immich-app/immich
1
0
Fork 0
mirror of https://github.com/immich-app/immich.git synced 2025-12-24 09:14:58 +03:00
Code Issues Packages Projects Releases 18 Wiki Activity

test(server): auth e2e (#3492)

Browse Source 
* test(server): auth controller e2e test

* test(server): user e2e test

* refactor(server): album e2e

* fix: linting
This commit is contained in:
Jason Rasmussen
2023-08-01 11:49:50 -04:00
committed by GitHub
parent 9e085c1071
commit e53625b067
19 changed files with 927 additions and 496 deletions
Download Patch File Download Diff File Expand all files Collapse all files

205
server/test/e2e/album.e2e-spec.ts Normal file
View File

@@ -0,0 +1,205 @@
import { LoginResponseDto } from '@app/domain';
import { AlbumController, AppModule } from '@app/immich';
import { SharedLinkType } from '@app/infra/entities';
import { INestApplication } from '@nestjs/common';
import { Test, TestingModule } from '@nestjs/testing';
import request from 'supertest';
import { errorStub } from '../fixtures';
import { api, db } from '../test-utils';
const user1SharedUser = 'user1SharedUser';
const user1SharedLink = 'user1SharedLink';
const user1NotShared = 'user1NotShared';
const user2SharedUser = 'user2SharedUser';
const user2SharedLink = 'user2SharedLink';
const user2NotShared = 'user2NotShared';
describe(`${AlbumController.name} (e2e)`, () => {
let app: INestApplication;
let server: any;
let user1: LoginResponseDto;
let user2: LoginResponseDto;
beforeAll(async () => {
const moduleFixture: TestingModule = await Test.createTestingModule({
imports: [AppModule],
}).compile();
app = await moduleFixture.createNestApplication().init();
server = app.getHttpServer();
});
beforeEach(async () => {
await db.reset();
await api.adminSignUp(server);
const admin = await api.adminLogin(server);
await api.userApi.create(server, admin.accessToken, {
email: 'user1@immich.app',
password: 'Password123',
firstName: 'User 1',
lastName: 'Test',
});
user1 = await api.login(server, { email: 'user1@immich.app', password: 'Password123' });
await api.userApi.create(server, admin.accessToken, {
email: 'user2@immich.app',
password: 'Password123',
firstName: 'User 2',
lastName: 'Test',
});
user2 = await api.login(server, { email: 'user2@immich.app', password: 'Password123' });
const user1Albums = await Promise.all([
api.albumApi.create(server, user1.accessToken, {
albumName: user1SharedUser,
sharedWithUserIds: [user2.userId],
}),
api.albumApi.create(server, user1.accessToken, { albumName: user1SharedLink }),
api.albumApi.create(server, user1.accessToken, { albumName: user1NotShared }),
]);
// add shared link to user1SharedLink album
await api.sharedLinkApi.create(server, user1.accessToken, {
type: SharedLinkType.ALBUM,
albumId: user1Albums[1].id,
});
const user2Albums = await Promise.all([
api.albumApi.create(server, user2.accessToken, {
albumName: user2SharedUser,
sharedWithUserIds: [user1.userId],
}),
api.albumApi.create(server, user2.accessToken, { albumName: user2SharedLink }),
api.albumApi.create(server, user2.accessToken, { albumName: user2NotShared }),
]);
// add shared link to user2SharedLink album
await api.sharedLinkApi.create(server, user2.accessToken, {
type: SharedLinkType.ALBUM,
albumId: user2Albums[1].id,
});
});
afterAll(async () => {
await db.disconnect();
await app.close();
});
describe('GET /album', () => {
it('should require authentication', async () => {
const { status, body } = await request(server).get('/album');
expect(status).toBe(401);
expect(body).toEqual(errorStub.unauthorized);
});
it('should reject an invalid shared param', async () => {
const { status, body } = await request(server)
.get('/album?shared=invalid')
.set('Authorization', `Bearer ${user1.accessToken}`);
expect(status).toEqual(400);
expect(body).toEqual(errorStub.badRequest);
