2023-06-16 21:54:17 +02:00
|
|
|
import { AuthService, AuthUserDto, CreateUserDto, UserResponseDto, UserService } from '@app/domain';
|
|
|
|
|
import { AppModule } from '@app/immich/app.module';
|
2022-05-20 01:30:47 +02:00
|
|
|
import { INestApplication } from '@nestjs/common';
|
2023-06-16 21:54:17 +02:00
|
|
|
import { Test, TestingModule } from '@nestjs/testing';
|
2022-05-20 01:30:47 +02:00
|
|
|
import request from 'supertest';
|
2022-07-17 06:43:31 +02:00
|
|
|
import { DataSource } from 'typeorm';
|
2023-06-16 21:54:17 +02:00
|
|
|
import { authCustom, clearDb } from '../test/test-utils';
|
2022-05-20 01:30:47 +02:00
|
|
|
|
2023-01-15 21:08:24 +02:00
|
|
|
function _createUser(userService: UserService, data: CreateUserDto) {
|
2022-06-06 18:16:03 +02:00
|
|
|
return userService.createUser(data);
|
2022-05-20 01:30:47 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
describe('User', () => {
|
|
|
|
|
let app: INestApplication;
|
2022-07-17 06:43:31 +02:00
|
|
|
let database: DataSource;
|
2022-05-20 01:30:47 +02:00
|
|
|
|
|
|
|
|
afterAll(async () => {
|
2022-07-17 06:43:31 +02:00
|
|
|
await clearDb(database);
|
2022-05-20 01:30:47 +02:00
|
|
|
await app.close();
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
describe('without auth', () => {
|
|
|
|
|
beforeAll(async () => {
|
2023-01-31 20:11:49 +02:00
|
|
|
const moduleFixture: TestingModule = await Test.createTestingModule({ imports: [AppModule] }).compile();
|
2022-05-20 01:30:47 +02:00
|
|
|
|
|
|
|
|
app = moduleFixture.createNestApplication();
|
2022-07-17 06:43:31 +02:00
|
|
|
database = app.get(DataSource);
|
2022-05-20 01:30:47 +02:00
|
|
|
await app.init();
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
afterAll(async () => {
|
|
|
|
|
await app.close();
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('prevents fetching users if not auth', async () => {
|
|
|
|
|
const { status } = await request(app.getHttpServer()).get('/user');
|
|
|
|
|
expect(status).toEqual(401);
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
2023-04-01 18:43:45 +02:00
|
|
|
describe('with admin auth', () => {
|
2022-06-06 18:16:03 +02:00
|
|
|
let userService: UserService;
|
2023-01-15 21:08:24 +02:00
|
|
|
let authService: AuthService;
|
|
|
|
|
let authUser: AuthUserDto;
|
2023-04-01 18:43:45 +02:00
|
|
|
let userOne: UserResponseDto;
|
2022-05-20 01:30:47 +02:00
|
|
|
|
|
|
|
|
beforeAll(async () => {
|
2023-01-31 20:11:49 +02:00
|
|
|
const builder = Test.createTestingModule({ imports: [AppModule] });
|
2022-05-20 01:30:47 +02:00
|
|
|
const moduleFixture: TestingModule = await authCustom(builder, () => authUser).compile();
|
|
|
|
|
|
|
|
|
|
app = moduleFixture.createNestApplication();
|
2022-06-06 18:16:03 +02:00
|
|
|
userService = app.get(UserService);
|
2023-01-15 21:08:24 +02:00
|
|
|
authService = app.get(AuthService);
|
2022-07-17 06:43:31 +02:00
|
|
|
database = app.get(DataSource);
|
2022-05-20 01:30:47 +02:00
|
|
|
await app.init();
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
describe('with users in DB', () => {
|
|
|
|
|
const authUserEmail = 'auth-user@test.com';
|
|
|
|
|
const userOneEmail = 'one@test.com';
|
|
|
|
|
const userTwoEmail = 'two@test.com';
|
|
|
|
|
|
|
|
|
|
beforeAll(async () => {
|
2022-12-23 22:08:50 +02:00
|
|
|
// first user must be admin
|
2023-01-15 21:08:24 +02:00
|
|
|
const adminSignupResponseDto = await authService.adminSignUp({
|
2022-12-23 22:08:50 +02:00
|
|
|
firstName: 'auth-user',
|
|
|
|
|
lastName: 'test',
|
|
|
|
|
email: authUserEmail,
|
|
|
|
|
password: '1234',
|
|
|
|
|
});
|
2023-01-15 21:08:24 +02:00
|
|
|
authUser = { ...adminSignupResponseDto, isAdmin: true }; // TODO: find out why adminSignUp doesn't have isAdmin (maybe can just return UserResponseDto)
