-
-
Notifications
You must be signed in to change notification settings - Fork 2.5k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
233 changed files
with
9,054 additions
and
6,166 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,37 @@ | ||
| import { Configuration } from "@monkeytype/contracts/schemas/configuration"; | ||
| import { randomBytes } from "crypto"; | ||
| import { hash } from "bcrypt"; | ||
| import { ObjectId } from "mongodb"; | ||
| import { base64UrlEncode } from "../../src/utils/misc"; | ||
| import * as ApeKeyDal from "../../src/dal/ape-keys"; | ||
|
|
||
| export async function mockAuthenticateWithApeKey( | ||
| uid: string, | ||
| config: Configuration | ||
| ): Promise<string> { | ||
| if (!config.apeKeys.acceptKeys) | ||
| throw Error("config.apeKeys.acceptedKeys needs to be set to true"); | ||
| const { apeKeyBytes, apeKeySaltRounds } = config.apeKeys; | ||
|
|
||
| const apiKey = randomBytes(apeKeyBytes).toString("base64url"); | ||
| const saltyHash = await hash(apiKey, apeKeySaltRounds); | ||
|
|
||
| const apeKey: MonkeyTypes.ApeKeyDB = { | ||
| _id: new ObjectId(), | ||
| name: "bob", | ||
| enabled: true, | ||
| uid, | ||
| hash: saltyHash, | ||
| createdOn: Date.now(), | ||
| modifiedOn: Date.now(), | ||
| lastUsedOn: -1, | ||
| useCount: 0, | ||
| }; | ||
|
|
||
| const apeKeyId = new ObjectId().toHexString(); | ||
|
|
||
| vi.spyOn(ApeKeyDal, "getApeKey").mockResolvedValue(apeKey); | ||
| vi.spyOn(ApeKeyDal, "updateLastUsedOn").mockResolvedValue(); | ||
|
|
||
| return base64UrlEncode(`${apeKeyId}.${apiKey}`); | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
194 changes: 194 additions & 0 deletions
194
backend/__tests__/api/controllers/configuration.spec.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,194 @@ | ||
| import request from "supertest"; | ||
| import app from "../../../src/app"; | ||
| import { | ||
| BASE_CONFIGURATION, | ||
| CONFIGURATION_FORM_SCHEMA, | ||
| } from "../../../src/constants/base-configuration"; | ||
| import * as Configuration from "../../../src/init/configuration"; | ||
| import type { Configuration as ConfigurationType } from "@monkeytype/contracts/schemas/configuration"; | ||
| import { ObjectId } from "mongodb"; | ||
| import * as Misc from "../../../src/utils/misc"; | ||
| import { DecodedIdToken } from "firebase-admin/auth"; | ||
| import * as AuthUtils from "../../../src/utils/auth"; | ||
| import * as AdminUuids from "../../../src/dal/admin-uids"; | ||
|
|
||
| const mockApp = request(app); | ||
| const uid = new ObjectId().toHexString(); | ||
| const mockDecodedToken = { | ||
| uid, | ||
| email: "[email protected]", | ||
| iat: 0, | ||
| } as DecodedIdToken; | ||
|
|
||
| describe("Configuration Controller", () => { | ||
| const isDevEnvironmentMock = vi.spyOn(Misc, "isDevEnvironment"); | ||
| const verifyIdTokenMock = vi.spyOn(AuthUtils, "verifyIdToken"); | ||
| const isAdminMock = vi.spyOn(AdminUuids, "isAdmin"); | ||
|
|
||
| beforeEach(() => { | ||
| isAdminMock.mockReset(); | ||
| verifyIdTokenMock.mockReset(); | ||
| isDevEnvironmentMock.mockReset(); | ||
|
|
||
| isDevEnvironmentMock.mockReturnValue(true); | ||
| isAdminMock.mockResolvedValue(true); | ||
| }); | ||
|
|
||
