1: -module(graphql_gdpr_SUITE).
2:
3: -compile([export_all, nowarn_export_all]).
4:
5: -import(common_helper, [unprep/1]).
6: -import(domain_helper, [host_type/0, domain/0]).
7: -import(distributed_helper, [mim/0, rpc/4, require_rpc_nodes/1]).
8: -import(graphql_helper, [execute_command/4, execute_user_command/5, user_to_bin/1,
9: get_ok_value/2, get_err_code/1, get_unauthorized/1]).
10:
11: -include_lib("common_test/include/ct.hrl").
12: -include_lib("eunit/include/eunit.hrl").
13:
14: suite() ->
15: require_rpc_nodes([mim]) ++ escalus:suite().
16:
17: all() ->
18: [{group, admin_gdpr_http},
19: {group, admin_gdpr_cli},
20: {group, domain_admin_gdpr}].
21:
22: groups() ->
23: [{admin_gdpr_http, [], admin_gdpr_tests()},
24: {admin_gdpr_cli, [], admin_gdpr_tests()},
25: {domain_admin_gdpr, [], domain_admin_gdpr_tests()}].
26:
27: admin_gdpr_tests() ->
28: [admin_retrieve_user_data,
29: admin_retrieve_user_data_with_unprepped_name,
30: admin_gdpr_no_user_test,
31: admin_gdpr_empty_filename_test,
32: admin_gdpr_access_denied_erofs,
33: admin_gdpr_access_denied_eacces,
34: admin_gdpr_access_denied_exit,
35: admin_gdpr_access_denied_filename_is_a_directory].
36:
37: domain_admin_gdpr_tests() ->
38: [admin_retrieve_user_data,
39: admin_retrieve_user_data_with_unprepped_name,
40: admin_gdpr_no_user_test,
41: domain_admin_retrieve_user_data_no_permission].
42:
43: init_per_suite(Config) ->
44: Config1 = escalus:init_per_suite(Config),
45: ejabberd_node_utils:init(mim(), Config1).
46:
47: end_per_suite(Config) ->
48: escalus:end_per_suite(Config).
49:
50: init_per_group(admin_gdpr_http, Config) ->
51: graphql_helper:init_admin_handler(Config);
52: init_per_group(admin_gdpr_cli, Config) ->
53: graphql_helper:init_admin_cli(Config);
54: init_per_group(domain_admin_gdpr, Config) ->
55: graphql_helper:init_domain_admin_handler(Config).
56:
57: end_per_group(_, _Config) ->
58: graphql_helper:clean(),
59: escalus_fresh:clean().
60:
61: init_per_testcase(CaseName, Config) ->
62: escalus:init_per_testcase(CaseName, Config).
63:
64: end_per_testcase(CaseName, Config) ->
65: escalus_fresh:clean(),
66: escalus:end_per_testcase(CaseName, Config).
67:
68: % Admin test cases
69:
70: admin_retrieve_user_data(Config) ->
71: Config1 = escalus_fresh:create_users(Config, [{alice, 1}]),
72: User = escalus_users:get_username(Config1, alice),
73: admin_retrieve_user_data(Config1, User, domain()).
74:
75: admin_retrieve_user_data_with_unprepped_name(Config) ->
76: Config1 = escalus_fresh:create_users(Config, [{alice, 1}]),
77: User = escalus_users:get_username(Config1, alice),
78: admin_retrieve_user_data(Config1, unprep(User), unprep(domain())).
79:
80: admin_retrieve_user_data(Config, User, Domain) ->
81: Filename = random_filename(Config),
82: Res = admin_retrieve_personal_data(User, Domain, list_to_binary(Filename), Config),
83: ParsedResult = get_ok_value([data, gdpr, retrievePersonalData], Res),
84: ?assertEqual(<<"Data retrieved">>, ParsedResult),
85: FullPath = get_mim_cwd() ++ "/" ++ Filename,
86: Dir = make_dir_name(Filename, User),
87: ct:log("extracting logs ~s", [Dir]),
88: ?assertMatch({ok, _}, zip:extract(FullPath, [{cwd, Dir}])).
89:
90: admin_gdpr_no_user_test(Config) ->
91: Res = admin_retrieve_personal_data(<<"AAAA">>, domain(), <<"AAA">>, Config),
92: ?assertEqual(<<"user_does_not_exist_error">>, get_err_code(Res)).
