From 07d7b247f02a9d7185beca7817deb779a3d665dd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Iv=C3=A1n=20Ovejero?= <ivov.src@gmail.com>
Date: Fri, 2 Aug 2024 12:02:38 +0200
Subject: [PATCH] feat(core): Allow transferring credentials in Public API
 (#10259)

---
 packages/cli/src/PublicApi/types.ts           |  6 +++
 .../credentials/credentials.handler.ts        | 16 ++++++
 .../spec/paths/credentials.id.transfer.yml    | 31 ++++++++++++
 .../spec/schemas/parameters/credentialId.yml  |  6 +++
 packages/cli/src/PublicApi/v1/openapi.yml     |  2 +
 .../integration/publicApi/credentials.test.ts | 50 ++++++++++++++++++-
 .../integration/publicApi/workflows.test.ts   |  2 +-
 .../test/integration/shared/db/credentials.ts | 19 +++++--
 8 files changed, 127 insertions(+), 5 deletions(-)
 create mode 100644 packages/cli/src/PublicApi/v1/handlers/credentials/spec/paths/credentials.id.transfer.yml
 create mode 100644 packages/cli/src/PublicApi/v1/handlers/credentials/spec/schemas/parameters/credentialId.yml

diff --git a/packages/cli/src/PublicApi/types.ts b/packages/cli/src/PublicApi/types.ts
index f58b521e04a88..831dd03ebfb9c 100644
--- a/packages/cli/src/PublicApi/types.ts
+++ b/packages/cli/src/PublicApi/types.ts
@@ -142,6 +142,12 @@ export declare namespace CredentialRequest {
 	>;
 
 	type Delete = AuthenticatedRequest<{ id: string }, {}, {}, Record<string, string>>;
+
+	type Transfer = AuthenticatedRequest<
+		{ workflowId: string },
+		{},
+		{ destinationProjectId: string }
+	>;
 }
 
 export type OperationID = 'getUsers' | 'getUser';
diff --git a/packages/cli/src/PublicApi/v1/handlers/credentials/credentials.handler.ts b/packages/cli/src/PublicApi/v1/handlers/credentials/credentials.handler.ts
index 4da7635831340..57b6bd66f6841 100644
--- a/packages/cli/src/PublicApi/v1/handlers/credentials/credentials.handler.ts
+++ b/packages/cli/src/PublicApi/v1/handlers/credentials/credentials.handler.ts
@@ -19,6 +19,8 @@ import {
 	toJsonSchema,
 } from './credentials.service';
 import { Container } from 'typedi';
+import { z } from 'zod';
+import { EnterpriseCredentialsService } from '@/credentials/credentials.service.ee';
 
 export = {
 	createCredential: [
@@ -44,6 +46,20 @@ export = {
 			}
 		},
 	],
+	transferCredential: [
+		projectScope('credential:move', 'credential'),
+		async (req: CredentialRequest.Transfer, res: express.Response) => {
+			const body = z.object({ destinationProjectId: z.string() }).parse(req.body);
+
+			await Container.get(EnterpriseCredentialsService).transferOne(
+				req.user,
+				req.params.workflowId,
+				body.destinationProjectId,
+			);
+
+			res.status(204).send();
+		},
+	],
 	deleteCredential: [
 		projectScope('credential:delete', 'credential'),
 		async (
diff --git a/packages/cli/src/PublicApi/v1/handlers/credentials/spec/paths/credentials.id.transfer.yml b/packages/cli/src/PublicApi/v1/handlers/credentials/spec/paths/credentials.id.transfer.yml
new file mode 100644
index 0000000000000..a9e9c5cf7c229
--- /dev/null
+++ b/packages/cli/src/PublicApi/v1/handlers/credentials/spec/paths/credentials.id.transfer.yml
@@ -0,0 +1,31 @@
+put:
+  x-eov-operation-id: transferCredential
+  x-eov-operation-handler: v1/handlers/credentials/credentials.handler
+  tags:
+    - Workflow
+  summary: Transfer a credential to another project.
+  description: Transfer a credential to another project.
+  parameters:
+    - $ref: '../schemas/parameters/credentialId.yml'
+  requestBody:
+    description: Destination project for the credential transfer.
+    content:
+      application/json:
+        schema:
+          type: object
+          properties:
+            destinationProjectId:
+              type: string
+              description: The ID of the project to transfer the credential to.
+          required:
+            - destinationProjectId
+    required: true
+  responses:
+    '200':
+      description: Operation successful.
+    '400':
+      $ref: '../../../../shared/spec/responses/badRequest.yml'
+    '401':
+      $ref: '../../../../shared/spec/responses/unauthorized.yml'
+    '404':
+      $ref: '../../../../shared/spec/responses/notFound.yml'
diff --git a/packages/cli/src/PublicApi/v1/handlers/credentials/spec/schemas/parameters/credentialId.yml b/packages/cli/src/PublicApi/v1/handlers/credentials/spec/schemas/parameters/credentialId.yml
new file mode 100644
index 0000000000000..f16676ce0b96c
--- /dev/null
+++ b/packages/cli/src/PublicApi/v1/handlers/credentials/spec/schemas/parameters/credentialId.yml
@@ -0,0 +1,6 @@
+name: id
+in: path
+description: The ID of the credential.
+required: true
+schema:
+  type: string
diff --git a/packages/cli/src/PublicApi/v1/openapi.yml b/packages/cli/src/PublicApi/v1/openapi.yml
index e49bfb71c5668..1d4e14079f541 100644
--- a/packages/cli/src/PublicApi/v1/openapi.yml
+++ b/packages/cli/src/PublicApi/v1/openapi.yml
@@ -62,6 +62,8 @@ paths:
     $ref: './handlers/workflows/spec/paths/workflows.id.deactivate.yml'
   /workflows/{id}/transfer:
     $ref: './handlers/workflows/spec/paths/workflows.id.transfer.yml'
+  /credentials/{id}/transfer:
+    $ref: './handlers/credentials/spec/paths/credentials.id.transfer.yml'
   /workflows/{id}/tags:
     $ref: './handlers/workflows/spec/paths/workflows.id.tags.yml'
   /users:
diff --git a/packages/cli/test/integration/publicApi/credentials.test.ts b/packages/cli/test/integration/publicApi/credentials.test.ts
index dfa6c44dd4037..b5ed2bfb31d82 100644
--- a/packages/cli/test/integration/publicApi/credentials.test.ts
+++ b/packages/cli/test/integration/publicApi/credentials.test.ts
@@ -9,9 +9,10 @@ import { randomApiKey, randomName } from '../shared/random';
 import * as utils from '../shared/utils/';
 import type { CredentialPayload, SaveCredentialFunction } from '../shared/types';
 import * as testDb from '../shared/testDb';
-import { affixRoleToSaveCredential } from '../shared/db/credentials';
+import { affixRoleToSaveCredential, createCredentials } from '../shared/db/credentials';
 import { addApiKey, createUser, createUserShell } from '../shared/db/users';
 import type { SuperAgentTest } from '../shared/types';
+import { createTeamProject } from '@test-integration/db/projects';
 
