it('verify group-add-member activity gets generated', function(callback) {
var username = TestsUtil.generateTestUserId('user');
var groupAlias = TestsUtil.generateTestGroupId('group');
// Create a user with which to create a group, then ensure the user gets the activity
RestAPI.User.createUser(camAdminRestContext, username, 'password', 'Jack McJackerson', null, function(err, user) {
assert.ok(!err);
var userRestContext = TestsUtil.createTenantRestContext(global.oaeTests.tenants.cam.host, username, 'password');
RestAPI.Group.createGroup(camAdminRestContext, groupAlias, groupAlias, groupAlias, 'public', 'yes', [], [], function(err, group) {
assert.ok(!err);
var memberships = {};
memberships[user.id] = 'member';
RestAPI.Group.setGroupMembers(camAdminRestContext, group.id, memberships, function(err) {
assert.ok(!err);
ActivityTestsUtil.collectAndGetActivityStream(camAdminRestContext, user.id, null, function(err, activityStream) {
assert.ok(!err);
assert.ok(_getActivity(activityStream, 'group-add-member', 'target', group.id));
callback();
});
});
});
});
});
TestsUtil.generateTestUsers(camAdminRestContext, 2, function(err, users, mrvisser, simong) {
RestAPI.User.getMe(mrvisser.restContext, function(err, mrvisserMeData) {
assert.ok(!err);
/*
* Register a push client for mrvisser who is subscribed to:
* * `activity`-stream with the `activitystream` format
* * `activity`-stream with the `internal` format
* * `notification`-stream with the `internal` format
*/
var data = {
'authentication': {
'userId': mrvisserMeData.id,
'tenantAlias': mrvisserMeData.tenant.alias,
'signature': mrvisserMeData.signature
},
'streams': [
{
'resourceId': mrvisserMeData.id,
'streamType': 'notification',
'token': mrvisserMeData.signature,
'format': 'internal'
}
]
};
// Setup the client
ActivityTestUtil.getFullySetupPushClient(data, function(client) {
// Create/share a discussion with mrvisser
RestAPI.Discussions.createDiscussion(simong.restContext, 'Test discussion', 'Test discussion description', 'public', [], [mrvisser.user.id], function(err, discussion) {
assert.ok(!err);
// We need to force a collection cycle as the notifiation stream gets pushed out after the aggregation phase
ActivityTestUtil.collectAndGetNotificationStream(mrvisser.restContext, null, function(err, activityStream) {
assert.ok(!err);
});
// As this is the first discussion_created activity in mrvisser's notification stream it
// can't aggregate with any other activities. That should be indicated on the push message
client.once('message', function(message) {
assert.ok(message);
assert.strictEqual(message.numNewActivities, 1);
// When we generate another discussion_created activity it will aggregate with the previous
// activity. This should be reflected on the push message
RestAPI.Discussions.createDiscussion(simong.restContext, 'Test discussion', 'Test discussion description', 'public', [], [mrvisser.user.id], function(err, discussion) {
assert.ok(!err);
// We need to force a collection cycle as the notifiation
// stream gets pushed out after the aggregation phase
ActivityTestUtil.collectAndGetNotificationStream(mrvisser.restContext, null, function(err, activityStream) {
assert.ok(!err);
});
client.once('message', function(message) {
assert.ok(message);
assert.strictEqual(message.numNewActivities, 0);
// Mark the notifications as read. Because we marked the notifications as read,
// this will reset the aggregator for that stream. Any new discussion_created activities
// should result in a "new activity". However, if 2 activities aggregate in-memory in the
// aggregation phase, they should be counted as 1
RestAPI.Activity.markNotificationsRead(mrvisser.restContext, function(err) {
assert.ok(!err);
RestAPI.Discussions.createDiscussion(simong.restContext, 'Test discussion', 'Test discussion description', 'public', [], [mrvisser.user.id], function(err, discussion) {
assert.ok(!err);
RestAPI.Discussions.createDiscussion(simong.restContext, 'Test discussion', 'Test discussion description', 'public', [], [mrvisser.user.id], function(err, discussion) {
assert.ok(!err);
ActivityTestUtil.collectAndGetNotificationStream(mrvisser.restContext, null, function(err, activityStream) {
assert.ok(!err);
});
client.once('message', function(message) {
assert.ok(message);
assert.strictEqual(message.numNewActivities, 1);
// If 2 disjoint activities get delivered to the notification stream, the
// number of new activities should be 2
RestAPI.Activity.markNotificationsRead(mrvisser.restContext, function(err) {
assert.ok(!err);
RestAPI.Discussions.createDiscussion(simong.restContext, 'Test discussion', 'Test discussion description', 'public', [], [mrvisser.user.id], function(err, discussion) {
assert.ok(!err);
RestAPI.Content.createLink(simong.restContext, 'Test link', 'Test link', 'public', 'https://google.com', [], [mrvisser.user.id], [], function(err, discussion) {
assert.ok(!err);
ActivityTestUtil.collectAndGetNotificationStream(mrvisser.restContext, null, function(err, activityStream) {
assert.ok(!err);
});
client.once('message', function(message) {
assert.ok(message);
assert.strictEqual(message.numNewActivities, 2);
assert.strictEqual(message.activities.length, 2);
return callback();
});
});
});
});
});
});
});
});
});
});
});
});
});
});
});
it('verify public group members visibility', function(callback) {
var jackUsername = TestsUtil.generateTestUserId('jack');
var janeUsername = TestsUtil.generateTestUserId('jane');
var darthVaderUsername = TestsUtil.generateTestUserId('darthVader');
RestAPI.User.createUser(gtAdminRestContext, darthVaderUsername, 'password', 'Darth Vader', null, function(err, darthVader) {
assert.ok(!err);
var darthVaderRestContext = TestsUtil.createTenantRestContext(global.oaeTests.tenants.gt.host, darthVaderUsername, 'password');
RestAPI.User.createUser(camAdminRestContext, jackUsername, 'password', 'Jack McJackerson', null, function(err, jack) {
assert.ok(!err);
var jackRestContext = TestsUtil.createTenantRestContext(global.oaeTests.tenants.cam.host, jackUsername, 'password');
var changes = {};
changes[jack.id] = 'member';
RestAPI.Group.setGroupMembers(doerRestContext, targetPublicGroup.id, changes, function(err) {
assert.ok(!err);
RestAPI.User.createUser(camAdminRestContext, janeUsername, 'password', 'Jane McJaneFace', null, function(err, jane) {
assert.ok(!err);
var janeRestContext = TestsUtil.createTenantRestContext(global.oaeTests.tenants.cam.host, janeUsername, 'password');
// Verify results and visibility for anonymous user
SearchTestsUtil.searchAll(anonymousRestContext, 'members', [targetPublicGroup.id], null, function(err, results) {
assert.ok(!err);
var publicUserResult = _getDocById(results, publicUserMember.id);
var loggedinUserResult = _getDocById(results, loggedinUserMember.id);
var privateUserResult = _getDocById(results, privateUserMember.id);
var privateGroupResult = _getDocById(results, privateGroupMember.id);
var publicGroupResult = _getDocById(results, publicGroupMember.id);
// Verify anonymous sees all.
