@tsed/formio 8.11.0 → 8.11.2-rc.1

package/src/services/FormioAuthService.spec.ts

@@ -1,396 +0,0 @@
-import {catchAsyncError} from "@tsed/core";
-import {BadRequest} from "@tsed/exceptions";
-import {PlatformTest} from "@tsed/platform-http/testing";
-
-import {FormioAuthService} from "./FormioAuthService.js";
-import {FormioHooksService} from "./FormioHooksService.js";
-import {FormioService} from "./FormioService.js";
-
-function createSubmissionModelFixture(): any {
-  return class {
-    static findOne = vi.fn().mockReturnThis();
-    static updateOne = vi.fn().mockResolvedValue({});
-    static lean = vi.fn().mockReturnThis();
-    static exec = vi.fn().mockReturnThis();
-    save = vi.fn().mockReturnThis();
-
-    constructor(public ctrOptions: any) {}
-
-    get form(): string {
-      return this.ctrOptions.form;
-    }
-
-    set form(form: string) {
-      this.ctrOptions.form = form;
-    }
-
-    toObject() {
-      return this.ctrOptions;
-    }
-  };
-}
-
-function createFormModelFixture(): any {
-  return class {
-    static findOne = vi.fn().mockReturnThis();
-    static lean = vi.fn().mockReturnThis();
-    static exec = vi.fn();
-  };
-}
-
-function createRoleModelFixture(): any {
-  return class {
-    static find = vi.fn().mockReturnThis();
-    static sort = vi.fn().mockReturnThis();
-    static lean = vi.fn().mockReturnThis();
-    static exec = vi.fn().mockResolvedValue({});
-  };
-}
-
-async function createServiceFixture() {
-  const formioService = {
-    audit: vi.fn(),
-    auth: {
-      tempToken: vi.fn(),
-      logout: vi.fn(),
-      currentUser: vi.fn().mockImplementation((req, res, next) => next()),
-      getToken: vi.fn().mockReturnValue("auth_token")
-    },
-    mongoose: {
-      models: {
-        submission: createSubmissionModelFixture(),
-        form: createFormModelFixture(),
-        role: createRoleModelFixture()
-      }
-    },
-    util: {
-      idToBson: vi.fn().mockImplementation((f) => f),
-      errorCodes: {
-        role: {EROLESLOAD: "EROLESLOAD"}
-      }
-    }
-  };
-
-  const formioHooksService = {
-    alter: vi.fn().mockImplementation((event: string, value: any) => value),
-    alterAsync: vi.fn().mockImplementation((event: string, value: any) => Promise.resolve(value))
-  };
-
-  const service = await PlatformTest.invoke<FormioAuthService>(FormioAuthService, [
-    {
-      token: FormioService,
-      use: formioService
-    },
-    {
-      token: FormioHooksService,
-      use: formioHooksService
-    }
-  ]);
-
-  return {service, formioService, formioHooksService};
-}
-
-describe("FormioAuthService", () => {
-  beforeEach(() => PlatformTest.create());
-  afterEach(PlatformTest.reset);
-
-  describe("createUser()", () => {
-    it("should create a user submission", async () => {
-      const {service} = await createServiceFixture();
-
-      const submission = await service.createUser({
-        form: "formId",
-        data: {
-          fullname: "fullname"
-        }
-      });
-
-      expect(submission.form).toEqual("formId");
-      expect(submission.data).toEqual({
-        fullname: "fullname"
-      });
-    });
-  });
-  describe("updateUser()", () => {
-    it("should update a user submission", async () => {
-      const {service, formioService} = await createServiceFixture();
-
-      const result = await service.updateUser({
-        _id: "id",
-        form: "formId",
-        data: {
-          fullname: "fullname"
-        }
-      });
-
-      expect(result).toEqual({
-        _id: "id",
-        form: "formId",
-        data: {
-          fullname: "fullname"
-        }
-      });
-      expect(formioService.mongoose.models.submission.updateOne).toHaveBeenCalledWith(
-        {_id: "id"},
-        {$set: {_id: "id", data: {fullname: "fullname"}, form: "formId"}}
-      );
-    });
-  });
-  describe("getRoles()", () => {
-    it("should return all formio roles", async () => {
