diff --git a/server/test/integration_test.go b/server/test/integration_test.go index 587235c..2374aaf 100644 --- a/server/test/integration_test.go +++ b/server/test/integration_test.go @@ -122,6 +122,7 @@ func TestResolvers(t *testing.T) { updateEmailTemplateTest(t, s) emailTemplatesTest(t, s) deleteEmailTemplateTest(t, s) + RoleDeletionTest(t, s) // user resolvers tests loginTests(t, s) diff --git a/server/test/role_deletion_test.go b/server/test/role_deletion_test.go new file mode 100644 index 0000000..ed0ed90 --- /dev/null +++ b/server/test/role_deletion_test.go @@ -0,0 +1,98 @@ +package test + +import ( + "fmt" + "github.com/authorizerdev/authorizer/server/crypto" + "strings" + "testing" + + "github.com/stretchr/testify/assert" + + "github.com/authorizerdev/authorizer/server/constants" + "github.com/authorizerdev/authorizer/server/graph/model" + "github.com/authorizerdev/authorizer/server/memorystore" + "github.com/authorizerdev/authorizer/server/refs" + "github.com/authorizerdev/authorizer/server/resolvers" +) + +func RoleDeletionTest(t *testing.T, s TestSetup) { + t.Helper() + t.Run(`should complete role deletion`, func(t *testing.T) { + // login as admin + req, ctx := createContext(s) + + _, err := resolvers.AdminLoginResolver(ctx, model.AdminLoginInput{ + AdminSecret: "admin_test", + }) + assert.NotNil(t, err) + + adminSecret, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyAdminSecret) + assert.Nil(t, err) + _, err = resolvers.AdminLoginResolver(ctx, model.AdminLoginInput{ + AdminSecret: adminSecret, + }) + assert.Nil(t, err) + + h, err := crypto.EncryptPassword(adminSecret) + assert.Nil(t, err) + req.Header.Set("Cookie", fmt.Sprintf("%s=%s", constants.AdminCookieName, h)) + + // add new default role to get role, if not present in roles + originalDefaultRoles, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyDefaultRoles) + assert.Nil(t, err) + originalDefaultRolesSlice := strings.Split(originalDefaultRoles, ",") + + data := model.UpdateEnvInput{ + DefaultRoles: append(originalDefaultRolesSlice, "abc"), + } + _, err = resolvers.UpdateEnvResolver(ctx, data) + assert.Error(t, err) + + // add new role + originalRoles, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyRoles) + assert.Nil(t, err) + originalRolesSlice := strings.Split(originalRoles, ",") + roleToBeAdded := "abc" + newRoles := append(originalRolesSlice, roleToBeAdded) + data = model.UpdateEnvInput{ + Roles: newRoles, + } + _, err = resolvers.UpdateEnvResolver(ctx, data) + assert.Nil(t, err) + + // register a user with all roles + email := "update_user." + s.TestInfo.Email + _, err = resolvers.SignupResolver(ctx, model.SignUpInput{ + Email: refs.NewStringRef(email), + Password: s.TestInfo.Password, + ConfirmPassword: s.TestInfo.Password, + Roles: newRoles, + }) + assert.Nil(t, err) + + regUserDetails, _ := resolvers.UserResolver(ctx, model.GetUserRequest{ + Email: refs.NewStringRef(email), + }) + + // update env by removing role "abc" + var newRolesAfterDeletion []string + for _, value := range newRoles { + if value != roleToBeAdded { + newRolesAfterDeletion = append(newRolesAfterDeletion, value) + } + } + data = model.UpdateEnvInput{ + Roles: newRolesAfterDeletion, + } + _, err = resolvers.UpdateEnvResolver(ctx, data) + assert.Nil(t, err) + + // check user if role still exist + userDetails, err := resolvers.UserResolver(ctx, model.GetUserRequest{ + Email: refs.NewStringRef(email), + }) + assert.Nil(t, err) + assert.Equal(t, newRolesAfterDeletion, userDetails.Roles) + assert.NotEqual(t, newRolesAfterDeletion, regUserDetails.Roles) + }) +}