huanld/speckle-server
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
86c113b29b54ded1d3084f8a791eaeb1663f3851
speckle-server/packages/server/modules/workspaces/tests/unit/domain/logic.spec.ts
T
Chuck Driesler b195df37d6 feat(sso): active user sso information (#3432) 
* feat(workspaces): add workspace sso feature flag

* feat(workspaceSso): wip validate sso

* feat(workspaces): validate and add sso provider to the workspace with user sso sessions

* feat(workspaces): validate and add sso provider to the workspace with user sso sessions

* WIP

* fix(sso): restructure to handle all branches at end of flow

* fix(sso): add and validate emails used for sso

* fix(sso): park progress

* chore(workspaces): review sso login/valdate

* fix(sso): adjust validate url

* chore(sso): auth header puzzle

* fix(sso): happy-path config

* chore(gql): gqlgen

* fix(sso): almost almost

* fix(sso): auth endpoint

* a lil more terse

* fix(sso): light at the end of the tunnel

* fix(sso): improve catch block error messages

* fix(sso): session lifespan => validUntil

* fix(sso): I think we've got it

* feat(sso): limited workspace values for public sso login

* fix(sso): use factory functions

* fix(sso): til decrypt is single-use

* fix(sso): correct usage of access codes

* fix(sso): use finalize middleware in all routes

* chore(sso): cheeky tweak

* fix(sso): move some types around

* fix(sso): stencil final shape I'm sleepy

* fix(sso): more factories more factories

* fix(sso): on to final boss of factories

* fix(sso): needs a haircut but she works

* fix(sso): init rest w function, not side-effects

* fix(sso): /authn => /sso

* chore(sso): errors

* chore(sso): test test test

* chore(sso): test all the corners

* feat(sso): list workspace sso memberships

* chore(sso): tests, expose in rest

* fix(sso): sketch active user auth

* fix(sso): expose search via gql

* fix(sso): active user session information

* chore(sso): sso session test utils

* chore(sso): test sso session repo/services

* chore(sso): gqlgen

* fix(sso): simplify gql resolver structure

* chore(sso): gqlgen

---------

Co-authored-by: Gergő Jedlicska <gergo@jedlicska.com>
Co-authored-by: Mike Tasset <mike.tasset@gmail.com>
2024-11-05 12:27:46 +00:00

146 lines
4.9 KiB
TypeScript
Raw Blame History

import { UserEmail } from '@/modules/core/domain/userEmails/types'
import {
anyEmailCompliantWithWorkspaceDomains,
isWorkspaceRole,
userEmailsCompliantWithWorkspaceDomains
} from '@/modules/workspaces/domain/logic'
import {
getDefaultSsoSessionExpirationDate,
isValidSsoSession
} from '@/modules/workspaces/domain/sso/logic'
import { WorkspaceDomainsInvalidState } from '@/modules/workspaces/errors/workspace'
import { WorkspaceDomain } from '@/modules/workspacesCore/domain/types'
import { expectToThrow } from '@/test/assertionHelper'
import { Roles } from '@speckle/shared'
import { expect } from 'chai'
import cryptoRandomString from 'crypto-random-string'
import { merge } from 'lodash'
const createTestEmail = (
emailInput?: Partial<UserEmail & { domain: string }>
): UserEmail => {
const domain = emailInput?.domain ?? 'example.com'
const defaultEmail = {
createdAt: new Date(),
email: `${cryptoRandomString({ length: 10 })}@${domain}`,
id: cryptoRandomString({ length: 10 }),
primary: true,
updatedAt: new Date(),
userId: cryptoRandomString({ length: 10 }),
verified: false
}
return merge(defaultEmail, emailInput ?? {})
}
const createTestDomain = (domainInput?: Partial<WorkspaceDomain>): WorkspaceDomain => {
const defaultDomain: WorkspaceDomain = {
createdAt: new Date(),
domain: cryptoRandomString({ length: 10 }),
id: cryptoRandomString({ length: 10 }),
workspaceId: cryptoRandomString({ length: 10 }),
updatedAt: new Date(),
createdByUserId: cryptoRandomString({ length: 10 }),
verified: false
}
return merge(defaultDomain, domainInput ?? {})
}
describe('workspace domain logic', () => {
describe('anyEmailCompliantWithWorkspaceDomains', () => {
it('returns true for compliant emails', () => {
const domain = 'example.com'
const userEmails: UserEmail[] = [createTestEmail({ domain, verified: true })]
const workspaceDomains: WorkspaceDomain[] = [
createTestDomain({ domain, verified: true })
]
const isCompliant = userEmailsCompliantWithWorkspaceDomains({
userEmails,
workspaceDomains
})
expect(isCompliant).to.be.true
})
it('filters non verified emails', () => {
const domain = 'example.com'
const userEmails: UserEmail[] = [createTestEmail({ domain, verified: false })]
const workspaceDomains: WorkspaceDomain[] = [
createTestDomain({ domain, verified: true })
]
const isCompliant = userEmailsCompliantWithWorkspaceDomains({
userEmails,
workspaceDomains
})
expect(isCompliant).to.be.false
})
})
describe('anyEmailCompliantWithWorkspaceDomains', () => {
it('throws WorkspaceDomainInvalidState for no verified workspace domains', async () => {
const error = await expectToThrow(() => {
anyEmailCompliantWithWorkspaceDomains({
emails: [],
workspaceDomains: [createTestDomain({ verified: false })]
})
})
expect(error.message).to.be.equal(new WorkspaceDomainsInvalidState().message)
})
it('returns false if emails is empty', () => {
const isCompliant = anyEmailCompliantWithWorkspaceDomains({
emails: [],
workspaceDomains: [createTestDomain({ verified: true })]
})
expect(isCompliant).to.be.false
})
it('returns false, if no emails match domain', () => {
const isCompliant = anyEmailCompliantWithWorkspaceDomains({
emails: ['foo@hotmail.com', 'bar@google.com'],
workspaceDomains: [createTestDomain({ verified: true, domain: 'example.com' })]
})
expect(isCompliant).to.be.false
})
it('returns true if at least one email matches the domain', () => {
const domain = 'example.com'
const isCompliant = anyEmailCompliantWithWorkspaceDomains({
emails: [`foo@${domain}`, 'bar@google.com'],
workspaceDomains: [createTestDomain({ verified: true, domain })]
})
expect(isCompliant).to.be.true
})
})
describe('isWorkspaceRole', () => {
it('returns false for non-role values', () => {
expect(isWorkspaceRole('not-a-role')).to.equal(false)
})
it('returns false for non-workspace roles', () => {
expect(isWorkspaceRole(Roles.Server.Admin)).to.equal(false)
})
it('returns true for workspace roles', () => {
expect(isWorkspaceRole(Roles.Workspace.Admin)).to.equal(true)
})
})
describe('isValidSsoSession', () => {
it('returns true for sessions that have not yet expired', () => {
expect(
isValidSsoSession({
userId: '',
providerId: '',
createdAt: new Date(),
validUntil: getDefaultSsoSessionExpirationDate()
})
).to.be.true
})
it('returns false for sessions that have expired', () => {
expect(
isValidSsoSession({
userId: '',
providerId: '',
createdAt: new Date(),
validUntil: new Date()
})
).to.be.false
})
})
})
Reference in New Issue View Git Blame Copy Permalink