|
2023-04-01 18:43:45 +02:00
|
|
|
|
|
|
|
|
[userOne] = await Promise.all([
|
2022-06-06 18:16:03 +02:00
|
|
|
_createUser(userService, {
|
|
|
|
|
firstName: 'one',
|
|
|
|
|
lastName: 'test',
|
|
|
|
|
email: userOneEmail,
|
|
|
|
|
password: '1234',
|
|
|
|
|
}),
|
|
|
|
|
_createUser(userService, {
|
|
|
|
|
firstName: 'two',
|
|
|
|
|
lastName: 'test',
|
|
|
|
|
email: userTwoEmail,
|
|
|
|
|
password: '1234',
|
|
|
|
|
}),
|
2022-05-20 01:30:47 +02:00
|
|
|
]);
|
|
|
|
|
});
|
|
|
|
|
|
2023-05-22 05:18:10 +02:00
|
|
|
it('fetches the user collection including the auth user', async () => {
|
2022-07-11 04:41:45 +02:00
|
|
|
const { status, body } = await request(app.getHttpServer()).get('/user?isAll=false');
|
2022-05-20 01:30:47 +02:00
|
|
|
expect(status).toEqual(200);
|
2023-05-22 05:18:10 +02:00
|
|
|
expect(body).toHaveLength(3);
|
2022-05-20 01:30:47 +02:00
|
|
|
expect(body).toEqual(
|
|
|
|
|
expect.arrayContaining([
|
|
|
|
|
{
|
|
|
|
|
email: userOneEmail,
|
2022-06-06 18:16:03 +02:00
|
|
|
firstName: 'one',
|
|
|
|
|
lastName: 'test',
|
2022-05-20 01:30:47 +02:00
|
|
|
id: expect.anything(),
|
|
|
|
|
createdAt: expect.anything(),
|
2022-06-06 18:16:03 +02:00
|
|
|
isAdmin: false,
|
2022-06-27 22:13:07 +02:00
|
|
|
shouldChangePassword: true,
|
2022-06-06 18:16:03 +02:00
|
|
|
profileImagePath: '',
|
2022-11-07 23:53:47 +02:00
|
|
|
deletedAt: null,
|
2023-03-04 00:38:30 +02:00
|
|
|
updatedAt: expect.anything(),
|
2022-12-26 17:35:52 +02:00
|
|
|
oauthId: '',
|
2023-05-22 05:18:10 +02:00
|
|
|
storageLabel: null,
|
feat(server): support for read-only assets and importing existing items in the filesystem (#2715)
* Added read-only flag for assets, endpoint to trigger file import vs upload
* updated fixtures with new property
* if upload is 'read-only', ensure there is no existing asset at the designated originalPath
* added test for file import as well as detecting existing image at read-only destination location
* Added storage service test for a case where it should not move read-only assets
* upload doesn't need the read-only flag available, just importing
* default isReadOnly on import endpoint to true
* formatting fixes
* create-asset dto needs isReadOnly, so set it to false by default on create, updated api generation
* updated code to reflect changes in MR
* fixed read stream promise return type
* new index for originalPath, check for existing path on import, reglardless of user, to prevent duplicates
* refactor: import asset
* chore: open api
* chore: tests
* Added externalPath support for individual users, updated UI to allow this to be set by admin
* added missing var for externalPath in ui
* chore: open api
* fix: compilation issues
* fix: server test
* built api, fixed user-response dto to include externalPath
* reverted accidental commit
* bad commit of duplicate externalPath in user response dto
* fixed tests to include externalPath on expected result
* fix: unit tests
* centralized supported filetypes, perform file type checking of asset and sidecar during file import process
* centralized supported filetype check method to keep regex DRY
* fixed typo
* combined migrations into one
* update api
* Removed externalPath from shared-link code, added column to admin user page whether external paths / import is enabled or not
* update mimetype
* Fixed detect correct mimetype
* revert asset-upload config
* reverted domain.constant
* refactor
* fix mime-type issue
* fix format
---------
Co-authored-by: Jason Rasmussen <jrasm91@gmail.com>
Co-authored-by: Alex Tran <alex.tran1502@gmail.com>
2023-06-22 04:33:20 +02:00
|
|
|
externalPath: null,
|
2022-05-20 01:30:47 +02:00
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
