@tiledesk/tiledesk-server 2.7.2 → 2.7.4

Sign up to get free protection for your applications and to get access to all the features.
Files changed (8) hide show
  1. package/CHANGELOG.md +11 -0
  2. package/middleware/has-role.js +15 -1
  3. package/package.json +2 -2
  4. package/pubmodules/trigger/rulesTrigger.js +5 -3
  5. package/routes/auth.js +69 -4
  6. package/routes/project.js +210 -5
  7. package/test/authentication.js +279 -1
  8. package/test/projectRoute.js +97 -0
package/CHANGELOG.md CHANGED
@@ -5,6 +5,17 @@
5
5
  🚀 IN PRODUCTION 🚀
6
6
  (https://www.npmjs.com/package/@tiledesk/tiledesk-server/v/2.3.77)
7
7
 
8
+ # 2.7.4
9
+ - Bug fix '\start' in rulesTrigger
10
+ - SSO fix
11
+ - Updated tybot-connector to 0.2.60
12
+ - Updated project profile call whit super admin token
13
+ - Updated user signup with super admin token
14
+
15
+ # 2.7.3
16
+ - Updated project profile call
17
+ - Updated tybot-connector to 0.2.59
18
+
8
19
  # 2.7.2
9
20
  - Improved QuoteManager with kbs and chatbots (disabled)
10
21
  - Improved QuoteManager with AI multipliers
package/middleware/has-role.js CHANGED
@@ -184,8 +184,22 @@ class RoleChecker {
184
184
  }
185
185
  } else {
186
186
 
187
+ /**
188
+ * Updated by Johnny - 29mar2024 - START
189
+ */
190
+ // console.log("req.user: ", req.user);
191
+ if (req.user.email === process.env.ADMIN_EMAIL) {
192
+ req.user.attributes = { isSuperadmin: true };
193
+ next();
194
+ } else {
195
+ res.status(403).send({success: false, msg: 'you dont belong to the project.'});
196
+ }
197
+ /**
198
+ * Updated by Johnny - 29mar2024 - END
199
+ */
200
+
187
201
  // if (req.user) equals super admin next()
188
- res.status(403).send({success: false, msg: 'you dont belong to the project.'});
202
+ //res.status(403).send({success: false, msg: 'you dont belong to the project.'});
189
203
  }
190
204
 
191
205
  });
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "@tiledesk/tiledesk-server",
3
3
  "description": "The Tiledesk server module",
4
- "version": "2.7.2",
4
+ "version": "2.7.4",
5
5
  "scripts": {
6
6
  "start": "node ./bin/www",
7
7
  "pretest": "mongodb-runner start",
@@ -48,7 +48,7 @@
48
48
  "@tiledesk/tiledesk-rasa-connector": "^1.0.10",
49
49
  "@tiledesk/tiledesk-telegram-connector": "^0.1.10",
50
50
  "@tiledesk/tiledesk-train-jobworker": "^0.0.7",
51
- "@tiledesk/tiledesk-tybot-connector": "^0.2.57",
51
+ "@tiledesk/tiledesk-tybot-connector": "^0.2.60",
52
52
  "@tiledesk/tiledesk-whatsapp-connector": "^0.1.64",
53
53
  "@tiledesk/tiledesk-whatsapp-jobworker": "^0.0.7",
54
54
  "amqplib": "^0.5.5",
package/pubmodules/trigger/rulesTrigger.js CHANGED
@@ -711,7 +711,8 @@ class RulesTrigger {
711
711
 
712
712
 
713
713
 
714
- var startText = "\\start";
714
+ var startText = "/start";
715
+ // var startText = "\\start";
715
716
  if (action.parameters && action.parameters.text) {
716
717
  startText = action.parameters.text;
717
718
  }
@@ -787,7 +788,7 @@ class RulesTrigger {
787
788
  'system',
788
789
  'Bot',
789
790
  request_id,
790
- '\\start', // / start
791
+ '/start', // TODO CHANGE TO / start
791
792
  id_project,
792
793
  null,
793
794
  {subtype:'info', updateconversation : false}
@@ -1037,7 +1038,8 @@ class RulesTrigger {
1037
1038
  if (eventAttributes.participants && eventAttributes.participants.length>0) {
1038
1039
  participants = eventAttributes.participants;
1039
1040
  if (participants[0].indexOf("bot_")>-1) {
1040
- text = "\\start"; //if participants is passed than the bot reply to the first message "welcome" so I changed "welcome" with "\start"
1041
+ // TODO CHANGE TO /start
1042
+ text = "/start"; //if participants is passed than the bot reply to the first message "welcome" so I changed "welcome" with "\start"
1041
1043
  }
1042
1044
  // status = RequestConstants.ASSIGNED;
1043
1045
  // console.log("eventAttributes.participants",eventAttributes.participants);
package/routes/auth.js CHANGED
@@ -72,14 +72,29 @@ router.post('/signup',
72
72
  } else {
73
73
  return userService.signup(req.body.email, req.body.password, req.body.firstname, req.body.lastname, false)
74
74
  .then(function (savedUser) {
75
+
76
+ winston.debug('-- >> -- >> savedUser ', savedUser.toObject());
75
77
 
