From 69bd7ac88b85322b84398b24ed7175cb0a2b88a5 Mon Sep 17 00:00:00 2001 From: Darcy Ye Date: Thu, 8 Jun 2023 14:53:26 +0800 Subject: [PATCH] fix(cloud): delete tenant api (#4000) --- packages/cloud/src/routes/tenants.test.ts | 20 +++++++++++++++++++ packages/cloud/src/routes/tenants.ts | 12 ++++++++++- .../src/tests/api-cloud/tenant.test.ts | 3 +++ 3 files changed, 34 insertions(+), 1 deletion(-) diff --git a/packages/cloud/src/routes/tenants.test.ts b/packages/cloud/src/routes/tenants.test.ts index 7ce8922b2..e3ce8902e 100644 --- a/packages/cloud/src/routes/tenants.test.ts +++ b/packages/cloud/src/routes/tenants.test.ts @@ -165,6 +165,26 @@ describe('DELETE /api/tenants/:tenantId', () => { const library = new MockTenantsLibrary(); const router = tenantsRoutes(library); + it('should throw 422 when try to delete `admin` tenant', async () => { + await expect( + router.routes()( + buildRequestAuthContext('DELETE /tenants/admin', { body: {} })(), + noop, + createHttpContext() + ) + ).rejects.toMatchObject({ status: 422 }); + }); + + it('should throw 422 when try to delete `default` tenant', async () => { + await expect( + router.routes()( + buildRequestAuthContext('DELETE /tenants/default', { body: {} })(), + noop, + createHttpContext() + ) + ).rejects.toMatchObject({ status: 422 }); + }); + it('should throw 403 when lack of permission', async () => { await expect( router.routes()( diff --git a/packages/cloud/src/routes/tenants.ts b/packages/cloud/src/routes/tenants.ts index ec29e6004..fec1cad87 100644 --- a/packages/cloud/src/routes/tenants.ts +++ b/packages/cloud/src/routes/tenants.ts @@ -1,4 +1,10 @@ -import { CloudScope, tenantInfoGuard, createTenantGuard } from '@logto/schemas'; +import { + CloudScope, + tenantInfoGuard, + createTenantGuard, + adminTenantId, + defaultTenantId, +} from '@logto/schemas'; import { assert } from '@silverhand/essentials'; import { createRouter, RequestError } from '@withtyped/server'; @@ -75,6 +81,10 @@ export const tenantsRoutes = (library: TenantsLibrary) => } ) .delete('/:tenantId', {}, async (context, next) => { + if ([adminTenantId, defaultTenantId].includes(context.guarded.params.tenantId)) { + throw new RequestError(`Should not delete built-in tenants.`, 422); + } + /** Users w/o either `ManageTenant` or `ManageTenantSelf` scope does not have permission. */ if ( ![CloudScope.ManageTenant, CloudScope.ManageTenantSelf].some((scope) => diff --git a/packages/integration-tests/src/tests/api-cloud/tenant.test.ts b/packages/integration-tests/src/tests/api-cloud/tenant.test.ts index 0750937a6..eee3d39c0 100644 --- a/packages/integration-tests/src/tests/api-cloud/tenant.test.ts +++ b/packages/integration-tests/src/tests/api-cloud/tenant.test.ts @@ -14,6 +14,7 @@ import { TenantTag, type TenantInfo, type CreateTenant, + defaultTenantId, } from '@logto/schemas'; import { GlobalValues } from '@logto/shared'; import { appendPath } from '@silverhand/essentials'; @@ -55,6 +56,8 @@ describe('Tenant APIs', () => { expect(tenants.length).toBeGreaterThan(2); expect(tenants.find((tenant) => tenant.id === tenant1.id)).toStrictEqual(tenant1); expect(tenants.find((tenant) => tenant.id === tenant2Updated.id)).toStrictEqual(tenant2Updated); + await expect(deleteTenant(accessToken, adminTenantId)).rejects.toThrow(); + await expect(deleteTenant(accessToken, defaultTenantId)).rejects.toThrow(); }); it('should be able to create multiple tenants for `user` role', async () => {