Example #1
0
        it('verify group-add-member activity gets generated', function(callback) {
            var username = TestsUtil.generateTestUserId('user');
            var groupAlias = TestsUtil.generateTestGroupId('group');

            // Create a user with which to create a group, then ensure the user gets the activity
            RestAPI.User.createUser(camAdminRestContext, username, 'password', 'Jack McJackerson', null, function(err, user) {
                assert.ok(!err);
                var userRestContext = TestsUtil.createTenantRestContext(global.oaeTests.tenants.cam.host, username, 'password');

                RestAPI.Group.createGroup(camAdminRestContext, groupAlias, groupAlias, groupAlias, 'public', 'yes', [], [], function(err, group) {
                    assert.ok(!err);

                    var memberships = {};
                    memberships[user.id] = 'member';
                    RestAPI.Group.setGroupMembers(camAdminRestContext, group.id, memberships, function(err) {
                        assert.ok(!err);

                        ActivityTestsUtil.collectAndGetActivityStream(camAdminRestContext, user.id, null, function(err, activityStream) {
                            assert.ok(!err);
                            assert.ok(_getActivity(activityStream, 'group-add-member', 'target', group.id));
                            callback();
                        });
                    });
                });
            });
        });
Example #2
0
            TestsUtil.generateTestUsers(camAdminRestContext, 2, function(err, users, mrvisser, simong) {

                RestAPI.User.getMe(mrvisser.restContext, function(err, mrvisserMeData) {
                    assert.ok(!err);

                    /*
                     * Register a push client for mrvisser who is subscribed to:
                     *  * `activity`-stream with the `activitystream` format
                     *  * `activity`-stream with the `internal` format
                     *  * `notification`-stream with the `internal` format
                     */
                    var data = {
                        'authentication': {
                            'userId': mrvisserMeData.id,
                            'tenantAlias': mrvisserMeData.tenant.alias,
                            'signature': mrvisserMeData.signature
                        },
                        'streams': [
                            {
                                'resourceId': mrvisserMeData.id,
                                'streamType': 'notification',
                                'token': mrvisserMeData.signature,
                                'format': 'internal'
                            }
                        ]
                    };

                    // Setup the client
                    ActivityTestUtil.getFullySetupPushClient(data, function(client) {

                        // Create/share a discussion with mrvisser
                        RestAPI.Discussions.createDiscussion(simong.restContext, 'Test discussion', 'Test discussion description', 'public', [], [mrvisser.user.id], function(err, discussion) {
                            assert.ok(!err);
                            // We need to force a collection cycle as the notifiation stream gets pushed out after the aggregation phase
                            ActivityTestUtil.collectAndGetNotificationStream(mrvisser.restContext, null, function(err, activityStream) {
                                assert.ok(!err);
                            });

                            // As this is the first discussion_created activity in mrvisser's notification stream it
                            // can't aggregate with any other activities. That should be indicated on the push message
                            client.once('message', function(message) {
                                assert.ok(message);
                                assert.strictEqual(message.numNewActivities, 1);

                                // When we generate another discussion_created activity it will aggregate with the previous
                                // activity. This should be reflected on the push message
                                RestAPI.Discussions.createDiscussion(simong.restContext, 'Test discussion', 'Test discussion description', 'public', [], [mrvisser.user.id], function(err, discussion) {
                                    assert.ok(!err);
                                    // We need to force a collection cycle as the notifiation
                                    // stream gets pushed out after the aggregation phase
                                    ActivityTestUtil.collectAndGetNotificationStream(mrvisser.restContext, null, function(err, activityStream) {
                                        assert.ok(!err);
                                    });
                                    client.once('message', function(message) {
                                        assert.ok(message);
                                        assert.strictEqual(message.numNewActivities, 0);

                                        // Mark the notifications as read. Because we marked the notifications as read,
                                        // this will reset the aggregator for that stream. Any new discussion_created activities
                                        // should result in a "new activity". However, if 2 activities aggregate in-memory in the
                                        // aggregation phase, they should be counted as 1
                                        RestAPI.Activity.markNotificationsRead(mrvisser.restContext, function(err) {
                                            assert.ok(!err);
                                            RestAPI.Discussions.createDiscussion(simong.restContext, 'Test discussion', 'Test discussion description', 'public', [], [mrvisser.user.id], function(err, discussion) {
                                                assert.ok(!err);
                                                RestAPI.Discussions.createDiscussion(simong.restContext, 'Test discussion', 'Test discussion description', 'public', [], [mrvisser.user.id], function(err, discussion) {
                                                    assert.ok(!err);
                                                    ActivityTestUtil.collectAndGetNotificationStream(mrvisser.restContext, null, function(err, activityStream) {
                                                        assert.ok(!err);
                                                    });

                                                    client.once('message', function(message) {
                                                        assert.ok(message);
                                                        assert.strictEqual(message.numNewActivities, 1);


                                                        // If 2 disjoint activities get delivered to the notification stream, the
                                                        // number of new activities should be 2
                                                        RestAPI.Activity.markNotificationsRead(mrvisser.restContext, function(err) {
                                                            assert.ok(!err);
                                                            RestAPI.Discussions.createDiscussion(simong.restContext, 'Test discussion', 'Test discussion description', 'public', [], [mrvisser.user.id], function(err, discussion) {
                                                                assert.ok(!err);
                                                                RestAPI.Content.createLink(simong.restContext, 'Test link', 'Test link', 'public', 'https://google.com', [], [mrvisser.user.id], [], function(err, discussion) {
                                                                    assert.ok(!err);
                                                                    ActivityTestUtil.collectAndGetNotificationStream(mrvisser.restContext, null, function(err, activityStream) {
                                                                        assert.ok(!err);
                                                                    });

                                                                    client.once('message', function(message) {
                                                                        assert.ok(message);
                                                                        assert.strictEqual(message.numNewActivities, 2);
                                                                        assert.strictEqual(message.activities.length, 2);

                                                                        return callback();
                                                                    });
                                                                });
                                                            });
                                                        });
                                                    });
                                                });
                                            });
                                        });
                                    });
                                });
                            });
                        });
                    });
                });
            });
Example #3
0
    it('verify public group members visibility', function(callback) {
        var jackUsername = TestsUtil.generateTestUserId('jack');
        var janeUsername = TestsUtil.generateTestUserId('jane');
        var darthVaderUsername = TestsUtil.generateTestUserId('darthVader');

        RestAPI.User.createUser(gtAdminRestContext, darthVaderUsername, 'password', 'Darth Vader', null, function(err, darthVader) {
            assert.ok(!err);
            var darthVaderRestContext = TestsUtil.createTenantRestContext(global.oaeTests.tenants.gt.host, darthVaderUsername, 'password');

            RestAPI.User.createUser(camAdminRestContext, jackUsername, 'password', 'Jack McJackerson', null, function(err, jack) {
                assert.ok(!err);
                var jackRestContext = TestsUtil.createTenantRestContext(global.oaeTests.tenants.cam.host, jackUsername, 'password');

                var changes = {};
                changes[jack.id] = 'member';
                RestAPI.Group.setGroupMembers(doerRestContext, targetPublicGroup.id, changes, function(err) {
                    assert.ok(!err);

                    RestAPI.User.createUser(camAdminRestContext, janeUsername, 'password', 'Jane McJaneFace', null, function(err, jane) {
                        assert.ok(!err);
                        var janeRestContext = TestsUtil.createTenantRestContext(global.oaeTests.tenants.cam.host, janeUsername, 'password');

                        // Verify results and visibility for anonymous user
                        SearchTestsUtil.searchAll(anonymousRestContext, 'members', [targetPublicGroup.id], null, function(err, results) {
                            assert.ok(!err);
                            var publicUserResult = _getDocById(results, publicUserMember.id);
                            var loggedinUserResult = _getDocById(results, loggedinUserMember.id);
                            var privateUserResult = _getDocById(results, privateUserMember.id);
                            var privateGroupResult = _getDocById(results, privateGroupMember.id);
                            var publicGroupResult = _getDocById(results, publicGroupMember.id);

                            // Verify anonymous sees all.
                            assert.ok(publicUserResult);
                            assert.ok(loggedinUserResult);
                            assert.ok(privateUserResult);
                            assert.ok(privateGroupResult);
                            assert.ok(publicGroupResult);

                            // Verify user visibility. Loggedin and private should have their publicAlias swapped into the title
                            assert.equal(publicUserResult.displayName, publicUserMember.displayName);
                            assert.equal(loggedinUserResult.displayName, loggedinUserMember.publicAlias);
                            assert.equal(loggedinUserResult.extra, undefined);
                            assert.equal(loggedinUserResult._extra, undefined);
                            assert.equal(loggedinUserResult.q_high, undefined);
                            assert.equal(loggedinUserResult.q_low, undefined);
                            assert.equal(loggedinUserResult.sort, undefined);
                            assert.equal(privateUserResult.displayName, privateUserMember.publicAlias);
                            assert.equal(publicGroupResult.displayName, publicGroupMember.displayName);
                            assert.equal(privateGroupResult.displayName, privateGroupMember.displayName);

                            // Verify that the correct resourceTypes are set
                            assert.equal(publicUserResult.resourceType, 'user');
                            assert.equal(loggedinUserResult.resourceType, 'user');
                            assert.equal(privateUserResult.resourceType, 'user');
                            assert.equal(publicGroupResult.resourceType, 'group');
                            assert.equal(privateGroupResult.resourceType, 'group');