78
+ let skipVerificationEmail = false;
79
+ if (req.headers.authorization) {
76
80
 
77
- winston.debug('-- >> -- >> savedUser ', savedUser.toObject());
81
+ let token = req.headers.authorization.split(" ")[1];
82
+ let decode = jwt.verify(token, configSecret)
83
+ if (decode && (decode.email === process.env.ADMIN_EMAIL)) {
84
+ skipVerificationEmail = true;
85
+ winston.verbose("skip sending verification email")
86
+ }
87
+ }
78
88
 
79
89
  if (!req.body.disableEmail){
80
- emailService.sendVerifyEmailAddress(savedUser.email, savedUser);
90
+ if (!skipVerificationEmail) {
91
+ emailService.sendVerifyEmailAddress(savedUser.email, savedUser);
92
+ }
81
93
  }
82
94
 
95
+ // if (!req.body.disableEmail){
96
+ // emailService.sendVerifyEmailAddress(savedUser.email, savedUser);
97
+ // }
83
98
 
84
99
 
85
100
  /*
@@ -280,7 +295,8 @@ router.post('/signinWithCustomToken', [
280
295
  winston.debug("id_project: " + id_project + " uuid_user " + req.user._id + " role " + role);
281
296
 
282
297
 
283
- Project_user.findOne({ id_project: id_project, uuid_user: req.user._id, role: role}).
298
+ Project_user.findOne({ id_project: id_project, uuid_user: req.user._id}).
299
+ // Project_user.findOne({ id_project: id_project, uuid_user: req.user._id, role: role}).
284
300
  exec(async (err, project_user) => {
285
301
  if (err) {
286
302
  winston.error(err);
@@ -297,7 +313,7 @@ router.post('/signinWithCustomToken', [
297
313
 
298
314
  if (role === RoleConstants.OWNER || role === RoleConstants.ADMIN || role === RoleConstants.AGENT) {
299
315
  createNewUser = true;
300
- winston.debug('role owner admin agent');
316
+ winston.debug('role owner or admin or agent');
301
317
  var newUser;
302
318
  try {
303
319
 
@@ -309,7 +325,43 @@ router.post('/signinWithCustomToken', [
309
325
  if (e.code = "E11000") {
310
326
  newUser = await User.findOne({email: req.user.email.toLowerCase(), status: 100}).exec();
311
327
  winston.debug('signup found')
328
+ // qui dovresti cercare pu sul progetto con id di newUser se c'è
329
+ var project_userUser = await Project_user.findOne({ id_project: id_project, id_user: newUser._id}).exec();
330
+ if (project_userUser) {
331
+ winston.debug('project user found')
332
+ if (project_userUser.status==="active") {
333
+ var signOptions = {
334
+ issuer: 'https://tiledesk.com',
335
+ subject: 'user',
336
+ audience: 'https://tiledesk.com',
337
+ jwtid: uuidv4()
338
+ };
339
+
340
+ var alg = process.env.GLOBAL_SECRET_ALGORITHM;
341
+ if (alg) {
342
+ signOptions.algorithm = alg;
343
+ }
344
+ winston.debug('project user found2')
345
+
346
+ //remove password //test it
347
+ let userJson = newUser.toObject();
348
+ delete userJson.password;
349
+ winston.debug('project user found3')
350
+
351
+ let returnToken = jwt.sign(userJson, configSecret, signOptions); //priv_jwt pp_jwt
352
+
353
+ winston.debug('project user found4')
354
+
355
+ if (returnToken.indexOf("JWT")<0) {
356
+ returnToken = "JWT " + returnToken;
357
+ }
358
+ winston.debug('project user found5')
312
359
 
360
+ return res.json({ success: true, token: returnToken, user: newUser });
361
+
362
+ }
363
+ }
364
+
313
365
  }
314
366
  }
315
367
 
@@ -319,6 +371,9 @@ router.post('/signinWithCustomToken', [
319
371
 
320
372
  winston.debug('userToReturn forced to newUser.', newUser)
321
373
  userToReturn=newUser;
374
+
375
+
376
+
322
377
  }
323
378
 
324
379
  var newProject_user = new Project_user({
@@ -396,6 +451,16 @@ router.post('/signinWithCustomToken', [
396
451
 