});
it('should reject an invalid assetId param', async () => {
const { status, body } = await request(server)
.get('/album?assetId=invalid')
.set('Authorization', `Bearer ${user1.accessToken}`);
expect(status).toEqual(400);
expect(body).toEqual(errorStub.badRequest);
});
it('should return the album collection including owned and shared', async () => {
const { status, body } = await request(server).get('/album').set('Authorization', `Bearer ${user1.accessToken}`);
expect(status).toEqual(200);
expect(body).toHaveLength(3);
expect(body).toEqual(
expect.arrayContaining([
expect.objectContaining({ ownerId: user1.userId, albumName: user1SharedUser, shared: true }),
expect.objectContaining({ ownerId: user1.userId, albumName: user1SharedLink, shared: true }),
expect.objectContaining({ ownerId: user1.userId, albumName: user1NotShared, shared: false }),
]),
);
});
it('should return the album collection filtered by shared', async () => {
const { status, body } = await request(server)
.get('/album?shared=true')
.set('Authorization', `Bearer ${user1.accessToken}`);
expect(status).toEqual(200);
expect(body).toHaveLength(3);
expect(body).toEqual(
expect.arrayContaining([
expect.objectContaining({ ownerId: user1.userId, albumName: user1SharedUser, shared: true }),
expect.objectContaining({ ownerId: user1.userId, albumName: user1SharedLink, shared: true }),
expect.objectContaining({ ownerId: user2.userId, albumName: user2SharedUser, shared: true }),
]),
);
});
it('should return the album collection filtered by NOT shared', async () => {
const { status, body } = await request(server)
.get('/album?shared=false')
.set('Authorization', `Bearer ${user1.accessToken}`);
expect(status).toEqual(200);
expect(body).toHaveLength(1);
expect(body).toEqual(
expect.arrayContaining([
expect.objectContaining({ ownerId: user1.userId, albumName: user1NotShared, shared: false }),
]),
);
});
// TODO: Add asset to album and test if it returns correctly.
it('should return the album collection filtered by assetId', async () => {
const { status, body } = await request(server)
.get('/album?assetId=ecb120db-45a2-4a65-9293-51476f0d8790')
.set('Authorization', `Bearer ${user1.accessToken}`);
expect(status).toEqual(200);
expect(body).toHaveLength(0);
});
// TODO: Add asset to album and test if it returns correctly.
it('should return the album collection filtered by assetId and ignores shared=true', async () => {
const { status, body } = await request(server)
.get('/album?shared=true&assetId=ecb120db-45a2-4a65-9293-51476f0d8790')
.set('Authorization', `Bearer ${user1.accessToken}`);
expect(status).toEqual(200);
expect(body).toHaveLength(0);
});
// TODO: Add asset to album and test if it returns correctly.
it('should return the album collection filtered by assetId and ignores shared=false', async () => {
const { status, body } = await request(server)
.get('/album?shared=false&assetId=ecb120db-45a2-4a65-9293-51476f0d8790')
.set('Authorization', `Bearer ${user1.accessToken}`);
expect(status).toEqual(200);
expect(body).toHaveLength(0);
});
});
describe('POST /album', () => {
it('should require authentication', async () => {
const { status, body } = await request(server).post('/album').send({ albumName: 'New album' });
expect(status).toBe(401);
expect(body).toEqual(errorStub.unauthorized);
});
it('should create an album', async () => {
const body = await api.albumApi.create(server, user1.accessToken, { albumName: 'New album' });
expect(body).toEqual({
id: expect.any(String),
createdAt: expect.any(String),
updatedAt: expect.any(String),
ownerId: user1.userId,
albumName: 'New album',
albumThumbnailAssetId: null,
shared: false,
sharedUsers: [],
assets: [],
assetCount: 0,
owner: expect.objectContaining({ email: user1.userEmail }),
});
});
});
});

