bbf9274d37
* chore: upgrade Vitest to 4.0.16 and Vite to 6.4.1 - Update vitest from 2.1.9 to 4.0.16 - Update @vitest/ui from 2.1.9 to 4.0.16 - Update vitest-fetch-mock from 0.3.0 to 0.4.5 - Update vitest-mock-extended from 2.0.2 to 3.1.0 - Update vite from 4.5.14/5.4.21 to 6.4.1 across all packages - Update @vitejs/plugin-react to 5.1.2 - Update @vitejs/plugin-react-swc to 4.2.2 - Update @vitejs/plugin-basic-ssl to 2.1.0 - Update vite-plugin-dts to 4.5.4 - Rename vitest.config.ts to vitest.config.mts for ESM compatibility - Add globals: true to vitest config Co-Authored-By: Volnei Munhoz <volnei.munhoz@gmail.com> * fix: address Vitest 4.0 and Vite 6 breaking changes - Convert arrow function mockImplementation patterns to regular functions (Vitest 4.0 breaking change: arrow functions can't be constructor mocks) - Fix CSS imports with ?inline suffix for Vite 6 compatibility - Add biome override to disable useArrowFunction rule for test files - Fix syntax errors in test files introduced by regex replacements Co-Authored-By: Volnei Munhoz <volnei.munhoz@gmail.com> * fix: fix remaining Vitest 4.0 constructor mock patterns Co-Authored-By: Volnei Munhoz <volnei.munhoz@gmail.com> * fix: fix more Vitest 4.0 constructor mock patterns and exclude API v2 spec files Co-Authored-By: Volnei Munhoz <volnei.munhoz@gmail.com> * fix: convert more arrow function mocks to regular functions for Vitest 4.0 Co-Authored-By: Volnei Munhoz <volnei.munhoz@gmail.com> * fix: convert more arrow function mocks to regular functions for Vitest 4.0 - Fix CrmService.integration.test.ts jsforce.Connection mock - Fix RetellSDKClient.test.ts Retell mock - Fix RetellAIService.test.ts CreditService mocks - Fix GoogleCalendarSubscriptionAdapter.test.ts CalendarAuth mock Co-Authored-By: Volnei Munhoz <volnei.munhoz@gmail.com> * fix: convert Google Calendar and OAuthManager arrow function mocks for Vitest 4.0 - Fix googleapis.ts Calendar, OAuth2Client, and JWT mocks - Fix utils.ts JWT mock - Fix OAuthManager.ts defaultMockOAuthManager mock Co-Authored-By: Volnei Munhoz <volnei.munhoz@gmail.com> * fix: add React plugin, jsdom environment, and fix more constructor mocks for Vitest 4.0 Co-Authored-By: Volnei Munhoz <volnei.munhoz@gmail.com> * fix: convert HostRepository PrismaClient mock to regular function for Vitest 4.0 Co-Authored-By: Volnei Munhoz <volnei.munhoz@gmail.com> * fix: add useOrgBranding mock to React component tests for Vitest 4.0 Co-Authored-By: Volnei Munhoz <volnei.munhoz@gmail.com> * fix: update TestFunction type for Vitest 4.0 compatibility Co-Authored-By: Volnei Munhoz <volnei.munhoz@gmail.com> * fix: convert listBookingReports constructor mocks to regular functions for Vitest 4.0 Co-Authored-By: Volnei Munhoz <volnei.munhoz@gmail.com> * fix: convert UserRepository constructor mock to regular function for Vitest 4.0 Co-Authored-By: Volnei Munhoz <volnei.munhoz@gmail.com> * fix: convert OrganizationPaymentService constructor mock to regular function for Vitest 4.0 Co-Authored-By: Volnei Munhoz <volnei.munhoz@gmail.com> * fix: convert more constructor mocks to regular functions for Vitest 4.0 Co-Authored-By: Volnei Munhoz <volnei.munhoz@gmail.com> * fix: add apps/web path aliases to vitest config Co-Authored-By: Volnei Munhoz <volnei.munhoz@gmail.com> * fix: fix test issues for Vitest 4.0 compatibility - Fix Response constructor 204 status code issue in testUtils.ts - Fix FeaturesRepository mock persistence in handleNotificationWhenNoSlots.test.ts - Add @vitest-environment node directive to formSubmissionUtils.test.ts - Fix document.querySelector mock in embed.test.ts Co-Authored-By: Volnei Munhoz <volnei.munhoz@gmail.com> * fix: clear EventManager spy between tests for Vitest 4.0 compatibility Co-Authored-By: Volnei Munhoz <volnei.munhoz@gmail.com> * fix: update TeamRepository mock pattern for Vitest 4.0 compatibility Co-Authored-By: Volnei Munhoz <volnei.munhoz@gmail.com> * fix: convert RoutingFormResponseRepository mock to regular function for Vitest 4.0 Co-Authored-By: Volnei Munhoz <volnei.munhoz@gmail.com> * fix: convert more constructor mocks to regular functions for Vitest 4.0 Co-Authored-By: Volnei Munhoz <volnei.munhoz@gmail.com> * fix: fix mock reset