397
452
  if (project_user.status==="active") {
398
453
 
454
+ winston.debug('role.'+role)
455
+ winston.debug(' project_user.role', project_user)
456
+
457
+
458
+ if (role == project_user.role) {
459
+ winston.debug('equals role : '+role + " " + project_user.role);
460
+ } else {
461
+ winston.debug('different role : '+role + " " + project_user.role);
462
+ }
463
+
399
464
  if (req.user.role && (req.user.role === RoleConstants.OWNER || req.user.role === RoleConstants.ADMIN || req.user.role === RoleConstants.AGENT)) {
400
465
  let userFromDB = await User.findOne({email: req.user.email.toLowerCase(), status: 100}).exec();
401
466
 
package/routes/project.js CHANGED
@@ -11,6 +11,7 @@ var operatingHoursService = require("../services/operatingHoursService");
11
11
  var winston = require('../config/winston');
12
12
  var roleChecker = require('../middleware/has-role');
13
13
 
14
+
14
15
  // THE THREE FOLLOWS IMPORTS ARE USED FOR AUTHENTICATION IN THE ROUTE
15
16
  var passport = require('passport');
16
17
  require('../middleware/passport')(passport);
@@ -20,6 +21,7 @@ var cacheUtil = require('../utils/cacheUtil');
20
21
  var orgUtil = require("../utils/orgUtil");
21
22
  var cacheEnabler = require("../services/cacheEnabler");
22
23
 
24
+
23
25
  router.post('/', [passport.authenticate(['basic', 'jwt'], { session: false }), validtoken], async (req, res) => {
24
26
 
25
27
  // create(name, createdBy, settings)
@@ -71,10 +73,218 @@ router.delete('/:projectid', [passport.authenticate(['basic', 'jwt'], { session:
71
73
  });
72
74
  });
73
75
 
