConnections: true,
   baseUrl: 'https://ntfy.sh',
   apiBaseUrl: 'https://ntfy.sh',
-  primaryColor: '56bda8',
+  primaryColor: '#56bda8',
   beforeRequest: [addAuthHeader],
   auth,
   actions,

packages/backend/src/apps/odoo/index.js

@@ -10,7 +10,7 @@ export default defineApp({
   supportsConnections: true,
   baseUrl: 'https://odoo.com',
   apiBaseUrl: '',
-  primaryColor: '9c5789',
+  primaryColor: '#9c5789',
   auth,
   actions,
 });

packages/backend/src/apps/openai/index.js

@@ -11,7 +11,7 @@ export default defineApp({
   apiBaseUrl: 'https://api.openai.com',
   iconUrl: '{BASE_URL}/apps/openai/assets/favicon.svg',
   authDocUrl: '{DOCS_URL}/apps/openai/connection',
-  primaryColor: '000000',
+  primaryColor: '#000000',
   supportsConnections: true,
   beforeRequest: [addAuthHeader],
   auth,

packages/backend/src/apps/pipedrive/index.js

@@ -13,7 +13,7 @@ export default defineApp({
   apiBaseUrl: '',
   iconUrl: '{BASE_URL}/apps/pipedrive/assets/favicon.svg',
   authDocUrl: '{DOCS_URL}/apps/pipedrive/connection',
-  primaryColor: 'FFFFFF',
+  primaryColor: '#FFFFFF',
   supportsConnections: true,
   beforeRequest: [setBaseUrl, addAuthHeader],
   auth,

packages/backend/src/apps/placetel/index.js

@@ -12,7 +12,7 @@ export default defineApp({
   supportsConnections: true,
   baseUrl: 'https://placetel.de',
   apiBaseUrl: 'https://api.placetel.de',
-  primaryColor: '069dd9',
+  primaryColor: '#069dd9',
   beforeRequest: [addAuthHeader],
   auth,
   triggers,

packages/backend/src/apps/postgresql/index.js

@@ -10,7 +10,7 @@ export default defineApp({
   supportsConnections: true,
   baseUrl: '',
   apiBaseUrl: '',
-  primaryColor: '336791',
+  primaryColor: '#336791',
   auth,
   actions,
 });

packages/backend/src/apps/pushover/index.js

@@ -10,7 +10,7 @@ export default defineApp({
   apiBaseUrl: 'https://api.pushover.net',
   iconUrl: '{BASE_URL}/apps/pushover/assets/favicon.svg',
   authDocUrl: '{DOCS_URL}/apps/pushover/connection',
-  primaryColor: '249DF1',
+  primaryColor: '#249DF1',
   supportsConnections: true,
   auth,
   actions,

packages/backend/src/apps/reddit/index.js

@@ -11,7 +11,7 @@ export default defineApp({
   apiBaseUrl: 'https://oauth.reddit.com',
   iconUrl: '{BASE_URL}/apps/reddit/assets/favicon.svg',
   authDocUrl: '{DOCS_URL}/apps/reddit/connection',
-  primaryColor: 'FF4500',
+  primaryColor: '#FF4500',
   supportsConnections: true,
   beforeRequest: [addAuthHeader],
   auth,

packages/backend/src/apps/removebg/index.js

@@ -11,7 +11,7 @@ export default defineApp({
   supportsConnections: true,
   baseUrl: 'https://www.remove.bg',
   apiBaseUrl: 'https://api.remove.bg/v1.0',
-  primaryColor: '55636c',
+  primaryColor: '#55636c',
   beforeRequest: [addAuthHeader],
   auth,
   actions,

packages/backend/src/apps/rss/index.js

@@ -9,6 +9,6 @@ export default defineApp({
   supportsConnections: false,
   baseUrl: '',
   apiBaseUrl: '',
-  primaryColor: 'ff8800',
+  primaryColor: '#ff8800',
   triggers,
 });

packages/backend/src/apps/salesforce/index.js

@@ -13,7 +13,7 @@ export default defineApp({
   supportsConnections: true,
   baseUrl: 'https://salesforce.com',
   apiBaseUrl: '',
-  primaryColor: '00A1E0',
+  primaryColor: '#00A1E0',
   beforeRequest: [addAuthHeader],
   auth,
   triggers,

packages/backend/src/apps/scheduler/index.js

@@ -9,7 +9,7 @@ export default defineApp({
   authDocUrl: '{DOCS_URL}/apps/scheduler/connection',
   baseUrl: '',
   apiBaseUrl: '',
-  primaryColor: '0059F7',
+  primaryColor: '#0059F7',
   supportsConnections: false,
   triggers,
 });

packages/backend/src/apps/self-hosted-llm/index.js

@@ -12,7 +12,7 @@ export default defineApp({
   apiBaseUrl: '',
   iconUrl: '{BASE_URL}/apps/self-hosted-llm/assets/favicon.svg',
   authDocUrl: '{DOCS_URL}/apps/self-hosted-llm/connection',
-  primaryColor: '000000',
+  primaryColor: '#000000',
   supportsConnections: true,
   beforeRequest: [setBaseUrl, addAuthHeader],
   auth,

packages/backend/src/apps/signalwire/index.js

@@ -13,7 +13,7 @@ export default defineApp({
   supportsConnections: true,
   baseUrl: 'https://signalwire.com',
   apiBaseUrl: '',
-  primaryColor: '044cf6',
+  primaryColor: '#044cf6',
   beforeRequest: [addAuthHeader],
   auth,
   triggers,

packages/backend/src/apps/slack/index.js

@@ -13,7 +13,7 @@ export default defineApp({
   supportsConnections: true,
   baseUrl: 'https://slack.com',
   apiBaseUrl: 'https://slack.com/api',
-  primaryColor: '4a154b',
+  primaryColor: '#4a154b',
   beforeRequest: [addAuthHeader],
   auth,
   actions,

packages/backend/src/apps/smtp/index.js

@@ -10,7 +10,7 @@ export default defineApp({
   supportsConnections: true,
   baseUrl: '',
   apiBaseUrl: '',
-  primaryColor: '2DAAE1',
+  primaryColor: '#2DAAE1',
   auth,
   actions,
 });

packages/backend/src/apps/spotify/index.js

@@ -11,7 +11,7 @@ export default defineApp({
   supportsConnections: true,
   baseUrl: 'https://spotify.com',
   apiBaseUrl: 'https://api.spotify.com',
-  primaryColor: '000000',
+  primaryColor: '#000000',
   beforeRequest: [addAuthHeader],
   auth,
   actions,

