sasjs/server
1
0
Fork 0
mirror of https://github.com/sasjs/server.git synced 2026-01-17 19:00:05 +00:00
Code Issues Projects Releases Wiki Activity

test(user): added more specs to user api

Browse Source
This commit is contained in:
Saad Jutt
2021-11-09 17:46:01 +05:00
parent 9e2123cfe9
commit ab62dad237
2 changed files with 378 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/controllers/user.ts
View File

@@ -174,7 +174,14 @@ const updateUser = async (
): Promise<UserDetailsResponse> => { ): Promise<UserDetailsResponse> => {
const { displayName, username, password, isAdmin, isActive } = data const { displayName, username, password, isAdmin, isActive } = data
const params: any = { displayName, username, isAdmin, isActive } const params: any = { displayName, isAdmin, isActive }
if (username) {
// Checking if user is already in the database
const usernameExist = await User.findOne({ username })
if (usernameExist?.id != id) throw new Error('Username already exists.')
params.username = username
}
if (password) { if (password) {
// Hash passwords // Hash passwords

386
src/routes/api/spec/user.spec.ts
View File

@@ -22,10 +22,11 @@ const user = {
isActive: true isActive: true
} }
const controller = new UserController()
describe('user', () => { describe('user', () => {
let con: Mongoose let con: Mongoose
let mongoServer: MongoMemoryServer let mongoServer: MongoMemoryServer
const controller = new UserController()
beforeAll(async () => { beforeAll(async () => {
mongoServer = await MongoMemoryServer.create() mongoServer = await MongoMemoryServer.create()
@@ -42,23 +43,11 @@ describe('user', () => {
let adminAccessToken: string let adminAccessToken: string
beforeEach(async () => { beforeEach(async () => {
const dbUser = await controller.createUser(adminUser) adminAccessToken = await generateSaveTokenAndCreateUser()
adminAccessToken = generateAccessToken({
clientId,
userId: dbUser.id
})
await saveTokensInDB(
dbUser.id,
clientId,
adminAccessToken,
'refreshToken'
)
}) })
afterEach(async () => { afterEach(async () => {
const collections = mongoose.connection.collections await deleteAllUsers()
const collection = collections['users']
await collection.deleteMany({})
}) })
it('should respond with new user', async () => { it('should respond with new user', async () => {
@@ -84,7 +73,7 @@ describe('user', () => {
expect(res.body).toEqual({}) expect(res.body).toEqual({})
}) })
it('should respond with Forbideen if access token is not of an admin account', async () => { it('should respond with Unauthorized if access token is not of an admin account', async () => {
const dbUser = await controller.createUser(user) const dbUser = await controller.createUser(user)
const accessToken = generateAccessToken({ const accessToken = generateAccessToken({
clientId, clientId,
@@ -157,4 +146,369 @@ describe('user', () => {
expect(res.body).toEqual({}) expect(res.body).toEqual({})
}) })
}) })
describe('update', () => {
let adminAccessToken: string
beforeEach(async () => {
adminAccessToken = await generateSaveTokenAndCreateUser()
})
afterEach(async () => {
await deleteAllUsers()
})
it('should respond with updated user when admin user requests', async () => {
const dbUser = await controller.createUser(user)
const newDisplayName = 'My new display Name'
const res = await request(app)
.patch(`/SASjsApi/user/${dbUser.id}`)
.auth(adminAccessToken, { type: 'bearer' })
.send({ ...user, displayName: newDisplayName })
.expect(200)
expect(res.body.username).toEqual(user.username)
expect(res.body.displayName).toEqual(newDisplayName)
expect(res.body.isAdmin).toEqual(user.isAdmin)
expect(res.body.isActive).toEqual(user.isActive)
})
it('should respond with updated user when user himself requests', async () => {
const dbUser = await controller.createUser(user)
const accessToken = await generateAndSaveToken(dbUser.id)
const newDisplayName = 'My new display Name'
const res = await request(app)
.patch(`/SASjsApi/user/${dbUser.id}`)
.auth(accessToken, { type: 'bearer' })
.send({
displayName: newDisplayName,
username: user.username,