226
server/test/e2e/auth.e2e-spec.ts Normal file
View File

@@ -0,0 +1,226 @@
import { AppModule, AuthController } from '@app/immich';
import { INestApplication } from '@nestjs/common';
import { Test, TestingModule } from '@nestjs/testing';
import request from 'supertest';
import { deviceStub, errorStub, loginResponseStub, signupResponseStub, signupStub, uuidStub } from '../fixtures';
import { api, db } from '../test-utils';
const firstName = 'Immich';
const lastName = 'Admin';
const password = 'Password123';
const email = 'admin@immich.app';
describe(`${AuthController.name} (e2e)`, () => {
let app: INestApplication;
let server: any;
let accessToken: string;
beforeAll(async () => {
const moduleFixture: TestingModule = await Test.createTestingModule({
imports: [AppModule],
}).compile();
app = await moduleFixture.createNestApplication().init();
server = app.getHttpServer();
});
beforeEach(async () => {
await db.reset();
await api.adminSignUp(server);
const response = await api.adminLogin(server);
accessToken = response.accessToken;
});
afterAll(async () => {
await db.disconnect();
await app.close();
});
describe('POST /auth/admin-sign-up', () => {
beforeEach(async () => {
await db.reset();
});
const invalid = [
{ should: 'require an email address', data: { firstName, lastName, password } },
{ should: 'require a password', data: { firstName, lastName, email } },
{ should: 'require a first name ', data: { lastName, email, password } },
{ should: 'require a last name ', data: { firstName, email, password } },
{ should: 'require a valid email', data: { firstName, lastName, email: 'immich', password } },
];
for (const { should, data } of invalid) {
it(`should ${should}`, async () => {
const { status, body } = await request(server).post('/auth/admin-sign-up').send(data);
expect(status).toEqual(400);
expect(body).toEqual(errorStub.badRequest);
});
}
it(`should sign up the admin`, async () => {
await api.adminSignUp(server);
});
it('should sign up the admin with a local domain', async () => {
const { status, body } = await request(server)
.post('/auth/admin-sign-up')
.send({ ...signupStub, email: 'admin@local' });
expect(status).toEqual(201);
expect(body).toEqual({ ...signupResponseStub, email: 'admin@local' });
});
it('should transform email to lower case', async () => {
const { status, body } = await request(server)
.post('/auth/admin-sign-up')
.send({ ...signupStub, email: 'aDmIn@IMMICH.app' });
expect(status).toEqual(201);
expect(body).toEqual(signupResponseStub);
});
it('should not allow a second admin to sign up', async () => {
await api.adminSignUp(server);
const { status, body } = await request(server).post('/auth/admin-sign-up').send(signupStub);
expect(status).toBe(400);
expect(body).toEqual(errorStub.alreadyHasAdmin);
});
});
describe(`POST /auth/login`, () => {
it('should reject an incorrect password', async () => {
const { status, body } = await request(server).post('/auth/login').send({ email, password: 'incorrect' });
expect(body).toEqual(errorStub.incorrectLogin);
expect(status).toBe(401);
});
it('should accept a correct password', async () => {
const { status, body, headers } = await request(server).post('/auth/login').send({ email, password });
expect(status).toBe(201);
expect(body).toEqual(loginResponseStub.admin.response);
const token = body.accessToken;
expect(token).toBeDefined();
const cookies = headers['set-cookie'];
expect(cookies).toHaveLength(2);
expect(cookies[0]).toEqual(`immich_access_token=${token}; HttpOnly; Path=/; Max-Age=34560000; SameSite=Lax;`);
expect(cookies[1]).toEqual('immich_auth_type=password; HttpOnly; Path=/; Max-Age=34560000; SameSite=Lax;');
});
});
describe('GET /auth/devices', () => {
it('should require authentication', async () => {
const { status, body } = await request(server).get('/auth/devices');
