Test invite response for valid and invalid client ids#507
Merged
spruce-bruce merged 3 commits intoNov 1, 2021
Conversation
Mistweaver
commented
Sep 30, 2021
Comment on lines
+42
to
+57
| const payload = { | ||
| client_id: client.get("client_id"), | ||
| email: "test@syn0.com", | ||
| redirect_uri: client.related("redirect_uris").at(0).get("uri"), | ||
| response_type: "something", | ||
| scope: "scope", | ||
| }; | ||
|
|
||
| const res = await server.inject({ | ||
| method: "POST", | ||
| url: "/api/invite", | ||
| credentials: { | ||
| scope: "admin", | ||
| }, | ||
| payload, | ||
| }); |
Contributor
Author
There was a problem hiding this comment.
Create user invite
Mistweaver
commented
Sep 30, 2021
Comment on lines
+60
to
+62
| const [{ token }] = await knex("SIP_email_token").where({ | ||
| user_id: user.id, | ||
| }); |
Contributor
Author
There was a problem hiding this comment.
Retrieve token from DB
Collaborator
There was a problem hiding this comment.
How much of a pain would it be to retrieve the token from the email message sent to the mocked email service?
Mistweaver
commented
Sep 30, 2021
Comment on lines
+64
to
+70
| const query = { | ||
| client_id, | ||
| redirect_uri, | ||
| response_type, | ||
| scope, | ||
| token, | ||
| }; |
Contributor
Author
There was a problem hiding this comment.
Build query to stringifly
Mistweaver
commented
Sep 30, 2021
Comment on lines
+72
to
+81
| const verificationResponse = await server.inject({ | ||
| method: "GET", | ||
| url: `/user/accept-invite?${querystring.stringify(query)}`.replace( | ||
| " ", | ||
| "%20" | ||
| ), | ||
| }); | ||
|
|
||
| expect(verificationResponse.statusCode).to.equal(200); | ||
| }); |
Contributor
Author
There was a problem hiding this comment.
Visit URL build from query, expect good things
Mistweaver
commented
Sep 30, 2021
| }); | ||
|
|
||
| const query = { | ||
| client_id: client_id + "junk", |
Contributor
Author
There was a problem hiding this comment.
Invalidate the client id
Mistweaver
commented
Sep 30, 2021
Comment on lines
+121
to
+128
| const verificationResponse = await server.inject({ | ||
| method: "GET", | ||
| url: `/user/accept-invite?${querystring.stringify(query)}`.replace( | ||
| " ", | ||
| "%20" | ||
| ), | ||
| }); | ||
| expect(verificationResponse.statusCode).to.equal(404); |
Contributor
Author
There was a problem hiding this comment.
Expect bad things
spruce-bruce
reviewed
Oct 1, 2021
Comment on lines
+60
to
+62
| const [{ token }] = await knex("SIP_email_token").where({ | ||
| user_id: user.id, | ||
| }); |
Collaborator
There was a problem hiding this comment.
How much of a pain would it be to retrieve the token from the email message sent to the mocked email service?
3 tasks
spruce-bruce
approved these changes
Nov 1, 2021
Mistweaver
added a commit
that referenced
this pull request
Jan 4, 2022
* 405 refresh token created during password grant * 405 password grant formats id token properly * 405 pass env variables in options argument * version bump from 2.7.1 to 2.8.0 * remove vision plugin Before: attempt to render a page with the theming service, if fail we use vision Now: The theming service will never fail to render a page The problem with using vision is that when you want to fall back to the templates on disk and you're not in hapi-land you have to do custom logic for that instance. Might as well build that logic into the theming service and everybody can render pages the exact same way. * get rid of unreachable case * get rid of commented out old stuff * implement a system template A system template is a set of default templates stored in the db that will override the defaults stored on disk. * change prototype so that client id is last and optional * add error template to the system * send some data to the template * add system error flag to error template * render error screen in formHandler * 417 create new /api/user endpoint to create a new user without emailing * use a preresponse hook to render errors! * oops? * update changelog for 2.8.0 * use the users id for profile picture name * forgot to update the batch size * use uuid for picture name in api endpoint * Dont do profile picture migration for users who don't have profile pictures * uh im not sure how this happened * Set max-age=0 for CacheControl on profile image S3 uploads * add more cache control params to s3 upload * bumpversion 2.9.0 * update changelog for 2.9.0 * fix migration * Pass production env variable in errors from hapi * Pass full debug object to error context * Add Handlebars singleton and conditional plugins * Update CHANGELOG * Bump version to 2.9.1 * WIP adding accept invite webhook * Trigger user.accept-invite * Bump version. Update changelog. * Make var name more accurate. Happens on reinvite too. * Add comma to README * #455 | add PUT user profile route for admin client_credentials * #455 | add Hapi Lab tests for new update user profile route * #455 | cleanup * #447 | #448 | bump version and update changelog * Add missing require * Add webhook POST tests * WIP test POST invite endpoint * Test POST invite endpoint * Return 404 if client not found for accept invite request * Create storage-adapter with common interface for s3 and azure * Get fetching keystore