Feature: Unconsent permissions

src/app/services/actions/permissions-action-creator.spec.ts

@@ -1,37 +1,60 @@
 import {
   FETCH_SCOPES_ERROR,
-  FETCH_FULL_SCOPES_PENDING,
   FETCH_FULL_SCOPES_SUCCESS,
-  FETCH_URL_SCOPES_PENDING
+  FETCH_URL_SCOPES_PENDING,
+  QUERY_GRAPH_STATUS
 } from '../../../app/services/redux-constants';
 
 import {
-  fetchFullScopesSuccess, fetchFullScopesPending, fetchUrlScopesPending, fetchScopesError, getPermissionsScopeType
+  fetchFullScopesSuccess, fetchScopesError, getPermissionsScopeType, fetchScopes,
+  consentToScopes,
+  fetchUrlScopesPending,
+  fetchFullScopesPending,
+  revokeScopes
 } from './permissions-action-creator';
 import { IPermissionsResponse } from '../../../types/permissions';
 import { store } from '../../../store/index';
 import { ApplicationState } from '../../../types/root';
 import { Mode } from '../../../types/enums';
-import { AppAction } from '../../../types/action';
+import configureMockStore from 'redux-mock-store';
+import { authenticationWrapper } from '../../../modules/authentication';
+import thunk from 'redux-thunk';
+import { ACCOUNT_TYPE } from '../graph-constants';
+import { RevokePermissionsUtil } from './permissions-action-creator.util';
+import { cleanup } from '@testing-library/react';
+const middleware = [thunk];
+let mockStore = configureMockStore(middleware);
 
+afterEach(cleanup);
+beforeEach(() => {
+  const mockStore_ = configureMockStore(middleware);
+  mockStore = mockStore_
+})
 window.open = jest.fn();
-window.fetch = jest.fn();
 
 const mockState: ApplicationState = {
   devxApi: {
     baseUrl: 'https://graph.microsoft.com/v1.0/me',
     parameters: '$count=true'
   },
   permissionsPanelOpen: true,
-  profile: null,
+  profile: {
+    id: '123',
+    displayName: 'test',
+    emailAddress: '[email protected]',
+    profileImageUrl: 'https://graph.microsoft.com/v1.0/me/photo/$value',
+    ageGroup: 0,
+    tenant: 'binaryDomain',
+    profileType: ACCOUNT_TYPE.MSA
+  },
   sampleQuery: {
     sampleUrl: 'http://localhost:8080/api/v1/samples/1',
     selectedVerb: 'GET',
     selectedVersion: 'v1',
     sampleHeaders: []
   },
   authToken: { token: false, pending: false },
-  consentedScopes: [],
+  consentedScopes: ['profile.read User.Read Files.Read'],
   isLoadingData: false,
   queryRunnerStatus: null,
   termsOfUse: true,
@@ -128,7 +151,7 @@ describe('Permissions action creators', () => {
       }
     }
 
-    const expectedAction: AppAction = {
+    const expectedAction = {
       type: FETCH_FULL_SCOPES_SUCCESS,
       response
     }
@@ -146,7 +169,7 @@ describe('Permissions action creators', () => {
       error: {}
     }
 
-    const expectedAction: AppAction = {
+    const expectedAction = {
       type: FETCH_SCOPES_ERROR,
       response
     }
@@ -162,7 +185,7 @@ describe('Permissions action creators', () => {
   it('should dispatch FETCH_FULL_SCOPES_PENDING or FETCH_URL_SCOPES_PENDING depending on type passed to fetchScopesPending', () => {
     // Arrange
     const expectedFullScopesAction = {
-      type: FETCH_FULL_SCOPES_PENDING,
+      type: 'FETCH_SCOPES_PENDING',
       response: 'full'
     }
 
@@ -173,7 +196,7 @@ describe('Permissions action creators', () => {
 
     // Act
     const fullScopesAction = fetchFullScopesPending();
-    const urlScopesAction = fetchUrlScopesPending()
+    const urlScopesAction = fetchUrlScopesPending();
 
     // Assert
     expect(fullScopesAction).toEqual(expectedFullScopesAction);
@@ -191,4 +214,265 @@ describe('Permissions action creators', () => {
     expect(result).toEqual(expectedResult);
 
