test: add tests for executions

refactor: Reorder user model tests

.github/workflows/playwright.yml

@@ -3,12 +3,13 @@ on:
   push:
     branches:
       - main
-  pull_request:
-    paths:
-      - 'packages/backend/**'
-      - 'packages/e2e-tests/**'
-      - 'packages/web/**'
-      - '!packages/backend/src/apps/**'
+  # TODO: Add pull request after optimizing the total excecution time of the test suite.
+  # pull_request:
+  #   paths:
+  #     - 'packages/backend/**'
+  #     - 'packages/e2e-tests/**'
+  #     - 'packages/web/**'
+  #     - '!packages/backend/src/apps/**'
   workflow_dispatch:
 
 env:
@@ -113,6 +114,7 @@ jobs:
       - name: Run Playwright tests
         working-directory: ./packages/e2e-tests
         env:
+          PORT: 3000
           LOGIN_EMAIL: user@automatisch.io
           LOGIN_PASSWORD: sample
           BASE_URL: http://localhost:3000

packages/backend/src/controllers/api/v1/admin/saml-auth-providers/get-role-mappings.ee.js

@@ -7,7 +7,7 @@ export default async (request, response) => {
     .throwIfNotFound();
 
   const roleMappings = await samlAuthProvider
-    .$relatedQuery('samlAuthProvidersRoleMappings')
+    .$relatedQuery('roleMappings')
     .orderBy('remote_role_name', 'asc');
 
   renderObject(response, roleMappings);

packages/backend/src/controllers/api/v1/admin/saml-auth-providers/update-role-mappings.ee.js

@@ -8,15 +8,14 @@ export default async (request, response) => {
     .findById(samlAuthProviderId)
     .throwIfNotFound();
 
-  const samlAuthProvidersRoleMappings =
-    await samlAuthProvider.updateRoleMappings(
-      samlAuthProvidersRoleMappingsParams(request)
-    );
+  const roleMappings = await samlAuthProvider.updateRoleMappings(
+    roleMappingsParams(request)
+  );
 
-  renderObject(response, samlAuthProvidersRoleMappings);
+  renderObject(response, roleMappings);
 };
 
-const samlAuthProvidersRoleMappingsParams = (request) => {
+const roleMappingsParams = (request) => {
   const roleMappings = request.body;
 
   return roleMappings.map(({ roleId, remoteRoleName }) => ({

packages/backend/src/controllers/api/v1/admin/saml-auth-providers/update-role-mappings.ee.test.js

@@ -6,7 +6,7 @@ import createAuthTokenByUserId from '../../../../../helpers/create-auth-token-by
 import { createRole } from '../../../../../../test/factories/role.js';
 import { createUser } from '../../../../../../test/factories/user.js';
 import { createSamlAuthProvider } from '../../../../../../test/factories/saml-auth-provider.ee.js';
-import { createSamlAuthProvidersRoleMapping } from '../../../../../../test/factories/saml-auth-providers-role-mapping.js';
+import { createRoleMapping } from '../../../../../../test/factories/role-mapping.js';
 import createRoleMappingsMock from '../../../../../../test/mocks/rest/api/v1/admin/saml-auth-providers/update-role-mappings.ee.js';
 import * as license from '../../../../../helpers/license.ee.js';
 
@@ -21,12 +21,12 @@ describe('PATCH /api/v1/admin/saml-auth-providers/:samlAuthProviderId/role-mappi
 
     samlAuthProvider = await createSamlAuthProvider();
 
-    await createSamlAuthProvidersRoleMapping({
+    await createRoleMapping({
       samlAuthProviderId: samlAuthProvider.id,
       remoteRoleName: 'Viewer',
     });
 
-    await createSamlAuthProvidersRoleMapping({
+    await createRoleMapping({
       samlAuthProviderId: samlAuthProvider.id,
       remoteRoleName: 'Editor',
     });
@@ -64,7 +64,7 @@ describe('PATCH /api/v1/admin/saml-auth-providers/:samlAuthProviderId/role-mappi
 
   it('should delete role mappings when given empty role mappings', async () => {
     const existingRoleMappings = await samlAuthProvider.$relatedQuery(
-      'samlAuthProvidersRoleMappings'
+      'roleMappings'
     );
 
     expect(existingRoleMappings.length).toBe(2);
@@ -149,34 +149,4 @@ describe('PATCH /api/v1/admin/saml-auth-providers/:samlAuthProviderId/role-mappi
       .send(roleMappings)
       .expect(404);
   });
-
-  it('should not delete existing role mapping when error thrown', async () => {
-    const roleMappings = [
-      {
-        roleId: userRole.id,
-        remoteRoleName: {
-          invalid: 'data',
-        },
-      },
-    ];
-
-    const roleMappingsBeforeRequest = await samlAuthProvider.$relatedQuery(
-      'samlAuthProvidersRoleMappings'
-    );
-
-    await request(app)
-      .patch(
-        `/api/v1/admin/saml-auth-providers/${samlAuthProvider.id}/role-mappings`
-      )
-      .set('Authorization', token)
-      .send(roleMappings)
-      .expect(422);
-
-    const roleMappingsAfterRequest = await samlAuthProvider.$relatedQuery(
-      'samlAuthProvidersRoleMappings'
-    );
-
-    expect(roleMappingsBeforeRequest).toStrictEqual(roleMappingsAfterRequest);
-    expect(roleMappingsAfterRequest.length).toBe(2);
-  });
 });

packages/backend/src/db/migrations/20241125141647_rename_saml_auth_providers_role_mappings_as_role_mappings.js

@@ -0,0 +1,52 @@
+export async function up(knex) {
+  await knex.schema.createTable('role_mappings', (table) => {
+    table.uuid('id').primary().defaultTo(knex.raw('gen_random_uuid()'));
+    table
+      .uuid('saml_auth_provider_id')
+      .references('id')
+      .inTable('saml_auth_providers');
+    table.uuid('role_id').references('id').inTable('roles');
+    table.string('remote_role_name').notNullable();
+
+    table.unique(['saml_auth_provider_id', 'remote_role_name']);
+
+    table.timestamps(true, true);
+  });
+
+  const existingRoleMappings = await knex('saml_auth_providers_role_mappings');
+
+  if (existingRoleMappings.length) {
+    await knex('role_mappings').insert(existingRoleMappings);
+  }
+
+  return await knex.schema.dropTable('saml_auth_providers_role_mappings');
+}
+
+export async function down(knex) {
+  await knex.schema.createTable(
+    'saml_auth_providers_role_mappings',
+    (table) => {
+      table.uuid('id').primary().defaultTo(knex.raw('gen_random_uuid()'));
+      table
+        .uuid('saml_auth_provider_id')
+        .references('id')
+        .inTable('saml_auth_providers');
+      table.uuid('role_id').references('id').inTable('roles');
+      table.string('remote_role_name').notNullable();
+
+      table.unique(['saml_auth_provider_id', 'remote_role_name']);
+
+      table.timestamps(true, true);
+    }
+  );
+
+  const existingRoleMappings = await knex('role_mappings');
+
+  if (existingRoleMappings.length) {
+    await knex('saml_auth_providers_role_mappings').insert(
+      existingRoleMappings
+    );
+  }
+
+  return await knex.schema.dropTable('role_mappings');
+}

packages/backend/src/helpers/find-or-create-user-by-saml-identity.ee.js

@@ -30,7 +30,7 @@ const findOrCreateUserBySamlIdentity = async (
     : [mappedUser.role];
 
   const samlAuthProviderRoleMapping = await samlAuthProvider
-    .$relatedQuery('samlAuthProvidersRoleMappings')
+    .$relatedQuery('roleMappings')
     .whereIn('remote_role_name', mappedRoles)
     .limit(1)
     .first();

packages/backend/src/helpers/user-ability.test.js

@@ -0,0 +1,46 @@
+import { describe, expect, it } from 'vitest';
+import userAbility from './user-ability.js';
+
+describe('userAbility', () => {
+  it('should return PureAbility instantiated with user permissions', () => {
+    const user = {
+      permissions: [
+        {
+          subject: 'Flow',
+          action: 'read',
+          conditions: ['isCreator'],
+        },
+      ],
+      role: {
+        name: 'User',
+      },
+    };
+
+    const ability = userAbility(user);
+
+    expect(ability.rules).toStrictEqual(user.permissions);
+  });
+
+  it('should return permission-less PureAbility for user with no role', () => {
+    const user = {
+      permissions: [
+        {
+          subject: 'Flow',
+          action: 'read',
+          conditions: ['isCreator'],
+        },
+      ],
+      role: null,
+    };
+    const ability = userAbility(user);
+
+    expect(ability.rules).toStrictEqual([]);
+  });
+
+  it('should return permission-less PureAbility for user with no permissions', () => {
+    const user = { permissions: null, role: { name: 'User' } };
+    const ability = userAbility(user);
+
+    expect(ability.rules).toStrictEqual([]);
+  });
+});

packages/backend/src/models/__snapshots__/role-mapping.ee.test.js.snap

@@ -0,0 +1,30 @@
+// Vitest Snapshot v1, https://vitest.dev/guide/snapshot.html
+
+exports[`RoleMapping model > jsonSchema should have the correct schema 1`] = `
+{
+  "properties": {
+    "id": {
+      "format": "uuid",
+      "type": "string",
+    },
+    "remoteRoleName": {
+      "minLength": 1,
+      "type": "string",
+    },
+    "roleId": {
+      "format": "uuid",
+      "type": "string",
+    },
+    "samlAuthProviderId": {
+      "format": "uuid",
+      "type": "string",
+    },
+  },
+  "required": [
+    "samlAuthProviderId",
+    "roleId",
+    "remoteRoleName",
+  ],
+  "type": "object",
+}
+`;

packages/backend/src/models/__snapshots__/saml-auth-providers-role-mapping.ee.test.js.snap

@@ -1,6 +1,6 @@
 // Vitest Snapshot v1, https://vitest.dev/guide/snapshot.html
 
-exports[`SamlAuthProvidersRoleMapping model > jsonSchema should have the correct schema 1`] = `
+exports[`RoleMapping model > jsonSchema should have the correct schema 1`] = `
 {
   "properties": {
     "id": {

packages/backend/src/models/role-mapping.ee.js

@@ -1,8 +1,8 @@
 import Base from './base.js';
 import SamlAuthProvider from './saml-auth-provider.ee.js';
 