expect(status).toBe(401);
expect(body).toEqual(errorStub.unauthorized);
});
it('should get a list of authorized devices', async () => {
const { status, body } = await request(server).get('/auth/devices').set('Authorization', `Bearer ${accessToken}`);
expect(status).toBe(200);
expect(body).toEqual([deviceStub.current]);
});
});
describe('DELETE /auth/devices/:id', () => {
it('should require authentication', async () => {
const { status, body } = await request(server).delete(`/auth/devices`);
expect(status).toBe(401);
expect(body).toEqual(errorStub.unauthorized);
});
it('should logout all devices (except the current one)', async () => {
for (let i = 0; i < 5; i++) {
await api.adminLogin(server);
}
await expect(api.getAuthDevices(server, accessToken)).resolves.toHaveLength(6);
const { status } = await request(server).delete(`/auth/devices`).set('Authorization', `Bearer ${accessToken}`);
expect(status).toBe(204);
await api.validateToken(server, accessToken);
});
});
describe('DELETE /auth/devices/:id', () => {
it('should require authentication', async () => {
const { status, body } = await request(server).delete(`/auth/devices/${uuidStub.notFound}`);
expect(status).toBe(401);
expect(body).toEqual(errorStub.unauthorized);
});
it('should logout a device', async () => {
const [device] = await api.getAuthDevices(server, accessToken);
const { status } = await request(server)
.delete(`/auth/devices/${device.id}`)
.set('Authorization', `Bearer ${accessToken}`);
expect(status).toBe(204);
const response = await request(server).post('/auth/validateToken').set('Authorization', `Bearer ${accessToken}`);
expect(response.body).toEqual(errorStub.invalidToken);
expect(response.status).toBe(401);
});
});
describe('POST /auth/validateToken', () => {
it('should reject an invalid token', async () => {
const { status, body } = await request(server).post(`/auth/validateToken`).set('Authorization', 'Bearer 123');
expect(status).toBe(401);
expect(body).toEqual(errorStub.invalidToken);
});
it('should accept a valid token', async () => {
const { status, body } = await request(server)
.post(`/auth/validateToken`)
.send({})
.set('Authorization', `Bearer ${accessToken}`);
expect(status).toBe(200);
expect(body).toEqual({ authStatus: true });
});
});
describe('POST /auth/change-password', () => {
it('should require authentication', async () => {
const { status, body } = await request(server)
.post(`/auth/change-password`)
.send({ password: 'Password123', newPassword: 'Password1234' });
expect(status).toBe(401);
expect(body).toEqual(errorStub.unauthorized);
});
it('should require the current password', async () => {
const { status, body } = await request(server)
.post(`/auth/change-password`)
.send({ password: 'wrong-password', newPassword: 'Password1234' })
.set('Authorization', `Bearer ${accessToken}`);
expect(status).toBe(400);
expect(body).toEqual(errorStub.wrongPassword);
});
it('should change the password', async () => {
const { status } = await request(server)
.post(`/auth/change-password`)
.send({ password: 'Password123', newPassword: 'Password1234' })
.set('Authorization', `Bearer ${accessToken}`);
expect(status).toBe(200);
await api.login(server, { email: 'admin@immich.app', password: 'Password1234' });
});
});
describe('POST /auth/logout', () => {
it('should require authentication', async () => {
const { status, body } = await request(server).post(`/auth/logout`);
expect(status).toBe(401);
expect(body).toEqual(errorStub.unauthorized);
});
it('should logout the user', async () => {
const { status, body } = await request(server).post(`/auth/logout`).set('Authorization', `Bearer ${accessToken}`);
expect(status).toBe(200);
expect(body).toEqual({ successful: true, redirectUri: '/auth/login?autoLaunch=0' });
});
});
});

