2016-02-07 20:34:05 -08:00
|
|
|
/* jslint node:true */
|
2026-02-14 09:53:14 +01:00
|
|
|
|
|
|
|
|
import BoxError from '../boxerror.js';
|
2026-02-14 15:43:24 +01:00
|
|
|
import common from './common.js';
|
2026-02-14 09:53:14 +01:00
|
|
|
import expect from 'expect.js';
|
2026-02-14 15:43:24 +01:00
|
|
|
import groups from '../groups.js';
|
2026-02-14 09:53:14 +01:00
|
|
|
import safe from 'safetydance';
|
|
|
|
|
|
2016-02-07 20:34:05 -08:00
|
|
|
/* global it:false */
|
|
|
|
|
/* global describe:false */
|
|
|
|
|
/* global before:false */
|
|
|
|
|
/* global after:false */
|
|
|
|
|
|
|
|
|
|
describe('Groups', function () {
|
2025-02-12 14:09:09 +01:00
|
|
|
const { setup, cleanup, admin, user, auditSource, app } = common;
|
2021-06-28 15:15:28 -07:00
|
|
|
|
2016-02-07 20:34:05 -08:00
|
|
|
before(setup);
|
|
|
|
|
after(cleanup);
|
|
|
|
|
|
2024-12-04 09:48:25 +01:00
|
|
|
const group0Name = 'administrators';
|
|
|
|
|
let group0Object;
|
|
|
|
|
const group1Name = 'externs';
|
|
|
|
|
let group1Object;
|
2021-06-28 15:15:28 -07:00
|
|
|
|
2024-01-19 22:48:29 +01:00
|
|
|
describe('add', function () {
|
2021-06-28 15:15:28 -07:00
|
|
|
it('cannot add group - too small', async function () {
|
2024-12-04 09:48:25 +01:00
|
|
|
const [error] = await safe(groups.add({ name: '' }, auditSource));
|
2019-10-22 16:34:17 -07:00
|
|
|
expect(error.reason).to.be(BoxError.BAD_FIELD);
|
2016-02-07 20:34:05 -08:00
|
|
|
});
|
|
|
|
|
|
2021-06-28 15:15:28 -07:00
|
|
|
it('cannot add group - too big', async function () {
|
2024-12-04 09:48:25 +01:00
|
|
|
const [error] = await safe(groups.add({ name: new Array(256).join('a') }, auditSource));
|
2019-10-22 16:34:17 -07:00
|
|
|
expect(error.reason).to.be(BoxError.BAD_FIELD);
|
2016-02-07 20:34:05 -08:00
|
|
|
});
|
|
|
|
|
|
2021-06-28 15:15:28 -07:00
|
|
|
it('cannot add group - bad name', async function () {
|
2024-12-04 09:48:25 +01:00
|
|
|
const [error] = await safe(groups.add({ name: 'bad:name' }, auditSource));
|
2019-10-22 16:34:17 -07:00
|
|
|
expect(error.reason).to.be(BoxError.BAD_FIELD);
|
2016-02-08 09:41:21 -08:00
|
|
|
});
|
|
|
|
|
|
2021-06-28 15:15:28 -07:00
|
|
|
it('cannot add group - reserved', async function () {
|
2024-12-04 09:48:25 +01:00
|
|
|
const [error] = await safe(groups.add({ name: 'users' }, auditSource));
|
2019-10-22 16:34:17 -07:00
|
|
|
expect(error.reason).to.be(BoxError.BAD_FIELD);
|
2016-02-09 15:47:02 -08:00
|
|
|
});
|
|
|
|
|
|
2021-06-28 15:15:28 -07:00
|
|
|
it('cannot add group - invalid', async function () {
|
2024-12-04 09:48:25 +01:00
|
|
|
const [error] = await safe(groups.add({ name: 'cloudron+admin' }, auditSource));
|
2020-06-04 14:17:56 +02:00
|
|
|
expect(error.reason).to.be(BoxError.BAD_FIELD);
|
|
|
|
|
});
|
|
|
|
|
|
2021-06-28 15:15:28 -07:00
|
|
|
it('cannot add group - invalid source', async function () {
|
2024-12-04 09:48:25 +01:00
|
|
|
const [error] = await safe(groups.add({ name: 'somegroup', source: 'unknownsource' }, auditSource));
|
2019-10-22 16:34:17 -07:00
|
|
|
expect(error.reason).to.be(BoxError.BAD_FIELD);
|
2016-09-30 12:25:42 -07:00
|
|
|
});
|
|
|
|
|
|
2021-06-28 15:15:28 -07:00
|
|
|