76
+ // router.put('/:projectid/update', function (req, res) {
77
+ // // router.put('/:projectid/profile', [passport.authenticate(['basic', 'jwt'], { session: false }), validtoken], function (req, res) {
78
+
79
+ // // Get token from header authorization
80
+ // let token = req.headers.authorization;
81
+ // token = token.split(" ")[1];
82
+
83
+ // try {
84
+ // let decoded = jwt.verify(token, configSecret)
85
+ // winston.debug("user decode: ", decoded);
86
+
87
+ // if (!process.env.ADMIN_EMAIL) {
88
+ // winston.warn("Missing admin email parameter in environment");
89
+ // return res.status(401).send({ success: false, error: "Missing admin email parameter"});
90
+ // }
91
+
92
+ // if (decoded.email !== process.env.ADMIN_EMAIL) {
93
+ // winston.warn("Profile modification: permission denied.");
94
+ // return res.status(403).send({ success: false, error: "You don't have the permission required to modify the project profile"});
95
+ // }
96
+
97
+ // /**
98
+ // * modify the project profile here
99
+ // */
100
+ // var update = {};
101
+
102
+ // if (req.body.name!=undefined) {
103
+ // update.name = req.body.name;
104
+ // }
105
+
106
+ // if (req.body.activeOperatingHours!=undefined) {
107
+ // update.activeOperatingHours = req.body.activeOperatingHours;
108
+ // }
109
+
110
+ // if (req.body.operatingHours!=undefined) {
111
+ // update.operatingHours = req.body.operatingHours;
112
+ // }
113
+
114
+ // if (req.body.settings!=undefined) {
115
+ // update.settings = req.body.settings;
116
+ // }
117
+
118
+ // if (req.body["settings.email.autoSendTranscriptToRequester"]!=undefined) {
119
+ // update["settings.email.autoSendTranscriptToRequester"] = req.body["settings.email.autoSendTranscriptToRequester"];
120
+ // }
121
+ // if (req.body["settings.email.notification.conversation.assigned"]!=undefined) {
122
+ // update["settings.email.notification.conversation.assigned"] = req.body["settings.email.notification.conversation.assigned"];
123
+ // }
124
+ // if (req.body["settings.email.notification.conversation.pooled"]!=undefined) {
125
+ // update["settings.email.notification.conversation.pooled"] = req.body["settings.email.notification.conversation.pooled"];
126
+ // }
127
+ // if (req.body["settings.email.templates.assignedRequest"]!=undefined) {
128
+ // update["settings.email.templates.assignedRequest"] = req.body["settings.email.templates.assignedRequest"];
129
+ // }
130
+ // if (req.body["settings.email.templates.assignedEmailMessage"]!=undefined) {
131
+ // update["settings.email.templates.assignedEmailMessage"] = req.body["settings.email.templates.assignedEmailMessage"];
132
+ // }
133
+ // if (req.body["settings.email.templates.pooledRequest"]!=undefined) {
134
+ // update["settings.email.templates.pooledRequest"] = req.body["settings.email.templates.pooledRequest"];
135
+ // }
136
+ // if (req.body["settings.email.templates.pooledEmailMessage"]!=undefined) {
137
+ // update["settings.email.templates.pooledEmailMessage"] = req.body["settings.email.templates.pooledEmailMessage"];
138
+ // }
139
+ // if (req.body["settings.email.templates.newMessage"]!=undefined) {
140
+ // update["settings.email.templates.newMessage"] = req.body["settings.email.templates.newMessage"];
141
+ // }
142
+ // if (req.body["settings.email.templates.newMessageFollower"]!=undefined) {
143
+ // update["settings.email.templates.newMessageFollower"] = req.body["settings.email.templates.newMessageFollower"];
144
+ // }
145
+ // if (req.body["settings.email.templates.ticket"]!=undefined) {
146
+ // update["settings.email.templates.ticket"] = req.body["settings.email.templates.ticket"];
147
+ // }
148
+ // if (req.body["settings.email.templates.sendTranscript"]!=undefined) {
149
+ // update["settings.email.templates.sendTranscript"] = req.body["settings.email.templates.sendTranscript"];
150
+ // }
151
+ // if (req.body["settings.email.templates.emailDirect"]!=undefined) {
152
+ // update["settings.email.templates.emailDirect"] = req.body["settings.email.templates.emailDirect"];
153
+ // }
154
+ // if (req.body["settings.email.from"]!=undefined) {
155
+ // update["settings.email.from"] = req.body["settings.email.from"];
156
+ // }
157
+ // if (req.body["settings.email.config.host"]!=undefined) {
158
+ // update["settings.email.config.host"] = req.body["settings.email.config.host"];
159
+ // }
160
+ // if (req.body["settings.email.config.port"]!=undefined) {
161
+ // update["settings.email.config.port"] = req.body["settings.email.config.port"];
162
+ // }
163
+ // if (req.body["settings.email.config.secure"]!=undefined) {
164
+ // update["settings.email.config.secure"] = req.body["settings.email.config.secure"];
165
+ // }
166
+ // if (req.body["settings.email.config.user"]!=undefined) {
167
+ // update["settings.email.config.user"] = req.body["settings.email.config.user"];
168
+ // }
169
+ // if (req.body["settings.email.config.pass"]!=undefined) {
170
+ // update["settings.email.config.pass"] = req.body["settings.email.config.pass"];
171
+ // }
172
+ // if (req.body["settings.chat_limit_on"]!=undefined) {
173
+ // update["settings.chat_limit_on"] = req.body["settings.chat_limit_on"];
174
+ // }
175
+ // if (req.body["settings.max_agent_assigned_chat"]!=undefined) {
176
+ // update["settings.max_agent_assigned_chat"] = req.body["settings.max_agent_assigned_chat"];
177
+ // }
178
+ // if (req.body["settings.reassignment_on"]!=undefined) {
179
+ // update["settings.reassignment_on"] = req.body["settings.reassignment_on"];
180
+ // }
181
+ // if (req.body["settings.reassignment_delay"]!=undefined) {
182
+ // update["settings.reassignment_delay"] = req.body["settings.reassignment_delay"];
183
+ // }
184
+ // if (req.body["settings.automatic_unavailable_status_on"]!=undefined) {
185
+ // update["settings.automatic_unavailable_status_on"] = req.body["settings.automatic_unavailable_status_on"];
186
+ // }
187
+ // if (req.body["settings.automatic_idle_chats"]!=undefined) {
188
+ // update["settings.automatic_idle_chats"] = req.body["settings.automatic_idle_chats"];
189
+ // }
190
+
191
+ // if (req.body.widget!=undefined) {
192
+ // update.widget = req.body.widget;
193
+ // }
194
+ // if (req.body.versions!=undefined) {
195
+ // update.versions = req.body.versions;
196
+ // }
197
+ // if (req.body.channels!=undefined) {
198
+ // update.channels = req.body.channels;
199
+ // }
200
+ // if (req.body.ipFilterEnabled!=undefined) {
201
+ // update.ipFilterEnabled = req.body.ipFilterEnabled;
202
+ // }
203
+ // if (req.body.ipFilter!=undefined) {
204
+ // update.ipFilter = req.body.ipFilter;
205
+ // }
206
+ // if (req.body.ipFilterDenyEnabled!=undefined) {
207
+ // update.ipFilterDenyEnabled = req.body.ipFilterDenyEnabled;
208
+ // }
209
+ // if (req.body.ipFilterDeny!=undefined) {
210
+ // update.ipFilterDeny = req.body.ipFilterDeny;
211
+ // }
212
+ // if (req.body.bannedUsers!=undefined) {
213
+ // update.bannedUsers = req.body.bannedUsers;
214
+ // }
215
+ // if (req.body.profile!=undefined) {
216
+ // update.profile = req.body.profile;
217
+ // }
218
+
219
+ // winston.debug('UPDATE PROJECT REQ BODY ', update);
220
+
221
+ // Project.findByIdAndUpdate(req.params.projectid, update, { new: true, upsert: true }, function (err, updatedProject) {
222
+ // if (err) {
223
+ // winston.error('Error putting project ', err);
224
+ // return res.status(500).send({ success: false, msg: 'Error updating object.' });
225
+ // }
226
+ // projectEvent.emit('project.update', updatedProject );
227
+ // res.json(updatedProject);
228
+ // });
229
+
230
+ // } catch (err) {
231
+ // winston.warn("Profile modification: permission denied.");
232
+ // res.status(403).send({ success: false, error: "You don't have the permission required to modify the project profile"});
233
+ // }
234
+
235
+ // })
236
+
74
237
  router.put('/:projectid', [passport.authenticate(['basic', 'jwt'], { session: false }), validtoken, roleChecker.hasRole('admin')], function (req, res) {
238
+
75
239
  winston.debug('UPDATE PROJECT REQ BODY ', req.body);
76
240
 
