🛠 refactor authAgents in tests + isolation for tests of Public API

packages/cli/src/databases/migrations/mysqldb/1657062385367-CreateCredentialsEditorRole.ts

@@ -0,0 +1,23 @@
+import { MigrationInterface, QueryRunner } from 'typeorm';
+import config from '../../../../config';
+
+export class CreateCredentialsEditorRole1657062385367 implements MigrationInterface {
+	name = 'CreateCredentialsEditorRole1657062385367';
+
+	public async up(queryRunner: QueryRunner): Promise<void> {
+		const tablePrefix = config.getEnv('database.tablePrefix');
+
+		await queryRunner.query(`
+			INSERT INTO ${tablePrefix}role (name, scope)
+			VALUES ("editor", "credential");
+		`);
+	}
+
+	public async down(queryRunner: QueryRunner): Promise<void> {
+		const tablePrefix = config.getEnv('database.tablePrefix');
+
+		await queryRunner.query(`
+			DELETE FROM ${tablePrefix}role WHERE name='editor' AND scope='credential';
+		`);
+	}
+}

packages/cli/src/databases/migrations/mysqldb/index.ts

@@ -1,11 +1,11 @@
 import { InitialMigration1588157391238 } from './1588157391238-InitialMigration';
 import { WebhookModel1592447867632 } from './1592447867632-WebhookModel';
 import { CreateIndexStoppedAt1594902918301 } from './1594902918301-CreateIndexStoppedAt';
-import { AddWebhookId1611149998770 } from './1611149998770-AddWebhookId';
 import { MakeStoppedAtNullable1607431743767 } from './1607431743767-MakeStoppedAtNullable';
+import { AddWebhookId1611149998770 } from './1611149998770-AddWebhookId';
 import { ChangeDataSize1615306975123 } from './1615306975123-ChangeDataSize';
-import { ChangeCredentialDataSize1620729500000 } from './1620729500000-ChangeCredentialDataSize';
 import { CreateTagEntity1617268711084 } from './1617268711084-CreateTagEntity';
+import { ChangeCredentialDataSize1620729500000 } from './1620729500000-ChangeCredentialDataSize';
 import { UniqueWorkflowNames1620826335440 } from './1620826335440-UniqueWorkflowNames';
 import { CertifyCorrectCollation1623936588000 } from './1623936588000-CertifyCorrectCollation';
 import { AddWaitColumnId1626183952959 } from './1626183952959-AddWaitColumn';
@@ -15,6 +15,7 @@ import { CreateUserManagement1646992772331 } from './1646992772331-CreateUserMan
 import { LowerCaseUserEmail1648740597343 } from './1648740597343-LowerCaseUserEmail';
 import { AddUserSettings1652367743993 } from './1652367743993-AddUserSettings';
 import { AddAPIKeyColumn1652905585850 } from './1652905585850-AddAPIKeyColumn';
+import { CreateCredentialsEditorRole1657062385367 } from './1657062385367-CreateCredentialsEditorRole';
 
 export const mysqlMigrations = [
 	InitialMigration1588157391238,
@@ -34,4 +35,5 @@ export const mysqlMigrations = [
 	LowerCaseUserEmail1648740597343,
 	AddUserSettings1652367743993,
 	AddAPIKeyColumn1652905585850,
+	CreateCredentialsEditorRole1657062385367,
 ];

packages/cli/src/databases/migrations/postgresdb/1657062385367-CreateCredentialsEditorRole.ts

@@ -0,0 +1,23 @@
+import { MigrationInterface, QueryRunner } from 'typeorm';
+import config from '../../../../config';
+
+export class CreateCredentialsEditorRole1657062385367 implements MigrationInterface {
+	name = 'CreateCredentialsEditorRole1657062385367';
+
+	public async up(queryRunner: QueryRunner): Promise<void> {
+		const tablePrefix = config.getEnv('database.tablePrefix');
+
+		await queryRunner.query(`
+			INSERT INTO ${tablePrefix}role (name, scope)
+			VALUES ('editor', 'credential');
+		`);
+	}
+
+	public async down(queryRunner: QueryRunner): Promise<void> {
+		const tablePrefix = config.getEnv('database.tablePrefix');
+
+		await queryRunner.query(`
+			DELETE FROM ${tablePrefix}role WHERE name='editor' AND scope='credential';
+		`);
+	}
+}

