jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
898cbd01b375a79efff606cf8d73582ba3b9234f
cloudron-box/src/routes/test/groups-test.js
Girish Ramakrishnan 898cbd01b3 tokens table always has canonical scope
2018-06-17 23:11:36 -07:00

340 lines
13 KiB
JavaScript
Raw Blame History

/* jslint node:true */
/* global it:false */
/* global describe:false */
/* global before:false */
/* global after:false */
'use strict';
var accesscontrol = require('../../accesscontrol.js'),
async = require('async'),
config = require('../../config.js'),
database = require('../../database.js'),
expect = require('expect.js'),
groups = require('../../groups.js'),
superagent = require('superagent'),
server = require('../../server.js'),
tokendb = require('../../tokendb.js');
var SERVER_URL = 'http://localhost:' + config.get('port');
var USERNAME = 'superadmin', PASSWORD = 'Foobar?1337', EMAIL ='silly@me.com';
var USERNAME_1 = 'user', PASSWORD_1 = 'Foobar?1337', EMAIL_1 ='happy@me.com';
var token, token_1 = null;
var userId, userId_1 = null;
var GROUP_NAME = 'externals';
var groupObject;
function setup(done) {
config._reset();
config.setFqdn('example-groups-test.com');
async.series([
server.start.bind(server),
database._clear,
function createAdmin(callback) {
superagent.post(SERVER_URL + '/api/v1/cloudron/activate')
.query({ setupToken: 'somesetuptoken' })
.send({ username: USERNAME, password: PASSWORD, email: EMAIL })
.end(function (error, result) {
expect(result).to.be.ok();
expect(result.statusCode).to.eql(201);
// stash token for further use
token = result.body.token;
superagent.get(SERVER_URL + '/api/v1/profile')
.query({ access_token: token })
.end(function (error, result) {
expect(result).to.be.ok();
expect(result.statusCode).to.eql(200);
userId = result.body.id;
callback();
});
});
},
function (callback) {
superagent.post(SERVER_URL + '/api/v1/users')
.query({ access_token: token })
.send({ username: USERNAME_1, email: EMAIL_1, invite: false })
.end(function (error, result) {
expect(result).to.be.ok();
expect(result.statusCode).to.eql(201);
token_1 = tokendb.generateToken();
userId_1 = result.body.id;
// HACK to get a token for second user (passwords are generated and the user should have gotten a password setup link...)
tokendb.add(token_1, userId_1, 'test-client-id', Date.now() + 100000, accesscontrol.SCOPE_PROFILE, callback);
});
}
], done);
}
function cleanup(done) {
database._clear(function (error) {
expect(!error).to.be.ok();
server.stop(done);
});
}
describe('Groups API', function () {
before(setup);
after(cleanup);
describe('list', function () {
it('cannot get groups without token', function (done) {
superagent.get(SERVER_URL + '/api/v1/groups')
.end(function (err, res) {
expect(res.statusCode).to.equal(401);
done();
});
});
it('cannot get groups as normal user', function (done) {
superagent.get(SERVER_URL + '/api/v1/groups')
.query({ access_token: token_1 })
.end(function (err, res) {
expect(res.statusCode).to.equal(403);
done();
});
});
it('can get groups', function (done) {
superagent.get(SERVER_URL + '/api/v1/groups')
.query({ access_token: token })
.end(function (err, res) {
expect(res.statusCode).to.equal(200);
expect(res.body.groups).to.be.an(Array);
expect(res.body.groups.length).to.be(1);
expect(res.body.groups[0].name).to.eql('admin');
expect(res.body.groups[0].userIds).to.be.an(Array);
expect(res.body.groups[0].userIds.length).to.be(1);
expect(res.body.groups[0].userIds[0]).to.be(userId);
done();
});
});
});
describe('create', function () {
it('fails due to mising token', function (done) {
superagent.post(SERVER_URL + '/api/v1/groups')
.send({ name: GROUP_NAME})
.end(function (error, result) {
expect(result.statusCode).to.equal(401);
done();
});
});
it('succeeds', function (done) {
superagent.post(SERVER_URL + '/api/v1/groups')
.query({ access_token: token })
.send({ name: GROUP_NAME})
.end(function (error, result) {
expect(result.statusCode).to.equal(201);
groupObject = result.body;
done();
});
});
it('fails for already exists', function (done) {
superagent.post(SERVER_URL + '/api/v1/groups')
.query({ access_token: token })
.send({ name: GROUP_NAME})
.end(function (error, result) {
expect(result.statusCode).to.equal(409);
done();
});
});
});
describe('Roles', function () {
it('can set roles', function (done) {
superagent.put(SERVER_URL + '/api/v1/groups/' + groupObject.id + '/roles')
.query({ access_token: token })
.send({ roles: [ accesscontrol.ROLE_OWNER ]})
.end(function (error, result) {
expect(result.statusCode).to.equal(200);
done();
});
});
it('fails with invalid roles', function (done) {
superagent.put(SERVER_URL + '/api/v1/groups/' + groupObject.id + '/roles')
.query({ access_token: token })
.send({ roles: [ 'bogus' ]})