assert.ok(publicUserResult);
assert.ok(loggedinUserResult);
assert.ok(privateUserResult);
assert.ok(privateGroupResult);
assert.ok(publicGroupResult);
// Verify user visibility. Loggedin and private should have their publicAlias swapped into the title
assert.equal(publicUserResult.displayName, publicUserMember.displayName);
assert.equal(loggedinUserResult.displayName, loggedinUserMember.publicAlias);
assert.equal(loggedinUserResult.extra, undefined);
assert.equal(loggedinUserResult._extra, undefined);
assert.equal(loggedinUserResult.q_high, undefined);
assert.equal(loggedinUserResult.q_low, undefined);
assert.equal(loggedinUserResult.sort, undefined);
assert.equal(privateUserResult.displayName, privateUserMember.publicAlias);
assert.equal(publicGroupResult.displayName, publicGroupMember.displayName);
assert.equal(privateGroupResult.displayName, privateGroupMember.displayName);
// Verify that the correct resourceTypes are set
assert.equal(publicUserResult.resourceType, 'user');
assert.equal(loggedinUserResult.resourceType, 'user');
assert.equal(privateUserResult.resourceType, 'user');
assert.equal(publicGroupResult.resourceType, 'group');
assert.equal(privateGroupResult.resourceType, 'group');
// Verify that the correct profilePaths are set
assert.equal(publicUserResult.profilePath, '/user/' + publicUserResult.id);
assert.equal(loggedinUserResult.profilePath, undefined);
assert.equal(privateUserResult.profilePath, undefined);
assert.equal(publicGroupResult.profilePath, '/group/' + publicGroupResult.id);
assert.equal(privateGroupResult.profilePath, '/group/' + privateGroupResult.id);
// Verify results and visibility for cross-tenant user
SearchTestsUtil.searchAll(darthVaderRestContext, 'members', [targetPublicGroup.id], null, function(err, results) {
assert.ok(!err);
var publicUserResult = _getDocById(results, publicUserMember.id);
var loggedinUserResult = _getDocById(results, loggedinUserMember.id);
var privateUserResult = _getDocById(results, privateUserMember.id);
var privateGroupResult = _getDocById(results, privateGroupMember.id);
var publicGroupResult = _getDocById(results, publicGroupMember.id);
// Verify cross-tenant user sees all users
assert.ok(publicUserResult);
assert.ok(loggedinUserResult);
assert.ok(privateUserResult);
assert.ok(privateGroupResult);
assert.ok(publicGroupResult);
// Verify user visibility. Loggedin and private should have their publicAlias swapped into the title
assert.equal(publicUserResult.displayName, publicUserMember.displayName);
assert.equal(loggedinUserResult.displayName, loggedinUserMember.publicAlias);
assert.equal(loggedinUserResult.extra, undefined);
assert.equal(loggedinUserResult._extra, undefined);
assert.equal(loggedinUserResult.q_high, undefined);
assert.equal(loggedinUserResult.q_low, undefined);
assert.equal(loggedinUserResult.sort, undefined);
assert.equal(privateUserResult.displayName, privateUserMember.publicAlias);
assert.equal(publicGroupResult.displayName, publicGroupMember.displayName);
assert.equal(privateGroupResult.displayName, privateGroupMember.displayName);
// Verify that the correct resourceTypes are set
assert.equal(publicUserResult.resourceType, 'user');
assert.equal(loggedinUserResult.resourceType, 'user');
assert.equal(privateUserResult.resourceType, 'user');
assert.equal(publicGroupResult.resourceType, 'group');
assert.equal(privateGroupResult.resourceType, 'group');
// Verify that the correct profilePaths are set
assert.equal(publicUserResult.profilePath, '/user/' + publicUserResult.id);
assert.equal(loggedinUserResult.profilePath, undefined);
assert.equal(privateUserResult.profilePath, undefined);
assert.equal(publicGroupResult.profilePath, '/group/' + publicGroupResult.id);
assert.equal(privateGroupResult.profilePath, '/group/' + privateGroupResult.id);
// Verify results and visibility for loggedin user
SearchTestsUtil.searchAll(janeRestContext, 'members', [targetPublicGroup.id], null, function(err, results) {
assert.ok(!err);
var publicUserResult = _getDocById(results, publicUserMember.id);
var loggedinUserResult = _getDocById(results, loggedinUserMember.id);
var privateUserResult = _getDocById(results, privateUserMember.id);
var privateGroupResult = _getDocById(results, privateGroupMember.id);
var publicGroupResult = _getDocById(results, publicGroupMember.id);
// Verify user sees all members
assert.ok(publicUserResult);
assert.ok(loggedinUserResult);
assert.ok(privateUserResult);
assert.ok(privateGroupResult);
assert.ok(publicGroupResult);
// Verify user visibility. Private should have their publicAlias swapped into the title
assert.equal(publicUserResult.displayName, publicUserMember.displayName);
assert.equal(loggedinUserResult.displayName, loggedinUserMember.displayName);
assert.ok(loggedinUserResult.extra);
assert.equal(loggedinUserResult._extra, undefined);
assert.equal(loggedinUserResult.q_high, undefined);
assert.equal(loggedinUserResult.q_low, undefined);
assert.equal(loggedinUserResult.sort, undefined);
assert.equal(loggedinUserResult.extra.extraProp, 'My extra prop');
assert.equal(privateUserResult.displayName, privateUserMember.publicAlias);
assert.equal(publicGroupResult.displayName, publicGroupMember.displayName);
assert.equal(privateGroupResult.displayName, privateGroupMember.displayName);
// Verify that the correct resourceTypes are set
assert.equal(publicUserResult.resourceType, 'user');
assert.equal(loggedinUserResult.resourceType, 'user');
assert.equal(privateUserResult.resourceType, 'user');
assert.equal(publicGroupResult.resourceType, 'group');
assert.equal(privateGroupResult.resourceType, 'group');
// Verify that the correct profilePaths are set
assert.equal(publicUserResult.profilePath, '/user/' + publicUserResult.id);
assert.equal(loggedinUserResult.profilePath, '/user/' + loggedinUserResult.id);
assert.equal(privateUserResult.profilePath, undefined);
assert.equal(publicGroupResult.profilePath, '/group/' + publicGroupResult.id);
assert.equal(privateGroupResult.profilePath, '/group/' + privateGroupResult.id);
// Verify results and visibility for member user
SearchTestsUtil.searchAll(jackRestContext, 'members', [targetPublicGroup.id], null, function(err, results) {
assert.ok(!err);
var publicUserResult = _getDocById(results, publicUserMember.id);
var loggedinUserResult = _getDocById(results, loggedinUserMember.id);
var privateUserResult = _getDocById(results, privateUserMember.id);
var privateGroupResult = _getDocById(results, privateGroupMember.id);
var publicGroupResult = _getDocById(results, publicGroupMember.id);
// Verify user sees all.
assert.ok(publicUserResult);
assert.ok(loggedinUserResult);
assert.ok(privateUserResult);
assert.ok(privateGroupResult);
assert.ok(publicGroupResult);
// Verify user visibility. Private should have their publicAlias swapped into the title
assert.equal(publicUserResult.displayName, publicUserMember.displayName);
assert.equal(loggedinUserResult.displayName, loggedinUserMember.displayName);
assert.ok(loggedinUserResult.extra);
assert.equal(loggedinUserResult._extra, undefined);
assert.equal(loggedinUserResult.q_high, undefined);
assert.equal(loggedinUserResult.q_low, undefined);
assert.equal(loggedinUserResult.sort, undefined);
assert.equal(loggedinUserResult.extra.extraProp, 'My extra prop');
assert.equal(privateUserResult.displayName, privateUserMember.publicAlias);
assert.equal(publicGroupResult.displayName, publicGroupMember.displayName);
assert.equal(privateGroupResult.displayName, privateGroupMember.displayName);
// Verify that the correct resourceTypes are set
assert.equal(publicUserResult.resourceType, 'user');
assert.equal(loggedinUserResult.resourceType, 'user');
assert.equal(privateUserResult.resourceType, 'user');
assert.equal(publicGroupResult.resourceType, 'group');
assert.equal(privateGroupResult.resourceType, 'group');
// Verify that the correct profilePaths are set
assert.equal(publicUserResult.profilePath, '/user/' + publicUserResult.id);
assert.equal(loggedinUserResult.profilePath, '/user/' + loggedinUserResult.id);
assert.equal(privateUserResult.profilePath, undefined);
assert.equal(publicGroupResult.profilePath, '/group/' + publicGroupResult.id);
assert.equal(privateGroupResult.profilePath, '/group/' + privateGroupResult.id);
callback();
});
});
});
});
});
});
});
});
});
RestAPI.OAuth.createClient(simong.restContext, simong.user.id, 'By simong', function(err, client) {
assert.equal(err.code, 401);
assert.ok(!client);
// Make Nico a tenant admin on the `localhost` tenant
// We can't use the localAdminRestContext as that is really the global admin on the localhost tenant