                            // Verify that the correct profilePaths are set
                            assert.equal(publicUserResult.profilePath, '/user/' + publicUserResult.id);
                            assert.equal(loggedinUserResult.profilePath, undefined);
                            assert.equal(privateUserResult.profilePath, undefined);
                            assert.equal(publicGroupResult.profilePath, '/group/' + publicGroupResult.id);
                            assert.equal(privateGroupResult.profilePath, '/group/' + privateGroupResult.id);

                            // Verify results and visibility for cross-tenant user
                            SearchTestsUtil.searchAll(darthVaderRestContext, 'members', [targetPublicGroup.id], null, function(err, results) {
                                assert.ok(!err);
                                var publicUserResult = _getDocById(results, publicUserMember.id);
                                var loggedinUserResult = _getDocById(results, loggedinUserMember.id);
                                var privateUserResult = _getDocById(results, privateUserMember.id);
                                var privateGroupResult = _getDocById(results, privateGroupMember.id);
                                var publicGroupResult = _getDocById(results, publicGroupMember.id);

                                // Verify cross-tenant user sees all users
                                assert.ok(publicUserResult);
                                assert.ok(loggedinUserResult);
                                assert.ok(privateUserResult);
                                assert.ok(privateGroupResult);
                                assert.ok(publicGroupResult);

                                // Verify user visibility. Loggedin and private should have their publicAlias swapped into the title
                                assert.equal(publicUserResult.displayName, publicUserMember.displayName);
                                assert.equal(loggedinUserResult.displayName, loggedinUserMember.publicAlias);
                                assert.equal(loggedinUserResult.extra, undefined);
                                assert.equal(loggedinUserResult._extra, undefined);
                                assert.equal(loggedinUserResult.q_high, undefined);
                                assert.equal(loggedinUserResult.q_low, undefined);
                                assert.equal(loggedinUserResult.sort, undefined);
                                assert.equal(privateUserResult.displayName, privateUserMember.publicAlias);
                                assert.equal(publicGroupResult.displayName, publicGroupMember.displayName);
                                assert.equal(privateGroupResult.displayName, privateGroupMember.displayName);

                                // Verify that the correct resourceTypes are set
                                assert.equal(publicUserResult.resourceType, 'user');
                                assert.equal(loggedinUserResult.resourceType, 'user');
                                assert.equal(privateUserResult.resourceType, 'user');
                                assert.equal(publicGroupResult.resourceType, 'group');
                                assert.equal(privateGroupResult.resourceType, 'group');

                                // Verify that the correct profilePaths are set
                                assert.equal(publicUserResult.profilePath, '/user/' + publicUserResult.id);
                                assert.equal(loggedinUserResult.profilePath, undefined);
                                assert.equal(privateUserResult.profilePath, undefined);
                                assert.equal(publicGroupResult.profilePath, '/group/' + publicGroupResult.id);
                                assert.equal(privateGroupResult.profilePath, '/group/' + privateGroupResult.id);

                                // Verify results and visibility for loggedin user
                                SearchTestsUtil.searchAll(janeRestContext, 'members', [targetPublicGroup.id], null, function(err, results) {
                                    assert.ok(!err);
                                    var publicUserResult = _getDocById(results, publicUserMember.id);
                                    var loggedinUserResult = _getDocById(results, loggedinUserMember.id);
                                    var privateUserResult = _getDocById(results, privateUserMember.id);
                                    var privateGroupResult = _getDocById(results, privateGroupMember.id);
                                    var publicGroupResult = _getDocById(results, publicGroupMember.id);

                                    // Verify user sees all members
                                    assert.ok(publicUserResult);
                                    assert.ok(loggedinUserResult);
                                    assert.ok(privateUserResult);
                                    assert.ok(privateGroupResult);
                                    assert.ok(publicGroupResult);

                                    // Verify user visibility. Private should have their publicAlias swapped into the title
                                    assert.equal(publicUserResult.displayName, publicUserMember.displayName);
                                    assert.equal(loggedinUserResult.displayName, loggedinUserMember.displayName);
                                    assert.ok(loggedinUserResult.extra);
                                    assert.equal(loggedinUserResult._extra, undefined);
                                    assert.equal(loggedinUserResult.q_high, undefined);
                                    assert.equal(loggedinUserResult.q_low, undefined);
                                    assert.equal(loggedinUserResult.sort, undefined);
                                    assert.equal(loggedinUserResult.extra.extraProp, 'My extra prop');
                                    assert.equal(privateUserResult.displayName, privateUserMember.publicAlias);
                                    assert.equal(publicGroupResult.displayName, publicGroupMember.displayName);
                                    assert.equal(privateGroupResult.displayName, privateGroupMember.displayName);

                                    // Verify that the correct resourceTypes are set
                                    assert.equal(publicUserResult.resourceType, 'user');
                                    assert.equal(loggedinUserResult.resourceType, 'user');
                                    assert.equal(privateUserResult.resourceType, 'user');
                                    assert.equal(publicGroupResult.resourceType, 'group');
                                    assert.equal(privateGroupResult.resourceType, 'group');

                                    // Verify that the correct profilePaths are set
                                    assert.equal(publicUserResult.profilePath, '/user/' + publicUserResult.id);
                                    assert.equal(loggedinUserResult.profilePath, '/user/' + loggedinUserResult.id);
                                    assert.equal(privateUserResult.profilePath, undefined);
                                    assert.equal(publicGroupResult.profilePath, '/group/' + publicGroupResult.id);
                                    assert.equal(privateGroupResult.profilePath, '/group/' + privateGroupResult.id);

                                    // Verify results and visibility for member user
                                    SearchTestsUtil.searchAll(jackRestContext, 'members', [targetPublicGroup.id], null, function(err, results) {
                                        assert.ok(!err);
                                        var publicUserResult = _getDocById(results, publicUserMember.id);
                                        var loggedinUserResult = _getDocById(results, loggedinUserMember.id);
                                        var privateUserResult = _getDocById(results, privateUserMember.id);
                                        var privateGroupResult = _getDocById(results, privateGroupMember.id);
                                        var publicGroupResult = _getDocById(results, publicGroupMember.id);

                                        // Verify user sees all.
                                        assert.ok(publicUserResult);
                                        assert.ok(loggedinUserResult);
                                        assert.ok(privateUserResult);
                                        assert.ok(privateGroupResult);
                                        assert.ok(publicGroupResult);

                                        // Verify user visibility. Private should have their publicAlias swapped into the title
                                        assert.equal(publicUserResult.displayName, publicUserMember.displayName);
                                        assert.equal(loggedinUserResult.displayName, loggedinUserMember.displayName);
                                        assert.ok(loggedinUserResult.extra);
                                        assert.equal(loggedinUserResult._extra, undefined);
                                        assert.equal(loggedinUserResult.q_high, undefined);
                                        assert.equal(loggedinUserResult.q_low, undefined);
                                        assert.equal(loggedinUserResult.sort, undefined);
                                        assert.equal(loggedinUserResult.extra.extraProp, 'My extra prop');
                                        assert.equal(privateUserResult.displayName, privateUserMember.publicAlias);
                                        assert.equal(publicGroupResult.displayName, publicGroupMember.displayName);
                                        assert.equal(privateGroupResult.displayName, privateGroupMember.displayName);

                                        // Verify that the correct resourceTypes are set
                                        assert.equal(publicUserResult.resourceType, 'user');
                                        assert.equal(loggedinUserResult.resourceType, 'user');
                                        assert.equal(privateUserResult.resourceType, 'user');
                                        assert.equal(publicGroupResult.resourceType, 'group');
                                        assert.equal(privateGroupResult.resourceType, 'group');

                                        // Verify that the correct profilePaths are set
                                        assert.equal(publicUserResult.profilePath, '/user/' + publicUserResult.id);
                                        assert.equal(loggedinUserResult.profilePath, '/user/' + loggedinUserResult.id);
                                        assert.equal(privateUserResult.profilePath, undefined);
                                        assert.equal(publicGroupResult.profilePath, '/group/' + publicGroupResult.id);
                                        assert.equal(privateGroupResult.profilePath, '/group/' + privateGroupResult.id);

                                        callback();
                                    });
                                });
                            });
                        });
                    });
                });
            });
        });
    });
Example #4
0
                            RestAPI.OAuth.createClient(simong.restContext, simong.user.id, 'By simong', function(err, client) {
                                assert.equal(err.code, 401);
                                assert.ok(!client);

                                // Make Nico a tenant admin on the `localhost` tenant
                                // We can't use the localAdminRestContext as that is really the global admin on the localhost tenant
                                RestAPI.User.setTenantAdmin(globalAdminRestContext, nico.user.id, true, function(err) {
                                    assert.ok(!err);

                                    // As Nico is not a tenant on the `camtest` tenant we cannot create an OAuth application for that user
                                    RestAPI.OAuth.createClient(nico.restContext, 'u:camtest:foo', 'By admin', function(err, client) {
                                        assert.equal(err.code, 401);

                                        // Assert that tenant admins can create a client
                                        RestAPI.OAuth.createClient(localAdminRestContext, simong.user.id, 'By admin', function(err, client) {
                                            assert.ok(!err);
                                            assert.ok(client);

                                            // Sanity check the client was associated with simong
                                            RestAPI.OAuth.getClients(simong.restContext, simong.user.id, function(err, data) {
                                                assert.ok(!err);
                                                assert.equal(data.results.length, 1);
                                                assert.equal(data.results[0].displayName, 'By admin');