-class SamlAuthProvidersRoleMapping extends Base {
-  static tableName = 'saml_auth_providers_role_mappings';
+class RoleMapping extends Base {
+  static tableName = 'role_mappings';
 
   static jsonSchema = {
     type: 'object',
@@ -21,11 +21,11 @@ class SamlAuthProvidersRoleMapping extends Base {
       relation: Base.BelongsToOneRelation,
       modelClass: SamlAuthProvider,
       join: {
-        from: 'saml_auth_providers_role_mappings.saml_auth_provider_id',
+        from: 'role_mappings.saml_auth_provider_id',
         to: 'saml_auth_providers.id',
       },
     },
   });
 }
 
-export default SamlAuthProvidersRoleMapping;
+export default RoleMapping;

packages/backend/src/models/role-mapping.ee.test.js

@@ -1,28 +1,26 @@
 import { describe, it, expect } from 'vitest';
-import SamlAuthProvidersRoleMapping from '../models/saml-auth-providers-role-mapping.ee';
+import RoleMapping from './role-mapping.ee';
 import SamlAuthProvider from './saml-auth-provider.ee';
 import Base from './base';
 
-describe('SamlAuthProvidersRoleMapping model', () => {
+describe('RoleMapping model', () => {
   it('tableName should return correct name', () => {
-    expect(SamlAuthProvidersRoleMapping.tableName).toBe(
-      'saml_auth_providers_role_mappings'
-    );
+    expect(RoleMapping.tableName).toBe('role_mappings');
   });
 
   it('jsonSchema should have the correct schema', () => {
-    expect(SamlAuthProvidersRoleMapping.jsonSchema).toMatchSnapshot();
+    expect(RoleMapping.jsonSchema).toMatchSnapshot();
   });
 
   it('relationMappings should return correct associations', () => {
-    const relationMappings = SamlAuthProvidersRoleMapping.relationMappings();
+    const relationMappings = RoleMapping.relationMappings();
 
     const expectedRelations = {
       samlAuthProvider: {
         relation: Base.BelongsToOneRelation,
         modelClass: SamlAuthProvider,
         join: {
-          from: 'saml_auth_providers_role_mappings.saml_auth_provider_id',
+          from: 'role_mappings.saml_auth_provider_id',
           to: 'saml_auth_providers.id',
         },
       },

packages/backend/src/models/saml-auth-provider.ee.js

@@ -5,7 +5,7 @@ import appConfig from '../config/app.js';
 import axios from '../helpers/axios-with-proxy.js';
 import Base from './base.js';
 import Identity from './identity.ee.js';
-import SamlAuthProvidersRoleMapping from './saml-auth-providers-role-mapping.ee.js';
+import RoleMapping from './role-mapping.ee.js';
 
 class SamlAuthProvider extends Base {
   static tableName = 'saml_auth_providers';
@@ -53,12 +53,12 @@ class SamlAuthProvider extends Base {
         to: 'saml_auth_providers.id',
       },
     },
-    samlAuthProvidersRoleMappings: {
+    roleMappings: {
       relation: Base.HasManyRelation,
-      modelClass: SamlAuthProvidersRoleMapping,
+      modelClass: RoleMapping,
       join: {
         from: 'saml_auth_providers.id',
-        to: 'saml_auth_providers_role_mappings.saml_auth_provider_id',
+        to: 'role_mappings.saml_auth_provider_id',
       },
     },
   });
@@ -133,27 +133,22 @@ class SamlAuthProvider extends Base {
   }
 
   async updateRoleMappings(roleMappings) {
-    return await SamlAuthProvider.transaction(async (trx) => {
-      await this.$relatedQuery('samlAuthProvidersRoleMappings', trx).delete();
+    await this.$relatedQuery('roleMappings').delete();
 
-      if (isEmpty(roleMappings)) {
-        return [];
-      }
+    if (isEmpty(roleMappings)) {
+      return [];
+    }
 
-      const samlAuthProvidersRoleMappingsData = roleMappings.map(
-        (samlAuthProvidersRoleMapping) => ({
-          ...samlAuthProvidersRoleMapping,
-          samlAuthProviderId: this.id,
-        })
-      );
+    const roleMappingsData = roleMappings.map((roleMapping) => ({
+      ...roleMapping,
+      samlAuthProviderId: this.id,
+    }));
 
-      const samlAuthProvidersRoleMappings =
-        await SamlAuthProvidersRoleMapping.query(trx).insertAndFetch(
-          samlAuthProvidersRoleMappingsData
-        );
+    const newRoleMappings = await RoleMapping.query().insertAndFetch(
+      roleMappingsData
+    );
 
-      return samlAuthProvidersRoleMappings;
-    });
+    return newRoleMappings;
   }
 }
 

packages/backend/src/models/saml-auth-provider.ee.test.js

@@ -1,9 +1,14 @@
-import { vi, describe, it, expect } from 'vitest';
+import { vi, beforeEach, describe, it, expect } from 'vitest';
+import { v4 as uuidv4 } from 'uuid';
 import SamlAuthProvider from '../models/saml-auth-provider.ee';
-import SamlAuthProvidersRoleMapping from '../models/saml-auth-providers-role-mapping.ee';
+import RoleMapping from '../models/role-mapping.ee';
+import axios from '../helpers/axios-with-proxy.js';
 import Identity from './identity.ee';
 import Base from './base';
 import appConfig from '../config/app';
+import { createSamlAuthProvider } from '../../test/factories/saml-auth-provider.ee.js';
+import { createRoleMapping } from '../../test/factories/role-mapping.js';
+import { createRole } from '../../test/factories/role.js';
 
 describe('SamlAuthProvider model', () => {
   it('tableName should return correct name', () => {
@@ -26,12 +31,12 @@ describe('SamlAuthProvider model', () => {
           to: 'saml_auth_providers.id',
         },
       },
-      samlAuthProvidersRoleMappings: {
+      roleMappings: {
         relation: Base.HasManyRelation,
-        modelClass: SamlAuthProvidersRoleMapping,
+        modelClass: RoleMapping,
         join: {
           from: 'saml_auth_providers.id',
-          to: 'saml_auth_providers_role_mappings.saml_auth_provider_id',
+          to: 'role_mappings.saml_auth_provider_id',
         },
       },
     };
@@ -81,4 +86,146 @@ describe('SamlAuthProvider model', () => {
       'https://example.com/saml/logout'
     );
   });
+
+  it('config should return the correct configuration object', () => {
+    const samlAuthProvider = new SamlAuthProvider();
+
+    samlAuthProvider.certificate = 'sample-certificate';
+    samlAuthProvider.signatureAlgorithm = 'sha256';
+    samlAuthProvider.entryPoint = 'https://example.com/saml';
+    samlAuthProvider.issuer = 'sample-issuer';
+
+    vi.spyOn(appConfig, 'baseUrl', 'get').mockReturnValue(
+      'https://automatisch.io'
+    );
+
+    const expectedConfig = {
+      callbackUrl: 'https://automatisch.io/login/saml/sample-issuer/callback',
+      cert: 'sample-certificate',
+      entryPoint: 'https://example.com/saml',
+      issuer: 'sample-issuer',
+      signatureAlgorithm: 'sha256',
+      logoutUrl: 'https://example.com/saml',
+    };
+
+    expect(samlAuthProvider.config).toStrictEqual(expectedConfig);
+  });
+
+  it('generateLogoutRequestBody should return a correctly encoded SAML logout request', () => {
+    vi.mock('uuid', () => ({
+      v4: vi.fn(),
+    }));
+
+    const samlAuthProvider = new SamlAuthProvider();
+
+    samlAuthProvider.entryPoint = 'https://example.com/saml';
+    samlAuthProvider.issuer = 'sample-issuer';
+
+    const mockUuid = '123e4567-e89b-12d3-a456-426614174000';
+    uuidv4.mockReturnValue(mockUuid);
+
+    const sessionId = 'test-session-id';
+
+    const logoutRequest = samlAuthProvider.generateLogoutRequestBody(sessionId);
+
+    const expectedLogoutRequest = `
+      <samlp:LogoutRequest
+          xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
+          ID="${mockUuid}"
+          Version="2.0"
+          IssueInstant="${new Date().toISOString()}"
+          Destination="https://example.com/saml">
+
+          <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">sample-issuer</saml:Issuer>
+          <samlp:SessionIndex>test-session-id</samlp:SessionIndex>
+      </samlp:LogoutRequest>
+    `;
+
+    const expectedEncodedRequest = Buffer.from(expectedLogoutRequest).toString(
+      'base64'
+    );
+
+    expect(logoutRequest).toBe(expectedEncodedRequest);
+  });
+
+  it('terminateRemoteSession should send the correct POST request and return the response', async () => {
+    vi.mock('../helpers/axios-with-proxy.js', () => ({
+      default: {
+        post: vi.fn(),
+      },
+    }));
+
+    const samlAuthProvider = new SamlAuthProvider();
+
+    samlAuthProvider.entryPoint = 'https://example.com/saml';
+    samlAuthProvider.generateLogoutRequestBody = vi
+      .fn()
+      .mockReturnValue('mockEncodedLogoutRequest');
+
+    const sessionId = 'test-session-id';
+
+    const mockResponse = { data: 'Logout Successful' };
+    axios.post.mockResolvedValue(mockResponse);
+
+    const response = await samlAuthProvider.terminateRemoteSession(sessionId);
+
+    expect(samlAuthProvider.generateLogoutRequestBody).toHaveBeenCalledWith(
+      sessionId
+    );
+
+    expect(axios.post).toHaveBeenCalledWith(
+      'https://example.com/saml',
+      'SAMLRequest=mockEncodedLogoutRequest',
+      {
+        headers: {
+          'Content-Type': 'application/x-www-form-urlencoded',
+        },
+      }
+    );
+
+    expect(response).toBe(mockResponse);
+  });
+
+  describe('updateRoleMappings', () => {
+    let samlAuthProvider;
+
+    beforeEach(async () => {
+      samlAuthProvider = await createSamlAuthProvider();
+    });
+
+    it('should remove all existing role mappings', async () => {
+      await createRoleMapping({
+        samlAuthProviderId: samlAuthProvider.id,
+        remoteRoleName: 'Admin',
+      });
+
+      await createRoleMapping({
+        samlAuthProviderId: samlAuthProvider.id,
+        remoteRoleName: 'User',
+      });
+
+      await samlAuthProvider.updateRoleMappings([]);
+
+      const roleMappings = await samlAuthProvider.$relatedQuery('roleMappings');
+      expect(roleMappings).toStrictEqual([]);
+    });
+
+    it('should return the updated role mappings when new ones are provided', async () => {
+      const adminRole = await createRole({ name: 'Admin' });
+      const userRole = await createRole({ name: 'User' });
+
+      const newRoleMappings = [
+        { remoteRoleName: 'Admin', roleId: adminRole.id },
+        { remoteRoleName: 'User', roleId: userRole.id },
+      ];
+
+      const result = await samlAuthProvider.updateRoleMappings(newRoleMappings);
+
+      const refetchedRoleMappings = await samlAuthProvider.$relatedQuery(
+        'roleMappings'
+      );
+
+      expect(result).toStrictEqual(refetchedRoleMappings);
+    });
+  });
 });

packages/backend/src/models/user.js

@@ -212,6 +212,10 @@ class User extends Base {
     return `${appConfig.webAppUrl}/accept-invitation?token=${this.invitationToken}`;
   }
 