20
server/test/e2e/jest-e2e.json Normal file
View File

@@ -0,0 +1,20 @@
{
"moduleFileExtensions": ["js", "json", "ts"],
"modulePaths": ["<rootDir>"],
"rootDir": "../..",
"globalSetup": "<rootDir>/test/e2e/setup.ts",
"testEnvironment": "node",
"testRegex": ".e2e-spec.ts$",
"testTimeout": 15000,
"transform": {
"^.+\\.(t|j)s$": "ts-jest"
},
"collectCoverageFrom": ["<rootDir>/src/**/*.(t|j)s", "!<rootDir>/src/infra/**/*"],
"coverageDirectory": "./coverage",
"moduleNameMapper": {
"^@test(|/.*)$": "<rootDir>/test/$1",
"^@app/immich(|/.*)$": "<rootDir>/src/immich/$1",
"^@app/infra(|/.*)$": "<rootDir>/src/infra/$1",
"^@app/domain(|/.*)$": "<rootDir>/src/domain/$1"
}
}

21
server/test/e2e/setup.ts Normal file
View File

@@ -0,0 +1,21 @@
import { GenericContainer, PostgreSqlContainer } from 'testcontainers';
export default async () => {
process.env.NODE_ENV = 'development';
process.env.TYPESENSE_API_KEY = 'abc123';
const pg = await new PostgreSqlContainer('postgres')
.withExposedPorts(5432)
.withDatabase('immich')
.withUsername('postgres')
.withPassword('postgres')
.withReuse()
.start();
process.env.DB_URL = pg.getConnectionUri();
const redis = await new GenericContainer('redis').withExposedPorts(6379).withReuse().start();
process.env.REDIS_PORT = String(redis.getMappedPort(6379));
process.env.REDIS_HOSTNAME = redis.getHost();
};