password: user.password
})
.expect(200)
expect(res.body.username).toEqual(user.username)
expect(res.body.displayName).toEqual(newDisplayName)
expect(res.body.isAdmin).toEqual(user.isAdmin)
expect(res.body.isActive).toEqual(user.isActive)
})
it('should respond with Bad Request, only admin can update isAdmin/isActive', async () => {
const dbUser = await controller.createUser(user)
const accessToken = await generateAndSaveToken(dbUser.id)
const newDisplayName = 'My new display Name'
await request(app)
.patch(`/SASjsApi/user/${dbUser.id}`)
.auth(accessToken, { type: 'bearer' })
.send({ ...user, displayName: newDisplayName })
.expect(400)
})
it('should respond with Unauthorized if access token is not present', async () => {
const res = await request(app)
.patch('/SASjsApi/user/1234')
.send(user)
.expect(401)
expect(res.text).toEqual('Unauthorized')
expect(res.body).toEqual({})
})
it('should respond with Unauthorized when access token is not of an admin account or himself', async () => {
const dbUser1 = await controller.createUser(user)
const dbUser2 = await controller.createUser({
...user,
username: 'randomUser'
})
const accessToken = await generateAndSaveToken(dbUser2.id)
const res = await request(app)
.patch(`/SASjsApi/user/${dbUser1.id}`)
.auth(accessToken, { type: 'bearer' })
.send(user)
.expect(401)
expect(res.text).toEqual('Admin account required')
expect(res.body).toEqual({})
})
it('should respond with Forbidden if username is already present', async () => {
const dbUser1 = await controller.createUser(user)
const dbUser2 = await controller.createUser({
...user,
username: 'randomUser'
})
const res = await request(app)
.patch(`/SASjsApi/user/${dbUser1.id}`)
.auth(adminAccessToken, { type: 'bearer' })
.send({ username: dbUser2.username })
.expect(403)
expect(res.text).toEqual('Error: Username already exists.')
expect(res.body).toEqual({})
})
})
describe('delete', () => {
let adminAccessToken: string
beforeEach(async () => {
adminAccessToken = await generateSaveTokenAndCreateUser()
})
afterEach(async () => {
await deleteAllUsers()
})
it('should respond with OK when admin user requests', async () => {
const dbUser = await controller.createUser(user)
const res = await request(app)
.delete(`/SASjsApi/user/${dbUser.id}`)
.auth(adminAccessToken, { type: 'bearer' })
.send()
.expect(200)
expect(res.body).toEqual({})
})
it('should respond with OK when user himself requests', async () => {
const dbUser = await controller.createUser(user)
const accessToken = await generateAndSaveToken(dbUser.id)
const res = await request(app)
.delete(`/SASjsApi/user/${dbUser.id}`)
.auth(accessToken, { type: 'bearer' })
.send({ password: user.password })
.expect(200)
expect(res.body).toEqual({})
})
it('should respond with Bad Request when user himself requests and password is missing', async () => {
const dbUser = await controller.createUser(user)
const accessToken = await generateAndSaveToken(dbUser.id)
const res = await request(app)
.delete(`/SASjsApi/user/${dbUser.id}`)
.auth(accessToken, { type: 'bearer' })
.send()
.expect(400)
expect(res.text).toEqual(`"password" is required`)
expect(res.body).toEqual({})
})
it('should respond with Unauthorized when access token is not present', async () => {
const res = await request(app)
.delete('/SASjsApi/user/1234')
.send(user)
.expect(401)
expect(res.text).toEqual('Unauthorized')
expect(res.body).toEqual({})
})
it('should respond with Unauthorized when access token is not of an admin account or himself', async () => {
const dbUser1 = await controller.createUser(user)
const dbUser2 = await controller.createUser({
...user,
username: 'randomUser'
})
const accessToken = await generateAndSaveToken(dbUser2.id)
const res = await request(app)
.delete(`/SASjsApi/user/${dbUser1.id}`)
.auth(accessToken, { type: 'bearer' })
.send(user)
.expect(401)
expect(res.text).toEqual('Admin account required')
expect(res.body).toEqual({})
})
it('should respond with Forbidden when user himself requests and password is incorrect', async () => {
const dbUser = await controller.createUser(user)