                                                return callback();
                                            });
                                        });
                                    });
                                });
                            });
Example #5
0
                    ActivityTestUtil.getFullySetupPushClient(data, function(client) {

                        // Simon will now create a discussion and share it with mrvisser, this will trigger an activity that gets delivered on both streams
                        // To ensure proper scrubbing of data, simon will have a private profile
                        RestAPI.User.updateUser(simong.restContext, simong.user.id, {'visibility': 'private'}, function(err, updatedUser) {
                            assert.ok(!err);
                            simong.user = updatedUser;
                            var discussion = null;

                            RestAPI.Discussions.createDiscussion(simong.restContext, 'Test discussion', 'Test discussion description', 'public', [], [mrvisser.user.id], function(err, _discussion) {
                                assert.ok(!err);
                                discussion = _discussion;

                                // Force a collection cycle as notifications only get delivered upon aggregation
                                ActivityTestUtil.collectAndGetActivityStream(mrvisser.restContext, null, null, function(err) {
                                    assert.ok(!err);
                                });
                            });

                            var activitiesReceived = 0;
                            client.on('message', function(message) {
                                activitiesReceived++;

                                assert.ok(message.activities);
                                assert.strictEqual(message.activities.length, 1);
                                var activity = message.activities[0];
                                assert.ok(activity);

                                var allowedActorProperties = null;
                                var allowedObjectProperties = null;

                                if (message.streamType === 'notification') {
                                    // Assert that the activity entities are internally formatted
                                    assert.equal(message.format, 'internal');

                                    // Assert that the actor entity is a user object augmented with an oae:id and objectType
                                    assert.ok(activity.actor);
                                    assert.equal(activity.actor['oae:id'], simong.user.id);
                                    assert.equal(activity.actor['id'], simong.user.id);
                                    assert.equal(activity.actor['displayName'], simong.user.publicAlias);
                                    assert.equal(activity.actor['lastModified'], simong.user.lastModified);
                                    assert.equal(activity.actor['visibility'], 'private');
                                    assert.ok(_.isObject(activity.actor['picture']));
                                    assert.equal(activity.actor['resourceType'], 'user');
                                    assert.equal(activity.actor['objectType'], 'user');
                                    assert.ok(_.isObject(activity.actor['tenant']));

                                    // Ensure only these properties are present
                                    allowedActorProperties = ['oae:id', 'id', 'displayName', 'visibility', 'picture', 'resourceType', 'objectType', 'tenant', 'lastModified'];
                                    _.each(activity.actor, function(value, key) {
                                        assert.ok(_.contains(allowedActorProperties, key) , key + ' is not allowed on an internally formatted activity entity');
                                    });


                                    // Assert that the object entity is a discussion object augmented with an oae:id and objectType
                                    assert.ok(activity.object);
                                    assert.equal(activity.object['oae:id'], discussion.id);
                                    assert.equal(activity.object['id'], discussion.id);
                                    assert.equal(activity.object['visibility'], discussion.visibility);
                                    assert.equal(activity.object['displayName'], discussion.displayName);
                                    assert.equal(activity.object['description'], discussion.description);
                                    assert.equal(activity.object['createdBy'], discussion.createdBy);
                                    assert.equal(activity.object['created'], discussion.created);
                                    assert.equal(activity.object['lastModified'], discussion.lastModified);
                                    assert.equal(activity.object['profilePath'], discussion.profilePath);
                                    assert.equal(activity.object['resourceType'], discussion.resourceType);
                                    assert.equal(activity.object['objectType'], 'discussion');
                                    assert.ok(_.isObject(activity.object['tenant']));

                                    allowedObjectProperties = [ 'tenant', 'id', 'visibility', 'displayName', 'description', 'resourceSubType', 'createdBy', 'created', 'lastModified', 'profilePath', 'resourceType', 'latestRevisionId', 'previews', 'signature', 'objectType', 'oae:id' ];
                                    _.each(activity.object, function(value, key) {
                                        assert.ok(_.contains(allowedObjectProperties, key) , key + ' is not allowed on an internally formatted activity entity');
                                    });
                                } else {
                                    // Assert that the activity entities are activitystrea.ms formatted
                                    assert.equal(message.format, 'activitystreams');

                                    // Assert that the actor entity is in the proper activitystreams format
                                    assert.ok(activity.actor);
                                    assert.equal(activity.actor['oae:id'], simong.user.id);
                                    assert.equal(activity.actor['oae:visibility'], simong.user.visibility);
                                    assert.equal(activity.actor['displayName'], simong.user.publicAlias);
                                    assert.equal(activity.actor['objectType'], 'user');
                                    assert.equal(activity.actor['id'], 'http://' + global.oaeTests.tenants.cam.host + '/api/user/' + simong.user.id);
                                    assert.ok(_.isObject(activity.actor['oae:tenant']));

                                    allowedActorProperties = ['oae:id', 'oae:visibility', 'displayName', 'objectType', 'id', 'oae:tenant'];
                                    _.each(activity.actor, function(value, key) {
                                        assert.ok(_.contains(allowedActorProperties, key) , key + ' is not allowed on an ActivityStrea.ms compliant formatted activity entity');
                                    });

                                    // Assert that the object entity is in the proper activitystreams format
                                    assert.ok(activity.object);
                                    assert.equal(activity.object['oae:id'], discussion.id);
                                    assert.equal(activity.object['oae:visibility'], discussion.visibility);
                                    assert.equal(activity.object['oae:profilePath'], discussion.profilePath);
                                    assert.equal(activity.object['oae:resourceSubType'], discussion.resourceSubType);
                                    assert.equal(activity.object['displayName'], discussion.displayName);
                                    assert.equal(activity.object['url'], 'http://' + global.oaeTests.tenants.cam.host + '/discussion/camtest/' + discussion.id.split(':')[2]);
                                    assert.equal(activity.object['objectType'], 'discussion');
                                    assert.equal(activity.object['id'], 'http://' + global.oaeTests.tenants.cam.host + '/api/discussion/' + discussion.id);
                                    assert.ok(_.isObject(activity.object['oae:tenant']));

                                    allowedObjectProperties = [ 'oae:id', 'oae:visibility', 'oae:profilePath', 'displayName', 'url', 'objectType', 'id', 'oae:tenant' ];
                                    _.each(activity.object, function(value, key) {
                                        assert.ok(_.contains(allowedObjectProperties, key) , key + ' is not allowed on an ActivityStrea.ms compliant formatted activity entity');
                                    });
                                }

                                if (activitiesReceived === 2) {
                                    return callback();
                                }
                            });
                        });
                    });
Example #6
0
 createUsers(function(contexts) {
     RestAPI.User.uploadPicture(contexts['simon'].restContext, contexts['nicolaas'].user.id, getPictureStream, null, function(err) {
         assert.equal(err.code, 401);
         verifyCropping(contexts['simon'].restContext, contexts['nicolaas'].user, createSelectedArea(10, 10, 200), 401, callback);
     });
 });
Example #7
0
                    RestAPI.User.uploadPicture(simon.restContext, uiTeam.id, getPictureStream, selectedArea, function(err) {
                        assert.ok(!err);

                        RestAPI.User.uploadPicture(simon.restContext, qaTeam.id, getPictureStream, selectedArea, function(err) {
                            assert.ok(!err);

                            // Make the uiTeam loggedin.
                            RestAPI.Group.updateGroup(simon.restContext, uiTeam.id, { 'visibility': 'loggedin'}, function(err) {
                                assert.ok(!err);

                                // Make the qa team private.
                                RestAPI.Group.updateGroup(simon.restContext, qaTeam.id, { 'visibility': 'private'}, function(err) {
                                    assert.ok(!err);

                                    // Make the backend, ui and qa teams member of oae team.
                                    var changes = {};
                                    changes[backendTeam.id] = 'member';
                                    changes[uiTeam.id] = 'member';
                                    changes[qaTeam.id] = 'member';
                                    RestAPI.Group.setGroupMembers(simon.restContext, oaeTeam.id, changes, function(err) {
                                        assert.ok(!err);

                                        // Search trough the memberlist of oaeTeam and filter the results so we only get the backend team group back.
                                        SearchTestsUtil.searchAll(simon.restContext, 'members', [oaeTeam.id], { 'q': '' }, function(err, results) {
                                            assert.ok(!err);
                                            assert.equal(results.total, 4);

                                            // We only need the groups
                                            results.results = _.filter(results.results, function(result) { return result.resourceType !== 'user'; });

                                            // All the groups should expose their thumbnail regardless of their visibility setting.
                                            assert.ok(results.results[0].thumbnailUrl);
                                            assert.ok(results.results[1].thumbnailUrl);
                                            assert.ok(results.results[2].thumbnailUrl);

                                            // Try downloading it by just using the returned url.
                                            RestUtil.RestRequest(simon.restContext, results.results[0].thumbnailUrl, 'GET', null, function(err, body, response) {
                                                assert.ok(!err);
                                                // Downloading happens via nginx, so we can't verify the response body.
                                                // We can verify if the status code is a 204 and if the appropriate headers are present.
                                                assert.equal(response.statusCode, 204);
                                                assert.ok(response.headers['x-accel-redirect']);
                                                assert.ok(response.headers['content-disposition']);
                                                callback();
                                            });
                                        });
                                    });
                                });
                            });
                        });
                    });
Example #8
0
        RestAPI.Authentication.getUserLoginIds(globalAdminRestContext, 'u:camtest:abcdefghij', (err, loginIds) => {
          assert.ok(err);
          assert.strictEqual(err.code, 404);

