poduck/smoothschedule
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add Activepieces integration for workflow automation

Browse Source 
- Add Activepieces fork with SmoothSchedule custom piece
- Create integrations app with Activepieces service layer
- Add embed token endpoint for iframe integration
- Create Automations page with embedded workflow builder
- Add sidebar visibility fix for embed mode
- Add list inactive customers endpoint to Public API
- Include SmoothSchedule triggers: event created/updated/cancelled
- Include SmoothSchedule actions: create/update/cancel events, list resources/services/customers

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
poduck
2025-12-18 22:59:37 -05:00
parent 9848268d34
commit 3aa7199503
16292 changed files with 1284892 additions and 4708 deletions
Download Patch File Download Diff File Expand all files Collapse all files

765
activepieces-fork/packages/server/api/test/integration/cloud/authn/cloud-authn.test.ts Normal file
View File

@@ -0,0 +1,765 @@
import {
CustomDomain,
OtpType,
} from '@activepieces/ee-shared'
import {
DefaultProjectRole,
InvitationStatus,
InvitationType,
Platform,
PlatformPlan,
PlatformRole,
Project,
ProjectRole,
ProjectType,
User,
UserStatus,
} from '@activepieces/shared'
import { faker } from '@faker-js/faker'
import dayjs from 'dayjs'
import { FastifyBaseLogger, FastifyInstance } from 'fastify'
import { StatusCodes } from 'http-status-codes'
import { initializeDatabase } from '../../../../src/app/database'
import { databaseConnection } from '../../../../src/app/database/database-connection'
import * as emailServiceFile from '../../../../src/app/ee/helper/email/email-service'
import { setupServer } from '../../../../src/app/server'
import { decodeToken } from '../../../helpers/auth'
import {
CLOUD_PLATFORM_ID,
createMockCustomDomain,
createMockPlatform,
createMockPlatformPlan,
createMockProject,
createMockUserInvitation,
mockAndSaveBasicSetup,
mockBasicUser,
} from '../../../helpers/mocks'
import {
createMockSignInRequest,
createMockSignUpRequest,
} from '../../../helpers/mocks/authn'
let app: FastifyInstance | null = null
let sendOtpSpy: jest.Mock
beforeAll(async () => {
await initializeDatabase({ runMigrations: false })
app = await setupServer()
})
beforeEach(async () => {
sendOtpSpy = jest.fn()
jest.spyOn(emailServiceFile, 'emailService').mockImplementation((_log: FastifyBaseLogger) => ({
sendOtp: sendOtpSpy,
sendInvitation: jest.fn(),
sendIssueCreatedNotification: jest.fn(),
sendQuotaAlert: jest.fn(),
sendTrialReminder: jest.fn(),
sendReminderJobHandler: jest.fn(),
sendExceedFailureThresholdAlert: jest.fn(),
}))
await databaseConnection().getRepository('flag').createQueryBuilder().delete().execute()
await databaseConnection().getRepository('project').createQueryBuilder().delete().execute()
await databaseConnection().getRepository('platform').createQueryBuilder().delete().execute()
await databaseConnection().getRepository('user').createQueryBuilder().delete().execute()
await databaseConnection().getRepository('user_identity').createQueryBuilder().delete().execute()
await databaseConnection().getRepository('custom_domain').createQueryBuilder().delete().execute()
await databaseConnection().getRepository('user_invitation').createQueryBuilder().delete().execute()
})
afterAll(async () => {
await databaseConnection().destroy()
await app?.close()
})
describe('Authentication API', () => {
describe('Sign up Endpoint', () => {
it('Add new user if the domain is allowed', async () => {
// arrange
const { mockPlatform, mockUser, mockCustomDomain } =
await createMockPlatformAndDomain({
platform: {
id: CLOUD_PLATFORM_ID,
emailAuthEnabled: true,
},
plan: {
ssoEnabled: false,