238
server/test/e2e/user.e2e-spec.ts Normal file
View File

@@ -0,0 +1,238 @@
import { LoginResponseDto } from '@app/domain';
import { AppModule, UserController } from '@app/immich';
import { INestApplication } from '@nestjs/common';
import { Test, TestingModule } from '@nestjs/testing';
import request from 'supertest';
import { errorStub } from '../fixtures';
import { api, db } from '../test-utils';
describe(`${UserController.name}`, () => {
let app: INestApplication;
let server: any;
let loginResponse: LoginResponseDto;
let accessToken: string;
beforeAll(async () => {
const moduleFixture: TestingModule = await Test.createTestingModule({
imports: [AppModule],
}).compile();
app = await moduleFixture.createNestApplication().init();
server = app.getHttpServer();
});
beforeEach(async () => {
await db.reset();
await api.adminSignUp(server);
loginResponse = await api.adminLogin(server);
accessToken = loginResponse.accessToken;
});
afterAll(async () => {
await db.disconnect();
await app.close();
});
describe('GET /user', () => {
it('should require authentication', async () => {
const { status, body } = await request(server).get('/user');
expect(status).toBe(401);
expect(body).toEqual(errorStub.unauthorized);
});
it('should start with the admin', async () => {
const { status, body } = await request(server).get('/user').set('Authorization', `Bearer ${accessToken}`);
expect(status).toEqual(200);
expect(body).toHaveLength(1);
expect(body[0]).toMatchObject({ email: 'admin@immich.app' });
});
it('should hide deleted users', async () => {
const user1 = await api.userApi.create(server, accessToken, {
email: `user1@immich.app`,
password: 'Password123',
firstName: `User 1`,
lastName: 'Test',
});
await api.userApi.delete(server, accessToken, user1.id);
const { status, body } = await request(server)
.get(`/user`)
.query({ isAll: true })
.set('Authorization', `Bearer ${accessToken}`);
expect(status).toBe(200);
expect(body).toHaveLength(1);
expect(body[0]).toMatchObject({ email: 'admin@immich.app' });
});
it('should include deleted users', async () => {
const user1 = await api.userApi.create(server, accessToken, {
email: `user1@immich.app`,
password: 'Password123',
firstName: `User 1`,
lastName: 'Test',
});
await api.userApi.delete(server, accessToken, user1.id);
const { status, body } = await request(server)
.get(`/user`)
.query({ isAll: false })
.set('Authorization', `Bearer ${accessToken}`);
expect(status).toBe(200);
expect(body).toHaveLength(2);
expect(body[0]).toMatchObject({ id: user1.id, email: 'user1@immich.app', deletedAt: expect.any(String) });
expect(body[1]).toMatchObject({ id: loginResponse.userId, email: 'admin@immich.app' });
});
});
describe('GET /user/info/:id', () => {
it('should require authentication', async () => {
const { status } = await request(server).get(`/user/info/${loginResponse.userId}`);
expect(status).toEqual(401);
});
it('should get the user info', async () => {
const { status, body } = await request(server)
.get(`/user/info/${loginResponse.userId}`)
.set('Authorization', `Bearer ${accessToken}`);
expect(status).toBe(200);
expect(body).toMatchObject({ id: loginResponse.userId, email: 'admin@immich.app' });
});
});
describe('GET /user/me', () => {
it('should require authentication', async () => {
const { status, body } = await request(server).get(`/user/me`);
expect(status).toBe(401);
expect(body).toEqual(errorStub.unauthorized);
});
it('should get my info', async () => {
const { status, body } = await request(server).get(`/user/me`).set('Authorization', `Bearer ${accessToken}`);
expect(status).toBe(200);
expect(body).toMatchObject({ id: loginResponse.userId, email: 'admin@immich.app' });
});
});
describe('POST /user', () => {
it('should require authentication', async () => {
const { status, body } = await request(server)
.post(`/user`)
.send({ email: 'user1@immich.app', password: 'Password123', firstName: 'Immich', lastName: 'User' });
expect(status).toBe(401);
expect(body).toEqual(errorStub.unauthorized);
});
it('should ignore `isAdmin`', async () => {
const { status, body } = await request(server)
.post(`/user`)
.send({
isAdmin: true,
email: 'user1@immich.app',
password: 'Password123',
firstName: 'Immich',
lastName: 'User',
})
.set('Authorization', `Bearer ${accessToken}`);
expect(body).toMatchObject({
email: 'user1@immich.app',
isAdmin: false,
shouldChangePassword: true,
});
expect(status).toBe(201);
});
});
describe('PUT /user', () => {
it('should require authentication', async () => {
const { status, body } = await request(server).put(`/user`);
expect(status).toBe(401);
expect(body).toEqual(errorStub.unauthorized);
});
it('should not allow a non-admin to become an admin', async () => {
const user = await api.userApi.create(server, accessToken, {
email: 'user1@immich.app',
password: 'Password123',
firstName: 'Immich',
lastName: 'User',
});
const { status, body } = await request(server)
.put(`/user`)
.send({ isAdmin: true, id: user.id })
.set('Authorization', `Bearer ${accessToken}`);
expect(status).toBe(400);
expect(body).toEqual(errorStub.alreadyHasAdmin);
});
it('ignores updates to profileImagePath', async () => {
const user = await api.userApi.update(server, accessToken, {
id: loginResponse.userId,
profileImagePath: 'invalid.jpg',
} as any);
expect(user).toMatchObject({ id: loginResponse.userId, profileImagePath: '' });
});
it('should ignore updates to createdAt, updatedAt and deletedAt', async () => {
const before = await api.userApi.get(server, accessToken, loginResponse.userId);
const after = await api.userApi.update(server, accessToken, {
id: loginResponse.userId,
createdAt: '2023-01-01T00:00:00.000Z',
updatedAt: '2023-01-01T00:00:00.000Z',
deletedAt: '2023-01-01T00:00:00.000Z',
} as any);
expect(after).toStrictEqual(before);
});
it('should update first and last name', async () => {
const before = await api.userApi.get(server, accessToken, loginResponse.userId);
const after = await api.userApi.update(server, accessToken, {
id: before.id,
firstName: 'First Name',
lastName: 'Last Name',
});
expect(after).toMatchObject({
...before,
updatedAt: expect.anything(),
firstName: 'First Name',
lastName: 'Last Name',
});
expect(before.updatedAt).not.toEqual(after.updatedAt);
});
});
describe('GET /user/count', () => {
it('should not require authentication', async () => {
const { status, body } = await request(server).get(`/user/count`);
expect(status).toBe(200);
expect(body).toEqual({ userCount: 1 });
});
it('should start with just the admin', async () => {
const { status, body } = await request(server).get(`/user/count`).set('Authorization', `Bearer ${accessToken}`);
expect(status).toBe(200);
expect(body).toEqual({ userCount: 1 });
});
it('should return the total user count', async () => {
for (let i = 0; i < 5; i++) {
await api.userApi.create(server, accessToken, {
email: `user${i + 1}@immich.app`,
password: 'Password123',
firstName: `User ${i + 1}`,
lastName: 'Test',
});
}
const { status, body } = await request(server).get(`/user/count`).set('Authorization', `Bearer ${accessToken}`);
expect(status).toBe(200);
expect(body).toEqual({ userCount: 6 });
});
});
});