          // Create a test user
          RestAPI.User.createUser(
            camAdminRestContext,
            username,
            'password',
            'Test User',
            email,
            null,
            (err, createdUser) => {
              assert.ok(!err);

              // Verify that an error is thrown when an anonymous user on the global admin router requests the login ids for the test user
              RestAPI.Authentication.getUserLoginIds(anonymousGlobalRestContext, createdUser.id, (err, loginIds) => {
                assert.ok(err);
                assert.strictEqual(err.code, 401);

                // Verify that an error is thrown when an anonymous user on the tenant router requests the login ids for the test user
                RestAPI.Authentication.getUserLoginIds(anonymousCamRestContext, createdUser.id, (err, loginIds) => {
                  assert.ok(err);
                  assert.strictEqual(err.code, 401);

                  // Verify that an error is thrown when an unauthorized tenant admin requests the login ids for the test user
                  RestAPI.Authentication.getUserLoginIds(gtAdminRestContext, createdUser.id, (err, loginIds) => {
                    assert.ok(err);
                    assert.strictEqual(err.code, 401);

                    // Verify that a tenant admin can request the login ids for the test user
                    RestAPI.Authentication.getUserLoginIds(camAdminRestContext, createdUser.id, (err, loginIds) => {
                      assert.ok(!err);
                      assert.ok(loginIds);

                      // Verify that a global admin can request the login ids for the test user
                      RestAPI.Authentication.getUserLoginIds(
                        globalAdminRestContext,
                        createdUser.id,
                        (err, loginIds) => {
                          assert.ok(!err);
                          assert.ok(loginIds);

                          return callback();
                        }
                      );
                    });
                  });
                });
              });
            }
          );
        });
Example #9
0
      TestsUtil.generateTestUsers(localAdminRestContext, 2, (err, users, simong, branden) => {
        assert.ok(!err);

        RestAPI.User.getMe(simong.restContext, (err, simonFull) => {
          assert.ok(!err);

          const data = {
            authentication: {
              userId: simonFull.id,
              tenantAlias: simonFull.tenant.alias,
              signature: simonFull.signature
            },
            feeds: []
          };

          ActivityTestsUtil.getFullySetupPushClient(data, client => {
            // Create a folder and get its full profile so we have a signature that we can use to register for push notifications
            FoldersTestUtil.assertCreateFolderSucceeds(
              simong.restContext,
              'test displayName',
              'test description',
              'private',
              [branden],
              [],
              folder => {
                FoldersTestUtil.assertGetFolderSucceeds(simong.restContext, folder.id, folder => {
                  // Ensure we get a 400 error with an invalid activity stream id
                  client.subscribe(folder.id, null, folder.signature, null, err => {
                    assert.strictEqual(err.code, 400);

                    // Ensure we get a 400 error with a missing resource id
                    client.subscribe(null, 'activity', folder.signature, null, err => {
                      assert.strictEqual(err.code, 400);

                      // Ensure we get a 400 error with an invalid token
                      client.subscribe(folder.id, 'activity', { signature: folder.signature.signature }, null, err => {
                        assert.strictEqual(err.code, 401);
                        client.subscribe(folder.id, 'activity', { expires: folder.signature.expires }, null, err => {
                          assert.strictEqual(err.code, 401);

                          // Ensure we get a 401 error with an incorrect signature
                          client.subscribe(
                            folder.id,
                            'activity',
                            { expires: Date.now() + 10000, signature: 'foo' },
                            null,
                            err => {
                              assert.strictEqual(err.code, 401);

                              // Simon should not be able to use a signature that was generated for Branden
                              FoldersTestUtil.assertGetFolderSucceeds(
                                branden.restContext,
                                folder.id,
                                folderForBranden => {
                                  client.subscribe(folder.id, 'activity', folderForBranden.signature, null, err => {
                                    assert.strictEqual(err.code, 401);

                                    // Sanity check that a valid signature works
                                    client.subscribe(folder.id, 'activity', folder.signature, null, err => {
                                      assert.ok(!err);
                                      return callback();
                                    });
                                  });
                                }
                              );
                            }
                          );
                        });
                      });
                    });
                  });
                });
              }
            );
          });
        });
      });
Example #10
0
        it('verify indexing without full content item', function(callback) {
            // Create a content item to verify re-indexing
            var doerUsername = TestsUtil.generateTestUserId('doer');
            RestAPI.User.createUser(camAdminRestContext, doerUsername, 'password', 'Doer', null, function(err, doer) {
                var doerRestContext = TestsUtil.createTenantRestContext(global.oaeTests.tenants.cam.host, doerUsername, 'password');

                RestAPI.Content.createLink(doerRestContext, 'Test Content 1', 'Test content description 1', 'public', 'http://www.sakaiproject.org/',  [], [], function(err, link) {
                    assert.ok(!err);
                    
                    // Verify the content item exists
                    SearchTestsUtil.searchAll(doerRestContext, 'general', null, {'resourceTypes': 'content', 'q': 'Test'}, function(err, results) {
                        assert.ok(!err);
                        var contentDoc = _getDocById(results, link.id);
                        assert.ok(contentDoc);

                        // Delete the content item from the index under the hood, this is to avoid the automatic index events invalidating the test
                        ElasticSearch.del('resource', link.id, function(err) {
                            assert.ok(!err);

                            // Verify the content item no longer exists
                            SearchTestsUtil.searchAll(doerRestContext, 'general', null, {'resourceTypes': 'content', 'q': 'Test'}, function(err, results) {
                                assert.ok(!err);
                                var contentDoc = _getDocById(results, link.id);
                                assert.ok(!contentDoc);

                                // This is the indexing job data that only provides the id, and not the full content item
                                var indexJob = {
                                    'resourceType': 'content',
                                    'resources': [{
                                        'id': link.id,
                                        'opts': {
                                            'indexResource': true,
                                            'indexMembers': false
                                        }
                                    }]
                                };

                                // Fire off an indexing task using just the content id
                                MQ.submit(SearchConstants.mq.TASK_INDEX_DOCUMENT, indexJob, function() {

                                    // Ensure that the full content item is now back in the search index
                                    SearchTestsUtil.searchAll(doerRestContext, 'general', null, {'resourceTypes': 'content', 'q': 'Test'}, function(err, results) {
                                        assert.ok(!err);
                                        var contentDoc = _getDocById(results, link.id);
                                        assert.ok(contentDoc);
                                        callback();
                                    });
                                });
                            });
                        });
                    });
                });
            });
        });
Example #11
0
                                RestAPI.Activity.markNotificationsRead(simong.restContext, function(err, result) {
                                    var lastReadTime = result.lastReadTime;

                                    assert.strictEqual(lastReadTime, OaeUtil.getNumberParam(lastReadTime));

                                    // Verify the notificationsLastRead status
                                    RestAPI.User.getMe(simong.restContext, function(err, me) {
                                        assert.ok(!err);

                                        // We now have no unread notifications, and a lastRead status
                                        assert.strictEqual(me.notificationsUnread, 0);
                                        assert.strictEqual(me.notificationsLastRead, lastReadTime);

                                        // Create 2 content items again with simong as a member
                                        RestAPI.Content.createLink(mrvisser.restContext, 'Google', 'Google', 'private', 'http://www.google.ca', [], [simong.user.id], function(err, content) {
                                            assert.ok(!err);

                                            RestAPI.Content.createLink(mrvisser.restContext, 'Google', 'Google', 'private', 'http://www.google.ca', [], [simong.user.id], function(err, content) {
                                                assert.ok(!err);

                                                // Ensure the notification gets delivered and aggregated
                                                ActivityTestsUtil.collectAndGetNotificationStream(simong.restContext, null, function(err, notificationStream) {
                                                    assert.ok(!err);
                                                    assert.equal(notificationStream.items.length, 1);
                                                    assert.equal(notificationStream.items[0].actor['oae:id'], mrvisser.user.id);
                                                    assert.equal(notificationStream.items[0].object['oae:collection'].length, 3);

                                                    // Verify the notificationsUnread is incremented and notificationsLastRead status
                                                    RestAPI.User.getMe(simong.restContext, function(err, me) {
                                                        assert.ok(!err);

                                                        // We now have unread notifications, and a lastRead status
                                                        assert.strictEqual(me.notificationsUnread, 2);
                                                        assert.equal(me.notificationsLastRead, lastReadTime);

                                                        callback();
                                                    });
                                                });
                                            });
                                        });
                                    });
                                });
Example #12
0
            RestAPI.User.createUser(camAdminRestContext, doerUsername, 'password', 'Doer', null, function(err, doer) {
                assert.ok(!err);
                var doerCtx = TestsUtil.createTenantRestContext(global.oaeTests.tenants.cam.host, doerUsername, 'password');

                RestAPI.User.createUser(camAdminRestContext, jackUsername, 'password', 'Jack McJackerson', null, function(err, jack) {
                    assert.ok(!err);
                    var jackCtx = TestsUtil.createTenantRestContext(global.oaeTests.tenants.cam.host, jackUsername, 'password');

                    // Create the 4 groups that will form a cycle
                    RestAPI.Group.createGroup(doerCtx, group1Alias, group1Alias, group1Alias, 'public', 'no', [], [], function(err, group1) {
                        assert.ok(!err);

                        RestAPI.Group.createGroup(doerCtx, group2Alias, group2Alias, group2Alias, 'public', 'no', [group1.id], [], function(err, group2) {
                            assert.ok(!err);

