Skip to content

Commit

Permalink
WPB-8757 Port flaky legalhold test from galley to integration (#4057)
Browse files Browse the repository at this point in the history
  • Loading branch information
battermann committed May 24, 2024
1 parent 6276ba3 commit 848ecd0
Show file tree
Hide file tree
Showing 3 changed files with 27 additions and 61 deletions.
1 change: 1 addition & 0 deletions changelog.d/5-internal/WPB-8757
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Ported flaky legalhold test to the new integration test suite
25 changes: 25 additions & 0 deletions integration/test/Test/LegalHold.hs
Original file line number Diff line number Diff line change
Expand Up @@ -912,3 +912,28 @@ testLHCannotCreateGroupWithUsersInConflict = do

postConversation bob defProteus {qualifiedUsers = [debora, alice], newUsersRole = "wire_member", team = Just tidAlice}
>>= assertLabel 403 "missing-legalhold-consent"

testNoConsentCannotBeInvited :: HasCallStack => App ()
testNoConsentCannotBeInvited = do
-- team that is legalhold whitelisted
(legalholder, tidLH, userLHNotActivated : _) <- createTeam OwnDomain 2
legalholdWhitelistTeam tidLH legalholder >>= assertStatus 200

-- team without legalhold
(peer, _tidPeer, peer2 : _) <- createTeam OwnDomain 2

connectUsers =<< forM [peer, userLHNotActivated] make
connectUsers =<< forM [peer2, userLHNotActivated] make

withMockServer lhMockApp \lhDomAndPort _chan -> do
postLegalHoldSettings tidLH legalholder (mkLegalHoldSettings lhDomAndPort) >>= assertStatus 201
cid <- postConversation userLHNotActivated defProteus {qualifiedUsers = [legalholder], newUsersRole = "wire_admin", team = Just tidLH} >>= getJSON 201
addMembers userLHNotActivated cid (def {users = [peer], role = Just "wire_admin"}) >>= assertSuccess
-- activate legalhold for legalholder
requestLegalHoldDevice tidLH legalholder legalholder >>= assertSuccess
approveLegalHoldDevice tidLH (legalholder %. "qualified_id") defPassword >>= assertSuccess
legalholdUserStatus tidLH legalholder legalholder `bindResponse` \resp -> do
resp.status `shouldMatchInt` 200
resp.json %. "status" `shouldMatch` "enabled"

addMembers userLHNotActivated cid (def {users = [peer2]}) >>= assertLabel 403 "missing-legalhold-consent"
62 changes: 1 addition & 61 deletions services/galley/test/integration/API/Teams/LegalHold.hs
Original file line number Diff line number Diff line change
Expand Up @@ -31,9 +31,7 @@ import Control.Concurrent.Chan
import Control.Lens hiding ((#))
import Data.Id
import Data.LegalHold
import Data.List.NonEmpty (NonEmpty (..))
import Data.PEM
import Data.Qualified (Qualified (..))
import Data.Range
import Data.Time.Clock qualified as Time
import Galley.Cassandra.LegalHold
Expand All @@ -42,19 +40,16 @@ import Imports
import Network.HTTP.Types.Status (status200, status404)
import Network.Wai as Wai
import Network.Wai.Handler.Warp qualified as Warp
import Network.Wai.Utilities.Error qualified as Error
import Test.QuickCheck.Instances ()
import Test.Tasty
import Test.Tasty.HUnit
import TestHelpers
import TestSetup
import Wire.API.Connection qualified as Conn
import Wire.API.Conversation.Role (roleNameWireAdmin)
import Wire.API.Provider.Service
import Wire.API.Routes.Internal.Brig.Connection
import Wire.API.Team.LegalHold
import Wire.API.Team.Member
import Wire.API.Team.Member qualified as Team
import Wire.API.Team.Permission
import Wire.API.Team.Role
import Wire.API.User.Client
Expand All @@ -79,19 +74,7 @@ testsPublic s =
GET /team/{tid}/members - show legal hold status of all members
-}
testGroup
"settings.legalholdEnabledTeams" -- FUTUREWORK: ungroup this level
[ testGroup -- FUTUREWORK: ungroup this level
"teams listed"
[ testGroup
"Users are invited to a group conversation."
[ testGroup
"The group conversation contains legalhold activated users."
[testOnlyIfLhWhitelisted s "If any user in the invite has not given consent then the invite fails" testNoConsentCannotBeInvited]
],
test s "bench hack" testBenchHack
]
]
test s "settings.legalholdEnabledTeams teams liested bench hack" testBenchHack
]

testsInternal :: IO TestSetup -> TestTree
Expand Down Expand Up @@ -273,49 +256,6 @@ testCannotCreateLegalHoldDeviceOldAPI = do
data GroupConvInvCase = InviteOnlyConsenters | InviteAlsoNonConsenters
deriving (Show, Eq, Ord, Bounded, Enum)

testNoConsentCannotBeInvited :: HasCallStack => TestM ()
testNoConsentCannotBeInvited = do
localDomain <- viewFederationDomain
-- team that is legalhold whitelisted
(legalholder :: UserId, tid) <- createBindingTeam
userLHNotActivated <- (^. Team.userId) <$> addUserToTeam legalholder tid
putLHWhitelistTeam tid !!! const 200 === statusCode

-- team without legalhold
(peer :: UserId, teamPeer) <- createBindingTeam
let qpeer = Qualified peer localDomain
peer2 <- (^. Team.userId) <$> addUserToTeam peer teamPeer
let qpeer2 = Qualified peer2 localDomain

do
postConnection userLHNotActivated peer !!! const 201 === statusCode
void $ putConnection peer userLHNotActivated Conn.Accepted <!! const 200 === statusCode

postConnection userLHNotActivated peer2 !!! const 201 === statusCode
void $ putConnection peer2 userLHNotActivated Conn.Accepted <!! const 200 === statusCode

withDummyTestServiceForTeam legalholder tid $ \_chan -> do
convId <- createTeamConvWithRole userLHNotActivated tid [legalholder] (Just "corp + us") Nothing Nothing roleNameWireAdmin
let qconvId = Qualified convId localDomain

API.Util.postMembers userLHNotActivated (pure qpeer) qconvId
!!! const 200 === statusCode

-- activate legalhold for legalholder
do
galley <- viewGalley
requestLegalHoldDevice legalholder legalholder tid !!! testResponse 201 Nothing
approveLegalHoldDevice (Just defPassword) legalholder legalholder tid !!! testResponse 200 Nothing
UserLegalHoldStatusResponse userStatus _ _ <- getUserStatusTyped' galley legalholder tid
liftIO $ assertEqual "approving should change status" UserLegalHoldEnabled userStatus

API.Util.postMembers userLHNotActivated (pure qpeer2) qconvId
>>= errWith 403 (\err -> Error.label err == "missing-legalhold-consent")

localdomain <- viewFederationDomain
API.Util.postQualifiedMembers userLHNotActivated (Qualified peer2 localdomain :| []) qconvId
>>= errWith 403 (\err -> Error.label err == "missing-legalhold-consent")

testBenchHack :: HasCallStack => TestM ()
testBenchHack = do
{- representative sample run on an old laptop:
Expand Down

0 comments on commit 848ecd0

Please sign in to comment.