packages/backend/src/apps/strava/index.js

@@ -11,7 +11,7 @@ export default defineApp({
   supportsConnections: true,
   baseUrl: 'https://www.strava.com',
   apiBaseUrl: 'https://www.strava.com/api',
-  primaryColor: 'fc4c01',
+  primaryColor: '#fc4c01',
   beforeRequest: [addAuthHeader],
   auth,
   actions,

packages/backend/src/apps/stripe/index.js

@@ -11,7 +11,7 @@ export default defineApp({
   supportsConnections: true,
   baseUrl: 'https://stripe.com',
   apiBaseUrl: 'https://api.stripe.com',
-  primaryColor: '635bff',
+  primaryColor: '#635bff',
   beforeRequest: [addAuthHeader],
   auth,
   triggers,

packages/backend/src/apps/telegram-bot/index.js

@@ -11,7 +11,7 @@ export default defineApp({
   supportsConnections: true,
   baseUrl: 'https://telegram.org',
   apiBaseUrl: 'https://api.telegram.org',
-  primaryColor: '2AABEE',
+  primaryColor: '#2AABEE',
   beforeRequest: [addAuthHeader],
   auth,
   actions,

packages/backend/src/apps/todoist/index.js

@@ -13,7 +13,7 @@ export default defineApp({
   supportsConnections: true,
   baseUrl: 'https://todoist.com',
   apiBaseUrl: 'https://api.todoist.com/rest/v2',
-  primaryColor: 'e44332',
+  primaryColor: '#e44332',
   beforeRequest: [addAuthHeader],
   auth,
   triggers,

packages/backend/src/apps/trello/index.js

@@ -12,7 +12,7 @@ export default defineApp({
   iconUrl: '{BASE_URL}/apps/trello/assets/favicon.svg',
   authDocUrl: '{DOCS_URL}/apps/trello/connection',
   supportsConnections: true,
-  primaryColor: '0079bf',
+  primaryColor: '#0079bf',
   beforeRequest: [addAuthHeader],
   auth,
   actions,

packages/backend/src/apps/twilio/index.js

@@ -13,7 +13,7 @@ export default defineApp({
   supportsConnections: true,
   baseUrl: 'https://twilio.com',
   apiBaseUrl: 'https://api.twilio.com',
-  primaryColor: 'e1000f',
+  primaryColor: '#e1000f',
   beforeRequest: [addAuthHeader],
   auth,
   triggers,

packages/backend/src/apps/twitter/index.js

@@ -12,7 +12,7 @@ export default defineApp({
   supportsConnections: true,
   baseUrl: 'https://twitter.com',
   apiBaseUrl: 'https://api.twitter.com',
-  primaryColor: '1da1f2',
+  primaryColor: '#1da1f2',
   beforeRequest: [addAuthHeader],
   auth,
   triggers,

packages/backend/src/apps/typeform/index.js

@@ -12,7 +12,7 @@ export default defineApp({
   supportsConnections: true,
   baseUrl: 'https://typeform.com',
   apiBaseUrl: 'https://api.typeform.com',
-  primaryColor: '262627',
+  primaryColor: '#262627',
   beforeRequest: [addAuthHeader],
   auth,
   triggers,

packages/backend/src/apps/vtiger-crm/index.js

@@ -14,7 +14,7 @@ export default defineApp({
   supportsConnections: true,
   baseUrl: '',
   apiBaseUrl: '',
-  primaryColor: '39a86d',
+  primaryColor: '#39a86d',
   beforeRequest: [setBaseUrl, addAuthHeader],
   auth,
   triggers,

packages/backend/src/apps/webhook/index.js

@@ -10,7 +10,7 @@ export default defineApp({
   supportsConnections: false,
   baseUrl: '',
   apiBaseUrl: '',
-  primaryColor: '0059F7',
+  primaryColor: '#0059F7',
   actions,
   triggers,
 });

packages/backend/src/apps/wordpress/index.js

@@ -13,7 +13,7 @@ export default defineApp({
   supportsConnections: true,
   baseUrl: 'https://wordpress.com',
   apiBaseUrl: '',
-  primaryColor: '464342',
+  primaryColor: '#464342',
   beforeRequest: [setBaseUrl, addAuthHeader],
   auth,
   triggers,

packages/backend/src/apps/wordpress/triggers/new-comment/index.js

@@ -4,6 +4,7 @@ export default defineTrigger({
   name: 'New comment',
   key: 'newComment',
   description: 'Triggers when a new comment is created.',
+  pollInterval: 15,
   arguments: [
     {
       label: 'Status',

packages/backend/src/apps/wordpress/triggers/new-page/index.js

@@ -3,6 +3,7 @@ import defineTrigger from '../../../../helpers/define-trigger.js';
 export default defineTrigger({
   name: 'New page',
   key: 'newPage',
+  pollInterval: 15,
   description: 'Triggers when a new page is created.',
   arguments: [
     {

packages/backend/src/apps/wordpress/triggers/new-post/index.js

@@ -3,6 +3,7 @@ import defineTrigger from '../../../../helpers/define-trigger.js';
 export default defineTrigger({
   name: 'New post',
   key: 'newPost',
+  pollInterval: 15,
   description: 'Triggers when a new post is created.',
   arguments: [
     {

packages/backend/src/apps/xero/index.js

@@ -11,7 +11,7 @@ export default defineApp({
   apiBaseUrl: 'https://api.xero.com',
   iconUrl: '{BASE_URL}/apps/xero/assets/favicon.svg',
   authDocUrl: '{DOCS_URL}/apps/xero/connection',
-  primaryColor: '13B5EA',
+  primaryColor: '#13B5EA',
   supportsConnections: true,
   beforeRequest: [addAuthHeader],
   auth,

packages/backend/src/apps/you-need-a-budget/index.js

@@ -10,7 +10,7 @@ export default defineApp({
   apiBaseUrl: 'https://api.ynab.com/v1',
   iconUrl: '{BASE_URL}/apps/you-need-a-budget/assets/favicon.svg',
   authDocUrl: '{DOCS_URL}/apps/you-need-a-budget/connection',
-  primaryColor: '19223C',
+  primaryColor: '#19223C',
   supportsConnections: true,
   beforeRequest: [addAuthHeader],
   auth,

packages/backend/src/apps/youtube/index.js

@@ -10,7 +10,7 @@ export default defineApp({
   apiBaseUrl: 'https://www.googleapis.com/youtube',
   iconUrl: '{BASE_URL}/apps/youtube/assets/favicon.svg',
   authDocUrl: '{DOCS_URL}/apps/youtube/connection',
-  primaryColor: 'FF0000',
+  primaryColor: '#FF0000',
   supportsConnections: true,
   beforeRequest: [addAuthHeader],
   auth,