email: userTwoEmail,
|
2022-06-06 18:16:03 +02:00
|
|
|
firstName: 'two',
|
|
|
|
|
lastName: 'test',
|
2022-05-20 01:30:47 +02:00
|
|
|
id: expect.anything(),
|
|
|
|
|
createdAt: expect.anything(),
|
2022-06-06 18:16:03 +02:00
|
|
|
isAdmin: false,
|
2022-06-27 22:13:07 +02:00
|
|
|
shouldChangePassword: true,
|
2022-06-06 18:16:03 +02:00
|
|
|
profileImagePath: '',
|
2022-11-07 23:53:47 +02:00
|
|
|
deletedAt: null,
|
2023-03-04 00:38:30 +02:00
|
|
|
updatedAt: expect.anything(),
|
2022-12-26 17:35:52 +02:00
|
|
|
oauthId: '',
|
2023-05-22 05:18:10 +02:00
|
|
|
storageLabel: null,
|
feat(server): support for read-only assets and importing existing items in the filesystem (#2715)
* Added read-only flag for assets, endpoint to trigger file import vs upload
* updated fixtures with new property
* if upload is 'read-only', ensure there is no existing asset at the designated originalPath
* added test for file import as well as detecting existing image at read-only destination location
* Added storage service test for a case where it should not move read-only assets
* upload doesn't need the read-only flag available, just importing
* default isReadOnly on import endpoint to true
* formatting fixes
* create-asset dto needs isReadOnly, so set it to false by default on create, updated api generation
* updated code to reflect changes in MR
* fixed read stream promise return type
* new index for originalPath, check for existing path on import, reglardless of user, to prevent duplicates
* refactor: import asset
* chore: open api
* chore: tests
* Added externalPath support for individual users, updated UI to allow this to be set by admin
* added missing var for externalPath in ui
* chore: open api
* fix: compilation issues
* fix: server test
* built api, fixed user-response dto to include externalPath
* reverted accidental commit
* bad commit of duplicate externalPath in user response dto
* fixed tests to include externalPath on expected result
* fix: unit tests
* centralized supported filetypes, perform file type checking of asset and sidecar during file import process
* centralized supported filetype check method to keep regex DRY
* fixed typo
* combined migrations into one
* update api
* Removed externalPath from shared-link code, added column to admin user page whether external paths / import is enabled or not
* update mimetype
* Fixed detect correct mimetype
* revert asset-upload config
* reverted domain.constant
* refactor
* fix mime-type issue
* fix format
---------
Co-authored-by: Jason Rasmussen <jrasm91@gmail.com>
Co-authored-by: Alex Tran <alex.tran1502@gmail.com>
2023-06-22 04:33:20 +02:00
|
|
|
externalPath: null,
|
2023-05-22 05:18:10 +02:00
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
email: authUserEmail,
|
|
|
|
|
firstName: 'auth-user',
|
|
|
|
|
lastName: 'test',
|
|
|
|
|
id: expect.anything(),
|
|
|
|
|
createdAt: expect.anything(),
|
|
|
|
|
isAdmin: true,
|
|
|
|
|
shouldChangePassword: true,
|
|
|
|
|
profileImagePath: '',
|
|
|
|
|
deletedAt: null,
|
|
|
|
|
updatedAt: expect.anything(),
|
|
|
|
|
oauthId: '',
|
|
|
|
|
storageLabel: 'admin',
|
feat(server): support for read-only assets and importing existing items in the filesystem (#2715)
* Added read-only flag for assets, endpoint to trigger file import vs upload
* updated fixtures with new property
* if upload is 'read-only', ensure there is no existing asset at the designated originalPath
* added test for file import as well as detecting existing image at read-only destination location
* Added storage service test for a case where it should not move read-only assets
* upload doesn't need the read-only flag available, just importing
* default isReadOnly on import endpoint to true
* formatting fixes
