overleaf/services/web/test/acceptance/src/AdminPrivilegeAvailableTests.mjs

import Settings from '@overleaf/settings'
import { expect } from 'chai'
import UserHelper from './helpers/User.js'
import { getSafeAdminDomainRedirect } from '../../../app/src/Features/Helpers/UrlHelper.js'

const User = UserHelper.promises

describe('AdminPrivilegeAvailable', function () {
  let adminUser, otherUser
  const flagBefore = Settings.adminPrivilegeAvailable
  after(function () {
    Settings.adminPrivilegeAvailable = flagBefore
  })

  beforeEach('create admin user', async function () {
    adminUser = new User()
    await adminUser.ensureUserExists()
    await adminUser.ensureAdmin()
    await adminUser.login()
  })

  let projectIdOwned, otherUsersProjectId, otherUsersProjectTokenAccessURL
  beforeEach('create owned project', async function () {
    projectIdOwned = await adminUser.createProject('owned project')
  })

  beforeEach('create other user and project', async function () {
    otherUser = new User({
      email: 'test@non-staff.com',
      confirmedAt: new Date(),
    })
    await otherUser.login()

    otherUsersProjectId = await otherUser.createProject('other users project')
    await otherUser.makeTokenBased(otherUsersProjectId)
    const {
      tokens: { readOnly: readOnlyToken },
    } = await otherUser.getProject(otherUsersProjectId)
    otherUsersProjectTokenAccessURL = `/read/${readOnlyToken}`
  })

  async function hasAccess(projectId) {
    const { response } = await adminUser.doRequest(
      'GET',
      `/project/${projectId}`
    )
    return response.statusCode === 200
  }

  async function displayTokenAccessPage(user) {
    const { response } = await user.doRequest(
      'GET',
      otherUsersProjectTokenAccessURL
    )
    expect(response.statusCode).to.equal(200)
    expect(response.body).to.include(otherUsersProjectTokenAccessURL)
  }

  describe('adminPrivilegeAvailable=true', function () {
    beforeEach(function () {
      Settings.adminPrivilegeAvailable = true
    })
    it('should grant the admin access to owned project', async function () {
      expect(await hasAccess(projectIdOwned)).to.equal(true)
    })
    it('should grant the admin access to non-owned project', async function () {
      expect(await hasAccess(otherUsersProjectId)).to.equal(true)
    })
    it('should display token access page for admin', async function () {
      await displayTokenAccessPage(adminUser)
    })
    it('should display token access page for regular user', async function () {
      await displayTokenAccessPage(otherUser)
    })
    it('should redirect a token grant request to project page', async function () {
      const { response } = await adminUser.doRequest('POST', {
        url: `${otherUsersProjectTokenAccessURL}/grant`,
        json: {
          confirmedByUser: true,
        },
      })
      expect(response.statusCode).to.equal(200)
      expect(response.body.redirect).to.equal(`/project/${otherUsersProjectId}`)
    })
  })

  describe('adminPrivilegeAvailable=false', function () {
    beforeEach(function () {
      Settings.adminPrivilegeAvailable = false
    })
    it('should grant the admin access to owned project', async function () {
      expect(await hasAccess(projectIdOwned)).to.equal(true)
    })
    it('should block the admin from non-owned project', async function () {
      expect(await hasAccess(otherUsersProjectId)).to.equal(false)
    })
    it('should display token access page for admin', async function () {
      displayTokenAccessPage(adminUser)
    })
    it('should display token access page for regular user', async function () {
      await displayTokenAccessPage(otherUser)
    })
    it('should redirect a token grant request to admin panel if belongs to non-staff', async function () {
      const { response } = await adminUser.doRequest('POST', {
        url: `${otherUsersProjectTokenAccessURL}/grant`,
        json: {
          confirmedByUser: true,
        },
      })
      expect(response.statusCode).to.equal(200)
      expect(response.body.redirect).to.equal(
        getSafeAdminDomainRedirect(otherUsersProjectTokenAccessURL)
      )
    })

