src/routes/test/eventlog-test.js

/* jslint node:true */
/* global it:false */
/* global describe:false */
/* global before:false */
/* global after:false */

'use strict';

var async = require('async'),
    constants = require('../../constants.js'),
    database = require('../../database.js'),
    eventlogdb = require('../../eventlogdb.js'),
    expect = require('expect.js'),
    hat = require('../../hat.js'),
    superagent = require('superagent'),
    server = require('../../server.js'),
    tokendb = require('../../tokendb.js');

var SERVER_URL = 'http://localhost:' + constants.PORT;

var USERNAME = 'superadmin', PASSWORD = 'Foobar?1337', EMAIL ='silly@me.com';
var token = null;

var USER_1_ID = null, token_1;

var EVENT_0 = {
    id: 'event_0',
    action: 'foobaraction',
    source: {
        ip: '127.0.0.1'
    },
    data: {
        something: 'is there'
    }
};

function setup(done) {
    async.series([
        server.start.bind(server),

        database._clear,

        function createAdmin(callback) {
            superagent.post(SERVER_URL + '/api/v1/cloudron/activate')
                .query({ setupToken: 'somesetuptoken' })
                .send({ username: USERNAME, password: PASSWORD, email: EMAIL })
                .end(function (error, result) {
                    expect(result).to.be.ok();
                    expect(result.statusCode).to.eql(201);

                    // stash token for further use
                    token = result.body.token;

                    callback();
                });
        },

        function (callback) {
            superagent.post(SERVER_URL + '/api/v1/users')
                .query({ access_token: token })
                .send({ username: 'nonadmin', email: 'notadmin@server.test' })
                .end(function (err, res) {
                    expect(res.statusCode).to.equal(201);

                    USER_1_ID = res.body.id;

                    callback(null);
                });
        },

        function (callback) {
            token_1 = hat(8 * 32);

            // HACK to get a token for second user (passwords are generated and the user should have gotten a password setup link...)
            tokendb.add({ id: 'tid-0', accessToken: token_1, identifier: USER_1_ID, clientId: 'test-client-id', expires: Date.now() + 100000, scope: 'unused', name: '' }, callback);
        },

        function (callback) {
            eventlogdb.add(EVENT_0.id, EVENT_0.action, EVENT_0.source, EVENT_0.data, callback);
        }

    ], done);
}

function cleanup(done) {
    database._clear(function (error) {
        expect(!error).to.be.ok();

        server.stop(done);
    });
}

describe('Eventlog API', function () {
    before(setup);
    after(cleanup);

    describe('get', function () {
        it('fails due to wrong token', function (done) {
            superagent.get(SERVER_URL + '/api/v1/cloudron/eventlog/' + EVENT_0.id)
                .query({ access_token: token.toUpperCase() })
                .end(function (error, result) {
                    expect(result.statusCode).to.equal(401);

                    done();
                });
        });

        it('fails for non-admin', function (done) {
            superagent.get(SERVER_URL + '/api/v1/cloudron/eventlog/' + EVENT_0.id)
                .query({ access_token: token_1 })
                .end(function (error, result) {
                    expect(result.statusCode).to.equal(403);

                    done();
                });
        });

        it('fails if not exists', function (done) {
            superagent.get(SERVER_URL + '/api/v1/cloudron/eventlog/doesnotexist')
                .query({ access_token: token })
                .end(function (error, result) {
                    expect(result.statusCode).to.equal(404);

                    done();
                });
        });

        it('succeeds for admin', function (done) {
            superagent.get(SERVER_URL + '/api/v1/cloudron/eventlog/' + EVENT_0.id)
                .query({ access_token: token })
                .end(function (error, result) {
                    expect(result.statusCode).to.equal(200);
                    expect(result.body.event).to.be.an('object');
                    expect(result.body.event.creationTime).to.be.a('string');

                    delete result.body.event.creationTime;
                    expect(result.body.event).to.eql(EVENT_0);

                    done();
                });
        });
    });

    describe('list', function () {
        it('fails due to wrong token', function (done) {
            superagent.get(SERVER_URL + '/api/v1/cloudron/eventlog')
                .query({ access_token: token.toUpperCase() })
                .end(function (error, result) {
                    expect(result.statusCode).to.equal(401);
                    done();
                });
        });

        it('fails for non-admin', function (done) {
            superagent.get(SERVER_URL + '/api/v1/cloudron/eventlog')
                .query({ access_token: token_1, page: 1, per_page: 10 })
                .end(function (error, result) {
                    expect(result.statusCode).to.equal(403);

                    done();
                });
        });