+  get ability() {
+    return userAbility(this);
+  }
+
   static async authenticate(email, password) {
     const user = await User.query().findOne({
       email: email?.toLowerCase() || null,
@@ -366,18 +370,6 @@ class User extends Base {
     return now.getTime() - sentAt.getTime() < fourHoursInMilliseconds;
   }
 
-  toTestTestCoverage() {
-    if (!this.resetPasswordTokenSentAt) {
-      return false;
-    }
-
-    const sentAt = new Date(this.resetPasswordTokenSentAt);
-    const now = new Date();
-    const fourHoursInMilliseconds = 1000 * 60 * 60 * 4;
-
-    return now.getTime() - sentAt.getTime() < fourHoursInMilliseconds;
-  }
-
   async sendInvitationEmail() {
     await this.generateInvitationToken();
 
@@ -595,62 +587,6 @@ class User extends Base {
     return user;
   }
 
-  async $beforeInsert(queryContext) {
-    await super.$beforeInsert(queryContext);
-
-    this.email = this.email.toLowerCase();
-    await this.generateHash();
-
-    if (appConfig.isCloud) {
-      this.startTrialPeriod();
-    }
-  }
-
-  async $beforeUpdate(opt, queryContext) {
-    await super.$beforeUpdate(opt, queryContext);
-
-    if (this.email) {
-      this.email = this.email.toLowerCase();
-    }
-
-    await this.generateHash();
-  }
-
-  async $afterInsert(queryContext) {
-    await super.$afterInsert(queryContext);
-
-    if (appConfig.isCloud) {
-      await this.$relatedQuery('usageData').insert({
-        userId: this.id,
-        consumedTaskCount: 0,
-        nextResetAt: DateTime.now().plus({ days: 30 }).toISODate(),
-      });
-    }
-  }
-
-  async $afterFind() {
-    if (await hasValidLicense()) return this;
-
-    if (Array.isArray(this.permissions)) {
-      this.permissions = this.permissions.filter((permission) => {
-        const restrictedSubjects = [
-          'App',
-          'Role',
-          'SamlAuthProvider',
-          'Config',
-        ];
-
-        return !restrictedSubjects.includes(permission.subject);
-      });
-    }
-
-    return this;
-  }
-
-  get ability() {
-    return userAbility(this);
-  }
-
   can(action, subject) {
     const can = this.ability.can(action, subject);
 
@@ -666,12 +602,68 @@ class User extends Base {
     return conditionMap;
   }
 
-  cannot(action, subject) {
-    const cannot = this.ability.cannot(action, subject);
+  lowercaseEmail() {
+    if (this.email) {
+      this.email = this.email.toLowerCase();
+    }
+  }
 
-    if (cannot) throw new NotAuthorizedError();
+  async createUsageData() {
+    if (appConfig.isCloud) {
+      return await this.$relatedQuery('usageData').insertAndFetch({
+        userId: this.id,
+        consumedTaskCount: 0,
+        nextResetAt: DateTime.now().plus({ days: 30 }).toISODate(),
+      });
+    }
+  }
 
-    return cannot;
+  async omitEnterprisePermissionsWithoutValidLicense() {
+    if (await hasValidLicense()) {
+      return this;
+    }
+
+    if (Array.isArray(this.permissions)) {
+      this.permissions = this.permissions.filter((permission) => {
+        const restrictedSubjects = [
+          'App',
+          'Role',
+          'SamlAuthProvider',
+          'Config',
+        ];
+
+        return !restrictedSubjects.includes(permission.subject);
+      });
+    }
+  }
+
+  async $beforeInsert(queryContext) {
+    await super.$beforeInsert(queryContext);
+
+    this.lowercaseEmail();
+    await this.generateHash();
+
+    if (appConfig.isCloud) {
+      this.startTrialPeriod();
+    }
+  }
+
+  async $beforeUpdate(opt, queryContext) {
+    await super.$beforeUpdate(opt, queryContext);
+
+    this.lowercaseEmail();
+
+    await this.generateHash();
+  }
+
+  async $afterInsert(queryContext) {
+    await super.$afterInsert(queryContext);
+
+    await this.createUsageData();
+  }
+
+  async $afterFind() {
+    await this.omitEnterprisePermissionsWithoutValidLicense();
   }
 }
 

packages/backend/src/models/user.test.js

@@ -1,8 +1,10 @@
 import { describe, it, expect, vi } from 'vitest';
 import { DateTime, Duration } from 'luxon';
 import appConfig from '../config/app.js';
+import * as licenseModule from '../helpers/license.ee.js';
 import Base from './base.js';
 import AccessToken from './access-token.js';
+import Config from './config.js';
 import Connection from './connection.js';
 import Execution from './execution.js';
 import Flow from './flow.js';
@@ -19,6 +21,7 @@ import {
   REMOVE_AFTER_30_DAYS_OR_150_JOBS,
   REMOVE_AFTER_7_DAYS_OR_50_JOBS,
 } from '../helpers/remove-job-configuration.js';
+import * as userAbilityModule from '../helpers/user-ability.js';
 import { createUser } from '../../test/factories/user.js';
 import { createConnection } from '../../test/factories/connection.js';
 import { createRole } from '../../test/factories/role.js';
@@ -26,6 +29,9 @@ import { createPermission } from '../../test/factories/permission.js';
 import { createFlow } from '../../test/factories/flow.js';
 import { createStep } from '../../test/factories/step.js';
 import { createExecution } from '../../test/factories/execution.js';
+import { createSubscription } from '../../test/factories/subscription.js';
+import { createUsageData } from '../../test/factories/usage-data.js';
+import Billing from '../helpers/billing/index.ee.js';
 
 describe('User model', () => {
   it('tableName should return correct name', () => {
@@ -201,64 +207,6 @@ describe('User model', () => {
     expect(virtualAttributes).toStrictEqual(expectedAttributes);
   });
 
-  it('acceptInvitationUrl should return accept invitation page URL with invitation token', async () => {
-    const user = new User();
-    user.invitationToken = 'invitation-token';
-
-    vi.spyOn(appConfig, 'webAppUrl', 'get').mockReturnValue(
-      'https://automatisch.io'
-    );
-
-    expect(user.acceptInvitationUrl).toBe(
-      'https://automatisch.io/accept-invitation?token=invitation-token'
-    );
-  });
-
-  describe('authenticate', () => {
-    it('should create and return the token for correct email and password', async () => {
-      const user = await createUser({
-        email: 'test-user@automatisch.io',
-        password: 'sample-password',
-      });
-
-      const token = await User.authenticate(
-        'test-user@automatisch.io',
-        'sample-password'
-      );
-
-      const persistedToken = await AccessToken.query().findOne({
-        userId: user.id,
-      });
-
-      expect(token).toBe(persistedToken.token);
-    });
-
-    it('should return undefined for existing email and incorrect password', async () => {
-      await createUser({
-        email: 'test-user@automatisch.io',
-        password: 'sample-password',
-      });
-
-      const token = await User.authenticate(
-        'test-user@automatisch.io',
-        'wrong-password'
-      );
-
-      expect(token).toBe(undefined);
-    });
-
-    it('should return undefined for non-existing email', async () => {
-      await createUser({
-        email: 'test-user@automatisch.io',
-        password: 'sample-password',
-      });
-
-      const token = await User.authenticate('non-existing-user@automatisch.io');
-
-      expect(token).toBe(undefined);
-    });
-  });
-
   describe('authorizedFlows', () => {
     it('should return user flows with isCreator condition', async () => {
       const userRole = await createRole({ name: 'User' });
@@ -501,6 +449,76 @@ describe('User model', () => {
     });
   });
 
+  it('acceptInvitationUrl should return accept invitation page URL with invitation token', async () => {
+    const user = new User();
+    user.invitationToken = 'invitation-token';
+
+    vi.spyOn(appConfig, 'webAppUrl', 'get').mockReturnValue(
+      'https://automatisch.io'
+    );
+
+    expect(user.acceptInvitationUrl).toBe(
+      'https://automatisch.io/accept-invitation?token=invitation-token'
+    );
+  });
+
+  it('ability should return userAbility for the user', () => {
+    const user = new User();
+    user.fullName = 'Sample user';
+
+    const userAbilitySpy = vi
+      .spyOn(userAbilityModule, 'default')
+      .mockReturnValue('user-ability');
+
+    expect(user.ability).toStrictEqual('user-ability');
+    expect(userAbilitySpy).toHaveBeenNthCalledWith(1, user);
+  });
+
+  describe('authenticate', () => {
+    it('should create and return the token for correct email and password', async () => {
+      const user = await createUser({
+        email: 'test-user@automatisch.io',
+        password: 'sample-password',
+      });
+
+      const token = await User.authenticate(
+        'test-user@automatisch.io',
+        'sample-password'
+      );
+
+      const persistedToken = await AccessToken.query().findOne({
+        userId: user.id,
+      });
+
+      expect(token).toBe(persistedToken.token);
+    });
+
+    it('should return undefined for existing email and incorrect password', async () => {
+      await createUser({
+        email: 'test-user@automatisch.io',
+        password: 'sample-password',
+      });
+
+      const token = await User.authenticate(
+        'test-user@automatisch.io',
+        'wrong-password'
+      );
+
+      expect(token).toBe(undefined);
+    });
+
+    it('should return undefined for non-existing email', async () => {
+      await createUser({
+        email: 'test-user@automatisch.io',
+        password: 'sample-password',
+      });
+
+      const token = await User.authenticate('non-existing-user@automatisch.io');
+
+      expect(token).toBe(undefined);
+    });
+  });
+
   describe('login', () => {
     it('should return true when the given password matches with the user password', async () => {
       const user = await createUser({ password: 'sample-password' });
@@ -875,4 +893,641 @@ describe('User model', () => {
 