RestAPI.User.setTenantAdmin(globalAdminRestContext, nico.user.id, true, function(err) {
assert.ok(!err);
// As Nico is not a tenant on the `camtest` tenant we cannot create an OAuth application for that user
RestAPI.OAuth.createClient(nico.restContext, 'u:camtest:foo', 'By admin', function(err, client) {
assert.equal(err.code, 401);
// Assert that tenant admins can create a client
RestAPI.OAuth.createClient(localAdminRestContext, simong.user.id, 'By admin', function(err, client) {
assert.ok(!err);
assert.ok(client);
// Sanity check the client was associated with simong
RestAPI.OAuth.getClients(simong.restContext, simong.user.id, function(err, data) {
assert.ok(!err);
assert.equal(data.results.length, 1);
assert.equal(data.results[0].displayName, 'By admin');
return callback();
});
});
});
});
});
ActivityTestUtil.getFullySetupPushClient(data, function(client) {
// Simon will now create a discussion and share it with mrvisser, this will trigger an activity that gets delivered on both streams
// To ensure proper scrubbing of data, simon will have a private profile
RestAPI.User.updateUser(simong.restContext, simong.user.id, {'visibility': 'private'}, function(err, updatedUser) {
assert.ok(!err);
simong.user = updatedUser;
var discussion = null;
RestAPI.Discussions.createDiscussion(simong.restContext, 'Test discussion', 'Test discussion description', 'public', [], [mrvisser.user.id], function(err, _discussion) {
assert.ok(!err);
discussion = _discussion;
// Force a collection cycle as notifications only get delivered upon aggregation
ActivityTestUtil.collectAndGetActivityStream(mrvisser.restContext, null, null, function(err) {
assert.ok(!err);
});
});
var activitiesReceived = 0;
client.on('message', function(message) {
activitiesReceived++;
assert.ok(message.activities);
assert.strictEqual(message.activities.length, 1);
var activity = message.activities[0];
assert.ok(activity);
var allowedActorProperties = null;
var allowedObjectProperties = null;
if (message.streamType === 'notification') {
// Assert that the activity entities are internally formatted
assert.equal(message.format, 'internal');
// Assert that the actor entity is a user object augmented with an oae:id and objectType
assert.ok(activity.actor);
assert.equal(activity.actor['oae:id'], simong.user.id);
assert.equal(activity.actor['id'], simong.user.id);
assert.equal(activity.actor['displayName'], simong.user.publicAlias);
assert.equal(activity.actor['lastModified'], simong.user.lastModified);
assert.equal(activity.actor['visibility'], 'private');
assert.ok(_.isObject(activity.actor['picture']));
assert.equal(activity.actor['resourceType'], 'user');
assert.equal(activity.actor['objectType'], 'user');
assert.ok(_.isObject(activity.actor['tenant']));
// Ensure only these properties are present
allowedActorProperties = ['oae:id', 'id', 'displayName', 'visibility', 'picture', 'resourceType', 'objectType', 'tenant', 'lastModified'];
_.each(activity.actor, function(value, key) {
assert.ok(_.contains(allowedActorProperties, key) , key + ' is not allowed on an internally formatted activity entity');
});
// Assert that the object entity is a discussion object augmented with an oae:id and objectType
assert.ok(activity.object);
assert.equal(activity.object['oae:id'], discussion.id);
assert.equal(activity.object['id'], discussion.id);
assert.equal(activity.object['visibility'], discussion.visibility);
assert.equal(activity.object['displayName'], discussion.displayName);
assert.equal(activity.object['description'], discussion.description);
assert.equal(activity.object['createdBy'], discussion.createdBy);
assert.equal(activity.object['created'], discussion.created);
assert.equal(activity.object['lastModified'], discussion.lastModified);
assert.equal(activity.object['profilePath'], discussion.profilePath);
assert.equal(activity.object['resourceType'], discussion.resourceType);
assert.equal(activity.object['objectType'], 'discussion');
assert.ok(_.isObject(activity.object['tenant']));
allowedObjectProperties = [ 'tenant', 'id', 'visibility', 'displayName', 'description', 'resourceSubType', 'createdBy', 'created', 'lastModified', 'profilePath', 'resourceType', 'latestRevisionId', 'previews', 'signature', 'objectType', 'oae:id' ];
_.each(activity.object, function(value, key) {
assert.ok(_.contains(allowedObjectProperties, key) , key + ' is not allowed on an internally formatted activity entity');
});
} else {
// Assert that the activity entities are activitystrea.ms formatted
assert.equal(message.format, 'activitystreams');
// Assert that the actor entity is in the proper activitystreams format
assert.ok(activity.actor);
assert.equal(activity.actor['oae:id'], simong.user.id);
assert.equal(activity.actor['oae:visibility'], simong.user.visibility);
assert.equal(activity.actor['displayName'], simong.user.publicAlias);
assert.equal(activity.actor['objectType'], 'user');
assert.equal(activity.actor['id'], 'http://' + global.oaeTests.tenants.cam.host + '/api/user/' + simong.user.id);
assert.ok(_.isObject(activity.actor['oae:tenant']));
allowedActorProperties = ['oae:id', 'oae:visibility', 'displayName', 'objectType', 'id', 'oae:tenant'];
_.each(activity.actor, function(value, key) {
assert.ok(_.contains(allowedActorProperties, key) , key + ' is not allowed on an ActivityStrea.ms compliant formatted activity entity');
});
// Assert that the object entity is in the proper activitystreams format
assert.ok(activity.object);
assert.equal(activity.object['oae:id'], discussion.id);
assert.equal(activity.object['oae:visibility'], discussion.visibility);
assert.equal(activity.object['oae:profilePath'], discussion.profilePath);
assert.equal(activity.object['oae:resourceSubType'], discussion.resourceSubType);
assert.equal(activity.object['displayName'], discussion.displayName);
assert.equal(activity.object['url'], 'http://' + global.oaeTests.tenants.cam.host + '/discussion/camtest/' + discussion.id.split(':')[2]);
assert.equal(activity.object['objectType'], 'discussion');
assert.equal(activity.object['id'], 'http://' + global.oaeTests.tenants.cam.host + '/api/discussion/' + discussion.id);
assert.ok(_.isObject(activity.object['oae:tenant']));
allowedObjectProperties = [ 'oae:id', 'oae:visibility', 'oae:profilePath', 'displayName', 'url', 'objectType', 'id', 'oae:tenant' ];
_.each(activity.object, function(value, key) {
assert.ok(_.contains(allowedObjectProperties, key) , key + ' is not allowed on an ActivityStrea.ms compliant formatted activity entity');
});
}
if (activitiesReceived === 2) {
return callback();
}
});
});
});
createUsers(function(contexts) {
RestAPI.User.uploadPicture(contexts['simon'].restContext, contexts['nicolaas'].user.id, getPictureStream, null, function(err) {
assert.equal(err.code, 401);
verifyCropping(contexts['simon'].restContext, contexts['nicolaas'].user, createSelectedArea(10, 10, 200), 401, callback);
});
});
RestAPI.User.uploadPicture(simon.restContext, uiTeam.id, getPictureStream, selectedArea, function(err) {
assert.ok(!err);
RestAPI.User.uploadPicture(simon.restContext, qaTeam.id, getPictureStream, selectedArea, function(err) {
assert.ok(!err);
// Make the uiTeam loggedin.
RestAPI.Group.updateGroup(simon.restContext, uiTeam.id, { 'visibility': 'loggedin'}, function(err) {
assert.ok(!err);
// Make the qa team private.
RestAPI.Group.updateGroup(simon.restContext, qaTeam.id, { 'visibility': 'private'}, function(err) {
assert.ok(!err);
// Make the backend, ui and qa teams member of oae team.
var changes = {};
changes[backendTeam.id] = 'member';
changes[uiTeam.id] = 'member';
changes[qaTeam.id] = 'member';
RestAPI.Group.setGroupMembers(simon.restContext, oaeTeam.id, changes, function(err) {
assert.ok(!err);
// Search trough the memberlist of oaeTeam and filter the results so we only get the backend team group back.
SearchTestsUtil.searchAll(simon.restContext, 'members', [oaeTeam.id], { 'q': '' }, function(err, results) {
assert.ok(!err);
assert.equal(results.total, 4);
// We only need the groups
results.results = _.filter(results.results, function(result) { return result.resourceType !== 'user'; });
// All the groups should expose their thumbnail regardless of their visibility setting.
assert.ok(results.results[0].thumbnailUrl);
assert.ok(results.results[1].thumbnailUrl);
assert.ok(results.results[2].thumbnailUrl);
// Try downloading it by just using the returned url.
RestUtil.RestRequest(simon.restContext, results.results[0].thumbnailUrl, 'GET', null, function(err, body, response) {
assert.ok(!err);
// Downloading happens via nginx, so we can't verify the response body.
