cojson 0.16.4 → 0.16.5

package/src/tests/group.inheritance.test.ts

@@ -1,4 +1,6 @@
 import { beforeEach, describe, expect, test } from "vitest";
+import type { CoID, RawGroup } from "../exports";
+import { NewContentMessage } from "../sync";
 import {
   SyncMessagesLog,
   createThreeConnectedNodes,
@@ -96,6 +98,32 @@ describe("extend", () => {
     expect(mapOnNode2.get("test")).toEqual("Written from node2");
   });
 
+  test("inherited everyone roles should work correctly", async () => {
+    const { node1, node2 } = await createTwoConnectedNodes("server", "server");
+
+    const group = node1.node.createGroup();
+    group.addMember("everyone", "writer");
+
+    const childGroup = node1.node.createGroup();
+    childGroup.extend(group);
+
+    expect(childGroup.roleOf("everyone")).toEqual("writer");
+
+    const map = childGroup.createMap();
+    map.set("test", "Written from the admin");
+
+    await map.core.waitForSync();
+
+    const mapOnNode2 = await loadCoValueOrFail(node2.node, map.id);
+
+    // The writer role should be able to see the edits from the admin
+    expect(mapOnNode2.get("test")).toEqual("Written from the admin");
+
+    mapOnNode2.set("hello", "from node 2");
+
+    expect(mapOnNode2.get("hello")).toEqual("from node 2");
+  });
+
   test("a user should be able to extend a group when his role on the parent group is writeOnly", async () => {
     const { node1, node2 } = await createTwoConnectedNodes("server", "server");
 