and spy clear issues for Vitest 4.0 Co-Authored-By: Volnei Munhoz <volnei.munhoz@gmail.com> * fix: fix remaining test failures for Vitest 4.0 upgrade - Fix booking-validations.test.ts: convert UserRepository mock to regular function - Fix route.test.ts: update 500 error test to mock ImageResponse instead of fetch - Fix users-public-view.test.tsx: add missing mocks for getOrgFullOrigin and useRouterQuery - Add @calcom/web path alias to vitest config Co-Authored-By: Volnei Munhoz <volnei.munhoz@gmail.com> * fix: add vitest-mocks for generated files that don't exist in CI - Add svg-hashes.json mock for route.test.ts - Add tailwind.generated.css mock for embed.test.ts - Update vitest config to use mock files Co-Authored-By: Volnei Munhoz <volnei.munhoz@gmail.com> * fix: update vitest config aliases for CI compatibility - Use array format for aliases to ensure proper ordering - Add @calcom/platform-constants alias to resolve from source - Add @calcom/embed-react alias to resolve from source - Ensure svg-hashes.json mock alias is matched before @calcom/web Co-Authored-By: Volnei Munhoz <volnei.munhoz@gmail.com> * fix: add @calcom/embed-snippet alias for CI compatibility Co-Authored-By: Volnei Munhoz <volnei.munhoz@gmail.com> * Fix wrong test * fix: migrate from CLI flags to VITEST_MODE env var for Vitest 4.0 Vitest 4.0 no longer allows custom CLI flags like --packaged-embed-tests-only. This change migrates to using VITEST_MODE environment variable instead: - VITEST_MODE=packaged-embed for packaged embed tests - VITEST_MODE=integration for integration tests - VITEST_MODE=timezone for timezone-dependent tests Updated vitest.config.mts to handle mode-based include/exclude patterns. Updated CI workflows and package scripts to use the new env var approach. Co-Authored-By: Volnei Munhoz <volnei.munhoz@gmail.com> * fix: return default include pattern instead of undefined in vitest config The getTestInclude() function was returning undefined for the default case, but Vitest 4.0 expects an array. This caused 'resolved.include is not iterable' error in CI. Co-Authored-By: Volnei Munhoz <volnei.munhoz@gmail.com> * fix: always set INTEGRATION_TEST_MODE for jsdom environment The getBookingFields.ts file checks for INTEGRATION_TEST_MODE to allow server-side imports in the jsdom environment. Without this, tests fail with 'getBookingFields must not be imported on the client side' error. Co-Authored-By: Volnei Munhoz <volnei.munhoz@gmail.com> * fix: support legacy CLI flags for backwards compatibility with main workflow The CI runs workflows from main branch, which uses the old CLI flag approach (yarn test -- --integrationTestsOnly). This commit adds backwards compatibility by checking both VITEST_MODE env var and process.argv for the legacy flags. Co-Authored-By: Volnei Munhoz <volnei.munhoz@gmail.com> --------- Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
835 lines
27 KiB
TypeScript
835 lines
27 KiB
TypeScript
import { describe, it, vi, expect, beforeEach } from "vitest";
|
|
|
|
import { PermissionCheckService } from "@calcom/features/pbac/services/permission-check.service";
|
|
import { MembershipRole } from "@calcom/prisma/enums";
|
|
|
|
import { TRPCError } from "@trpc/server";
|
|
|
|
import type { TeamWithParent } from "./types";
|
|
import type { UserWithMembership } from "./utils";
|
|
import { INVITE_STATUS } from "./utils";
|
|
import {
|
|
ensureAtleastAdminPermissions,
|
|
getUniqueInvitationsOrThrowIfEmpty,
|
|
getOrgState,
|
|
getOrgConnectionInfo,
|
|
canBeInvited,
|
|
getAutoJoinStatus,
|
|
checkInputEmailIsValid,
|
|
createMemberships,
|
|
} from "./utils";
|
|
|
|
const { mockCreateMany } = vi.hoisted(() => {
|
|
const mockCreateManyFn = vi.fn();
|
|
return { mockCreateMany: mockCreateManyFn };
|
|
});
|
|
|
|
vi.mock("@calcom/prisma", () => {
|
|
return {
|
|
prisma: {
|
|
membership: {
|
|
createMany: mockCreateMany,
|
|
},
|
|
},
|
|
};
|
|
});
|
|
|
|
vi.mock("@calcom/features/pbac/utils/isOrganisationAdmin", () => {
|
|
return {
|
|
isOrganisationAdmin: vi.fn(),
|
|
isOrganisationOwner: vi.fn(),
|
|
};
|
|
});
|
|
|
|
vi.mock("@calcom/features/pbac/services/permission-check.service", () => {
|
|
return {
|
|