93:
94: admin_gdpr_empty_filename_test(Config) ->
95: escalus:fresh_story_with_config(Config, [{alice, 1}], fun admin_gdpr_empty_filename_test/2).
96:
97: admin_gdpr_empty_filename_test(Config, Alice) ->
98: Filename = "",
99: Res = admin_retrieve_personal_data(escalus_client:username(Alice), escalus_client:server(Alice),
100: list_to_binary(Filename), Config),
101: ?assertEqual(<<"wrong_filename_error">>, get_err_code(Res)).
102:
103: admin_gdpr_access_denied_erofs(Config) ->
104: escalus:fresh_story_with_config(Config, [{alice, 1}], fun admin_gdpr_access_denied_erofs/2).
105:
106: admin_gdpr_access_denied_erofs(Config, Alice) ->
107: Filename = "/non_existing_file!",
108: Res = admin_retrieve_personal_data(escalus_client:username(Alice), escalus_client:server(Alice),
109: list_to_binary(Filename), Config),
110: ?assertEqual(<<"file_creation_permission_denied_error">>, get_err_code(Res)).
111:
112: admin_gdpr_access_denied_eacces(Config) ->
113: escalus:fresh_story_with_config(Config, [{alice, 1}], fun admin_gdpr_access_denied_eacces/2).
114:
115: admin_gdpr_access_denied_eacces(Config, Alice) ->
116: Filename = "/etc/new_file.txt",
117: Res = admin_retrieve_personal_data(escalus_client:username(Alice), escalus_client:server(Alice),
118: list_to_binary(Filename), Config),
119: ?assertEqual(<<"file_creation_permission_denied_error">>, get_err_code(Res)).
120:
121: admin_gdpr_access_denied_exit(Config) ->
122: escalus:fresh_story_with_config(Config, [{alice, 1}], fun admin_gdpr_access_denied_exit/2).
123:
124: admin_gdpr_access_denied_exit(Config, Alice) ->
125: Filename = "/new_directory!/new_file.txt",
126: Res = admin_retrieve_personal_data(escalus_client:username(Alice), escalus_client:server(Alice),
127: list_to_binary(Filename), Config),
128: ?assertEqual(<<"file_creation_permission_denied_error">>, get_err_code(Res)).
129:
130: admin_gdpr_access_denied_filename_is_a_directory(Config) ->
131: escalus:fresh_story_with_config(Config, [{alice, 1}],
132: fun admin_gdpr_access_denied_filename_is_a_directory/2).
133:
134: admin_gdpr_access_denied_filename_is_a_directory(Config, Alice) ->
135: Filename = "./",
136: Res = admin_retrieve_personal_data(escalus_client:username(Alice), escalus_client:server(Alice),
137: list_to_binary(Filename), Config),
138: ?assertEqual(<<"location_is_a_directory_error">>, get_err_code(Res)).
139:
140: domain_admin_retrieve_user_data_no_permission(Config) ->
141: escalus:fresh_story_with_config(Config, [{alice_bis, 1}],
142: fun domain_admin_retrieve_user_data_no_permission/2).
143:
144: domain_admin_retrieve_user_data_no_permission(Config, Alice) ->
145: Filename = random_filename(Config),
146: Res = admin_retrieve_personal_data(escalus_client:username(Alice), escalus_client:server(Alice),
147: list_to_binary(Filename), Config),
148: get_unauthorized(Res).
149:
150: % Helpers
151:
152: admin_retrieve_personal_data(Username, Domain, ResultFilepath, Config) ->
153: Vars = #{<<"username">> => Username, <<"domain">> => Domain,
154: <<"resultFilepath">> => ResultFilepath},
155: execute_command(<<"gdpr">>, <<"retrievePersonalData">>, Vars, Config).
156:
157: random_filename(Config) ->
158: TCName = atom_to_list(?config(tc_name, Config)),
159: TCName ++ "." ++ integer_to_list(erlang:system_time()) ++ ".zip".
160:
161: get_mim_cwd() ->
162: {ok, Cwd} = rpc(mim(), file, get_cwd, []),
163: Cwd.
164:
165: make_dir_name(Filename, User) when is_binary(User) ->
166: make_dir_name(Filename, binary_to_list(User));
167: make_dir_name(Filename, User) when is_list(User) ->
168: Filename ++ "." ++ User ++ ".unzipped".