@@ -315,6 +343,257 @@ describe("extend", () => {
 
     expect(childGroup.roleOf(alice.id)).toBe("writer");
   });
+
+  test("should be possible to extend a group after getting revoked from the parent group", async () => {
+    const { node1, node2, node3 } = await createThreeConnectedNodes(
+      "server",
+      "server",
+      "server",
+    );
+
+    const parentGroup = node1.node.createGroup();
+
+    const alice = await loadCoValueOrFail(node1.node, node3.accountID);
+    const bob = await loadCoValueOrFail(node1.node, node2.accountID);
+    parentGroup.addMember(alice, "writer");
+    parentGroup.addMember(bob, "reader");
+    parentGroup.removeMember(bob);
+
+    const parentGroupOnNode2 = await loadCoValueOrFail(
+      node2.node,
+      parentGroup.id,
+    );
+
+    const childGroup = node2.node.createGroup();
+    childGroup.extend(parentGroupOnNode2);
+
+    expect(childGroup.roleOf(alice.id)).toBe("writer");
+  });
+
+  test("should be possible to extend when access is everyone reader and the account is revoked from the parent group", async () => {
+    const { node1, node2, node3 } = await createThreeConnectedNodes(
+      "server",
+      "server",
+      "server",
+    );
+
+    const parentGroup = node1.node.createGroup();
+    parentGroup.addMember("everyone", "reader");
+    const alice = await loadCoValueOrFail(node1.node, node3.accountID);
+    const bob = await loadCoValueOrFail(node1.node, node2.accountID);
+    parentGroup.addMember(alice, "writer");
+    parentGroup.addMember(bob, "reader");
+    parentGroup.removeMember(bob);
+
+    const parentGroupOnNode2 = await loadCoValueOrFail(
+      node2.node,
+      parentGroup.id,
+    );
+
+    const childGroup = node2.node.createGroup();
+    childGroup.extend(parentGroupOnNode2);
+
+    expect(childGroup.roleOf(alice.id)).toBe("writer");
+  });
+
+  test("should be able to extend when the last read key is healed", async () => {
+    const clientWithAccess = setupTestNode({
+      secret:
+        "sealerSecret_zBTPp7U58Fzq9o7EvJpu4KEziepi8QVf2Xaxuy5xmmXFx/signerSecret_z62DuviZdXCjz4EZWofvr9vaLYFXDeTaC9KWhoQiQjzKk",
+      connected: true,
+    });
+    const clientWithoutAccess = setupTestNode({
+      connected: true,
+    });
+
+    const brokenGroupContent = {
+      action: "content",
+      id: "co_zW7F36Nnop9A7Er4gUzBcUXnZCK",
+      header: {
+        type: "comap",
+        ruleset: {
+          type: "group",
+          initialAdmin:
+            "sealer_z12QDazYB3ygPZtBV7sMm7iYKMRnNZ6Aaj1dfLXR7LSBm/signer_z2AskZQbc82qxo7iA3oiXoNExHLsAEXC2pHbwJzRnATWv",
+        },
+        meta: null,
+        createdAt: "2025-08-06T10:14:39.617Z",
+        uniqueness: "z3LJjnuPiPJaf5Qb9A",
+      },
+      priority: 0,
+      new: {
+        "sealer_z12QDazYB3ygPZtBV7sMm7iYKMRnNZ6Aaj1dfLXR7LSBm/signer_z2AskZQbc82qxo7iA3oiXoNExHLsAEXC2pHbwJzRnATWv_session_zYLsz2CiW9pW":
+          {
+            after: 0,
+            newTransactions: [
+              {
+                privacy: "trusting",
+                madeAt: 1754475279619,
+                changes:
+                  '[{"key":"sealer_z12QDazYB3ygPZtBV7sMm7iYKMRnNZ6Aaj1dfLXR7LSBm/signer_z2AskZQbc82qxo7iA3oiXoNExHLsAEXC2pHbwJzRnATWv","op":"set","value":"admin"}]',
+              },
+              {
+                privacy: "trusting",
+                madeAt: 1754475279621,
+                changes:
+                  '[{"key":"key_z5CVahfMkEWPj1B3zH_for_sealer_z12QDazYB3ygPZtBV7sMm7iYKMRnNZ6Aaj1dfLXR7LSBm/signer_z2AskZQbc82qxo7iA3oiXoNExHLsAEXC2pHbwJzRnATWv","op":"set","value":"sealed_UCg4UkytXF-W8PaIvaDffO3pZ3d9hdXUuNkQQEikPTAuOD9us92Pqb5Vgu7lx1Fpb0X8V5BJ2yxz6_D5WOzK3qjWBSsc7J1xDJA=="}]',
+              },
+              {
+                privacy: "trusting",
+                madeAt: 1754475279621,
+                changes:
+                  '[{"key":"readKey","op":"set","value":"key_z5CVahfMkEWPj1B3zH"}]',
+              },
+              {
+                privacy: "trusting",
+                madeAt: 1754475279622,
+                changes: '[{"key":"everyone","op":"set","value":"reader"}]',
+              },
+              {
+                privacy: "trusting",
+                madeAt: 1754475279623,
+                changes:
+                  '[{"key":"key_z5CVahfMkEWPj1B3zH_for_everyone","op":"set","value":"keySecret_z9U9gzkahQXCxDoSw7isiUnbobXwuLdcSkL9Ci6ZEEkaL"}]',
+              },
+              {
+                privacy: "trusting",
+                madeAt: 1754475279623,
+                changes:
+                  '[{"key":"key_z4Fi7hZNBx7XoVAKkP_for_sealer_z12QDazYB3ygPZtBV7sMm7iYKMRnNZ6Aaj1dfLXR7LSBm/signer_z2AskZQbc82qxo7iA3oiXoNExHLsAEXC2pHbwJzRnATWv","op":"set","value":"sealed_UuCBBfZkTnRTrGraqWWlzm9JE-VFduhsfu7WaZjpCbJYOTXpPhSNOnzGeS8qVuIsG6dORbME22lc5ltLxPjRqofQdDCNGQehCeQ=="}]',
+              },
+              {
+                privacy: "trusting",
+                madeAt: 1754475279624,
+                changes:
+                  '[{"key":"key_z5CVahfMkEWPj1B3zH_for_key_z4Fi7hZNBx7XoVAKkP","op":"set","value":"encrypted_USTrBuobwTCORwy5yHxy4sFZ7swfrafP6k5ZwcTf76f0MBu9Ie-JmsX3mNXad4mluI47gvGXzi8I_"}]',
+              },
+              {
+                privacy: "trusting",
+                madeAt: 1754475279624,
+                changes:
+                  '[{"key":"readKey","op":"set","value":"key_z4Fi7hZNBx7XoVAKkP"}]',
+              },
+            ],
+            lastSignature:
+              "signature_z3tsE7U1JaeNeUmZ4EY3Xq5uQ9jq9jDi6Rkhdt7T7b7z4NCnpMgB4bo8TwLXYVCrRdBm6PoyyPdK8fYFzHJUh5EzA",
+          },
+      },
+    } as unknown as NewContentMessage;
+
+    clientWithAccess.node.syncManager.handleNewContent(
+      brokenGroupContent,
+      "import",
+    );
+
+    // Load the CoValue to recover the key_for_everyone
+    await loadCoValueOrFail(
+      clientWithAccess.node,
+      brokenGroupContent.id as CoID<RawGroup>,
+    );
+
+    const group = await loadCoValueOrFail(
+      clientWithoutAccess.node,
+      brokenGroupContent.id as CoID<RawGroup>,
+    );
+    const childGroup = clientWithoutAccess.node.createGroup();
+    childGroup.extend(group);
+
+    expect(childGroup.getParentGroups()).toEqual([group]);
+  });
+
+  test("should be able to extend when the last read key is missing", async () => {
+    const clientWithoutAccess = setupTestNode({
+      connected: true,
+    });
+
+    const brokenGroupContent = {
+      action: "content",
+      id: "co_zW7F36Nnop9A7Er4gUzBcUXnZCK",
+      header: {
+        type: "comap",
+        ruleset: {
+          type: "group",
+          initialAdmin:
+            "sealer_z12QDazYB3ygPZtBV7sMm7iYKMRnNZ6Aaj1dfLXR7LSBm/signer_z2AskZQbc82qxo7iA3oiXoNExHLsAEXC2pHbwJzRnATWv",
+        },
+        meta: null,
+        createdAt: "2025-08-06T10:14:39.617Z",