},
})
const mockSignUpRequest = createMockSignUpRequest()
await databaseConnection()
.getRepository('platform')
.update(mockPlatform.id, {
enforceAllowedAuthDomains: true,
allowedAuthDomains: [mockSignUpRequest.email.split('@')[1]],
})
const mockProject = createMockProject({
ownerId: mockUser.id,
platformId: mockPlatform.id,
})
await databaseConnection().getRepository('project').save(mockProject)
const mockUserInvitation = createMockUserInvitation({
platformId: mockPlatform.id,
email: mockSignUpRequest.email,
platformRole: PlatformRole.ADMIN,
type: InvitationType.PLATFORM,
status: InvitationStatus.ACCEPTED,
created: dayjs().toISOString(),
})
await databaseConnection()
.getRepository('user_invitation')
.save(mockUserInvitation)
// act
const response = await app?.inject({
method: 'POST',
url: '/v1/authentication/sign-up',
body: mockSignUpRequest,
headers: {
Host: mockCustomDomain.domain,
},
})
// assert
expect(response?.statusCode).toBe(StatusCodes.OK)
})
it('Fails If the domain is not allowed', async () => {
// arrange
const { mockCustomDomain } =
await createMockPlatformAndDomain({
platform: {
emailAuthEnabled: true,
enforceAllowedAuthDomains: true,
allowedAuthDomains: [],
},
plan: {
ssoEnabled: true,
},
})
const mockSignUpRequest = createMockSignUpRequest()
// act
const response = await app?.inject({
method: 'POST',
url: '/v1/authentication/sign-up',
body: mockSignUpRequest,
headers: {
Host: mockCustomDomain.domain,
},
})
// assert
expect(response?.statusCode).toBe(StatusCodes.FORBIDDEN)
const responseBody = response?.json()
expect(responseBody?.code).toBe('DOMAIN_NOT_ALLOWED')
})
it('Create new user for the cloud user and then ask to verify email if email is not verified', async () => {
await createMockPlatformAndDomain({
platform: {
id: CLOUD_PLATFORM_ID,
emailAuthEnabled: true,
},
plan: {
ssoEnabled: false,
},
})
// arrange
const mockSignUpRequest = createMockSignUpRequest()
// act
const response = await app?.inject({
method: 'POST',
url: '/v1/authentication/sign-up',
body: mockSignUpRequest,
headers: {
},
})
const responseBody = response?.json()
// assert
expect(response?.statusCode).toBe(StatusCodes.FORBIDDEN)
expect(responseBody).toEqual({
code: 'EMAIL_IS_NOT_VERIFIED',
params: {
email: mockSignUpRequest.email.toLocaleLowerCase().trim(),
},
})
})
it('Sends a verification email', async () => {
// arrange
const mockSignUpRequest = createMockSignUpRequest()
await createMockPlatformAndDomain({
platform: {
id: CLOUD_PLATFORM_ID,
emailAuthEnabled: true,
enforceAllowedAuthDomains: false,
},
plan: {
ssoEnabled: false,
},
})
// act
const response = await app?.inject({
method: 'POST',
url: '/v1/authentication/sign-up',
body: mockSignUpRequest,
headers: {
},
})
const responseBody = response?.json()
// assert
expect(response?.statusCode).toBe(StatusCodes.FORBIDDEN)
expect(responseBody).toEqual({
code: 'EMAIL_IS_NOT_VERIFIED',
params: {
email: mockSignUpRequest.email.toLocaleLowerCase().trim(),
},
})
expect(sendOtpSpy).toHaveBeenCalledTimes(1)
expect(sendOtpSpy).toHaveBeenCalledWith({
otp: expect.stringMatching(/^([0-9A-F]|-){36}$/i),
platformId: expect.any(String),
type: OtpType.EMAIL_VERIFICATION,
userIdentity: expect.objectContaining({
email: mockSignUpRequest.email.trim().toLocaleLowerCase(),
}),
})
})
it('auto verify invited users to continue platform sign up', async () => {
const {
mockUser: mockPlatformOwner,
mockPlatform,
mockCustomDomain,
} = await createMockPlatformAndDomain({
platform: {
},
plan: {
ssoEnabled: false,
projectRolesEnabled: true,
},
})
const mockProject = createMockProject({
ownerId: mockPlatformOwner.id,
platformId: mockPlatform.id,
})
await databaseConnection().getRepository('project').save(mockProject)