     vi.useRealTimers();
   });
+
+  describe('isAllowedToRunFlows', () => {
+    it('should return true when Automatisch is self hosted', async () => {
+      const user = new User();
+
+      vi.spyOn(appConfig, 'isSelfHosted', 'get').mockReturnValue(true);
+
+      expect(await user.isAllowedToRunFlows()).toBe(true);
+    });
+
+    it('should return true when the user is in trial', async () => {
+      const user = new User();
+
+      vi.spyOn(user, 'inTrial').mockResolvedValue(true);
+
+      expect(await user.isAllowedToRunFlows()).toBe(true);
+    });
+
+    it('should return true when the user has active subscription and within quota limits', async () => {
+      const user = new User();
+
+      vi.spyOn(user, 'hasActiveSubscription').mockResolvedValue(true);
+      vi.spyOn(user, 'withinLimits').mockResolvedValue(true);
+
+      expect(await user.isAllowedToRunFlows()).toBe(true);
+    });
+
+    it('should return false when the user has active subscription over quota limits', async () => {
+      const user = new User();
+
+      vi.spyOn(user, 'hasActiveSubscription').mockResolvedValue(true);
+      vi.spyOn(user, 'withinLimits').mockResolvedValue(false);
+
+      expect(await user.isAllowedToRunFlows()).toBe(false);
+    });
+
+    it('should return false otherwise', async () => {
+      const user = new User();
+
+      expect(await user.isAllowedToRunFlows()).toBe(false);
+    });
+  });
+
+  describe('inTrial', () => {
+    it('should return false when Automatisch is self hosted', async () => {
+      const user = new User();
+
+      vi.spyOn(appConfig, 'isSelfHosted', 'get').mockReturnValue(true);
+
+      expect(await user.inTrial()).toBe(false);
+    });
+
+    it('should return false when the user does not have trial expiry date', async () => {
+      const user = new User();
+
+      vi.spyOn(appConfig, 'isSelfHosted', 'get').mockReturnValue(false);
+
+      expect(await user.inTrial()).toBe(false);
+    });
+
+    it('should return false when the user has an active subscription', async () => {
+      const user = new User();
+      user.trialExpiryDate = '2024-12-14';
+
+      vi.spyOn(appConfig, 'isSelfHosted', 'get').mockReturnValue(false);
+
+      const hasActiveSubscriptionSpy = vi
+        .spyOn(user, 'hasActiveSubscription')
+        .mockResolvedValue(true);
+
+      expect(await user.inTrial()).toBe(false);
+      expect(hasActiveSubscriptionSpy).toHaveBeenCalledOnce();
+    });
+
+    it('should return true when trial expiry date is in future', async () => {
+      vi.useFakeTimers();
+
+      const date = DateTime.fromObject(
+        { year: 2024, month: 11, day: 12, hour: 17, minute: 30 },
+        { zone: 'UTC+0' }
+      );
+
+      vi.setSystemTime(date);
+
+      const user = await createUser();
+
+      await user.startTrialPeriod();
+
+      const refetchedUser = await user.$query();
+
+      vi.spyOn(appConfig, 'isSelfHosted', 'get').mockReturnValue(false);
+      vi.spyOn(refetchedUser, 'hasActiveSubscription').mockResolvedValue(false);
+
+      expect(await refetchedUser.inTrial()).toBe(true);
+
+      vi.useRealTimers();
+    });
+
+    it('should return false when trial expiry date is in past', async () => {
+      vi.useFakeTimers();
+
+      const user = await createUser();
+
+      const presentDate = DateTime.fromObject(
+        { year: 2024, month: 11, day: 17, hour: 11, minute: 30 },
+        { zone: 'UTC+0' }
+      );
+
+      vi.setSystemTime(presentDate);
+
+      await user.startTrialPeriod();
+
+      const futureDate = DateTime.fromObject(
+        { year: 2025, month: 1, day: 1 },
+        { zone: 'UTC+0' }
+      );
+
+      vi.setSystemTime(futureDate);
+
+      const refetchedUser = await user.$query();
+
+      vi.spyOn(appConfig, 'isSelfHosted', 'get').mockReturnValue(false);
+      vi.spyOn(refetchedUser, 'hasActiveSubscription').mockResolvedValue(false);
+
+      expect(await refetchedUser.inTrial()).toBe(false);
+
+      vi.useRealTimers();
+    });
+  });
+
+  describe('hasActiveSubscription', () => {
+    it('should return true if current subscription is valid', async () => {
+      const user = await createUser();
+      await createSubscription({ userId: user.id, status: 'active' });
+
+      expect(await user.hasActiveSubscription()).toBe(true);
+    });
+
+    it('should return false if current subscription is not valid', async () => {
+      const user = await createUser();
+
+      await createSubscription({
+        userId: user.id,
+        status: 'deleted',
+        cancellationEffectiveDate: DateTime.now().minus({ day: 1 }).toString(),
+      });
+
+      expect(await user.hasActiveSubscription()).toBe(false);
+    });
+
+    it('should return false if Automatisch is not a cloud installation', async () => {
+      const user = new User();
+
+      vi.spyOn(appConfig, 'isCloud', 'get').mockReturnValue(false);
+
+      expect(await user.hasActiveSubscription()).toBe(false);
+    });
+  });
+
+  describe('withinLimits', () => {
+    it('should return true when the consumed task count is less than the quota', async () => {
+      const user = await createUser();
+      const subscription = await createSubscription({ userId: user.id });
+
+      await createUsageData({
+        subscriptionId: subscription.id,
+        userId: user.id,
+        consumedTaskCount: 100,
+      });
+
+      expect(await user.withinLimits()).toBe(true);
+    });
+
+    it('should return true when the consumed task count is less than the quota', async () => {
+      const user = await createUser();
+      const subscription = await createSubscription({ userId: user.id });
+
+      await createUsageData({
+        subscriptionId: subscription.id,
+        userId: user.id,
+        consumedTaskCount: 10000,
+      });
+
+      expect(await user.withinLimits()).toBe(false);
+    });
+  });
+
+  describe('getPlanAndUsage', () => {
+    it('should return plan and usage', async () => {
+      const user = await createUser();
+
+      const subscription = await createSubscription({ userId: user.id });
+
+      expect(await user.getPlanAndUsage()).toStrictEqual({
+        usage: {
+          task: 0,
+        },
+        plan: {
+          id: subscription.paddlePlanId,
+          name: '10k - monthly',
+          limit: '10,000',
+        },
+      });
+    });
+
+    it('should return trial plan and usage if no subscription exists', async () => {
+      const user = await createUser();
+
+      expect(await user.getPlanAndUsage()).toStrictEqual({
+        usage: {
+          task: 0,
+        },
+        plan: {
+          id: null,
+          name: 'Free Trial',
+          limit: null,
+        },
+      });
+    });
+
+    it('should throw not found when the current usage data does not exist', async () => {
+      vi.spyOn(appConfig, 'isCloud', 'get').mockReturnValue(false);
+
+      const user = await createUser();
+
+      expect(() => user.getPlanAndUsage()).rejects.toThrow('NotFoundError');
+    });
+  });
+
+  describe('getInvoices', () => {
+    it('should return invoices for the current subscription', async () => {
+      const user = await createUser();
+      const subscription = await createSubscription({ userId: user.id });
+
+      const getInvoicesSpy = vi
+        .spyOn(Billing.paddleClient, 'getInvoices')
+        .mockResolvedValue('dummy-invoices');
+
+      expect(await user.getInvoices()).toBe('dummy-invoices');
+      expect(getInvoicesSpy).toHaveBeenCalledWith(
+        Number(subscription.paddleSubscriptionId)
+      );
+    });
+
+    it('should return empty array without any subscriptions', async () => {
+      const user = await createUser();
+
+      expect(await user.getInvoices()).toStrictEqual([]);
+    });
+  });
+
+  it.todo('getApps');
+
+  it('createAdmin should create admin with given data and mark the installation completed', async () => {
+    const adminRole = await createRole({ name: 'Admin' });
+
+    const markInstallationCompletedSpy = vi
+      .spyOn(Config, 'markInstallationCompleted')
+      .mockResolvedValue();
+
+    const adminUser = await User.createAdmin({
+      fullName: 'Sample admin',
+      email: 'admin@automatisch.io',
+      password: 'sample',
+    });
+
+    expect(adminUser).toMatchObject({
+      fullName: 'Sample admin',
+      email: 'admin@automatisch.io',
+      roleId: adminRole.id,
+    });
+
+    expect(markInstallationCompletedSpy).toHaveBeenCalledOnce();
+    expect(await adminUser.login('sample')).toBe(true);
+  });
+
+  describe('registerUser', () => {
+    it('should register user with user role and given data', async () => {
+      const userRole = await createRole({ name: 'User' });
+
+      const user = await User.registerUser({
+        fullName: 'Sample user',
+        email: 'user@automatisch.io',
+        password: 'sample-password',
+      });
+
+      expect(user).toMatchObject({
+        fullName: 'Sample user',
+        email: 'user@automatisch.io',
+        roleId: userRole.id,
+      });
+
+      expect(await user.login('sample-password')).toBe(true);
+    });
+
+    it('should throw not found error when user role does not exist', async () => {
+      expect(() =>
+        User.registerUser({
+          fullName: 'Sample user',
+          email: 'user@automatisch.io',
+          password: 'sample-password',
+        })
+      ).rejects.toThrowError('NotFoundError');
+    });
+  });
+
+  describe('can', () => {
+    it('should return conditions for the given action and subject of the user', async () => {
+      const userRole = await createRole({ name: 'User' });
+
+      await createPermission({
+        roleId: userRole.id,
+        subject: 'Flow',
+        action: 'read',
+        conditions: ['isCreator'],
+      });
+
+      await createPermission({
+        roleId: userRole.id,
+        subject: 'Connection',
+        action: 'read',
+        conditions: [],
+      });
+
+      const user = await createUser({ roleId: userRole.id });
+
+      const userWithRoleAndPermissions = await user
+        .$query()
+        .withGraphFetched({ role: true, permissions: true });
+
+      expect(userWithRoleAndPermissions.can('read', 'Flow')).toStrictEqual({
+        isCreator: true,
+      });
+
+      expect(
+        userWithRoleAndPermissions.can('read', 'Connection')
+      ).toStrictEqual({});
+    });
+
+    it('should return not authorized error when the user is not permitted for the given action and subject', async () => {
+      const userRole = await createRole({ name: 'User' });
+      const user = await createUser({ roleId: userRole.id });
+
+      const userWithRoleAndPermissions = await user
+        .$query()
+        .withGraphFetched({ role: true, permissions: true });
+
+      expect(() => userWithRoleAndPermissions.can('read', 'Flow')).toThrowError(
+        'The user is not authorized!'
+      );
+    });
+  });
+
+  it('lowercaseEmail should lowercase the user email', () => {
+    const user = new User();
+    user.email = 'USER@AUTOMATISCH.IO';
+
+    user.lowercaseEmail();
+
+    expect(user.email).toBe('user@automatisch.io');
+  });
+
+  describe('createUsageData', () => {
+    it('should create usage data if Automatisch is a cloud installation', async () => {
+      vi.spyOn(appConfig, 'isCloud', 'get').mockReturnValue(true);
+
+      const user = await createUser({
+        fullName: 'Sample user',
+        email: 'user@automatisch.io',
+      });
+
+      const usageData = await user.createUsageData();
+      const currentUsageData = await user.$relatedQuery('currentUsageData');
+
+      expect(usageData).toStrictEqual(currentUsageData);
+    });
+
+    it('should not create usage data if Automatisch is not a cloud installation', async () => {
+      vi.spyOn(appConfig, 'isCloud', 'get').mockReturnValue(false);
+
+      const user = await createUser({
+        fullName: 'Sample user',
+        email: 'user@automatisch.io',
+      });
+
+      const usageData = await user.createUsageData();
+
+      expect(usageData).toBe(undefined);
+    });
+  });
+
+  describe('omitEnterprisePermissionsWithoutValidLicense', () => {
+    it('should return user as-is with valid license', async () => {
+      const userRole = await createRole({ name: 'User' });
+      const user = await createUser({
+        fullName: 'Sample user',
+        email: 'user@automatisch.io',
+        roleId: userRole.id,
+      });
+
+      const readFlowPermission = await createPermission({
+        roleId: userRole.id,
+        subject: 'Flow',
+        action: 'read',
+        conditions: [],
+      });
+
+      await createPermission({
+        roleId: userRole.id,
+        subject: 'App',
+        action: 'read',
+        conditions: [],
+      });
+
+      await createPermission({
+        roleId: userRole.id,
+        subject: 'Role',
+        action: 'read',
+        conditions: [],
+      });
+
+      await createPermission({
+        roleId: userRole.id,
+        subject: 'Config',
+        action: 'read',
+        conditions: [],
+      });
+
+      await createPermission({
+        roleId: userRole.id,
+        subject: 'SamlAuthProvider',
+        action: 'read',
+        conditions: [],
+      });
+
+      const userWithRoleAndPermissions = await user
+        .$query()
+        .withGraphFetched({ role: true, permissions: true });
+
+      expect(userWithRoleAndPermissions.permissions).toStrictEqual([
+        readFlowPermission,
+      ]);
+    });
+
+    it('should omit enterprise permissions without valid license', async () => {
+      vi.spyOn(licenseModule, 'hasValidLicense').mockResolvedValue(false);
+
+      const userRole = await createRole({ name: 'User' });
+      const user = await createUser({
+        fullName: 'Sample user',
+        email: 'user@automatisch.io',
+        roleId: userRole.id,
+      });
+
+      const readFlowPermission = await createPermission({
+        roleId: userRole.id,
+        subject: 'Flow',
+        action: 'read',
+        conditions: [],
+      });
+
+      await createPermission({
+        roleId: userRole.id,
+        subject: 'App',
+        action: 'read',
+        conditions: [],
+      });
+
+      await createPermission({
+        roleId: userRole.id,
+        subject: 'Role',
+        action: 'read',
+        conditions: [],
+      });
+
+      await createPermission({
+        roleId: userRole.id,
+        subject: 'Config',
+        action: 'read',
+        conditions: [],
+      });
+
+      await createPermission({
+        roleId: userRole.id,
+        subject: 'SamlAuthProvider',
+        action: 'read',
+        conditions: [],
+      });
+
+      const userWithRoleAndPermissions = await user
+        .$query()
+        .withGraphFetched({ role: true, permissions: true });
+
+      expect(userWithRoleAndPermissions.permissions).toStrictEqual([
+        readFlowPermission,
+      ]);
+    });
+  });
+
+  describe('$beforeInsert', () => {
+    it('should call super.$beforeInsert', async () => {
+      const superBeforeInsertSpy = vi
+        .spyOn(User.prototype, '$beforeInsert')
+        .mockResolvedValue();
+
+      await createUser();
+
+      expect(superBeforeInsertSpy).toHaveBeenCalledOnce();
+    });
+
+    it('should lowercase the user email', async () => {
+      const user = await createUser({
+        fullName: 'Sample user',
+        email: 'USER@AUTOMATISCH.IO',
+      });
+
+      expect(user.email).toBe('user@automatisch.io');
+    });
+
+    it('should generate password hash', async () => {
+      const user = await createUser({
+        fullName: 'Sample user',
+        email: 'user@automatisch.io',
+        password: 'sample-password',
+      });
+
+      expect(user.password).not.toBe('sample-password');
+      expect(await user.login('sample-password')).toBe(true);
+    });
+
+    it('should start trial period if Automatisch is a cloud installation', async () => {
+      vi.spyOn(appConfig, 'isCloud', 'get').mockReturnValue(true);
+
+      const startTrialPeriodSpy = vi.spyOn(User.prototype, 'startTrialPeriod');
+
+      await createUser({
+        fullName: 'Sample user',
+        email: 'user@automatisch.io',
+      });
+
+      expect(startTrialPeriodSpy).toHaveBeenCalledOnce();
+    });
+
+    it('should not start trial period if Automatisch is not a cloud installation', async () => {
+      vi.spyOn(appConfig, 'isCloud', 'get').mockReturnValue(false);
+
+      const startTrialPeriodSpy = vi.spyOn(User.prototype, 'startTrialPeriod');
+
+      await createUser({
+        fullName: 'Sample user',
+        email: 'user@automatisch.io',
+      });
+
+      expect(startTrialPeriodSpy).not.toHaveBeenCalled();
+    });
+  });
+
+  describe('$beforeUpdate', () => {
+    it('should call super.$beforeUpdate', async () => {
+      const superBeforeUpdateSpy = vi
+        .spyOn(User.prototype, '$beforeUpdate')
+        .mockResolvedValue();
+
+      const user = await createUser({
+        fullName: 'Sample user',
+        email: 'user@automatisch.io',
+      });
+
+      await user.$query().patch({ fullName: 'Updated user name' });
+
+      expect(superBeforeUpdateSpy).toHaveBeenCalledOnce();
+    });
+
+    it('should lowercase the user email if given', async () => {
+      const user = await createUser({
+        fullName: 'Sample user',
+        email: 'user@automatisch.io',
+      });
+
+      await user.$query().patchAndFetch({ email: 'NEW_EMAIL@AUTOMATISCH.IO' });
+
+      expect(user.email).toBe('new_email@automatisch.io');
+    });
+
+    it('should generate password hash', async () => {
+      const user = await createUser({
+        fullName: 'Sample user',
+        email: 'user@automatisch.io',
+        password: 'sample-password',
+      });
+
+      await user.$query().patchAndFetch({ password: 'new-password' });
+
+      expect(user.password).not.toBe('new-password');
+      expect(await user.login('new-password')).toBe(true);
+    });
+  });
+
+  describe('$afterInsert', () => {
+    it('should call super.$afterInsert', async () => {
+      const superAfterInsertSpy = vi.spyOn(User.prototype, '$afterInsert');
+
+      await createUser({
+        fullName: 'Sample user',
+        email: 'user@automatisch.io',
+      });
+
+      expect(superAfterInsertSpy).toHaveBeenCalledOnce();
+    });
+
+    it('should call createUsageData', async () => {
+      const createUsageDataSpy = vi.spyOn(User.prototype, 'createUsageData');
+
+      await createUser({
+        fullName: 'Sample user',
+        email: 'user@automatisch.io',
+      });
+
+      expect(createUsageDataSpy).toHaveBeenCalledOnce();
+    });
+  });
+
+  it('$afterFind should invoke omitEnterprisePermissionsWithoutValidLicense method', async () => {
+    const omitEnterprisePermissionsWithoutValidLicenseSpy = vi.spyOn(
+      User.prototype,
+      'omitEnterprisePermissionsWithoutValidLicense'
+    );
+
+    await createUser({
+      fullName: 'Sample user',
+      email: 'user@automatisch.io',
+    });
+
+    expect(
+      omitEnterprisePermissionsWithoutValidLicenseSpy
+    ).toHaveBeenCalledOnce();
+  });
 });