PermissionCheckService: vi.fn(),
|
|
};
|
|
});
|
|
|
|
vi.mock("@calcom/lib/logger", () => {
|
|
const mockSubLogger = {
|
|
debug: vi.fn(),
|
|
error: vi.fn(),
|
|
log: vi.fn(),
|
|
warn: vi.fn(),
|
|
info: vi.fn(),
|
|
getSubLogger: vi.fn(() => mockSubLogger),
|
|
};
|
|
return {
|
|
default: {
|
|
getSubLogger: vi.fn(() => mockSubLogger),
|
|
error: vi.fn(),
|
|
debug: vi.fn(),
|
|
log: vi.fn(),
|
|
warn: vi.fn(),
|
|
info: vi.fn(),
|
|
},
|
|
};
|
|
});
|
|
|
|
const mockedRegularTeam: TeamWithParent = {
|
|
id: 1,
|
|
name: "Team A",
|
|
slug: null,
|
|
appLogo: null,
|
|
appIconLogo: null,
|
|
bio: null,
|
|
hideBranding: false,
|
|
pendingPayment: false,
|
|
hideBookATeamMember: false,
|
|
createdAt: new Date(),
|
|
brandColor: "#292929",
|
|
darkBrandColor: "#fafafa",
|
|
timeZone: "Europe/London",
|
|
weekStart: "Sunday",
|
|
theme: null,
|
|
timeFormat: null,
|
|
metadata: null,
|
|
parentId: null,
|
|
parent: null,
|
|
isPrivate: false,
|
|
logoUrl: "",
|
|
isOrganization: false,
|
|
calVideoLogo: "",
|
|
bannerUrl: "",
|
|
isPlatform: false,
|
|
smsLockState: "LOCKED",
|
|
createdByOAuthClientId: null,
|
|
smsLockReviewedByAdmin: false,
|
|
hideTeamProfileLink: false,
|
|
rrResetInterval: null,
|
|
rrTimestampBasis: "CREATED_AT",
|
|
bookingLimits: null,
|
|
includeManagedEventsInLimits: false,
|
|
};
|
|
|
|
const mockedSubTeam = {
|
|
...mockedRegularTeam,
|
|
parentId: 1000,
|
|
};
|
|
|
|
const mockUser: UserWithMembership = {
|
|
id: 4,
|
|
username: "pro",
|
|
email: "pro@example.com",
|
|
password: {
|
|
hash: "",
|
|
userId: 0,
|
|
},
|
|
completedOnboarding: true,
|
|
identityProvider: "CAL",
|
|
profiles: [],
|
|
};
|
|
|
|
const userInTeamAccepted: UserWithMembership = {
|
|
...mockUser,
|
|
teams: [{ teamId: mockedRegularTeam.id, accepted: true, userId: mockUser.id, role: "MEMBER" }],
|
|
};
|
|
|
|
const userInTeamNotAccepted: UserWithMembership = {
|
|
...mockUser,
|
|
teams: [{ teamId: mockedRegularTeam.id, accepted: false, userId: mockUser.id, role: "MEMBER" }],
|
|
};
|
|
|
|
describe("Invite Member Utils", () => {
|
|
describe("ensureAtleastAdminPermissions", () => {
|
|
it("It should throw an error if the user is not an admin of the ORG", async () => {
|
|
const mockCheckPermission = vi.fn().mockResolvedValue(false);
|
|
vi.mocked(PermissionCheckService).mockImplementation(function () {
|
|
return {
|
|
checkPermission: mockCheckPermission,
|
|
} as any;
|
|
});
|
|
|
|
await expect(ensureAtleastAdminPermissions({ userId: 1, teamId: 1, isOrg: true })).rejects.toThrow(
|
|
"UNAUTHORIZED"
|
|
);
|
|
|
|
expect(mockCheckPermission).toHaveBeenCalledWith({
|
|
userId: 1,
|
|
teamId: 1,
|
|
permission: "organization.invite",
|
|
fallbackRoles: ["OWNER", "ADMIN"],
|
|
});
|
|
});
|
|
|
|
it("It should NOT throw an error if the user is an admin of the ORG", async () => {
|
|
const mockCheckPermission = vi.fn().mockResolvedValue(true);
|
|
vi.mocked(PermissionCheckService).mockImplementation(function () {
|
|
return {
|
|
checkPermission: mockCheckPermission,
|
|
} as any;
|
|
});
|
|
|
|
await expect(
|
|
ensureAtleastAdminPermissions({ userId: 1, teamId: 1, isOrg: true })
|
|
).resolves.not.toThrow();
|
|
|
|
expect(mockCheckPermission).toHaveBeenCalledWith({
|
|
userId: 1,
|
|
teamId: 1,
|
|
permission: "organization.invite",
|
|
fallbackRoles: ["OWNER", "ADMIN"],
|
|
});
|
|
});
|
|
});
|
|
|
|
describe("getUniqueInvitationsOrThrowIfEmpty", () => {
|
|
it("should throw a TRPCError with code BAD_REQUEST if no emails are provided", async () => {
|
|
await expect(getUniqueInvitationsOrThrowIfEmpty([])).rejects.toThrow(TRPCError);
|
|
});
|
|
|
|
it("should return an array with multiple emails if an array is provided", async () => {
|
|
const result = await getUniqueInvitationsOrThrowIfEmpty([
|
|
{ usernameOrEmail: "test1@example.com", role: MembershipRole.MEMBER },
|
|
{ usernameOrEmail: "test2@example.com", role: MembershipRole.MEMBER },
|
|
]);
|
|
expect(result).toEqual([
|
|
{ usernameOrEmail: "test1@example.com", role: MembershipRole.MEMBER },
|
|
{ usernameOrEmail: "test2@example.com", role: MembershipRole.MEMBER },
|
|
]);
|
|
});
|
|
});
|
|
describe("checkInputEmailIsValid", () => {
|
|