-      const {service, formioService} = await createServiceFixture();
-
-      formioService.mongoose.models.role.exec.mockResolvedValue([{name: "administrator"}]);
-
-      const roles = await service.getRoles({} as any);
-
-      expect(roles).toEqual([{name: "administrator"}]);
-      expect(formioService.mongoose.models.role.find).toHaveBeenCalledWith({deleted: {$eq: null}});
-      expect(formioService.mongoose.models.role.sort).toHaveBeenCalledWith({title: 1});
-      expect(formioService.mongoose.models.role.lean).toHaveBeenCalledWith();
-    });
-
-    it("should throw an error", async () => {
-      const {service, formioService} = await createServiceFixture();
-
-      vi.mocked(formioService.mongoose.models.role.exec).mockRejectedValue(new Error("test"));
-
-      const error = await catchAsyncError(() => service.getRoles({} as any));
-      expect(error).toBeInstanceOf(BadRequest);
-      expect(error?.message).toEqual("EROLESLOAD");
-    });
-  });
-  describe("updateUserRole()", () => {
-    it("should update the role associated to the submission", async () => {
-      const {service, formioService, formioHooksService} = await createServiceFixture();
-      const submission = {
-        _id: "submissionId",
-        save: vi.fn()
-      };
-
-      formioService.mongoose.models.submission.exec = vi.fn().mockResolvedValue(submission);
-
-      const user = await service.updateUserRole("submissionId", "roleId", {} as any);
-
-      expect(formioHooksService.alter).toHaveBeenCalledWith("submissionQuery", {_id: "submissionId", deleted: {$eq: null}}, {});
-      expect(formioService.mongoose.models.submission.findOne).toHaveBeenCalledWith({_id: "submissionId", deleted: {$eq: null}});
-      expect(user.save).toHaveBeenCalledWith();
-      expect(user.roles).toEqual(["roleId"]);
-    });
-
-    it("should update the role associated to the submission without save", async () => {
-      const {service, formioService, formioHooksService} = await createServiceFixture();
-      const submission = {
-        _id: "submissionId"
-      };
-
-      formioService.mongoose.models.submission.exec = vi.fn().mockResolvedValue(submission);
-
-      const user = await service.updateUserRole("submissionId", "roleId", {} as any);
-
-      expect(formioHooksService.alter).toHaveBeenCalledWith("submissionQuery", {_id: "submissionId", deleted: {$eq: null}}, {});
-      expect(formioService.mongoose.models.submission.findOne).toHaveBeenCalledWith({_id: "submissionId", deleted: {$eq: null}});
-      expect(user.roles).toEqual(["roleId"]);
-    });
-    it("should throw an error when submission doesn't exists", async () => {
-      const {service, formioService} = await createServiceFixture();
-
-      formioService.mongoose.models.submission.exec = vi.fn().mockResolvedValue(null);
-
-      const error = await catchAsyncError(() => service.updateUserRole("submissionId", "roleId", {} as any));
-
-      expect(error).toBeInstanceOf(BadRequest);
-    });
-  });
-  describe("setCurrentUser()", () => {
-    it("should set current user", async () => {
-      const {service} = await createServiceFixture();
-      const ctx = PlatformTest.createRequestContext();
-      ctx.getRequest().submission = {};
-      const user = {
-        _id: "id",
-        data: {}
-      };
-
-      const token = {
-        decoded: {
-          form: {
-            _id: "id"
-          },
-          user: {
-            _id: "id"
-          }
-        },
-        token: "token"
-      };
-
-      service.setCurrentUser(user as any, token, ctx);
-
-      expect(ctx.getRequest().submission).toEqual({data: {}});
-      expect(ctx.getRequest().user).toEqual({_id: "id", data: {}});
-      expect(ctx.getRequest().token).toEqual({
-        form: {
-          _id: "id"
-        },
-        user: {
-          _id: "id"
-        }
-      });
-      expect(ctx.getResponse().token).toEqual("token");