77
241
  var update = {};
242
+
243
+ if (req.body.profile) {
244
+
245
+ if (req.user &&
246
+ req.user.attributes &&
247
+ req.user.attributes.isSuperadmin === true) {
248
+
249
+ winston.debug("Superadmin can modify the project profile")
250
+ update.profile = req.body.profile;
251
+
252
+ delete req.user.attributes.isSuperadmin;
253
+ }
254
+
255
+ else {
256
+ winston.verbose("Project profile can't be modified by the current user " + req.user._id);
257
+ return res.status(403).send({ success: false, error: "You don't have the permission required to modify the project profile"});
258
+ }
259
+
260
+ // check if super admin
261
+ // let token = req.headers.authorization
262
+ // token = token.split(" ")[1];
263
+
264
+ // let decoded = jwt.verify(token, configSecret);
265
+ // winston.debug("user decoded: ", decoded);
266
+ // console.log("user decoded: ", decoded);
267
+
268
+ // if (!process.env.ADMIN_EMAIL) {
269
+ // winston.warn("Missing admin email parameter in environment");
270
+ // return res.status(401).send({ success: false, error: "Missing admin email parameter"});
271
+ // }
272
+
273
+ // if (!decoded) {
274
+ // winston.warn("Profile modification: permission denied.");
275
+ // return res.status(403).send({ success: false, error: "You don't have the permission required to modify the project profile. Can't decode user."});
276
+ // }
277
+
278
+ // if (decoded.email !== process.env.ADMIN_EMAIL) {
279
+ // winston.warn("Profile modification: permission denied.");
280
+ // return res.status(403).send({ success: false, error: "You don't have the permission required to modify the project profile"});
281
+ // }
282
+
283
+ // console.log("You can modify the project profile");
284
+
285
+ // winston.info("Illegal field profile detected. Deny project profile update.");
286
+ // return res.status(403).send({ success: false, error: "You cannot edit the project profile."});
287
+ }
78
288
 
79
289
  //like patch
80
290
  if (req.body.name!=undefined) {
@@ -232,10 +442,6 @@ router.put('/:projectid', [passport.authenticate(['basic', 'jwt'], { session: fa
232
442
  if (req.body.bannedUsers!=undefined) {
233
443
  update.bannedUsers = req.body.bannedUsers;
234
444
  }
235
-
236
- if (req.body.profile != undefined) {
237
- update.profile = req.body.profile;
238
- }
239
445
 
240
446
  // if (req.body.defaultLanguage!=undefined) {
241
447
  // update.defaultLanguage = req.body.defaultLanguage;
@@ -243,7 +449,6 @@ router.put('/:projectid', [passport.authenticate(['basic', 'jwt'], { session: fa
243
449
 
244
450
 
245
451
  winston.debug('UPDATE PROJECT REQ BODY ', update);
246
-
247
452
  // console.log("update",JSON.stringify(update));
248
453
 
249
454
  Project.findByIdAndUpdate(req.params.projectid, update, { new: true, upsert: true }, function (err, updatedProject) {
package/test/authentication.js CHANGED
@@ -1,6 +1,6 @@
1
1
  //During the test the env variable is set to test
2
2
  process.env.NODE_ENV = 'test';
3
-
3
+ process.env.ADMIN_EMAIL = "admin@tiledesk.com";
4
4
  //var User = require('../models/user');
5
5
  var projectService = require('../services/projectService');
6
6
  var requestService = require('../services/requestService');
@@ -19,11 +19,18 @@ var expect = chai.expect;
19
19
  var assert = chai.assert;
20
20
  var jwt = require('jsonwebtoken');
21
21
 
22
+ var config = require('../config/database');
23
+
24
+ var mongoose = require('mongoose');
25
+ mongoose.connect(config.databasetest);
26
+
22
27
 
23
28
  chai.use(chaiHttp);
24
29
 
25
30
  describe('Authentication', () => {
26
31
 
32
+ // mocha test/authentication.js --grep 'signinOk'
33
+
27
34
  describe('/signin', () => {
28
35
 