+        uniqueness: "z3LJjnuPiPJaf5Qb9A",
+      },
+      priority: 0,
+      new: {
+        "sealer_z12QDazYB3ygPZtBV7sMm7iYKMRnNZ6Aaj1dfLXR7LSBm/signer_z2AskZQbc82qxo7iA3oiXoNExHLsAEXC2pHbwJzRnATWv_session_zYLsz2CiW9pW":
+          {
+            after: 0,
+            newTransactions: [
+              {
+                privacy: "trusting",
+                madeAt: 1754475279619,
+                changes:
+                  '[{"key":"sealer_z12QDazYB3ygPZtBV7sMm7iYKMRnNZ6Aaj1dfLXR7LSBm/signer_z2AskZQbc82qxo7iA3oiXoNExHLsAEXC2pHbwJzRnATWv","op":"set","value":"admin"}]',
+              },
+              {
+                privacy: "trusting",
+                madeAt: 1754475279621,
+                changes:
+                  '[{"key":"key_z5CVahfMkEWPj1B3zH_for_sealer_z12QDazYB3ygPZtBV7sMm7iYKMRnNZ6Aaj1dfLXR7LSBm/signer_z2AskZQbc82qxo7iA3oiXoNExHLsAEXC2pHbwJzRnATWv","op":"set","value":"sealed_UCg4UkytXF-W8PaIvaDffO3pZ3d9hdXUuNkQQEikPTAuOD9us92Pqb5Vgu7lx1Fpb0X8V5BJ2yxz6_D5WOzK3qjWBSsc7J1xDJA=="}]',
+              },
+              {
+                privacy: "trusting",
+                madeAt: 1754475279621,
+                changes:
+                  '[{"key":"readKey","op":"set","value":"key_z5CVahfMkEWPj1B3zH"}]',
+              },
+              {
+                privacy: "trusting",
+                madeAt: 1754475279622,
+                changes: '[{"key":"everyone","op":"set","value":"reader"}]',
+              },
+              {
+                privacy: "trusting",
+                madeAt: 1754475279623,
+                changes:
+                  '[{"key":"key_z5CVahfMkEWPj1B3zH_for_everyone","op":"set","value":"keySecret_z9U9gzkahQXCxDoSw7isiUnbobXwuLdcSkL9Ci6ZEEkaL"}]',
+              },
+              {
+                privacy: "trusting",
+                madeAt: 1754475279623,
+                changes:
+                  '[{"key":"key_z4Fi7hZNBx7XoVAKkP_for_sealer_z12QDazYB3ygPZtBV7sMm7iYKMRnNZ6Aaj1dfLXR7LSBm/signer_z2AskZQbc82qxo7iA3oiXoNExHLsAEXC2pHbwJzRnATWv","op":"set","value":"sealed_UuCBBfZkTnRTrGraqWWlzm9JE-VFduhsfu7WaZjpCbJYOTXpPhSNOnzGeS8qVuIsG6dORbME22lc5ltLxPjRqofQdDCNGQehCeQ=="}]',
+              },
+              {
+                privacy: "trusting",
+                madeAt: 1754475279624,
+                changes:
+                  '[{"key":"key_z5CVahfMkEWPj1B3zH_for_key_z4Fi7hZNBx7XoVAKkP","op":"set","value":"encrypted_USTrBuobwTCORwy5yHxy4sFZ7swfrafP6k5ZwcTf76f0MBu9Ie-JmsX3mNXad4mluI47gvGXzi8I_"}]',
+              },
+              {
+                privacy: "trusting",
+                madeAt: 1754475279624,
+                changes:
+                  '[{"key":"readKey","op":"set","value":"key_z4Fi7hZNBx7XoVAKkP"}]',
+              },
+            ],
+            lastSignature:
+              "signature_z3tsE7U1JaeNeUmZ4EY3Xq5uQ9jq9jDi6Rkhdt7T7b7z4NCnpMgB4bo8TwLXYVCrRdBm6PoyyPdK8fYFzHJUh5EzA",
+          },
+      },
+    } as unknown as NewContentMessage;
+
+    clientWithoutAccess.node.syncManager.handleNewContent(
+      brokenGroupContent,
+      "import",
+    );
+
+    const group = await loadCoValueOrFail(
+      clientWithoutAccess.node,
+      brokenGroupContent.id as CoID<RawGroup>,
+    );
+    const childGroup = clientWithoutAccess.node.createGroup();
+    childGroup.extend(group);
+
+    expect(childGroup.getParentGroups()).toEqual([group]);
+  });
 });
 
