1: -module(graphql_gdpr_SUITE). 2: 3: -compile([export_all, nowarn_export_all]). 4: 5: -import(common_helper, [unprep/1]). 6: -import(domain_helper, [host_type/0, domain/0]). 7: -import(distributed_helper, [mim/0, rpc/4, require_rpc_nodes/1]). 8: -import(graphql_helper, [execute_command/4, execute_user_command/5, user_to_bin/1, 9: get_ok_value/2, get_err_code/1, get_unauthorized/1]). 10: 11: -include_lib("common_test/include/ct.hrl"). 12: -include_lib("eunit/include/eunit.hrl"). 13: 14: suite() -> 15: require_rpc_nodes([mim]) ++ escalus:suite(). 16: 17: all() -> 18: [{group, admin_gdpr_http}, 19: {group, admin_gdpr_cli}, 20: {group, domain_admin_gdpr}]. 21: 22: groups() -> 23: [{admin_gdpr_http, [], admin_gdpr_tests()}, 24: {admin_gdpr_cli, [], admin_gdpr_tests()}, 25: {domain_admin_gdpr, [], domain_admin_gdpr_tests()}]. 26: 27: admin_gdpr_tests() -> 28: [admin_retrieve_user_data, 29: admin_retrieve_user_data_with_unprepped_name, 30: admin_gdpr_no_user_test, 31: admin_gdpr_empty_filename_test, 32: admin_gdpr_access_denied_erofs, 33: admin_gdpr_access_denied_eacces, 34: admin_gdpr_access_denied_exit, 35: admin_gdpr_access_denied_filename_is_a_directory]. 36: 37: domain_admin_gdpr_tests() -> 38: [admin_retrieve_user_data, 39: admin_retrieve_user_data_with_unprepped_name, 40: admin_gdpr_no_user_test, 41: domain_admin_retrieve_user_data_no_permission]. 42: 43: init_per_suite(Config) -> 44: Config1 = escalus:init_per_suite(Config), 45: ejabberd_node_utils:init(mim(), Config1). 46: 47: end_per_suite(Config) -> 48: escalus:end_per_suite(Config). 49: 50: init_per_group(admin_gdpr_http, Config) -> 51: graphql_helper:init_admin_handler(Config); 52: init_per_group(admin_gdpr_cli, Config) -> 53: graphql_helper:init_admin_cli(Config); 54: init_per_group(domain_admin_gdpr, Config) -> 55: graphql_helper:init_domain_admin_handler(Config). 56: 57: end_per_group(_, _Config) -> 58: graphql_helper:clean(), 59: escalus_fresh:clean(). 60: 61: init_per_testcase(CaseName, Config) -> 62: escalus:init_per_testcase(CaseName, Config). 63: 64: end_per_testcase(CaseName, Config) -> 65: escalus_fresh:clean(), 66: escalus:end_per_testcase(CaseName, Config). 67: 68: % Admin test cases 69: 70: admin_retrieve_user_data(Config) -> 71: Config1 = escalus_fresh:create_users(Config, [{alice, 1}]), 72: User = escalus_users:get_username(Config1, alice), 73: admin_retrieve_user_data(Config1, User, domain()). 74: 75: admin_retrieve_user_data_with_unprepped_name(Config) -> 76: Config1 = escalus_fresh:create_users(Config, [{alice, 1}]), 77: User = escalus_users:get_username(Config1, alice), 78: admin_retrieve_user_data(Config1, unprep(User), unprep(domain())). 79: 80: admin_retrieve_user_data(Config, User, Domain) -> 81: Filename = random_filename(Config), 82: Res = admin_retrieve_personal_data(User, Domain, list_to_binary(Filename), Config), 83: ParsedResult = get_ok_value([data, gdpr, retrievePersonalData], Res), 84: ?assertEqual(<<"Data retrieved">>, ParsedResult), 85: FullPath = get_mim_cwd() ++ "/" ++ Filename, 86: Dir = make_dir_name(Filename, User), 87: ct:log("extracting logs ~s", [Dir]), 88: ?assertMatch({ok, _}, zip:extract(FullPath, [{cwd, Dir}])). 89: 90: admin_gdpr_no_user_test(Config) -> 91: Res = admin_retrieve_personal_data(<<"AAAA">>, domain(), <<"AAA">>, Config), 92: ?assertEqual(<<"user_does_not_exist_error">>, get_err_code(Res)). 93: 94: admin_gdpr_empty_filename_test(Config) -> 95: escalus:fresh_story_with_config(Config, [{alice, 1}], fun admin_gdpr_empty_filename_test/2). 