| describe("getConfiguration", () => { | ||
| it("should get without authentication", async () => { | ||
| //GIVEN | ||
|
|
||
| //WHEN | ||
| const { body } = await mockApp.get("/configuration").expect(200); | ||
|
|
||
| //THEN | ||
| expect(body).toEqual({ | ||
| message: "Configuration retrieved", | ||
| data: BASE_CONFIGURATION, | ||
| }); | ||
| }); | ||
| }); | ||
|
|
||
| describe("getConfigurationSchema", () => { | ||
| it("should get without authentication on dev", async () => { | ||
| //GIVEN | ||
|
|
||
| //WHEN | ||
| const { body } = await mockApp.get("/configuration/schema").expect(200); | ||
|
|
||
| //THEN | ||
| expect(body).toEqual({ | ||
| message: "Configuration schema retrieved", | ||
| data: CONFIGURATION_FORM_SCHEMA, | ||
| }); | ||
| }); | ||
|
|
||
| it("should fail without authentication on prod", async () => { | ||
| //GIVEN | ||
| isDevEnvironmentMock.mockReturnValue(false); | ||
|
|
||
| //WHEN | ||
| await mockApp.get("/configuration/schema").expect(401); | ||
| }); | ||
| it("should get with authentication on prod", async () => { | ||
| //GIVEN | ||
| isDevEnvironmentMock.mockReturnValue(false); | ||
| verifyIdTokenMock.mockResolvedValue(mockDecodedToken); | ||
|
|
||
| //WHEN | ||
| const { body } = await mockApp | ||
| .get("/configuration/schema") | ||
| .set("Authorization", "Bearer 123456789") | ||
| .expect(200); | ||
|
|
||
| //THEN | ||
| expect(body).toEqual({ | ||
| message: "Configuration schema retrieved", | ||
| data: CONFIGURATION_FORM_SCHEMA, | ||
| }); | ||
|
|
||
| expect(verifyIdTokenMock).toHaveBeenCalled(); | ||
| }); | ||
| it("should fail with non-admin user on prod", async () => { | ||
| //GIVEN | ||
| isDevEnvironmentMock.mockReturnValue(false); | ||
| verifyIdTokenMock.mockResolvedValue(mockDecodedToken); | ||
| isAdminMock.mockResolvedValue(false); | ||
|
|
||
| //WHEN | ||
| const { body } = await mockApp | ||
| .get("/configuration/schema") | ||
| .set("Authorization", "Bearer 123456789") | ||
| .expect(403); | ||
|
|
||
| //THEN | ||
| expect(body.message).toEqual("You don't have permission to do this."); | ||
| expect(verifyIdTokenMock).toHaveBeenCalled(); | ||
| expect(isAdminMock).toHaveBeenCalledWith(uid); | ||
| }); | ||
| }); | ||
|
|
||
| describe("updateConfiguration", () => { | ||
| const patchConfigurationMock = vi.spyOn( | ||
| Configuration, | ||
| "patchConfiguration" | ||
| ); | ||
| beforeEach(() => { | ||
| patchConfigurationMock.mockReset(); | ||
| patchConfigurationMock.mockResolvedValue(true); | ||
| }); | ||
|
|
||
| it("should update without authentication on dev", async () => { | ||
| //GIVEN | ||
| const patch = { | ||
| users: { | ||
| premium: { | ||
| enabled: true, | ||
| }, | ||
| }, | ||
| } as Partial<ConfigurationType>; | ||
|
|
||
| //WHEN | ||
| const { body } = await mockApp | ||
| .patch("/configuration") | ||
| .send({ configuration: patch }) | ||
| .expect(200); | ||
|
|
||
| //THEN | ||
| expect(body).toEqual({ | ||
| message: "Configuration updated", | ||
| data: null, | ||
| }); | ||
|
|
||
| expect(patchConfigurationMock).toHaveBeenCalledWith(patch); | ||
| }); | ||
|
|
||
| it("should fail update without authentication on prod", async () => { | ||
| //GIVEN | ||