const accessToken = await generateAndSaveToken(dbUser.id)
const res = await request(app)
.delete(`/SASjsApi/user/${dbUser.id}`)
.auth(accessToken, { type: 'bearer' })
.send({ password: 'incorrectpassword' })
.expect(403)
expect(res.text).toEqual('Error: Invalid password.')
expect(res.body).toEqual({})
})
})
describe('get', () => {
let adminAccessToken: string
beforeEach(async () => {
adminAccessToken = await generateSaveTokenAndCreateUser()
})
afterEach(async () => {
await deleteAllUsers()
})
it('should respond with user', async () => {
const dbUser = await controller.createUser(user)
const userId = dbUser.id
const res = await request(app)
.get(`/SASjsApi/user/${userId}`)
.auth(adminAccessToken, { type: 'bearer' })
.send(user)
.expect(200)
expect(res.body.username).toEqual(user.username)
expect(res.body.displayName).toEqual(user.displayName)
expect(res.body.isAdmin).toEqual(user.isAdmin)
expect(res.body.isActive).toEqual(user.isActive)
})
it('should respond with user when access token is not of an admin account', async () => {
const accessToken = await generateSaveTokenAndCreateUser({
...user,
username: 'randomUser'
})
const dbUser = await controller.createUser(user)
const userId = dbUser.id
const res = await request(app)
.get(`/SASjsApi/user/${userId}`)
.auth(accessToken, { type: 'bearer' })
.send(user)
.expect(200)
expect(res.body.username).toEqual(user.username)
expect(res.body.displayName).toEqual(user.displayName)
expect(res.body.isAdmin).toEqual(user.isAdmin)
expect(res.body.isActive).toEqual(user.isActive)
})
it('should respond with Unauthorized if access token is not present', async () => {
const res = await request(app)
.get('/SASjsApi/user/1234')
.send(user)
.expect(401)
expect(res.text).toEqual('Unauthorized')
expect(res.body).toEqual({})
})
it('should respond with Forbidden if userId is incorrect', async () => {
await controller.createUser(user)
const res = await request(app)
.get('/SASjsApi/user/1234')
.auth(adminAccessToken, { type: 'bearer' })
.send(user)
.expect(403)
expect(res.text).toEqual('Error: User is not found.')
expect(res.body).toEqual({})
})
})
describe('getAll', () => {
let adminAccessToken: string
beforeEach(async () => {
adminAccessToken = await generateSaveTokenAndCreateUser()
})
afterEach(async () => {
await deleteAllUsers()
})
it('should respond with all users', async () => {
await controller.createUser(user)
const res = await request(app)
.get('/SASjsApi/user')
.auth(adminAccessToken, { type: 'bearer' })
.send(user)
.expect(200)
expect(res.body).toEqual([
{
id: expect.anything(),
username: adminUser.username,
displayName: adminUser.displayName
},
{
id: expect.anything(),
username: user.username,
displayName: user.displayName
}
])
})
it('should respond with all users when access token is not of an admin account', async () => {
const accessToken = await generateSaveTokenAndCreateUser({
...user,
username: 'randomUser'
})
const res = await request(app)
.get('/SASjsApi/user')
.auth(accessToken, { type: 'bearer' })
.send(user)
.expect(200)
expect(res.body).toEqual([
{
id: expect.anything(),
username: adminUser.username,
displayName: adminUser.displayName
},
{
id: expect.anything(),
username: 'randomUser',
displayName: user.displayName
}
])
})
it('should respond with Unauthorized if access token is not present', async () => {
const res = await request(app)
.get('/SASjsApi/user')
.send(user)
.expect(401)
expect(res.text).toEqual('Unauthorized')
expect(res.body).toEqual({})
})
})
}) })
const generateSaveTokenAndCreateUser = async (
someUser?: any
): Promise<string> => {
const dbUser = await controller.createUser(someUser ?? adminUser)
return generateAndSaveToken(dbUser.id)
}
const generateAndSaveToken = async (userId: number) => {
const adminAccessToken = generateAccessToken({
clientId,
userId
})
await saveTokensInDB(userId, clientId, adminAccessToken, 'refreshToken')
return adminAccessToken
}
const deleteAllUsers = async () => {
const { collections } = mongoose.connection
const collection = collections['users']
await collection.deleteMany({})
}