// We can verify if the status code is a 204 and if the appropriate headers are present.
assert.equal(response.statusCode, 204);
assert.ok(response.headers['x-accel-redirect']);
assert.ok(response.headers['content-disposition']);
callback();
});
});
});
});
});
});
});
RestAPI.Authentication.getUserLoginIds(globalAdminRestContext, 'u:camtest:abcdefghij', (err, loginIds) => {
assert.ok(err);
assert.strictEqual(err.code, 404);
// Create a test user
RestAPI.User.createUser(
camAdminRestContext,
username,
'password',
'Test User',
email,
null,
(err, createdUser) => {
assert.ok(!err);
// Verify that an error is thrown when an anonymous user on the global admin router requests the login ids for the test user
RestAPI.Authentication.getUserLoginIds(anonymousGlobalRestContext, createdUser.id, (err, loginIds) => {
assert.ok(err);
assert.strictEqual(err.code, 401);
// Verify that an error is thrown when an anonymous user on the tenant router requests the login ids for the test user
RestAPI.Authentication.getUserLoginIds(anonymousCamRestContext, createdUser.id, (err, loginIds) => {
assert.ok(err);
assert.strictEqual(err.code, 401);
// Verify that an error is thrown when an unauthorized tenant admin requests the login ids for the test user
RestAPI.Authentication.getUserLoginIds(gtAdminRestContext, createdUser.id, (err, loginIds) => {
assert.ok(err);
assert.strictEqual(err.code, 401);
// Verify that a tenant admin can request the login ids for the test user
RestAPI.Authentication.getUserLoginIds(camAdminRestContext, createdUser.id, (err, loginIds) => {
assert.ok(!err);
assert.ok(loginIds);
// Verify that a global admin can request the login ids for the test user
RestAPI.Authentication.getUserLoginIds(
globalAdminRestContext,
createdUser.id,
(err, loginIds) => {
assert.ok(!err);
assert.ok(loginIds);
return callback();
}
);
});
});
});
});
}
);
});
TestsUtil.generateTestUsers(localAdminRestContext, 2, (err, users, simong, branden) => {
assert.ok(!err);
RestAPI.User.getMe(simong.restContext, (err, simonFull) => {
assert.ok(!err);
const data = {
authentication: {
userId: simonFull.id,
tenantAlias: simonFull.tenant.alias,
signature: simonFull.signature
},
feeds: []
};
ActivityTestsUtil.getFullySetupPushClient(data, client => {
// Create a folder and get its full profile so we have a signature that we can use to register for push notifications
FoldersTestUtil.assertCreateFolderSucceeds(
simong.restContext,
'test displayName',
'test description',
'private',
[branden],
[],
folder => {
FoldersTestUtil.assertGetFolderSucceeds(simong.restContext, folder.id, folder => {
// Ensure we get a 400 error with an invalid activity stream id
client.subscribe(folder.id, null, folder.signature, null, err => {
assert.strictEqual(err.code, 400);
// Ensure we get a 400 error with a missing resource id
client.subscribe(null, 'activity', folder.signature, null, err => {
assert.strictEqual(err.code, 400);
// Ensure we get a 400 error with an invalid token
client.subscribe(folder.id, 'activity', { signature: folder.signature.signature }, null, err => {
assert.strictEqual(err.code, 401);
client.subscribe(folder.id, 'activity', { expires: folder.signature.expires }, null, err => {
assert.strictEqual(err.code, 401);
// Ensure we get a 401 error with an incorrect signature
client.subscribe(
folder.id,
'activity',
{ expires: Date.now() + 10000, signature: 'foo' },
null,
err => {
assert.strictEqual(err.code, 401);
// Simon should not be able to use a signature that was generated for Branden
FoldersTestUtil.assertGetFolderSucceeds(
branden.restContext,
folder.id,
folderForBranden => {
client.subscribe(folder.id, 'activity', folderForBranden.signature, null, err => {
assert.strictEqual(err.code, 401);
// Sanity check that a valid signature works
client.subscribe(folder.id, 'activity', folder.signature, null, err => {
assert.ok(!err);
return callback();
});
});
}
);
}
);
});
});
});
});
});
}
);
});
});
});
it('verify indexing without full content item', function(callback) {
// Create a content item to verify re-indexing
var doerUsername = TestsUtil.generateTestUserId('doer');
RestAPI.User.createUser(camAdminRestContext, doerUsername, 'password', 'Doer', null, function(err, doer) {
var doerRestContext = TestsUtil.createTenantRestContext(global.oaeTests.tenants.cam.host, doerUsername, 'password');
RestAPI.Content.createLink(doerRestContext, 'Test Content 1', 'Test content description 1', 'public', 'http://www.sakaiproject.org/', [], [], function(err, link) {
assert.ok(!err);
// Verify the content item exists
SearchTestsUtil.searchAll(doerRestContext, 'general', null, {'resourceTypes': 'content', 'q': 'Test'}, function(err, results) {
assert.ok(!err);
var contentDoc = _getDocById(results, link.id);
assert.ok(contentDoc);
// Delete the content item from the index under the hood, this is to avoid the automatic index events invalidating the test
ElasticSearch.del('resource', link.id, function(err) {
assert.ok(!err);
// Verify the content item no longer exists
SearchTestsUtil.searchAll(doerRestContext, 'general', null, {'resourceTypes': 'content', 'q': 'Test'}, function(err, results) {
assert.ok(!err);
var contentDoc = _getDocById(results, link.id);
assert.ok(!contentDoc);
// This is the indexing job data that only provides the id, and not the full content item
var indexJob = {
'resourceType': 'content',
'resources': [{
'id': link.id,
'opts': {
'indexResource': true,
'indexMembers': false
}
}]
};
// Fire off an indexing task using just the content id
MQ.submit(SearchConstants.mq.TASK_INDEX_DOCUMENT, indexJob, function() {
// Ensure that the full content item is now back in the search index
SearchTestsUtil.searchAll(doerRestContext, 'general', null, {'resourceTypes': 'content', 'q': 'Test'}, function(err, results) {
assert.ok(!err);
var contentDoc = _getDocById(results, link.id);
assert.ok(contentDoc);
callback();
});
});
});
});
});
});
});
});
RestAPI.Activity.markNotificationsRead(simong.restContext, function(err, result) {
var lastReadTime = result.lastReadTime;
assert.strictEqual(lastReadTime, OaeUtil.getNumberParam(lastReadTime));
// Verify the notificationsLastRead status
RestAPI.User.getMe(simong.restContext, function(err, me) {
assert.ok(!err);
// We now have no unread notifications, and a lastRead status
assert.strictEqual(me.notificationsUnread, 0);
assert.strictEqual(me.notificationsLastRead, lastReadTime);
// Create 2 content items again with simong as a member
RestAPI.Content.createLink(mrvisser.restContext, 'Google', 'Google', 'private', 'http://www.google.ca', [], [simong.user.id], function(err, content) {
assert.ok(!err);
RestAPI.Content.createLink(mrvisser.restContext, 'Google', 'Google', 'private', 'http://www.google.ca', [], [simong.user.id], function(err, content) {
assert.ok(!err);
// Ensure the notification gets delivered and aggregated
ActivityTestsUtil.collectAndGetNotificationStream(simong.restContext, null, function(err, notificationStream) {
assert.ok(!err);
assert.equal(notificationStream.items.length, 1);
assert.equal(notificationStream.items[0].actor['oae:id'], mrvisser.user.id);
assert.equal(notificationStream.items[0].object['oae:collection'].length, 3);
// Verify the notificationsUnread is incremented and notificationsLastRead status
RestAPI.User.getMe(simong.restContext, function(err, me) {
assert.ok(!err);
// We now have unread notifications, and a lastRead status
assert.strictEqual(me.notificationsUnread, 2);
assert.equal(me.notificationsLastRead, lastReadTime);
callback();
});
});
});
});
});
});
RestAPI.User.createUser(camAdminRestContext, doerUsername, 'password', 'Doer', null, function(err, doer) {
assert.ok(!err);