packages/backend/src/apps/youtube/triggers/new-video-by-search/index.js

@@ -3,6 +3,7 @@ import defineTrigger from '../../../../helpers/define-trigger.js';
 export default defineTrigger({
   name: 'New video by search',
   key: 'newVideoBySearch',
+  pollInterval: 15,
   description:
     'Triggers when a new video is uploaded that matches a specific search string.',
   arguments: [

packages/backend/src/apps/youtube/triggers/new-video-in-channel/index.js

@@ -3,6 +3,7 @@ import defineTrigger from '../../../../helpers/define-trigger.js';
 export default defineTrigger({
   name: 'New video in channel',
   key: 'newVideoInChannel',
+  pollInterval: 15,
   description:
     'Triggers when a new video is published to a specific Youtube channel.',
   arguments: [

packages/backend/src/apps/zendesk/index.js

@@ -12,7 +12,7 @@ export default defineApp({
   apiBaseUrl: '',
   iconUrl: '{BASE_URL}/apps/zendesk/assets/favicon.svg',
   authDocUrl: '{DOCS_URL}/apps/zendesk/connection',
-  primaryColor: '17494d',
+  primaryColor: '#17494d',
   supportsConnections: true,
   beforeRequest: [addAuthHeader],
   auth,

packages/backend/src/config/cors-options.js

@@ -2,7 +2,7 @@ import appConfig from './app.js';
 
 const corsOptions = {
   origin: appConfig.webAppUrl,
-  methods: 'GET,HEAD,POST,DELETE',
+  methods: 'GET,HEAD,POST,PATCH,DELETE',
   credentials: true,
   optionsSuccessStatus: 200,
 };

packages/backend/src/controllers/api/v1/access-tokens/create-access-token.test.js

@@ -32,7 +32,7 @@ describe('POST /api/v1/access-tokens', () => {
       })
       .expect(422);
 
-    expect(response.body.errors.general).toEqual([
+    expect(response.body.errors.general).toStrictEqual([
       'Incorrect email or password.',
     ]);
   });

packages/backend/src/controllers/api/v1/admin/apps/create-auth-client.ee.test.js

@@ -15,7 +15,7 @@ describe('POST /api/v1/admin/apps/:appKey/auth-clients', () => {
   beforeEach(async () => {
     vi.spyOn(license, 'hasValidLicense').mockResolvedValue(true);
 
-    adminRole = await createRole({ key: 'admin' });
+    adminRole = await createRole({ name: 'Admin' });
     currentUser = await createUser({ roleId: adminRole.id });
 
     token = await createAuthTokenByUserId(currentUser.id);
@@ -83,7 +83,7 @@ describe('POST /api/v1/admin/apps/:appKey/auth-clients', () => {
       .send(appAuthClient)
       .expect(422);
 
-    expect(response.body.meta.type).toEqual('ModelValidation');
+    expect(response.body.meta.type).toStrictEqual('ModelValidation');
     expect(response.body.errors).toMatchObject({
       name: ["must have required property 'name'"],
       formattedAuthDefaults: [

packages/backend/src/controllers/api/v1/admin/apps/create-config.ee.js

@@ -10,11 +10,11 @@ export default async (request, response) => {
 };
 
 const appConfigParams = (request) => {
-  const { allowCustomConnection, shared, disabled } = request.body;
+  const { customConnectionAllowed, shared, disabled } = request.body;
 
   return {
     key: request.params.appKey,
-    allowCustomConnection,
+    customConnectionAllowed,
     shared,
     disabled,
   };

packages/backend/src/controllers/api/v1/admin/apps/create-config.ee.test.js

@@ -15,7 +15,7 @@ describe('POST /api/v1/admin/apps/:appKey/config', () => {
   beforeEach(async () => {
     vi.spyOn(license, 'hasValidLicense').mockResolvedValue(true);
 
-    adminRole = await createRole({ key: 'admin' });
+    adminRole = await createRole({ name: 'Admin' });
     currentUser = await createUser({ roleId: adminRole.id });
 
     token = await createAuthTokenByUserId(currentUser.id);
@@ -23,7 +23,7 @@ describe('POST /api/v1/admin/apps/:appKey/config', () => {
 
   it('should return created app config', async () => {
     const appConfig = {
-      allowCustomConnection: true,
+      customConnectionAllowed: true,
       shared: true,
       disabled: false,
     };
@@ -44,7 +44,7 @@ describe('POST /api/v1/admin/apps/:appKey/config', () => {
   it('should return HTTP 422 for already existing app config', async () => {
     const appConfig = {
       key: 'gitlab',
-      allowCustomConnection: true,
+      customConnectionAllowed: true,
       shared: true,
       disabled: false,
     };
@@ -59,7 +59,7 @@ describe('POST /api/v1/admin/apps/:appKey/config', () => {
       })
       .expect(422);
 
-    expect(response.body.meta.type).toEqual('UniqueViolationError');
+    expect(response.body.meta.type).toStrictEqual('UniqueViolationError');
     expect(response.body.errors).toMatchObject({
       key: ["'key' must be unique."],
     });

packages/backend/src/controllers/api/v1/admin/apps/get-auth-client.ee.test.js

@@ -15,7 +15,7 @@ describe('GET /api/v1/admin/apps/:appKey/auth-clients/:appAuthClientId', () => {
   beforeEach(async () => {
     vi.spyOn(license, 'hasValidLicense').mockResolvedValue(true);
 
-    adminRole = await createRole({ key: 'admin' });
+    adminRole = await createRole({ name: 'Admin' });
     currentUser = await createUser({ roleId: adminRole.id });
 
     currentAppAuthClient = await createAppAuthClient({
@@ -32,7 +32,7 @@ describe('GET /api/v1/admin/apps/:appKey/auth-clients/:appAuthClientId', () => {
       .expect(200);
 
     const expectedPayload = getAppAuthClientMock(currentAppAuthClient);
-    expect(response.body).toEqual(expectedPayload);
+    expect(response.body).toStrictEqual(expectedPayload);
   });
 
   it('should return not found response for not existing app auth client ID', async () => {

packages/backend/src/controllers/api/v1/admin/apps/get-auth-clients.ee.test.js

@@ -14,7 +14,7 @@ describe('GET /api/v1/admin/apps/:appKey/auth-clients', () => {
   beforeEach(async () => {
     vi.spyOn(license, 'hasValidLicense').mockResolvedValue(true);
 
-    adminRole = await createRole({ key: 'admin' });
+    adminRole = await createRole({ name: 'Admin' });
     currentUser = await createUser({ roleId: adminRole.id });
 
     token = await createAuthTokenByUserId(currentUser.id);
@@ -39,6 +39,6 @@ describe('GET /api/v1/admin/apps/:appKey/auth-clients', () => {
       appAuthClientOne,
     ]);
 
