#1264 Fix tests

thehive/app/org/thp/thehive/services/CaseSrv.scala

@@ -336,52 +336,50 @@ class CaseSrv @Inject() (
         cases.flatMap(_.tags).distinct
       )
 
-      val allProfilesOrgas = get(cases.head)
+      val allProfilesOrgas: Seq[(Profile with Entity, Organisation with Entity)] = get(cases.head)
         .shares
         .project(_.by(_.profile).by(_.organisation))
         .toSeq
 
       for {
-        user     <- userSrv.get(EntityIdOrName(authContext.userId)).getOrFail("User")
-        orga     <- organisationSrv.current.getOrFail("Organisation")
-        richCase <- create(mergedCase, Some(user), orga, Seq(), None, Seq())
+        user        <- userSrv.current.getOrFail("User")
+        currentOrga <- organisationSrv.current.getOrFail("Organisation")
+        richCase    <- create(mergedCase, Some(user), currentOrga, Seq(), None, Seq())
+        // Share case with all organisations except the one who created the merged case
+        _ <-
+          allProfilesOrgas
+            .filterNot(_._2._id == currentOrga._id)
+            .toTry(profileOrg => shareSrv.shareCase(owner = false, richCase.`case`, profileOrg._2, profileOrg._1))
         _ <- cases.toTry { c =>
           for {
-            // Share case with all organisations except the one who created the merged case
-            _ <-
-              allProfilesOrgas
-                .filter(_._2._id != organisationSrv.currentId)
-                .toTry(profileOrg => shareSrv.shareCase(owner = false, richCase.`case`, profileOrg._2, profileOrg._1))
 
             _ <- shareMergedCaseTasks(allProfilesOrgas.map(_._2), c, richCase.`case`)
             _ <- shareMergedCaseObservables(allProfilesOrgas.map(_._2), c, richCase.`case`)
             _ <-
               get(c)
                 .alert
-                .toList
+                .toSeq
                 .toTry(alertSrv.alertCaseSrv.create(AlertCase(), _, richCase.`case`))
             _ <-
               get(c)
                 .procedure
-                .toList
+                .toSeq
                 .toTry(caseProcedureSrv.create(CaseProcedure(), richCase.`case`, _))
             _ <-
               get(c)
                 .richCustomFields
-                .toList
+                .toSeq
                 .toTry(c => createCustomField(richCase.`case`, EntityIdOrName(c.customField.name), c.value, c.order))
           } yield Success(())
         }
-        _ = cases.map(remove(_))
+        _ <- cases.toTry(remove(_))
       } yield richCase
     } else
       Failure(BadRequestError("To be able to merge, cases must have same organisation / profile pair and user must be org-admin"))
 
   private def canMerge(cases: Seq[Case with Entity])(implicit graph: Graph, authContext: AuthContext): Boolean = {
     val allOrgProfiles = getByIds(cases.map(_._id): _*)
-      .shares
-      .project(_.by(_.profile.value(_.name)).by(_.organisation._id))
-      .fold
+      .flatMap(_.shares.project(_.by(_.profile.value(_.name)).by(_.organisation._id)).fold)
       .toSeq
       .map(_.toSet)
       .distinct
@@ -390,41 +388,40 @@ class CaseSrv @Inject() (
     // case organisation must match current organisation and be of org-admin profile
     allOrgProfiles.size == 1 && allOrgProfiles
       .head
-      .find(_._2 == organisationSrv.currentId)
-      .map(_._1)
-      .contains(Profile.orgAdmin.name)
+      .exists {
+        case (profile, orgId) => orgId == organisationSrv.currentId && profile == Profile.orgAdmin.name
+      }
   }
 
   private def shareMergedCaseTasks(orgs: Seq[Organisation with Entity], fromCase: Case with Entity, mergedCase: Case with Entity)(implicit
       graph: Graph,
       authContext: AuthContext
   ): Try[Unit] =
-    for {
-      _ <- orgs.toTry(org =>
+    orgs
+      .toTry { org =>
         get(fromCase)
           .share(org._id)
           .tasks
           .richTask
-          .toList
+          .toSeq
           .toTry(shareSrv.shareTask(_, mergedCase, org._id))
-      )
-    } yield Success()
+      }
+      .map(_ => ())
 