var doerCtx = TestsUtil.createTenantRestContext(global.oaeTests.tenants.cam.host, doerUsername, 'password');
RestAPI.User.createUser(camAdminRestContext, jackUsername, 'password', 'Jack McJackerson', null, function(err, jack) {
assert.ok(!err);
var jackCtx = TestsUtil.createTenantRestContext(global.oaeTests.tenants.cam.host, jackUsername, 'password');
// Create the 4 groups that will form a cycle
RestAPI.Group.createGroup(doerCtx, group1Alias, group1Alias, group1Alias, 'public', 'no', [], [], function(err, group1) {
assert.ok(!err);
RestAPI.Group.createGroup(doerCtx, group2Alias, group2Alias, group2Alias, 'public', 'no', [group1.id], [], function(err, group2) {
assert.ok(!err);
// Group 3 will be joinable, so Jack can join it to trigger an activity
RestAPI.Group.createGroup(doerCtx, group3Alias, group3Alias, group3Alias, 'public', 'yes', [group2.id], [], function(err, group3) {
assert.ok(!err);
RestAPI.Group.createGroup(doerCtx, group4Alias, group4Alias, group4Alias, 'public', 'no', [group3.id], [], function(err, group4) {
assert.ok(!err);
// Add group4 as manager to group1 to complete the cycle
var cycleChange = {};
cycleChange[group4.id] = 'manager';
RestAPI.Group.setGroupMembers(doerCtx, group1.id, cycleChange, function(err) {
assert.ok(!err);
RestAPI.Group.joinGroup(jackCtx, group3.id, function(err) {
assert.ok(!err);
// Verify that each group now has this as its most recent activity
ActivityTestsUtil.collectAndGetActivityStream(jackCtx, group1.id, null, function(err, activityStream) {
assert.ok(!err);
assert.equal(activityStream.items[0]['oae:activityType'], 'group-join');
assert.equal(activityStream.items[0].object['oae:id'], group3.id);
ActivityTestsUtil.collectAndGetActivityStream(jackCtx, group2.id, {'_delay': false}, function(err, activityStream) {
assert.ok(!err);
assert.equal(activityStream.items[0]['oae:activityType'], 'group-join');
assert.equal(activityStream.items[0].object['oae:id'], group3.id);
ActivityTestsUtil.collectAndGetActivityStream(jackCtx, group3.id, {'_delay': false}, function(err, activityStream) {
assert.ok(!err);
assert.equal(activityStream.items[0]['oae:activityType'], 'group-join');
assert.equal(activityStream.items[0].object['oae:id'], group3.id);
ActivityTestsUtil.collectAndGetActivityStream(jackCtx, group4.id, {'_delay': false}, function(err, activityStream) {
assert.ok(!err);
assert.equal(activityStream.items[0]['oae:activityType'], 'group-join');
assert.equal(activityStream.items[0].object['oae:id'], group3.id);
return callback();
});
});
});
});
});
});
});
});
});
});
});
});
it('verify group-add-member activities aggregation', function(callback) {
var jackUsername = TestsUtil.generateTestUserId('jack');
var janeUsername = TestsUtil.generateTestUserId('jane');
var brandenUsername = TestsUtil.generateTestUserId('branden');
var groupAlias = TestsUtil.generateTestUserId('targetGroup');
RestAPI.User.createUser(camAdminRestContext, jackUsername, 'password', 'Jack McJackerson', null, function(err, jack) {
assert.ok(!err);
var jackCtx = TestsUtil.createTenantRestContext(global.oaeTests.tenants.cam.host, jackUsername, 'password');
RestAPI.User.createUser(camAdminRestContext, janeUsername, 'password', 'Jane', null, function(err, jane) {
assert.ok(!err);
RestAPI.User.createUser(camAdminRestContext, brandenUsername, 'password', 'Branden', null, function(err, branden) {
assert.ok(!err);
RestAPI.Group.createGroup(jackCtx, groupAlias, groupAlias, groupAlias, 'public', 'yes', [], [], function(err, group) {
assert.ok(!err);
// Join as jane
var membership = {};
membership[jane.id] = 'member';
RestAPI.Group.setGroupMembers(jackCtx, group.id, membership, function(err) {
assert.ok(!err);
// Join as branden
membership = {};
membership[branden.id] = 'member';
RestAPI.Group.setGroupMembers(jackCtx, group.id, membership, function(err) {
assert.ok(!err);
ActivityTestsUtil.collectAndGetActivityStream(jackCtx, null, null, function(err, activityStream) {
assert.ok(!err);
// Verify 1 for the group create, plus 1 for the aggregated group-add-member activities
assert.equal(activityStream.items.length, 2);
// Verify the first is the group join, with a collection of 2 actor entities (jane and branden)
var entity = activityStream.items[0].object;
assert.ok(entity['oae:collection']);
assert.equal(entity['oae:collection'].length, 2);
callback();
});
});
});
});
});
});
});
});
RestAPI.User.createUser(camAdminRestContext, janeUsername, 'password', 'Jane', null, function(err, jane) {
assert.ok(!err);
var janeCtx = TestsUtil.createTenantRestContext(global.oaeTests.tenants.cam.host, janeUsername, 'password');
RestAPI.User.createUser(camAdminRestContext, brandenUsername, 'password', 'Branden', null, function(err, branden) {
assert.ok(!err);
var brandenCtx = TestsUtil.createTenantRestContext(global.oaeTests.tenants.cam.host, brandenUsername, 'password');
RestAPI.Group.createGroup(jackCtx, groupAlias, groupAlias, groupAlias, 'public', 'yes', [], [], function(err, group) {
assert.ok(!err);
// Join as jane
RestAPI.Group.joinGroup(janeCtx, group.id, function(err) {
assert.ok(!err);
// Join as branden
RestAPI.Group.joinGroup(brandenCtx, group.id, function(err) {
assert.ok(!err);
// Get jack's own feed
ActivityTestsUtil.collectAndGetActivityStream(jackCtx, null, null, function(err, activityStream) {
assert.ok(!err);
// Verify 1 for the group create, plus 1 for the aggregated group-join activities
assert.equal(activityStream.items.length, 2);
// Verify the first is the group join, with a collection of 2 actor entities (jane and branden)
var entity = activityStream.items[0].actor;
assert.ok(entity['oae:collection']);
assert.equal(entity['oae:collection'].length, 2);
callback();
});
});
});
});
});
});
createUser(function(ctx) {
RestAPI.User.uploadPicture(ctx, ctx.user.id, TestsUtil.createFileReadableStream('pic.png', 10 * 1024 * 1024 + 1), null, function(err) {
assert.equal(err.code, 400);
callback();
});
});
it('verify paging works correctly in memberships search', function(callback) {
var jackUsername = TestsUtil.generateTestUserId('jack');
var groupParentAlias = TestsUtil.generateTestUserId('groupParent');
var groupChildAlias = TestsUtil.generateTestUserId('groupChild');
// Create the user with which we'll set up the data
var doerUsername = TestsUtil.generateTestUserId('doer');
RestAPI.User.createUser(camAdminRestContext, doerUsername, 'password', 'Doer', null, function(err, doer) {
var doerRestContext = TestsUtil.createTenantRestContext(global.oaeTests.tenants.cam.host, doerUsername, 'password');
// Create the user whose memberships to check
RestAPI.User.createUser(camAdminRestContext, jackUsername, 'password', 'Jack McJackerson', null, function(err, jack) {
assert.ok(!err);
// Create a group hierarchy to ensure we have memberships
RestAPI.Group.createGroup(doerRestContext, groupParentAlias, groupParentAlias, 'public', 'no', [], [], function(err, groupParent) {
assert.ok(!err);
RestAPI.Group.createGroup(doerRestContext, groupChildAlias, groupChildAlias, 'public', 'no', [], [], function(err, groupChild) {
assert.ok(!err);
TestsUtil.generateGroupHierarchy(doerRestContext, [groupParent.id, groupChild.id, jack.id], 'member', function(err) {
assert.ok(!err);
// Search only 2 documents to get the expected ids for paging afterward
SearchTestsUtil.searchRefreshed(doerRestContext, 'memberships', [jack.id], {'limit': 2, 'start': 0}, function(err, results) {
assert.ok(!err);
assert.ok(results.results);
assert.ok(results.results.length, 2);
// Get the ids of the first 2 expected results.
var firstId = results.results[0].id;
var secondId = results.results[1].id;
assert.ok(firstId);
assert.ok(secondId);
// Verify page 1 gives the first id. We don't need to refresh since we haven't updated anything since the first refresh.
