immich-app/immich
1
0
Fork 0
mirror of https://github.com/immich-app/immich.git synced 2025-12-24 01:11:32 +03:00
Code Issues Packages Projects Releases 18 Wiki Activity

test(server): auth e2e (#3492)

Browse Source 
* test(server): auth controller e2e test

* test(server): user e2e test

* refactor(server): album e2e

* fix: linting
This commit is contained in:
Jason Rasmussen
2023-08-01 11:49:50 -04:00
committed by GitHub
parent 9e085c1071
commit e53625b067
19 changed files with 927 additions and 496 deletions
Download Patch File Download Diff File Expand all files Collapse all files

225
server/e2e/album.e2e-spec.ts
View File

@@ -1,225 +0,0 @@
import {
AlbumResponseDto,
AuthService,
AuthUserDto,
CreateAlbumDto,
SharedLinkCreateDto,
SharedLinkResponseDto,
UserService,
} from '@app/domain';
import { AppModule } from '@app/immich/app.module';
import { SharedLinkType } from '@app/infra/entities';
import { INestApplication } from '@nestjs/common';
import { Test, TestingModule } from '@nestjs/testing';
import request from 'supertest';
import { DataSource } from 'typeorm';
import { authCustom, clearDb, getAuthUser } from '../test/test-utils';
async function _createAlbum(app: INestApplication, data: CreateAlbumDto) {
const res = await request(app.getHttpServer()).post('/album').send(data);
expect(res.status).toEqual(201);
return res.body as AlbumResponseDto;
}
async function _createAlbumSharedLink(app: INestApplication, data: Omit<SharedLinkCreateDto, 'type'>) {
const res = await request(app.getHttpServer())
.post('/shared-link')
.send({ ...data, type: SharedLinkType.ALBUM });
expect(res.status).toEqual(201);
return res.body as SharedLinkResponseDto;
}
describe('Album', () => {
let app: INestApplication;
let database: DataSource;
describe('without auth', () => {
beforeAll(async () => {
const moduleFixture: TestingModule = await Test.createTestingModule({ imports: [AppModule] }).compile();
app = moduleFixture.createNestApplication();
database = app.get(DataSource);
await app.init();
});
afterAll(async () => {
await clearDb(database);
await app.close();
});
it('prevents fetching albums if not auth', async () => {
const { status } = await request(app.getHttpServer()).get('/album');
expect(status).toEqual(401);
});
});
describe('with auth', () => {
let userService: UserService;
let authService: AuthService;
let authUser: AuthUserDto;
beforeAll(async () => {
const builder = Test.createTestingModule({ imports: [AppModule] });
authUser = getAuthUser();
const moduleFixture: TestingModule = await authCustom(builder, () => authUser).compile();
app = moduleFixture.createNestApplication();
userService = app.get(UserService);
authService = app.get(AuthService);
database = app.get(DataSource);
await app.init();
});
afterAll(async () => {
await app.close();
});
describe('with empty DB', () => {
it('rejects invalid shared param', async () => {
const { status } = await request(app.getHttpServer()).get('/album?shared=invalid');
expect(status).toEqual(400);
});
it('rejects invalid assetId param', async () => {
const { status } = await request(app.getHttpServer()).get('/album?assetId=invalid');
expect(status).toEqual(400);
});
// TODO - Until someone figure out how to passed in a logged in user to the request.
// it('creates an album', async () => {
// const data: CreateAlbumDto = {
// albumName: 'first albbum',
// };
// const body = await _createAlbum(app, data);
// expect(body).toEqual(
// expect.objectContaining({
// ownerId: authUser.id,
// albumName: data.albumName,
// }),
// );
// });
});
describe('with albums in DB', () => {
const userOneSharedUser = 'userOneSharedUser';
const userOneSharedLink = 'userOneSharedLink';
const userOneNotShared = 'userOneNotShared';
const userTwoSharedUser = 'userTwoSharedUser';
const userTwoSharedLink = 'userTwoSharedLink';
const userTwoNotShared = 'userTwoNotShared';
let userOne: AuthUserDto;