it('can add valid groups', async function () {
|
2024-12-04 09:48:25 +01:00
|
|
|
let [error, result] = await safe(groups.add({ name: group0Name }, auditSource));
|
2016-02-07 20:48:06 -08:00
|
|
|
expect(error).to.be(null);
|
2016-09-30 09:18:41 -07:00
|
|
|
group0Object = result;
|
2021-06-28 15:15:28 -07:00
|
|
|
|
2024-12-04 09:48:25 +01:00
|
|
|
[error, result] = await safe(groups.add({ name: group1Name}, auditSource));
|
2021-06-28 15:15:28 -07:00
|
|
|
expect(error).to.be(null);
|
|
|
|
|
group1Object = result;
|
2016-02-07 20:48:06 -08:00
|
|
|
});
|
|
|
|
|
|
2021-06-28 15:15:28 -07:00
|
|
|
it('cannot add existing group with mixed case', async function () {
|
2024-12-04 09:48:25 +01:00
|
|
|
const name = group0Name[0].toUpperCase() + group0Name.slice(1);
|
|
|
|
|
const [error] = await safe(groups.add({ name }, auditSource));
|
2019-10-22 16:34:17 -07:00
|
|
|
expect(error.reason).to.be(BoxError.ALREADY_EXISTS);
|
2016-09-30 12:33:18 -07:00
|
|
|
});
|
|
|
|
|
|
2021-06-28 15:15:28 -07:00
|
|
|
it('cannot add existing group', async function () {
|
2024-12-04 09:48:25 +01:00
|
|
|
const [error] = await safe(groups.add({name: group0Name }, auditSource));
|
2019-10-22 16:34:17 -07:00
|
|
|
expect(error.reason).to.be(BoxError.ALREADY_EXISTS);
|
2016-02-08 09:41:21 -08:00
|
|
|
});
|
2024-01-19 22:48:29 +01:00
|
|
|
});
|
2016-02-08 09:41:21 -08:00
|
|
|
|
2024-01-19 22:48:29 +01:00
|
|
|
describe('get', function () {
|
2021-06-28 15:15:28 -07:00
|
|
|
it('cannot get invalid group', async function () {
|
|
|
|
|
const result = await groups.get('sometrandom');
|
|
|
|
|
expect(result).to.be(null);
|
2016-02-07 20:48:06 -08:00
|
|
|
});
|
|
|
|
|
|
2021-06-28 15:15:28 -07:00
|
|
|
it('can get valid group', async function () {
|
|
|
|
|
const result = await groups.get(group0Object.id);
|
|
|
|
|
expect(result.name).to.equal(group0Name);
|
2016-02-07 20:48:06 -08:00
|
|
|
});
|
2024-01-19 22:48:29 +01:00
|
|
|
});
|
2016-02-07 20:48:06 -08:00
|
|
|
|
2024-01-19 22:48:29 +01:00
|
|
|
describe('members', function () {
|
2021-06-28 15:15:28 -07:00
|
|
|
it('isMember returns false', async function () {
|
2021-08-13 10:41:10 -07:00
|
|
|
const isMember = await groups.isMember(group0Object.id, admin.id);
|
2021-06-28 15:15:28 -07:00
|
|
|
expect(isMember).to.be(false);
|
2016-02-07 20:48:06 -08:00
|
|
|
});
|
|
|
|
|
|
2021-06-28 15:15:28 -07:00
|
|
|
it('can set members', async function () {
|
2024-12-04 09:48:25 +01:00
|
|
|
await groups.setMembers(group0Object, [ admin.id, user.id ], {}, auditSource);
|
2020-12-22 10:34:19 -08:00
|
|
|
});
|
|
|
|
|
|
2021-06-28 15:15:28 -07:00
|
|
|
it('cannot set duplicate members', async function () {
|
2024-12-04 09:48:25 +01:00
|
|
|
const [error] = await safe(groups.setMembers(group0Object, [ admin.id, user.id, admin.id ], {}, auditSource));
|
2021-06-28 15:15:28 -07:00
|
|
|
expect(error.reason).to.be(BoxError.CONFLICT);
|
2016-02-08 10:53:01 -08:00
|
|
|
});
|
|
|
|
|
|
2021-06-28 15:15:28 -07:00
|
|
|
it('can list users of group', async function () {
|
2024-12-04 09:48:25 +01:00
|
|
|
const result = await groups.getMemberIds(group0Object.id);
|
2021-08-13 15:49:59 -07:00
|
|
|