   private def shareMergedCaseObservables(orgs: Seq[Organisation with Entity], fromCase: Case with Entity, mergedCase: Case with Entity)(implicit
       graph: Graph,
       authContext: AuthContext
   ): Try[Unit] =
-    for {
-      _ <- orgs.toTry(org =>
+    orgs
+      .toTry { org =>
         get(fromCase)
           .share(org._id)
           .observables
           .richObservable
-          .toList
+          .toSeq
           .toTry(shareSrv.shareObservable(_, mergedCase, org._id))
-      )
-    } yield Success()
-
+      }
+      .map(_ => ())
 }
 
 object CaseOps {

thehive/test/org/thp/thehive/services/CaseSrvTest.scala

@@ -1,15 +1,17 @@
 package org.thp.thehive.services
 
 import org.specs2.matcher.Matcher
-import org.thp.scalligraph.EntityName
 import org.thp.scalligraph.auth.AuthContext
 import org.thp.scalligraph.controllers.FPathElem
 import org.thp.scalligraph.models._
 import org.thp.scalligraph.query.PropertyUpdater
+import org.thp.scalligraph.traversal.{Graph, Traversal}
 import org.thp.scalligraph.traversal.TraversalOps._
+import org.thp.scalligraph.{BadRequestError, EntityName}
 import org.thp.thehive.TestAppBuilder
 import org.thp.thehive.models._
 import org.thp.thehive.services.CaseOps._
+import org.thp.thehive.services.ShareOps._
 import play.api.libs.json.Json
 import play.api.test.PlaySpecification
 
@@ -246,41 +248,41 @@ class CaseSrvTest extends PlaySpecification with TestAppBuilder {
     }
 
     "add an observable if not existing" in testApp { app =>
-//      app[Database].roTransaction { implicit graph =>
-//        val c1          = app[CaseSrv].get(EntityName("1")).getOrFail("Case").get
-//        val observables = app[ObservableSrv].startTraversal.richObservable.toList
-//
-//        observables must not(beEmpty)
-//
-//        val hfr = observables.find(_.message.contains("Some weird domain")).get
-//
-//        app[Database].tryTransaction { implicit graph =>
-////          app[CaseSrv].addObservable(c1, hfr)
-//          app[CaseSrv].createObservable(c1, hfr, hfr.data.get)
-//        }.get must throwA[CreateError]
-//
-//        val newObs = app[Database].tryTransaction { implicit graph =>
-//          val organisation = app[OrganisationSrv].current.getOrFail("Organisation").get
-//          app[ObservableSrv].create(
-//            Observable(
-//              message = Some("if you feel lost"),
-//              tlp = 1,
-//              ioc = false,
-//              sighted = true,
-//              ignoreSimilarity = None,
-//              dataType = "domain",
-//              tags = Nil,
-//              organisationIds = Seq(organisation._id),
-//              relatedId = c1._id
-//            ),
-//            "lost.com"
-//          )
-//        }.get
-//
-//        app[Database].tryTransaction { implicit graph =>
-//          app[CaseSrv].addObservable(c1, newObs)
-//        } must beSuccessfulTry
-//      }
+      //      app[Database].roTransaction { implicit graph =>
+      //        val c1          = app[CaseSrv].get(EntityName("1")).getOrFail("Case").get
+      //        val observables = app[ObservableSrv].startTraversal.richObservable.toList
+      //
+      //        observables must not(beEmpty)
+      //
+      //        val hfr = observables.find(_.message.contains("Some weird domain")).get
+      //
+      //        app[Database].tryTransaction { implicit graph =>
+      ////          app[CaseSrv].addObservable(c1, hfr)
+      //          app[CaseSrv].createObservable(c1, hfr, hfr.data.get)
+      //        }.get must throwA[CreateError]
+      //
+      //        val newObs = app[Database].tryTransaction { implicit graph =>
+      //          val organisation = app[OrganisationSrv].current.getOrFail("Organisation").get
+      //          app[ObservableSrv].create(
+      //            Observable(
+      //              message = Some("if you feel lost"),
+      //              tlp = 1,
+      //              ioc = false,
+      //              sighted = true,
+      //              ignoreSimilarity = None,
+      //              dataType = "domain",
+      //              tags = Nil,
+      //              organisationIds = Seq(organisation._id),
+      //              relatedId = c1._id
+      //            ),
+      //            "lost.com"
+      //          )
+      //        }.get
+      //
+      //        app[Database].tryTransaction { implicit graph =>
+      //          app[CaseSrv].addObservable(c1, newObs)
+      //        } must beSuccessfulTry
+      //      }
       pending
     }
 