        it('succeeds for admin', function (done) {
            superagent.get(SERVER_URL + '/api/v1/cloudron/eventlog')
                .query({ access_token: token, page: 1, per_page: 10 })
                .end(function (error, result) {
                    expect(result.statusCode).to.equal(200);
                    expect(result.body.eventlogs.length >= 2).to.be.ok(); // activate, user.add

                    done();
                });
        });

        it('succeeds with deprecated action', function (done) {
            superagent.get(SERVER_URL + '/api/v1/cloudron/eventlog')
                .query({ access_token: token, page: 1, per_page: 10, action: 'cloudron.activate' })
                .end(function (error, result) {
                    expect(result.statusCode).to.equal(200);
                    expect(result.body.eventlogs.length).to.equal(1);

                    done();
                });
        });

        it('succeeds with actions', function (done) {
            superagent.get(SERVER_URL + '/api/v1/cloudron/eventlog')
                .query({ access_token: token, page: 1, per_page: 10, actions: 'cloudron.activate, user.add' })
                .end(function (error, result) {
                    expect(result.statusCode).to.equal(200);
                    expect(result.body.eventlogs.length).to.equal(3);

                    done();
                });
        });

        it('succeeds with search', function (done) {
            superagent.get(SERVER_URL + '/api/v1/cloudron/eventlog')
                .query({ access_token: token, page: 1, per_page: 10, search: EMAIL })
                .end(function (error, result) {
                    expect(result.statusCode).to.equal(200);
                    expect(result.body.eventlogs.length).to.equal(1);

                    done();
                });
        });

        it('succeeds with search', function (done) {
            superagent.get(SERVER_URL + '/api/v1/cloudron/eventlog')
                .query({ access_token: token, page: 1, per_page: 10, search: EMAIL, actions: 'cloudron.activate' })
                .end(function (error, result) {
                    expect(result.statusCode).to.equal(200);
                    expect(result.body.eventlogs.length).to.equal(0);

                    done();
                });
        });
    });
});
eventlog tests 2016-05-02 14:54:25 -07:00			`/* jslint node:true */`
			`/* global it:false */`
			`/* global describe:false */`
			`/* global before:false */`
			`/* global after:false */`

			`'use strict';`

SCOPE_* vars are unused now 2020-02-11 17:32:58 -08:00			`var async = require('async'),`
Make port a constant 2019-07-25 15:43:51 -07:00			`constants = require('../../constants.js'),`
eventlog tests 2016-05-02 14:54:25 -07:00			`database = require('../../database.js'),`
Add tests for getting a single eventlog item 2019-01-23 17:11:57 +01:00			`eventlogdb = require('../../eventlogdb.js'),`
eventlog tests 2016-05-02 14:54:25 -07:00			`expect = require('expect.js'),`
Fix tests 2019-02-15 14:40:15 -08:00			`hat = require('../../hat.js'),`
eventlog tests 2016-05-02 14:54:25 -07:00			`superagent = require('superagent'),`
			`server = require('../../server.js'),`
			`tokendb = require('../../tokendb.js');`

Make port a constant 2019-07-25 15:43:51 -07:00			`var SERVER_URL = 'http://localhost:' + constants.PORT;`
eventlog tests 2016-05-02 14:54:25 -07:00
			`var USERNAME = 'superadmin', PASSWORD = 'Foobar?1337', EMAIL ='silly@me.com';`
			`var token = null;`

			`var USER_1_ID = null, token_1;`

Add tests for getting a single eventlog item 2019-01-23 17:11:57 +01:00			`var EVENT_0 = {`
			`id: 'event_0',`
			`action: 'foobaraction',`
			`source: {`
			`ip: '127.0.0.1'`
			`},`
			`data: {`
			`something: 'is there'`
			`}`
			`};`

eventlog tests 2016-05-02 14:54:25 -07:00			`function setup(done) {`
			`async.series([`
			`server.start.bind(server),`

			`database._clear,`

			`function createAdmin(callback) {`
			`superagent.post(SERVER_URL + '/api/v1/cloudron/activate')`
remove caas dep from tests 2018-01-18 13:41:10 -08:00			`.query({ setupToken: 'somesetuptoken' })`
			`.send({ username: USERNAME, password: PASSWORD, email: EMAIL })`
			`.end(function (error, result) {`
			`expect(result).to.be.ok();`
			`expect(result.statusCode).to.eql(201);`
eventlog tests 2016-05-02 14:54:25 -07:00
remove caas dep from tests 2018-01-18 13:41:10 -08:00			`// stash token for further use`
			`token = result.body.token;`
eventlog tests 2016-05-02 14:54:25 -07:00
remove caas dep from tests 2018-01-18 13:41:10 -08:00			`callback();`
			`});`
eventlog tests 2016-05-02 14:54:25 -07:00			`},`