expect(result.sort()).to.eql([ admin.id, user.id ].sort());
|
2016-02-08 09:41:21 -08:00
|
|
|
});
|
|
|
|
|
|
2021-06-28 15:15:28 -07:00
|
|
|
it('cannot list members of non-existent group', async function () {
|
2024-12-04 09:48:25 +01:00
|
|
|
const result = await groups.getMemberIds('randomgroup');
|
2016-02-08 09:41:21 -08:00
|
|
|
expect(result.length).to.be(0); // currently, we cannot differentiate invalid groups and empty groups
|
|
|
|
|
});
|
|
|
|
|
|
2021-06-28 15:15:28 -07:00
|
|
|
it('can getWithMembers', async function () {
|
|
|
|
|
const result = await groups.getWithMembers(group0Object.id);
|
|
|
|
|
expect(result.name).to.be(group0Name);
|
2024-12-04 16:36:05 +01:00
|
|
|
expect(result.userIds.sort()).to.eql([ admin.id, user.id ].sort());
|
2020-12-22 10:34:19 -08:00
|
|
|
});
|
|
|
|
|
|
2024-01-19 22:48:29 +01:00
|
|
|
it('can set group membership', async function () {
|
2024-12-04 09:48:25 +01:00
|
|
|
await groups.setLocalMembership(admin, [ group0Object.id ], auditSource);
|
2024-02-28 15:55:54 +01:00
|
|
|
const groupIds = await groups._getMembership(admin.id);
|
|
|
|
|
expect(groupIds.length).to.be(1);
|
2016-02-08 09:41:21 -08:00
|
|
|
});
|
|
|
|
|
|
2021-06-28 15:15:28 -07:00
|
|
|
it('cannot set user to same group twice', async function () {
|
2024-12-04 09:48:25 +01:00
|
|
|
const [error] = await safe(groups.setLocalMembership(admin, [ group0Object.id, group0Object.id ], auditSource));
|
2021-06-28 15:15:28 -07:00
|
|
|
expect(error.reason).to.be(BoxError.CONFLICT);
|
2016-02-08 09:41:21 -08:00
|
|
|
});
|
|
|
|
|
|
2021-06-28 15:15:28 -07:00
|
|
|
it('can set user to multiple groups', async function () {
|
2024-12-04 09:48:25 +01:00
|
|
|
await groups.setLocalMembership(admin, [ group0Object.id, group1Object.id ], auditSource);
|
2016-02-08 09:41:21 -08:00
|
|
|
});
|
2016-02-13 11:55:30 +01:00
|
|
|
|
2021-06-28 15:15:28 -07:00
|
|
|
it('can get groups membership', async function () {
|
2024-02-28 15:55:54 +01:00
|
|
|
const groupIds = await groups._getMembership(admin.id);
|
2021-06-28 15:15:28 -07:00
|
|
|
expect(groupIds.length).to.be(2);
|
|
|
|
|
expect(groupIds.sort()).to.eql([ group0Object.id, group1Object.id ].sort());
|
2016-02-13 11:55:30 +01:00
|
|
|
});
|
2024-01-19 22:48:29 +01:00
|
|
|
});
|
2016-02-09 15:47:02 -08:00
|
|
|
|
2024-01-19 22:48:29 +01:00
|
|
|
describe('list', function () {
|
2021-06-29 09:44:16 -07:00
|
|
|
it('can list', async function () {
|
|
|
|
|
const result = await groups.list();
|
2021-06-28 15:15:28 -07:00
|
|
|
expect(result.length).to.be(2);
|
|
|
|
|
expect(result[0].name).to.be(group0Name);
|
|
|
|
|
expect(result[1].name).to.be(group1Name);
|
2016-02-09 15:47:02 -08:00
|
|
|
});
|
|
|
|
|
|
2021-06-29 09:44:16 -07:00
|
|
|
it('can listWithMembers', async function () {
|
|
|
|
|
const result = await groups.listWithMembers();
|
2021-06-28 15:15:28 -07:00
|
|
|
expect(result.length).to.be(2);
|
|
|
|
|
expect(result[0].name).to.be(group0Name);
|
2021-08-13 10:41:10 -07:00
|
|
|
expect(result[1].userIds).to.eql([ admin.id ]);
|
2021-06-28 15:15:28 -07:00
|
|
|
expect(result[1].name).to.be(group1Name);
|
2020-12-22 10:34:19 -08:00
|
|
|
});
|