29
36
 
@@ -201,6 +208,33 @@ describe('/signup', () => {
201
208
 
202
209
  });
203
210
 
211
+ // it('signUpAdminNoVerificationEmail', (done) => {
212
+
213
+ // var email = "test-signup-" + Date.now() + "@email.com";
214
+ // var pwd = "pwd";
215
+
216
+ // chai.request(server)
217
+ // .post("/auth/signin")
218
+ // .send({ email: "admin@tiledesk.com", password: "adminadmin" })
219
+ // .end((err, res) => {
220
+
221
+ // // console.log("login with superadmin res.body: ", res.body)
222
+ // let superadmin_token = res.body.token;
223
+
224
+ // chai.request(server)
225
+ // .post("/auth/signup")
226
+ // .set('Authorization', superadmin_token)
227
+ // .send({ email: email, password: pwd, lastname: "lastname", firstname: "firstname", disableEmail: true })
228
+ // .end((err, res) => {
229
+
230
+ // // console.log("res.body: ", res.body);
231
+ // done();
232
+ // })
233
+ // })
234
+
235
+
236
+ // })
237
+
204
238
  // mocha test/authentication.js --grep 'signupUpperCaseEmail'
205
239
 
206
240
 
@@ -230,6 +264,7 @@ describe('/signup', () => {
230
264
 
231
265
  });
232
266
 
267
+ // mocha test/authentication.js --grep 'signupkOWrongEmail'
233
268
 
234
269
  it('signupkOWrongEmail', (done) => {
235
270
 
@@ -669,6 +704,7 @@ it('signinWithCustomTokenKONoAud', (done) => {
669
704
 
670
705
 
671
706
 
707
+ // mocha test/authentication.js --grep 'signinWithCustomTokenOkTwoSigninWithCT'
672
708
 
673
709
  it('signinWithCustomTokenOkTwoSigninWithCT', (done) => {
674
710
 
@@ -761,6 +797,248 @@ it('signinWithCustomTokenOkTwoSigninWithCT', (done) => {
761
797
 