it("should throw a TRPCError with code BAD_REQUEST if the email is invalid", () => {
|
|
const invalidEmail = "invalid-email";
|
|
expect(() => checkInputEmailIsValid(invalidEmail)).toThrow(TRPCError);
|
|
expect(() => checkInputEmailIsValid(invalidEmail)).toThrowError(
|
|
"Invite failed because invalid-email is not a valid email address"
|
|
);
|
|
});
|
|
|
|
it("should not throw an error if the email is valid", () => {
|
|
const validEmail = "valid-email@example.com";
|
|
const validEmailWithApostrophe = "valid'email@example.com";
|
|
expect(() => checkInputEmailIsValid(validEmail)).not.toThrow();
|
|
expect(() => checkInputEmailIsValid(validEmailWithApostrophe)).not.toThrow();
|
|
});
|
|
});
|
|
describe("getOrgConnectionInfo", () => {
|
|
const orgAutoAcceptDomain = "example.com";
|
|
const email = "user@example.com";
|
|
|
|
it("should return autoAccept:false when orgVerified is false even if email domain matches orgAutoAcceptDomain", () => {
|
|
const result = getOrgConnectionInfo({
|
|
orgAutoAcceptDomain,
|
|
orgVerified: false,
|
|
email,
|
|
team: {
|
|
...mockedRegularTeam,
|
|
parentId: 2,
|
|
},
|
|
isOrg: false,
|
|
});
|
|
expect(result).toEqual({ orgId: 2, autoAccept: false });
|
|
});
|
|
|
|
it("should return orgId and autoAccept as false if team has parent and email domain does not match orgAutoAcceptDomain", () => {
|
|
const result = getOrgConnectionInfo({
|
|
orgAutoAcceptDomain,
|
|
orgVerified: true,
|
|
email: "user@other.com",
|
|
team: {
|
|
...mockedRegularTeam,
|
|
parentId: 2,
|
|
},
|
|
isOrg: false,
|
|
});
|
|
expect(result).toEqual({ orgId: undefined, autoAccept: false });
|
|
});
|
|
|
|
it("should return orgId and autoAccept as true if team has no parent and isOrg is true and email domain matches orgAutoAcceptDomain", () => {
|
|
const result = getOrgConnectionInfo({
|
|
orgAutoAcceptDomain,
|
|
orgVerified: true,
|
|
email,
|
|
team: { ...mockedRegularTeam, parentId: null },
|
|
isOrg: true,
|
|
});
|
|
expect(result).toEqual({ orgId: 1, autoAccept: true });
|
|
});
|
|
|
|
it("should return orgId and autoAccept as false if team has no parent and isOrg is true and email domain does not match orgAutoAcceptDomain", () => {
|
|
const result = getOrgConnectionInfo({
|
|
orgAutoAcceptDomain,
|
|
orgVerified: false,
|
|
email: "user@other.com",
|
|
team: { ...mockedRegularTeam, parentId: null },
|
|
isOrg: true,
|
|
});
|
|
expect(result).toEqual({ orgId: undefined, autoAccept: false });
|
|
});
|
|
|
|
it("should return orgId and autoAccept as false if team has no parent and isOrg is true and email domain matches orgAutoAcceptDomain but orgVerified is false", () => {
|
|
const result = getOrgConnectionInfo({
|
|
orgAutoAcceptDomain,
|
|
orgVerified: false,
|
|
email,
|
|
team: { ...mockedRegularTeam, parentId: null },
|
|
isOrg: true,
|
|
});
|
|
expect(result).toEqual({ orgId: mockedRegularTeam.id, autoAccept: false });
|
|
});
|
|
});
|
|
describe("getOrgState", () => {
|
|
it("should return the correct values when isOrg is true and teamMetadata.orgAutoAcceptEmail is true", () => {
|
|
const team = {
|
|
organizationSettings: {
|
|
id: 1,
|
|
teamId: 1,
|
|
isOrganizationConfigured: false,
|
|
isOrganizationVerified: true,
|
|
orgAutoAcceptEmail: "example.com",
|
|
organizationId: 1,
|
|
lockEventTypeCreationForUsers: false,
|
|
adminGetsNoSlotsNotification: false,
|
|
isAdminReviewed: false,
|
|
isAdminAPIEnabled: false,
|
|
allowSEOIndexing: false,
|
|
orgProfileRedirectsToVerifiedDomain: false,
|
|
disablePhoneOnlySMSNotifications: false,
|
|
},
|
|
slug: "abc",
|
|
parent: null,
|
|
isOrganization: true,
|
|
};
|
|
const result = getOrgState(true, { ...mockedRegularTeam, ...team });
|
|
expect(result).toEqual({
|
|
isInOrgScope: true,
|
|
orgVerified: true,
|
|
orgConfigured: false,
|
|
orgPublished: true,
|
|
autoAcceptEmailDomain: "example.com",
|
|
});
|
|
});
|
|
|
|
it("should return the correct values when orgMetadataIfExists.orgAutoAcceptEmail is true", () => {
|
|
const team = {
|
|
metadata: {},
|
|
parent: {
|
|
...mockedRegularTeam,
|
|
organizationSettings: {
|
|
id: 1,
|
|
teamId: 1,
|
|
isOrganizationConfigured: false,
|
|
isOrganizationVerified: false,
|
|
orgAutoAcceptEmail: "example.com",
|
|
organizationId: 1,