packages/cli/src/databases/migrations/postgresdb/index.ts

@@ -1,8 +1,8 @@
 import { InitialMigration1587669153312 } from './1587669153312-InitialMigration';
 import { WebhookModel1589476000887 } from './1589476000887-WebhookModel';
 import { CreateIndexStoppedAt1594828256133 } from './1594828256133-CreateIndexStoppedAt';
-import { AddWebhookId1611144599516 } from './1611144599516-AddWebhookId';
 import { MakeStoppedAtNullable1607431743768 } from './1607431743768-MakeStoppedAtNullable';
+import { AddWebhookId1611144599516 } from './1611144599516-AddWebhookId';
 import { CreateTagEntity1617270242566 } from './1617270242566-CreateTagEntity';
 import { UniqueWorkflowNames1620824779533 } from './1620824779533-UniqueWorkflowNames';
 import { AddwaitTill1626176912946 } from './1626176912946-AddwaitTill';
@@ -13,6 +13,7 @@ import { CreateUserManagement1646992772331 } from './1646992772331-CreateUserMan
 import { LowerCaseUserEmail1648740597343 } from './1648740597343-LowerCaseUserEmail';
 import { AddUserSettings1652367743993 } from './1652367743993-AddUserSettings';
 import { AddAPIKeyColumn1652905585850 } from './1652905585850-AddAPIKeyColumn';
+import { CreateCredentialsEditorRole1657062385367 } from './1657062385367-CreateCredentialsEditorRole';
 
 export const postgresMigrations = [
 	InitialMigration1587669153312,
@@ -30,4 +31,5 @@ export const postgresMigrations = [
 	LowerCaseUserEmail1648740597343,
 	AddUserSettings1652367743993,
 	AddAPIKeyColumn1652905585850,
+	CreateCredentialsEditorRole1657062385367,
 ];

packages/cli/test/integration/auth.api.test.ts

@@ -1,21 +1,22 @@
 import express = require('express');
 import validator from 'validator';
-
-import config = require('../../config');
-import * as utils from './shared/utils';
-import { LOGGED_OUT_RESPONSE_BODY } from './shared/constants';
+import config from '../../config';
 import { Db } from '../../src';
+import { AUTH_COOKIE_NAME } from '../../src/constants';
 import type { Role } from '../../src/databases/entities/Role';
+import { LOGGED_OUT_RESPONSE_BODY } from './shared/constants';
 import { randomValidPassword } from './shared/random';
 import * as testDb from './shared/testDb';
-import { AUTH_COOKIE_NAME } from '../../src/constants';
+import type { AuthAgent } from './shared/types';
+import * as utils from './shared/utils';
 
 jest.mock('../../src/telemetry');
 
 let app: express.Application;
 let testDbName = '';
 let globalOwnerRole: Role;
 let globalMemberRole: Role;
+let authAgent: AuthAgent;
 
 beforeAll(async () => {
 	app = await utils.initTestServer({ endpointGroups: ['auth'], applyAuth: true });
@@ -24,6 +25,9 @@ beforeAll(async () => {
 
 	globalOwnerRole = await testDb.getGlobalOwnerRole();
 	globalMemberRole = await testDb.getGlobalMemberRole();
+
+	authAgent = utils.createAuthAgent(app);
+
 	utils.initTestLogger();
 	utils.initTestTelemetry();
 });
@@ -109,9 +113,7 @@ test('GET /login should return cookie if UM is disabled', async () => {
 		{ value: JSON.stringify(false) },
 	);
 
-	const authOwnerShellAgent = utils.createAgent(app, { auth: true, user: ownerShell });
-
-	const response = await authOwnerShellAgent.get('/login');
+	const response = await authAgent(ownerShell).get('/login');
 
 	expect(response.statusCode).toBe(200);
 
@@ -133,9 +135,8 @@ test('GET /login should return 401 Unauthorized if invalid cookie', async () =>
 
 test('GET /login should return logged-in owner shell', async () => {
 	const ownerShell = await testDb.createUserShell(globalOwnerRole);
-	const authMemberAgent = utils.createAgent(app, { auth: true, user: ownerShell });
 
-	const response = await authMemberAgent.get('/login');
+	const response = await authAgent(ownerShell).get('/login');
 
 	expect(response.statusCode).toBe(200);
 
@@ -170,9 +171,8 @@ test('GET /login should return logged-in owner shell', async () => {
 
 test('GET /login should return logged-in member shell', async () => {
 	const memberShell = await testDb.createUserShell(globalMemberRole);
-	const authMemberAgent = utils.createAgent(app, { auth: true, user: memberShell });
 
-	const response = await authMemberAgent.get('/login');
+	const response = await authAgent(memberShell).get('/login');
 
 	expect(response.statusCode).toBe(200);
 
@@ -207,9 +207,8 @@ test('GET /login should return logged-in member shell', async () => {
 
 test('GET /login should return logged-in owner', async () => {
 	const owner = await testDb.createUser({ globalRole: globalOwnerRole });
-	const authOwnerAgent = utils.createAgent(app, { auth: true, user: owner });
 
-	const response = await authOwnerAgent.get('/login');
+	const response = await authAgent(owner).get('/login');
 
 	expect(response.statusCode).toBe(200);
 