const editorRole = await databaseConnection().getRepository('project_role').findOneByOrFail({ name: DefaultProjectRole.EDITOR }) as ProjectRole
const mockedUpEmail = faker.internet.email()
const mockUserInvitation = createMockUserInvitation({
projectId: mockProject.id,
platformId: mockPlatform.id,
email: mockedUpEmail,
projectRole: editorRole,
type: InvitationType.PROJECT,
status: InvitationStatus.ACCEPTED,
created: dayjs().toISOString(),
})
await databaseConnection()
.getRepository('user_invitation')
.save(mockUserInvitation)
const mockSignUpRequest = createMockSignUpRequest({
email: mockedUpEmail,
})
const response = await app?.inject({
method: 'POST',
url: '/v1/authentication/sign-up',
headers: {
Host: mockCustomDomain.domain,
},
body: mockSignUpRequest,
})
const responseBody = response?.json()
const projects = await databaseConnection().getRepository('project').find({ where: { ownerId: responseBody?.id } })
expect(projects.length).toBe(1)
expect(projects[0].type).toBe(ProjectType.PERSONAL)
const teamProject = await databaseConnection().getRepository('project').findOne({ where: { displayName: mockProject.displayName } })
expect(teamProject).toBeDefined()
const projectMember = await databaseConnection().getRepository('project_member').findOne({ where: { projectId: teamProject?.id, userId: responseBody?.id } })
expect(projectMember).toBeDefined()
expect(projectMember?.userId).toBe(responseBody?.id)
expect(projectMember?.projectId).toBe(teamProject?.id)
expect(projectMember?.platformId).toBe(mockPlatform.id)
expect(projectMember?.projectRoleId).toBe(editorRole.id)
// assert
expect(response?.statusCode).toBe(StatusCodes.OK)
expect(responseBody?.platformId).toBeDefined()
expect(responseBody?.status).toBe('ACTIVE')
expect(responseBody?.verified).toBe(true)
})
it('fails to sign up invited user platform if no project exist', async () => {
// arrange
const { mockCustomDomain } = await createMockPlatformAndDomain({
platform: {
emailAuthEnabled: true,
enforceAllowedAuthDomains: false,
},
plan: {
ssoEnabled: false,
},
})
const mockedUpEmail = faker.internet.email()
const mockSignUpRequest = createMockSignUpRequest({
email: mockedUpEmail,
})
// act
const response = await app?.inject({
method: 'POST',
url: '/v1/authentication/sign-up',
headers: {
Host: mockCustomDomain.domain,
},
body: mockSignUpRequest,
})
// assert
expect(response?.statusCode).toBe(StatusCodes.FORBIDDEN)
const responseBody = response?.json()
expect(responseBody?.code).toBe('INVITATION_ONLY_SIGN_UP')
})
})
describe('Sign in Endpoint', () => {
it('Fails If the email auth is not enabled', async () => {
// arrange
const rawPassword = faker.internet.password()
const { mockPlatform, mockCustomDomain } = await createMockPlatformAndDomain({
platform: {
emailAuthEnabled: false,
},
plan: {
ssoEnabled: true,
},
})
const { mockUserIdentity } = await mockBasicUser({
user: {
status: UserStatus.ACTIVE,
platformId: mockPlatform.id,
platformRole: PlatformRole.ADMIN,
},
userIdentity: {
email: faker.internet.email(),
password: rawPassword,
verified: true,
},
})
const mockSignInRequest = createMockSignInRequest({
email: mockUserIdentity.email,
password: rawPassword,
})
// act
const response = await app?.inject({
method: 'POST',
url: '/v1/authentication/sign-in',
headers: {
Host: mockCustomDomain.domain,
},
body: mockSignInRequest,
})
expect(response?.statusCode).toBe(StatusCodes.FORBIDDEN)
const responseBody = response?.json()
expect(responseBody?.code).toBe('EMAIL_AUTH_DISABLED')
})
it('Fails If the domain is not allowed', async () => {
// arrange
const mockPlatformId = faker.string.nanoid()
const mockPlatformDomain = faker.internet.domainName()
await createMockPlatformAndDomain({
platform: {
