Fixes 401 redirect issue by 403

src/exceptions/index.js

@@ -23,7 +23,7 @@ export class PermissionError extends Error {
     constructor(message) {
         super(message);
         this.name = this.constructor.name;
-        this.code = 401;
+        this.code = 403;
         Error.captureStackTrace(this, this.constructor);
     }
 }

src/routers/admin.js

@@ -103,10 +103,10 @@ router.post('/admin/collaboration/permission', auth, [
     check('router', 'Router name is required').isLength({ min: 1 })
 ], validate, async (req, res) => {
     const element = {
-        _id: req.body.element.id,
-        name: req.body.element.name,
-        key: req.body.element.key,
-        strategy: req.body.element.strategy
+        _id: req.body.element?.id,
+        name: req.body.element?.name,
+        key: req.body.element?.key,
+        strategy: req.body.element?.strategy
     };
 
     let result = [];

tests/admin.test.js

@@ -17,6 +17,7 @@ import {
 } from './fixtures/db_api';
 import { Team } from '../src/models/team';
 import swaggerDocument from '../src/api-docs/swagger-document';
+import { RouterTypes } from '../src/models/permission';
 
 afterAll(async () => {
     await new Promise(resolve => setTimeout(resolve, 1000));
@@ -914,6 +915,60 @@ describe('Testing Admin logout', () => {
     });
 });
 
+describe('Testing Admin collaboration endpoint - Reading permissions', () => {
+    let token;
+
+    beforeAll(async () => {
+        await setupDatabase();
+
+        let responseLogin = await request(app)
+        .post('/admin/login')
+        .send({
+            email: adminMasterAccount.email,
+            password: adminMasterAccount.password
+        }).expect(200);
+
+        //add user to 'teamId'
+        await request(app)
+            .patch('/team/member/add/' + team1Id)
+            .set('Authorization', `Bearer ${responseLogin.body.jwt.token}`)
+            .send({
+                member: adminAccountId
+            }).expect(200);
+
+        //user login
+        responseLogin = await request(app)
+            .post('/admin/login')
+            .send({
+                email: adminAccount.email,
+                password: adminAccount.password
+            }).expect(200);
+
+        token = responseLogin.body.jwt.token;
+    });
+
+    test('ADMIN_SUITE - Should read permissions given request - Group', async () => {
+        const response = await request(app)
+            .post('/admin/collaboration/permission')
+            .set('Authorization', `Bearer ${token}`)
+            .send({
+                domain: domainId,
+                action: ['READ', 'UPDATE', 'CREATE'],
+                router: RouterTypes.GROUP
+            })
+            .expect(200);
+
+        expect(response.body.length > 0).toEqual(true);
+
+        const read = response.body.filter(permission => permission.action === 'READ');
+        expect(read[0].result).toEqual('ok');
+        const update = response.body.filter(permission => permission.action === 'UPDATE');
+        expect(update[0].result).toEqual('nok');
+        const create = response.body.filter(permission => permission.action === 'CREATE');
+        expect(create[0].result).toEqual('nok');
+    });
+});
+
 
 describe('Testing Admin collaboration endpoint', () => {
     beforeAll(setupDatabase);
@@ -957,51 +1012,6 @@ describe('Testing Admin collaboration endpoint', () => {
         expect(response.body.length).toEqual(0);
     });
 
-    test('ADMIN_SUITE - Should read credentials from an user', async () => {
-        let responseLogin = await request(app)
-            .post('/admin/login')
-            .send({
-                email: adminMasterAccount.email,
-                password: adminMasterAccount.password
-            }).expect(200);
-
-        await request(app)
-            .patch('/team/member/add/' + team1Id)
-            .set('Authorization', `Bearer ${responseLogin.body.jwt.token}`)
-            .send({
-                member: adminAccountId
-            }).expect(200);
-
-        responseLogin = await request(app)
-            .post('/admin/login')
-            .send({
-                email: adminAccount.email,
-                password: adminAccount.password
-            }).expect(200);
-
-        const response = await request(app)
-            .post('/admin/collaboration/permission')
-            .set('Authorization', `Bearer ${responseLogin.body.jwt.token}`)
-            .send({
-                domain: domainId,
-                action: ['READ', 'UPDATE', 'CREATE'],
-                router: 'GROUP',
-                element: {
-                    name: 'Optional Group Name Here'
-                }
-            })
-            .expect(200);
-
-        expect(response.body.length > 0).toEqual(true);
-
-        const read = response.body.filter(credential => credential.action === 'READ');
-        expect(read[0].result).toEqual('ok');
-        const update = response.body.filter(credential => credential.action === 'UPDATE');
-        expect(update[0].result).toEqual('nok');
-        const create = response.body.filter(credential => credential.action === 'CREATE');
-        expect(create[0].result).toEqual('nok');
-    });
-
     test('ADMIN_SUITE - Should remove user from all teams given a specific Domain', async () => {
         //given - log user
         const responseLogin = await request(app)

tests/environment.test.js

@@ -35,7 +35,7 @@ describe('Insertion tests', () => {
             }).expect(201);
 