let userTwo: AuthUserDto;
beforeAll(async () => {
// setup users
const adminSignUpDto = await authService.adminSignUp({
email: 'one@test.com',
password: '1234',
firstName: 'one',
lastName: 'test',
});
userOne = { ...adminSignUpDto, isAdmin: true }; // TODO: find out why adminSignUp doesn't have isAdmin (maybe can just return UserResponseDto)
userTwo = await userService.createUser({
email: 'two@test.com',
password: '1234',
firstName: 'two',
lastName: 'test',
});
// add user one albums
authUser = userOne;
const userOneAlbums = await Promise.all([
_createAlbum(app, { albumName: userOneSharedUser, sharedWithUserIds: [userTwo.id] }),
_createAlbum(app, { albumName: userOneSharedLink }),
_createAlbum(app, { albumName: userOneNotShared }),
]);
// add shared link to userOneSharedLink album
await _createAlbumSharedLink(app, { albumId: userOneAlbums[1].id });
// add user two albums
authUser = userTwo;
const userTwoAlbums = await Promise.all([
_createAlbum(app, { albumName: userTwoSharedUser, sharedWithUserIds: [userOne.id] }),
_createAlbum(app, { albumName: userTwoSharedLink }),
_createAlbum(app, { albumName: userTwoNotShared }),
]);
// add shared link to userTwoSharedLink album
await _createAlbumSharedLink(app, { albumId: userTwoAlbums[1].id });
// set user one as authed for next requests
authUser = userOne;
});
afterAll(async () => {
await clearDb(database);
});
it('returns the album collection including owned and shared', async () => {
const { status, body } = await request(app.getHttpServer()).get('/album');
expect(status).toEqual(200);
expect(body).toHaveLength(3);
expect(body).toEqual(
expect.arrayContaining([
expect.objectContaining({ ownerId: userOne.id, albumName: userOneSharedUser, shared: true }),
expect.objectContaining({ ownerId: userOne.id, albumName: userOneSharedLink, shared: true }),
expect.objectContaining({ ownerId: userOne.id, albumName: userOneNotShared, shared: false }),
]),
);
});
it('returns the album collection filtered by shared', async () => {
const { status, body } = await request(app.getHttpServer()).get('/album?shared=true');
expect(status).toEqual(200);
expect(body).toHaveLength(3);
expect(body).toEqual(
expect.arrayContaining([
expect.objectContaining({ ownerId: userOne.id, albumName: userOneSharedUser, shared: true }),
expect.objectContaining({ ownerId: userOne.id, albumName: userOneSharedLink, shared: true }),
expect.objectContaining({ ownerId: userTwo.id, albumName: userTwoSharedUser, shared: true }),
]),
);
});
it('returns the album collection filtered by NOT shared', async () => {
const { status, body } = await request(app.getHttpServer()).get('/album?shared=false');
expect(status).toEqual(200);
expect(body).toHaveLength(1);
expect(body).toEqual(
expect.arrayContaining([
expect.objectContaining({ ownerId: userOne.id, albumName: userOneNotShared, shared: false }),
]),
);
});
// TODO: Add asset to album and test if it returns correctly.
it('returns the album collection filtered by assetId', async () => {
const { status, body } = await request(app.getHttpServer()).get(
'/album?assetId=ecb120db-45a2-4a65-9293-51476f0d8790',
);
expect(status).toEqual(200);
expect(body).toHaveLength(0);
});
// TODO: Add asset to album and test if it returns correctly.
it('returns the album collection filtered by assetId and ignores shared=true', async () => {
const { status, body } = await request(app.getHttpServer()).get(
'/album?shared=true&assetId=ecb120db-45a2-4a65-9293-51476f0d8790',
);
expect(status).toEqual(200);
expect(body).toHaveLength(0);
});
// TODO: Add asset to album and test if it returns correctly.
it('returns the album collection filtered by assetId and ignores shared=false', async () => {
const { status, body } = await request(app.getHttpServer()).get(
'/album?shared=false&assetId=ecb120db-45a2-4a65-9293-51476f0d8790',
);
expect(status).toEqual(200);
expect(body).toHaveLength(0);
});
});
});
});