2024-01-19 22:48:29 +01:00
|
|
|
});
|
2020-12-22 10:34:19 -08:00
|
|
|
|
2024-01-19 22:48:29 +01:00
|
|
|
describe('delete', function () {
|
2021-06-28 15:15:28 -07:00
|
|
|
it('cannot delete invalid group', async function () {
|
2024-12-04 09:48:25 +01:00
|
|
|
const [error] = await safe(groups.del({ id: 'random' }, auditSource));
|
2021-06-28 15:15:28 -07:00
|
|
|
expect(error.reason).to.be(BoxError.NOT_FOUND);
|
|
|
|
|
});
|
2016-02-09 15:47:02 -08:00
|
|
|
|
2021-06-28 15:15:28 -07:00
|
|
|
it('can delete valid group', async function () {
|
2024-12-04 09:48:25 +01:00
|
|
|
await groups.setMembers(group0Object, [ admin.id, user.id ], {}, auditSource); // ensure group has some members
|
|
|
|
|
await groups.del(group0Object, auditSource);
|
2016-02-09 15:47:02 -08:00
|
|
|
});
|
|
|
|
|
});
|
2024-01-19 22:28:48 +01:00
|
|
|
|
|
|
|
|
describe('update', function () {
|
|
|
|
|
let groupObject;
|
|
|
|
|
|
|
|
|
|
before(async function () {
|
2024-12-04 09:48:25 +01:00
|
|
|
const [error, result] = await safe(groups.add({ name: 'kootam' }, auditSource));
|
2024-01-19 22:28:48 +01:00
|
|
|
expect(error).to.be(null);
|
|
|
|
|
groupObject = result;
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('cannot set empty group name', async function () {
|
2024-12-04 09:48:25 +01:00
|
|
|
const [error] = await safe(groups.setName(groupObject, '', auditSource));
|
2024-01-19 22:28:48 +01:00
|
|
|
expect(error.reason).to.be(BoxError.BAD_FIELD);
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('cannot set bad group name', async function () {
|
2024-12-04 09:48:25 +01:00
|
|
|
const [error] = await safe(groups.setName(groupObject, '!kootam', auditSource));
|
2024-01-19 22:28:48 +01:00
|
|
|
expect(error.reason).to.be(BoxError.BAD_FIELD);
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('can set group name', async function () {
|
2024-12-04 09:48:25 +01:00
|
|
|
await groups.setName(groupObject, 'kootam2', auditSource);
|
2024-01-19 22:28:48 +01:00
|
|
|
groupObject = await groups.get(groupObject.id);
|
|
|
|
|
expect(groupObject.name).to.be('kootam2');
|
|
|
|
|
});
|
2024-02-28 14:25:07 +01:00
|
|
|
});
|
|
|
|
|
|
2025-02-12 14:09:09 +01:00
|
|
|
describe('app access', function () {
|
|
|
|
|
let groupObject;
|
|
|
|
|
|
|
|
|
|
before(async function () {
|
|
|
|
|
const [error, result] = await safe(groups.add({ name: 'kootam' }, auditSource));
|
|
|
|
|
expect(error).to.be(null);
|
|
|
|
|
groupObject = result;
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('has no app access', async function () {
|
|
|
|
|
expect(groupObject.appIds).to.eql([]);
|
|
|
|
|
|
|
|
|
|
const g1 = await groups.get(groupObject.id);
|
|
|
|
|
expect(g1.appIds).to.eql([]);
|
|
|
|
|
|
|
|
|
|
const g2 = await groups.getByName(groupObject.name);
|
|
|
|
|
expect(g2.appIds).to.eql([]);
|
|
|
|
|
|
|
|
|
|
const g3 = await groups.getWithMembers(groupObject.id);
|
|
|
|
|
expect(g3.appIds).to.eql([]);
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('set app access', async function () {
|
|
|
|
|
await groups.setAllowedApps(groupObject, [ app.id ], auditSource);
|
|
|
|
|
|
|
|
|
|
const g1 = await groups.get(groupObject.id);