         // DB validation - document created
-        const environment = await Environment.findById(response.body._id).lean();
+        const environment = await Environment.findById(response.body._id).lean().exec();
         expect(environment).not.toBeNull();
 
         // Response validation
@@ -49,7 +49,7 @@ describe('Insertion tests', () => {
             .send({
                 name: 'QA',
                 domain: domainId
-            }).expect(401);
+            }).expect(403);
     });
 
     test('ENV_SUITE - Should NOT create a new Environment - Environment already exist', async () => {
@@ -121,7 +121,7 @@ describe('Deletion tests', () => {
             .send().expect(200);
 
         // DB validation - document deleted
-        const environment = await Environment.findById(response.body._id).lean();
+        const environment = await Environment.findById(response.body._id).lean().exec();
         expect(environment).toBeNull();
     });
 
@@ -134,7 +134,7 @@ describe('Deletion tests', () => {
         expect(response.body.error).toBe('Unable to delete this environment');
 
         // DB validation - document deleted
-        const environment = await Environment.findById(environment1._id).lean();
+        const environment = await Environment.findById(environment1._id).lean().exec();
         expect(environment).not.toBeNull();
     });
 
@@ -164,7 +164,7 @@ describe('Deletion tests', () => {
         await request(app)
             .delete('/environment/' + response.body._id)
             .set('Authorization', `Bearer ${adminAccountToken}`)
-            .send().expect(401);
+            .send().expect(403);
     });
 
     test('ENV_SUITE - Should recover an Environment', async () => {
@@ -215,39 +215,39 @@ describe('Deletion tests', () => {
                 env: envName
             }).expect(201);
 
-        let domain = await Domain.findById(domainId).lean();
+        let domain = await Domain.findById(domainId).lean().exec();
         expect(domain.activated[EnvType.DEFAULT]).toEqual(true);
         expect(domain.activated[envName]).toEqual(true);
 
-        let group = await GroupConfig.findById(groupConfigId).lean();
+        let group = await GroupConfig.findById(groupConfigId).lean().exec();
         expect(group.activated[EnvType.DEFAULT]).toEqual(true);
         expect(group.activated[envName]).toEqual(true);
 
-        let config = await Config.findById(configId1).lean();
+        let config = await Config.findById(configId1).lean().exec();
         expect(config.activated[EnvType.DEFAULT]).toEqual(true);
         expect(config.activated[envName]).toEqual(true);
 
-        let strategy = await ConfigStrategy.findById(strategyEnv.body._id).lean();
+        let strategy = await ConfigStrategy.findById(strategyEnv.body._id).lean().exec();
         expect(strategy.activated[envName]).toEqual(true);
 
         await request(app)
             .patch('/environment/recover/' + envId)
             .set('Authorization', `Bearer ${adminMasterAccountToken}`)
             .send().expect(200);
 
-        domain = await Domain.findById(domainId).lean();
+        domain = await Domain.findById(domainId).lean().exec();
         expect(domain.activated[EnvType.DEFAULT]).toEqual(true);
         expect(domain.activated[envName]).toEqual(undefined);
 
-        group = await GroupConfig.findById(groupConfigId).lean();
+        group = await GroupConfig.findById(groupConfigId).lean().exec();
         expect(group.activated[EnvType.DEFAULT]).toEqual(true);
         expect(group.activated[envName]).toEqual(undefined);
 
-        config = await Config.findById(configId1).lean();
+        config = await Config.findById(configId1).lean().exec();
         expect(config.activated[EnvType.DEFAULT]).toEqual(true);
         expect(config.activated[envName]).toEqual(undefined);
 
-        strategy = await ConfigStrategy.findById(strategyEnv.body._id).lean();
+        strategy = await ConfigStrategy.findById(strategyEnv.body._id).lean().exec();
         expect(strategy).toBeNull();
     });
 

tests/metric.test.js

@@ -380,7 +380,7 @@ describe('Delete metrics', () => {
         await request(app)
             .delete(`/metric?domainid=${domainId}&key=KEY_1`)
             .set('Authorization', `Bearer ${adminAccountToken}`)
-            .send().expect(401);
+            .send().expect(403);
     });
 
     test('METRIC_SUITE - Should delete metrics', async () => {

tests/slack.test.js

@@ -246,7 +246,7 @@ describe('Slack Installation', () => {
             .send({
                 domain: domainId,
                 team_id: installation.team_id
-            }).expect(401);
+            }).expect(403);
     });
 
     test('SLACK_SUITE - Should NOT authorize installation - Invalid Domain Id', async () => {
@@ -445,7 +445,7 @@ describe('Slack Installation', () => {
         const response = await request(app)
             .delete(`/slack/v1/installation/unlink?domain=${String(domainId)}`)
             .set('Authorization', `Bearer ${adminAccountToken}`)
-            .send().expect(401);
+            .send().expect(403);
 
         expect(response.body.error).toBe('Only the domain owner can unlink integrations');
     });
@@ -874,7 +874,7 @@ describe('Slack Route - Process Ticket', () => {
             .set('Authorization', `Bearer ${adminAccountToken}`)
             .send({
                 team_id: slack.team_id
-            }).expect(401);
+            }).expect(403);
     });
 
 });