-    expect(response.body).toEqual(expectedPayload);
+    expect(response.body).toStrictEqual(expectedPayload);
   });
 });

packages/backend/src/controllers/api/v1/admin/apps/update-auth-client.ee.js

@@ -0,0 +1,22 @@
+import { renderObject } from '../../../../../helpers/renderer.js';
+import AppAuthClient from '../../../../../models/app-auth-client.js';
+
+export default async (request, response) => {
+  const appAuthClient = await AppAuthClient.query()
+    .findById(request.params.appAuthClientId)
+    .throwIfNotFound();
+
+  await appAuthClient.$query().patchAndFetch(appAuthClientParams(request));
+
+  renderObject(response, appAuthClient);
+};
+
+const appAuthClientParams = (request) => {
+  const { active, name, formattedAuthDefaults } = request.body;
+
+  return {
+    active,
+    name,
+    formattedAuthDefaults,
+  };
+};

packages/backend/src/controllers/api/v1/admin/apps/update-auth-client.ee.test.js

@@ -0,0 +1,104 @@
+import { vi, describe, it, expect, beforeEach } from 'vitest';
+import request from 'supertest';
+import Crypto from 'crypto';
+
+import app from '../../../../../app.js';
+import createAuthTokenByUserId from '../../../../../helpers/create-auth-token-by-user-id.js';
+import { createUser } from '../../../../../../test/factories/user.js';
+import { createRole } from '../../../../../../test/factories/role.js';
+import updateAppAuthClientMock from '../../../../../../test/mocks/rest/api/v1/admin/apps/update-auth-client.js';
+import { createAppConfig } from '../../../../../../test/factories/app-config.js';
+import { createAppAuthClient } from '../../../../../../test/factories/app-auth-client.js';
+import * as license from '../../../../../helpers/license.ee.js';
+
+describe('PATCH /api/v1/admin/apps/:appKey/auth-clients', () => {
+  let currentUser, adminRole, token;
+
+  beforeEach(async () => {
+    vi.spyOn(license, 'hasValidLicense').mockResolvedValue(true);
+
+    adminRole = await createRole({ name: 'Admin' });
+    currentUser = await createUser({ roleId: adminRole.id });
+
+    token = await createAuthTokenByUserId(currentUser.id);
+
+    await createAppConfig({
+      key: 'gitlab',
+    });
+  });
+
+  it('should return updated entity for valid app auth client', async () => {
+    const appAuthClient = {
+      active: true,
+      appKey: 'gitlab',
+      formattedAuthDefaults: {
+        clientid: 'sample client ID',
+        clientSecret: 'sample client secret',
+        instanceUrl: 'https://gitlab.com',
+        oAuthRedirectUrl: 'http://localhost:3001/app/gitlab/connection/add',
+      },
+    };
+
+    const existingAppAuthClient = await createAppAuthClient({
+      appKey: 'gitlab',
+      name: 'First auth client',
+    });
+
+    const response = await request(app)
+      .patch(
+        `/api/v1/admin/apps/gitlab/auth-clients/${existingAppAuthClient.id}`
+      )
+      .set('Authorization', token)
+      .send(appAuthClient)
+      .expect(200);
+
+    const expectedPayload = updateAppAuthClientMock({
+      ...existingAppAuthClient,
+      ...appAuthClient,
+    });
+
+    expect(response.body).toMatchObject(expectedPayload);
+  });
+
+  it('should return not found response for not existing app auth client', async () => {
+    const notExistingAppAuthClientId = Crypto.randomUUID();
+
+    await request(app)
+      .patch(
+        `/api/v1/admin/apps/gitlab/auth-clients/${notExistingAppAuthClientId}`
+      )
+      .set('Authorization', token)
+      .expect(404);
+  });
+
+  it('should return bad request response for invalid UUID', async () => {
+    await request(app)
+      .patch('/api/v1/admin/apps/gitlab/auth-clients/invalidAuthClientUUID')
+      .set('Authorization', token)
+      .expect(400);
+  });
+
+  it('should return HTTP 422 for invalid payload', async () => {
+    const appAuthClient = {
+      formattedAuthDefaults: 'invalid input',
+    };
+
+    const existingAppAuthClient = await createAppAuthClient({
+      appKey: 'gitlab',
+      name: 'First auth client',
+    });
+
+    const response = await request(app)
+      .patch(
+        `/api/v1/admin/apps/gitlab/auth-clients/${existingAppAuthClient.id}`
+      )
+      .set('Authorization', token)
+      .send(appAuthClient)
+      .expect(422);
+
+    expect(response.body.meta.type).toBe('ModelValidation');
+    expect(response.body.errors).toMatchObject({
+      formattedAuthDefaults: ['must be object'],
+    });
+  });
+});

packages/backend/src/controllers/api/v1/admin/apps/update-config.ee.js

@@ -0,0 +1,27 @@
+import { renderObject } from '../../../../../helpers/renderer.js';
+import AppConfig from '../../../../../models/app-config.js';
+
+export default async (request, response) => {
+  const appConfig = await AppConfig.query()
+    .findOne({
+      key: request.params.appKey,
+    })
+    .throwIfNotFound();
+
+  await appConfig.$query().patchAndFetch({
+    ...appConfigParams(request),
+    key: request.params.appKey,
+  });
+
+  renderObject(response, appConfig);
+};
+
+const appConfigParams = (request) => {
+  const { customConnectionAllowed, shared, disabled } = request.body;
+
+  return {
+    customConnectionAllowed,
+    shared,
+    disabled,
+  };
+};