|
|
lockEventTypeCreationForUsers: false,
|
|
adminGetsNoSlotsNotification: false,
|
|
isAdminReviewed: false,
|
|
isAdminAPIEnabled: false,
|
|
allowSEOIndexing: false,
|
|
orgProfileRedirectsToVerifiedDomain: false,
|
|
disablePhoneOnlySMSNotifications: false,
|
|
},
|
|
},
|
|
};
|
|
const result = getOrgState(false, { ...mockedRegularTeam, ...team });
|
|
expect(result).toEqual({
|
|
isInOrgScope: true,
|
|
orgVerified: false,
|
|
orgConfigured: false,
|
|
orgPublished: false,
|
|
autoAcceptEmailDomain: "example.com",
|
|
});
|
|
});
|
|
|
|
it("should return the correct values when neither isOrg nor orgMetadataIfExists.orgAutoAcceptEmail is true", () => {
|
|
const team = {
|
|
metadata: {},
|
|
parent: null,
|
|
};
|
|
const result = getOrgState(false, { ...mockedRegularTeam, ...team });
|
|
expect(result).toEqual({
|
|
isInOrgScope: false,
|
|
orgVerified: null,
|
|
orgConfigured: null,
|
|
orgPublished: null,
|
|
autoAcceptEmailDomain: null,
|
|
});
|
|
});
|
|
});
|
|
|
|
describe("canBeInvited: Check if user can be invited to the team/org", () => {
|
|
const invitee: UserWithMembership = {
|
|
...mockUser,
|
|
id: 1,
|
|
username: "testuser",
|
|
email: "testuser@example.com",
|
|
profiles: [],
|
|
};
|
|
|
|
it("should return CAN_BE_INVITED when inviting to an sub-team if the invitee is a member of the organization", () => {
|
|
const inviteeOrganizationId = 2;
|
|
const inviteeWithOrg: UserWithMembership = {
|
|
...invitee,
|
|
profiles: [getSampleProfile({ organizationId: inviteeOrganizationId })],
|
|
};
|
|
|
|
const subTeam = {
|
|
...mockedRegularTeam,
|
|
parentId: inviteeOrganizationId,
|
|
};
|
|
|
|
expect(canBeInvited(inviteeWithOrg, subTeam)).toBe(INVITE_STATUS.CAN_BE_INVITED);
|
|
});
|
|
|
|
it("should return CAN_BE_INVITED if the user is invited to a sub-team of the organization the user belongs to", () => {
|
|
const inviteeOrgId = 2;
|
|
const subTeamOrgId = inviteeOrgId;
|
|
const inviteeWithOrg: UserWithMembership = {
|
|
...invitee,
|
|
profiles: [getSampleProfile({ organizationId: 2 })],
|
|
teams: [{ teamId: 2, accepted: true, userId: invitee.id, role: "ADMIN" }],
|
|
};
|
|
|
|
const subTeam = {
|
|
...mockedRegularTeam,
|
|
parentId: subTeamOrgId,
|
|
id: 1,
|
|
};
|
|
expect(canBeInvited(inviteeWithOrg, subTeam)).toBe(INVITE_STATUS.CAN_BE_INVITED);
|
|
});
|
|
|
|
it("should return CAN_BE_INVITED if the invitee does not already belong to another organization and is being invited to a regular team", () => {
|
|
expect(canBeInvited(invitee, mockedRegularTeam)).toBe(INVITE_STATUS.CAN_BE_INVITED);
|
|
});
|
|
|
|
it("should return USER_ALREADY_INVITED_OR_MEMBER when inviting a user who is already a member of the team", () => {
|
|
const teamId = 1;
|
|
const inviteeWithOrg: UserWithMembership = {
|
|
...invitee,
|
|
teams: [{ teamId: teamId, accepted: true, userId: invitee.id, role: "ADMIN" }],
|
|
};
|
|
const regularTeam = {
|
|
...mockedRegularTeam,
|
|
id: teamId,
|
|
};
|
|
expect(canBeInvited(inviteeWithOrg, regularTeam)).toBe(INVITE_STATUS.USER_ALREADY_INVITED_OR_MEMBER);
|
|
});
|
|
|
|
it("should return USER_ALREADY_INVITED_OR_MEMBER when inviting a user to sub-team who is already a member of the sub-team", () => {
|
|
const teamId = 1;
|
|
const inviteeOrgId = 2;
|
|
const inviteeWithOrg: UserWithMembership = {
|
|
...invitee,
|
|
profiles: [getSampleProfile({ organizationId: inviteeOrgId })],
|
|
teams: [
|
|
{ teamId: teamId, accepted: true, userId: invitee.id, role: "ADMIN" },
|
|
{ teamId: inviteeOrgId, accepted: true, userId: invitee.id, role: "ADMIN" },
|
|
],
|
|
};
|
|
const subTeam = {
|
|
...mockedRegularTeam,
|
|
parentId: inviteeOrgId,
|
|
id: teamId,
|
|
};
|
|
expect(canBeInvited(inviteeWithOrg, subTeam)).toBe(INVITE_STATUS.USER_ALREADY_INVITED_OR_MEMBER);
|
|
});
|
|
|
|
it("should return USER_ALREADY_INVITED_OR_MEMBER when inviting a user to an organization who is already a member of the organization", () => {
|
|
const inviteeOrgId = 2;
|
|
const inviteeWithOrg: UserWithMembership = {
|
|
...invitee,
|
|
profiles: [getSampleProfile({ organizationId: inviteeOrgId })],
|
|
teams: [{ teamId: inviteeOrgId, accepted: true, userId: invitee.id, role: "ADMIN" }],
|
|
};
|
|