packages/backend/src/serializers/index.js

@@ -26,7 +26,7 @@ const serializers = {
   Permission: permissionSerializer,
   AdminSamlAuthProvider: adminSamlAuthProviderSerializer,
   SamlAuthProvider: samlAuthProviderSerializer,
-  SamlAuthProvidersRoleMapping: samlAuthProviderRoleMappingSerializer,
+  RoleMapping: samlAuthProviderRoleMappingSerializer,
   AppAuthClient: appAuthClientSerializer,
   AppConfig: appConfigSerializer,
   Flow: flowSerializer,

packages/backend/test/factories/role-mapping.js

@@ -1,16 +1,15 @@
+import { faker } from '@faker-js/faker';
 import { createRole } from './role.js';
+import RoleMapping from '../../src/models/role-mapping.ee.js';
 import { createSamlAuthProvider } from './saml-auth-provider.ee.js';
-import SamlAuthProviderRoleMapping from '../../src/models/saml-auth-providers-role-mapping.ee.js';
 
 export const createRoleMapping = async (params = {}) => {
-  params.roleId = params?.roleId || (await createRole()).id;
+  params.roleId = params.roleId || (await createRole()).id;
   params.samlAuthProviderId =
-    params?.samlAuthProviderId || (await createSamlAuthProvider()).id;
+    params.samlAuthProviderId || (await createSamlAuthProvider()).id;
+  params.remoteRoleName = params.remoteRoleName || faker.person.jobType();
 