id: mockPlatformId,
allowedAuthDomains: [mockPlatformDomain],
enforceAllowedAuthDomains: true,
emailAuthEnabled: true,
},
plan: {
ssoEnabled: true,
},
domain: {
domain: mockPlatformDomain,
},
})
const rawPassword = faker.internet.password()
const { mockUserIdentity } = await mockBasicUser({
user: {
status: UserStatus.ACTIVE,
platformId: mockPlatformId,
platformRole: PlatformRole.ADMIN,
},
userIdentity: {
email: faker.internet.email(),
password: rawPassword,
verified: true,
},
})
const mockSignInRequest = createMockSignInRequest({
email: mockUserIdentity.email,
password: rawPassword,
})
// act
const response = await app?.inject({
method: 'POST',
url: '/v1/authentication/sign-in',
headers: {
Host: mockPlatformDomain,
},
body: mockSignInRequest,
})
expect(response?.statusCode).toBe(StatusCodes.FORBIDDEN)
const responseBody = response?.json()
expect(responseBody?.code).toBe('DOMAIN_NOT_ALLOWED')
})
it('Logs in existing users', async () => {
// arrange
const mockEmail = faker.internet.email()
const mockPassword = 'password'
const { mockPlatform, mockProject } = await createMockPlatformAndDomain({
platform: {
emailAuthEnabled: true,
enforceAllowedAuthDomains: false,
},
plan: {
embeddingEnabled: false,
ssoEnabled: false,
},
})
const { mockUser, mockUserIdentity } = await mockBasicUser({
user: {
platformId: mockPlatform.id,
status: UserStatus.ACTIVE,
platformRole: PlatformRole.ADMIN,
},
userIdentity: {
email: mockEmail,
password: mockPassword,
verified: true,
},
})
const mockSignInRequest = createMockSignInRequest({
email: mockEmail,
password: mockPassword,
})
// act
const response = await app?.inject({
method: 'POST',
url: '/v1/authentication/sign-in',
body: mockSignInRequest,
})
// assert
const responseBody = response?.json()
expect(response?.statusCode).toBe(StatusCodes.OK)
expect(responseBody?.id).toBe(mockUser.id)
expect(responseBody?.email.toLocaleLowerCase().trim()).toBe(mockEmail.toLocaleLowerCase().trim())
expect(responseBody?.firstName).toBe(mockUserIdentity.firstName)
expect(responseBody?.lastName).toBe(mockUserIdentity.lastName)
expect(responseBody?.trackEvents).toBe(mockUserIdentity.trackEvents)
expect(responseBody?.newsLetter).toBe(mockUserIdentity.newsLetter)
expect(responseBody?.password).toBeUndefined()
expect(responseBody?.status).toBe(mockUser.status)
expect(responseBody?.verified).toBe(mockUserIdentity.verified)
expect(responseBody?.platformId).toBe(mockPlatform.id)
expect(responseBody?.externalId).toBe(null)
expect(responseBody?.projectId).toBe(mockProject.id)
expect(responseBody?.token).toBeDefined()
})
it('Signs in platform users', async () => {
// arrange
const mockEmail = faker.internet.email()
const mockPassword = 'password'
const mockPlatformId = faker.string.nanoid()
const mockPlatformDomain = faker.internet.domainName()
await createMockPlatformAndDomain({
platform: {
id: mockPlatformId,
emailAuthEnabled: true,
enforceAllowedAuthDomains: false,
},
plan: {
ssoEnabled: false,
},
domain: {
domain: mockPlatformDomain,
platformId: mockPlatformId,
},
})
const { mockUser } = await mockBasicUser({
user: {
status: UserStatus.ACTIVE,
platformId: mockPlatformId,
platformRole: PlatformRole.ADMIN,
},
userIdentity: {
email: mockEmail,
password: mockPassword,
verified: true,
},
})
await databaseConnection().getRepository('user').save(mockUser)
const mockProject = createMockProject({
ownerId: mockUser.id,
platformId: mockPlatformId,
})
await databaseConnection().getRepository('project').save(mockProject)
const mockSignInRequest = createMockSignInRequest({
email: mockEmail,
password: mockPassword,
})
// act
const response = await app?.inject({
method: 'POST',
url: '/v1/authentication/sign-in',
headers: {
Host: mockPlatformDomain,
},