const organization = {
|
|
...mockedRegularTeam,
|
|
parentId: null,
|
|
id: inviteeOrgId,
|
|
isOrganization: true,
|
|
};
|
|
expect(canBeInvited(inviteeWithOrg, organization)).toBe(INVITE_STATUS.USER_ALREADY_INVITED_OR_MEMBER);
|
|
});
|
|
|
|
it("should return USER_PENDING_MEMBER_OF_THE_ORG if the invitee is being invited to a team in an organization but he has not accepted the organization membership", () => {
|
|
const inviteeOrganizationId = 2;
|
|
const inviteeWithOrg: UserWithMembership = {
|
|
...invitee,
|
|
teams: [{ teamId: inviteeOrganizationId, accepted: false, userId: invitee.id, role: "ADMIN" }],
|
|
};
|
|
|
|
const subTeam = {
|
|
...mockedRegularTeam,
|
|
parentId: inviteeOrganizationId,
|
|
id: 1,
|
|
};
|
|
expect(canBeInvited(inviteeWithOrg, subTeam)).toBe(INVITE_STATUS.USER_PENDING_MEMBER_OF_THE_ORG);
|
|
});
|
|
|
|
it("should return USER_MEMBER_OF_OTHER_ORGANIZATION if the invitee is being invited to an organization but he belongs to another organization", () => {
|
|
const inviteeOrganizationId = 2;
|
|
const organizationIdBeingInvitedTo = 3;
|
|
const inviteeWithOrg: UserWithMembership = {
|
|
...invitee,
|
|
profiles: [
|
|
getSampleProfile({
|
|
organizationId: inviteeOrganizationId,
|
|
}),
|
|
],
|
|
teams: [{ teamId: inviteeOrganizationId, accepted: true, userId: invitee.id, role: "ADMIN" }],
|
|
};
|
|
|
|
const organization = {
|
|
...mockedRegularTeam,
|
|
id: organizationIdBeingInvitedTo,
|
|
isOrganization: true,
|
|
};
|
|
expect(canBeInvited(inviteeWithOrg, organization)).toBe(
|
|
INVITE_STATUS.USER_MEMBER_OF_OTHER_ORGANIZATION
|
|
);
|
|
});
|
|
|
|
it("should return CAN_BE_INVITED if the user being invited has a profile with the organization already", () => {
|
|
const organizationId = 3;
|
|
const inviteeWithOrg: UserWithMembership = {
|
|
...invitee,
|
|
profiles: [
|
|
getSampleProfile({
|
|
organizationId: organizationId,
|
|
}),
|
|
],
|
|
teams: [],
|
|
};
|
|
|
|
const organization = {
|
|
...mockedRegularTeam,
|
|
id: organizationId,
|
|
isOrganization: true,
|
|
};
|
|
expect(canBeInvited(inviteeWithOrg, organization)).toBe(INVITE_STATUS.CAN_BE_INVITED);
|
|
});
|
|
|
|
it("should return USER_MEMBER_OF_OTHER_ORGANIZATION if the invitee is being invited to a sub-team in an organization but he belongs to another organization", () => {
|
|
const inviteeOrganizationId = 2;
|
|
const subTeamOrganizationId = 3;
|
|
const inviteeWithOrg: UserWithMembership = {
|
|
...invitee,
|
|
profiles: [
|
|
getSampleProfile({
|
|
organizationId: inviteeOrganizationId,
|
|
}),
|
|
],
|
|
teams: [{ teamId: inviteeOrganizationId, accepted: true, userId: invitee.id, role: "ADMIN" }],
|
|
};
|
|
|
|
const teamWithOrg = {
|
|
...mockedRegularTeam,
|
|
parentId: subTeamOrganizationId,
|
|
id: 1,
|
|
};
|
|
expect(canBeInvited(inviteeWithOrg, teamWithOrg)).toBe(INVITE_STATUS.USER_MEMBER_OF_OTHER_ORGANIZATION);
|
|
});
|
|
|
|
it("should return 'USER_MEMBER_OF_OTHER_ORGANIZATION' when the invitee is invited to a regular team but the he is a part of an organization", () => {
|
|
const inviteeOrganizationId = 2;
|
|
const inviteeWithOrg: UserWithMembership = {
|
|
...invitee,
|
|
profiles: [getSampleProfile({ organizationId: inviteeOrganizationId })],
|
|
teams: [{ teamId: inviteeOrganizationId, accepted: true, userId: invitee.id, role: "ADMIN" }],
|
|
};
|
|
|
|
const regularTeam = { ...mockedRegularTeam };
|
|
|
|
expect(canBeInvited(inviteeWithOrg, regularTeam)).toBe(INVITE_STATUS.USER_MEMBER_OF_OTHER_ORGANIZATION);
|
|
});
|
|
});
|
|
|
|
describe("shouldAutoJoinIfInOrg", () => {
|
|
it("should return autoAccept: false if the team is a sub-team but not in the user's organization", async () => {
|
|
const result = getAutoJoinStatus({
|
|
team: mockedSubTeam,
|
|
invitee: userInTeamAccepted,
|
|
connectionInfoMap: {
|
|
[userInTeamAccepted.email]: {
|
|
orgId: mockedRegularTeam.id,
|
|
autoAccept: false,
|
|
},
|
|
},
|
|
});
|
|
expect(result).toEqual({
|
|
autoAccept: false,
|
|
needToCreateOrgMembership: true,
|
|
needToCreateProfile: false,
|
|
});
|
|
});
|
|
|
|
it("should return autoAccept: true in case email is auto-acceptable even if the team is a sub-team but not in the user's organization ", async () => {
|