@@ -244,9 +243,8 @@ test('GET /login should return logged-in owner', async () => {
 
 test('GET /login should return logged-in member', async () => {
 	const member = await testDb.createUser({ globalRole: globalMemberRole });
-	const authMemberAgent = utils.createAgent(app, { auth: true, user: member });
 
-	const response = await authMemberAgent.get('/login');
+	const response = await authAgent(member).get('/login');
 
 	expect(response.statusCode).toBe(200);
 
@@ -281,9 +279,8 @@ test('GET /login should return logged-in member', async () => {
 
 test('POST /logout should log user out', async () => {
 	const owner = await testDb.createUser({ globalRole: globalOwnerRole });
-	const authOwnerAgent = utils.createAgent(app, { auth: true, user: owner });
 
-	const response = await authOwnerAgent.post('/logout');
+	const response = await authAgent(owner).post('/logout');
 
 	expect(response.statusCode).toBe(200);
 	expect(response.body).toEqual(LOGGED_OUT_RESPONSE_BODY);

packages/cli/test/integration/auth.mw.test.ts

@@ -1,20 +1,22 @@
 import express from 'express';
 
 import request from 'supertest';
+import type { Role } from '../../src/databases/entities/Role';
 import {
 	REST_PATH_SEGMENT,
-	ROUTES_REQUIRING_AUTHORIZATION,
 	ROUTES_REQUIRING_AUTHENTICATION,
+	ROUTES_REQUIRING_AUTHORIZATION,
 } from './shared/constants';
-import * as utils from './shared/utils';
 import * as testDb from './shared/testDb';
-import type { Role } from '../../src/databases/entities/Role';
+import type { AuthAgent } from './shared/types';
+import * as utils from './shared/utils';
 
 jest.mock('../../src/telemetry');
 
 let app: express.Application;
 let testDbName = '';
 let globalMemberRole: Role;
+let authAgent: AuthAgent;
 
 beforeAll(async () => {
 	app = await utils.initTestServer({
@@ -26,6 +28,8 @@ beforeAll(async () => {
 
 	globalMemberRole = await testDb.getGlobalMemberRole();
 
+	authAgent = utils.createAuthAgent(app);
+
 	utils.initTestLogger();
 	utils.initTestTelemetry();
 });
@@ -49,8 +53,7 @@ ROUTES_REQUIRING_AUTHORIZATION.forEach(async (route) => {
 
 	test(`${route} should return 403 Forbidden for member`, async () => {
 		const member = await testDb.createUser({ globalRole: globalMemberRole });
-		const authMemberAgent = utils.createAgent(app, { auth: true, user: member });
-		const response = await authMemberAgent[method](endpoint);
+		const response = await authAgent(member)[method](endpoint);
 
 		expect(response.statusCode).toBe(403);
 	});

packages/cli/test/integration/credentials.ee.test.ts

@@ -1,12 +1,10 @@
 import express from 'express';
-import type { SuperAgentTest } from 'supertest';
 import config from '../../config';
 import { Db } from '../../src';
 import type { Role } from '../../src/databases/entities/Role';
-import type { User } from '../../src/databases/entities/User';
 import { randomCredentialPayload } from './shared/random';
 import * as testDb from './shared/testDb';
-import type { SaveCredentialFunction } from './shared/types';
+import type { AuthAgent, SaveCredentialFunction } from './shared/types';
 import * as utils from './shared/utils';
 
 jest.mock('../../src/telemetry');
@@ -17,7 +15,7 @@ let globalOwnerRole: Role;
 let globalMemberRole: Role;
 let credentialOwnerRole: Role;
 let saveCredential: SaveCredentialFunction;
-let authAgent: (user: User) => SuperAgentTest;
+let authAgent: AuthAgent;
 
 beforeAll(async () => {
 	app = await utils.initTestServer({
@@ -159,7 +157,7 @@ test('POST /credentials/:id/share should respond 400 for non-existing sharee', a
 
 	const response = await authAgent(owner)
 		.post(`/credentials/${savedCredential.id}/share`)
-		.send({ shareeId: 'abc' });
+		.send({ shareeId: 'bce38a11-5e45-4d1c-a9ee-36e4a20ab0fc' });
 
 	expect(response.statusCode).toBe(400);
 });
@@ -236,7 +234,7 @@ test('DELETE /credentials/:id/share should be idempotent', async () => {
 
 	const unshareNonExistent = await authAgent(owner)
 		.delete(`/credentials/${savedCredential.id}/share`)
-		.send({ shareeId: 'abc' });
+		.send({ shareeId: 'bce38a11-5e45-4d1c-a9ee-36e4a20ab0fc' });
 
 	expect(unshareNonExistent.statusCode).toBe(200);
 });