762
798
 
763
799
 
800
+ // mocha test/authentication.js --grep 'signinWithCustomTokenRoleNew'
801
+
802
+
803
+ it('signinWithCustomTokenRoleNew', (done) => {
804
+
805
+
806
+ var email = "test-signinWithCustomTokenRole-" + Date.now() + "@email.com";
807
+ var pwd = "pwd";
808
+
809
+
810
+ var emailToCheck = "emailrole"+ Date.now() +"@email.com";
811
+
812
+
813
+ userService.signup( email ,pwd, "Test Firstname", "Test lastname").then(function(savedUser) {
814
+ // create(name, createdBy, settings)
815
+ projectService.create("test-signinWithCustomTokenRole", savedUser._id).then(function(savedProject) {
816
+
817
+ chai.request(server)
818
+ .post('/'+ savedProject._id + '/keys/generate')
819
+ .auth(email, pwd)
820
+ .send()
821
+ .end((err, res) => {
822
+ //console.log("res", res);
823
+ console.log("res.body", res.body);
824
+ res.should.have.status(200);
825
+ res.body.should.be.a('object');
826
+ expect(res.body.jwtSecret).to.not.equal(null);
827
+
828
+ // 'E11000 duplicate key error collection: tiledesk-test.users index: email_1 dup key: { email: "email@email.com" }' }
829
+ var externalUserObj = {_id: "123", firstname:"andrea", lastname:"leo", email: emailToCheck, role:"admin"};
830
+
831
+ console.log("externalUserObj", externalUserObj);
832
+
833
+
834
+ var signOptions = {
835
+ subject: 'userexternal',
836
+ audience: 'https://tiledesk.com/projects/'+savedProject._id ,
837
+ };
838
+
839
+
840
+ var jwtToken = jwt.sign(externalUserObj, res.body.jwtSecret,signOptions);
841
+
842
+ console.log("jwtToken", jwtToken);
843
+
844
+
845
+ chai.request(server)
846
+ .post('/auth/signinWithCustomToken' )
847
+ .set('Authorization', 'JWT '+jwtToken)
848
+ //.send({ id_project: savedProject._id})
849
+ .send()
850
+ .end((err, res) => {
851
+ //console.log("res", res);
852
+ console.log("res.body", res.body);
853
+ res.should.have.status(200);
854
+ res.body.should.be.a('object');
855
+ expect(res.body.success).to.equal(true);
856
+ console.log("1");
857
+
858
+ expect(res.body.user.email).to.equal(emailToCheck);
859
+ console.log("2");
860
+ expect(res.body.user.firstname).to.equal("andrea");
861
+ // expect(res.body.user._id).to.not.equal("123");
862
+ console.log("3");
863
+
864
+
865
+ expect(res.body.token).to.not.equal(undefined);
866
+ // expect(res.body.token).to.equal('JWT '+jwtToken);
867
+
868
+ console.log("4");
869
+ done();
870
+ });
871
+ });
872
+ });
873
+ });
874
+
875
+ });
876
+
877
+
878
+
879
+
880
+
881
+ // mocha test/authentication.js --grep 'signinWithCustomTokenRole'
882
+
883
+
884
+ it('signinWithCustomTokenRoleEmailAlreadyUsed', (done) => {
885
+
886
+
887
+ var email = "test-signinWithCustomTokenRoleEmailAlreadyUsed-" + Date.now() + "@email.com";
888
+ var pwd = "pwd";
889
+
890
+
891
+ var emailToCheck = "emailrole"+ Date.now() +"@email.com";
892
+
893
+ userService.signup( emailToCheck ,pwd, "andrea", "leo").then(function(savedUserToCheck) {
894
+
895
+ userService.signup( email ,pwd, "Test Firstname", "Test lastname").then(function(savedUser) {
896
+ // create(name, createdBy, settings)
897
+ projectService.create("test-signinWithCustomTokenRoleEmailAlreadyUsed", savedUser._id).then(function(savedProject) {
898
+
899
+ chai.request(server)
900
+ .post('/'+ savedProject._id + '/keys/generate')
901
+ .auth(email, pwd)
902
+ .send()
903
+ .end((err, res) => {
904
+ //console.log("res", res);
905
+ console.log("res.body", res.body);
906
+ res.should.have.status(200);
907
+ res.body.should.be.a('object');
908
+ expect(res.body.jwtSecret).to.not.equal(null);
909
+
910
+ // 'E11000 duplicate key error collection: tiledesk-test.users index: email_1 dup key: { email: "email@email.com" }' }
911
+ var externalUserObj = {_id: "123", firstname:"andrea", lastname:"leo", email: emailToCheck, role:"admin"};
912
+
913
+ console.log("externalUserObj", externalUserObj);
914
+
915
+
916
+ var signOptions = {
917
+ subject: 'userexternal',
918
+ audience: 'https://tiledesk.com/projects/'+savedProject._id ,
919
+ };
920
+
921
+
922
+ var jwtToken = jwt.sign(externalUserObj, res.body.jwtSecret,signOptions);
923
+
924
+ console.log("jwtToken", jwtToken);
925
+
926
+
927
+ chai.request(server)
928
+ .post('/auth/signinWithCustomToken' )
929
+ .set('Authorization', 'JWT '+jwtToken)
930
+ //.send({ id_project: savedProject._id})
931
+ .send()
932
+ .end((err, res) => {
933
+ //console.log("res", res);
934
+ console.log("res.body", res.body);
935
+ res.should.have.status(200);
936
+ res.body.should.be.a('object');
937
+ expect(res.body.success).to.equal(true);
938
+ // console.log("1");
939
+
940
+ expect(res.body.user.email).to.equal(emailToCheck);
941
+ // console.log("2");
942
+ expect(res.body.user.firstname).to.equal("andrea");
943
+ // expect(res.body.user._id).to.not.equal("123");
944
+ // console.log("3");
945
+
946
+
947
+ expect(res.body.token).to.not.equal(undefined);
948
+ // expect(res.body.token).to.equal('JWT '+jwtToken);
949
+
950
+ // console.log("4");
951
+ done();
952
+ });
953
+ });
954
+ });
955
+ });
956
+ });
957
+ });
958
+
959
+
960
+
961
+
962
+
963
+
964
+
965
+ // mocha test/authentication.js --grep 'signinWithCustomTokenRoleSameOwnerEmail'
966
+
967
+
968
+ it('signinWithCustomTokenRoleSameOwnerEmail', (done) => {
969
+
970
+
971
+ var email = "test-sctrolesameowner-" + Date.now() + "@email.com";
972
+ var pwd = "pwd";
973
+
974
+
975
+ var emailToCheck = email;
976
+
977
+
978
+ userService.signup( email ,pwd, "Test Firstname", "Test lastname").then(function(savedUser) {
979
+ // create(name, createdBy, settings)
980
+ projectService.create("test-signinWithCustomTokenRoleEmailAlreadyUsed", savedUser._id).then(function(savedProject) {
981
+
982
+ chai.request(server)
983
+ .post('/'+ savedProject._id + '/keys/generate')
984
+ .auth(email, pwd)
985
+ .send()
986
+ .end((err, res) => {
987
+ //console.log("res", res);
988
+ console.log("res.body", res.body);
989
+ res.should.have.status(200);
990
+ res.body.should.be.a('object');
991
+ expect(res.body.jwtSecret).to.not.equal(null);
992
+
993
+ // 'E11000 duplicate key error collection: tiledesk-test.users index: email_1 dup key: { email: "email@email.com" }' }
994
+ var externalUserObj = {_id: "123", firstname:"andrea", lastname:"leo", email: emailToCheck, role:"admin"};
995
+
996
+ console.log("externalUserObj", externalUserObj);
997
+
998
+
999
+ var signOptions = {
1000
+ subject: 'userexternal',
1001
+ audience: 'https://tiledesk.com/projects/'+savedProject._id ,
1002
+ };
1003
+
1004
+
1005
+ var jwtToken = jwt.sign(externalUserObj, res.body.jwtSecret,signOptions);
1006
+
1007
+ console.log("jwtToken", jwtToken);
1008
+
1009
+
1010
+ chai.request(server)
1011
+ .post('/auth/signinWithCustomToken' )
1012
+ .set('Authorization', 'JWT '+jwtToken)
1013
+ //.send({ id_project: savedProject._id})
1014
+ .send()
1015
+ .end((err, res) => {
1016
+ //console.log("res", res);
1017
+ console.log("res.body", res.body);
1018
+ res.should.have.status(200);
1019
+ res.body.should.be.a('object');
1020
+ expect(res.body.success).to.equal(true);
1021
+ console.log("1");
1022
+
1023
+ expect(res.body.user.email).to.equal(emailToCheck);
1024
+ console.log("2");
1025
+ expect(res.body.user.firstname).to.equal("Test Firstname");
1026
+ // expect(res.body.user._id).to.not.equal("123");
1027
+ console.log("3");
1028
+
1029
+
1030
+ expect(res.body.token).to.not.equal(undefined);
1031
+ // expect(res.body.token).to.equal('JWT '+jwtToken);
1032
+
1033
+ console.log("4");
1034
+ done();
1035
+ });
1036
+ });
1037
+ });
1038
+ });
1039
+ });
1040
+
1041
+
764
1042
 