to work for both s3 and azure * Add untested azure upload method * Fix blob upload * Fix fetch token URL in test-client * Pass undefined to keep default arg values * Return correct filename from azure upload function * Implement delete function for azure adapter * Add azure env vars to docs * Add sendgrid email driver * Remove old azure-storage package * Update docs * Fix broken test * Replace deprecated winston-raven-sentry * Remove raven package * increase keep alive, make it configurable * Spacing fix * don't add arbitrary buffer to keep alive timeout * Updated documentation to explain keep alive setting * Spacing fix * #473 | only set the sendgrid API key when the driver type is sendgrid. Also replace mailgun code for attachments * #473 | sendgrid attachment cleanup * #477 | Adding redis password parameter * #477 | Optional Redis TLS * #477 | Fixing env var * fixing some typos * Fix redis TLS configuration Update config.js to ensure REDIS_TLS works as expected when defined. * Allow custom profile values in registration payload * Test that profile values from registration form are set * Remove unused imports * Add user.registered webhook * Document additional registration fields * Dramatically improve test performance * Restrict acceptable profile values on registration form * Fix error if object path doesn't exist * Use test db for tests * Pass code_challenge along from login to forgot password to reset password * Attempted fix for encryption * Revert "Bugfix for redis connection hanging with AWS Elasticache Redis with TransmitEncryptionEnabled " * E2e test (#500) (#501) * E2e test (#500) * Basic cypress setup * Implementing basic e2e test * Prettier * GH Action to create test client * Adding e2e test workflow * Trying this * Requires a specific ref * Skip the diff for now * Fix eslint config file * Don’t run notifications right now * Skip diff * Remove keys * Creating and using image * Missing files * 12 not 14 * Require got * Ordering * Acceptance * Needs build * Fixing input path * Try it as one job * Not running this test right now * No deps * Use local registry * Use other package * Do I need this * Another try * Fixing script name * Missing variable * Vars * Try a different host * Debug * Backwards? * Allow insecure * Try to debug * Trying curl * Syntax * Decode json with JQ * Syntax * Syntax again * Syntax * Syntax * Try to create test config * Where are the files * Separate steps * Try non-mac sed command * Run tests * Handled with shell scripting * Fixing working directory * Ignore certs * Try curl * Watching the logs * Use npx * Debug * Force fresh install * Debug * Try with fresh node modules * Caching doesn’t seem to work * .feature * Doesn’t exist yet * Frontend isn’t producing logs * Copy paste failure * No logs * Lets try notifications * Adjusting dependencies * E2e test (#500) (#501) (#506) * E2e test (#500) * Basic cypress setup * Implementing basic e2e test * Prettier * GH Action to create test client * Adding e2e test workflow * Trying this * Requires a specific ref * Skip the diff for now * Fix eslint config file * Don’t run notifications right now * Skip diff * Remove keys * Creating and using image * Missing files * 12 not 14 * Require got * Ordering * Acceptance * Needs build * Fixing input path * Try it as one job * Not running this test right now * No deps * Use local registry * Use other package * Do I need this * Another try * Fixing script name * Missing variable * Vars * Try a different host * Debug * Backwards? * Allow insecure * Try to debug * Trying curl * Syntax * Decode json with JQ * Syntax * Syntax again * Syntax * Syntax * Try to create test config * Where are the files * Separate steps * Try non-mac sed command * Run tests * Handled with shell scripting * Fixing working directory * Ignore certs * Try curl * Watching the logs * Use npx * Debug * Force fresh install * Debug * Try with fresh node modules * Caching doesn’t seem to work * .feature * Doesn’t exist yet * Frontend isn’t producing logs * Copy paste failure * No logs * Lets try notifications * Adjusting dependencies Co-authored-by: Andrew Reida <andrew@synapsestudios.com> * Add a test:watch script to package.json (#508) * 486 Test arbitrary user values valid (#509) * New test for optional profile values * Removed syn0.com domain from tests and replaced with example.com * Removed duplicate email validation from payload for user registration (#510) * Password reset tests (#515) * Add quote style to .editorconfig * Add email token factory * Add tests for GET /user/forgot-password and GET /user/reset-password * Return 403 instead of 500 on missing email token * Include formAction in reset-password template * Add tests for POST /user/forgot-password, fix status code * Add tests for POST /user/reset-password There's some more room for improvement re: adding `dom-testing-library` and parsing the HTML template responses. * Replace HTML regex w/ JSDOM + dom-testing-library (#516) Need to stick to old versions of both until Node is upgraded. * Test invite response for valid and invalid client ids (#507) * Test rinvite response for valid and invalid client ids * Move email verify test file to proper folder * Pull invite URL directly from mock email service * Use build-status v1 (#521) * Added failure cases for registration validation (#519) * Added failure cases for validation * Removed commented out test case * Missing payload test commented out * RChanged test passwords * Test for missing payload now works. Mixed-validation checks for evalue to be truthy * Testing for email drivers (#522) * Test sendgrid email driver for malformed emails * Tests for sendgrid, ses, and mailgun drivers. Email env variables now passed through api configuration file * changed test title * Email service tests (#525) * Stub for config file added. Email service integration tests added * Modified mailgun test to just test email service send * Mailgun integration test working properly * Tests for email whitelist added. Changed check-whitelist return object and removed some redundant validation (#524) * Test error logging (#527) * Sentry testkit added. Sentry env vars passed to config. Test shell created * Sentry and Rollbar tests added. Modifications to config.js, logger.js, and sentry.js to get config variables and use sentry-testkit * File rename, empty last line added to module * Task/526 Add delete user route to API (#528) * #526 | add delete user route * #526 | cleanup * #526 | add trailing commas * Pass env cookie keys to the openid-connect provider configuration (#531) * Don't log errors to console when running tests (#532) * Test/storage adapter (#533) * First tests for storage adapter with config file modifications * Mock s3 storage and applied changes to storage adapter tests * streamToString function now in it's own lib module with testing * Formatting fixes * More formatting * Test/user profile routes (#534) * GET and POST to user profile. Token helper added. * Check for redirect in GET/POST /user/profile, remove 404s * Add supertest, authenticate users for happy-path tests Co-authored-by: Bryce Egley <bryce.egley@synapsestudios.com> * Enhancement/redis ssl config (#535) * First pass at composing an SSL compatible Redis instance * Test redis TLS/SSL/password for development working * Removed dummy keys and certs * Removed ca.txt and openssl conf. No idea why the source repo kept them in there * RAdded tls folder and redis.conf to gitignore * Restore port-only ioredis TLS config * Use TLS in local Redis, don't require client auth Co-authored-by: Mistweaver <bryce.a.egley@gmail.com> Co-authored-by: Bryce Egley <bryce.egley@synapsestudios.com> * Merge/master into v2.11.0 (#536) * E2e test (#500) (#501) * E2e test (#500) * Basic cypress setup * Implementing basic e2e test * Prettier * GH Action to create test client * Adding e2e test workflow * Trying this * Requires a specific ref * Skip the diff for now * Fix eslint config file * Don’t run notifications right now * Skip diff * Remove keys * Creating and using image * Missing files * 12 not 14 * Require got * Ordering * Acceptance * Needs build * Fixing input path * Try it as one job * Not running this test right now * No deps * Use local registry * Use other package * Do I need this * Another try * Fixing script name * Missing variable * Vars * Try a different host * Debug * Backwards? * Allow insecure * Try to debug * Trying curl * Syntax * Decode json with JQ * Syntax * Syntax again * Syntax * Syntax * Try to create test config * Where are the files * Separate steps * Try non-mac sed command * Run tests * Handled with shell scripting * Fixing working directory * Ignore certs * Try curl * Watching the logs * Use npx * Debug * Force fresh install * Debug * Try with fresh node modules * Caching doesn’t seem to work * .feature * Doesn’t exist yet * Frontend isn’t producing logs * Copy paste failure * No logs * Lets try notifications * Adjusting dependencies * Use build-status v1 (#521) Co-authored-by: Andrew Reida <andrew@synapsestudios.com> Co-authored-by: chestercharles <chestercarmer@icloud.com> * Create artifact_purge.yml (#537) * Create artifact_purge.yml * Update artifact_purge.yml * Bump version to 3.0.0 * Modified build.yml for client secret extraction * Debug build.yml * Fixed yaml syntax * Debug cypress preprocessor and secrets * Downgrade cypress * Removed plugin debug Co-authored-by: Zachary Weidenbach <zweidenbach@gmail.com> Co-authored-by: Chris Shiplet <chris@nearengine.com> Co-authored-by: Aaron Bruce <aaron@synapsestudios.com> Co-authored-by: Trevor Boone <tdboone@gmail.com> Co-authored-by: Andrew Reida <andrew@synapsestudios.com> Co-authored-by: synbot <synbot@synapsestudios.com> Co-authored-by: Casey Tickes <caseyrt@gmail.com> Co-authored-by: Bob Eagan <bob@synapsestudios.com> Co-authored-by: Zachary Chavez <zach@synapsestudios.com> Co-authored-by: Adam Gerbens <adam.gerbens@gmail.com> Co-authored-by: Zachary Chavez <zpchavez@gmail.com> Co-authored-by: averhulst <enuary+github@gmail.com> Co-authored-by: James Brink <brink.james@gmail.com> Co-authored-by: Bryce Egley <bryce.egley@synapsestudios.com> Co-authored-by: chestercharles <chestercarmer@icloud.com> Co-authored-by: Mistweaver <bryce.a.egley@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Test creates a client and sends an invite for a new user. An unmodified client_id returns a 200, an invalid/modified client_id will return a 404 instead of a 500.
Tests solution in #466
Closes #285