-  params.remoteRoleName = params?.remoteRoleName || 'User';
+  const roleMapping = await RoleMapping.query().insertAndFetch(params);
 
-  const samlAuthProviderRoleMapping =
-    await SamlAuthProviderRoleMapping.query().insertAndFetch(params);
-
-  return samlAuthProviderRoleMapping;
+  return roleMapping;
 };

packages/backend/test/factories/saml-auth-providers-role-mapping.js

@@ -1,16 +0,0 @@
-import { faker } from '@faker-js/faker';
-import { createRole } from './role.js';
-import SamlAuthProvidersRoleMapping from '../../src/models/saml-auth-providers-role-mapping.ee.js';
-import { createSamlAuthProvider } from './saml-auth-provider.ee.js';
-
-export const createSamlAuthProvidersRoleMapping = async (params = {}) => {
-  params.roleId = params.roleId || (await createRole()).id;
-  params.samlAuthProviderId =
-    params.samlAuthProviderId || (await createSamlAuthProvider()).id;
-  params.remoteRoleName = params.remoteRoleName || faker.person.jobType();
-
-  const samlAuthProvider =
-    await SamlAuthProvidersRoleMapping.query().insertAndFetch(params);
-
-  return samlAuthProvider;
-};

packages/backend/test/mocks/rest/api/v1/admin/saml-auth-providers/get-role-mappings.ee.js

@@ -15,7 +15,7 @@ const getRoleMappingsMock = async (roleMappings) => {
       currentPage: null,
       isArray: true,
       totalPages: null,
-      type: 'SamlAuthProvidersRoleMapping',
+      type: 'RoleMapping',
     },
   };
 };

packages/backend/test/mocks/rest/api/v1/admin/saml-auth-providers/update-role-mappings.ee.js

@@ -15,7 +15,7 @@ const createRoleMappingsMock = async (roleMappings) => {
       currentPage: null,
       isArray: true,
       totalPages: null,
-      type: 'SamlAuthProvidersRoleMapping',
+      type: 'RoleMapping',
     },
   };
 };

packages/e2e-tests/fixtures/execution-details-page.js

@@ -0,0 +1,21 @@
+const { AuthenticatedPage } = require('./authenticated-page');
+const { expect } = require('@playwright/test');
+
+export class ExecutionDetailsPage extends AuthenticatedPage {
+  constructor(page) {
+    super(page);
+
+    this.executionCreatedAt = page.getByTestId('execution-created-at');
+    this.executionId = page.getByTestId('execution-id');
+    this.executionName = page.getByTestId('execution-name');
+    this.executionStep = page.getByTestId('execution-step');
+  }
+
+  async verifyExecutionData(flowId) {
+    await expect(this.executionCreatedAt).toContainText(/\d+ seconds? ago/);
+    await expect(this.executionId).toHaveText(
+      /Execution ID: [0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i
+    );
+    await expect(this.executionName).toHaveText(flowId);
+  }
+}

packages/e2e-tests/fixtures/execution-step-details.js

@@ -0,0 +1,93 @@
+const { ExecutionDetailsPage } = require('./execution-details-page');
+const { expect } = require('@playwright/test');
+
+export class ExecutionStepDetails extends ExecutionDetailsPage {
+  constructor(page, executionStep) {
+    super(page);
+
+    this.executionStep = executionStep;
+    this.stepType = executionStep.getByTestId('step-type');
+    this.stepPositionAndName = executionStep.getByTestId(
+      'step-position-and-name'
+    );
+    this.executionStepId = executionStep.getByTestId('execution-step-id');
+    this.executionStepExecutedAt = executionStep.getByTestId(
+      'execution-step-executed-at'
+    );
+    this.dataInTab = executionStep.getByTestId('data-in-tab');
+    this.dataInPanel = executionStep.getByTestId('data-in-panel');
+    this.dataOutTab = executionStep.getByTestId('data-out-tab');
+    this.dataOutPanel = executionStep.getByTestId('data-out-panel');
+  }
+
+  async expectDataInTabToBeSelectedByDefault() {
+    await expect(this.dataInTab).toHaveClass(/Mui-selected/);
+  }
+
+  async expectDataInToContainText(searchText, desiredText) {
+    await expect(this.dataInPanel).toContainText(desiredText);
+    await this.dataInPanel.locator('#search-input').fill(searchText);
+    await expect(this.dataInPanel).toContainText(desiredText);
+  }
+
+  async expectDataOutToContainText(searchText, desiredText) {
+    await expect(this.dataOutPanel).toContainText(desiredText);
+    await this.dataOutPanel.locator('#search-input').fill(searchText);
+    await expect(this.dataOutPanel).toContainText(desiredText);
+  }
+
+  async verifyTriggerExecutionStep({
+    stepPositionAndName,
+    stepDataInKey,
+    stepDataInValue,
+    stepDataOutKey,
+    stepDataOutValue,
+  }) {
+    await expect(this.stepType).toHaveText('Trigger');
+    await this.verifyExecutionStep({
+      stepPositionAndName,
+      stepDataInKey,
+      stepDataInValue,
+      stepDataOutKey,
+      stepDataOutValue,
+    });
+  }
+
+  async verifyActionExecutionStep({
+    stepPositionAndName,
+    stepDataInKey,
+    stepDataInValue,
+    stepDataOutKey,
+    stepDataOutValue,
+  }) {
+    await expect(this.stepType).toHaveText('Action');
+    await this.verifyExecutionStep({
+      stepPositionAndName,
+      stepDataInKey,
+      stepDataInValue,
+      stepDataOutKey,
+      stepDataOutValue,
+    });
+  }
+
+  async verifyExecutionStep({
+    stepPositionAndName,
+    stepDataInKey,
+    stepDataInValue,
+    stepDataOutKey,
+    stepDataOutValue,
+  }) {
+    await expect(this.stepPositionAndName).toHaveText(stepPositionAndName);
+    await expect(this.executionStepId).toHaveText(
+      /ID: [0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i
+    );
+    await expect(this.executionStepExecutedAt).toContainText(
+      /executed \d+ seconds? ago/
+    );
+    await this.expectDataInTabToBeSelectedByDefault();
+    await this.expectDataInToContainText(stepDataInKey, stepDataInValue);
+    await this.dataOutTab.click();
+    await expect(this.dataOutPanel).toContainText(stepDataOutValue);
+    await this.expectDataOutToContainText(stepDataOutKey, stepDataOutValue);
+  }
+}

packages/e2e-tests/fixtures/executions-page.js

@@ -2,4 +2,11 @@ const { AuthenticatedPage } = require('./authenticated-page');
 
 export class ExecutionsPage extends AuthenticatedPage {
   screenshotPath = '/executions';
+
+  constructor(page) {
+    super(page);
+
+    this.executionRow = this.page.getByTestId('execution-row');
+    this.executionsPageLoader = this.page.getByTestId('executions-loader');
+  }
 }

packages/e2e-tests/fixtures/index.js

@@ -2,6 +2,7 @@ const { test, expect } = require('@playwright/test');
 const { ApplicationsPage } = require('./applications-page');
 const { ConnectionsPage } = require('./connections-page');
 const { ExecutionsPage } = require('./executions-page');
+const { ExecutionDetailsPage } = require('./execution-details-page');
 const { FlowEditorPage } = require('./flow-editor-page');
 const { UserInterfacePage } = require('./user-interface-page');
 const { LoginPage } = require('./login-page');
@@ -29,6 +30,9 @@ exports.test = test.extend({
   executionsPage: async ({ page }, use) => {
     await use(new ExecutionsPage(page));
   },
+  executionDetailsPage: async ({ page }, use) => {
+    await use(new ExecutionDetailsPage(page));
+  },
   flowEditorPage: async ({ page }, use) => {
     await use(new FlowEditorPage(page));
   },

packages/e2e-tests/helpers/auth-api-helper.js

@@ -0,0 +1,15 @@
+const { expect } = require('../fixtures/index');
+
+export const getToken = async (apiRequest) => {
+  const tokenResponse = await apiRequest.post(
+    `http://localhost:${process.env.PORT}/api/v1/access-tokens`,
+    {
+      data: {
+        email: process.env.LOGIN_EMAIL,
+        password: process.env.LOGIN_PASSWORD,
+      },
+    }
+  );
+  await expect(tokenResponse.status()).toBe(200);
+  return await tokenResponse.json();
+};