    it('should redirect a token grant request to project page if belongs to staff', async function () {
      const staff = new User({
        email: `test@${Settings.adminDomains[0]}`,
        confirmedAt: new Date(),
      })
      await staff.ensureUserExists()
      await staff.ensureAdmin()
      await staff.login()

      const staffProjectId = await staff.createProject('staff user project')
      await staff.makeTokenBased(staffProjectId)
      const {
        tokens: { readOnly: readOnlyTokenAdmin },
      } = await staff.getProject(staffProjectId)
      const staffProjectTokenAccessURL = `/read/${readOnlyTokenAdmin}`

      const { response } = await adminUser.doRequest('POST', {
        url: `${staffProjectTokenAccessURL}/grant`,
        json: {
          confirmedByUser: true,
        },
      })
      expect(response.statusCode).to.equal(200)
      expect(response.body.redirect).to.equal(`/project/${staffProjectId}`)
    })
  })
})
Convert top level acceptance tests to ES module GitOrigin-RevId: ab45010ec557d62576c470d2e024549e67261c66 2024-10-14 06:41:11 -04:00			`import Settings from '@overleaf/settings'`
			`import { expect } from 'chai'`
			`import UserHelper from './helpers/User.js'`
			`import { getSafeAdminDomainRedirect } from '../../../app/src/Features/Helpers/UrlHelper.js'`

			`const User = UserHelper.promises`
Merge pull request #6614 from overleaf/jpa-msm-separate-admin-app [misc] move admin capability from www. to admin. subdomain GitOrigin-RevId: e0daeacf3c06b856ffb9fd35dce76e71f14e8459 2022-03-31 06:34:49 -04:00
			`describe('AdminPrivilegeAvailable', function () {`
Merge pull request #6712 from overleaf/jpa-redirect-token-access [web] redirect admin users from token access gateway to admin panel GitOrigin-RevId: b39c9b4bcad5d376b720a6718df7ef01cd89938f 2022-03-31 06:35:16 -04:00			`let adminUser, otherUser`
Merge pull request #6614 from overleaf/jpa-msm-separate-admin-app [misc] move admin capability from www. to admin. subdomain GitOrigin-RevId: e0daeacf3c06b856ffb9fd35dce76e71f14e8459 2022-03-31 06:34:49 -04:00			`const flagBefore = Settings.adminPrivilegeAvailable`
			`after(function () {`
			`Settings.adminPrivilegeAvailable = flagBefore`
			`})`

			`beforeEach('create admin user', async function () {`
			`adminUser = new User()`
			`await adminUser.ensureUserExists()`
			`await adminUser.ensureAdmin()`
			`await adminUser.login()`
			`})`

Merge pull request #6712 from overleaf/jpa-redirect-token-access [web] redirect admin users from token access gateway to admin panel GitOrigin-RevId: b39c9b4bcad5d376b720a6718df7ef01cd89938f 2022-03-31 06:35:16 -04:00			`let projectIdOwned, otherUsersProjectId, otherUsersProjectTokenAccessURL`
Merge pull request #6614 from overleaf/jpa-msm-separate-admin-app [misc] move admin capability from www. to admin. subdomain GitOrigin-RevId: e0daeacf3c06b856ffb9fd35dce76e71f14e8459 2022-03-31 06:34:49 -04:00			`beforeEach('create owned project', async function () {`
			`projectIdOwned = await adminUser.createProject('owned project')`
			`})`

			`beforeEach('create other user and project', async function () {`
bypass linking sharing admin redirect for internal projects (#19314) * disable linking sharing admin redirect * address comments * remove ignoreSiteAdmin * load admin domains from settings * add acceptance test * more tests * fix tests and restore admin domain * use adminDomains as array GitOrigin-RevId: 5acb62e1b6ada0aaeceab6db6a6635f82e30833f 2024-07-15 06:23:03 -04:00			`otherUser = new User({`
			`email: 'test@non-staff.com',`
			`confirmedAt: new Date(),`
			`})`
Merge pull request #6614 from overleaf/jpa-msm-separate-admin-app [misc] move admin capability from www. to admin. subdomain GitOrigin-RevId: e0daeacf3c06b856ffb9fd35dce76e71f14e8459 2022-03-31 06:34:49 -04:00			`await otherUser.login()`