 let owner: User;
 let member: User;
@@ -256,6 +257,53 @@ describe('GET /credentials/schema/:credentialType', () => {
 	});
 });
 
+describe('PUT /credentials/:id/transfer', () => {
+	test('should transfer credential to project', async () => {
+		/**
+		 * Arrange
+		 */
+		const [firstProject, secondProject] = await Promise.all([
+			createTeamProject('first-project', owner),
+			createTeamProject('second-project', owner),
+		]);
+
+		const credentials = await createCredentials(
+			{ name: 'Test', type: 'test', data: '' },
+			firstProject,
+		);
+
+		/**
+		 * Act
+		 */
+		const response = await authOwnerAgent.put(`/credentials/${credentials.id}/transfer`).send({
+			destinationProjectId: secondProject.id,
+		});
+
+		/**
+		 * Assert
+		 */
+		expect(response.statusCode).toBe(204);
+	});
+
+	test('if no destination project, should reject', async () => {
+		/**
+		 * Arrange
+		 */
+		const project = await createTeamProject('first-project', member);
+		const credentials = await createCredentials({ name: 'Test', type: 'test', data: '' }, project);
+
+		/**
+		 * Act
+		 */
+		const response = await authOwnerAgent.put(`/credentials/${credentials.id}/transfer`).send({});
+
+		/**
+		 * Assert
+		 */
+		expect(response.statusCode).toBe(400);
+	});
+});
+
 const credentialPayload = (): CredentialPayload => ({
 	name: randomName(),
 	type: 'githubApi',
diff --git a/packages/cli/test/integration/publicApi/workflows.test.ts b/packages/cli/test/integration/publicApi/workflows.test.ts
index 855e69e3df12a..1e292af64d92f 100644
--- a/packages/cli/test/integration/publicApi/workflows.test.ts
+++ b/packages/cli/test/integration/publicApi/workflows.test.ts
@@ -1493,7 +1493,7 @@ describe('PUT /workflows/:id/transfer', () => {
 		 * Arrange
 		 */
 		const firstProject = await createTeamProject('first-project', member);
-		const secondProject = await createTeamProject('secon-project', member);
+		const secondProject = await createTeamProject('second-project', member);
 		const workflow = await createWorkflow({}, firstProject);
 
 		/**
diff --git a/packages/cli/test/integration/shared/db/credentials.ts b/packages/cli/test/integration/shared/db/credentials.ts
index 046d27db261a0..588fee6b51196 100644
--- a/packages/cli/test/integration/shared/db/credentials.ts
+++ b/packages/cli/test/integration/shared/db/credentials.ts
@@ -38,11 +38,24 @@ export async function createManyCredentials(
 	);
 }
 
-export async function createCredentials(attributes: Partial<CredentialsEntity> = emptyAttributes) {
+export async function createCredentials(
+	attributes: Partial<CredentialsEntity> = emptyAttributes,
+	project?: Project,
+) {
 	const credentialsRepository = Container.get(CredentialsRepository);
-	const entity = credentialsRepository.create(attributes);
+	const credentials = await credentialsRepository.save(credentialsRepository.create(attributes));
+
+	if (project) {
+		await Container.get(SharedCredentialsRepository).save(
+			Container.get(SharedCredentialsRepository).create({
+				project,
+				credentials,
+				role: 'credential:owner',
+			}),
+		);
+	}
 
-	return await credentialsRepository.save(entity);
+	return credentials;
 }
 
 /**