packages/e2e-tests/helpers/flow-api-helper.js

@@ -0,0 +1,108 @@
+const { expect } = require('../fixtures/index');
+
+export const createFlow = async (request, token) => {
+  const response = await request.post(
+    `http://localhost:${process.env.PORT}/api/v1/flows`,
+    { headers: { Authorization: token } }
+  );
+  await expect(response.status()).toBe(201);
+  return await response.json();
+};
+
+export const getFlow = async (request, token, flowId) => {
+  const response = await request.get(
+    `http://localhost:${process.env.PORT}/api/v1/flows/${flowId}`,
+    { headers: { Authorization: token } }
+  );
+  await expect(response.status()).toBe(200);
+  return await response.json();
+};
+
+export const updateFlowName = async (request, token, flowId) => {
+  const updateFlowNameResponse = await request.patch(
+    `http://localhost:${process.env.PORT}/api/v1/flows/${flowId}`,
+    {
+      headers: { Authorization: token },
+      data: { name: flowId },
+    }
+  );
+  await expect(updateFlowNameResponse.status()).toBe(200);
+};
+
+export const updateFlowStep = async (request, token, stepId, requestBody) => {
+  const updateTriggerStepResponse = await request.patch(
+    `http://localhost:${process.env.PORT}/api/v1/steps/${stepId}`,
+    {
+      headers: { Authorization: token },
+      data: requestBody,
+    }
+  );
+  await expect(updateTriggerStepResponse.status()).toBe(200);
+  return await updateTriggerStepResponse.json();
+};
+
+export const testStep = async (request, token, stepId) => {
+  const testTriggerStepResponse = await request.post(
+    `http://localhost:${process.env.PORT}/api/v1/steps/${stepId}/test`,
+    {
+      headers: { Authorization: token },
+    }
+  );
+  await expect(testTriggerStepResponse.status()).toBe(200);
+};
+
+export const publishFlow = async (request, token, flowId) => {
+  const publishFlowResponse = await request.patch(
+    `http://localhost:${process.env.PORT}/api/v1/flows/${flowId}/status`,
+    {
+      headers: { Authorization: token },
+      data: { active: true },
+    }
+  );
+  await expect(publishFlowResponse.status()).toBe(200);
+  return publishFlowResponse.json();
+};
+
+export const triggerFlow = async (request, url) => {
+  const triggerFlowResponse = await request.get(url);
+  await expect(triggerFlowResponse.status()).toBe(204);
+};
+
+export const addWebhookFlow = async (request, token) => {
+  let flow = await createFlow(request, token);
+  const flowId = flow.data.id;
+  await updateFlowName(request, token, flowId);
+  flow = await getFlow(request, token, flowId);
+  const flowSteps = flow.data.steps;
+
+  const triggerStepId = flowSteps.find((step) => step.type === 'trigger').id;
+  const actionStepId = flowSteps.find((step) => step.type === 'action').id;
+
+  const triggerStep = await updateFlowStep(request, token, triggerStepId, {
+    appKey: 'webhook',
+    key: 'catchRawWebhook',
+    parameters: {
+      workSynchronously: false,
+    },
+  });
+  await request.get(triggerStep.data.webhookUrl);
+  await testStep(request, token, triggerStepId);
+
+  await updateFlowStep(request, token, actionStepId, {
+    appKey: 'webhook',
+    key: 'respondWith',
+    parameters: {
+      statusCode: '200',
+      body: 'ok',
+      headers: [
+        {
+          key: '',
+          value: '',
+        },
+      ],
+    },
+  });
+  await testStep(request, token, actionStepId);
+
+  return flowId;
+};

packages/e2e-tests/tests/admin-setup/admin.setup.js

@@ -2,11 +2,14 @@ const { publicTest: setup, expect } = require('../../fixtures/index');
 
 setup.describe.serial('Admin setup page', () => {
   // eslint-disable-next-line no-unused-vars
-  setup('should not be able to login if admin is not created', async ({ page, adminSetupPage, loginPage }) => {
-    await expect(async () => {
-      await expect(await page.url()).toContain(adminSetupPage.path);
-    }).toPass();
-  });
+  setup(
+    'should not be able to login if admin is not created',
+    async ({ page, adminSetupPage }) => {
+      await expect(async () => {
+        await expect(await page.url()).toContain(adminSetupPage.path);
+      }).toPass();
+    }
+  );
 
   setup('should validate the inputs', async ({ adminSetupPage }) => {
     await adminSetupPage.open();

packages/e2e-tests/tests/executions/display-execution.spec.js

@@ -1,37 +1,138 @@
+const { request } = require('@playwright/test');
 const { test, expect } = require('../../fixtures/index');
+const {
+  triggerFlow,
+  publishFlow,
+  addWebhookFlow,
+} = require('../../helpers/flow-api-helper');
+const {
+  ExecutionStepDetails,
+} = require('../../fixtures/execution-step-details');
+const { getToken } = require('../../helpers/auth-api-helper');
+
+test.describe('Executions page', () => {
+  let flowId;
+
+  test.beforeAll(async () => {
+    const apiRequest = await request.newContext();
+    const tokenJsonResponse = await getToken(apiRequest);
+
+    flowId = await addWebhookFlow(apiRequest, tokenJsonResponse.data.token);
+
+    const { data } = await publishFlow(
+      apiRequest,
+      tokenJsonResponse.data.token,
+      flowId
+    );
+
+    const triggerStepWebhookUrl = data.steps.find(
+      (step) => step.type === 'trigger'
+    ).webhookUrl;
+
+    await triggerFlow(apiRequest, triggerStepWebhookUrl);
+  });
 
-// no execution data exists in an empty account
-test.describe.skip('Executions page', () => {
   test.beforeEach(async ({ page }) => {
     await page.getByTestId('executions-page-drawer-link').click();
-    await page.getByTestId('execution-row').first().click();
-
-    await expect(page).toHaveURL(/\/executions\//);
   });
 
-  test('displays data in by default', async ({ page, executionsPage }) => {
-    await expect(page.getByTestId('execution-step').last()).toBeVisible();
-    await expect(page.getByTestId('execution-step')).toHaveCount(2);
+  test('show correct step data for trigger and actions on test and non-test execution', async ({
+    page,
+    executionsPage,
+    executionDetailsPage,
+  }) => {
+    await executionsPage.executionsPageLoader.waitFor({
+      state: 'detached',
+    });
+    const flowExecutions = await executionsPage.executionRow.filter({
+      hasText: flowId,
+    });
+    await test.step('show only trigger step on test execution', async () => {
+      await expect(flowExecutions.last()).toContainText('Test run');
+      await flowExecutions.last().click();
 
-    await executionsPage.screenshot({
-      path: 'Execution - data in.png',
+      await executionDetailsPage.verifyExecutionData(flowId);
+      await expect(executionDetailsPage.executionStep).toHaveCount(1);
+
+      const executionStepDetails = new ExecutionStepDetails(
+        page,
+        executionDetailsPage.executionStep.last()
+      );
+      await executionStepDetails.verifyTriggerExecutionStep({
+        stepPositionAndName: '1. Webhook',
+        stepDataInKey: 'workSynchronously',
+        stepDataInValue: 'workSynchronously',
+        stepDataOutKey: 'host',
+        stepDataOutValue: 'localhost',
+      });
+
+      await page.goBack();
+    });
+
+    await test.step('show trigger and action step on action test execution', async () => {
+      await expect(flowExecutions.nth(1)).toContainText('Test run');
+      await flowExecutions.nth(1).click();
+
+      await expect(executionDetailsPage.executionStep).toHaveCount(2);
+      await executionDetailsPage.verifyExecutionData(flowId);
+
+      const firstExecutionStepDetails = new ExecutionStepDetails(
+        page,
+        executionDetailsPage.executionStep.first()
+      );
+      await firstExecutionStepDetails.verifyTriggerExecutionStep({
+        stepPositionAndName: '1. Webhook',
+        stepDataInKey: 'workSynchronously',
+        stepDataInValue: 'workSynchronously',
+        stepDataOutKey: 'host',
+        stepDataOutValue: 'localhost',
+      });
+
+      const lastExecutionStepDetails = new ExecutionStepDetails(
+        page,
+        executionDetailsPage.executionStep.last()
+      );
+      await lastExecutionStepDetails.verifyActionExecutionStep({
+        stepPositionAndName: '2. Webhook',
+        stepDataInKey: 'body',
+        stepDataInValue: 'body:"ok"',
+        stepDataOutKey: 'body',
+        stepDataOutValue: 'body:"ok"',
+      });
+
+      await page.goBack();
+    });
+
+    await test.step('show trigger and action step on flow execution', async () => {
+      await expect(flowExecutions.first()).not.toContainText('Test run');
+      await flowExecutions.first().click();
+
+      await expect(executionDetailsPage.executionStep).toHaveCount(2);
+      await executionDetailsPage.verifyExecutionData(flowId);
+
+      const firstExecutionStepDetails = new ExecutionStepDetails(
+        page,
+        executionDetailsPage.executionStep.first()
+      );
+      await firstExecutionStepDetails.verifyTriggerExecutionStep({
+        stepPositionAndName: '1. Webhook',
+        stepDataInKey: 'workSynchronously',
+        stepDataInValue: 'workSynchronously',
+        stepDataOutKey: 'host',
+        stepDataOutValue: 'localhost',
+      });
+
+      const lastExecutionStepDetails = new ExecutionStepDetails(
+        page,
+        executionDetailsPage.executionStep.last()
+      );
+      await lastExecutionStepDetails.verifyActionExecutionStep({
+        stepPositionAndName: '2. Webhook',
+        stepDataInKey: 'body',
+        stepDataInValue: 'body:"ok"',
+        stepDataOutKey: 'body',
+        stepDataOutValue: 'body:"ok"',
+      });
     });
   });
-
-  test('displays data out', async ({ page, executionsPage }) => {
-    const executionStepCount = await page.getByTestId('execution-step').count();
-    for (let i = 0; i < executionStepCount; i++) {
-      await page.getByTestId('data-out-tab').nth(i).click();
-      await expect(page.getByTestId('data-out-panel').nth(i)).toBeVisible();
-
-      await executionsPage.screenshot({
-        path: `Execution - data out - ${i}.png`,
-        animations: 'disabled',
-      });
-    }
-  });
-
-  test('does not display error', async ({ page }) => {
-    await expect(page.getByTestId('error-tab')).toBeHidden();
-  });
 });

packages/e2e-tests/tests/executions/list-executions.spec.js

@@ -1,17 +1,54 @@
+const { request } = require('@playwright/test');
 const { test, expect } = require('../../fixtures/index');
+const {
+  triggerFlow,
+  publishFlow,
+  addWebhookFlow,
+} = require('../../helpers/flow-api-helper');
+const { getToken } = require('../../helpers/auth-api-helper');
 
 test.describe('Executions page', () => {
+  let flowId;
+
+  test.beforeAll(async () => {
+    const apiRequest = await request.newContext();
+    const tokenJsonResponse = await getToken(apiRequest);
+
+    flowId = await addWebhookFlow(apiRequest, tokenJsonResponse.data.token);
+
+    const { data } = await publishFlow(
+      apiRequest,
+      tokenJsonResponse.data.token,
+      flowId
+    );
+
+    const triggerStepWebhookUrl = data.steps.find(
+      (step) => step.type === 'trigger'
+    ).webhookUrl;
+
+    await triggerFlow(apiRequest, triggerStepWebhookUrl);
+  });
+
   test.beforeEach(async ({ page }) => {
     await page.getByTestId('executions-page-drawer-link').click();
   });
 
-  // no executions exist in an empty account
-  test.skip('displays executions', async ({ page, executionsPage }) => {
-    await page.getByTestId('executions-loader').waitFor({
+  test('should be able to see normal and test executions', async ({
+    executionsPage,
+  }) => {
+    await executionsPage.executionsPageLoader.waitFor({
       state: 'detached',
     });
-    await expect(page.getByTestId('execution-row').first()).toBeVisible();
+    const flowExecutions = await executionsPage.executionRow.filter({
+      hasText: flowId,
+    });
 
