From 4d2d37f66afc7b9a46ba7bdb31fd4fbbd5580416 Mon Sep 17 00:00:00 2001 From: petruki <31597636+petruki@users.noreply.github.com> Date: Sat, 8 Jul 2023 18:44:29 -0700 Subject: [PATCH] Fixes 401 redirect issue by 403 --- src/exceptions/index.js | 2 +- src/routers/admin.js | 8 +-- tests/admin.test.js | 100 +++++++++++++++++++++----------------- tests/environment.test.js | 26 +++++----- tests/metric.test.js | 2 +- tests/slack.test.js | 6 +-- 6 files changed, 77 insertions(+), 67 deletions(-) diff --git a/src/exceptions/index.js b/src/exceptions/index.js index 4ebafd5..1437d42 100644 --- a/src/exceptions/index.js +++ b/src/exceptions/index.js @@ -23,7 +23,7 @@ export class PermissionError extends Error { constructor(message) { super(message); this.name = this.constructor.name; - this.code = 401; + this.code = 403; Error.captureStackTrace(this, this.constructor); } } diff --git a/src/routers/admin.js b/src/routers/admin.js index 09f6691..6f8a932 100644 --- a/src/routers/admin.js +++ b/src/routers/admin.js @@ -103,10 +103,10 @@ router.post('/admin/collaboration/permission', auth, [ check('router', 'Router name is required').isLength({ min: 1 }) ], validate, async (req, res) => { const element = { - _id: req.body.element.id, - name: req.body.element.name, - key: req.body.element.key, - strategy: req.body.element.strategy + _id: req.body.element?.id, + name: req.body.element?.name, + key: req.body.element?.key, + strategy: req.body.element?.strategy }; let result = []; diff --git a/tests/admin.test.js b/tests/admin.test.js index 082a9ab..50b8649 100644 --- a/tests/admin.test.js +++ b/tests/admin.test.js @@ -17,6 +17,7 @@ import { } from './fixtures/db_api'; import { Team } from '../src/models/team'; import swaggerDocument from '../src/api-docs/swagger-document'; +import { RouterTypes } from '../src/models/permission'; afterAll(async () => { await new Promise(resolve => setTimeout(resolve, 1000)); @@ -914,6 +915,60 @@ describe('Testing Admin logout', () => { }); }); +describe('Testing Admin collaboration endpoint - Reading permissions', () => { + let token; + + beforeAll(async () => { + await setupDatabase(); + + let responseLogin = await request(app) + .post('/admin/login') + .send({ + email: adminMasterAccount.email, + password: adminMasterAccount.password + }).expect(200); + + //add user to 'teamId' + await request(app) + .patch('/team/member/add/' + team1Id) + .set('Authorization', `Bearer ${responseLogin.body.jwt.token}`) + .send({ + member: adminAccountId + }).expect(200); + + //user login + responseLogin = await request(app) + .post('/admin/login') + .send({ + email: adminAccount.email, + password: adminAccount.password + }).expect(200); + + token = responseLogin.body.jwt.token; + }); + + test('ADMIN_SUITE - Should read permissions given request - Group', async () => { + const response = await request(app) + .post('/admin/collaboration/permission') + .set('Authorization', `Bearer ${token}`) + .send({ + domain: domainId, + action: ['READ', 'UPDATE', 'CREATE'], + router: RouterTypes.GROUP + }) + .expect(200); + + expect(response.body.length > 0).toEqual(true); + + const read = response.body.filter(permission => permission.action === 'READ'); + expect(read[0].result).toEqual('ok'); + const update = response.body.filter(permission => permission.action === 'UPDATE'); + expect(update[0].result).toEqual('nok'); + const create = response.body.filter(permission => permission.action === 'CREATE'); + expect(create[0].result).toEqual('nok'); + }); +}); + describe('Testing Admin collaboration endpoint', () => { beforeAll(setupDatabase); @@ -957,51 +1012,6 @@ describe('Testing Admin collaboration endpoint', () => { expect(response.body.length).toEqual(0); }); - test('ADMIN_SUITE - Should read credentials from an user', async () => { - let responseLogin = await request(app) - .post('/admin/login') - .send({ - email: adminMasterAccount.email, - password: adminMasterAccount.password - }).expect(200); - - await request(app) - .patch('/team/member/add/' + team1Id) - .set('Authorization', `Bearer ${responseLogin.body.jwt.token}`) - .send({ - member: adminAccountId - }).expect(200); - - responseLogin = await request(app) - .post('/admin/login') - .send({ - email: adminAccount.email, - password: adminAccount.password - }).expect(200); - - const response = await request(app) - .post('/admin/collaboration/permission') - .set('Authorization', `Bearer ${responseLogin.body.jwt.token}`) - .send({ - domain: domainId, - action: ['READ', 'UPDATE', 'CREATE'], - router: 'GROUP', - element: { - name: 'Optional Group Name Here' - } - }) - .expect(200); - - expect(response.body.length > 0).toEqual(true); - - const read = response.body.filter(credential => credential.action === 'READ'); - expect(read[0].result).toEqual('ok'); - const update = response.body.filter(credential => credential.action === 'UPDATE'); - expect(update[0].result).toEqual('nok'); - const create = response.body.filter(credential => credential.action === 'CREATE'); - expect(create[0].result).toEqual('nok'); - }); - test('ADMIN_SUITE - Should remove user from all teams given a specific Domain', async () => { //given - log user const responseLogin = await request(app) diff --git a/tests/environment.test.js b/tests/environment.test.js index 89dd766..eaea0be 100644 --- a/tests/environment.test.js +++ b/tests/environment.test.js @@ -35,7 +35,7 @@ describe('Insertion tests', () => { }).expect(201); // DB validation - document created - const environment = await Environment.findById(response.body._id).lean(); + const environment = await Environment.findById(response.body._id).lean().exec(); expect(environment).not.toBeNull(); // Response validation @@ -49,7 +49,7 @@ describe('Insertion tests', () => { .send({ name: 'QA', domain: domainId - }).expect(401); + }).expect(403); }); test('ENV_SUITE - Should NOT create a new Environment - Environment already exist', async () => { @@ -121,7 +121,7 @@ describe('Deletion tests', () => { .send().expect(200); // DB validation - document deleted - const environment = await Environment.findById(response.body._id).lean(); + const environment = await Environment.findById(response.body._id).lean().exec(); expect(environment).toBeNull(); }); @@ -134,7 +134,7 @@ describe('Deletion tests', () => { expect(response.body.error).toBe('Unable to delete this environment'); // DB validation - document deleted - const environment = await Environment.findById(environment1._id).lean(); + const environment = await Environment.findById(environment1._id).lean().exec(); expect(environment).not.toBeNull(); }); @@ -164,7 +164,7 @@ describe('Deletion tests', () => { await request(app) .delete('/environment/' + response.body._id) .set('Authorization', `Bearer ${adminAccountToken}`) - .send().expect(401); + .send().expect(403); }); test('ENV_SUITE - Should recover an Environment', async () => { @@ -215,19 +215,19 @@ describe('Deletion tests', () => { env: envName }).expect(201); - let domain = await Domain.findById(domainId).lean(); + let domain = await Domain.findById(domainId).lean().exec(); expect(domain.activated[EnvType.DEFAULT]).toEqual(true); expect(domain.activated[envName]).toEqual(true); - let group = await GroupConfig.findById(groupConfigId).lean(); + let group = await GroupConfig.findById(groupConfigId).lean().exec(); expect(group.activated[EnvType.DEFAULT]).toEqual(true); expect(group.activated[envName]).toEqual(true); - let config = await Config.findById(configId1).lean(); + let config = await Config.findById(configId1).lean().exec(); expect(config.activated[EnvType.DEFAULT]).toEqual(true); expect(config.activated[envName]).toEqual(true); - let strategy = await ConfigStrategy.findById(strategyEnv.body._id).lean(); + let strategy = await ConfigStrategy.findById(strategyEnv.body._id).lean().exec(); expect(strategy.activated[envName]).toEqual(true); await request(app) @@ -235,19 +235,19 @@ describe('Deletion tests', () => { .set('Authorization', `Bearer ${adminMasterAccountToken}`) .send().expect(200); - domain = await Domain.findById(domainId).lean(); + domain = await Domain.findById(domainId).lean().exec(); expect(domain.activated[EnvType.DEFAULT]).toEqual(true); expect(domain.activated[envName]).toEqual(undefined); - group = await GroupConfig.findById(groupConfigId).lean(); + group = await GroupConfig.findById(groupConfigId).lean().exec(); expect(group.activated[EnvType.DEFAULT]).toEqual(true); expect(group.activated[envName]).toEqual(undefined); - config = await Config.findById(configId1).lean(); + config = await Config.findById(configId1).lean().exec(); expect(config.activated[EnvType.DEFAULT]).toEqual(true); expect(config.activated[envName]).toEqual(undefined); - strategy = await ConfigStrategy.findById(strategyEnv.body._id).lean(); + strategy = await ConfigStrategy.findById(strategyEnv.body._id).lean().exec(); expect(strategy).toBeNull(); }); diff --git a/tests/metric.test.js b/tests/metric.test.js index 4ac86dc..395a780 100644 --- a/tests/metric.test.js +++ b/tests/metric.test.js @@ -380,7 +380,7 @@ describe('Delete metrics', () => { await request(app) .delete(`/metric?domainid=${domainId}&key=KEY_1`) .set('Authorization', `Bearer ${adminAccountToken}`) - .send().expect(401); + .send().expect(403); }); test('METRIC_SUITE - Should delete metrics', async () => { diff --git a/tests/slack.test.js b/tests/slack.test.js index 0ee6cf2..89aede4 100644 --- a/tests/slack.test.js +++ b/tests/slack.test.js @@ -246,7 +246,7 @@ describe('Slack Installation', () => { .send({ domain: domainId, team_id: installation.team_id - }).expect(401); + }).expect(403); }); test('SLACK_SUITE - Should NOT authorize installation - Invalid Domain Id', async () => { @@ -445,7 +445,7 @@ describe('Slack Installation', () => { const response = await request(app) .delete(`/slack/v1/installation/unlink?domain=${String(domainId)}`) .set('Authorization', `Bearer ${adminAccountToken}`) - .send().expect(401); + .send().expect(403); expect(response.body.error).toBe('Only the domain owner can unlink integrations'); }); @@ -874,7 +874,7 @@ describe('Slack Route - Process Ticket', () => { .set('Authorization', `Bearer ${adminAccountToken}`) .send({ team_id: slack.team_id - }).expect(401); + }).expect(403); }); }); \ No newline at end of file