* create-asset dto needs isReadOnly, so set it to false by default on create, updated api generation
* updated code to reflect changes in MR
* fixed read stream promise return type
* new index for originalPath, check for existing path on import, reglardless of user, to prevent duplicates
* refactor: import asset
* chore: open api
* chore: tests
* Added externalPath support for individual users, updated UI to allow this to be set by admin
* added missing var for externalPath in ui
* chore: open api
* fix: compilation issues
* fix: server test
* built api, fixed user-response dto to include externalPath
* reverted accidental commit
* bad commit of duplicate externalPath in user response dto
* fixed tests to include externalPath on expected result
* fix: unit tests
* centralized supported filetypes, perform file type checking of asset and sidecar during file import process
* centralized supported filetype check method to keep regex DRY
* fixed typo
* combined migrations into one
* update api
* Removed externalPath from shared-link code, added column to admin user page whether external paths / import is enabled or not
* update mimetype
* Fixed detect correct mimetype
* revert asset-upload config
* reverted domain.constant
* refactor
* fix mime-type issue
* fix format
---------
Co-authored-by: Jason Rasmussen <jrasm91@gmail.com>
Co-authored-by: Alex Tran <alex.tran1502@gmail.com>
2023-06-22 04:33:20 +02:00
|
|
|
externalPath: null,
|
2022-05-20 01:30:47 +02:00
|
|
|
},
|
|
|
|
|
]),
|
|
|
|
|
);
|
|
|
|
|
});
|
2023-04-01 18:43:45 +02:00
|
|
|
|
|
|
|
|
it('disallows admin user from creating a second admin account', async () => {
|
|
|
|
|
const { status } = await request(app.getHttpServer())
|
|
|
|
|
.put('/user')
|
|
|
|
|
.send({
|
|
|
|
|
...userOne,
|
|
|
|
|
isAdmin: true,
|
|
|
|
|
});
|
|
|
|
|
expect(status).toEqual(400);
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('ignores updates to createdAt, updatedAt and deletedAt', async () => {
|
|
|
|
|
const { status, body } = await request(app.getHttpServer())
|
|
|
|
|
.put('/user')
|
|
|
|
|
.send({
|
|
|
|
|
...userOne,
|
|
|
|
|
createdAt: '2023-01-01T00:00:00.000Z',
|
|
|
|
|
updatedAt: '2023-01-01T00:00:00.000Z',
|
|
|
|
|
deletedAt: '2023-01-01T00:00:00.000Z',
|
|
|
|
|
});
|
|
|
|
|
expect(status).toEqual(200);
|
|
|
|
|
expect(body).toStrictEqual({
|
|
|
|
|
...userOne,
|
|
|
|
|
createdAt: new Date(userOne.createdAt).toISOString(),
|
|
|
|
|
updatedAt: expect.anything(),
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('ignores updates to profileImagePath', async () => {
|
|
|
|
|
const { status, body } = await request(app.getHttpServer())
|
|
|
|
|
.put('/user')
|
|
|
|
|
.send({
|
|
|
|
|
...userOne,
|
|
|
|
|
profileImagePath: 'invalid.jpg',
|
|
|
|
|
});
|
|
|
|
|
expect(status).toEqual(200);
|
|
|
|
|
expect(body).toStrictEqual({
|
|
|
|
|
...userOne,
|
|
|
|
|
createdAt: new Date(userOne.createdAt).toISOString(),
|
|
|
|
|
updatedAt: expect.anything(),
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('allows to update first and last name', async () => {
|
|
|
|
|
const { status, body } = await request(app.getHttpServer())
|
|
|
|
|
.put('/user')
|
|
|
|
|
.send({
|
|
|
|
|
...userOne,
|
|
|
|
|
firstName: 'newFirstName',
|
|
|
|
|
lastName: 'newLastName',
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
expect(status).toEqual(200);
|
|
|
|
|
expect(body).toMatchObject({
|
|
|
|
|
...userOne,
|
|
|
|
|
createdAt: new Date(userOne.createdAt).toISOString(),
|
|
|
|
|
updatedAt: expect.anything(),
|
|
|
|
|
firstName: 'newFirstName',
|
|
|
|
|
lastName: 'newLastName',
|
|
|
|
|
});
|
|
|
|
|
});
|
2022-05-20 01:30:47 +02:00
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
});
|