765
1043
 
766
1044
 
package/test/projectRoute.js ADDED
@@ -0,0 +1,97 @@
1
+ //During the test the env variable is set to test
2
+ process.env.NODE_ENV = 'test';
3
+ process.env.ADMIN_EMAIL = "admin@tiledesk.com";
4
+
5
+ let log = false;
6
+ var projectService = require('../services/projectService');
7
+ var userService = require('../services/userService');
8
+
9
+ //Require the dev-dependencies
10
+ let chai = require('chai');
11
+ let chaiHttp = require('chai-http');
12
+ let server = require('../app');
13
+ let should = chai.should();
14
+ var fs = require('fs');
15
+ const path = require('path');
16
+
17
+ // chai.config.includeStack = true;
18
+
19
+ var expect = chai.expect;
20
+ var assert = chai.assert;
21
+
22
+ chai.use(chaiHttp);
23
+
24
+ describe('ProjectRoute', () => {
25
+
26
+ describe('/create', () => {
27
+
28
+ it('updateProjectProfileWithSuperAdminCredential', (done) => {
29
+
30
+ var email = "test-signup-" + Date.now() + "@email.com";
31
+ var pwd = "pwd";
32
+
33
+ userService.signup(email, pwd, "Test Firstname", "Test Lastname").then((savedUser) => {
34
+ projectService.create("test-project-create", savedUser._id).then((savedProject) => {
35
+
36
+ chai.request(server)
37
+ .post('/auth/signin')
38
+ .send({ email: "admin@tiledesk.com", password: "adminadmin" })
39
+ .end((err, res) => {
40
+
41
+ if (log) { console.log("login with superadmin res.body: ", res.body) };
42
+ res.should.have.status(200);
43
+ res.body.should.be.a('object');
44
+ expect(res.body.success).to.equal(true);
45
+ expect(res.body.token).not.equal(null);
46
+
47
+ let superadmin_token = res.body.token;
48
+
49
+ chai.request(server)
50
+ // .put('/projects/' + savedProject._id + "/update")
51
+ .put('/projects/' + savedProject._id)
52
+ .set('Authorization', superadmin_token)
53
+ .send({ profile: { name: "Custom", quotes: { kbs: 1000} } })
54
+ .end((err, res) => {
55
+
56
+ if (log) { console.log("update project profile res.body: ", res.body) };
57
+ res.should.have.status(200);
58
+ res.body.should.be.a('object');
59
+ expect(res.body.profile.name).to.equal("Custom");
60
+ // expect(res.body.profile.quotes.kbs).to.equal(1000);
61
+
62
+ done();
63
+ })
64
+ })
65
+ })
66
+ })
67
+ }).timeout(10000)
68
+
69
+ it('denyUpdateProjectProfile', (done) => {
70
+
71
+ var email = "test-signup-" + Date.now() + "@email.com";
72
+ var pwd = "pwd";
73
+
74
+ userService.signup(email, pwd, "Test Firstname", "Test Lastname").then((savedUser) => {
75
+ projectService.create("test-project-create", savedUser._id).then((savedProject) => {
76
+
77
+ chai.request(server)
78
+ .put('/projects/' + savedProject._id)
79
+ // .put('/projects/' + savedProject._id + "/update")
80
+ .auth(email, pwd)
81
+ .send({ profile: { name: "Custom", quotes: { kbs: 1000} } })
82
+ .end((err, res) => {
83
+
84
+ if (log) { console.log("update project profile res.body: ", res.body) };
85
+ res.should.have.status(403);
86
+ expect(res.body.success).to.equal(false);
87
+ expect(res.body.error).to.equal("You don't have the permission required to modify the project profile");
88
+ done();
89
+ })
90
+ })
91
+ })
92
+ }).timeout(10000)
93
+ });
94
+
95
+ });
96
+
97
+