packages/backend/src/controllers/api/v1/admin/apps/update-config.ee.test.js

@@ -0,0 +1,91 @@
+import { vi, describe, it, expect, beforeEach } from 'vitest';
+import request from 'supertest';
+
+import app from '../../../../../app.js';
+import createAuthTokenByUserId from '../../../../../helpers/create-auth-token-by-user-id.js';
+import { createUser } from '../../../../../../test/factories/user.js';
+import { createRole } from '../../../../../../test/factories/role.js';
+import createAppConfigMock from '../../../../../../test/mocks/rest/api/v1/admin/apps/create-config.js';
+import { createAppConfig } from '../../../../../../test/factories/app-config.js';
+import * as license from '../../../../../helpers/license.ee.js';
+
+describe('PATCH /api/v1/admin/apps/:appKey/config', () => {
+  let currentUser, adminRole, token;
+
+  beforeEach(async () => {
+    vi.spyOn(license, 'hasValidLicense').mockResolvedValue(true);
+
+    adminRole = await createRole({ name: 'Admin' });
+    currentUser = await createUser({ roleId: adminRole.id });
+
+    token = await createAuthTokenByUserId(currentUser.id);
+  });
+
+  it('should return updated app config', async () => {
+    const appConfig = {
+      key: 'gitlab',
+      customConnectionAllowed: true,
+      shared: true,
+      disabled: false,
+    };
+
+    await createAppConfig(appConfig);
+
+    const newAppConfigValues = {
+      shared: false,
+      disabled: true,
+      customConnectionAllowed: false,
+    };
+
+    const response = await request(app)
+      .patch('/api/v1/admin/apps/gitlab/config')
+      .set('Authorization', token)
+      .send(newAppConfigValues)
+      .expect(200);
+
+    const expectedPayload = createAppConfigMock({
+      ...newAppConfigValues,
+      key: 'gitlab',
+    });
+
+    expect(response.body).toMatchObject(expectedPayload);
+  });
+
+  it('should return not found response for unexisting app config', async () => {
+    const appConfig = {
+      shared: false,
+      disabled: true,
+      customConnectionAllowed: false,
+    };
+
+    await request(app)
+      .patch('/api/v1/admin/apps/gitlab/config')
+      .set('Authorization', token)
+      .send(appConfig)
+      .expect(404);
+  });
+
+  it('should return HTTP 422 for invalid app config data', async () => {
+    const appConfig = {
+      key: 'gitlab',
+      customConnectionAllowed: true,
+      shared: true,
+      disabled: false,
+    };
+
+    await createAppConfig(appConfig);
+
+    const response = await request(app)
+      .patch('/api/v1/admin/apps/gitlab/config')
+      .set('Authorization', token)
+      .send({
+        disabled: 'invalid value type',
+      })
+      .expect(422);
+
+    expect(response.body.meta.type).toStrictEqual('ModelValidation');
+    expect(response.body.errors).toMatchObject({
+      disabled: ['must be boolean'],
+    });
+  });
+});

packages/backend/src/controllers/api/v1/admin/config/update.ee.js

@@ -0,0 +1,28 @@
+import { renderObject } from '../../../../../helpers/renderer.js';
+import Config from '../../../../../models/config.js';
+
+export default async (request, response) => {
+  const config = await Config.query().updateFirstOrInsert(
+    configParams(request)
+  );
+
+  renderObject(response, config);
+};
+
+const configParams = (request) => {
+  const {
+    logoSvgData,
+    palettePrimaryDark,
+    palettePrimaryLight,
+    palettePrimaryMain,
+    title,
+  } = request.body;
+
+  return {
+    logoSvgData,
+    palettePrimaryDark,
+    palettePrimaryLight,
+    palettePrimaryMain,
+    title,
+  };
+};

packages/backend/src/controllers/api/v1/admin/config/update.ee.test.js

@@ -0,0 +1,88 @@
+import { vi, describe, it, expect, beforeEach } from 'vitest';
+import request from 'supertest';
+
+import app from '../../../../../app.js';
+import createAuthTokenByUserId from '../../../../../helpers/create-auth-token-by-user-id.js';
+import { createUser } from '../../../../../../test/factories/user.js';
+import { createRole } from '../../../../../../test/factories/role.js';
+import { updateConfig } from '../../../../../../test/factories/config.js';
+import * as license from '../../../../../helpers/license.ee.js';
+
+describe('PATCH /api/v1/admin/config', () => {
+  let currentUser, adminRole, token;
+
+  beforeEach(async () => {
+    vi.spyOn(license, 'hasValidLicense').mockResolvedValue(true);
+
+    adminRole = await createRole({ name: 'Admin' });
+    currentUser = await createUser({ roleId: adminRole.id });
+
+    token = await createAuthTokenByUserId(currentUser.id);
+  });
+
+  it('should return updated config', async () => {
+    const title = 'Test environment - Automatisch';
+    const palettePrimaryMain = '#00adef';
+    const palettePrimaryDark = '#222222';
+    const palettePrimaryLight = '#f90707';
+    const logoSvgData =
+      '<svg width="25" height="25" xmlns="http://www.w3.org/2000/svg" version="1.1" viewBox="0 0 100 100"><rect width="100%" height="100%" fill="white" /><text x="10" y="40" font-family="Arial" font-size="40" fill="black">A</text></svg>';
+
+    const appConfig = {
+      title,
+      palettePrimaryMain: palettePrimaryMain,
+      palettePrimaryDark: palettePrimaryDark,
+      palettePrimaryLight: palettePrimaryLight,
+      logoSvgData: logoSvgData,
+    };
+
+    await updateConfig(appConfig);
+
+    const newTitle = 'Updated title';
+
+    const newConfigValues = {
+      title: newTitle,
+    };
+
+    const response = await request(app)
+      .patch('/api/v1/admin/config')
+      .set('Authorization', token)
+      .send(newConfigValues)
+      .expect(200);
+
+    expect(response.body.data.title).toStrictEqual(newTitle);
+    expect(response.body.meta.type).toStrictEqual('Config');
+  });
+
+  it('should return created config for unexisting config', async () => {
+    const newTitle = 'Updated title';
+
+    const newConfigValues = {
+      title: newTitle,
+    };
+
+    const response = await request(app)
+      .patch('/api/v1/admin/config')
+      .set('Authorization', token)
+      .send(newConfigValues)
+      .expect(200);
+
+    expect(response.body.data.title).toStrictEqual(newTitle);
+    expect(response.body.meta.type).toStrictEqual('Config');
+  });
+
+  it('should return null for deleted config entry', async () => {
+    const newConfigValues = {
+      title: null,
+    };
+
+    const response = await request(app)
+      .patch('/api/v1/admin/config')
+      .set('Authorization', token)
+      .send(newConfigValues)
+      .expect(200);
+
+    expect(response.body.data.title).toBeNull();
+    expect(response.body.meta.type).toStrictEqual('Config');
+  });
+});

packages/backend/src/controllers/api/v1/admin/permissions/get-permissions-catalog.ee.test.js

@@ -11,7 +11,7 @@ describe('GET /api/v1/admin/permissions/catalog', () => {
   let role, currentUser, token;
 
   beforeEach(async () => {
-    role = await createRole({ key: 'admin' });
+    role = await createRole({ name: 'Admin' });
     currentUser = await createUser({ roleId: role.id });
 
     token = await createAuthTokenByUserId(currentUser.id);
@@ -27,6 +27,6 @@ describe('GET /api/v1/admin/permissions/catalog', () => {
 
     const expectedPayload = await getPermissionsCatalogMock();
 