			`function (callback) {`
			`superagent.post(SERVER_URL + '/api/v1/users')`
remove caas dep from tests 2018-01-18 13:41:10 -08:00			`.query({ access_token: token })`
migrate permissions and admin flag to user.role 2020-02-21 12:17:06 -08:00			`.send({ username: 'nonadmin', email: 'notadmin@server.test' })`
remove caas dep from tests 2018-01-18 13:41:10 -08:00			`.end(function (err, res) {`
			`expect(res.statusCode).to.equal(201);`
eventlog tests 2016-05-02 14:54:25 -07:00
remove caas dep from tests 2018-01-18 13:41:10 -08:00			`USER_1_ID = res.body.id;`
eventlog tests 2016-05-02 14:54:25 -07:00
remove caas dep from tests 2018-01-18 13:41:10 -08:00			`callback(null);`
			`});`
eventlog tests 2016-05-02 14:54:25 -07:00			`},`

			`function (callback) {`
Fix tests 2019-02-15 14:40:15 -08:00			`token_1 = hat(8 * 32);`
eventlog tests 2016-05-02 14:54:25 -07:00
			`// HACK to get a token for second user (passwords are generated and the user should have gotten a password setup link...)`
SCOPE_* vars are unused now 2020-02-11 17:32:58 -08:00			`tokendb.add({ id: 'tid-0', accessToken: token_1, identifier: USER_1_ID, clientId: 'test-client-id', expires: Date.now() + 100000, scope: 'unused', name: '' }, callback);`
Add tests for getting a single eventlog item 2019-01-23 17:11:57 +01:00			`},`

			`function (callback) {`
			`eventlogdb.add(EVENT_0.id, EVENT_0.action, EVENT_0.source, EVENT_0.data, callback);`
eventlog tests 2016-05-02 14:54:25 -07:00			`}`

			`], done);`
			`}`

			`function cleanup(done) {`
			`database._clear(function (error) {`
			`expect(!error).to.be.ok();`

			`server.stop(done);`
			`});`
			`}`

			`describe('Eventlog API', function () {`
			`before(setup);`
			`after(cleanup);`

			`describe('get', function () {`
Add tests for getting a single eventlog item 2019-01-23 17:11:57 +01:00			`it('fails due to wrong token', function (done) {`
			`superagent.get(SERVER_URL + '/api/v1/cloudron/eventlog/' + EVENT_0.id)`
			`.query({ access_token: token.toUpperCase() })`
			`.end(function (error, result) {`
			`expect(result.statusCode).to.equal(401);`

			`done();`
			`});`
			`});`

			`it('fails for non-admin', function (done) {`
			`superagent.get(SERVER_URL + '/api/v1/cloudron/eventlog/' + EVENT_0.id)`
			`.query({ access_token: token_1 })`
			`.end(function (error, result) {`
			`expect(result.statusCode).to.equal(403);`

			`done();`
			`});`
			`});`

			`it('fails if not exists', function (done) {`
			`superagent.get(SERVER_URL + '/api/v1/cloudron/eventlog/doesnotexist')`
			`.query({ access_token: token })`
			`.end(function (error, result) {`
			`expect(result.statusCode).to.equal(404);`

			`done();`
			`});`
			`});`

			`it('succeeds for admin', function (done) {`
			`superagent.get(SERVER_URL + '/api/v1/cloudron/eventlog/' + EVENT_0.id)`
			`.query({ access_token: token })`
			`.end(function (error, result) {`
			`expect(result.statusCode).to.equal(200);`
			`expect(result.body.event).to.be.an('object');`
			`expect(result.body.event.creationTime).to.be.a('string');`

			`delete result.body.event.creationTime;`
			`expect(result.body.event).to.eql(EVENT_0);`

			`done();`
			`});`
			`});`
			`});`

			`describe('list', function () {`
eventlog tests 2016-05-02 14:54:25 -07:00			`it('fails due to wrong token', function (done) {`
move eventlog api into /api/v1/cloudron 2017-04-18 14:53:08 -07:00			`superagent.get(SERVER_URL + '/api/v1/cloudron/eventlog')`
remove caas dep from tests 2018-01-18 13:41:10 -08:00			`.query({ access_token: token.toUpperCase() })`
			`.end(function (error, result) {`
			`expect(result.statusCode).to.equal(401);`
			`done();`
			`});`
eventlog tests 2016-05-02 14:54:25 -07:00			`});`