RestAPI.Search.search(doerRestContext, 'memberships', [jack.id], {'limit': 1, 'start': 0}, function(err, results) {
assert.ok(!err);
assert.ok(results.results);
assert.ok(results.results.length, 1);
assert.equal(results.results[0].id, firstId);
assert.equal(results.results[0].resourceType, 'group');
assert.equal(results.results[0].profilePath, '/group/' + results.results[0].tenant.alias + '/' + AuthzUtil.getResourceFromId(results.results[0].id).resourceId);
// Verify page 2 gives the second id
RestAPI.Search.search(doerRestContext, 'memberships', [jack.id], {'limit': 1, 'start': 1}, function(err, results) {
assert.ok(!err);
assert.ok(results.results);
assert.ok(results.results.length, 1);
assert.equal(results.results[0].id, secondId);
assert.equal(results.results[0].resourceType, 'group');
assert.equal(results.results[0].profilePath, '/group/' + results.results[0].tenant.alias + '/' + AuthzUtil.getResourceFromId(results.results[0].id).resourceId);
callback();
});
});
});
});
});
});
});
});
});
createUser(function(ctx) {
RestAPI.User.uploadPicture(ctx, ctx.user.id, getPictureStream, null, function(err) {
assert.ok(!err);
verifyCropping(ctx, ctx.user, createSelectedArea(10, 10, 20000), 400, callback);
});
});
it('verify user memberships search', function(callback) {
var jackUsername = TestsUtil.generateTestUserId('jack');
var groupParentAlias = TestsUtil.generateTestUserId('groupParent');
var groupChildAlias = TestsUtil.generateTestUserId('groupChild');
var doerUsername = TestsUtil.generateTestUserId('doer');
RestAPI.User.createUser(camAdminRestContext, doerUsername, 'password', 'Doer', null, function(err, doer) {
var doerRestContext = TestsUtil.createTenantRestContext(global.oaeTests.tenants.cam.host, doerUsername, 'password');
RestAPI.User.createUser(camAdminRestContext, jackUsername, 'password', 'Jack McJackerson', null, function(err, jack) {
assert.ok(!err);
// Create a group hierarchy to ensure they all show up in 'jack's group membership search
RestAPI.Group.createGroup(doerRestContext, groupParentAlias, groupParentAlias, 'public', 'no', [], [], function(err, groupParent) {
assert.ok(!err);
RestAPI.Group.createGroup(doerRestContext, groupChildAlias, groupChildAlias, 'public', 'no', [], [], function(err, groupChild) {
assert.ok(!err);
TestsUtil.generateGroupHierarchy(doerRestContext, [groupParent.id, groupChild.id, jack.id], 'member', function(err) {
assert.ok(!err);
// Search all and ensure all the groups in the hierarchy are in the results
SearchTestsUtil.searchAll(doerRestContext, 'memberships', [jack.id], null, function(err, results) {
assert.ok(!err);
assert.ok(_getDocById(results, groupChild.id));
assert.ok(_getDocById(results, groupParent.id));
// Unlink the hierarchy by removing jack from the 'bottom' group
var changes = {};
changes[jack.id] = false;
RestAPI.Group.setGroupMembers(doerRestContext, groupChild.id, changes, function(err) {
assert.ok(!err);
// Verify the same memberships search is now empty
SearchTestsUtil.searchAll(doerRestContext, 'memberships', [jack.id], null, function(err, results) {
assert.ok(!err);
assert.equal(results.total, 0);
assert.equal(results.results.length, 0);
callback();
});
});
});
});
});
});
});
});
});
RestAPI.User.uploadPicture(loggedInUser.restContext, loggedInUser.user.id, getPictureStream, selectedArea, function(err) {
assert.ok(!err);
RestAPI.User.uploadPicture(privateUser.restContext, privateUser.user.id, getPictureStream, selectedArea, function(err) {
assert.ok(!err);
// Create a group with the two other members.
var groupName = TestsUtil.generateTestUserId('someGroupName');
RestAPI.Group.createGroup(privateUser.restContext, groupName, groupName, 'public', 'no', [], [loggedInUser.user.id, publicUser.user.id], function(err, group) {
assert.ok(!err);
// Perform one search where we wait for the search index to refresh.
// All subsequent search requests don't have to wait.
SearchTestsUtil.searchAll(anonymousRestContext, 'members', [group.id], null, function(err, results) {
assert.ok(!err);
// anonymous can search the group membership list but can only see the public user his picture.
verifySearchThumbnails(anonymousRestContext, group.id, true, false, false, publicUser.user.id, loggedInUser.user.id, privateUser.user.id, function() {
// a logged in user can see the public and 'logged in' user.
verifySearchThumbnails(nonMemberUser.restContext, group.id, true, true, false, publicUser.user.id, loggedInUser.user.id, privateUser.user.id, function() {
// The public member can only see his own thumbnail and the loggedin user.
verifySearchThumbnails(publicUser.restContext, group.id, true, true, false, publicUser.user.id, loggedInUser.user.id, privateUser.user.id, function() {
// The 'logged in' user can see his own thumbnail and the public one.
verifySearchThumbnails(loggedInUser.restContext, group.id, true, true, false, publicUser.user.id, loggedInUser.user.id, privateUser.user.id, function() {
// The private user can see everyone's thumbnail.
verifySearchThumbnails(privateUser.restContext, group.id, true, true, true, publicUser.user.id, loggedInUser.user.id, privateUser.user.id, callback);
});
});
});
});
});
});
});
});
RestAPI.User.uploadPicture(ctx, ctx.user.id, _getPictureStream, null, function(err) {
assert.ok(!err);
// Get the new user metadata.
RestAPI.User.getUser(ctx, ctx.user.id, function(err, secondRequestUser) {
assert.ok(!err);
// Get the URIs and check that they are not removed on the filesystem
var smallPicturePath = rootFilesDir + '/' + _getUriFromDownloadUrl(firstRequestUser.picture.small).split(':')[1];
var mediumPicturePath = rootFilesDir + '/' + _getUriFromDownloadUrl(firstRequestUser.picture.medium).split(':')[1];
assert.equal(fs.existsSync(smallPicturePath), true, 'The small picture should still exist when uploading a large image');
assert.equal(fs.existsSync(mediumPicturePath), true, 'The medium picture should still exist when uploading a large image');
return callback();
});
});
_setupOAuth(function(simong, client, accessToken) {
// Assert that we're authenticated over OAuth
RestAPI.User.getMe(simong.oauthRestContext, function(err, data) {
assert.ok(!err);
assert.equal(data.id, simong.user.id);
assert.equal(data.displayName, simong.user.displayName);
// Assert that the CSRF middleware isn't blocking us
simong.oauthRestContext.refererHeader = 'http://my.app.com';
RestAPI.Content.createLink(simong.oauthRestContext, 'Google', 'Google', 'public', 'http://www.google.com', [], [], function(err, link) {
assert.ok(!err);
// Sanity check the piece of content has actually beenc reated
RestAPI.Content.getLibrary(simong.oauthRestContext, simong.user.id, null, null, function(err, data) {
assert.ok(!err);
assert.equal(data.results.length, 1);
assert.equal(data.results[0].id, link.id);
return callback();
});
});
});
});
TestsUtil.generateTestUsers(camAdminRestContext, 4, function(err, users) {
assert.ok(!err);
var publicUser = _.values(users)[0];
var loggedInUser = _.values(users)[1];
var privateUser = _.values(users)[2];
var nonMemberUser = _.values(users)[3];
RestAPI.User.updateUser(loggedInUser.restContext, loggedInUser.user.id, { 'visibility': 'loggedin' }, function(err) {
assert.ok(!err);
RestAPI.User.updateUser(privateUser.restContext, privateUser.user.id, { 'visibility': 'private' }, function(err) {
assert.ok(!err);
// Each user has a profile picture
var selectedArea = _createSelectedArea(10, 10, 200, 200);
RestAPI.User.uploadPicture(publicUser.restContext, publicUser.user.id, _getPictureStream, selectedArea, function(err) {
assert.ok(!err);
RestAPI.User.uploadPicture(loggedInUser.restContext, loggedInUser.user.id, _getPictureStream, selectedArea, function(err) {
assert.ok(!err);
RestAPI.User.uploadPicture(privateUser.restContext, privateUser.user.id, _getPictureStream, selectedArea, function(err) {
assert.ok(!err);
// Create a group with the two other members
var groupName = TestsUtil.generateTestUserId('someGroupName');
RestAPI.Group.createGroup(privateUser.restContext, groupName, groupName, 'public', 'no', [], [loggedInUser.user.id, publicUser.user.id], function(err, group) {
assert.ok(!err);
// Perform one search where we wait for the search index to refresh so all subsequent search requests don't have to wait
SearchTestsUtil.whenIndexingComplete(function() {