-    expect(response.body).toEqual(expectedPayload);
+    expect(response.body).toStrictEqual(expectedPayload);
   });
 });

packages/backend/src/controllers/api/v1/admin/roles/create-role.ee.js

@@ -0,0 +1,22 @@
+import { renderObject } from '../../../../../helpers/renderer.js';
+import Role from '../../../../../models/role.js';
+
+export default async (request, response) => {
+  const roleData = roleParams(request);
+
+  const roleWithPermissions = await Role.query().insertGraphAndFetch(roleData, {
+    relate: ['permissions'],
+  });
+
+  renderObject(response, roleWithPermissions, { status: 201 });
+};
+
+const roleParams = (request) => {
+  const { name, description, permissions } = request.body;
+
+  return {
+    name,
+    description,
+    permissions,
+  };
+};

packages/backend/src/controllers/api/v1/admin/roles/create-role.ee.test.js

@@ -0,0 +1,109 @@
+import { vi, describe, it, expect, beforeEach } from 'vitest';
+import request from 'supertest';
+import app from '../../../../../app.js';
+import Role from '../../../../../models/role.js';
+import createAuthTokenByUserId from '../../../../../helpers/create-auth-token-by-user-id.js';
+import { createRole } from '../../../../../../test/factories/role.js';
+import { createUser } from '../../../../../../test/factories/user.js';
+import createRoleMock from '../../../../../../test/mocks/rest/api/v1/admin/roles/create-role.ee.js';
+import * as license from '../../../../../helpers/license.ee.js';
+
+describe('POST /api/v1/admin/roles', () => {
+  let role, currentUser, token;
+
+  beforeEach(async () => {
+    vi.spyOn(license, 'hasValidLicense').mockResolvedValue(true);
+
+    role = await createRole({ name: 'Admin' });
+    currentUser = await createUser({ roleId: role.id });
+
+    token = await createAuthTokenByUserId(currentUser.id);
+  });
+
+  it('should return the created role along with permissions', async () => {
+    const roleData = {
+      name: 'Viewer',
+      description: '',
+      permissions: [
+        {
+          action: 'read',
+          subject: 'Flow',
+          conditions: ['isCreator'],
+        },
+      ],
+    };
+
+    const response = await request(app)
+      .post('/api/v1/admin/roles')
+      .set('Authorization', token)
+      .send(roleData)
+      .expect(201);
+
+    const createdRole = await Role.query()
+      .withGraphFetched({ permissions: true })
+      .findOne({ name: 'Viewer' })
+      .throwIfNotFound();
+
+    const expectedPayload = await createRoleMock(
+      {
+        ...createdRole,
+        ...roleData,
+        isAdmin: createdRole.isAdmin,
+      },
+      [
+        {
+          ...createdRole.permissions[0],
+          ...roleData.permissions[0],
+        },
+      ]
+    );
+
+    expect(response.body).toStrictEqual(expectedPayload);
+  });
+
+  it('should return unprocessable entity response for invalid role data', async () => {
+    const roleData = {
+      description: '',
+      permissions: [],
+    };
+
+    const response = await request(app)
+      .post('/api/v1/admin/roles')
+      .set('Authorization', token)
+      .send(roleData)
+      .expect(422);
+
+    expect(response.body).toStrictEqual({
+      errors: {
+        name: ["must have required property 'name'"],
+      },
+      meta: {
+        type: 'ModelValidation',
+      },
+    });
+  });
+
+  it('should return unprocessable entity response for duplicate role', async () => {
+    await createRole({ name: 'Viewer' });
+
+    const roleData = {
+      name: 'Viewer',
+      permissions: [],
+    };
+
+    const response = await request(app)
+      .post('/api/v1/admin/roles')
+      .set('Authorization', token)
+      .send(roleData)
+      .expect(422);
+
+    expect(response.body).toStrictEqual({
+      errors: {
+        name: ["'name' must be unique."],
+      },
+      meta: {
+        type: 'UniqueViolationError',
+      },
+    });
+  });
+});

packages/backend/src/controllers/api/v1/admin/roles/delete-role.ee.js

@@ -0,0 +1,11 @@
+import Role from '../../../../../models/role.js';
+
+export default async (request, response) => {
+  const role = await Role.query()
+    .findById(request.params.roleId)
+    .throwIfNotFound();
+
+  await role.deleteWithPermissions();
+
+  response.status(204).end();
+};

packages/backend/src/controllers/api/v1/admin/roles/delete-role.ee.test.js

@@ -0,0 +1,95 @@
+import Crypto from 'node:crypto';
+import { vi, describe, it, expect, beforeEach } from 'vitest';
+import request from 'supertest';
+import app from '../../../../../app.js';
+import createAuthTokenByUserId from '../../../../../helpers/create-auth-token-by-user-id.js';
+import { createRole } from '../../../../../../test/factories/role.js';
+import { createPermission } from '../../../../../../test/factories/permission.js';
+import { createSamlAuthProvider } from '../../../../../../test/factories/saml-auth-provider.ee.js';
+import { createUser } from '../../../../../../test/factories/user.js';
+import * as license from '../../../../../helpers/license.ee.js';
+
+describe('DELETE /api/v1/admin/roles/:roleId', () => {
+  let adminRole, currentUser, token;
+
+  beforeEach(async () => {
+    vi.spyOn(license, 'hasValidLicense').mockResolvedValue(true);
+
+    adminRole = await createRole({ name: 'Admin' });
+
+    currentUser = await createUser({ roleId: adminRole.id });
+
+    token = await createAuthTokenByUserId(currentUser.id);
+  });
+
+  it('should return HTTP 204 for unused role', async () => {
+    const role = await createRole();
+    const permission = await createPermission({ roleId: role.id });
+
+    await request(app)
+      .delete(`/api/v1/admin/roles/${role.id}`)
+      .set('Authorization', token)
+      .expect(204);
+
+    const refetchedRole = await role.$query();
+    const refetchedPermission = await permission.$query();
+
+    expect(refetchedRole).toBeUndefined();
+    expect(refetchedPermission).toBeUndefined();
+  });
+
+  it('should return HTTP 404 for not existing role UUID', async () => {
+    const notExistingRoleUUID = Crypto.randomUUID();
+
+    await request(app)
+      .delete(`/api/v1/admin/roles/${notExistingRoleUUID}`)
+      .set('Authorization', token)
+      .expect(404);
+  });
+
+  it('should return not authorized response for deleting admin role', async () => {
+    await request(app)
+      .delete(`/api/v1/admin/roles/${adminRole.id}`)
+      .set('Authorization', token)
+      .expect(403);
+  });
+
+  it('should return unprocessable entity response for role used by users', async () => {
+    const role = await createRole();
+    await createUser({ roleId: role.id });
+
+    const response = await request(app)
+      .delete(`/api/v1/admin/roles/${role.id}`)
+      .set('Authorization', token)
+      .expect(422);
+
+    expect(response.body).toStrictEqual({
+      errors: {
+        role: [`All users must be migrated away from the "${role.name}" role.`],
+      },
+      meta: {
+        type: 'ValidationError',
+      },
+    });
+  });
+
+  it('should return unprocessable entity response for role used by saml auth providers', async () => {
+    const samlAuthProvider = await createSamlAuthProvider();
+
+    const response = await request(app)
+      .delete(`/api/v1/admin/roles/${samlAuthProvider.defaultRoleId}`)
+      .set('Authorization', token)
+      .expect(422);
+
+    expect(response.body).toStrictEqual({
+      errors: {
+        samlAuthProvider: [
+          'You need to change the default role in the SAML configuration before deleting this role.',
+        ],
+      },
+      meta: {
+        type: 'ValidationError',
+      },
+    });
+  });
+});