|
|
|
|
|
expect(g1.appIds).to.eql([ app.id ]);
|
|
|
|
|
|
|
|
|
|
const g2 = await groups.getByName(groupObject.name);
|
|
|
|
|
expect(g2.appIds).to.eql([ app.id ]);
|
|
|
|
|
|
|
|
|
|
const g3 = await groups.getWithMembers(groupObject.id);
|
|
|
|
|
expect(g3.appIds).to.eql([ app.id ]);
|
|
|
|
|
|
|
|
|
|
const allGroups = await groups.listWithMembers();
|
|
|
|
|
const g4 = allGroups.filter(g => g.id === groupObject.id)[0];
|
|
|
|
|
expect(g4.appIds).to.eql([ app.id ]);
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('cleared app access', async function () {
|
|
|
|
|
await groups.setAllowedApps(groupObject, [ ], auditSource);
|
|
|
|
|
|
|
|
|
|
const g1 = await groups.get(groupObject.id);
|
|
|
|
|
expect(g1.appIds).to.eql([ ]);
|
|
|
|
|
|
|
|
|
|
const g2 = await groups.getByName(groupObject.name);
|
|
|
|
|
expect(g2.appIds).to.eql([ ]);
|
|
|
|
|
|
|
|
|
|
const g3 = await groups.getWithMembers(groupObject.id);
|
|
|
|
|
expect(g3.appIds).to.eql([ ]);
|
|
|
|
|
|
|
|
|
|
const allGroups = await groups.listWithMembers();
|
|
|
|
|
const g4 = allGroups.filter(g => g.id === groupObject.id)[0];
|
|
|
|
|
expect(g4.appIds).to.eql([ ]);
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
2024-02-28 14:25:07 +01:00
|
|
|
describe('ldap group', function () {
|
|
|
|
|
let ldapGroup;
|
|
|
|
|
|
|
|
|
|
before(async function () {
|
2024-12-04 09:48:25 +01:00
|
|
|
ldapGroup = await groups.add({ name: 'ldap-kootam', source: 'ldap' }, auditSource);
|
2024-02-28 14:25:07 +01:00
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('cannot change name', async function () {
|
2024-12-04 09:48:25 +01:00
|
|
|
const [error] = await safe(groups.setName(ldapGroup, 'ldap-kootam2', auditSource));
|
2024-02-28 14:25:07 +01:00
|
|
|
expect(error.reason).to.be(BoxError.BAD_STATE);
|
|
|
|
|
});
|
2024-01-19 22:28:48 +01:00
|
|
|
|
2024-02-28 14:25:07 +01:00
|
|
|
it('cannot set members', async function () {
|
2024-12-04 09:48:25 +01:00
|
|
|
const [error] = await safe(groups.setMembers(ldapGroup, [ admin.id ], { skipSourceSkip: false }, auditSource));
|
2024-01-19 22:28:48 +01:00
|
|
|
expect(error.reason).to.be(BoxError.BAD_STATE);
|
|
|
|
|
});
|
2024-02-28 14:38:42 +01:00
|
|
|
|
|
|
|
|
it('cannot set membership', async function () {
|
2024-12-04 09:48:25 +01:00
|
|
|
const [error] = await safe(groups.setLocalMembership(admin, [ ldapGroup.id ], auditSource));
|
2024-02-28 14:38:42 +01:00
|
|
|
expect(error.reason).to.be(BoxError.BAD_STATE);
|
|
|
|
|
});
|
2024-02-28 15:55:54 +01:00
|
|
|
|
|
|
|
|
it('does not clear remote membership', async function () {
|
2024-12-04 09:48:25 +01:00
|
|
|
await groups.setMembers(ldapGroup, [ admin.id ], { skipSourceCheck: true }, auditSource); // would be called by ldap syncer
|
|
|
|
|
await groups.setLocalMembership(admin, [ group1Object.id ], auditSource);
|
2024-02-28 15:55:54 +01:00
|
|
|
|
|
|
|
|
const groupIds = await groups._getMembership(admin.id);
|
|
|
|
|
expect(groupIds.length).to.be(2);
|
|
|
|
|
expect(groupIds.sort()).to.eql([ group1Object.id, ldapGroup.id ].sort());
|
|
|
|
|
});
|
2024-01-19 22:28:48 +01:00
|
|
|
});
|
2016-02-09 15:47:02 -08:00
|
|
|
});
|