body: mockSignInRequest,
})
const responseBody = response?.json()
// assert
expect(response?.statusCode).toBe(StatusCodes.OK)
expect(responseBody?.platformId).toBe(mockPlatformId)
const decodedToken = decodeToken(responseBody?.token)
expect(decodedToken?.platform?.id).toBe(mockPlatformId)
})
it('Fails to sign in platform users if no project exists', async () => {
// arrange
const { mockPlatform, mockCustomDomain } = await createMockPlatformAndDomain({
platform: {
emailAuthEnabled: true,
enforceAllowedAuthDomains: false,
},
plan: {
ssoEnabled: true,
},
})
const mockPassword = 'password'
const mockUserIdentityEmail = faker.internet.email()
await mockBasicUser({
user: {
status: UserStatus.ACTIVE,
platformId: mockPlatform.id,
platformRole: PlatformRole.MEMBER,
},
userIdentity: {
email: mockUserIdentityEmail,
password: mockPassword,
verified: true,
},
})
const mockSignInRequest = createMockSignInRequest({
email: mockUserIdentityEmail,
password: mockPassword,
})
// act
const response = await app?.inject({
method: 'POST',
url: '/v1/authentication/sign-in',
headers: {
Host: mockCustomDomain.domain,
},
body: mockSignInRequest,
})
// assert
const responseBody = response?.json()
expect(response?.statusCode).toBe(StatusCodes.FORBIDDEN)
expect(responseBody?.code).toBe('INVITATION_ONLY_SIGN_UP')
})
it('Fails if password doesn\'t match', async () => {
// arrange
const mockEmail = faker.internet.email()
const mockPassword = 'password'
const { mockUser } = await mockBasicUser({
user: {
status: UserStatus.ACTIVE,
},
userIdentity: {
email: mockEmail,
password: mockPassword,
verified: true,
},
})
const mockPlatform = createMockPlatform({
id: CLOUD_PLATFORM_ID,
ownerId: mockUser.id,
})
await databaseConnection().getRepository('platform').save(mockPlatform)
const mockProject = createMockProject({
ownerId: mockUser.id,
platformId: mockPlatform.id,
})
await databaseConnection().getRepository('project').save(mockProject)
const mockSignInRequest = createMockSignInRequest({
email: mockEmail,
password: 'wrong password',
})
// act
const response = await app?.inject({
method: 'POST',
url: '/v1/authentication/sign-in',
body: mockSignInRequest,
})
// assert
expect(response?.statusCode).toBe(StatusCodes.UNAUTHORIZED)
const responseBody = response?.json()
expect(responseBody?.code).toBe('INVALID_CREDENTIALS')
})
it('Fails if user status is INACTIVE', async () => {
// arrange
const mockEmail = faker.internet.email()
const mockPassword = 'password'
const { mockUser } = await mockBasicUser({
user: {
status: UserStatus.INACTIVE,
platformRole: PlatformRole.ADMIN,
},
userIdentity: {
email: mockEmail,
password: mockPassword,
verified: true,
},
})
const mockPlatform = createMockPlatform({
ownerId: mockUser.id,
emailAuthEnabled: true,
enforceAllowedAuthDomains: false,
})
await databaseConnection().getRepository('platform').save(mockPlatform)
const mockPlatformPlan = createMockPlatformPlan({
platformId: mockPlatform.id,
ssoEnabled: false,
})
await databaseConnection().getRepository('platform_plan').save(mockPlatformPlan)
await databaseConnection().getRepository('user').update(mockUser.id, {
platformId: mockPlatform.id,
})
const mockProject = createMockProject({
ownerId: mockUser.id,
platformId: mockPlatform.id,
})
await databaseConnection().getRepository('project').save(mockProject)
const mockSignInRequest = createMockSignInRequest({
email: mockEmail,
password: mockPassword,
})
// act
const response = await app?.inject({
method: 'POST',
url: '/v1/authentication/sign-in',
body: mockSignInRequest,
})
const responseBody = response?.json()
// assert
expect(response?.statusCode).toBe(StatusCodes.UNAUTHORIZED)
expect(responseBody?.code).toBe('AUTHENTICATION')