-    await executionsPage.screenshot({ path: 'Executions.png' });
+    await expect(flowExecutions).toHaveCount(4);
+    await expect(flowExecutions.first()).toContainText('Success');
+    await expect(flowExecutions.first()).not.toContainText('Test run');
+    for (let testFlow = 1; testFlow < 4; testFlow++) {
+      await expect(flowExecutions.nth(testFlow)).toContainText('Test run');
+      await expect(flowExecutions.nth(testFlow)).toContainText('Success');
+    }
   });
 });

packages/web/src/components/ExecutionHeader/index.jsx

@@ -10,7 +10,7 @@ import { ExecutionPropType } from 'propTypes/propTypes';
 
 function ExecutionName(props) {
   return (
-    <Typography variant="h3" gutterBottom>
+    <Typography data-test="execution-name" variant="h3" gutterBottom>
       {props.name}
     </Typography>
   );
@@ -29,7 +29,7 @@ function ExecutionId(props) {
   );
   return (
     <Box sx={{ display: 'flex' }}>
-      <Typography variant="body2">
+      <Typography data-test="execution-id" variant="body2">
         {formatMessage('execution.id', { id })}
       </Typography>
     </Box>
@@ -47,7 +47,7 @@ function ExecutionDate(props) {
     <Tooltip
       title={createdAt.toLocaleString(DateTime.DATETIME_FULL_WITH_SECONDS)}
     >
-      <Typography variant="body1" gutterBottom>
+      <Typography data-test="execution-created-at" variant="body1" gutterBottom>
         {relativeCreatedAt}
       </Typography>
     </Tooltip>

packages/web/src/components/ExecutionStep/index.jsx

@@ -36,7 +36,11 @@ function ExecutionStepId(props) {
 
   return (
     <Box sx={{ display: 'flex' }} gridArea="id">
-      <Typography variant="caption" fontWeight="bold">
+      <Typography
+        data-test="execution-step-id"
+        variant="caption"
+        fontWeight="bold"
+      >
         {formatMessage('executionStep.id', { id })}
       </Typography>
     </Box>
@@ -56,7 +60,11 @@ function ExecutionStepDate(props) {
     <Tooltip
       title={createdAt.toLocaleString(DateTime.DATETIME_FULL_WITH_SECONDS)}
     >
-      <Typography variant="caption" gutterBottom>
+      <Typography
+        data-test="execution-step-executed-at"
+        variant="caption"
+        gutterBottom
+      >
         {formatMessage('executionStep.executedAt', {
           datetime: relativeCreatedAt,
         })}
@@ -119,12 +127,12 @@ function ExecutionStep(props) {
             <ExecutionStepId id={executionStep.step.id} />
 
             <Box flex="1" gridArea="step">
-              <Typography variant="caption">
+              <Typography data-test="step-type" variant="caption">
                 {isTrigger && formatMessage('flowStep.triggerType')}
                 {isAction && formatMessage('flowStep.actionType')}
               </Typography>
 
-              <Typography variant="body2">
+              <Typography data-test="step-position-and-name" variant="body2">
                 {step.position}. {app?.name}
               </Typography>
             </Box>
@@ -152,7 +160,7 @@ function ExecutionStep(props) {
           </Tabs>
         </Box>
 
-        <TabPanel value={activeTabIndex} index={0}>
+        <TabPanel value={activeTabIndex} index={0} data-test="data-in-panel">
           <SearchableJSONViewer data={executionStep.dataIn} />
         </TabPanel>
 

packages/web/src/components/ForgotPasswordForm/index.ee.jsx

@@ -1,8 +1,8 @@
 import * as React from 'react';
 import Paper from '@mui/material/Paper';
 import Typography from '@mui/material/Typography';
+import Alert from '@mui/material/Alert';
 import LoadingButton from '@mui/lab/LoadingButton';
-import { enqueueSnackbar } from 'notistack';
 
 import useForgotPassword from 'hooks/useForgotPassword';
 import Form from 'components/Form';
@@ -12,25 +12,17 @@ import useFormatMessage from 'hooks/useFormatMessage';
 export default function ForgotPasswordForm() {
   const formatMessage = useFormatMessage();
   const {
-    mutateAsync: forgotPassword,
+    mutate: forgotPassword,
     isPending: loading,
     isSuccess,
+    isError,
+    error,
   } = useForgotPassword();
 
-  const handleSubmit = async (values) => {
-    const { email } = values;
-    try {
-      await forgotPassword({
-        email,
-      });
-    } catch (error) {
-      enqueueSnackbar(
-        error?.message || formatMessage('forgotPasswordForm.error'),
-        {
-          variant: 'error',
-        },
-      );
-    }
+  const handleSubmit = ({ email }) => {
+    forgotPassword({
+      email,
+    });
   };
 
   return (
@@ -57,6 +49,16 @@ export default function ForgotPasswordForm() {
           margin="dense"
           autoComplete="username"
         />
+        {isError && (
+          <Alert severity="error" sx={{ mt: 2 }}>
+            {error?.message || formatMessage('forgotPasswordForm.error')}
+          </Alert>
+        )}
+        {isSuccess && (
+          <Alert severity="success" sx={{ mt: 2 }}>
+            {formatMessage('forgotPasswordForm.instructionsSent')}
+          </Alert>
+        )}
         <LoadingButton
           type="submit"
           variant="contained"
@@ -68,14 +70,6 @@ export default function ForgotPasswordForm() {
         >
           {formatMessage('forgotPasswordForm.submit')}
         </LoadingButton>
-        {isSuccess && (
-          <Typography
-            variant="body1"
-            sx={{ color: (theme) => theme.palette.success.main }}
-          >
-            {formatMessage('forgotPasswordForm.instructionsSent')}
-          </Typography>
-        )}
       </Form>
     </Paper>
   );

packages/web/src/components/LoginForm/index.jsx

@@ -2,6 +2,7 @@ import * as React from 'react';
 import { useNavigate, Link as RouterLink } from 'react-router-dom';
 import Paper from '@mui/material/Paper';
 import Link from '@mui/material/Link';
+import Alert from '@mui/material/Alert';
 import Typography from '@mui/material/Typography';
 import LoadingButton from '@mui/lab/LoadingButton';
 import useAuthentication from 'hooks/useAuthentication';
@@ -11,7 +12,6 @@ import Form from 'components/Form';
 import TextField from 'components/TextField';
 import useFormatMessage from 'hooks/useFormatMessage';
 import useCreateAccessToken from 'hooks/useCreateAccessToken';
-import { Alert } from '@mui/material';
 
 function LoginForm() {
   const isCloud = useCloud();
@@ -45,7 +45,7 @@ function LoginForm() {
 
   const renderError = () => {
     const errors = error?.response?.data?.errors?.general || [
-      formatMessage('loginForm.error'),
+      error?.message || formatMessage('loginForm.error'),
     ];
 
     return errors.map((error) => (

packages/web/src/components/ResetPasswordForm/index.ee.jsx

@@ -2,6 +2,7 @@ import { yupResolver } from '@hookform/resolvers/yup';
 import LoadingButton from '@mui/lab/LoadingButton';
 import Paper from '@mui/material/Paper';
 import Typography from '@mui/material/Typography';
+import Alert from '@mui/material/Alert';
 import useEnqueueSnackbar from 'hooks/useEnqueueSnackbar';
 import * as React from 'react';
 import { useNavigate, useSearchParams } from 'react-router-dom';
@@ -30,6 +31,8 @@ export default function ResetPasswordForm() {
     mutateAsync: resetPassword,
     isPending,
     isSuccess,
+    error,
+    isError,
   } = useResetPassword();
   const token = searchParams.get('token');
 
@@ -47,14 +50,23 @@ export default function ResetPasswordForm() {
         },
       });
       navigate(URLS.LOGIN);
-    } catch (error) {
-      enqueueSnackbar(
-        error?.message || formatMessage('resetPasswordForm.error'),
-        {
-          variant: 'error',
-        },
-      );
+    } catch {}
+  };
+
+  const renderError = () => {
+    if (!isError) {
+      return null;
     }
+
+    const errors = error?.response?.data?.errors?.general || [
+      error?.message || formatMessage('resetPasswordForm.error'),
+    ];
+
+    return errors.map((error) => (
+      <Alert severity="error" sx={{ mt: 2 }}>
+        {error}
+      </Alert>
+    ));
   };
 
   return (
@@ -96,7 +108,6 @@ export default function ResetPasswordForm() {
                   : ''
               }
             />
-
             <TextField
               label={formatMessage(
                 'resetPasswordForm.confirmPasswordFieldLabel',
@@ -117,7 +128,7 @@ export default function ResetPasswordForm() {
                   : ''
               }
             />
-
+            {renderError()}
             <LoadingButton
               type="submit"
               variant="contained"

packages/web/src/pages/Authentication/RoleMappings.jsx

@@ -66,8 +66,8 @@ function RoleMappings({ provider, providerLoading }) {
   const enqueueSnackbar = useEnqueueSnackbar();
 
   const {
-    mutateAsync: updateSamlAuthProvidersRoleMappings,
-    isPending: isUpdateSamlAuthProvidersRoleMappingsPending,
+    mutateAsync: updateRoleMappings,
+    isPending: isUpdateRoleMappingsPending,
   } = useAdminUpdateSamlAuthProviderRoleMappings(provider?.id);
 
   const { data, isLoading: isAdminSamlAuthProviderRoleMappingsLoading } =
@@ -79,7 +79,7 @@ function RoleMappings({ provider, providerLoading }) {
   const handleRoleMappingsUpdate = async (values) => {
     try {
       if (provider?.id) {
-        await updateSamlAuthProvidersRoleMappings(
+        await updateRoleMappings(
           values.roleMappings.map(({ roleId, remoteRoleName }) => ({
             roleId,
             remoteRoleName,
@@ -148,7 +148,7 @@ function RoleMappings({ provider, providerLoading }) {
             variant="contained"
             color="primary"
             sx={{ boxShadow: 2 }}
-            loading={isUpdateSamlAuthProvidersRoleMappingsPending}
+            loading={isUpdateRoleMappingsPending}
           >
             {formatMessage('roleMappingsForm.save')}
           </LoadingButton>