[backend] add tests

OpenCTI-Platform · Dec 17, 2024 · 5aa6ebf · 5aa6ebf
1 parent abbe600
commit 5aa6ebf
Show file tree

Hide file tree

Showing 7 changed files with 73 additions and 18 deletions.
diff --git a/opencti-platform/opencti-graphql/src/manager/taskManager.js b/opencti-platform/opencti-graphql/src/manager/taskManager.js
@@ -440,7 +440,7 @@ const executeShareMultiple = async (context, user, actionContext, element) => {
 const executeUnshareMultiple = async (context, user, actionContext, element) => {
   await Promise.all(actionContext.values.map((organizationId) => removeOrganizationRestriction(context, user, element.id, organizationId)));
 };
-const executeRemoveAuthMembers = async (context, user, element) => {
+export const executeRemoveAuthMembers = async (context, user, element) => {
   await editAuthorizedMembers(context, user, {
     entityId: element.id,
     entityType: element.entity_type,

diff --git a/opencti-platform/opencti-graphql/tests/02-integration/01-database/elasticSearch-test.js b/opencti-platform/opencti-graphql/tests/02-integration/01-database/elasticSearch-test.js
@@ -837,7 +837,7 @@ describe('Elasticsearch pagination', () => {
     const internalRelationships = groupByIndices[`${ES_INDEX_PREFIX}_internal_relationships-000001`].map((m) => m.node);
     const internalRelationshipsByType = R.groupBy((m) => m.entity_type, internalRelationships);
     expect(internalRelationshipsByType['accesses-to'].length).toEqual(28);
-    expect(internalRelationshipsByType['has-capability'].length).toEqual(54);
+    expect(internalRelationshipsByType['has-capability'].length).toEqual(55);
     expect(internalRelationshipsByType['has-role'].length).toEqual(9);
     expect(internalRelationshipsByType['member-of'].length).toEqual(13);
     expect(internalRelationshipsByType['participate-to'].length).toEqual(2);
@@ -876,7 +876,7 @@ describe('Elasticsearch pagination', () => {
     expect(metaByEntityType['object-marking'].length).toEqual(28);
     expect(metaByEntityType['kill-chain-phase'].length).toEqual(3);
     expect(metaByEntityType['operating-system'].length).toEqual(1);
-    expect(data.edges.length).toEqual(261);
+    expect(data.edges.length).toEqual(262);
 
     let filterBaseTypes = R.uniq(R.map((e) => e.node.base_type, data.edges));
     expect(filterBaseTypes.length).toEqual(1);
@@ -885,7 +885,7 @@ describe('Elasticsearch pagination', () => {
     data = await elPaginate(testContext, ADMIN_USER, READ_RELATIONSHIPS_INDICES, { connectionFormat: false });
     expect(data).not.toBeNull();
     const entityTypeMap = mapCountPerEntityType(data);
-    expect(entityTypeMap.get('has-capability')).toBe(54);
+    expect(entityTypeMap.get('has-capability')).toBe(55);
     expect(entityTypeMap.get('accesses-to')).toBe(28);
     expect(entityTypeMap.get('member-of')).toBe(13);
     expect(entityTypeMap.get('has-role')).toBe(9);
@@ -906,7 +906,7 @@ describe('Elasticsearch pagination', () => {
     expect(entityTypeMap.get('external-reference')).toBe(7);
     expect(entityTypeMap.get('operating-system')).toBe(1);
     expect(entityTypeMap.get('stix-sighting-relationship')).toBe(2);
-    expect(data.length).toEqual(261);
+    expect(data.length).toEqual(262);
     filterBaseTypes = R.uniq(R.map((e) => e.base_type, data));
     expect(filterBaseTypes.length).toEqual(1);
     expect(R.head(filterBaseTypes)).toEqual('RELATION');