-      expect(ctx.getRequest()["x-jwt-token"]).toEqual("token");
-    });
-  });
-  describe("generatePayloadToken()", () => {
-    it("should return the payload token", async () => {
-      const {service, formioService, formioHooksService} = await createServiceFixture();
-      const ctx = PlatformTest.createRequestContext();
-      const user = {
-        _id: "id",
-        form: "605f0d40fe971372e448bcad",
-        data: {}
-      };
-      const form = {
-        _id: "605f0d40fe971372e448bcad"
-      };
-
-      const payload = {
-        user: {
-          _id: user._id
-        },
-        form: {
-          _id: form._id
-        }
-      };
-
-      formioService.mongoose.models.form.exec.mockResolvedValue(form);
-
-      const result = await service.generatePayloadToken(user as any, ctx);
-
-      expect(result).toEqual({
-        token: {
-          decoded: payload,
-          token: "auth_token"
-        },
-        user: {
-          _id: "id",
-          data: {},
-          form: "605f0d40fe971372e448bcad"
-        }
-      });
-      expect(formioHooksService.alter).toHaveBeenCalledWith("token", payload, form, ctx.getRequest());
-      expect(formioHooksService.alter).toHaveBeenCalledWith("tokenDecode", payload, ctx.getRequest());
-      expect(formioHooksService.alterAsync).toHaveBeenCalledWith("user", user);
-      expect(formioHooksService.alterAsync).toHaveBeenCalledWith("login", user, ctx.getRequest());
-    });
-    it("should throw error when the getForm throw error", async () => {
-      const {service, formioService} = await createServiceFixture();
-      const ctx = PlatformTest.createRequestContext();
-      const user = {
-        _id: "id",
-        form: "605f0d40fe971372e448bcad",
-        data: {}
-      };
-
-      formioService.mongoose.models.form.exec.mockRejectedValue(new Error("message"));
-
-      const error = await catchAsyncError(() => service.generatePayloadToken(user as any, ctx));
-
-      expect(error?.name).toEqual("Error");
-      expect(formioService.audit).toHaveBeenCalledWith(
-        "EAUTH_USERFORM",
-        {...ctx.request.raw, userId: user._id},
-        "605f0d40fe971372e448bcad",
-        error
-      );
-    });
-    it("should throw error when the form isn't found", async () => {
-      const {service, formioService} = await createServiceFixture();
-      const ctx = PlatformTest.createRequestContext();
-      const user = {
-        _id: "id",
-        form: "605f0d40fe971372e448bcad",
-        data: {}
-      };
-
-      formioService.mongoose.models.form.exec.mockResolvedValue(null);
-
-      const error = await catchAsyncError(() => service.generatePayloadToken(user as any, ctx));
-
-      expect(error?.name).toEqual("NOT_FOUND");
-      expect(formioService.audit).toHaveBeenCalledWith(
-        "EAUTH_USERFORM",
-        {...ctx.request.raw, userId: user._id},
-        "605f0d40fe971372e448bcad",
-        {
-          message: "User form not found"
-        }
-      );
-    });
-  });
-  describe("generateSession()", () => {
-    it("should generate session", async () => {
-      const {service, formioService} = await createServiceFixture();
-      const ctx = PlatformTest.createRequestContext();
-      const user = {
-        _id: "id",
-        form: "605f0d40fe971372e448bcad",
-        data: {}
-      };
-
-      vi.spyOn(service, "setCurrentUser").mockReturnValue(undefined as any);
-      vi.spyOn(service, "generatePayloadToken").mockResolvedValue({
-        user,
-        token: {
-          token: "token"
-        }
-      } as any);
-
-      await service.generateSession(user as any, ctx);
-
-      expect(service.setCurrentUser).toHaveBeenCalledWith(
-        user,
-        {
-          token: "token"
-        },
-        ctx
-      );
-      expect(service.setCurrentUser).toHaveBeenCalledWith(
-        user,
-        {
-          token: "token"
-        },
-        ctx
-      );