   });
+
+  it('should fetch scopes', () => {
+    // Arrange
+    const expectedResult = {}
+    const expectedAction: any = [
+      {
+        type: 'FETCH_SCOPES_PENDING',
+        response: 'full'
+      },
+      {
+        type: 'FULL_SCOPES_FETCH_SUCCESS',
+        response: {
+          scopes: {
+            fullPermissions: {}
+          }
+        }
+      }
+    ];
+
+    const store_ = mockStore(mockState);
+
+    const mockFetch = jest.fn().mockImplementation(() => {
+      return Promise.resolve({
+        ok: true,
+        json: () => Promise.resolve(expectedResult)
+      })
+    });
+
+    window.fetch = mockFetch;
+
+    // Act and Assert
+    // @ts-ignore
+    return store_.dispatch(fetchScopes())
+      // @ts-ignore
+      .then(() => {
+        expect(store_.getActions()).toEqual(expectedAction);
+      });
+  });
+
+  it('should consent to scopes', () => {
+    // Arrange
+    jest.spyOn(authenticationWrapper, 'consentToScopes').mockResolvedValue({
+      accessToken: 'jkkkkkkkkkkkkkkkkkkkksdss',
+      authority: 'string',
+      uniqueId: 'string',
+      tenantId: 'string',
+      scopes: ['profile.Read User.Read'],
+      account: null,
+      idToken: 'string',
+      idTokenClaims: {},
+      fromCache: true,
+      expiresOn: new Date(),
+      tokenType: 'AAD',
+      correlationId: 'string'
+    })
+    const expectedAction: any = [
+      {
+        type: 'GET_AUTH_TOKEN_SUCCESS',
+        response: true
+      },
+      {
+        type: 'GET_CONSENTED_SCOPES_SUCCESS',
+        response: ['profile.Read User.Read']
+      },
+      {
+        type: 'QUERY_GRAPH_STATUS',
+        response: {
+          statusText: 'Success',
+          status: 'Scope consent successful',
+          ok: true,
+          messageType: 4
+        }
+      }
+    ];
+
+    const store_ = mockStore(mockState);
+
+    // Act and Assert
+    // @ts-ignore
+    return store_.dispatch(consentToScopes())
+      // @ts-ignore
+      .then(() => {
+        expect(store_.getActions()).toEqual(expectedAction);
+      });
+  });
+
+  describe('Revoke scopes', () => {
+    it('should return Default Scope error when user tries to dissent to default scope', () => {
+      // Arrange
+      const store_ = mockStore(mockState);
+      jest.spyOn(RevokePermissionsUtil, 'getServicePrincipalId').mockResolvedValue('1234');
+      jest.spyOn(RevokePermissionsUtil, 'getSignedInPrincipalGrant').mockReturnValue({
+        clientId: '1234',
+        consentType: 'Principal',
+        principalId: '1234',
+        resourceId: '1234',
+        scope: 'profile.read User.Read',
+        id: 'SomeNiceId'
+      })
+      jest.spyOn(RevokePermissionsUtil, 'getTenantPermissionGrants').mockResolvedValue({
+        value: [
+          {
+            clientId: '1234',
+            consentType: 'Principal',
+            principalId: '1234',
+            resourceId: '1234',
+            scope: 'profile.read User.Read',
+            id: 'SomeNiceId'
+          },
+          {
+            clientId: '',
+            consentType: 'AllPrincipal',
+            principalId: null,
+            resourceId: '1234',
+            scope: 'profile.read User.Read Directory.Read.All'
+          }
+        ],
+        '@odata.context': 'https://graph.microsoft.com/v1.0/$metadata#permissionGrants'
+      })
+
+      const expectedActions = [
+        { type: 'REVOKE_SCOPES_PENDING', response: null },
+        { type: 'REVOKE_SCOPES_ERROR', response: null },
+        {
+          type: QUERY_GRAPH_STATUS,
+          response: {
+            statusText: 'Failed',
+            status: 'An error occurred when unconsenting. Please try again',
+            ok: false,
+            messageType: 1
+          }
+        }
+      ]
+
+
+      // Act and Assert
+      // @ts-ignore
+      return store_.dispatch(revokeScopes('User.Read'))
+        // @ts-ignore
+        .then(() => {
+          expect(store_.getActions()).toEqual(expectedActions);
+        });
+    });
+
+    it('should return 401 when user does not have required permissions', () => {