 describe("unextend", () => {

package/src/tests/group.removeMember.test.ts

@@ -1,12 +1,15 @@
 import { beforeEach, describe, expect, test } from "vitest";
+import { setCoValueLoadingRetryDelay } from "../config.js";
 import {
   SyncMessagesLog,
-  TEST_NODE_CONFIG,
+  blockMessageTypeOnOutgoingPeer,
   loadCoValueOrFail,
   setupTestAccount,
   setupTestNode,
 } from "./testUtils.js";
 
+setCoValueLoadingRetryDelay(10);
+
 let jazzCloud: ReturnType<typeof setupTestNode>;
 
 beforeEach(async () => {
@@ -15,6 +18,65 @@ beforeEach(async () => {
 });
 
 describe("Group.removeMember", () => {
+  test("revoking a member access should not affect everyone access", async () => {
+    const admin = await setupTestAccount({
+      connected: true,
+    });
+
+    const alice = await setupTestAccount({
+      connected: true,
+    });
+
+    const group = admin.node.createGroup();
+    group.addMember("everyone", "writer");
+
+    const aliceOnAdminNode = await loadCoValueOrFail(
+      admin.node,
+      alice.accountID,
+    );
+    group.addMember(aliceOnAdminNode, "writer");
+    group.removeMember(aliceOnAdminNode);
+
+    const groupOnAliceNode = await loadCoValueOrFail(alice.node, group.id);
+    expect(groupOnAliceNode.myRole()).toEqual("writer");
+
+    const map = groupOnAliceNode.createMap();
+
+    map.set("test", "test");
+    expect(map.get("test")).toEqual("test");
+  });
+
+  test("revoking a member access should not affect everyone access when everyone access is gained through a group extension", async () => {
+    const admin = await setupTestAccount({
+      connected: true,
+    });
+
+    const alice = await setupTestAccount({
+      connected: true,
+    });
+
+    const parentGroup = admin.node.createGroup();
+    const group = admin.node.createGroup();
+    parentGroup.addMember("everyone", "reader");
+    group.extend(parentGroup);
+
+    const aliceOnAdminNode = await loadCoValueOrFail(
+      admin.node,
+      alice.accountID,
+    );
+    group.addMember(aliceOnAdminNode, "writer");
+    group.removeMember(aliceOnAdminNode);
+
+    const map = group.createMap();
+    map.set("test", "test");
+
+    const groupOnAliceNode = await loadCoValueOrFail(alice.node, group.id);
+    expect(groupOnAliceNode.myRole()).toEqual("reader");
+
+    const mapOnAliceNode = await loadCoValueOrFail(alice.node, map.id);
+    expect(mapOnAliceNode.get("test")).toEqual("test");
+  });
+
   test("a reader member should be able to revoke themselves", async () => {
     const admin = await setupTestAccount({
       connected: true,
@@ -294,4 +356,185 @@ describe("Group.removeMember", () => {
       undefined,
     );
   });
+
+  test("removing a member should rotate the readKey on available child groups", async () => {
+    const admin = await setupTestAccount({
+      connected: true,
+    });
+
+    const alice = await setupTestAccount({
+      connected: true,
+    });
+
+    const aliceOnAdminNode = await loadCoValueOrFail(
+      admin.node,
+      alice.accountID,
+    );
+
+    const group = admin.node.createGroup();
+    const childGroup = admin.node.createGroup();
+    group.addMember(aliceOnAdminNode, "reader");
+
+    childGroup.extend(group);
+
+    group.removeMember(aliceOnAdminNode);
+
+    const map = childGroup.createMap();
+    map.set("test", "Not readable by alice");
+
+    await map.core.waitForSync();
+
+    const mapOnAliceNode = await loadCoValueOrFail(alice.node, map.id);
+    expect(mapOnAliceNode.get("test")).toBeUndefined();
+  });
+
+  test("removing a member should rotate the readKey on unloaded child groups", async () => {
+    const admin = await setupTestAccount({
+      connected: true,
+    });
+
+    const bob = await setupTestAccount({
+      connected: true,
+    });
+
+    const alice = await setupTestAccount({
+      connected: true,
+    });
+
+    const bobOnAdminNode = await loadCoValueOrFail(admin.node, bob.accountID);
+
+    const aliceOnAdminNode = await loadCoValueOrFail(
+      admin.node,
+      alice.accountID,
+    );
+
+    const group = admin.node.createGroup();
+
+    const childGroup = bob.node.createGroup();
+    group.addMember(bobOnAdminNode, "reader");
+    group.addMember(aliceOnAdminNode, "reader");