.end(function (error, result) {
expect(result.statusCode).to.equal(400);
done();
});
});
it('can get roles', function (done) {
superagent.get(SERVER_URL + '/api/v1/groups/' + groupObject.id)
.query({ access_token: token })
.end(function (error, result) {
expect(result.statusCode).to.equal(200);
expect(result.body.roles).to.eql([ accesscontrol.ROLE_OWNER ]);
done();
});
});
});
describe('get', function () {
it('cannot get non-existing group', function (done) {
superagent.get(SERVER_URL + '/api/v1/groups/nope')
.query({ access_token: token })
.end(function (error, result) {
expect(result.statusCode).to.equal(404);
done();
});
});
it('cannot get existing group with normal user', function (done) {
superagent.get(SERVER_URL + '/api/v1/groups/admin')
.query({ access_token: token_1 })
.end(function (error, result) {
expect(result.statusCode).to.equal(403);
done();
});
});
it('can get existing group', function (done) {
superagent.get(SERVER_URL + '/api/v1/groups/admin')
.query({ access_token: token })
.end(function (error, result) {
expect(result.statusCode).to.equal(200);
expect(result.body.name).to.be('admin');
expect(result.body.userIds.length).to.be(1);
expect(result.body.userIds[0]).to.be(userId);
done();
});
});
});
describe('remove', function () {
it('cannot remove without token', function (done) {
superagent.del(SERVER_URL + '/api/v1/groups/externals')
.end(function (error, result) {
expect(result.statusCode).to.equal(401);
done();
});
});
it('can remove empty group', function (done) {
superagent.del(SERVER_URL + '/api/v1/groups/' + groupObject.id)
.send({ password: PASSWORD })
.query({ access_token: token })
.end(function (error, result) {
expect(result.statusCode).to.equal(204);
done();
});
});
it('cannot remove non-empty group', function (done) {
superagent.del(SERVER_URL + '/api/v1/groups/admin')
.send({ password: PASSWORD })
.query({ access_token: token })
.end(function (error, result) {
expect(result.statusCode).to.equal(409);
done();
});
});
});
describe('Set groups', function () {
var group0Object, group1Object;
before(function (done) {
groups.create('group0', [ ], function (e, r) {
group0Object = r;
groups.create('group1', [ ], function (e, r) {
group1Object = r;
done();
});
});
});
it('cannot add user to invalid group', function (done) {
superagent.put(SERVER_URL + '/api/v1/users/' + userId + '/groups')
.query({ access_token: token })
.send({ groupIds: [ 'admin', 'something' ]})
.end(function (error, result) {
expect(result.statusCode).to.equal(404);
done();
});
});
it('can add user to valid group', function (done) {
superagent.put(SERVER_URL + '/api/v1/users/' + userId + '/groups')
.query({ access_token: token })
.send({ groupIds: [ 'admin', group0Object.id, group1Object.id ]})
.end(function (error, result) {
expect(result.statusCode).to.equal(204);
done();
});
});
it('cannot remove self from admin', function (done) {
superagent.put(SERVER_URL + '/api/v1/users/' + userId + '/groups')
.query({ access_token: token })
.send({ groupIds: [ group0Object.id, group1Object.id ]})
.end(function (error, result) {
expect(result.statusCode).to.equal(409); // not allowed
done();
});
});
it('can add another user to admin', function (done) {
superagent.put(SERVER_URL + '/api/v1/users/' + userId_1 + '/groups')
.query({ access_token: token })
.send({ groupIds: [ 'admin' ]})
.end(function (error, result) {
expect(result.statusCode).to.equal(204);
done();
});
});
it('lists members of admin group', function (done) {
superagent.get(SERVER_URL + '/api/v1/groups/admin')
.query({ access_token: token })
.end(function (error, result) {
expect(result.statusCode).to.equal(200);
expect(result.body.userIds.length).to.be(2);
expect(result.body.userIds[0]).to.be(userId);
expect(result.body.userIds[1]).to.be(userId_1);
done();
});
});
it('can add user_1 to admin', function (done) {
superagent.put(SERVER_URL + '/api/v1/users/' + userId_1 + '/groups')
.query({ access_token: token })
.send({ groupIds: [ 'admin' ]})
.end(function (error, result) {
expect(result.statusCode).to.equal(204);
token_1 = tokendb.generateToken();
// HACK to get a token for second user (passwords are generated and the user should have gotten a password setup link...)
tokendb.add(token_1, userId_1, 'test-client-id', Date.now() + 100000, 'users', done);
});
});
it('remove activation user from admin', function (done) {
superagent.put(SERVER_URL + '/api/v1/users/' + userId + '/groups')
.query({ access_token: token_1 })
.send({ groupIds: [ group1Object.id, group0Object.id ]})
.end(function (error, result) {
expect(result.statusCode).to.equal(204); // user_1 is still admin, so we can remove the other person
done();
});
});
});
});
Reference in New Issue View Git Blame Copy Permalink