+      // Arrange
+      const store_ = mockStore(mockState);
+      jest.spyOn(RevokePermissionsUtil, 'getServicePrincipalId').mockResolvedValue('1234');
+      jest.spyOn(RevokePermissionsUtil, 'getSignedInPrincipalGrant').mockReturnValue({
+        clientId: '1234',
+        consentType: 'Principal',
+        principalId: '1234',
+        resourceId: '1234',
+        scope: 'profile.read User.Read Access.Read',
+        id: 'SomeNiceId'
+      })
+      jest.spyOn(RevokePermissionsUtil, 'getTenantPermissionGrants').mockResolvedValue({
+        value: [
+          {
+            clientId: '1234',
+            consentType: 'Principal',
+            principalId: '1234',
+            resourceId: '1234',
+            scope: 'profile.read User.Read Access.Read',
+            id: 'SomeNiceId'
+          },
+          {
+            clientId: '',
+            consentType: 'AllPrincipals',
+            principalId: null,
+            resourceId: '1234',
+            scope: 'profile.read User.Read Directory.Reaqd.All Access.Read'
+          }
+        ],
+        '@odata.context': 'https://graph.microsoft.com/v1.0/$metadata#permissionGrants'
+      });
+
+      const expectedActions = [
+        { type: 'REVOKE_SCOPES_PENDING', response: null },
+        { type: 'REVOKE_SCOPES_ERROR', response: null },
+        {
+          type: QUERY_GRAPH_STATUS,
+          response: {
+            statusText: 'Failed',
+            status: 'An error occurred when unconsenting. Please try again',
+            ok: false,
+            messageType: 1
+          }
+        }
+      ]
+
+      // Act and Assert
+      // @ts-ignore
+      return store_.dispatch(revokeScopes('Access.Read'))
+        // @ts-ignore
+        .then(() => {
+          expect(store_.getActions()).toEqual(expectedActions);
+        });
+
+    });
+
+    //revisit
+    it('should raise error when user attempts to dissent to an admin granted permission', () => {
+      // Arrange
+      const store_ = mockStore(mockState);
+      jest.spyOn(RevokePermissionsUtil, 'getServicePrincipalId').mockResolvedValue('1234');
+      jest.spyOn(RevokePermissionsUtil, 'getSignedInPrincipalGrant').mockReturnValue({
+        clientId: '1234',
+        consentType: 'Principal',
+        principalId: '1234',
+        resourceId: '1234',
+        scope: 'profile.read User.Read Access.Read Files.Read',
+        id: 'SomeNiceId'
+      })
+      jest.spyOn(RevokePermissionsUtil, 'getTenantPermissionGrants').mockResolvedValue({
+        value: [
+          {
+            clientId: '1234',
+            consentType: 'Principal',
+            principalId: '1234',
+            resourceId: '1234',
+            scope: 'User.Read Access.Read DelegatedPermissionGrant.ReadWrite.All Directory.Read.All Files.Read',
+            id: 'SomeNiceId'
+          },
+          {
+            clientId: '',
+            consentType: 'AllPrincipals',
+            principalId: null,
+            resourceId: '1234',
+            // eslint-disable-next-line max-len
+            scope: 'profile.read User.Read Directory.Reaqd.All Access.Read DelegatedPermissionGrant.ReadWrite.All Directory.Read.All'
+          }
+        ],
+        '@odata.context': 'https://graph.microsoft.com/v1.0/$metadata#permissionGrants'
+      });
+
+      jest.spyOn(RevokePermissionsUtil, 'isSignedInUserTenantAdmin').mockResolvedValue(false);
+
+      const expectedActions = [
+        { type: 'REVOKE_SCOPES_PENDING', response: null },
+        { type: 'REVOKE_SCOPES_ERROR', response: null },
+        {
+          type: QUERY_GRAPH_STATUS,
+          response: {
+            statusText: 'Failed',
+            status: 'An error occurred when unconsenting. Please try again',
+            ok: false,
+            messageType: 1
+          }
+        }
+      ]
+
+      // Act and Assert
+      // @ts-ignore
+      return store_.dispatch(revokeScopes('Access.Read'))
+        // @ts-ignore
+        .then(() => {
+          expect(store_.getActions()).toEqual(expectedActions);
+        });
+    });
+  })
 })