                            // Group 3 will be joinable, so Jack can join it to trigger an activity
                            RestAPI.Group.createGroup(doerCtx, group3Alias, group3Alias, group3Alias, 'public', 'yes', [group2.id], [], function(err, group3) {
                                assert.ok(!err);

                                RestAPI.Group.createGroup(doerCtx, group4Alias, group4Alias, group4Alias, 'public', 'no', [group3.id], [], function(err, group4) {
                                    assert.ok(!err);

                                    // Add group4 as manager to group1 to complete the cycle
                                    var cycleChange = {};
                                    cycleChange[group4.id] = 'manager';
                                    RestAPI.Group.setGroupMembers(doerCtx, group1.id, cycleChange, function(err) {
                                        assert.ok(!err);

                                        RestAPI.Group.joinGroup(jackCtx, group3.id, function(err) {
                                            assert.ok(!err);

                                            // Verify that each group now has this as its most recent activity
                                            ActivityTestsUtil.collectAndGetActivityStream(jackCtx, group1.id, null, function(err, activityStream) {
                                                assert.ok(!err);
                                                assert.equal(activityStream.items[0]['oae:activityType'], 'group-join');
                                                assert.equal(activityStream.items[0].object['oae:id'], group3.id);

                                                ActivityTestsUtil.collectAndGetActivityStream(jackCtx, group2.id, {'_delay': false}, function(err, activityStream) {
                                                    assert.ok(!err);
                                                    assert.equal(activityStream.items[0]['oae:activityType'], 'group-join');
                                                    assert.equal(activityStream.items[0].object['oae:id'], group3.id);

                                                    ActivityTestsUtil.collectAndGetActivityStream(jackCtx, group3.id, {'_delay': false}, function(err, activityStream) {
                                                        assert.ok(!err);
                                                        assert.equal(activityStream.items[0]['oae:activityType'], 'group-join');
                                                        assert.equal(activityStream.items[0].object['oae:id'], group3.id);

                                                        ActivityTestsUtil.collectAndGetActivityStream(jackCtx, group4.id, {'_delay': false}, function(err, activityStream) {
                                                            assert.ok(!err);
                                                            assert.equal(activityStream.items[0]['oae:activityType'], 'group-join');
                                                            assert.equal(activityStream.items[0].object['oae:id'], group3.id);
                                                            return callback();
                                                        });
                                                    });
                                                });
                                            });
                                        });
                                    });
                                });
                            });
                        });
                    });
                });
            });
Example #13
0
        it('verify group-add-member activities aggregation', function(callback) {
            var jackUsername = TestsUtil.generateTestUserId('jack');
            var janeUsername = TestsUtil.generateTestUserId('jane');
            var brandenUsername = TestsUtil.generateTestUserId('branden');
            var groupAlias = TestsUtil.generateTestUserId('targetGroup');

            RestAPI.User.createUser(camAdminRestContext, jackUsername, 'password', 'Jack McJackerson', null, function(err, jack) {
                assert.ok(!err);
                var jackCtx = TestsUtil.createTenantRestContext(global.oaeTests.tenants.cam.host, jackUsername, 'password');

                RestAPI.User.createUser(camAdminRestContext, janeUsername, 'password', 'Jane', null, function(err, jane) {
                    assert.ok(!err);

                    RestAPI.User.createUser(camAdminRestContext, brandenUsername, 'password', 'Branden', null, function(err, branden) {
                        assert.ok(!err);

                        RestAPI.Group.createGroup(jackCtx, groupAlias, groupAlias, groupAlias, 'public', 'yes', [], [], function(err, group) {
                            assert.ok(!err);

                            // Join as jane
                            var membership = {};
                            membership[jane.id] = 'member';
                            RestAPI.Group.setGroupMembers(jackCtx, group.id, membership, function(err) {
                                assert.ok(!err);

                                // Join as branden
                                membership = {};
                                membership[branden.id] = 'member';
                                RestAPI.Group.setGroupMembers(jackCtx, group.id, membership, function(err) {
                                    assert.ok(!err);

                                    ActivityTestsUtil.collectAndGetActivityStream(jackCtx, null, null, function(err, activityStream) {
                                        assert.ok(!err);

                                        // Verify 1 for the group create, plus 1 for the aggregated group-add-member activities
                                        assert.equal(activityStream.items.length, 2);

                                        // Verify the first is the group join, with a collection of 2 actor entities (jane and branden)
                                        var entity = activityStream.items[0].object;
                                        assert.ok(entity['oae:collection']);
                                        assert.equal(entity['oae:collection'].length, 2);
                                        callback();
                                    });
                                });
                            });
                        });
                    });
                });
            });
        });
Example #14
0
                RestAPI.User.createUser(camAdminRestContext, janeUsername, 'password', 'Jane', null, function(err, jane) {
                    assert.ok(!err);
                    var janeCtx = TestsUtil.createTenantRestContext(global.oaeTests.tenants.cam.host, janeUsername, 'password');

                    RestAPI.User.createUser(camAdminRestContext, brandenUsername, 'password', 'Branden', null, function(err, branden) {
                        assert.ok(!err);
                        var brandenCtx = TestsUtil.createTenantRestContext(global.oaeTests.tenants.cam.host, brandenUsername, 'password');

                        RestAPI.Group.createGroup(jackCtx, groupAlias, groupAlias, groupAlias, 'public', 'yes', [], [], function(err, group) {
                            assert.ok(!err);

                            // Join as jane
                            RestAPI.Group.joinGroup(janeCtx, group.id, function(err) {
                                assert.ok(!err);

                                // Join as branden
                                RestAPI.Group.joinGroup(brandenCtx, group.id, function(err) {
                                    assert.ok(!err);

                                    // Get jack's own feed
                                    ActivityTestsUtil.collectAndGetActivityStream(jackCtx, null, null, function(err, activityStream) {
                                        assert.ok(!err);

                                        // Verify 1 for the group create, plus 1 for the aggregated group-join activities
                                        assert.equal(activityStream.items.length, 2);

                                        // Verify the first is the group join, with a collection of 2 actor entities (jane and branden)
                                        var entity = activityStream.items[0].actor;
                                        assert.ok(entity['oae:collection']);
                                        assert.equal(entity['oae:collection'].length, 2);
                                        callback();
                                    });
                                });
                            });
                        });
                    });
                });
Example #15
0
 createUser(function(ctx) {
     RestAPI.User.uploadPicture(ctx, ctx.user.id, TestsUtil.createFileReadableStream('pic.png', 10 * 1024 * 1024 + 1), null, function(err) {
         assert.equal(err.code, 400);
         callback();
     });
 });
    it('verify paging works correctly in memberships search', function(callback) {
        var jackUsername = TestsUtil.generateTestUserId('jack');
        var groupParentAlias = TestsUtil.generateTestUserId('groupParent');
        var groupChildAlias = TestsUtil.generateTestUserId('groupChild');

        // Create the user with which we'll set up the data
        var doerUsername = TestsUtil.generateTestUserId('doer');
        RestAPI.User.createUser(camAdminRestContext, doerUsername, 'password', 'Doer', null, function(err, doer) {
            var doerRestContext = TestsUtil.createTenantRestContext(global.oaeTests.tenants.cam.host, doerUsername, 'password');

            // Create the user whose memberships to check
            RestAPI.User.createUser(camAdminRestContext, jackUsername, 'password', 'Jack McJackerson', null, function(err, jack) {
                assert.ok(!err);

                // Create a group hierarchy to ensure we have memberships
                RestAPI.Group.createGroup(doerRestContext, groupParentAlias, groupParentAlias, 'public', 'no', [], [], function(err, groupParent) {
                    assert.ok(!err);

                    RestAPI.Group.createGroup(doerRestContext, groupChildAlias, groupChildAlias, 'public', 'no', [], [], function(err, groupChild) {
                        assert.ok(!err);

                        TestsUtil.generateGroupHierarchy(doerRestContext, [groupParent.id, groupChild.id, jack.id], 'member', function(err) {
                            assert.ok(!err);

                            // Search only 2 documents to get the expected ids for paging afterward
                            SearchTestsUtil.searchRefreshed(doerRestContext, 'memberships', [jack.id], {'limit': 2, 'start': 0}, function(err, results) {
                                assert.ok(!err);
                                assert.ok(results.results);
                                assert.ok(results.results.length, 2);

                                // Get the ids of the first 2 expected results.
                                var firstId = results.results[0].id;
                                var secondId = results.results[1].id;

                                assert.ok(firstId);
                                assert.ok(secondId);

                                // Verify page 1 gives the first id. We don't need to refresh since we haven't updated anything since the first refresh.
                                RestAPI.Search.search(doerRestContext, 'memberships', [jack.id], {'limit': 1, 'start': 0}, function(err, results) {
                                    assert.ok(!err);
                                    assert.ok(results.results);
                                    assert.ok(results.results.length, 1);
                                    assert.equal(results.results[0].id, firstId);
                                    assert.equal(results.results[0].resourceType, 'group');
                                    assert.equal(results.results[0].profilePath, '/group/' + results.results[0].tenant.alias + '/' + AuthzUtil.getResourceFromId(results.results[0].id).resourceId);