24
server/e2e/setup.ts
View File

@@ -1,24 +0,0 @@
import { GenericContainer, PostgreSqlContainer } from 'testcontainers';
export default async () => {
process.env.NODE_ENV = 'development';
process.env.TYPESENSE_API_KEY = 'abc123';
const pg = await new PostgreSqlContainer('postgres')
.withExposedPorts(5432)
.withDatabase('immich')
.withUsername('postgres')
.withPassword('postgres')
.start();
process.env.DB_PORT = String(pg.getMappedPort(5432));
process.env.DB_HOSTNAME = pg.getHost();
process.env.DB_USERNAME = pg.getUsername();
process.env.DB_PASSWORD = pg.getPassword();
process.env.DB_DATABASE_NAME = pg.getDatabase();
const redis = await new GenericContainer('redis').withExposedPorts(6379).start();
process.env.REDIS_PORT = String(redis.getMappedPort(6379));
process.env.REDIS_HOSTNAME = redis.getHost();
};

206
server/e2e/user.e2e-spec.ts
View File

@@ -1,206 +0,0 @@
import { AuthService, AuthUserDto, CreateUserDto, UserResponseDto, UserService } from '@app/domain';
import { AppModule } from '@app/immich/app.module';
import { INestApplication } from '@nestjs/common';
import { Test, TestingModule } from '@nestjs/testing';
import request from 'supertest';
import { DataSource } from 'typeorm';
import { authCustom, clearDb } from '../test/test-utils';
function _createUser(userService: UserService, data: CreateUserDto) {
return userService.createUser(data);
}
describe('User', () => {
let app: INestApplication;
let database: DataSource;
afterAll(async () => {
await clearDb(database);
await app.close();
});
describe('without auth', () => {
beforeAll(async () => {
const moduleFixture: TestingModule = await Test.createTestingModule({ imports: [AppModule] }).compile();
app = moduleFixture.createNestApplication();
database = app.get(DataSource);
await app.init();
});
afterAll(async () => {
await app.close();
});
it('prevents fetching users if not auth', async () => {
const { status } = await request(app.getHttpServer()).get('/user');
expect(status).toEqual(401);
});
});
describe('with admin auth', () => {
let userService: UserService;
let authService: AuthService;
let authUser: AuthUserDto;
let userOne: UserResponseDto;
beforeAll(async () => {
const builder = Test.createTestingModule({ imports: [AppModule] });
const moduleFixture: TestingModule = await authCustom(builder, () => authUser).compile();
app = moduleFixture.createNestApplication();
userService = app.get(UserService);
authService = app.get(AuthService);
database = app.get(DataSource);
await app.init();
});
describe('with users in DB', () => {
const authUserEmail = 'auth-user@test.com';
const userOneEmail = 'one@test.com';
const userTwoEmail = 'two@test.com';
beforeAll(async () => {
// first user must be admin
const adminSignupResponseDto = await authService.adminSignUp({
firstName: 'auth-user',
lastName: 'test',
email: authUserEmail,
password: '1234',
});
authUser = { ...adminSignupResponseDto, isAdmin: true }; // TODO: find out why adminSignUp doesn't have isAdmin (maybe can just return UserResponseDto)
[userOne] = await Promise.all([
_createUser(userService, {
firstName: 'one',
lastName: 'test',
email: userOneEmail,
password: '1234',
}),
_createUser(userService, {
firstName: 'two',
lastName: 'test',
email: userTwoEmail,
password: '1234',
}),
]);
});
it('fetches the user collection including the auth user', async () => {
const { status, body } = await request(app.getHttpServer()).get('/user?isAll=false');
expect(status).toEqual(200);
expect(body).toHaveLength(3);
expect(body).toEqual(
expect.arrayContaining([
{
email: userOneEmail,
firstName: 'one',
lastName: 'test',
id: expect.anything(),
createdAt: expect.anything(),
isAdmin: false,
shouldChangePassword: true,
profileImagePath: '',
deletedAt: null,
updatedAt: expect.anything(),
oauthId: '',
storageLabel: null,
externalPath: null,
},
{
email: userTwoEmail,
firstName: 'two',
lastName: 'test',
id: expect.anything(),
createdAt: expect.anything(),
isAdmin: false,
shouldChangePassword: true,
profileImagePath: '',
deletedAt: null,
updatedAt: expect.anything(),
oauthId: '',
storageLabel: null,
externalPath: null,
},
{
email: authUserEmail,
firstName: 'auth-user',
lastName: 'test',
id: expect.anything(),
createdAt: expect.anything(),
isAdmin: true,
shouldChangePassword: true,
profileImagePath: '',
deletedAt: null,
updatedAt: expect.anything(),
oauthId: '',
storageLabel: 'admin',
externalPath: null,
},
]),
);
});
it('disallows admin user from creating a second admin account', async () => {
const { status } = await request(app.getHttpServer())
.put('/user')
.send({
...userOne,
isAdmin: true,
});
expect(status).toEqual(400);
});
it('ignores updates to createdAt, updatedAt and deletedAt', async () => {
const { status, body } = await request(app.getHttpServer())
.put('/user')
.send({
...userOne,
createdAt: '2023-01-01T00:00:00.000Z',
updatedAt: '2023-01-01T00:00:00.000Z',
deletedAt: '2023-01-01T00:00:00.000Z',
});
expect(status).toEqual(200);
expect(body).toStrictEqual({
...userOne,
createdAt: new Date(userOne.createdAt).toISOString(),
updatedAt: expect.anything(),
});
});
it('ignores updates to profileImagePath', async () => {
const { status, body } = await request(app.getHttpServer())
.put('/user')
.send({
...userOne,
profileImagePath: 'invalid.jpg',
});
expect(status).toEqual(200);
expect(body).toStrictEqual({
...userOne,
createdAt: new Date(userOne.createdAt).toISOString(),
updatedAt: expect.anything(),
});
});
it('allows to update first and last name', async () => {
const { status, body } = await request(app.getHttpServer())
.put('/user')
.send({
...userOne,
firstName: 'newFirstName',
lastName: 'newLastName',
});
expect(status).toEqual(200);
expect(body).toMatchObject({
...userOne,
createdAt: new Date(userOne.createdAt).toISOString(),
updatedAt: expect.anything(),
firstName: 'newFirstName',
lastName: 'newLastName',
});
});
});
});
});