packages/backend/src/controllers/api/v1/admin/roles/get-role.ee.test.js

@@ -13,7 +13,7 @@ describe('GET /api/v1/admin/roles/:roleId', () => {
   let role, currentUser, token, permissionOne, permissionTwo;
 
   beforeEach(async () => {
-    role = await createRole({ key: 'admin' });
+    role = await createRole({ name: 'Admin' });
     permissionOne = await createPermission({ roleId: role.id });
     permissionTwo = await createPermission({ roleId: role.id });
     currentUser = await createUser({ roleId: role.id });
@@ -34,7 +34,7 @@ describe('GET /api/v1/admin/roles/:roleId', () => {
       permissionTwo,
     ]);
 
-    expect(response.body).toEqual(expectedPayload);
+    expect(response.body).toStrictEqual(expectedPayload);
   });
 
   it('should return not found response for not existing role UUID', async () => {

packages/backend/src/controllers/api/v1/admin/roles/get-roles.ee.test.js

@@ -11,8 +11,8 @@ describe('GET /api/v1/admin/roles', () => {
   let roleOne, roleTwo, currentUser, token;
 
   beforeEach(async () => {
-    roleOne = await createRole({ key: 'admin' });
-    roleTwo = await createRole({ key: 'user' });
+    roleOne = await createRole({ name: 'Admin' });
+    roleTwo = await createRole({ name: 'User' });
     currentUser = await createUser({ roleId: roleOne.id });
 
     token = await createAuthTokenByUserId(currentUser.id);
@@ -28,6 +28,6 @@ describe('GET /api/v1/admin/roles', () => {
 
     const expectedPayload = await getRolesMock([roleOne, roleTwo]);
 
-    expect(response.body).toEqual(expectedPayload);
+    expect(response.body).toStrictEqual(expectedPayload);
   });
 });

packages/backend/src/controllers/api/v1/admin/roles/update-role.ee.js

@@ -0,0 +1,24 @@
+import { renderObject } from '../../../../../helpers/renderer.js';
+import Role from '../../../../../models/role.js';
+
+export default async (request, response) => {
+  const role = await Role.query()
+    .findById(request.params.roleId)
+    .throwIfNotFound();
+
+  const updatedRoleWithPermissions = await role.updateWithPermissions(
+    roleParams(request)
+  );
+
+  renderObject(response, updatedRoleWithPermissions);
+};
+
+const roleParams = (request) => {
+  const { name, description, permissions } = request.body;
+
+  return {
+    name,
+    description,
+    permissions,
+  };
+};

packages/backend/src/controllers/api/v1/admin/roles/update-role.ee.test.js

@@ -0,0 +1,177 @@
+import { vi, describe, it, expect, beforeEach } from 'vitest';
+import request from 'supertest';
+import app from '../../../../../app.js';
+import createAuthTokenByUserId from '../../../../../helpers/create-auth-token-by-user-id.js';
+import { createRole } from '../../../../../../test/factories/role.js';
+import { createPermission } from '../../../../../../test/factories/permission.js';
+import { createUser } from '../../../../../../test/factories/user.js';
+import updateRoleMock from '../../../../../../test/mocks/rest/api/v1/admin/roles/update-role.ee.js';
+import * as license from '../../../../../helpers/license.ee.js';
+
+describe('PATCH /api/v1/admin/roles/:roleId', () => {
+  let adminRole, viewerRole, currentUser, token;
+
+  beforeEach(async () => {
+    vi.spyOn(license, 'hasValidLicense').mockResolvedValue(true);
+
+    adminRole = await createRole({ name: 'Admin' });
+    viewerRole = await createRole({ name: 'Viewer' });
+
+    await createPermission({
+      action: 'read',
+      subject: 'Connection',
+    });
+
+    await createPermission({
+      action: 'read',
+      subject: 'Flow',
+    });
+
+    currentUser = await createUser({ roleId: adminRole.id });
+
+    token = await createAuthTokenByUserId(currentUser.id);
+  });
+
+  it('should return the updated role along with permissions', async () => {
+    const roleData = {
+      name: 'Updated role name',
+      description: 'A new description',
+      permissions: [
+        {
+          action: 'read',
+          subject: 'Execution',
+          conditions: ['isCreator'],
+        },
+      ],
+    };
+
+    const response = await request(app)
+      .patch(`/api/v1/admin/roles/${viewerRole.id}`)
+      .set('Authorization', token)
+      .send(roleData)
+      .expect(200);
+
+    const refetchedViewerRole = await viewerRole
+      .$query()
+      .withGraphFetched({ permissions: true });
+
+    const expectedPayload = await updateRoleMock(
+      {
+        ...refetchedViewerRole,
+        ...roleData,
+        isAdmin: false,
+      },
+      [
+        {
+          ...refetchedViewerRole.permissions[0],
+          ...roleData.permissions[0],
+        },
+      ]
+    );
+
+    expect(response.body).toStrictEqual(expectedPayload);
+  });
+
+  it('should return the updated role with sanitized permissions', async () => {
+    const validPermission = {
+      action: 'create',
+      subject: 'Connection',
+      conditions: ['isCreator'],
+    };
+
+    const invalidPermission = {
+      action: 'publish',
+      subject: 'Connection',
+      conditions: ['isCreator'],
+    };
+
+    const roleData = {
+      permissions: [validPermission, invalidPermission],
+    };
+
+    const response = await request(app)
+      .patch(`/api/v1/admin/roles/${viewerRole.id}`)
+      .set('Authorization', token)
+      .send(roleData)
+      .expect(200);
+
+    const refetchedViewerRole = await viewerRole.$query().withGraphFetched({
+      permissions: true,
+    });
+
+    const expectedPayload = updateRoleMock(refetchedViewerRole, [
+      {
+        ...refetchedViewerRole.permissions[0],
+        ...validPermission,
+      },
+    ]);
+
+    expect(response.body).toStrictEqual(expectedPayload);
+  });
+
+  it('should return not authorized response for updating admin role', async () => {
+    const roleData = {
+      name: 'Updated role name',
+      description: 'A new description',
+      permissions: [
+        {
+          action: 'read',
+          subject: 'Execution',
+          conditions: ['isCreator'],
+        },
+      ],
+    };
+
+    await request(app)
+      .patch(`/api/v1/admin/roles/${adminRole.id}`)
+      .set('Authorization', token)
+      .send(roleData)
+      .expect(403);
+  });
+
+  it('should return unprocessable entity response for invalid role data', async () => {
+    const roleData = {
+      description: 123,
+      permissions: [],
+    };
+
+    const response = await request(app)
+      .patch(`/api/v1/admin/roles/${viewerRole.id}`)
+      .set('Authorization', token)
+      .send(roleData)
+      .expect(422);
+
+    expect(response.body).toStrictEqual({
+      errors: {
+        description: ['must be string,null'],
+      },
+      meta: {
+        type: 'ModelValidation',
+      },
+    });
+  });
+
+  it('should return unique violation response for duplicate role data', async () => {
+    await createRole({ name: 'Editor' });
+
+    const roleData = {
+      name: 'Editor',
+      permissions: [],
+    };
+
+    const response = await request(app)
+      .patch(`/api/v1/admin/roles/${viewerRole.id}`)
+      .set('Authorization', token)
+      .send(roleData)
+      .expect(422);
+
+    expect(response.body).toStrictEqual({
+      errors: {
+        name: ["'name' must be unique."],
+      },
+      meta: {
+        type: 'UniqueViolationError',
+      },
+    });
+  });
+});