expect(responseBody?.params.message).toBe('No platform found for identity')
})
})
})
async function createMockPlatformAndDomain({ platform, domain, plan }: { platform: Partial<Platform>, domain?: Partial<CustomDomain>, plan?: Partial<PlatformPlan> }): Promise<{
mockUser: User
mockPlatform: Platform
mockCustomDomain: CustomDomain
mockProject: Project
}> {
const { mockOwner, mockPlatform, mockProject } = await mockAndSaveBasicSetup({
platform,
})
const mockCustomDomain = createMockCustomDomain({
platformId: mockPlatform.id,
...domain,
})
await databaseConnection()
.getRepository('custom_domain')
.save(mockCustomDomain)
const mockPlatformPlan = createMockPlatformPlan({
platformId: mockPlatform.id,
...plan,
})
await databaseConnection().getRepository('platform_plan').upsert(mockPlatformPlan, ['platformId'])
return { mockUser: mockOwner, mockPlatform, mockCustomDomain, mockProject }
}

265
activepieces-fork/packages/server/api/test/integration/cloud/authn/enterprise-local-authn.test.ts Normal file
View File

@@ -0,0 +1,265 @@
import { OtpState, OtpType } from '@activepieces/ee-shared'
import { UserStatus } from '@activepieces/shared'
import dayjs from 'dayjs'
import { FastifyInstance } from 'fastify'
import { StatusCodes } from 'http-status-codes'
import { initializeDatabase } from '../../../../src/app/database'
import { databaseConnection } from '../../../../src/app/database/database-connection'
import { setupServer } from '../../../../src/app/server'
import { createMockOtp, mockBasicUser } from '../../../helpers/mocks'
let app: FastifyInstance | null = null
beforeAll(async () => {
await initializeDatabase({ runMigrations: false })
app = await setupServer()
})
afterAll(async () => {
await databaseConnection().destroy()
await app?.close()
})
describe('Enterprise Local Authn API', () => {
describe('Verify Email Endpoint', () => {
it('Verifies user', async () => {
const { mockUserIdentity } = await mockBasicUser({
user: {
status: UserStatus.ACTIVE,
},
userIdentity: {
verified: false,
},
})
const mockOtp = createMockOtp({
identityId: mockUserIdentity.id,
type: OtpType.EMAIL_VERIFICATION,
state: OtpState.PENDING,
})
await databaseConnection().getRepository('otp').save(mockOtp)
const mockVerifyEmailRequest = {
identityId: mockUserIdentity.id,
otp: mockOtp.value,
}
// act
const response = await app?.inject({
method: 'POST',
url: '/v1/authn/local/verify-email',
body: mockVerifyEmailRequest,
})
// assert
expect(response?.statusCode).toBe(StatusCodes.OK)
expect(response?.body).toBe('')
const userIdentity = await databaseConnection()
.getRepository('user_identity')
.findOneBy({ id: mockUserIdentity.id })
expect(userIdentity?.verified).toBe(true)
const otp = await databaseConnection()
.getRepository('otp')
.findOneBy({ id: mockOtp.id })
expect(otp?.state).toBe(OtpState.CONFIRMED)
})
it('Fails if OTP is wrong', async () => {
const { mockUserIdentity } = await mockBasicUser({
user: {
status: UserStatus.ACTIVE,
},
userIdentity: {
verified: false,
},
})
const correctOtp = '123456'
const mockOtp = createMockOtp({
identityId: mockUserIdentity.id,
type: OtpType.EMAIL_VERIFICATION,
value: correctOtp,
state: OtpState.PENDING,
})
await databaseConnection().getRepository('otp').save(mockOtp)
const incorrectOtp = '654321'
const mockVerifyEmailRequest = {
identityId: mockUserIdentity.id,
otp: incorrectOtp,
}
// act
const response = await app?.inject({
method: 'POST',
url: '/v1/authn/local/verify-email',
body: mockVerifyEmailRequest,
})
// assert
expect(response?.statusCode).toBe(StatusCodes.GONE)
const responseBody = response?.json()
expect(responseBody?.code).toBe('INVALID_OTP')
const userIdentity = await databaseConnection()
.getRepository('user_identity')
.findOneBy({ id: mockUserIdentity.id })