+
+    const groupOnBobNode = await loadCoValueOrFail(bob.node, group.id);
+
+    childGroup.extend(groupOnBobNode);
+
+    await childGroup.core.waitForSync();
+
+    group.removeMember(aliceOnAdminNode);
+
+    // Rotating the child group keys is async when the child group is not loaded
+    await admin.node.getCoValue(childGroup.id).waitForAvailableOrUnavailable();
+    await admin.node.syncManager.waitForAllCoValuesSync();
+
+    const map = childGroup.createMap();
+    map.set("test", "Not readable by alice");
+
+    await map.core.waitForSync();
+
+    const mapOnAliceNode = await loadCoValueOrFail(alice.node, map.id);
+    expect(mapOnAliceNode.get("test")).toBeUndefined();
+  });
+
+  test("removing a member should work even if there are partially available child groups", async () => {
+    const admin = await setupTestAccount({
+      connected: true,
+    });
+
+    const bob = await setupTestAccount();
+    const { peer } = bob.connectToSyncServer();
+
+    const alice = await setupTestAccount({
+      connected: true,
+    });
+
+    const bobOnAdminNode = await loadCoValueOrFail(admin.node, bob.accountID);
+
+    const aliceOnAdminNode = await loadCoValueOrFail(
+      admin.node,
+      alice.accountID,
+    );
+
+    const group = admin.node.createGroup();
+    const childGroup = bob.node.createGroup();
+
+    group.addMember(bobOnAdminNode, "reader");
+    group.addMember(aliceOnAdminNode, "reader");
+
+    await group.core.waitForSync();
+
+    blockMessageTypeOnOutgoingPeer(peer, "content", {
+      id: childGroup.id,
+    });
+
+    const groupOnBobNode = await loadCoValueOrFail(bob.node, group.id);
+
+    childGroup.extend(groupOnBobNode);
+
+    await groupOnBobNode.core.waitForSync();
+
+    group.removeMember(aliceOnAdminNode);
+
+    await admin.node.syncManager.waitForAllCoValuesSync();
+
+    const map = group.createMap();
+    map.set("test", "Not readable by alice");
+
+    await map.core.waitForSync();
+
+    const mapOnAliceNode = await loadCoValueOrFail(alice.node, map.id);
+    expect(mapOnAliceNode.get("test")).toBeUndefined();
+  });
+
+  test("removing a member should work even if there are unavailable child groups", async () => {
+    const admin = await setupTestAccount({
+      connected: true,
+    });
+
+    const { peerOnServer } = admin.connectToSyncServer();
+
+    const bob = await setupTestAccount({
+      connected: true,
+    });
+
+    const alice = await setupTestAccount({
+      connected: true,
+    });
+
+    const bobOnAdminNode = await loadCoValueOrFail(admin.node, bob.accountID);
+
+    const aliceOnAdminNode = await loadCoValueOrFail(
+      admin.node,
+      alice.accountID,
+    );
+
+    const group = admin.node.createGroup();
+    const childGroup = bob.node.createGroup();
+
+    blockMessageTypeOnOutgoingPeer(peerOnServer, "content", {
+      id: childGroup.id,
+    });
+
+    group.addMember(bobOnAdminNode, "reader");
+    group.addMember(aliceOnAdminNode, "reader");
+
+    await group.core.waitForSync();
+
+    const groupOnBobNode = await loadCoValueOrFail(bob.node, group.id);
+
+    childGroup.extend(groupOnBobNode);
+
+    await groupOnBobNode.core.waitForSync();
+
+    group.removeMember(aliceOnAdminNode);
+
+    await group.core.waitForSync();
+
+    const map = group.createMap();
+    map.set("test", "Not readable by alice");
+
+    await map.core.waitForSync();
+
+    const mapOnAliceNode = await loadCoValueOrFail(alice.node, map.id);
+    expect(mapOnAliceNode.get("test")).toBeUndefined();
+  });
 });

package/src/tests/group.roleOf.test.ts

@@ -33,7 +33,7 @@ describe("roleOf", () => {
     const [agent2] = randomAgentAndSessionID();
 
     group.addMember(agent2, "writer");
-    group.removeMemberInternal(agent2);
+    group.removeMember(agent2);
     expect(group.roleOfInternal(agent2.id)).toEqual(undefined);
   });
 
@@ -63,7 +63,7 @@ describe("roleOf", () => {
 
     group.addMemberInternal("everyone", "reader");
     group.addMember(agent2, "writer");
-    group.removeMemberInternal("everyone");
+    group.removeMember("everyone");
     expect(group.roleOfInternal(agent2.id)).toEqual("writer");
     expect(group.roleOfInternal("123" as RawAccountID)).toEqual(undefined);
   });