|
const result = getAutoJoinStatus({
|
|
team: mockedSubTeam,
|
|
invitee: userInTeamAccepted,
|
|
connectionInfoMap: {
|
|
[userInTeamAccepted.email]: {
|
|
orgId: mockedRegularTeam.id,
|
|
autoAccept: true,
|
|
},
|
|
},
|
|
});
|
|
expect(result).toEqual({
|
|
autoAccept: true,
|
|
needToCreateOrgMembership: true,
|
|
needToCreateProfile: true,
|
|
});
|
|
});
|
|
|
|
it("should return autoAccept: false if the team is neither a sub-team, nor an organization. It is a regular team ", async () => {
|
|
const result = getAutoJoinStatus({
|
|
team: {
|
|
...mockedRegularTeam,
|
|
parentId: null,
|
|
},
|
|
invitee: userInTeamAccepted,
|
|
connectionInfoMap: {
|
|
[userInTeamAccepted.email]: {
|
|
orgId: mockedRegularTeam.id,
|
|
autoAccept: false,
|
|
},
|
|
},
|
|
});
|
|
expect(result).toEqual({
|
|
autoAccept: false,
|
|
needToCreateOrgMembership: null,
|
|
needToCreateProfile: null,
|
|
});
|
|
});
|
|
|
|
it("should return `autoAccept: false` if team has parent organization and invitee has not accepted membership to organization - even if email is autoAcceptable", async () => {
|
|
const result = getAutoJoinStatus({
|
|
team: { ...mockedRegularTeam, parentId: mockedRegularTeam.id },
|
|
invitee: {
|
|
...userInTeamNotAccepted,
|
|
profiles: [getSampleProfile({ organizationId: mockedRegularTeam.id })],
|
|
},
|
|
connectionInfoMap: {
|
|
[userInTeamAccepted.email]: {
|
|
orgId: mockedRegularTeam.id,
|
|
autoAccept: true,
|
|
},
|
|
},
|
|
});
|
|
expect(result).toEqual({
|
|
autoAccept: false,
|
|
needToCreateOrgMembership: false,
|
|
needToCreateProfile: false,
|
|
});
|
|
});
|
|
|
|
it("should return `autoAccept: true` if team has parent organization and invitee has accepted membership to organization", async () => {
|
|
const result = getAutoJoinStatus({
|
|
team: { ...mockedRegularTeam, parentId: mockedRegularTeam.id },
|
|
invitee: {
|
|
...userInTeamAccepted,
|
|
profiles: [getSampleProfile()],
|
|
},
|
|
connectionInfoMap: {
|
|
[userInTeamAccepted.email]: {
|
|
orgId: mockedRegularTeam.id,
|
|
autoAccept: false,
|
|
},
|
|
},
|
|
});
|
|
expect(result).toEqual({
|
|
autoAccept: true,
|
|
needToCreateOrgMembership: false,
|
|
needToCreateProfile: false,
|
|
});
|
|
});
|
|
});
|
|
|
|
describe("createMemberships - Privilege Escalation Prevention", () => {
|
|
beforeEach(() => {
|
|
mockCreateMany.mockClear();
|
|
mockCreateMany.mockResolvedValue({ count: 0 });
|
|
});
|
|
|
|
it("should NOT escalate privilege when attacker has OWNER role in unrelated team", async () => {
|
|
const attackerTeamId = 999; // Attacker's personal team
|
|
const victimTeamId = 100; // Victim team being invited to
|
|
const victimOrgId = 200; // Parent organization of victim team
|
|
|
|
const attacker: UserWithMembership & {
|
|
newRole: MembershipRole;
|
|
needToCreateOrgMembership: boolean | null;
|
|
} = {
|
|
...mockUser,
|
|
id: 1,
|
|
email: "attacker@example.com",
|
|
username: "attacker",
|
|
teams: [
|
|
// Attacker controls this - OWNER role in their personal team (first in array)
|
|
{ teamId: attackerTeamId, userId: 1, accepted: true, role: MembershipRole.OWNER },
|
|
// Some other unrelated membership
|
|
{ teamId: 50, userId: 1, accepted: true, role: MembershipRole.MEMBER },
|
|
],
|
|
newRole: MembershipRole.MEMBER, // Inviter wants to invite as MEMBER
|
|
needToCreateOrgMembership: true,
|
|
};
|
|
|
|
await createMemberships({
|
|
teamId: victimTeamId,
|
|
language: "en",
|
|
invitees: [attacker],
|
|
parentId: victimOrgId,
|
|
accepted: false,
|
|
});
|
|
|
|
// Verify createMany was called
|
|
expect(mockCreateMany).toHaveBeenCalledTimes(1);
|
|
|
|
// Get the data that was passed to createMany
|
|
const callArgs = mockCreateMany.mock.calls[0][0];
|
|
const createdMemberships = callArgs.data;
|
|
|
|
// Should create 2 memberships: one for team, one for org
|
|
expect(createdMemberships).toHaveLength(2);
|
|
|
|
// Check team membership - should be MEMBER (inviter's choice), NOT OWNER
|
|
const teamMembership = createdMemberships.find((m: any) => m.teamId === victimTeamId);
|
|
expect(teamMembership).toBeDefined();
|
|
expect(teamMembership.role).toBe(MembershipRole.MEMBER);
|
|
expect(teamMembership.userId).toBe(attacker.id);
|