expect(userIdentity?.verified).toBe(false)
})
it('Fails if OTP has expired', async () => {
const { mockUserIdentity } = await mockBasicUser({
user: {
status: UserStatus.ACTIVE,
},
userIdentity: {
verified: false,
},
})
const mockOtp = createMockOtp({
identityId: mockUserIdentity.id,
type: OtpType.EMAIL_VERIFICATION,
updated: dayjs().subtract(31, 'minutes').toISOString(),
state: OtpState.PENDING,
})
await databaseConnection().getRepository('otp').save(mockOtp)
const mockVerifyEmailRequest = {
identityId: mockUserIdentity.id,
otp: mockOtp.value,
}
// act
const response = await app?.inject({
method: 'POST',
url: '/v1/authn/local/verify-email',
body: mockVerifyEmailRequest,
})
// assert
expect(response?.statusCode).toBe(StatusCodes.GONE)
const responseBody = response?.json()
expect(responseBody?.code).toBe('INVALID_OTP')
const userIdentity = await databaseConnection()
.getRepository('user_identity')
.findOneBy({ id: mockUserIdentity.id })
expect(userIdentity?.verified).toBe(false)
})
it('Fails if OTP was confirmed before', async () => {
const { mockUserIdentity } = await mockBasicUser({
user: {
status: UserStatus.ACTIVE,
},
userIdentity: {
verified: false,
},
})
const mockOtp = createMockOtp({
identityId: mockUserIdentity.id,
type: OtpType.EMAIL_VERIFICATION,
state: OtpState.CONFIRMED,
})
await databaseConnection().getRepository('otp').save(mockOtp)
const mockVerifyEmailRequest = {
identityId: mockUserIdentity.id,
otp: mockOtp.value,
}
// act
const response = await app?.inject({
method: 'POST',
url: '/v1/authn/local/verify-email',
body: mockVerifyEmailRequest,
})
// assert
expect(response?.statusCode).toBe(StatusCodes.GONE)
const responseBody = response?.json()
expect(responseBody?.code).toBe('INVALID_OTP')
const userIdentity = await databaseConnection()
.getRepository('user_identity')
.findOneBy({ id: mockUserIdentity.id })
expect(userIdentity?.verified).toBe(false)
})
})
describe('Reset Password Endpoint', () => {
it('Updates user password', async () => {
const { mockUserIdentity } = await mockBasicUser({
userIdentity: { },
})
const mockOtp = createMockOtp({
identityId: mockUserIdentity.id,
type: OtpType.PASSWORD_RESET,
state: OtpState.PENDING,
})
await databaseConnection().getRepository('otp').save(mockOtp)
const mockResetPasswordRequest = {
identityId: mockUserIdentity.id,
otp: mockOtp.value,
newPassword: 'newPassword',
}
// act
const response = await app?.inject({
method: 'POST',
url: '/v1/authn/local/reset-password',
body: mockResetPasswordRequest,
})
// assert
expect(response?.statusCode).toBe(StatusCodes.OK)
expect(response?.body).toBe('')
const userIdentity = await databaseConnection()
.getRepository('user_identity')
.findOneBy({ id: mockUserIdentity.id })
expect(userIdentity?.password).not.toBe(mockUserIdentity.password)
})
it('Fails if OTP is wrong', async () => {
const { mockUserIdentity } = await mockBasicUser({
})
const correctOtp = '123456'
const mockOtp = createMockOtp({
identityId: mockUserIdentity.id,
type: OtpType.PASSWORD_RESET,
value: correctOtp,
})
await databaseConnection().getRepository('otp').save(mockOtp)
const incorrectOtp = '654321'
const mockResetPasswordRequest = {
identityId: mockUserIdentity.id,
otp: incorrectOtp,
newPassword: 'newPassword',
}
// act
const response = await app?.inject({
method: 'POST',
url: '/v1/authn/local/reset-password',
body: mockResetPasswordRequest,
})
// assert
expect(response?.statusCode).toBe(StatusCodes.GONE)
const responseBody = response?.json()
expect(responseBody?.code).toBe('INVALID_OTP')
const userIdentity = await databaseConnection()
.getRepository('user_identity')
.findOneBy({ id: mockUserIdentity.id })
expect(userIdentity?.password).toBe(mockUserIdentity.password)
})
})
})