'use strict'; const { createStrapiInstance } = require('api-tests/strapi'); const { createAuthRequest, createRequest } = require('api-tests/request'); const { createUtils, describeOnCondition } = require('api-tests/utils'); const edition = process.env.STRAPI_DISABLE_EE === 'true' ? 'CE' : 'EE'; let strapi; let utils; const requests = { public: undefined, admin: undefined, noPermissions: undefined, }; const localData = { restrictedUser: null, restrictedRole: null, }; const restrictedUser = { email: 'restricted@user.io', password: 'Restricted123', }; const restrictedRole = { name: 'restricted-role', description: '', }; const createFixtures = async () => { const role = await utils.createRole(restrictedRole); const user = await utils.createUserIfNotExists({ ...restrictedUser, roles: [role.id], }); localData.restrictedUser = user; localData.restrictedRole = role; return { role, user }; }; const deleteFixtures = async () => { await utils.deleteUserById(localData.restrictedUser.id); await utils.deleteRolesById([localData.restrictedRole.id]); }; describeOnCondition(edition === 'EE')('SSO Provider Options', () => { let hasSSO; beforeAll(async () => { strapi = await createStrapiInstance(); utils = createUtils(strapi); // eslint-disable-next-line node/no-extraneous-require hasSSO = require('@strapi/strapi/dist/utils/ee').features.isEnabled('sso'); await createFixtures(); requests.public = createRequest({ strapi }); requests.admin = await createAuthRequest({ strapi }); requests.noPermissions = await createAuthRequest({ strapi, userInfo: restrictedUser }); }); afterAll(async () => { await deleteFixtures(); await strapi.destroy(); }); describe('Get provider options', () => { test('Get the provider options as public user gives 401', async () => { const res = await requests.public.get('/admin/providers/options'); expect(res.status).toEqual(401); }); test('Get the provider options with no permissions gives 403', async () => { const res = await requests.noPermissions.get('/admin/providers/options'); expect(res.status).toEqual(403); }); test('Get the provider options as admin succeeds', async () => { const res = await requests.admin.get('/admin/providers/options'); if (hasSSO) { expect(res.status).toBe(200); const { data } = JSON.parse(res.text); const keys = Object.keys(data); expect(keys).toContain('autoRegister'); expect(keys).toContain('ssoLockedRoles'); expect(keys).toContain('defaultRole'); } else { expect(res.status).toBe(404); expect(Array.isArray(res.body)).toBeFalsy(); } }); }); describe('ssoLockedRoles', () => { test.each([ ['empty array', []], ['null', null], ['array of roles', [1]], ])('can be %s', async (name, value) => { const newData = { ssoLockedRoles: value, defaultRole: null, autoRegister: false, }; const res = await requests.admin.put('/admin/providers/options', { body: newData, }); if (hasSSO) { expect(res.status).toEqual(200); const parsed = JSON.parse(res.text); expect(parsed.data).toMatchObject(newData); } else { expect(res.status).toBe(404); expect(Array.isArray(res.body)).toBeFalsy(); } }); test.each([ ['invalid role id', [999]], ['string', '1'], ['object', { role: 1 }], ])('cannot be %s', async (name, value) => { const res = await requests.admin.put('/admin/providers/options', { body: { ssoLockedRoles: value, defaultRole: null, autoRegister: false, }, }); if (hasSSO) { expect(res.status).toEqual(400); } else { expect(res.status).toBe(404); expect(Array.isArray(res.body)).toBeFalsy(); } }); describe('autoRegister and defaultRole', () => { test.each([ [null, false], [1, false], [1, true], ])('defaultRole can be %s when autoRegister is %s', async (defaultRole, autoRegister) => { const newData = { defaultRole, autoRegister, }; const res = await requests.admin.put('/admin/providers/options', { body: newData, }); if (hasSSO) { expect(res.status).toEqual(200); const parsed = JSON.parse(res.text); expect(parsed.data).toMatchObject(newData); } else { expect(res.status).toBe(404); expect(Array.isArray(res.body)).toBeFalsy(); } }); test.each([ [null, true], [{}, true], [9999, true], ])('defaultRole cannot be %s when autoRegister is %s', async (defaultRole, autoRegister) => { const newData = { defaultRole, autoRegister, }; const res = await requests.admin.put('/admin/providers/options', { body: newData, }); if (hasSSO) { expect(res.status).toEqual(400); } else { expect(res.status).toBe(404); expect(Array.isArray(res.body)).toBeFalsy(); } }); }); }); });