[backend] wip: add sharing tests

OpenCTI-Platform · Oct 17, 2024 · 4a0e139 · 4a0e139
1 parent 54d69a3
commit 4a0e139
Show file tree

Hide file tree

Showing 5 changed files with 97 additions and 41 deletions.
diff --git a/opencti-platform/opencti-graphql/src/manager/taskManager.js b/opencti-platform/opencti-graphql/src/manager/taskManager.js
@@ -550,7 +550,7 @@ const executeProcessing = async (context, user, job, scope) => {
   return errors;
 };
 
-const taskHandler = async () => {
+export const taskHandler = async () => {
   let lock;
   try {
     // Lock the manager

diff --git a/...i-platform/opencti-graphql/tests/02-integration/02-resolvers/organization-sharing-test.ts b/...i-platform/opencti-graphql/tests/02-integration/02-resolvers/organization-sharing-test.ts
@@ -1,9 +1,21 @@
 import { describe, expect, it } from 'vitest';
 import gql from 'graphql-tag';
-import { ADMIN_API_TOKEN, ADMIN_USER, API_URI, FIVE_MINUTES, getOrganizationIdByName, PYTHON_PATH, TEST_ORGANIZATION, testContext, USER_EDITOR } from '../../utils/testQuery';
-import { adminQueryWithSuccess, queryAsUserWithSuccess } from '../../utils/testQueryHelper';
+import {
+  ADMIN_API_TOKEN,
+  ADMIN_USER,
+  API_URI,
+  FIVE_MINUTES,
+  getOrganizationIdByName,
+  PLATFORM_ORGANIZATION,
+  PYTHON_PATH,
+  TEST_ORGANIZATION,
+  testContext,
+  USER_EDITOR
+} from '../../utils/testQuery';
+import { adminQueryWithSuccess, enableCEAndUnSetOrganization, enableEEAndSetOrganization, queryAsUserWithSuccess } from '../../utils/testQueryHelper';
 import { findById } from '../../../src/domain/report';
 import { execChildPython } from '../../../src/python/pythonBridge';
+import { taskHandler } from '../../../src/manager/taskManager';
 
 const ORGANIZATION_SHARING_QUERY = gql`
   mutation StixCoreObjectSharingGroupAddMutation(
@@ -22,6 +34,29 @@ const ORGANIZATION_SHARING_QUERY = gql`
   }
 `;
 
+const REPORT_STIX_DOMAIN_ENTITIES = gql`
+  query report($id: String!) {
+    report(id: $id) {
+      id
+      standard_id
+      objects(first: 30) {
+        edges {
+          node {
+            ... on BasicObject {
+              id
+              standard_id
+            }
+            ... on BasicRelationship {
+              id
+              standard_id
+            }
+          }
+        }
+      }
+    }
+  }
+`;
+
 const importOpts: string[] = [API_URI, ADMIN_API_TOKEN, './tests/data/organization-sharing/20241003_Report_to_test_orga_sharing_full.json'];
 
 describe('Database provision', () => {
@@ -47,10 +82,17 @@ describe('Organization sharing standard behavior for container', () => {
     expect(report).not.toBeUndefined();
     reportInternalId = report.id;
   });
-  it.skip('should platform organization sharing and EE activated', async () => {
-    // await enableEEAndSetOrganization(PLATFORM_ORGANIZATION);
+  it('should platform organization sharing and EE activated', async () => {
+    await enableEEAndSetOrganization(PLATFORM_ORGANIZATION);
+  });
+  it('should user from different organization not access the report', async () => {
+    const queryResult = await queryAsUserWithSuccess(USER_EDITOR.client, {
+      query: REPORT_STIX_DOMAIN_ENTITIES,
+      variables: { id: reportInternalId },
+    });
+    expect(queryResult.data.report).toBeNull();
   });
-  it.skip('should share Report with Organization', async () => {
+  it('should share Report with Organization', async () => {
     // Get organization id
     organizationId = await getOrganizationIdByName(TEST_ORGANIZATION.name);
     const organizationSharingQueryResult = await adminQueryWithSuccess({
@@ -61,36 +103,14 @@ describe('Organization sharing standard behavior for container', () => {
     expect(organizationSharingQueryResult?.data?.stixCoreObjectEdit.restrictionOrganizationAdd.objectOrganization[0].name).toEqual(TEST_ORGANIZATION.name);
 
