2020-07-21 10:28:52 -04:00
|
|
|
const sinon = require('sinon')
|
|
|
|
|
const chai = require('chai')
|
|
|
|
|
const { expect } = chai
|
|
|
|
|
const SandboxedModule = require('sandboxed-module')
|
|
|
|
|
const modulePath =
|
|
|
|
|
'../../../../app/src/Features/User/ThirdPartyIdentityManager.js'
|
|
|
|
|
|
|
|
|
|
describe('ThirdPartyIdentityManager', function() {
|
|
|
|
|
beforeEach(function() {
|
|
|
|
|
this.userId = 'a1b2c3'
|
|
|
|
|
this.user = {
|
|
|
|
|
_id: this.userId,
|
|
|
|
|
email: 'example@overleaf.com'
|
|
|
|
|
}
|
|
|
|
|
this.externalUserId = 'id789'
|
|
|
|
|
this.externalData = {}
|
2020-10-06 09:50:07 -04:00
|
|
|
this.auditLog = { initiatorId: this.userId, ipAddress: '0:0:0:0' }
|
2020-07-21 10:28:52 -04:00
|
|
|
this.ThirdPartyIdentityManager = SandboxedModule.require(modulePath, {
|
|
|
|
|
globals: {
|
|
|
|
|
console: console
|
|
|
|
|
},
|
|
|
|
|
requires: {
|
2020-10-06 09:50:07 -04:00
|
|
|
'../../../../app/src/Features/User/UserAuditLogHandler': (this.UserAuditLogHandler = {
|
|
|
|
|
addEntry: sinon.stub().yields()
|
|
|
|
|
}),
|
2020-07-21 10:28:52 -04:00
|
|
|
'../../../../app/src/Features/Email/EmailHandler': (this.EmailHandler = {
|
|
|
|
|
sendEmail: sinon.stub().yields()
|
|
|
|
|
}),
|
|
|
|
|
Errors: (this.Errors = {
|
|
|
|
|
ThirdPartyIdentityExistsError: sinon.stub(),
|
|
|
|
|
ThirdPartyUserNotFoundError: sinon.stub()
|
|
|
|
|
}),
|
2020-09-29 10:05:12 -04:00
|
|
|
'logger-sharelatex': (this.logger = {
|
|
|
|
|
error: sinon.stub()
|
|
|
|
|
}),
|
2020-07-21 10:28:52 -04:00
|
|
|
'../../../../app/src/models/User': {
|
|
|
|
|
User: (this.User = {
|
|
|
|
|
findOneAndUpdate: sinon.stub().yields(undefined, this.user),
|
|
|
|
|
findOne: sinon.stub()
|
|
|
|
|
})
|
|
|
|
|
},
|
|
|
|
|
'settings-sharelatex': {
|
|
|
|
|
oauthProviders: {
|
|
|
|
|
google: {
|
|
|
|
|
name: 'Google'
|
|
|
|
|
},
|
|
|
|
|
orcid: {
|
|
|
|
|
name: 'Orcid'
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
})
|
|
|
|
|
})
|
|
|
|
|
describe('link', function() {
|
|
|
|
|
it('should send email alert', async function() {
|
|
|
|
|
await this.ThirdPartyIdentityManager.promises.link(
|
|
|
|
|
this.userId,
|
|
|
|
|
'google',
|
|
|
|
|
this.externalUserId,
|
2020-10-06 09:50:07 -04:00
|
|
|
this.externalData,
|
|
|
|
|
this.auditLog
|
2020-07-21 10:28:52 -04:00
|
|
|
)
|
|
|
|
|
const emailCall = this.EmailHandler.sendEmail.getCall(0)
|
|
|
|
|
expect(emailCall.args[0]).to.equal('securityAlert')
|
|
|
|
|
expect(emailCall.args[1].actionDescribed).to.contain(
|
|
|
|
|
'a Google account was linked'
|
|
|
|
|
)
|
|
|
|
|
})
|
2020-10-06 09:50:07 -04:00
|
|
|
|
|
|
|
|
it('should update user audit log', async function() {
|
|
|
|
|
await this.ThirdPartyIdentityManager.promises.link(
|
|
|
|
|
this.userId,
|
|
|
|
|
'google',
|
|
|
|
|
this.externalUserId,
|
|
|
|
|
this.externalData,
|
|
|
|
|
this.auditLog
|
|
|
|
|
)
|
|
|
|
|
expect(this.UserAuditLogHandler.addEntry).to.have.been.calledOnceWith(
|
|
|
|
|
this.userId,
|
|
|
|
|
'link-sso',
|
|
|
|
|
this.auditLog.initiatorId,
|
|
|
|
|
this.auditLog.ipAddress,
|
|
|
|
|
{
|
|
|
|
|
providerId: 'google'
|
|
|
|
|
}
|
|
|
|
|
)
|
|
|
|
|
})
|
2020-09-29 10:05:12 -04:00
|
|
|
describe('errors', function() {
|
|
|
|
|
const anError = new Error('oops')
|
2020-10-06 09:50:07 -04:00
|
|
|
it('should not unlink if the UserAuditLogHandler throws an error', function(done) {
|
|
|
|
|
this.UserAuditLogHandler.addEntry.yields(anError)
|
|
|
|
|
this.ThirdPartyIdentityManager.link(
|
|
|
|
|
this.userId,
|
|
|
|
|
'google',
|
|
|
|
|
this.externalUserId,
|
|
|
|
|
this.externalData,
|
|
|
|
|
this.auditLog,
|
|
|
|
|
error => {
|
|
|
|
|
expect(error).to.exist
|
|
|
|
|
expect(error).to.equal(anError)
|
|
|
|
|