diff --git a/...rm/opencti-graphql/tests/02-integration/02-resolvers/container-authorized-members-test.ts b/...rm/opencti-graphql/tests/02-integration/02-resolvers/container-authorized-members-test.ts
@@ -10,7 +10,8 @@ import {
   PLATFORM_ORGANIZATION,
   securityQuery,
   TEST_ORGANIZATION,
-  USER_EDITOR
+  USER_EDITOR,
+  USER_SECURITY
 } from '../../utils/testQuery';
 import { adminQueryWithSuccess, enableCEAndUnSetOrganization, enableEEAndSetOrganization, queryAsUserIsExpectedForbidden } from '../../utils/testQueryHelper';
 import { ENTITY_TYPE_CONTAINER_CASE_INCIDENT } from '../../../src/modules/case/case-incident/case-incident-types';
@@ -189,7 +190,7 @@ describe('Case Incident Response standard behavior with authorized_members activ
     expect(caseIRQueryResult?.data?.caseIncident.id).toEqual(caseIncident.id);
     expect(caseIRQueryResult?.data?.caseIncident.currentUserAccessRight).toEqual('admin');
   });
-  it('should Editor user not edit authorized members because missing capa', async () => {
+  it('should SECURITY user not edit authorized members because missing capa', async () => {
     userEditorId = await getUserIdByEmail(USER_EDITOR.email);
     const authorizedMembers = {
       id: caseIncident.id,
@@ -200,7 +201,7 @@ describe('Case Incident Response standard behavior with authorized_members activ
         },
       ]
     };
-    await queryAsUserIsExpectedForbidden(USER_EDITOR.client, {
+    await queryAsUserIsExpectedForbidden(USER_SECURITY.client, {
       query: EDIT_AUTHORIZED_MEMBERS_QUERY,
       variables: authorizedMembers,
     });

diff --git a/opencti-platform/opencti-graphql/tests/02-integration/02-resolvers/user-test.ts b/opencti-platform/opencti-graphql/tests/02-integration/02-resolvers/user-test.ts
@@ -851,7 +851,7 @@ describe('User has no settings capability and is organization admin query behavi
     const editorUserQueryResult = await adminQuery({ query: READ_QUERY, variables: { id: userEditorId } });
     expect(editorUserQueryResult).not.toBeNull();
     expect(editorUserQueryResult.data.user).not.toBeNull();
-    expect(editorUserQueryResult.data.user.capabilities.length).toEqual(5);
+    expect(editorUserQueryResult.data.user.capabilities.length).toEqual(6);
     const { capabilities } = editorUserQueryResult.data.user;
     expect(capabilities.some((capa: Capability) => capa.name === VIRTUAL_ORGANIZATION_ADMIN)).toEqual(true);
   });

diff --git a/opencti-platform/opencti-graphql/tests/02-integration/04-manager/taskManager-test.ts b/opencti-platform/opencti-graphql/tests/02-integration/04-manager/taskManager-test.ts
@@ -2,9 +2,9 @@ import { afterAll, beforeAll, describe, expect, it } from 'vitest';
 import type { BasicStoreEntity } from '../../../src/types/store';
 import { addIndicator, promoteIndicatorToObservables } from '../../../src/modules/indicator/indicator-domain';
 import { addStixCyberObservable, promoteObservableToIndicator, stixCyberObservableDelete } from '../../../src/domain/stixCyberObservable';
-import { executePromoteIndicatorToObservables, executePromoteObservableToIndicator, executeReplace } from '../../../src/manager/taskManager';
+import { executePromoteIndicatorToObservables, executePromoteObservableToIndicator, executeReplace, executeRemoveAuthMembers } from '../../../src/manager/taskManager';
 import type { AuthContext } from '../../../src/types/user';
-import { ADMIN_USER, TEST_ORGANIZATION, testContext } from '../../utils/testQuery';
+import { ADMIN_USER, getUserIdByEmail, TEST_ORGANIZATION, testContext, USER_EDITOR } from '../../utils/testQuery';
 import { MARKING_TLP_AMBER, MARKING_TLP_CLEAR } from '../../../src/schema/identifier';
 import { addReport, findById as findReportById } from '../../../src/domain/report';
 import { findById as findMarkingById } from '../../../src/domain/markingDefinition';
@@ -13,6 +13,8 @@ import { stixDomainObjectDelete } from '../../../src/domain/stixDomainObject';
 import { type OrganizationAddInput } from '../../../src/generated/graphql';
 import { RELATION_OBJECT } from '../../../src/schema/stixRefRelationship';
 import { promoteObservableInput, promoteIndicatorInput, promoteReportInput } from './taskManager-promote-values/promoteValues';
+import { editAuthorizedMembers } from '../../../src/utils/authorizedMembers';
+import { KNOWLEDGE_KNUPDATE_KNMANAGEAUTHMEMBERS } from '../../../src/utils/access';
 