     // Need background task magic to happens for sharing
-    //  await taskHandler();
+    await taskHandler();
   });
-  it.skip('should Editor user access all objects', async () => {
-    const REPORT_STIX_DOMAIN_ENTITIES = gql`
-      query report($id: String!) {
-        report(id: $id) {
-          id
-          standard_id
-          objects(first: 30) {
-            edges {
-              node {
-                ... on BasicObject {
-                  id
-                  standard_id
-                }
-                ... on BasicRelationship {
-                  id
-                  standard_id
-                }
-              }
-            }
-          }
-        }
-      }
-    `;
+  it('should Editor user access all objects', async () => {
     const queryResult = await queryAsUserWithSuccess(USER_EDITOR.client, {
       query: REPORT_STIX_DOMAIN_ENTITIES,
       variables: { id: reportInternalId },
     });
-    expect(queryResult.data.report.objects.edges.length).toEqual(10);
+    expect(queryResult.data.report.objects.edges.length).toEqual(8);
   });
   it('should all entities deleted', async () => {
     const PURGE_QUERY = gql`
@@ -112,7 +132,7 @@ describe('Organization sharing standard behavior for container', () => {
     });
     expect(purgeQueryResult.data.reportEdit.delete).toEqual(reportInternalId);
   });
-  it.skip('should plateform organization sharing and EE deactivated', async () => {
-    // await enableCEAndUnSetOrganization();
+  it('should plateform organization sharing and EE deactivated', async () => {
+    await enableCEAndUnSetOrganization();
   });
 });
diff --git a/opencti-platform/opencti-graphql/tests/03-streams/00-Raw/raw-test.js b/opencti-platform/opencti-graphql/tests/03-streams/00-Raw/raw-test.js
@@ -58,8 +58,8 @@ describe('Raw streams tests', () => {
       expect(updateEventsByTypes['marking-definition'].length).toBe(2);
       expect(updateEventsByTypes['campaign'].length).toBe(7);
       expect(updateEventsByTypes['relationship'].length).toBe(8);
-      expect(updateEventsByTypes['identity'].length).toBe(16);
-      expect(updateEventsByTypes['malware'].length).toBe(16);
+      expect(updateEventsByTypes['identity'].length).toBe(18);
+      expect(updateEventsByTypes['malware'].length).toBe(17);
       expect(updateEventsByTypes['intrusion-set'].length).toBe(4);
       expect(updateEventsByTypes['data-component'].length).toBe(4);
       expect(updateEventsByTypes['location'].length).toBe(14);
@@ -70,19 +70,19 @@ describe('Raw streams tests', () => {
       expect(updateEventsByTypes['external-reference'].length).toBe(1);
       expect(updateEventsByTypes['grouping'].length).toBe(3);
       expect(updateEventsByTypes['incident'].length).toBe(3);
-      expect(updateEventsByTypes['indicator'].length).toBe(4);
+      expect(updateEventsByTypes['indicator'].length).toBe(5);
       expect(updateEventsByTypes['label'].length).toBe(1);
       expect(updateEventsByTypes['malware-analysis'].length).toBe(3);
       expect(updateEventsByTypes['note'].length).toBe(3);
       expect(updateEventsByTypes['opinion'].length).toBe(6);
-      expect(updateEventsByTypes['report'].length).toBe(12);
+      expect(updateEventsByTypes['report'].length).toBe(13);
       expect(updateEventsByTypes['ipv4-addr'].length).toBe(3);
       expect(updateEventsByTypes['tool'].length).toBe(7);
       expect(updateEventsByTypes['sighting'].length).toBe(4);
       expect(updateEventsByTypes['threat-actor'].length).toBe(17);
       expect(updateEventsByTypes['vocabulary'].length).toBe(3);
       expect(updateEventsByTypes['vulnerability'].length).toBe(3);
-      expect(updateEvents.length).toBe(163);
+      expect(updateEvents.length).toBe(169);
       for (let updateIndex = 0; updateIndex < updateEvents.length; updateIndex += 1) {
         const event = updateEvents[updateIndex];
         const { data: insideData, origin, type } = event;

