51001cfac1
Fixes #3412 Previously the only way to restrict the domains for a Team were with the ALLOWED_DOMAINS environment variable for self hosted instances. This PR migrates this to be a database backed setting on the Team object. This is done through the creation of a TeamDomain model that is associated with the Team and contains the domain name This settings is updated on the Security Tab. Here domains can be added or removed from the Team. On the server side, we take the code paths that previously were using ALLOWED_DOMAINS and switched them to use the Team allowed domains instead
188 lines
5.4 KiB
TypeScript
188 lines
5.4 KiB
TypeScript
import TestServer from "fetch-test-server";
|
|
import webService from "@server/services/web";
|
|
import { buildUser, buildTeam } from "@server/test/factories";
|
|
import { flushdb } from "@server/test/support";
|
|
|
|
const app = webService();
|
|
const server = new TestServer(app.callback());
|
|
beforeEach(() => flushdb());
|
|
afterAll(() => server.close());
|
|
|
|
describe("#auth.info", () => {
|
|
it("should return current authentication", async () => {
|
|
const team = await buildTeam();
|
|
const user = await buildUser({
|
|
teamId: team.id,
|
|
});
|
|
const res = await server.post("/api/auth.info", {
|
|
body: {
|
|
token: user.getJwtToken(),
|
|
},
|
|
});
|
|
const body = await res.json();
|
|
expect(res.status).toEqual(200);
|
|
expect(body.data.user.name).toBe(user.name);
|
|
expect(body.data.team.name).toBe(team.name);
|
|
expect(body.data.team.allowedDomains).toEqual([]);
|
|
});
|
|
|
|
it("should require the team to not be deleted", async () => {
|
|
const team = await buildTeam();
|
|
const user = await buildUser({
|
|
teamId: team.id,
|
|
});
|
|
await team.destroy();
|
|
const res = await server.post("/api/auth.info", {
|
|
body: {
|
|
token: user.getJwtToken(),
|
|
},
|
|
});
|
|
expect(res.status).toEqual(401);
|
|
});
|
|
|
|
it("should require authentication", async () => {
|
|
const res = await server.post("/api/auth.info");
|
|
expect(res.status).toEqual(401);
|
|
});
|
|
});
|
|
|
|
describe("#auth.config", () => {
|
|
it("should return available SSO providers", async () => {
|
|
const res = await server.post("/api/auth.config");
|
|
const body = await res.json();
|
|
expect(res.status).toEqual(200);
|
|
expect(body.data.providers.length).toBe(2);
|
|
expect(body.data.providers[0].name).toBe("Slack");
|
|
expect(body.data.providers[1].name).toBe("Google");
|
|
});
|
|
|
|
it("should return available providers for team subdomain", async () => {
|
|
process.env.URL = "http://localoutline.com";
|
|
await buildTeam({
|
|
guestSignin: false,
|
|
subdomain: "example",
|
|
authenticationProviders: [
|
|
{
|
|
name: "slack",
|
|
providerId: "123",
|
|
},
|
|
],
|
|
});
|
|
const res = await server.post("/api/auth.config", {
|
|
headers: {
|
|
host: `example.localoutline.com`,
|
|
},
|
|
});
|
|
const body = await res.json();
|
|
expect(res.status).toEqual(200);
|
|
expect(body.data.providers.length).toBe(1);
|
|
expect(body.data.providers[0].name).toBe("Slack");
|
|
});
|
|
|
|
it("should return available providers for team custom domain", async () => {
|
|
await buildTeam({
|
|
guestSignin: false,
|
|
domain: "docs.mycompany.com",
|
|
authenticationProviders: [
|
|
{
|
|
name: "slack",
|
|
providerId: "123",
|
|
},
|
|
],
|
|
});
|
|
const res = await server.post("/api/auth.config", {
|
|
headers: {
|
|
host: "docs.mycompany.com",
|
|
},
|
|
});
|
|
const body = await res.json();
|
|
expect(res.status).toEqual(200);
|
|
expect(body.data.providers.length).toBe(1);
|
|
expect(body.data.providers[0].name).toBe("Slack");
|
|
});
|
|
|
|
it("should return email provider for team when guest signin enabled", async () => {
|
|
process.env.URL = "http://localoutline.com";
|
|
await buildTeam({
|
|
guestSignin: true,
|
|
subdomain: "example",
|
|
authenticationProviders: [
|
|
{
|
|
name: "slack",
|
|
providerId: "123",
|
|
},
|
|
],
|
|
});
|
|
const res = await server.post("/api/auth.config", {
|
|
headers: {
|
|
host: "example.localoutline.com",
|
|
},
|
|
});
|
|
const body = await res.json();
|
|
expect(res.status).toEqual(200);
|
|
expect(body.data.providers.length).toBe(2);
|
|
expect(body.data.providers[0].name).toBe("Slack");
|
|
expect(body.data.providers[1].name).toBe("Email");
|
|
});
|
|
|
|
it("should not return provider when disabled", async () => {
|
|
process.env.URL = "http://localoutline.com";
|
|
await buildTeam({
|
|
guestSignin: false,
|
|
subdomain: "example",
|
|
authenticationProviders: [
|
|
{
|
|
name: "slack",
|
|
providerId: "123",
|
|
enabled: false,
|
|
},
|
|
],
|
|
});
|
|
const res = await server.post("/api/auth.config", {
|
|
headers: {
|
|
host: "example.localoutline.com",
|
|
},
|
|
});
|
|
const body = await res.json();
|
|
expect(res.status).toEqual(200);
|
|
expect(body.data.providers.length).toBe(0);
|
|
});
|
|
describe("self hosted", () => {
|
|
it("should return available providers for team", async () => {
|
|
process.env.DEPLOYMENT = "";
|
|
await buildTeam({
|
|
guestSignin: false,
|
|
authenticationProviders: [
|
|
{
|
|
name: "slack",
|
|
providerId: "123",
|
|
},
|
|
],
|
|
});
|
|
const res = await server.post("/api/auth.config");
|
|
const body = await res.json();
|
|
expect(res.status).toEqual(200);
|
|
expect(body.data.providers.length).toBe(1);
|
|
expect(body.data.providers[0].name).toBe("Slack");
|
|
});
|
|
it("should return email provider for team when guest signin enabled", async () => {
|
|
process.env.DEPLOYMENT = "";
|
|
await buildTeam({
|
|
guestSignin: true,
|
|
authenticationProviders: [
|
|
{
|
|
name: "slack",
|
|
providerId: "123",
|
|
},
|
|
],
|
|
});
|
|
const res = await server.post("/api/auth.config");
|
|
const body = await res.json();
|
|
expect(res.status).toEqual(200);
|
|
expect(body.data.providers.length).toBe(2);
|
|
expect(body.data.providers[0].name).toBe("Slack");
|
|
expect(body.data.providers[1].name).toBe("Email");
|
|
});
|
|
});
|
|
});
|