 describe('TaskManager executeReplace tests ', () => {
   const adminContext: AuthContext = { user: ADMIN_USER, tracing: undefined, source: 'taskManager-integration-test', otp_mandatory: false };
@@ -372,3 +374,55 @@ describe('TaskManager executePromote tests', () => {
     });
   });
 });
+
+describe('TaskManager executeRemoveAuthMembers tests', () => {
+  const adminContext: AuthContext = { user: ADMIN_USER, tracing: undefined, source: 'taskManager-integration-test', otp_mandatory: false };
+  let reportId: string;
+  afterAll(async () => {
+    await stixDomainObjectDelete(adminContext, adminContext.user, reportId); // + 1 delete
+    const report = await findReportById(adminContext, adminContext.user, reportId);
+    expect(report).toBeUndefined();
+  });
+  it('Should REMOVE authorized members', async () => {
+    // Create Report + 1 create
+    const reportInput = {
+      name: 'test report remove authorized members',
+      published: '2023-10-06T22:00:00.000Z',
+    };
+    const report = await addReport(adminContext, adminContext.user, reportInput);
+    expect(report.id).toBeDefined();
+    reportId = report.id;
+
+    // Add authorized members : + 1 update
+    const userEditorId = await getUserIdByEmail(USER_EDITOR.email);
+    if (adminContext.user) {
+      await editAuthorizedMembers(adminContext, adminContext.user, {
+        entityType: report.entityType,
+        requiredCapabilities: [KNOWLEDGE_KNUPDATE_KNMANAGEAUTHMEMBERS],
+        entityId: report.id,
+        input: [
+          {
+            id: userEditorId,
+            access_right: 'admin'
+          }
+        ]
+      });
+    }
+
+    // Verify authorized members
+    const reportWithAuthorizedMembers = await findReportById(adminContext, adminContext.user, reportId);
+    expect(reportWithAuthorizedMembers.authorized_members).toEqual([
+      {
+        id: userEditorId,
+        access_right: 'admin'
+      }
+    ]);
+
+    // Admin user removes authorized members: + 1 update
+    await executeRemoveAuthMembers(adminContext, adminContext.user, report);
+
+    // Verify there are no authorized
+    const reportAfterRemove = await findReportById(adminContext, adminContext.user, reportId);
+    expect(reportAfterRemove.authorized_members).toBeUndefined();
+  });
+});
diff --git a/opencti-platform/opencti-graphql/tests/03-streams/00-Raw/raw-test.js b/opencti-platform/opencti-graphql/tests/03-streams/00-Raw/raw-test.js
@@ -42,11 +42,11 @@ describe('Raw streams tests', () => {
       expect(createEventsByTypes.file.length).toBe(4);
       expect(createEventsByTypes.campaign.length).toBe(5);
       expect(createEventsByTypes.incident.length).toBe(2);
-      expect(createEventsByTypes.report.length).toBe(38);
+      expect(createEventsByTypes.report.length).toBe(39);
       expect(createEventsByTypes.tool.length).toBe(2);
       expect(createEventsByTypes.vocabulary.length).toBe(342); // 328 created at init + 2 created in tests + 5 vocabulary organizations types + 7 persona
       expect(createEventsByTypes.vulnerability.length).toBe(7);
-      expect(createEvents.length).toBe(803);
+      expect(createEvents.length).toBe(804);
       for (let createIndex = 0; createIndex < createEvents.length; createIndex += 1) {
         const { data: insideData, origin, type } = createEvents[createIndex];
         expect(origin).toBeDefined();
@@ -75,14 +75,14 @@ describe('Raw streams tests', () => {
       expect(updateEventsByTypes['malware-analysis'].length).toBe(3);
       expect(updateEventsByTypes['note'].length).toBe(3);
       expect(updateEventsByTypes['opinion'].length).toBe(6);
-      expect(updateEventsByTypes['report'].length).toBe(14);
+      expect(updateEventsByTypes['report'].length).toBe(16);
       expect(updateEventsByTypes['ipv4-addr'].length).toBe(3);
       expect(updateEventsByTypes['tool'].length).toBe(7);
       expect(updateEventsByTypes['sighting'].length).toBe(4);
       expect(updateEventsByTypes['threat-actor'].length).toBe(17);
       expect(updateEventsByTypes['vocabulary'].length).toBe(3);
       expect(updateEventsByTypes['vulnerability'].length).toBe(3);
-      expect(updateEvents.length).toBe(176);
+      expect(updateEvents.length).toBe(178);
       for (let updateIndex = 0; updateIndex < updateEvents.length; updateIndex += 1) {
         const event = updateEvents[updateIndex];
         const { data: insideData, origin, type } = event;
@@ -95,7 +95,7 @@ describe('Raw streams tests', () => {
       }
       // 03 - CHECK DELETE EVENTS
       const deleteEvents = events.filter((e) => e.type === EVENT_TYPE_DELETE);
-      expect(deleteEvents.length).toBe(154);
+      expect(deleteEvents.length).toBe(155);
       // const deleteEventsByTypes = R.groupBy((e) => e.data.data.type, deleteEvents);
       for (let delIndex = 0; delIndex < deleteEvents.length; delIndex += 1) {
         const { data: insideData, origin, type } = deleteEvents[delIndex];