			`otherUsersProjectId = await otherUser.createProject('other users project')`
Merge pull request #6712 from overleaf/jpa-redirect-token-access [web] redirect admin users from token access gateway to admin panel GitOrigin-RevId: b39c9b4bcad5d376b720a6718df7ef01cd89938f 2022-03-31 06:35:16 -04:00			`await otherUser.makeTokenBased(otherUsersProjectId)`
			`const {`
			`tokens: { readOnly: readOnlyToken },`
			`} = await otherUser.getProject(otherUsersProjectId)`
			otherUsersProjectTokenAccessURL = `/read/${readOnlyToken}`
Merge pull request #6614 from overleaf/jpa-msm-separate-admin-app [misc] move admin capability from www. to admin. subdomain GitOrigin-RevId: e0daeacf3c06b856ffb9fd35dce76e71f14e8459 2022-03-31 06:34:49 -04:00			`})`

			`async function hasAccess(projectId) {`
			`const { response } = await adminUser.doRequest(`
			`'GET',`
			`/project/${projectId}`
			`)`
			`return response.statusCode === 200`
			`}`

Merge pull request #6712 from overleaf/jpa-redirect-token-access [web] redirect admin users from token access gateway to admin panel GitOrigin-RevId: b39c9b4bcad5d376b720a6718df7ef01cd89938f 2022-03-31 06:35:16 -04:00			`async function displayTokenAccessPage(user) {`
			`const { response } = await user.doRequest(`
			`'GET',`
			`otherUsersProjectTokenAccessURL`
			`)`
			`expect(response.statusCode).to.equal(200)`
			`expect(response.body).to.include(otherUsersProjectTokenAccessURL)`
			`}`

Merge pull request #6614 from overleaf/jpa-msm-separate-admin-app [misc] move admin capability from www. to admin. subdomain GitOrigin-RevId: e0daeacf3c06b856ffb9fd35dce76e71f14e8459 2022-03-31 06:34:49 -04:00			`describe('adminPrivilegeAvailable=true', function () {`
			`beforeEach(function () {`
			`Settings.adminPrivilegeAvailable = true`
			`})`
			`it('should grant the admin access to owned project', async function () {`
			`expect(await hasAccess(projectIdOwned)).to.equal(true)`
			`})`
			`it('should grant the admin access to non-owned project', async function () {`
			`expect(await hasAccess(otherUsersProjectId)).to.equal(true)`
			`})`
Merge pull request #6712 from overleaf/jpa-redirect-token-access [web] redirect admin users from token access gateway to admin panel GitOrigin-RevId: b39c9b4bcad5d376b720a6718df7ef01cd89938f 2022-03-31 06:35:16 -04:00			`it('should display token access page for admin', async function () {`
			`await displayTokenAccessPage(adminUser)`
			`})`
			`it('should display token access page for regular user', async function () {`
			`await displayTokenAccessPage(otherUser)`
			`})`
bypass linking sharing admin redirect for internal projects (#19314) * disable linking sharing admin redirect * address comments * remove ignoreSiteAdmin * load admin domains from settings * add acceptance test * more tests * fix tests and restore admin domain * use adminDomains as array GitOrigin-RevId: 5acb62e1b6ada0aaeceab6db6a6635f82e30833f 2024-07-15 06:23:03 -04:00			`it('should redirect a token grant request to project page', async function () {`
			`const { response } = await adminUser.doRequest('POST', {`
			url: `${otherUsersProjectTokenAccessURL}/grant`,
			`json: {`
			`confirmedByUser: true,`
			`},`
			`})`
			`expect(response.statusCode).to.equal(200)`
			expect(response.body.redirect).to.equal(`/project/${otherUsersProjectId}`)
			`})`
Merge pull request #6614 from overleaf/jpa-msm-separate-admin-app [misc] move admin capability from www. to admin. subdomain GitOrigin-RevId: e0daeacf3c06b856ffb9fd35dce76e71f14e8459 2022-03-31 06:34:49 -04:00			`})`