                                    // Verify page 2 gives the second id
                                    RestAPI.Search.search(doerRestContext, 'memberships', [jack.id], {'limit': 1, 'start': 1}, function(err, results) {
                                        assert.ok(!err);
                                        assert.ok(results.results);
                                        assert.ok(results.results.length, 1);
                                        assert.equal(results.results[0].id, secondId);
                                        assert.equal(results.results[0].resourceType, 'group');
                                        assert.equal(results.results[0].profilePath, '/group/' + results.results[0].tenant.alias + '/' + AuthzUtil.getResourceFromId(results.results[0].id).resourceId);
                                        callback();
                                    });
                                });
                            });
                        });
                    });
                });
            });
        });
    });
Example #17
0
 createUser(function(ctx) {
     RestAPI.User.uploadPicture(ctx, ctx.user.id, getPictureStream, null, function(err) {
         assert.ok(!err);
         verifyCropping(ctx, ctx.user, createSelectedArea(10, 10, 20000), 400, callback);
     });
 });
    it('verify user memberships search', function(callback) {
        var jackUsername = TestsUtil.generateTestUserId('jack');
        var groupParentAlias = TestsUtil.generateTestUserId('groupParent');
        var groupChildAlias = TestsUtil.generateTestUserId('groupChild');

        var doerUsername = TestsUtil.generateTestUserId('doer');
        RestAPI.User.createUser(camAdminRestContext, doerUsername, 'password', 'Doer', null, function(err, doer) {
            var doerRestContext = TestsUtil.createTenantRestContext(global.oaeTests.tenants.cam.host, doerUsername, 'password');

            RestAPI.User.createUser(camAdminRestContext, jackUsername, 'password', 'Jack McJackerson', null, function(err, jack) {
                assert.ok(!err);

                // Create a group hierarchy to ensure they all show up in 'jack's group membership search
                RestAPI.Group.createGroup(doerRestContext, groupParentAlias, groupParentAlias, 'public', 'no', [], [], function(err, groupParent) {
                    assert.ok(!err);

                    RestAPI.Group.createGroup(doerRestContext, groupChildAlias, groupChildAlias, 'public', 'no', [], [], function(err, groupChild) {
                        assert.ok(!err);

                        TestsUtil.generateGroupHierarchy(doerRestContext, [groupParent.id, groupChild.id, jack.id], 'member', function(err) {
                            assert.ok(!err);

                            // Search all and ensure all the groups in the hierarchy are in the results
                            SearchTestsUtil.searchAll(doerRestContext, 'memberships', [jack.id], null, function(err, results) {
                                assert.ok(!err);
                                assert.ok(_getDocById(results, groupChild.id));
                                assert.ok(_getDocById(results, groupParent.id));

                                // Unlink the hierarchy by removing jack from the 'bottom' group
                                var changes = {};
                                changes[jack.id] = false;
                                RestAPI.Group.setGroupMembers(doerRestContext, groupChild.id, changes, function(err) {
                                    assert.ok(!err);

                                    // Verify the same memberships search is now empty
                                    SearchTestsUtil.searchAll(doerRestContext, 'memberships', [jack.id], null, function(err, results) {
                                        assert.ok(!err);
                                        assert.equal(results.total, 0);
                                        assert.equal(results.results.length, 0);
                                        callback();
                                    });
                                });
                            });
                        });
                    });
                });
            });
        });
    });
Example #19
0
                        RestAPI.User.uploadPicture(loggedInUser.restContext, loggedInUser.user.id, getPictureStream, selectedArea, function(err) {
                            assert.ok(!err);

                            RestAPI.User.uploadPicture(privateUser.restContext, privateUser.user.id, getPictureStream, selectedArea, function(err) {
                                assert.ok(!err);

                                // Create a group with the two other members.
                                var groupName = TestsUtil.generateTestUserId('someGroupName');
                                RestAPI.Group.createGroup(privateUser.restContext, groupName, groupName, 'public', 'no', [], [loggedInUser.user.id, publicUser.user.id], function(err, group) {
                                    assert.ok(!err);

                                    // Perform one search where we wait for the search index to refresh.
                                    // All subsequent search requests don't have to wait.
                                    SearchTestsUtil.searchAll(anonymousRestContext, 'members', [group.id], null, function(err, results) {
                                        assert.ok(!err);

                                        // anonymous can search the group membership list but can only see the public user his picture.
                                        verifySearchThumbnails(anonymousRestContext, group.id, true, false, false, publicUser.user.id, loggedInUser.user.id, privateUser.user.id, function() {

                                            // a logged in user can see the public and 'logged in' user.
                                            verifySearchThumbnails(nonMemberUser.restContext, group.id, true, true, false, publicUser.user.id, loggedInUser.user.id, privateUser.user.id, function() {

                                                // The public member can only see his own thumbnail and the loggedin user.
                                                verifySearchThumbnails(publicUser.restContext, group.id, true, true, false, publicUser.user.id, loggedInUser.user.id, privateUser.user.id, function() {

                                                    // The 'logged in' user can see his own thumbnail and the public one.
                                                    verifySearchThumbnails(loggedInUser.restContext, group.id, true, true, false, publicUser.user.id, loggedInUser.user.id, privateUser.user.id, function() {

                                                        // The private user can see everyone's thumbnail.
                                                        verifySearchThumbnails(privateUser.restContext, group.id, true, true, true, publicUser.user.id, loggedInUser.user.id, privateUser.user.id, callback);
                                                    });
                                                });
                                            });
                                        });
                                    });
                                });
                            });
                        });
Example #20
0
                    RestAPI.User.uploadPicture(ctx, ctx.user.id, _getPictureStream, null, function(err) {
                        assert.ok(!err);

                        // Get the new user metadata.
                        RestAPI.User.getUser(ctx, ctx.user.id, function(err, secondRequestUser) {
                            assert.ok(!err);

                            // Get the URIs and check that they are not removed on the filesystem
                            var smallPicturePath = rootFilesDir + '/' + _getUriFromDownloadUrl(firstRequestUser.picture.small).split(':')[1];
                            var mediumPicturePath = rootFilesDir + '/' + _getUriFromDownloadUrl(firstRequestUser.picture.medium).split(':')[1];
                            assert.equal(fs.existsSync(smallPicturePath), true, 'The small picture should still exist when uploading a large image');
                            assert.equal(fs.existsSync(mediumPicturePath), true, 'The medium picture should still exist when uploading a large image');
                            return callback();
                        });
                    });
Example #21
0
                _setupOAuth(function(simong, client, accessToken) {

                    // Assert that we're authenticated over OAuth
                    RestAPI.User.getMe(simong.oauthRestContext, function(err, data) {
                        assert.ok(!err);
                        assert.equal(data.id, simong.user.id);
                        assert.equal(data.displayName, simong.user.displayName);

                        // Assert that the CSRF middleware isn't blocking us
                        simong.oauthRestContext.refererHeader = 'http://my.app.com';
                        RestAPI.Content.createLink(simong.oauthRestContext, 'Google', 'Google', 'public', 'http://www.google.com', [], [], function(err, link) {
                            assert.ok(!err);

                            // Sanity check the piece of content has actually beenc reated
                            RestAPI.Content.getLibrary(simong.oauthRestContext, simong.user.id, null, null, function(err, data) {
                                assert.ok(!err);
                                assert.equal(data.results.length, 1);
                                assert.equal(data.results[0].id, link.id);
                                return callback();
                            });
                        });
                    });
                });
Example #22
0
        TestsUtil.generateTestUsers(camAdminRestContext, 4, function(err, users) {
            assert.ok(!err);

            var publicUser = _.values(users)[0];
            var loggedInUser = _.values(users)[1];
            var privateUser = _.values(users)[2];
            var nonMemberUser = _.values(users)[3];

            RestAPI.User.updateUser(loggedInUser.restContext, loggedInUser.user.id, { 'visibility': 'loggedin' }, function(err) {
                assert.ok(!err);

                RestAPI.User.updateUser(privateUser.restContext, privateUser.user.id, { 'visibility': 'private' }, function(err) {
                    assert.ok(!err);

                    // Each user has a profile picture
                    var selectedArea = _createSelectedArea(10, 10, 200, 200);
                    RestAPI.User.uploadPicture(publicUser.restContext, publicUser.user.id, _getPictureStream, selectedArea, function(err) {
                        assert.ok(!err);

                        RestAPI.User.uploadPicture(loggedInUser.restContext, loggedInUser.user.id, _getPictureStream, selectedArea, function(err) {
                            assert.ok(!err);

                            RestAPI.User.uploadPicture(privateUser.restContext, privateUser.user.id, _getPictureStream, selectedArea, function(err) {
                                assert.ok(!err);

                                // Create a group with the two other members
                                var groupName = TestsUtil.generateTestUserId('someGroupName');
                                RestAPI.Group.createGroup(privateUser.restContext, groupName, groupName, 'public', 'no', [], [loggedInUser.user.id, publicUser.user.id], function(err, group) {
                                    assert.ok(!err);

                                    // Perform one search where we wait for the search index to refresh so all subsequent search requests don't have to wait
                                    SearchTestsUtil.whenIndexingComplete(function() {

                                        // The public member can only see his own thumbnail and the loggedin user
                                        _verifySearchThumbnails(publicUser.restContext, group.id, true, true, false, publicUser.user.id, loggedInUser.user.id, privateUser.user.id, function() {
                                            // The 'logged in' user can see his own thumbnail and the public one
                                            _verifySearchThumbnails(loggedInUser.restContext, group.id, true, true, false, publicUser.user.id, loggedInUser.user.id, privateUser.user.id, function() {
                                                // The private user can see everyone's thumbnail
                                                return _verifySearchThumbnails(privateUser.restContext, group.id, true, true, true, publicUser.user.id, loggedInUser.user.id, privateUser.user.id, callback);
                                            });
                                        });
                                    });
                                });
                            });
                        });
                    });
                });
            });
        });
Example #23
0
            TestsUtil.generateTestUsers(camAdminRestContext, 1, function(err, users, mrvisser) {