expect(this.User.findOneAndUpdate).to.not.have.been.called
|
|
|
|
|
done()
|
|
|
|
|
}
|
|
|
|
|
)
|
|
|
|
|
})
|
2020-09-29 10:05:12 -04:00
|
|
|
describe('EmailHandler', function() {
|
|
|
|
|
beforeEach(function() {
|
|
|
|
|
this.EmailHandler.sendEmail.yields(anError)
|
|
|
|
|
})
|
|
|
|
|
it('should log but not return the error', function(done) {
|
|
|
|
|
this.ThirdPartyIdentityManager.link(
|
|
|
|
|
this.userId,
|
|
|
|
|
'google',
|
|
|
|
|
this.externalUserId,
|
|
|
|
|
this.externalData,
|
2020-10-06 09:50:07 -04:00
|
|
|
this.auditLog,
|
2020-09-29 10:05:12 -04:00
|
|
|
error => {
|
|
|
|
|
expect(error).to.not.exist
|
|
|
|
|
const loggerCall = this.logger.error.getCall(0)
|
|
|
|
|
expect(loggerCall.args[0]).to.deep.equal({
|
|
|
|
|
error: anError,
|
|
|
|
|
userId: this.userId
|
|
|
|
|
})
|
|
|
|
|
expect(loggerCall.args[1]).to.contain(
|
|
|
|
|
'could not send security alert email when Google linked'
|
|
|
|
|
)
|
|
|
|
|
done()
|
|
|
|
|
}
|
|
|
|
|
)
|
|
|
|
|
})
|
|
|
|
|
})
|
|
|
|
|
})
|
2020-07-21 10:28:52 -04:00
|
|
|
})
|
|
|
|
|
describe('unlink', function() {
|
|
|
|
|
it('should send email alert', async function() {
|
2020-10-06 09:50:07 -04:00
|
|
|
await this.ThirdPartyIdentityManager.promises.unlink(
|
|
|
|
|
this.userId,
|
|
|
|
|
'orcid',
|
|
|
|
|
this.auditLog
|
|
|
|
|
)
|
2020-07-21 10:28:52 -04:00
|
|
|
const emailCall = this.EmailHandler.sendEmail.getCall(0)
|
|
|
|
|
expect(emailCall.args[0]).to.equal('securityAlert')
|
|
|
|
|
expect(emailCall.args[1].actionDescribed).to.contain(
|
|
|
|
|
'an Orcid account is no longer linked'
|
|
|
|
|
)
|
|
|
|
|
})
|
2020-10-06 09:50:07 -04:00
|
|
|
it('should update user audit log', async function() {
|
|
|
|
|
await this.ThirdPartyIdentityManager.promises.unlink(
|
|
|
|
|
this.userId,
|
|
|
|
|
'orcid',
|
|
|
|
|
this.auditLog
|
|
|
|
|
)
|
|
|
|
|
expect(this.UserAuditLogHandler.addEntry).to.have.been.calledOnceWith(
|
|
|
|
|
this.userId,
|
|
|
|
|
'unlink-sso',
|
|
|
|
|
this.auditLog.initiatorId,
|
|
|
|
|
this.auditLog.ipAddress,
|
|
|
|
|
{
|
|
|
|
|
providerId: 'orcid'
|
|
|
|
|
}
|
|
|
|
|
)
|
|
|
|
|
})
|
2020-09-29 10:05:12 -04:00
|
|
|
describe('errors', function() {
|
|
|
|
|
const anError = new Error('oops')
|
2020-10-06 09:50:07 -04:00
|
|
|
it('should not unlink if the UserAuditLogHandler throws an error', function(done) {
|
|
|
|
|
this.UserAuditLogHandler.addEntry.yields(anError)
|
|
|
|
|
this.ThirdPartyIdentityManager.unlink(
|
|
|
|
|
this.userId,
|
|
|
|
|
'orcid',
|
|
|
|
|
this.auditLog,
|
|
|
|
|
error => {
|
|
|
|
|
expect(error).to.exist
|
|
|
|
|
expect(error).to.equal(anError)
|
|
|
|
|
expect(this.User.findOneAndUpdate).to.not.have.been.called
|
|
|
|
|
done()
|
|
|
|
|
}
|
|
|
|
|
)
|
|
|
|
|
expect(this.User.findOneAndUpdate).to.not.have.been.called
|
|
|
|
|
})
|
2020-09-29 10:05:12 -04:00
|
|
|
describe('EmailHandler', function() {
|
|
|
|
|
beforeEach(function() {
|
|
|
|
|
this.EmailHandler.sendEmail.yields(anError)
|
|
|
|
|
})
|
|
|
|
|
it('should log but not return the error', function(done) {
|
|
|
|
|
this.ThirdPartyIdentityManager.unlink(
|
|
|
|
|
this.userId,
|
|
|
|
|
'google',
|
2020-10-06 09:50:07 -04:00
|
|
|
this.auditLog,
|
2020-09-29 10:05:12 -04:00
|
|
|
error => {
|
|
|
|
|
expect(error).to.not.exist
|
|
|
|
|
const loggerCall = this.logger.error.getCall(0)
|
|
|
|
|
expect(loggerCall.args[0]).to.deep.equal({
|
|
|
|
|
error: anError,
|
|
|
|
|
userId: this.userId
|
|
|
|
|
})
|
|
|
|
|
expect(loggerCall.args[1]).to.contain(
|
|
|
|
|
'could not send security alert email when Google no longer linked'
|
|
|
|
|
)
|
|
|
|
|
done()
|
|
|
|
|
}
|
|
|
|
|
)
|
|
|
|
|
})
|
|
|
|
|
})
|
|
|
|
|
})
|
2020-07-21 10:28:52 -04:00
|
|
|
})
|
|
|
|
|
})
|