diff --git a/opencti-platform/opencti-graphql/tests/utils/testQuery.ts b/opencti-platform/opencti-graphql/tests/utils/testQuery.ts
@@ -22,7 +22,7 @@ export const SYNC_LIVE_START_REMOTE_URI = conf.get('app:sync_live_start_remote_u
 export const SYNC_DIRECT_START_REMOTE_URI = conf.get('app:sync_direct_start_remote_uri');
 export const SYNC_RESTORE_START_REMOTE_URI = conf.get('app:sync_restore_start_remote_uri');
 export const SYNC_TEST_REMOTE_URI = `http://api-tests:${PORT}`;
-export const RAW_EVENTS_SIZE = 1108;
+export const RAW_EVENTS_SIZE = 1114;
 export const SYNC_LIVE_EVENTS_SIZE = 608;
 
 export const PYTHON_PATH = './src/python/testing';
@@ -275,7 +275,7 @@ export const PLATFORM_ADMIN_GROUP: Group = {
 TESTING_GROUPS.push(PLATFORM_ADMIN_GROUP);
 
 // Organization
-interface Organization {
+export interface Organization {
   name: string,
   id: string
 }

diff --git a/opencti-platform/opencti-graphql/tests/utils/testQueryHelper.ts b/opencti-platform/opencti-graphql/tests/utils/testQueryHelper.ts
@@ -1,10 +1,11 @@
 import { expect } from 'vitest';
 import { print } from 'graphql/index';
 import type { AxiosInstance } from 'axios';
-import { adminQuery, createUnauthenticatedClient, executeInternalQuery, queryAsAdmin } from './testQuery';
+import { ADMIN_USER, adminQuery, createUnauthenticatedClient, executeInternalQuery, getOrganizationIdByName, type Organization, queryAsAdmin, testContext } from './testQuery';
 import { downloadFile, streamConverter } from '../../src/database/file-storage';
 import { logApp } from '../../src/config/conf';
 import { AUTH_REQUIRED, FORBIDDEN_ACCESS } from '../../src/config/errors';
+import { getSettings, settingsEditField } from '../../src/domain/settings';
 
 // Helper for test usage whit expect inside.
 // vitest cannot be an import of testQuery, so it must be a separate file.
@@ -88,3 +89,38 @@ export const requestFileFromStorageAsAdmin = async (storageId: string) => {
   expect(stream, `No stream mean no file found in storage or error for ${storageId}`).not.toBeNull();
   return streamConverter(stream);
 };
+
+/**
+ * Enable Enterprise edition and set the platform organisation.
+ * @param organization: organization to use as platform organization.
+ */
+export const enableEEAndSetOrganization = async (organization: Organization) => {
+  const platformOrganizationId = await getOrganizationIdByName(organization.name);
+  const platformSettings: any = await getSettings(testContext);
+
+  const input = [
+    { key: 'enterprise_edition', value: [new Date().getTime()] },
+    { key: 'platform_organization', value: [platformOrganizationId] }
+  ];
+  const settingsResult = await settingsEditField(testContext, ADMIN_USER, platformSettings.id, input);
+
+  expect(settingsResult.platform_organization).not.toBeUndefined();
+  expect(settingsResult.enterprise_edition).not.toBeUndefined();
+  expect(settingsResult.platform_organization).toEqual(platformOrganizationId);
+};
+
+/**
+ * Remove any platform organization and go back to comunity edition.
+ */
+export const enableCEAndUnSetOrganization = async () => {
+  const platformSettings: any = await getSettings(testContext);
+
+  const input = [
+    { key: 'enterprise_edition', value: [] },
+    { key: 'platform_organization', value: [] }
+  ];
+  const settingsResult = await settingsEditField(testContext, ADMIN_USER, platformSettings.id, input);
+
+  expect(settingsResult.platform_organization).toBeUndefined();
+  expect(settingsResult.enterprise_edition).toBeUndefined();
+};