                RestAPI.User.getMe(mrvisser.restContext, function(err, mrvisserMeData) {
                    assert.ok(!err);

                    // Get 2 clients
                    var data = {
                        'authentication': {
                            'userId': mrvisserMeData.id,
                            'tenantAlias': mrvisserMeData.tenant.alias,
                            'signature': mrvisserMeData.signature
                        },
                        'streams': [
                            {
                                'resourceId': mrvisserMeData.id,
                                'streamType': 'activity',
                                'token': mrvisserMeData.signature
                            },
                            {
                                'resourceId': mrvisserMeData.id,
                                'streamType': 'notification',
                                'token': mrvisserMeData.signature
                            }
                        ]
                    };
                    ActivityTestUtil.collectAndGetActivityStream(mrvisser.restContext, null, null, function(err) {
                        assert.ok(!err);

                        // Setup the clients
                        ActivityTestUtil.getFullySetupPushClient(data, function(clientA) {
                            ActivityTestUtil.getFullySetupPushClient(data, function(clientB) {

                                // Do something that ends up in the `activity`  activitystream
                                RestAPI.Content.createLink(mrvisser.restContext, 'Yahoo', 'Yahoo', 'public', 'http://www.yahoo.ca', [], [], [], function(err, link) {
                                    assert.ok(!err);
                                });

                                var clientAReceived = false;
                                var clientBReceived = false;

                                clientA.once('message', function(message) {
                                    assert.ok(!message.error);
                                    clientAReceived = true;
                                    if (clientAReceived && clientBReceived) {
                                        bothReceived();
                                    }

                                });
                                clientB.once('message', function(message) {
                                    assert.ok(!message.error);
                                    clientBReceived = true;
                                    if (clientAReceived && clientBReceived) {
                                        bothReceived();
                                    }
                                });

                                /**
                                 * Gets executed when both client A and B have received their message
                                 */
                                var bothReceived = function() {

                                    // If we close client B, only A should receive a message
                                    clientB.close(function() {

                                        clientB.on('message', function() {
                                            assert.fail('The socket on client B has been closed, this socket should not receive any more messages');
                                        });

                                        // Do something that ends up in the `activity`  activitystream
                                        RestAPI.Content.createLink(mrvisser.restContext, 'Yahoo', 'Yahoo', 'public', 'http://www.yahoo.ca', [], [], [], function(err, link) {
                                            assert.ok(!err);
                                        });

                                        clientA.once('message', function(message) {
                                            assert.ok(!message.error);
                                            clientA.close(callback);
                                        });
                                    });
                                };
                            });
                        });
                    });
                });
            });
Example #24
0
                        RestAPI.User.uploadPicture(loggedInUser.restContext, loggedInUser.user.id, _getPictureStream, selectedArea, function(err) {
                            assert.ok(!err);

                            RestAPI.User.uploadPicture(privateUser.restContext, privateUser.user.id, _getPictureStream, selectedArea, function(err) {
                                assert.ok(!err);

                                // Create a group with the two other members
                                var groupName = TestsUtil.generateTestUserId('someGroupName');
                                RestAPI.Group.createGroup(privateUser.restContext, groupName, groupName, 'public', 'no', [], [loggedInUser.user.id, publicUser.user.id], function(err, group) {
                                    assert.ok(!err);

                                    // Perform one search where we wait for the search index to refresh so all subsequent search requests don't have to wait
                                    SearchTestsUtil.whenIndexingComplete(function() {

                                        // The public member can only see his own thumbnail and the loggedin user
                                        _verifySearchThumbnails(publicUser.restContext, group.id, true, true, false, publicUser.user.id, loggedInUser.user.id, privateUser.user.id, function() {
                                            // The 'logged in' user can see his own thumbnail and the public one
                                            _verifySearchThumbnails(loggedInUser.restContext, group.id, true, true, false, publicUser.user.id, loggedInUser.user.id, privateUser.user.id, function() {
                                                // The private user can see everyone's thumbnail
                                                return _verifySearchThumbnails(privateUser.restContext, group.id, true, true, true, publicUser.user.id, loggedInUser.user.id, privateUser.user.id, callback);
                                            });
                                        });
                                    });
                                });
                            });
                        });
Example #25
0
            TestsUtil.generateTestUsers(camAdminRestContext, 2, function(err, users, mrvisser, simong) {

                RestAPI.User.getMe(mrvisser.restContext, function(err, mrvisserMeData) {
                    assert.ok(!err);

                    /*
                     * Register a push client for mrvisser who is subscribed to:
                     *  * `activity`-stream with the `activitystream` format
                     *  * `activity`-stream with the `internal` format
                     *  * `notification`-stream with the `internal` format
                     */
                    var data = {
                        'authentication': {
                            'userId': mrvisserMeData.id,
                            'tenantAlias': mrvisserMeData.tenant.alias,
                            'signature': mrvisserMeData.signature
                        },
                        'streams': [
                            {
                                'resourceId': mrvisserMeData.id,
                                'streamType': 'activity',
                                'token': mrvisserMeData.signature,
                                'format': 'activitystreams'
                            },
                            {
                                'resourceId': mrvisserMeData.id,
                                'streamType': 'activity',
                                'token': mrvisserMeData.signature,
                                'format': 'internal'
                            },
                            {
                                'resourceId': mrvisserMeData.id,
                                'streamType': 'notification',
                                'token': mrvisserMeData.signature,
                                'format': 'internal'
                            }
                        ]
                    };

                    // Setup the client
                    ActivityTestUtil.getFullySetupPushClient(data, function(client) {

                        // Create/share a discussion with mrvisser
                        RestAPI.Discussions.createDiscussion(simong.restContext, 'Test discussion', 'Test discussion description', 'public', [], [mrvisser.user.id], function(err, discussion) {
                            assert.ok(!err);

                            // Force a collection cycle as notifications are sent out on aggregation
                            ActivityTestUtil.collectAndGetNotificationStream(mrvisser.restContext, null, function(err, activityStream) {
                                assert.ok(!err);
                            });

                            var activitiesReceived = 0;
                            var formatReceived = {
                                'internal': 0,
                                'activitystreams': 0
                            };
                            client.on('message', function(message) {

                                activitiesReceived++;
                                formatReceived[message.format]++;

                                if (activitiesReceived === 3) {
                                    assert.strictEqual(formatReceived['internal'], 2);
                                    assert.strictEqual(formatReceived['activitystreams'], 1);

                                    return callback();
                                }
                            });
                        });
                    });
                });
            });
                    RestAPI.User.getUser(publicTenant0.publicUser.restContext, publicTenant0.loggedinUser.user.id, function(err, user) {
                        assert.ok(!err);
                        assert.ok(user.following);
                        assert.strictEqual(user.following.canFollow, true);
                        assert.strictEqual(user.following.isFollowing, false);

                        // Ensure user profile reports a user can follow a public user from an external public tenant
                        RestAPI.User.getUser(publicTenant0.publicUser.restContext, publicTenant1.publicUser.user.id, function(err, user) {
                            assert.ok(!err);
                            assert.ok(user.following);
                            assert.strictEqual(user.following.canFollow, true);
                            assert.strictEqual(user.following.isFollowing, false);

                            // Ensure user profile reports a user cannot follow a public user from an external private tenant
                            RestAPI.User.getUser(publicTenant0.publicUser.restContext, privateTenant0.publicUser.user.id, function(err, user) {
                                assert.ok(!err);
                                assert.ok(user.following);
                                assert.strictEqual(user.following.canFollow, false);
                                assert.strictEqual(user.following.isFollowing, false);

                                // Make privateTenant0 public so we can do a cross-tenant follow
                                ConfigTestsUtil.updateConfigAndWait(TestsUtil.createGlobalAdminRestContext(), privateTenant0.tenant.alias, {'oae-tenants/tenantprivacy/tenantprivate': false}, function(err) {
                                    assert.ok(!err);

                                    var followedIds = [
                                        publicTenant0.loggedinUser.user.id,
                                        publicTenant1.publicUser.user.id,
                                        privateTenant0.publicUser.user.id
                                    ];

                                    // Follow the test subject users
                                    FollowingTestsUtil.followAll(publicTenant0.publicUser.restContext, followedIds, function() {

                                        // Make the tenant private again
                                        ConfigTestsUtil.updateConfigAndWait(TestsUtil.createGlobalAdminRestContext(), privateTenant0.tenant.alias, {'oae-tenants/tenantprivacy/tenantprivate': true}, function(err) {
                                            assert.ok(!err);

                                            // Ensure user profile now reports that they are followed, and can no longer be followed
                                            RestAPI.User.getUser(publicTenant0.publicUser.restContext, publicTenant0.loggedinUser.user.id, function(err, user) {
                                                assert.ok(!err);
                                                assert.ok(user.following);
                                                assert.strictEqual(user.following.canFollow, false);
                                                assert.strictEqual(user.following.isFollowing, true);

                                                // Ensure user profile now reports that they are followed, and can no longer be followed
                                                RestAPI.User.getUser(publicTenant0.publicUser.restContext, publicTenant1.publicUser.user.id, function(err, user) {
                                                    assert.ok(!err);
                                                    assert.ok(user.following);
                                                    assert.strictEqual(user.following.canFollow, false);
                                                    assert.strictEqual(user.following.isFollowing, true);