96: 97: admin_gdpr_empty_filename_test(Config, Alice) -> 98: Filename = "", 99: Res = admin_retrieve_personal_data(escalus_client:username(Alice), escalus_client:server(Alice), 100: list_to_binary(Filename), Config), 101: ?assertEqual(<<"wrong_filename_error">>, get_err_code(Res)). 102: 103: admin_gdpr_access_denied_erofs(Config) -> 104: escalus:fresh_story_with_config(Config, [{alice, 1}], fun admin_gdpr_access_denied_erofs/2). 105: 106: admin_gdpr_access_denied_erofs(Config, Alice) -> 107: Filename = "/non_existing_file!", 108: Res = admin_retrieve_personal_data(escalus_client:username(Alice), escalus_client:server(Alice), 109: list_to_binary(Filename), Config), 110: ?assertEqual(<<"file_creation_permission_denied_error">>, get_err_code(Res)). 111: 112: admin_gdpr_access_denied_eacces(Config) -> 113: escalus:fresh_story_with_config(Config, [{alice, 1}], fun admin_gdpr_access_denied_eacces/2). 114: 115: admin_gdpr_access_denied_eacces(Config, Alice) -> 116: Filename = "/etc/new_file.txt", 117: Res = admin_retrieve_personal_data(escalus_client:username(Alice), escalus_client:server(Alice), 118: list_to_binary(Filename), Config), 119: ?assertEqual(<<"file_creation_permission_denied_error">>, get_err_code(Res)). 120: 121: admin_gdpr_access_denied_exit(Config) -> 122: escalus:fresh_story_with_config(Config, [{alice, 1}], fun admin_gdpr_access_denied_exit/2). 123: 124: admin_gdpr_access_denied_exit(Config, Alice) -> 125: Filename = "/new_directory!/new_file.txt", 126: Res = admin_retrieve_personal_data(escalus_client:username(Alice), escalus_client:server(Alice), 127: list_to_binary(Filename), Config), 128: ?assertEqual(<<"file_creation_permission_denied_error">>, get_err_code(Res)). 129: 130: admin_gdpr_access_denied_filename_is_a_directory(Config) -> 131: escalus:fresh_story_with_config(Config, [{alice, 1}], 132: fun admin_gdpr_access_denied_filename_is_a_directory/2). 133: 134: admin_gdpr_access_denied_filename_is_a_directory(Config, Alice) -> 135: Filename = "./", 136: Res = admin_retrieve_personal_data(escalus_client:username(Alice), escalus_client:server(Alice), 137: list_to_binary(Filename), Config), 138: ?assertEqual(<<"location_is_a_directory_error">>, get_err_code(Res)). 139: 140: domain_admin_retrieve_user_data_no_permission(Config) -> 141: escalus:fresh_story_with_config(Config, [{alice_bis, 1}], 142: fun domain_admin_retrieve_user_data_no_permission/2). 143: 144: domain_admin_retrieve_user_data_no_permission(Config, Alice) -> 145: Filename = random_filename(Config), 146: Res = admin_retrieve_personal_data(escalus_client:username(Alice), escalus_client:server(Alice), 147: list_to_binary(Filename), Config), 148: get_unauthorized(Res). 149: 150: % Helpers 151: 152: admin_retrieve_personal_data(Username, Domain, ResultFilepath, Config) -> 153: Vars = #{<<"username">> => Username, <<"domain">> => Domain, 154: <<"resultFilepath">> => ResultFilepath}, 155: execute_command(<<"gdpr">>, <<"retrievePersonalData">>, Vars, Config). 156: 157: random_filename(Config) -> 158: TCName = atom_to_list(?config(tc_name, Config)), 159: TCName ++ "." ++ integer_to_list(erlang:system_time()) ++ ".zip". 160: 161: get_mim_cwd() -> 162: {ok, Cwd} = rpc(mim(), file, get_cwd, []), 163: Cwd. 164: 165: make_dir_name(Filename, User) when is_binary(User) -> 166: make_dir_name(Filename, binary_to_list(User)); 167: make_dir_name(Filename, User) when is_list(User) -> 168: Filename ++ "." ++ User ++ ".unzipped".