budibase/packages/worker/src/api/routes/tests/auth.spec.js

jest.mock("nodemailer")
const { config, request, mocks, structures } = require("../../../tests")
const sendMailMock = mocks.email.mock()
const { events } = require("@budibase/backend-core")

const TENANT_ID = structures.TENANT_ID

describe("/api/global/auth", () => {
  let code

  beforeAll(async () => {
    await config.beforeAll()
  })

  afterAll(async () => {
    await config.afterAll()
  })

  afterEach(() => {
    jest.clearAllMocks()
  })

  it("should logout", async () => {
    await request
      .post("/api/global/auth/logout")
      .set(config.defaultHeaders())
      .expect(200)
    expect(events.auth.logout.mock.calls.length).toBe(1)
  })

  it("should be able to generate password reset email", async () => {
    // initially configure settings
    await config.saveSmtpConfig()
    await config.saveSettingsConfig()
    await config.createUser()
    const res = await request
      .post(`/api/global/auth/${TENANT_ID}/reset`)
      .send({
        email: "test@test.com",
      })
      .expect("Content-Type", /json/)
      .expect(200)
    expect(res.body).toEqual({ message: "Please check your email for a reset link." })
    expect(sendMailMock).toHaveBeenCalled()
    const emailCall = sendMailMock.mock.calls[0][0]
    // after this URL there should be a code
    const parts = emailCall.html.split(`http://localhost:10000/builder/auth/reset?code=`)
    code = parts[1].split("\"")[0].split("&")[0]
    expect(code).toBeDefined()
  })

  it("should allow resetting user password with code", async () => {
    const res = await request
      .post(`/api/global/auth/${TENANT_ID}/reset/update`)
      .send({
        password: "newpassword",
        resetCode: code,
      })
      .expect("Content-Type", /json/)
      .expect(200)
    expect(res.body).toEqual({ message: "password reset successfully." })
  })

  describe("oidc", () => {
    const auth = require("@budibase/backend-core/auth")

    // mock the oidc strategy implementation and return value
    strategyFactory = jest.fn()
    mockStrategyReturn = jest.fn()
    strategyFactory.mockReturnValue(mockStrategyReturn)
    auth.oidc.strategyFactory = strategyFactory

    const passportSpy = jest.spyOn(auth.passport, "authenticate")
    let oidcConf
    let chosenConfig
    let configId

    beforeEach(async () => {
      oidcConf = await config.saveOIDCConfig()
      chosenConfig = oidcConf.config.configs[0]
      configId = chosenConfig.uuid
    })

    afterEach(() => {
      expect(strategyFactory).toBeCalledWith(
        chosenConfig, 
        `http://localhost:10000/api/global/auth/${TENANT_ID}/oidc/callback`,
        expect.any(Function)
      )
    })

    describe("oidc configs", () => {
      it("should load strategy and delegate to passport", async () => {
        await request.get(`/api/global/auth/${TENANT_ID}/oidc/configs/${configId}`)

        expect(passportSpy).toBeCalledWith(mockStrategyReturn, {
          scope: ["profile", "email"],
        })
        expect(passportSpy.mock.calls.length).toBe(1);
      })
    })

    describe("oidc callback", () => {
      it("should load strategy and delegate to passport", async () => {
        await request.get(`/api/global/auth/${TENANT_ID}/oidc/callback`)
                     .set(config.getOIDConfigCookie(configId))
      
        expect(passportSpy).toBeCalledWith(mockStrategyReturn, {
          successRedirect: "/", failureRedirect: "/error" 
        }, expect.anything())
        expect(passportSpy.mock.calls.length).toBe(1);
      })
    })

  })
})
Reorder jest mock and import statements for email mocking 2022-02-01 10:05:14 +13:00			`jest.mock("nodemailer")`
smtp events + centralise worker test config 2022-04-07 03:57:56 +12:00			`const { config, request, mocks, structures } = require("../../../tests")`
			`const sendMailMock = mocks.email.mock()`
Logout events 2022-04-06 03:56:28 +12:00			`const { events } = require("@budibase/backend-core")`
Revert "Merge pull request #2253 from Budibase/revert-2076-feature/multi-tenants" This reverts commit 0d2e2314d49622c2247605ec7cee675a3c672b29, reversing changes made to 1beca4ee96e6bf2ebe5cd78859c4549614ce7cae. 2021-08-05 20:59:08 +12:00
smtp events + centralise worker test config 2022-04-07 03:57:56 +12:00			`const TENANT_ID = structures.TENANT_ID`
Updating testing system across the board after playing around with it, having the worker tests run when top level test is ran, fixing environment in worker when testing, removing the use of redis (replacing with ioredis-mock) when in test. 2021-05-06 04:49:34 +12:00
Revert "Merge pull request #2253 from Budibase/revert-2076-feature/multi-tenants" This reverts commit 0d2e2314d49622c2247605ec7cee675a3c672b29, reversing changes made to 1beca4ee96e6bf2ebe5cd78859c4549614ce7cae. 2021-08-05 20:59:08 +12:00			`describe("/api/global/auth", () => {`
Updating testing system across the board after playing around with it, having the worker tests run when top level test is ran, fixing environment in worker when testing, removing the use of redis (replacing with ioredis-mock) when in test. 2021-05-06 04:49:34 +12:00			`let code`