// The public member can only see his own thumbnail and the loggedin user
_verifySearchThumbnails(publicUser.restContext, group.id, true, true, false, publicUser.user.id, loggedInUser.user.id, privateUser.user.id, function() {
// The 'logged in' user can see his own thumbnail and the public one
_verifySearchThumbnails(loggedInUser.restContext, group.id, true, true, false, publicUser.user.id, loggedInUser.user.id, privateUser.user.id, function() {
// The private user can see everyone's thumbnail
return _verifySearchThumbnails(privateUser.restContext, group.id, true, true, true, publicUser.user.id, loggedInUser.user.id, privateUser.user.id, callback);
});
});
});
});
});
});
});
});
});
});
TestsUtil.generateTestUsers(camAdminRestContext, 1, function(err, users, mrvisser) {
RestAPI.User.getMe(mrvisser.restContext, function(err, mrvisserMeData) {
assert.ok(!err);
// Get 2 clients
var data = {
'authentication': {
'userId': mrvisserMeData.id,
'tenantAlias': mrvisserMeData.tenant.alias,
'signature': mrvisserMeData.signature
},
'streams': [
{
'resourceId': mrvisserMeData.id,
'streamType': 'activity',
'token': mrvisserMeData.signature
},
{
'resourceId': mrvisserMeData.id,
'streamType': 'notification',
'token': mrvisserMeData.signature
}
]
};
ActivityTestUtil.collectAndGetActivityStream(mrvisser.restContext, null, null, function(err) {
assert.ok(!err);
// Setup the clients
ActivityTestUtil.getFullySetupPushClient(data, function(clientA) {
ActivityTestUtil.getFullySetupPushClient(data, function(clientB) {
// Do something that ends up in the `activity` activitystream
RestAPI.Content.createLink(mrvisser.restContext, 'Yahoo', 'Yahoo', 'public', 'http://www.yahoo.ca', [], [], [], function(err, link) {
assert.ok(!err);
});
var clientAReceived = false;
var clientBReceived = false;
clientA.once('message', function(message) {
assert.ok(!message.error);
clientAReceived = true;
if (clientAReceived && clientBReceived) {
bothReceived();
}
});
clientB.once('message', function(message) {
assert.ok(!message.error);
clientBReceived = true;
if (clientAReceived && clientBReceived) {
bothReceived();
}
});
/**
* Gets executed when both client A and B have received their message
*/
var bothReceived = function() {
// If we close client B, only A should receive a message
clientB.close(function() {
clientB.on('message', function() {
assert.fail('The socket on client B has been closed, this socket should not receive any more messages');
});
// Do something that ends up in the `activity` activitystream
RestAPI.Content.createLink(mrvisser.restContext, 'Yahoo', 'Yahoo', 'public', 'http://www.yahoo.ca', [], [], [], function(err, link) {
assert.ok(!err);
});
clientA.once('message', function(message) {
assert.ok(!message.error);
clientA.close(callback);
});
});
};
});
});
});
});
});
RestAPI.User.uploadPicture(loggedInUser.restContext, loggedInUser.user.id, _getPictureStream, selectedArea, function(err) {
assert.ok(!err);
RestAPI.User.uploadPicture(privateUser.restContext, privateUser.user.id, _getPictureStream, selectedArea, function(err) {
assert.ok(!err);
// Create a group with the two other members
var groupName = TestsUtil.generateTestUserId('someGroupName');
RestAPI.Group.createGroup(privateUser.restContext, groupName, groupName, 'public', 'no', [], [loggedInUser.user.id, publicUser.user.id], function(err, group) {
assert.ok(!err);
// Perform one search where we wait for the search index to refresh so all subsequent search requests don't have to wait
SearchTestsUtil.whenIndexingComplete(function() {
// The public member can only see his own thumbnail and the loggedin user
_verifySearchThumbnails(publicUser.restContext, group.id, true, true, false, publicUser.user.id, loggedInUser.user.id, privateUser.user.id, function() {
// The 'logged in' user can see his own thumbnail and the public one
_verifySearchThumbnails(loggedInUser.restContext, group.id, true, true, false, publicUser.user.id, loggedInUser.user.id, privateUser.user.id, function() {
// The private user can see everyone's thumbnail
return _verifySearchThumbnails(privateUser.restContext, group.id, true, true, true, publicUser.user.id, loggedInUser.user.id, privateUser.user.id, callback);
});
});
});
});
});
});
TestsUtil.generateTestUsers(camAdminRestContext, 2, function(err, users, mrvisser, simong) {
RestAPI.User.getMe(mrvisser.restContext, function(err, mrvisserMeData) {
assert.ok(!err);
/*
* Register a push client for mrvisser who is subscribed to:
* * `activity`-stream with the `activitystream` format
* * `activity`-stream with the `internal` format
* * `notification`-stream with the `internal` format
*/
var data = {
'authentication': {
'userId': mrvisserMeData.id,
'tenantAlias': mrvisserMeData.tenant.alias,
'signature': mrvisserMeData.signature
},
'streams': [
{
'resourceId': mrvisserMeData.id,
'streamType': 'activity',
'token': mrvisserMeData.signature,
'format': 'activitystreams'
},
{
'resourceId': mrvisserMeData.id,
'streamType': 'activity',
'token': mrvisserMeData.signature,
'format': 'internal'
},
{
'resourceId': mrvisserMeData.id,
'streamType': 'notification',
'token': mrvisserMeData.signature,
'format': 'internal'
}
]
};
// Setup the client
ActivityTestUtil.getFullySetupPushClient(data, function(client) {
// Create/share a discussion with mrvisser
RestAPI.Discussions.createDiscussion(simong.restContext, 'Test discussion', 'Test discussion description', 'public', [], [mrvisser.user.id], function(err, discussion) {
assert.ok(!err);
// Force a collection cycle as notifications are sent out on aggregation
ActivityTestUtil.collectAndGetNotificationStream(mrvisser.restContext, null, function(err, activityStream) {
assert.ok(!err);
});
var activitiesReceived = 0;
var formatReceived = {
'internal': 0,
'activitystreams': 0
};
client.on('message', function(message) {
activitiesReceived++;
formatReceived[message.format]++;
if (activitiesReceived === 3) {
assert.strictEqual(formatReceived['internal'], 2);
assert.strictEqual(formatReceived['activitystreams'], 1);
return callback();
}
});
});
});
});
});
RestAPI.User.getUser(publicTenant0.publicUser.restContext, publicTenant0.loggedinUser.user.id, function(err, user) {
assert.ok(!err);
assert.ok(user.following);
assert.strictEqual(user.following.canFollow, true);
assert.strictEqual(user.following.isFollowing, false);
// Ensure user profile reports a user can follow a public user from an external public tenant
RestAPI.User.getUser(publicTenant0.publicUser.restContext, publicTenant1.publicUser.user.id, function(err, user) {
assert.ok(!err);
assert.ok(user.following);
assert.strictEqual(user.following.canFollow, true);
assert.strictEqual(user.following.isFollowing, false);
// Ensure user profile reports a user cannot follow a public user from an external private tenant
RestAPI.User.getUser(publicTenant0.publicUser.restContext, privateTenant0.publicUser.user.id, function(err, user) {
assert.ok(!err);
assert.ok(user.following);
assert.strictEqual(user.following.canFollow, false);
assert.strictEqual(user.following.isFollowing, false);
// Make privateTenant0 public so we can do a cross-tenant follow
ConfigTestsUtil.updateConfigAndWait(TestsUtil.createGlobalAdminRestContext(), privateTenant0.tenant.alias, {'oae-tenants/tenantprivacy/tenantprivate': false}, function(err) {
assert.ok(!err);
var followedIds = [
publicTenant0.loggedinUser.user.id,
publicTenant1.publicUser.user.id,
privateTenant0.publicUser.user.id
];
// Follow the test subject users
FollowingTestsUtil.followAll(publicTenant0.publicUser.restContext, followedIds, function() {
// Make the tenant private again
ConfigTestsUtil.updateConfigAndWait(TestsUtil.createGlobalAdminRestContext(), privateTenant0.tenant.alias, {'oae-tenants/tenantprivacy/tenantprivate': true}, function(err) {
assert.ok(!err);
// Ensure user profile now reports that they are followed, and can no longer be followed
RestAPI.User.getUser(publicTenant0.publicUser.restContext, publicTenant0.loggedinUser.user.id, function(err, user) {
assert.ok(!err);
assert.ok(user.following);
assert.strictEqual(user.following.canFollow, false);
assert.strictEqual(user.following.isFollowing, true);
// Ensure user profile now reports that they are followed, and can no longer be followed