@@ -442,24 +444,26 @@ class CaseSrvTest extends PlaySpecification with TestAppBuilder {
     }
 
     "show linked cases" in testApp { app =>
-//      app[Database].roTransaction { implicit graph =>
-//        app[CaseSrv].get(EntityName("1")).linkedCases must beEmpty
-//        val observables = app[ObservableSrv].startTraversal.richObservable.toList
-//        val hfr         = observables.find(_.message.contains("Some weird domain")).get
-//
-//        app[Database].tryTransaction { implicit graph =>
-//          app[CaseSrv].addObservable(app[CaseSrv].get(EntityName("2")).getOrFail("Case").get, hfr)
-//        }
-//
-//        app[Database].roTransaction(implicit graph => app[CaseSrv].get(EntityName("1")).linkedCases must not(beEmpty))
-//      }
+      //      app[Database].roTransaction { implicit graph =>
+      //        app[CaseSrv].get(EntityName("1")).linkedCases must beEmpty
+      //        val observables = app[ObservableSrv].startTraversal.richObservable.toList
+      //        val hfr         = observables.find(_.message.contains("Some weird domain")).get
+      //
+      //        app[Database].tryTransaction { implicit graph =>
+      //          app[CaseSrv].addObservable(app[CaseSrv].get(EntityName("2")).getOrFail("Case").get, hfr)
+      //        }
+      //
+      //        app[Database].roTransaction(implicit graph => app[CaseSrv].get(EntityName("1")).linkedCases must not(beEmpty))
+      //      }
       pending
     }
 
     "merge cases, happy path with one organisation" in testApp { app =>
       app[Database].tryTransaction { implicit graph =>
         def case21 = app[CaseSrv].get(EntityName("21")).clone()
+
         def case22 = app[CaseSrv].get(EntityName("22")).clone()
+
         def case23 = app[CaseSrv].get(EntityName("23")).clone()
         // Procedures
         case21.procedure.toSeq.size mustEqual 1
@@ -491,6 +495,7 @@ class CaseSrvTest extends PlaySpecification with TestAppBuilder {
       } must beASuccessfulTry.which { richCase =>
         app[Database].roTransaction { implicit graph =>
           def mergedCase = app[CaseSrv].get(EntityName(richCase.number.toString)).clone()
+
           mergedCase.procedure.toSeq.size mustEqual 3
           mergedCase.customFields.toSeq.size mustEqual 2
           mergedCase.tasks.toSeq.size mustEqual 3
@@ -504,58 +509,50 @@ class CaseSrvTest extends PlaySpecification with TestAppBuilder {
       }
     }
 
+    "refuse to merge cases with different shares" in testApp { app =>
+      app[Database].tryTransaction { implicit graph =>
+        val case21 = app[CaseSrv].getOrFail(EntityName("21")).get
+        val case24 = app[CaseSrv].getOrFail(EntityName("24")).get
+        val case26 = app[CaseSrv].getOrFail(EntityName("26")).get
+        app[CaseSrv].merge(Seq(case21, case24, case26))
+      } must beFailedTry.withThrowable[BadRequestError]
+    }
+
     "merge cases, happy path with three organisations" in testApp { app =>
+      implicit val authContext: AuthContext =
+        DummyUserSrv(organisation = "soc", permissions = Profile.analyst.permissions).authContext
+
+      def getCase(number: Int)(implicit graph: Graph): Traversal.V[Case] = app[CaseSrv].getByName(number.toString)
+
       app[Database].tryTransaction { implicit graph =>
-        def case21 = app[CaseSrv].get(EntityName("21")).clone()
-        def case24 = app[CaseSrv].get(EntityName("24")).clone()
-        def case26 = app[CaseSrv].get(EntityName("26")).clone()
         // Tasks
-        case21.tasks.toSeq.size mustEqual 2
-        case24.tasks.toSeq.size mustEqual 0
-        case26.tasks.toSeq.size mustEqual 0
+        getCase(24).share(EntityName("cert")).tasks.getCount mustEqual 1
+        getCase(24).share(EntityName("soc")).tasks.getCount mustEqual 2
+        getCase(25).share(EntityName("cert")).tasks.getCount mustEqual 0
+        getCase(25).share(EntityName("soc")).tasks.getCount mustEqual 0
+
         // Observables
-        case21.observables.toSeq.size mustEqual 1
-        case24.observables.toSeq.size mustEqual 0
-        case26.observables.toSeq.size mustEqual 0
+        getCase(24).share(EntityName("cert")).observables.getCount mustEqual 0
+        getCase(24).share(EntityName("soc")).observables.getCount mustEqual 0
+        getCase(25).share(EntityName("cert")).observables.getCount mustEqual 2
+        getCase(25).share(EntityName("soc")).observables.getCount mustEqual 1
 
