budibase/packages/core/test/authApi.disableUser.spec.js

import {setupApphierarchy, validUser,
    basicAppHierarchyCreator_WithFields} from "./specHelpers";
import { parseTemporaryCode,
    USERS_LOCK_FILE,
    USERS_LIST_FILE,
    getUserByName} from "../src/authApi/authCommon";
import {$} from "../src/common";
import {getLock} from "../src/common/lock";
import {permission} from "../src/authApi/permissions";

describe("authApi > enableUser", () => {

    it("should enable a user when disabled", async () => {
        const {authApi, app} = await setupApphierarchy(basicAppHierarchyCreator_WithFields);
        const u = await validUser(app, authApi, "firstpassword", false);
        await authApi.enableUser(u.name);
        const loadedUser = await getUser(app, authApi, u.name);
        expect(loadedUser.enabled).toBe(true);

    });

    it("should do nothing when user already enabled", async () => {
        const {authApi, app} = await setupApphierarchy(basicAppHierarchyCreator_WithFields);
        const u = await validUser(app, authApi, "firstpassword", true);
        await authApi.enableUser(u.name);
        const loadedUser = await getUser(app, authApi, u.name);
        expect(loadedUser.enabled).toBe(true);
    });

    it("should throw en error when user does not exist", async () => {
        const {authApi, app} = await setupApphierarchy(basicAppHierarchyCreator_WithFields);
        const u = await validUser(app, authApi, "firstpassword", false);
        let ex;
        try {
            await authApi.enableUser("nobody");
        } catch(e) {
            ex = e;
        }
        expect(ex).toBeDefined();
    });

    it("should throw en error when users file is locked", async () => {
        const {authApi, app} = await setupApphierarchy(basicAppHierarchyCreator_WithFields);
        const u = await validUser(app, authApi, "firstpassword", false);
        await getLock(app, USERS_LOCK_FILE, 10000, 0, 0);
        let ex;
        try {
            await authApi.enableUser(u.name);
        } catch(e) {
            ex = e;
        }
        expect(ex).toBeDefined();
    });

    it("should throw error when user user does not have permission", async () => {
        const {authApi, app} = await setupApphierarchy(basicAppHierarchyCreator_WithFields);
        const u = await validUser(app, authApi, "firstpassword", false);
        app.removePermission(permission.enableDisableUser.get());
        expect(authApi.enableUser(u)).rejects.toThrow(/Unauthorized/);
    });

    it("should not depend on having any other permissions", async () => {
        const {authApi, app} = await setupApphierarchy(basicAppHierarchyCreator_WithFields);
        const u = await validUser(app, authApi, "firstpassword", false);
        app.withOnlyThisPermission(permission.enableDisableUser.get());
        await authApi.enableUser(u.name);
    });

});

describe("authApi > disableUser", () => {

    it("should disable a user when enabled", async () => {
        const {authApi, app} = await setupApphierarchy(basicAppHierarchyCreator_WithFields);
        const u = await validUser(app, authApi, "firstpassword", true);
        await authApi.disableUser(u.name);
        const loadedUser = await getUser(app, authApi, u.name);
        expect(loadedUser.enabled).toBe(false);

    });

    it("should do nothing when user already enabled", async () => {
        const {authApi, app} = await setupApphierarchy(basicAppHierarchyCreator_WithFields);
        const u = await validUser(app, authApi, "firstpassword", false);
        await authApi.disableUser(u.name);
        const loadedUser = await getUser(app, authApi, u.name);
        expect(loadedUser.enabled).toBe(false);
    });

    it("should throw en error when user does not exist", async () => {
        const {authApi, app} = await setupApphierarchy(basicAppHierarchyCreator_WithFields);
        const u = await validUser(app, authApi, "firstpassword", false);
        let ex;
        try {
            await authApi.disableUser("nobody");
        } catch(e) {
            ex = e;
        }
        expect(ex).toBeDefined();
    });

    it("should throw en error when users file is locked", async () => {
        const {authApi, app} = await setupApphierarchy(basicAppHierarchyCreator_WithFields);
        const u = await validUser(app, authApi, "firstpassword", false);
        await getLock(app, USERS_LOCK_FILE, 10000, 0, 0);
        let ex;
        try {
            await authApi.disableUser(u.name);
        } catch(e) {
            ex = e;
        }
        expect(ex).toBeDefined();
    });

    it("should throw error when user user does not have permission", async () => {
        const {authApi, app} = await setupApphierarchy(basicAppHierarchyCreator_WithFields);
        const u = await validUser(app, authApi, "firstpassword", false);
        app.removePermission(permission.enableDisableUser.get());
        expect(authApi.disableUser(u)).rejects.toThrow(/Unauthorized/);
    });

    it("should not depend on having any other permissions", async () => {
        const {authApi, app} = await setupApphierarchy(basicAppHierarchyCreator_WithFields);
        const u = await validUser(app, authApi, "firstpassword", false);
        app.withOnlyThisPermission(permission.enableDisableUser.get());
        await authApi.disableUser(u.name);
    });

});

const getUser = async (app, authApi, userName) => 
    $(await app.datastore.loadJson(USERS_LIST_FILE), [
        users => getUserByName(users, userName)
    ]);