			`it('fails for non-admin', function (done) {`
move eventlog api into /api/v1/cloudron 2017-04-18 14:53:08 -07:00			`superagent.get(SERVER_URL + '/api/v1/cloudron/eventlog')`
remove caas dep from tests 2018-01-18 13:41:10 -08:00			`.query({ access_token: token_1, page: 1, per_page: 10 })`
			`.end(function (error, result) {`
			`expect(result.statusCode).to.equal(403);`
eventlog tests 2016-05-02 14:54:25 -07:00
remove caas dep from tests 2018-01-18 13:41:10 -08:00			`done();`
			`});`
eventlog tests 2016-05-02 14:54:25 -07:00			`});`

			`it('succeeds for admin', function (done) {`
move eventlog api into /api/v1/cloudron 2017-04-18 14:53:08 -07:00			`superagent.get(SERVER_URL + '/api/v1/cloudron/eventlog')`
remove caas dep from tests 2018-01-18 13:41:10 -08:00			`.query({ access_token: token, page: 1, per_page: 10 })`
			`.end(function (error, result) {`
			`expect(result.statusCode).to.equal(200);`
			`expect(result.body.eventlogs.length >= 2).to.be.ok(); // activate, user.add`
eventlog tests 2016-05-02 14:54:25 -07:00
remove caas dep from tests 2018-01-18 13:41:10 -08:00			`done();`
			`});`
eventlog tests 2016-05-02 14:54:25 -07:00			`});`
Add more query options for eventlog api 2016-05-06 16:49:17 +02:00
Support multiple actions for eventlog api 2018-03-05 11:14:36 +01:00			`it('succeeds with deprecated action', function (done) {`
move eventlog api into /api/v1/cloudron 2017-04-18 14:53:08 -07:00			`superagent.get(SERVER_URL + '/api/v1/cloudron/eventlog')`
remove caas dep from tests 2018-01-18 13:41:10 -08:00			`.query({ access_token: token, page: 1, per_page: 10, action: 'cloudron.activate' })`
			`.end(function (error, result) {`
			`expect(result.statusCode).to.equal(200);`
			`expect(result.body.eventlogs.length).to.equal(1);`
Add more query options for eventlog api 2016-05-06 16:49:17 +02:00
remove caas dep from tests 2018-01-18 13:41:10 -08:00			`done();`
			`});`
Add more query options for eventlog api 2016-05-06 16:49:17 +02:00			`});`

Support multiple actions for eventlog api 2018-03-05 11:14:36 +01:00			`it('succeeds with actions', function (done) {`
			`superagent.get(SERVER_URL + '/api/v1/cloudron/eventlog')`
			`.query({ access_token: token, page: 1, per_page: 10, actions: 'cloudron.activate, user.add' })`
			`.end(function (error, result) {`
			`expect(result.statusCode).to.equal(200);`
			`expect(result.body.eventlogs.length).to.equal(3);`

			`done();`
			`});`
			`});`

Add more query options for eventlog api 2016-05-06 16:49:17 +02:00			`it('succeeds with search', function (done) {`
move eventlog api into /api/v1/cloudron 2017-04-18 14:53:08 -07:00			`superagent.get(SERVER_URL + '/api/v1/cloudron/eventlog')`
remove caas dep from tests 2018-01-18 13:41:10 -08:00			`.query({ access_token: token, page: 1, per_page: 10, search: EMAIL })`
			`.end(function (error, result) {`
			`expect(result.statusCode).to.equal(200);`
migrate permissions and admin flag to user.role 2020-02-21 12:17:06 -08:00			`expect(result.body.eventlogs.length).to.equal(1);`
Add more query options for eventlog api 2016-05-06 16:49:17 +02:00
remove caas dep from tests 2018-01-18 13:41:10 -08:00			`done();`
			`});`
Add more query options for eventlog api 2016-05-06 16:49:17 +02:00			`});`

			`it('succeeds with search', function (done) {`
move eventlog api into /api/v1/cloudron 2017-04-18 14:53:08 -07:00			`superagent.get(SERVER_URL + '/api/v1/cloudron/eventlog')`
Support multiple actions for eventlog api 2018-03-05 11:14:36 +01:00			`.query({ access_token: token, page: 1, per_page: 10, search: EMAIL, actions: 'cloudron.activate' })`
remove caas dep from tests 2018-01-18 13:41:10 -08:00			`.end(function (error, result) {`
			`expect(result.statusCode).to.equal(200);`
			`expect(result.body.eventlogs.length).to.equal(0);`
Add more query options for eventlog api 2016-05-06 16:49:17 +02:00
remove caas dep from tests 2018-01-18 13:41:10 -08:00			`done();`
			`});`
Add more query options for eventlog api 2016-05-06 16:49:17 +02:00			`});`
eventlog tests 2016-05-02 14:54:25 -07:00			`});`
			`});`