			`beforeAll(async () => {`
smtp events + centralise worker test config 2022-04-07 03:57:56 +12:00			`await config.beforeAll()`
Updating testing system across the board after playing around with it, having the worker tests run when top level test is ran, fixing environment in worker when testing, removing the use of redis (replacing with ioredis-mock) when in test. 2021-05-06 04:49:34 +12:00			`})`

smtp events + centralise worker test config 2022-04-07 03:57:56 +12:00			`afterAll(async () => {`
			`await config.afterAll()`
			`})`
Updating testing system across the board after playing around with it, having the worker tests run when top level test is ran, fixing environment in worker when testing, removing the use of redis (replacing with ioredis-mock) when in test. 2021-05-06 04:49:34 +12:00
Unit test auth controller oidc functions 2021-07-12 04:54:18 +12:00			`afterEach(() => {`
			`jest.clearAllMocks()`
			`})`

Logout events 2022-04-06 03:56:28 +12:00			`it("should logout", async () => {`
			`await request`
			`.post("/api/global/auth/logout")`
			`.set(config.defaultHeaders())`
			`.expect(200)`
			`expect(events.auth.logout.mock.calls.length).toBe(1)`
			`})`

Updating testing system across the board after playing around with it, having the worker tests run when top level test is ran, fixing environment in worker when testing, removing the use of redis (replacing with ioredis-mock) when in test. 2021-05-06 04:49:34 +12:00			`it("should be able to generate password reset email", async () => {`
			`// initially configure settings`
			`await config.saveSmtpConfig()`
			`await config.saveSettingsConfig()`
Prevent non builder from accessing dev apps 2021-10-26 04:59:09 +13:00			`await config.createUser()`
Updating testing system across the board after playing around with it, having the worker tests run when top level test is ran, fixing environment in worker when testing, removing the use of redis (replacing with ioredis-mock) when in test. 2021-05-06 04:49:34 +12:00			`const res = await request`
Revert "Merge pull request #2253 from Budibase/revert-2076-feature/multi-tenants" This reverts commit 0d2e2314d49622c2247605ec7cee675a3c672b29, reversing changes made to 1beca4ee96e6bf2ebe5cd78859c4549614ce7cae. 2021-08-05 20:59:08 +12:00			.post(`/api/global/auth/${TENANT_ID}/reset`)
Updating testing system across the board after playing around with it, having the worker tests run when top level test is ran, fixing environment in worker when testing, removing the use of redis (replacing with ioredis-mock) when in test. 2021-05-06 04:49:34 +12:00			`.send({`
			`email: "test@test.com",`
			`})`
			`.expect("Content-Type", /json/)`
			`.expect(200)`
			`expect(res.body).toEqual({ message: "Please check your email for a reset link." })`
			`expect(sendMailMock).toHaveBeenCalled()`
			`const emailCall = sendMailMock.mock.calls[0][0]`
			`// after this URL there should be a code`
Revert "Merge pull request #2253 from Budibase/revert-2076-feature/multi-tenants" This reverts commit 0d2e2314d49622c2247605ec7cee675a3c672b29, reversing changes made to 1beca4ee96e6bf2ebe5cd78859c4549614ce7cae. 2021-08-05 20:59:08 +12:00			const parts = emailCall.html.split(`http://localhost:10000/builder/auth/reset?code=`)
			`code = parts[1].split("\"")[0].split("&")[0]`
Updating testing system across the board after playing around with it, having the worker tests run when top level test is ran, fixing environment in worker when testing, removing the use of redis (replacing with ioredis-mock) when in test. 2021-05-06 04:49:34 +12:00			`expect(code).toBeDefined()`
			`})`

			`it("should allow resetting user password with code", async () => {`
			`const res = await request`
Revert "Merge pull request #2253 from Budibase/revert-2076-feature/multi-tenants" This reverts commit 0d2e2314d49622c2247605ec7cee675a3c672b29, reversing changes made to 1beca4ee96e6bf2ebe5cd78859c4549614ce7cae. 2021-08-05 20:59:08 +12:00			.post(`/api/global/auth/${TENANT_ID}/reset/update`)
Updating testing system across the board after playing around with it, having the worker tests run when top level test is ran, fixing environment in worker when testing, removing the use of redis (replacing with ioredis-mock) when in test. 2021-05-06 04:49:34 +12:00			`.send({`
			`password: "newpassword",`
			`resetCode: code,`
			`})`
			`.expect("Content-Type", /json/)`
			`.expect(200)`
			`expect(res.body).toEqual({ message: "password reset successfully." })`
			`})`
Unit test auth controller oidc functions 2021-07-12 04:54:18 +12:00
			`describe("oidc", () => {`
Refactoring core library usage in monorepo, make it a bit cleaner/easier to search/more standardised. 2022-01-13 00:32:14 +13:00			`const auth = require("@budibase/backend-core/auth")`
Unit test auth controller oidc functions 2021-07-12 04:54:18 +12:00
			`// mock the oidc strategy implementation and return value`
			`strategyFactory = jest.fn()`
			`mockStrategyReturn = jest.fn()`
			`strategyFactory.mockReturnValue(mockStrategyReturn)`
			`auth.oidc.strategyFactory = strategyFactory`