diff --git a/opencti-platform/opencti-graphql/tests/utils/testQuery.ts b/opencti-platform/opencti-graphql/tests/utils/testQuery.ts
@@ -22,7 +22,7 @@ export const SYNC_LIVE_START_REMOTE_URI = conf.get('app:sync_live_start_remote_u
 export const SYNC_DIRECT_START_REMOTE_URI = conf.get('app:sync_direct_start_remote_uri');
 export const SYNC_RESTORE_START_REMOTE_URI = conf.get('app:sync_restore_start_remote_uri');
 export const SYNC_TEST_REMOTE_URI = `http://api-tests:${PORT}`;
-export const RAW_EVENTS_SIZE = 1141;
+export const RAW_EVENTS_SIZE = 1145;
 export const SYNC_LIVE_EVENTS_SIZE = 608;
 
 export const PYTHON_PATH = './src/python/testing';
@@ -114,7 +114,7 @@ export const ROLE_EDITOR: Role = {
   id: generateStandardId(ENTITY_TYPE_ROLE, { name: 'Access knowledge/exploration and edit/delete' }),
   name: 'Access knowledge/exploration and edit/delete',
   description: 'Knowledge/exploration edit/delete',
-  capabilities: ['KNOWLEDGE_KNUPDATE_KNDELETE', 'EXPLORE_EXUPDATE_EXDELETE', 'EXPLORE_EXUPDATE_PUBLISH']
+  capabilities: ['KNOWLEDGE_KNUPDATE_KNDELETE', 'EXPLORE_EXUPDATE_EXDELETE', 'EXPLORE_EXUPDATE_PUBLISH', 'KNOWLEDGE_KNUPDATE_KNMANAGEAUTHMEMBERS']
 };
 TESTING_ROLES.push(ROLE_EDITOR);