-      expect(formioService.auth.currentUser).toHaveBeenCalledWith(ctx.getRequest(), ctx.getResponse(), expect.any(Function));
-    });
-    it("should throw an error when an action isn't permitted", async () => {
-      const {service} = await createServiceFixture();
-      const ctx = PlatformTest.createRequestContext();
-      const user = {
-        _id: "id",
-        form: "605f0d40fe971372e448bcad",
-        data: {}
-      };
-
-      vi.spyOn(service, "setCurrentUser").mockReturnValue(undefined as any);
-      vi.spyOn(service, "generatePayloadToken").mockRejectedValue(new Error("Not found"));
-
-      const error = await catchAsyncError(() => service.generateSession(user as any, ctx));
-      expect(error?.message).toEqual("Not found");
-    });
-  });
-  describe("tempToken()", () => {
-    it("should return tempToken", async () => {
-      const {service, formioService} = await createServiceFixture();
-
-      expect(service.tempToken).toEqual(formioService.auth.tempToken);
-    });
-  });
-  describe("logout()", () => {
-    it("should return logout", async () => {
-      const {service, formioService} = await createServiceFixture();
-
-      expect(service.logout).toEqual(formioService.auth.logout);
-    });
-  });
-});

package/src/services/FormioAuthService.ts

@@ -1,228 +0,0 @@
-import {promisify} from "node:util";
-
-import {isFunction} from "@tsed/core";
-import {Inject, Injectable} from "@tsed/di";
-import {BadRequest, NotFound, Unauthorized} from "@tsed/exceptions";
-import {PlatformContext, Req} from "@tsed/platform-http";
-
-import {FormioPayloadToken} from "../domain/FormioDecodedToken.js";
-import {FormioForm, FormioSubmission, WithID} from "../domain/FormioModels.js";
-import {FormioDatabase} from "./FormioDatabase.js";
-import {FormioHooksService} from "./FormioHooksService.js";
-import {FormioService} from "./FormioService.js";
-
-@Injectable()
-export class FormioAuthService {
-  @Inject()
-  formio: FormioService;
-
-  @Inject()
-  hooks: FormioHooksService;
-
-  @Inject()
-  db: FormioDatabase;
-
-  get currentUser() {
-    return promisify(this.formio.auth.currentUser);
-  }
-
-  get getToken() {
-    return this.formio.auth.getToken;
-  }
-
-  get tempToken() {
-    return this.formio.auth.tempToken;
-  }
-
-  get logout() {
-    return this.formio.auth.logout;
-  }
-
-  setCurrentUser<User = any>(user: WithID<FormioSubmission<User>>, token: FormioPayloadToken, ctx: PlatformContext) {
-    const request = ctx.getRequest();
-    const response = ctx.getResponse();
-
-    request.submission.data = user.data;
-    request.user = user;
-    request.token = token.decoded;
-    response.token = token.token;
-    request["x-jwt-token"] = token.token;
-
-    return this;
-  }
-
-  /**
-   * Generate the payload token for the session
-   * @param user
-   * @param ctx
-   */
-  async generatePayloadToken<User = any>(
-    user: WithID<FormioSubmission<User>>,
-    ctx: PlatformContext
-  ): Promise<{user: WithID<FormioSubmission<User>>; token: FormioPayloadToken}> {
-    const req = ctx.getRequest();
-    const audit = this.formio.audit;
-    let form: FormioForm | null;
-
-    try {
-      form = (await this.db.getForm(user.form)) as any;
-    } catch (err) {
-      audit(
-        "EAUTH_USERFORM",
-        {
-          ...req,
-          userId: user._id
-        },
-        user.form,
-        err
-      );
-      throw err;
-    }
-
-    if (!form) {
-      audit(
-        "EAUTH_USERFORM",
-        {
-          ...req,
-          userId: user._id
-        },
-        user.form,
-        {message: "User form not found"}
-      );
-
-      throw new NotFound("User form not found.");
-    }
-
-    try {
-      user = await this.hooks.alterAsync("user", user);
-    } catch (err) {
-      // istanbul ignore next
-      ctx.logger.debug(err);
-    }
-
-    await this.hooks.alterAsync("login", user, req);
-
-    // Allow anyone to hook and modify the token.