			`describe('adminPrivilegeAvailable=false', function () {`
			`beforeEach(function () {`
			`Settings.adminPrivilegeAvailable = false`
			`})`
			`it('should grant the admin access to owned project', async function () {`
			`expect(await hasAccess(projectIdOwned)).to.equal(true)`
			`})`
			`it('should block the admin from non-owned project', async function () {`
			`expect(await hasAccess(otherUsersProjectId)).to.equal(false)`
			`})`
bypass linking sharing admin redirect for internal projects (#19314) * disable linking sharing admin redirect * address comments * remove ignoreSiteAdmin * load admin domains from settings * add acceptance test * more tests * fix tests and restore admin domain * use adminDomains as array GitOrigin-RevId: 5acb62e1b6ada0aaeceab6db6a6635f82e30833f 2024-07-15 06:23:03 -04:00			`it('should display token access page for admin', async function () {`
			`displayTokenAccessPage(adminUser)`
Merge pull request #6712 from overleaf/jpa-redirect-token-access [web] redirect admin users from token access gateway to admin panel GitOrigin-RevId: b39c9b4bcad5d376b720a6718df7ef01cd89938f 2022-03-31 06:35:16 -04:00			`})`
			`it('should display token access page for regular user', async function () {`
			`await displayTokenAccessPage(otherUser)`
			`})`
bypass linking sharing admin redirect for internal projects (#19314) * disable linking sharing admin redirect * address comments * remove ignoreSiteAdmin * load admin domains from settings * add acceptance test * more tests * fix tests and restore admin domain * use adminDomains as array GitOrigin-RevId: 5acb62e1b6ada0aaeceab6db6a6635f82e30833f 2024-07-15 06:23:03 -04:00			`it('should redirect a token grant request to admin panel if belongs to non-staff', async function () {`
			`const { response } = await adminUser.doRequest('POST', {`
			url: `${otherUsersProjectTokenAccessURL}/grant`,
			`json: {`
			`confirmedByUser: true,`
			`},`
			`})`
			`expect(response.statusCode).to.equal(200)`
			`expect(response.body.redirect).to.equal(`
			`getSafeAdminDomainRedirect(otherUsersProjectTokenAccessURL)`
			`)`
			`})`

			`it('should redirect a token grant request to project page if belongs to staff', async function () {`
			`const staff = new User({`
			email: `test@${Settings.adminDomains[0]}`,
			`confirmedAt: new Date(),`
			`})`
			`await staff.ensureUserExists()`
			`await staff.ensureAdmin()`
			`await staff.login()`

			`const staffProjectId = await staff.createProject('staff user project')`
			`await staff.makeTokenBased(staffProjectId)`
			`const {`
			`tokens: { readOnly: readOnlyTokenAdmin },`
			`} = await staff.getProject(staffProjectId)`
			const staffProjectTokenAccessURL = `/read/${readOnlyTokenAdmin}`

			`const { response } = await adminUser.doRequest('POST', {`
			url: `${staffProjectTokenAccessURL}/grant`,
			`json: {`
			`confirmedByUser: true,`
			`},`
			`})`
			`expect(response.statusCode).to.equal(200)`
			expect(response.body.redirect).to.equal(`/project/${staffProjectId}`)
			`})`
Merge pull request #6614 from overleaf/jpa-msm-separate-admin-app [misc] move admin capability from www. to admin. subdomain GitOrigin-RevId: e0daeacf3c06b856ffb9fd35dce76e71f14e8459 2022-03-31 06:34:49 -04:00			`})`
			`})`