|
expect(teamMembership.accepted).toBe(false);
|
|
|
|
// Check org membership
|
|
const orgMembership = createdMemberships.find((m: any) => m.teamId === victimOrgId);
|
|
expect(orgMembership).toBeDefined();
|
|
expect(orgMembership.role).toBe(MembershipRole.MEMBER);
|
|
});
|
|
|
|
it("should preserve ADMIN role when user is already ADMIN in parent organization", async () => {
|
|
const teamId = 100;
|
|
const parentOrgId = 200;
|
|
|
|
const existingAdmin: UserWithMembership & {
|
|
newRole: MembershipRole;
|
|
needToCreateOrgMembership: boolean | null;
|
|
} = {
|
|
...mockUser,
|
|
id: 2,
|
|
email: "admin@example.com",
|
|
username: "admin",
|
|
teams: [
|
|
// User is already ADMIN in the parent org
|
|
{ teamId: parentOrgId, userId: 2, accepted: true, role: MembershipRole.ADMIN },
|
|
],
|
|
newRole: MembershipRole.MEMBER, // Inviter wants MEMBER, but should preserve ADMIN
|
|
needToCreateOrgMembership: false, // Already has org membership
|
|
};
|
|
|
|
await createMemberships({
|
|
teamId,
|
|
language: "en",
|
|
invitees: [existingAdmin],
|
|
parentId: parentOrgId,
|
|
accepted: true,
|
|
});
|
|
|
|
const callArgs = mockCreateMany.mock.calls[0][0];
|
|
const createdMemberships = callArgs.data;
|
|
|
|
// Should only create team membership (org membership already exists)
|
|
expect(createdMemberships).toHaveLength(1);
|
|
|
|
// Should preserve ADMIN role since user is ADMIN in parent org
|
|
const teamMembership = createdMemberships.find((m: any) => m.teamId === teamId);
|
|
expect(teamMembership.role).toBe(MembershipRole.ADMIN);
|
|
});
|
|
|
|
it("should use inviter's role when user has no membership in parent organization", async () => {
|
|
const teamId = 100;
|
|
const parentOrgId = 200;
|
|
const unrelatedTeamId = 999;
|
|
|
|
const user: UserWithMembership & {
|
|
newRole: MembershipRole;
|
|
needToCreateOrgMembership: boolean | null;
|
|
} = {
|
|
...mockUser,
|
|
id: 3,
|
|
email: "user@example.com",
|
|
username: "user",
|
|
teams: [
|
|
// User has OWNER in unrelated team, but NOT in parent org
|
|
{ teamId: unrelatedTeamId, userId: 3, accepted: true, role: MembershipRole.OWNER },
|
|
],
|
|
newRole: MembershipRole.MEMBER,
|
|
needToCreateOrgMembership: true,
|
|
};
|
|
|
|
await createMemberships({
|
|
teamId,
|
|
language: "en",
|
|
invitees: [user],
|
|
parentId: parentOrgId,
|
|
accepted: false,
|
|
});
|
|
|
|
const callArgs = mockCreateMany.mock.calls[0][0];
|
|
const createdMemberships = callArgs.data;
|
|
|
|
const teamMembership = createdMemberships.find((m: any) => m.teamId === teamId);
|
|
// Should use inviter's chosen role (MEMBER), not OWNER from unrelated team
|
|
expect(teamMembership.role).toBe(MembershipRole.MEMBER);
|
|
});
|
|
|
|
it("should use inviter's role when inviting to team without parent organization", async () => {
|
|
const teamId = 100;
|
|
|
|
const user: UserWithMembership & {
|
|
newRole: MembershipRole;
|
|
needToCreateOrgMembership: boolean | null;
|
|
} = {
|
|
...mockUser,
|
|
id: 4,
|
|
email: "user2@example.com",
|
|
username: "user2",
|
|
teams: [
|
|
// User has OWNER in unrelated team
|
|
{ teamId: 999, userId: 4, accepted: true, role: MembershipRole.OWNER },
|
|
],
|
|
newRole: MembershipRole.MEMBER,
|
|
needToCreateOrgMembership: null,
|
|
};
|
|
|
|
await createMemberships({
|
|
teamId,
|
|
language: "en",
|
|
invitees: [user],
|
|
parentId: null, // No parent org
|
|
accepted: false,
|
|
});
|
|
|
|
const callArgs = mockCreateMany.mock.calls[0][0];
|
|
const createdMemberships = callArgs.data;
|
|
|
|
expect(createdMemberships).toHaveLength(1);
|
|
// Should use inviter's chosen role when no parentId
|
|
expect(createdMemberships[0].role).toBe(MembershipRole.MEMBER);
|
|
});
|
|
});
|
|
});
|
|
function getSampleProfile({ organizationId }: { organizationId?: number } = {}): {
|
|
id: number;
|
|
uid: string;
|
|
userId: number;
|
|
organizationId: number;
|
|
username: string;
|
|
createdAt: Date;
|
|
updatedAt: Date;
|
|
movedFromUserId: number | null;
|
|
} {
|
|
return {
|
|
id: 1,
|
|
uid: "1",
|
|
userId: 1,
|
|
organizationId: organizationId ?? 1,
|
|
username: "",
|
|
createdAt: new Date(),
|
|
updatedAt: new Date(),
|
|
movedFromUserId: null,
|
|
};
|
|
}
|