RestAPI.User.getUser(publicTenant0.publicUser.restContext, publicTenant1.publicUser.user.id, function(err, user) {
assert.ok(!err);
assert.ok(user.following);
assert.strictEqual(user.following.canFollow, false);
assert.strictEqual(user.following.isFollowing, true);
// Ensure user profile now reports the user from the private tenant is being followed, and still cannot be followed
RestAPI.User.getUser(publicTenant0.publicUser.restContext, privateTenant0.publicUser.user.id, function(err, user) {
assert.ok(!err);
assert.ok(user.following);
assert.strictEqual(user.following.canFollow, false);
assert.strictEqual(user.following.isFollowing, true);
return callback();
});
});
});
});
});
});
});
});
});
before(function(callback) {
// Fill up global admin rest context
camAdminRestContext = TestsUtil.createTenantAdminRestContext(global.oaeTests.tenants.cam.host);
// Fill up the rest context for our test user
var userId = TestsUtil.generateTestUserId('john');
RestAPI.User.createUser(camAdminRestContext, userId, 'password', 'John Doe', null, function(err, createdUser) {
johnRestContext = TestsUtil.createTenantRestContext(global.oaeTests.tenants.cam.host, userId, 'password');
// Add the full user id onto the REST context for use inside of this test
johnRestContext.id = createdUser.id;
// We get John's me feed so he is logged in for creating users and groups
RestAPI.User.getMe(johnRestContext, function() {
callback();
});
});
});
createUser(function(ctx) {
RestAPI.User.uploadPicture(ctx, ctx.user.id, getTextStream, null, function(err) {
assert.equal(err.code, 400);
callback();
});
});
RestAPI.Group.setGroupMembers(doerRestContext, targetLoggedinGroup.id, changes, function(err) {
assert.ok(!err);
RestAPI.User.createUser(camAdminRestContext, janeUsername, 'password', 'Jane McJaneFace', null, function(err, jane) {
assert.ok(!err);
var janeRestContext = TestsUtil.createTenantRestContext(global.oaeTests.tenants.cam.host, janeUsername, 'password');
// Verify anonymous cannot see loggedin group
SearchTestsUtil.searchAll(anonymousRestContext, 'members', [targetLoggedinGroup.id], null, function(err, results) {
assert.ok(err);
assert.equal(err.code, 401);
assert.ok(!results);
// Verify results and visibility for cross-tenant user. Cross-tenant user cannot see memberships of 'loggedin' groups from other tenants
SearchTestsUtil.searchAll(darthVaderRestContext, 'members', [targetLoggedinGroup.id], null, function(err, results) {
assert.ok(err);
assert.equal(err.code, 401);
assert.ok(!results);
// Verify results and visibility for loggedin user
SearchTestsUtil.searchAll(janeRestContext, 'members', [targetLoggedinGroup.id], null, function(err, results) {
assert.ok(!err);
var publicUserResult = _getDocById(results, publicUserMember.id);
var loggedinUserResult = _getDocById(results, loggedinUserMember.id);
var privateUserResult = _getDocById(results, privateUserMember.id);
var privateGroupResult = _getDocById(results, privateGroupMember.id);
var publicGroupResult = _getDocById(results, publicGroupMember.id);
// Verify all members are returned
assert.ok(publicUserResult);
assert.ok(loggedinUserResult);
assert.ok(privateUserResult);
assert.ok(privateGroupResult);
assert.ok(publicGroupResult);
// Verify user visibility. Private should have their publicAlias swapped into the title
assert.equal(publicUserResult.displayName, publicUserMember.displayName);
assert.equal(loggedinUserResult.displayName, loggedinUserMember.displayName);
assert.ok(loggedinUserResult.extra);
assert.equal(loggedinUserResult._extra, undefined);
assert.equal(loggedinUserResult.q_high, undefined);
assert.equal(loggedinUserResult.q_low, undefined);
assert.equal(loggedinUserResult.sort, undefined);
assert.equal(loggedinUserResult.extra.extraProp, 'My extra prop');
assert.equal(privateUserResult.displayName, privateUserMember.publicAlias);
assert.equal(publicGroupResult.displayName, publicGroupMember.displayName);
assert.equal(privateGroupResult.displayName, privateGroupMember.displayName);
// Verify that the correct resourceTypes are set
assert.equal(publicUserResult.resourceType, 'user');
assert.equal(loggedinUserResult.resourceType, 'user');
assert.equal(privateUserResult.resourceType, 'user');
assert.equal(publicGroupResult.resourceType, 'group');
assert.equal(privateGroupResult.resourceType, 'group');
// Verify that the correct profilePaths are set
assert.equal(publicUserResult.profilePath, '/user/' + publicUserResult.id);
assert.equal(loggedinUserResult.profilePath, '/user/' + loggedinUserResult.id);
assert.equal(privateUserResult.profilePath, undefined);
assert.equal(publicGroupResult.profilePath, '/group/' + publicGroupResult.id);
assert.equal(privateGroupResult.profilePath, '/group/' + privateGroupResult.id);
// Verify results and visibility for member user
SearchTestsUtil.searchAll(jackRestContext, 'members', [targetLoggedinGroup.id], null, function(err, results) {
assert.ok(!err);
var publicUserResult = _getDocById(results, publicUserMember.id);
var loggedinUserResult = _getDocById(results, loggedinUserMember.id);
var privateUserResult = _getDocById(results, privateUserMember.id);
var privateGroupResult = _getDocById(results, privateGroupMember.id);
var publicGroupResult = _getDocById(results, publicGroupMember.id);
// Verify member sees all
assert.ok(publicUserResult);
assert.ok(loggedinUserResult);
assert.ok(privateUserResult);
assert.ok(privateGroupResult);
assert.ok(publicGroupResult);
// Verify user visibility. Private should have their publicAlias swapped into the title
assert.equal(publicUserResult.displayName, publicUserMember.displayName);
assert.equal(loggedinUserResult.displayName, loggedinUserMember.displayName);
assert.ok(loggedinUserResult.extra);
assert.equal(loggedinUserResult.extra.extraProp, 'My extra prop');
assert.equal(loggedinUserResult._extra, undefined);
assert.equal(loggedinUserResult.q_high, undefined);
assert.equal(loggedinUserResult.q_low, undefined);
assert.equal(loggedinUserResult.sort, undefined);
assert.equal(privateUserResult.displayName, privateUserMember.publicAlias);
assert.equal(publicGroupResult.displayName, publicGroupMember.displayName);
assert.equal(privateGroupResult.displayName, privateGroupMember.displayName);
// Verify that the correct resourceTypes are set
assert.equal(publicUserResult.resourceType, 'user');
assert.equal(loggedinUserResult.resourceType, 'user');
assert.equal(privateUserResult.resourceType, 'user');
assert.equal(publicGroupResult.resourceType, 'group');
assert.equal(privateGroupResult.resourceType, 'group');
// Verify that the correct profilePaths are set
assert.equal(publicUserResult.profilePath, '/user/' + publicUserResult.id);
assert.equal(loggedinUserResult.profilePath, '/user/' + loggedinUserResult.id);
assert.equal(privateUserResult.profilePath, undefined);
assert.equal(publicGroupResult.profilePath, '/group/' + publicGroupResult.id);
assert.equal(privateGroupResult.profilePath, '/group/' + privateGroupResult.id);
callback();
});
});
});
});
});
});
it('verify group-join activity is delivered', function(callback) {
var doerUsername = TestsUtil.generateTestUserId('doer');
var username = TestsUtil.generateTestUserId('user');
var groupAlias = TestsUtil.generateTestGroupId('group');
// Create the user with which to perform setup
RestAPI.User.createUser(camAdminRestContext, doerUsername, 'password', 'Doer', null, function(err, doer) {
assert.ok(!err);
var doerRestContext = TestsUtil.createTenantRestContext(global.oaeTests.tenants.cam.host, doerUsername, 'password');
// Create a user with which to create a group, then ensure the user gets the activity
RestAPI.User.createUser(camAdminRestContext, username, 'password', 'Jack McJackerson', null, function(err, user) {
assert.ok(!err);
var userRestContext = TestsUtil.createTenantRestContext(global.oaeTests.tenants.cam.host, username, 'password');
RestAPI.Group.createGroup(doerRestContext, groupAlias, groupAlias, groupAlias, 'public', 'yes', [], [], function(err, group) {
assert.ok(!err);
RestAPI.Group.joinGroup(userRestContext, group.id, function(err) {
assert.ok(!err);
ActivityTestsUtil.collectAndGetActivityStream(userRestContext, user.id, null, function(err, activityStream) {
assert.ok(!err);
assert.ok(_getActivity(activityStream, 'group-join', 'object', group.id));
callback();
});
});
});
});
});
});