			`const passportSpy = jest.spyOn(auth.passport, "authenticate")`
Refactor auth controller tests to reuse common behaviour 2021-07-13 21:28:15 +12:00			`let oidcConf`
Load oidc config by id 2021-07-14 04:07:48 +12:00			`let chosenConfig`
			`let configId`
Refactor auth controller tests to reuse common behaviour 2021-07-13 21:28:15 +12:00
			`beforeEach(async () => {`
			`oidcConf = await config.saveOIDCConfig()`
Load oidc config by id 2021-07-14 04:07:48 +12:00			`chosenConfig = oidcConf.config.configs[0]`
			`configId = chosenConfig.uuid`
Refactor auth controller tests to reuse common behaviour 2021-07-13 21:28:15 +12:00			`})`

			`afterEach(() => {`
			`expect(strategyFactory).toBeCalledWith(`
Load oidc config by id 2021-07-14 04:07:48 +12:00			`chosenConfig,`
Tests complete + backwards compatibility for deployment 2022-03-22 13:23:22 +13:00			`http://localhost:10000/api/global/auth/${TENANT_ID}/oidc/callback`,
			`expect.any(Function)`
Refactor auth controller tests to reuse common behaviour 2021-07-13 21:28:15 +12:00			`)`
			`})`
Unit test auth controller oidc functions 2021-07-12 04:54:18 +12:00
Revert "Merge pull request #2253 from Budibase/revert-2076-feature/multi-tenants" This reverts commit 0d2e2314d49622c2247605ec7cee675a3c672b29, reversing changes made to 1beca4ee96e6bf2ebe5cd78859c4549614ce7cae. 2021-08-05 20:59:08 +12:00			`describe("oidc configs", () => {`
Refactor auth controller tests to reuse common behaviour 2021-07-13 21:28:15 +12:00			`it("should load strategy and delegate to passport", async () => {`
Revert "Merge pull request #2253 from Budibase/revert-2076-feature/multi-tenants" This reverts commit 0d2e2314d49622c2247605ec7cee675a3c672b29, reversing changes made to 1beca4ee96e6bf2ebe5cd78859c4549614ce7cae. 2021-08-05 20:59:08 +12:00			await request.get(`/api/global/auth/${TENANT_ID}/oidc/configs/${configId}`)
Unit test auth controller oidc functions 2021-07-12 04:54:18 +12:00
			`expect(passportSpy).toBeCalledWith(mockStrategyReturn, {`
			`scope: ["profile", "email"],`
			`})`
			`expect(passportSpy.mock.calls.length).toBe(1);`
			`})`
			`})`

Revert "Merge pull request #2253 from Budibase/revert-2076-feature/multi-tenants" This reverts commit 0d2e2314d49622c2247605ec7cee675a3c672b29, reversing changes made to 1beca4ee96e6bf2ebe5cd78859c4549614ce7cae. 2021-08-05 20:59:08 +12:00			`describe("oidc callback", () => {`
Refactor auth controller tests to reuse common behaviour 2021-07-13 21:28:15 +12:00			`it("should load strategy and delegate to passport", async () => {`
Revert "Merge pull request #2253 from Budibase/revert-2076-feature/multi-tenants" This reverts commit 0d2e2314d49622c2247605ec7cee675a3c672b29, reversing changes made to 1beca4ee96e6bf2ebe5cd78859c4549614ce7cae. 2021-08-05 20:59:08 +12:00			await request.get(`/api/global/auth/${TENANT_ID}/oidc/callback`)
Store OIDC config in cookie instead of URL 2021-07-16 03:20:31 +12:00			`.set(config.getOIDConfigCookie(configId))`
Unit test auth controller oidc functions 2021-07-12 04:54:18 +12:00
			`expect(passportSpy).toBeCalledWith(mockStrategyReturn, {`
			`successRedirect: "/", failureRedirect: "/error"`
			`}, expect.anything())`
			`expect(passportSpy.mock.calls.length).toBe(1);`
			`})`
			`})`

			`})`
Refactoring core library usage in monorepo, make it a bit cleaner/easier to search/more standardised. 2022-01-13 00:32:14 +13:00			`})`