         for {
-          c21     <- case21.getOrFail("Case")
-          c24     <- case24.getOrFail("Case")
-          c26     <- case26.getOrFail("Case")
-          newCase <- app[CaseSrv].merge(Seq(c21, c24, c26))
+          c24     <- getCase(24).getOrFail("Case")
+          c25     <- getCase(25).getOrFail("Case")
+          newCase <- app[CaseSrv].merge(Seq(c24, c25))
         } yield newCase
       } must beASuccessfulTry.which { richCase =>
         app[Database].roTransaction { implicit graph =>
-          def mergedCase = app[CaseSrv].get(EntityName(richCase.number.toString)).clone()
-          mergedCase.tasks.toSeq.size mustEqual 2
-          mergedCase.observables.toSeq.size mustEqual 1
-
-          app[CaseSrv].get(EntityName("21")).getOrFail("Case") must beAFailedTry
-          app[CaseSrv].get(EntityName("24")).getOrFail("Case") must beAFailedTry
-          app[CaseSrv].get(EntityName("26")).getOrFail("Case") must beAFailedTry
-        }
+          getCase(richCase.number).share(EntityName("cert")).tasks.getCount mustEqual 1
+          getCase(richCase.number).share(EntityName("soc")).tasks.getCount mustEqual 2
+          getCase(richCase.number).share(EntityName("cert")).observables.getCount mustEqual 2
+          getCase(richCase.number).share(EntityName("soc")).observables.getCount mustEqual 1
 
-        app[Database].roTransaction { implicit graph =>
-          implicit val authContext: AuthContext =
-            DummyUserSrv(userId = "[email protected]", organisation = "soc", permissions = Profile.analyst.permissions).authContext
-
-          def mergedCase = app[CaseSrv].get(EntityName(richCase.number.toString)).clone()
-          mergedCase.getOrFail("Case") must beASuccessfulTry
-          mergedCase.tasks.toSeq.size mustEqual 1
-          mergedCase.observables.toSeq.size mustEqual 1
-        }
-
-        app[Database].roTransaction { implicit graph =>
-          implicit val authContext: AuthContext =
-            DummyUserSrv(userId = "[email protected]", organisation = "pug", permissions = Profile.analyst.permissions).authContext
-
-          def mergedCase = app[CaseSrv].get(EntityName(richCase.number.toString)).clone()
-          mergedCase.getOrFail("Case") must beASuccessfulTry
-          mergedCase.tasks.toSeq.size mustEqual 0
-          mergedCase.observables.toSeq.size mustEqual 0
+          getCase(24).getOrFail("Case") must beAFailedTry
+          getCase(25).getOrFail("Case") must beAFailedTry
         }
       }
     }
-
   }
 }

thehive/test/resources/data/Observable.json

@@ -81,5 +81,25 @@
     "data": "127.0.0.1",
     "sighted": true,
     "relatedId": ""
+  },
+  {
+    "id": "mergeObs251",
+    "message": "merge Obs 251",
+    "tlp": 4,
+    "ioc": true,
+    "dataType": "ip",
+    "data": "127.0.0.1",
+    "sighted": true,
+    "relatedId": ""
+  },
+  {
+    "id": "mergeObs252",
+    "message": "merge Obs 252",
+    "tlp": 4,
+    "ioc": true,
+    "dataType": "ip",
+    "data": "127.0.0.1",
+    "sighted": true,
+    "relatedId": ""
   }
 ]

thehive/test/resources/data/OrganisationShare.json

@@ -11,5 +11,6 @@
   {"from": "cert", "to": "case24-merge-cert"},
   {"from": "soc", "to": "case24-merge-soc"},
   {"from": "cert", "to": "case25-merge-cert"},
+  {"from": "soc", "to": "case25-merge-soc"},
   {"from": "pug", "to": "case26-merge-pug"}
-]
+]