-    const token = this.hooks.alter(
-      "token",
-      {
-        user: {
-          _id: user._id
-        },
-        form: {
-          _id: form?._id
-        }
-      },
-      form,
-      req
-    );
-
-    const decoded = this.hooks.alter("tokenDecode", token, req);
-
-    return {
-      user,
-      token: {
-        token: this.getToken(token) as string,
-        decoded
-      }
-    };
-  }
-
-  /**
-   * Generate session from the given authenticated user.
-   * @param user
-   * @param ctx
-   */
-  async generateSession<User = any>(user: WithID<FormioSubmission<User>>, ctx: PlatformContext) {
-    try {
-      const {user: userSession, token} = await this.generatePayloadToken(user, ctx);
-      this.setCurrentUser(userSession, token, ctx);
-
-      await this.currentUser(ctx.getRequest(), ctx.getResponse());
-    } catch (err) {
-      ctx.logger.error({event: "Error on OAuthActions", error: err});
-      throw new Unauthorized(err.message);
-    }
-  }
-
-  /**
-   * Retrieve roles
-   * @param req
-   */
-  async getRoles(req?: Req) {
-    try {
-      const query = this.hooks.alter("roleQuery", {deleted: {$eq: null}}, req);
-      return await this.db.roleModel.find(query).sort({title: 1}).lean().exec();
-    } catch (err) {
-      throw new BadRequest(this.formio.util.errorCodes.role.EROLESLOAD);
-    }
-  }
-
-  /**
-   * Update the role of the current user submission
-   * @param _id
-   * @param role
-   * @param req
-   */
-  async updateUserRole(_id: string | any, role: string, req?: Req) {
-    const query = this.hooks.alter(
-      "submissionQuery",
-      {
-        _id: this.formio.util.idToBson(_id),
-        deleted: {$eq: null}
-      },
-      req
-    );
-
-    const user = await this.db.submissionModel.findOne(query).exec();
-
-    if (!user) {
-      throw new BadRequest("No Submission was found with the given setting `submission`.");
-    }
-
-    user.roles = [this.formio.util.idToBson(role)];
-
-    if (isFunction(user.save)) {
-      await user.save();
-    }
-
-    return user;
-  }
-
-  /**
-   * Create a user submission in formio
-   * @param user
-   */
-  async createUser<User = any>(user: Partial<FormioSubmission<User>>) {
-    const submission = new this.db.submissionModel({
-      owner: null,
-      deleted: null,
-      roles: [],
-      externalsIds: [],
-      ...user,
-      created: new Date().toISOString(),
-      modified: new Date().toISOString()
-    });
-
-    user.form && (submission.form = this.db.idToBson(user.form));
-
-    await submission.save();
-
-    return submission.toObject();
-  }
-
-  /**
-   * Update user submission in formio
-   * @param user
-   */
-  async updateUser<User = any>(user: WithID<FormioSubmission<User>>) {
-    await this.db.submissionModel.updateOne(
-      {
-        _id: user._id
-      },
-      {$set: user}
-    );
-
-    return user;
-  }
-}