packages/backend/src/controllers/api/v1/admin/saml-auth-providers/create-saml-auth-provider.ee.js

@@ -0,0 +1,43 @@
+import { renderObject } from '../../../../../helpers/renderer.js';
+import SamlAuthProvider from '../../../../../models/saml-auth-provider.ee.js';
+
+export default async (request, response) => {
+  const samlAuthProvider = await SamlAuthProvider.query().insert(
+    samlAuthProviderParams(request)
+  );
+
+  renderObject(response, samlAuthProvider, {
+    serializer: 'AdminSamlAuthProvider',
+    status: 201,
+  });
+};
+
+const samlAuthProviderParams = (request) => {
+  const {
+    name,
+    certificate,
+    signatureAlgorithm,
+    issuer,
+    entryPoint,
+    firstnameAttributeName,
+    surnameAttributeName,
+    emailAttributeName,
+    roleAttributeName,
+    defaultRoleId,
+    active,
+  } = request.body;
+
+  return {
+    name,
+    certificate,
+    signatureAlgorithm,
+    issuer,
+    entryPoint,
+    firstnameAttributeName,
+    surnameAttributeName,
+    emailAttributeName,
+    roleAttributeName,
+    defaultRoleId,
+    active,
+  };
+};

packages/backend/src/controllers/api/v1/admin/saml-auth-providers/create-saml-auth-provider.ee.test.js

@@ -0,0 +1,78 @@
+import { vi, describe, it, expect, beforeEach } from 'vitest';
+import request from 'supertest';
+import app from '../../../../../app.js';
+import createAuthTokenByUserId from '../../../../../helpers/create-auth-token-by-user-id.js';
+import { createRole } from '../../../../../../test/factories/role.js';
+import { createUser } from '../../../../../../test/factories/user.js';
+import createSamlAuthProviderMock from '../../../../../../test/mocks/rest/api/v1/admin/saml-auth-providers/create-saml-auth-provider.ee.js';
+import * as license from '../../../../../helpers/license.ee.js';
+
+describe('POST /api/v1/admin/saml-auth-provider', () => {
+  let currentUser, token, role;
+
+  beforeEach(async () => {
+    vi.spyOn(license, 'hasValidLicense').mockResolvedValue(true);
+
+    role = await createRole({ name: 'Admin' });
+    currentUser = await createUser({ roleId: role.id });
+
+    token = await createAuthTokenByUserId(currentUser.id);
+  });
+
+  it('should return the created saml auth provider', async () => {
+    const samlAuthProviderPayload = {
+      active: true,
+      name: 'Name',
+      issuer: 'theclientid',
+      certificate: 'dummycert',
+      entryPoint: 'http://localhost:8080/realms/automatisch/protocol/saml',
+      signatureAlgorithm: 'sha256',
+      defaultRoleId: role.id,
+      firstnameAttributeName: 'urn:oid:2.5.4.42',
+      surnameAttributeName: 'urn:oid:2.5.4.4',
+      emailAttributeName: 'urn:oid:1.2.840.113549.1.9.1',
+      roleAttributeName: 'Role',
+    };
+
+    const response = await request(app)
+      .post('/api/v1/admin/saml-auth-providers')
+      .set('Authorization', token)
+      .send(samlAuthProviderPayload)
+      .expect(201);
+
+    const expectedPayload = await createSamlAuthProviderMock({
+      id: response.body.data.id,
+      ...samlAuthProviderPayload,
+    });
+
+    expect(response.body).toStrictEqual(expectedPayload);
+  });
+
+  it('should return unprocessable entity response for invalid data', async () => {
+    const response = await request(app)
+      .post('/api/v1/admin/saml-auth-providers')
+      .set('Authorization', token)
+      .send({
+        active: true,
+        name: 'Name',
+        issuer: 'theclientid',
+        signatureAlgorithm: 'invalid',
+        firstnameAttributeName: 'urn:oid:2.5.4.42',
+        surnameAttributeName: 'urn:oid:2.5.4.4',
+        emailAttributeName: 'urn:oid:1.2.840.113549.1.9.1',
+        roleAttributeName: 123,
+      })
+      .expect(422);
+
+    expect(response.body).toStrictEqual({
+      errors: {
+        certificate: ["must have required property 'certificate'"],
+        entryPoint: ["must have required property 'entryPoint'"],
+        defaultRoleId: ["must have required property 'defaultRoleId'"],
+        signatureAlgorithm: ['must be equal to one of the allowed values'],
+        roleAttributeName: ['must be string'],
+      },
+      meta: { type: 'ModelValidation' },
+    });
+  });
+});

packages/backend/src/controllers/api/v1/admin/saml-auth-providers/get-role-mappings.ee.test.js

@@ -13,7 +13,7 @@ describe('GET /api/v1/admin/saml-auth-providers/:samlAuthProviderId/role-mapping
   let roleMappingOne, roleMappingTwo, samlAuthProvider, currentUser, token;
 
   beforeEach(async () => {
-    const role = await createRole({ key: 'admin' });
+    const role = await createRole({ name: 'Admin' });
     currentUser = await createUser({ roleId: role.id });
 
     samlAuthProvider = await createSamlAuthProvider();
@@ -46,6 +46,6 @@ describe('GET /api/v1/admin/saml-auth-providers/:samlAuthProviderId/role-mapping
       roleMappingTwo,
     ]);
 
-    expect(response.body).toEqual(expectedPayload);
+    expect(response.body).toStrictEqual(expectedPayload);
   });
 });