                                                    // Ensure user profile now reports the user from the private tenant is being followed, and still cannot be followed
                                                    RestAPI.User.getUser(publicTenant0.publicUser.restContext, privateTenant0.publicUser.user.id, function(err, user) {
                                                        assert.ok(!err);
                                                        assert.ok(user.following);
                                                        assert.strictEqual(user.following.canFollow, false);
                                                        assert.strictEqual(user.following.isFollowing, true);
                                                        return callback();
                                                    });
                                                });
                                            });
                                        });
                                    });
                                });
                            });
                        });
                    });
Example #27
0
 before(function(callback) {
     // Fill up global admin rest context
     camAdminRestContext = TestsUtil.createTenantAdminRestContext(global.oaeTests.tenants.cam.host);
     // Fill up the rest context for our test user
     var userId = TestsUtil.generateTestUserId('john');
     RestAPI.User.createUser(camAdminRestContext, userId, 'password', 'John Doe', null, function(err, createdUser) {
         johnRestContext = TestsUtil.createTenantRestContext(global.oaeTests.tenants.cam.host, userId, 'password');
         // Add the full user id onto the REST context for use inside of this test
         johnRestContext.id = createdUser.id;
         // We get John's me feed so he is logged in for creating users and groups
         RestAPI.User.getMe(johnRestContext, function() {
             callback();
         });
     });
 });
Example #28
0
 createUser(function(ctx) {
     RestAPI.User.uploadPicture(ctx, ctx.user.id, getTextStream, null, function(err) {
         assert.equal(err.code, 400);
         callback();
     });
 });
Example #29
0
                RestAPI.Group.setGroupMembers(doerRestContext, targetLoggedinGroup.id, changes, function(err) {
                    assert.ok(!err);

                    RestAPI.User.createUser(camAdminRestContext, janeUsername, 'password', 'Jane McJaneFace', null, function(err, jane) {
                        assert.ok(!err);
                        var janeRestContext = TestsUtil.createTenantRestContext(global.oaeTests.tenants.cam.host, janeUsername, 'password');

                        // Verify anonymous cannot see loggedin group
                        SearchTestsUtil.searchAll(anonymousRestContext, 'members', [targetLoggedinGroup.id], null, function(err, results) {
                            assert.ok(err);
                            assert.equal(err.code, 401);
                            assert.ok(!results);

                            // Verify results and visibility for cross-tenant user. Cross-tenant user cannot see memberships of 'loggedin' groups from other tenants
                            SearchTestsUtil.searchAll(darthVaderRestContext, 'members', [targetLoggedinGroup.id], null, function(err, results) {
                                assert.ok(err);
                                assert.equal(err.code, 401);
                                assert.ok(!results);

                                // Verify results and visibility for loggedin user
                                SearchTestsUtil.searchAll(janeRestContext, 'members', [targetLoggedinGroup.id], null, function(err, results) {
                                    assert.ok(!err);
                                    var publicUserResult = _getDocById(results, publicUserMember.id);
                                    var loggedinUserResult = _getDocById(results, loggedinUserMember.id);
                                    var privateUserResult = _getDocById(results, privateUserMember.id);
                                    var privateGroupResult = _getDocById(results, privateGroupMember.id);
                                    var publicGroupResult = _getDocById(results, publicGroupMember.id);

                                    // Verify all members are returned
                                    assert.ok(publicUserResult);
                                    assert.ok(loggedinUserResult);
                                    assert.ok(privateUserResult);
                                    assert.ok(privateGroupResult);
                                    assert.ok(publicGroupResult);

                                    // Verify user visibility. Private should have their publicAlias swapped into the title
                                    assert.equal(publicUserResult.displayName, publicUserMember.displayName);
                                    assert.equal(loggedinUserResult.displayName, loggedinUserMember.displayName);
                                    assert.ok(loggedinUserResult.extra);
                                    assert.equal(loggedinUserResult._extra, undefined);
                                    assert.equal(loggedinUserResult.q_high, undefined);
                                    assert.equal(loggedinUserResult.q_low, undefined);
                                    assert.equal(loggedinUserResult.sort, undefined);
                                    assert.equal(loggedinUserResult.extra.extraProp, 'My extra prop');
                                    assert.equal(privateUserResult.displayName, privateUserMember.publicAlias);
                                    assert.equal(publicGroupResult.displayName, publicGroupMember.displayName);
                                    assert.equal(privateGroupResult.displayName, privateGroupMember.displayName);

                                    // Verify that the correct resourceTypes are set
                                    assert.equal(publicUserResult.resourceType, 'user');
                                    assert.equal(loggedinUserResult.resourceType, 'user');
                                    assert.equal(privateUserResult.resourceType, 'user');
                                    assert.equal(publicGroupResult.resourceType, 'group');
                                    assert.equal(privateGroupResult.resourceType, 'group');

                                    // Verify that the correct profilePaths are set
                                    assert.equal(publicUserResult.profilePath, '/user/' + publicUserResult.id);
                                    assert.equal(loggedinUserResult.profilePath, '/user/' + loggedinUserResult.id);
                                    assert.equal(privateUserResult.profilePath, undefined);
                                    assert.equal(publicGroupResult.profilePath, '/group/' + publicGroupResult.id);
                                    assert.equal(privateGroupResult.profilePath, '/group/' + privateGroupResult.id);

                                    // Verify results and visibility for member user
                                    SearchTestsUtil.searchAll(jackRestContext, 'members', [targetLoggedinGroup.id], null, function(err, results) {
                                        assert.ok(!err);
                                        var publicUserResult = _getDocById(results, publicUserMember.id);
                                        var loggedinUserResult = _getDocById(results, loggedinUserMember.id);
                                        var privateUserResult = _getDocById(results, privateUserMember.id);
                                        var privateGroupResult = _getDocById(results, privateGroupMember.id);
                                        var publicGroupResult = _getDocById(results, publicGroupMember.id);

                                        // Verify member sees all
                                        assert.ok(publicUserResult);
                                        assert.ok(loggedinUserResult);
                                        assert.ok(privateUserResult);
                                        assert.ok(privateGroupResult);
                                        assert.ok(publicGroupResult);

                                        // Verify user visibility. Private should have their publicAlias swapped into the title
                                        assert.equal(publicUserResult.displayName, publicUserMember.displayName);
                                        assert.equal(loggedinUserResult.displayName, loggedinUserMember.displayName);
                                        assert.ok(loggedinUserResult.extra);
                                        assert.equal(loggedinUserResult.extra.extraProp, 'My extra prop');
                                        assert.equal(loggedinUserResult._extra, undefined);
                                        assert.equal(loggedinUserResult.q_high, undefined);
                                        assert.equal(loggedinUserResult.q_low, undefined);
                                        assert.equal(loggedinUserResult.sort, undefined);
                                        assert.equal(privateUserResult.displayName, privateUserMember.publicAlias);
                                        assert.equal(publicGroupResult.displayName, publicGroupMember.displayName);
                                        assert.equal(privateGroupResult.displayName, privateGroupMember.displayName);

                                        // Verify that the correct resourceTypes are set
                                        assert.equal(publicUserResult.resourceType, 'user');
                                        assert.equal(loggedinUserResult.resourceType, 'user');
                                        assert.equal(privateUserResult.resourceType, 'user');
                                        assert.equal(publicGroupResult.resourceType, 'group');
                                        assert.equal(privateGroupResult.resourceType, 'group');

                                        // Verify that the correct profilePaths are set
                                        assert.equal(publicUserResult.profilePath, '/user/' + publicUserResult.id);
                                        assert.equal(loggedinUserResult.profilePath, '/user/' + loggedinUserResult.id);
                                        assert.equal(privateUserResult.profilePath, undefined);
                                        assert.equal(publicGroupResult.profilePath, '/group/' + publicGroupResult.id);
                                        assert.equal(privateGroupResult.profilePath, '/group/' + privateGroupResult.id);

                                        callback();
                                    });
                                });
                            });
                        });
                    });
                });
Example #30
0
        it('verify group-join activity is delivered', function(callback) {
            var doerUsername = TestsUtil.generateTestUserId('doer');
            var username = TestsUtil.generateTestUserId('user');
            var groupAlias = TestsUtil.generateTestGroupId('group');

            // Create the user with which to perform setup
            RestAPI.User.createUser(camAdminRestContext, doerUsername, 'password', 'Doer', null, function(err, doer) {
                assert.ok(!err);
                var doerRestContext = TestsUtil.createTenantRestContext(global.oaeTests.tenants.cam.host, doerUsername, 'password');

                // Create a user with which to create a group, then ensure the user gets the activity
                RestAPI.User.createUser(camAdminRestContext, username, 'password', 'Jack McJackerson', null, function(err, user) {
                    assert.ok(!err);
                    var userRestContext = TestsUtil.createTenantRestContext(global.oaeTests.tenants.cam.host, username, 'password');

                    RestAPI.Group.createGroup(doerRestContext, groupAlias, groupAlias, groupAlias, 'public', 'yes', [], [], function(err, group) {
                        assert.ok(!err);

                        RestAPI.Group.joinGroup(userRestContext, group.id, function(err) {
                            assert.ok(!err);

                            ActivityTestsUtil.collectAndGetActivityStream(userRestContext, user.id, null, function(err, activityStream) {
                                assert.ok(!err);
                                assert.ok(_getActivity(activityStream, 'group-join', 'object', group.id));
                                callback();
                            });
                        });
                    });
                });
            });
        });