| isDevEnvironmentMock.mockReturnValue(false); | ||
|
|
||
| //WHEN | ||
| await request(app) | ||
| .patch("/configuration") | ||
| .send({ configuration: {} }) | ||
| .expect(401); | ||
|
|
||
| //THEN | ||
| expect(patchConfigurationMock).not.toHaveBeenCalled(); | ||
| }); | ||
| it("should update with authentication on prod", async () => { | ||
| //GIVEN | ||
| isDevEnvironmentMock.mockReturnValue(false); | ||
| verifyIdTokenMock.mockResolvedValue(mockDecodedToken); | ||
|
|
||
| //WHEN | ||
| await mockApp | ||
| .patch("/configuration") | ||
| .set("Authorization", "Bearer 123456789") | ||
| .send({ configuration: {} }) | ||
| .expect(200); | ||
|
|
||
| //THEN | ||
| expect(patchConfigurationMock).toHaveBeenCalled(); | ||
| expect(verifyIdTokenMock).toHaveBeenCalled(); | ||
| }); | ||
|
|
||
| it("should fail for non admin users on prod", async () => { | ||
| //GIVEN | ||
| isDevEnvironmentMock.mockReturnValue(false); | ||
| isAdminMock.mockResolvedValue(false); | ||
| verifyIdTokenMock.mockResolvedValue(mockDecodedToken); | ||
|
|
||
| //WHEN | ||
| await mockApp | ||
| .patch("/configuration") | ||
| .set("Authorization", "Bearer 123456789") | ||
| .send({ configuration: {} }) | ||
| .expect(403); | ||
|
|
||
| //THEN | ||
| expect(patchConfigurationMock).not.toHaveBeenCalled(); | ||
| expect(isAdminMock).toHaveBeenCalledWith(uid); | ||
| }); | ||
| }); | ||
| }); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,59 @@ | ||
| import request from "supertest"; | ||
| import app from "../../../src/app"; | ||
|
|
||
| import { ObjectId } from "mongodb"; | ||
| import * as Misc from "../../../src/utils/misc"; | ||
|
|
||
| const uid = new ObjectId().toHexString(); | ||
| const mockApp = request(app); | ||
|
|
||
| describe("DevController", () => { | ||
| describe("generate testData", () => { | ||
| const isDevEnvironmentMock = vi.spyOn(Misc, "isDevEnvironment"); | ||
|
|
||
| beforeEach(() => { | ||
| isDevEnvironmentMock.mockReset(); | ||
| isDevEnvironmentMock.mockReturnValue(true); | ||
| }); | ||
|
|
||
| it("should fail on prod", async () => { | ||
| //GIVEN | ||
| isDevEnvironmentMock.mockReturnValue(false); | ||
| //WHEN | ||
| const { body } = await mockApp | ||
| .post("/dev/generateData") | ||
| .send({ username: "test" }) | ||
| .expect(503); | ||
| //THEN | ||
| expect(body.message).toEqual( | ||
| "Development endpoints are only available in DEV mode." | ||
| ); | ||
| }); | ||
| it("should fail without mandatory properties", async () => { | ||
| //WHEN | ||
| const { body } = await mockApp | ||
| .post("/dev/generateData") | ||
| .send({}) | ||
| .expect(422); | ||
|
|
||
| //THEN | ||
| expect(body).toEqual({ | ||
| message: "Invalid request data schema", | ||
| validationErrors: [`"username" Required`], | ||
| }); | ||
| }); | ||
| it("should fail with unknown properties", async () => { | ||
| //WHEN | ||
| const { body } = await mockApp | ||
| .post("/dev/generateData") | ||
| .send({ username: "Bob", extra: "value" }) | ||
| .expect(422); | ||
|
|
||
| //THEN | ||
| expect(body).toEqual({ | ||
| message: "Invalid request data schema", | ||
| validationErrors: ["Unrecognized key(s) in object: 'extra'"], | ||
| }); | ||
| }); | ||
| }); | ||
| }); |
Oops, something went wrong.