test(auth): added for authorize + token

src/routes/api/spec/auth.spec.ts

@@ -0,0 +1,276 @@
+import mongoose, { Mongoose } from 'mongoose'
+import { MongoMemoryServer } from 'mongodb-memory-server'
+import request from 'supertest'
+import app from '../../../app'
+import { createUser } from '../../../controllers/createUser'
+import { createClient } from '../../../controllers/createClient'
+import { generateAuthCode, populateClients, saveCode } from '../auth'
+import { InfoJWT } from '../../../types'
+
+const client = {
+  clientid: 'someclientID',
+  clientsecret: 'someclientSecret'
+}
+// const adminUser = {
+//   displayname: 'Test Admin',
+//   username: 'testAdminUsername',
+//   password: '12345678',
+//   isadmin: true,
+//   isactive: true
+// }
+const user = {
+  displayname: 'Test User',
+  username: 'testUsername',
+  password: '87654321',
+  isadmin: false,
+  isactive: true
+}
+
+describe('auth', () => {
+  let con: Mongoose
+  let mongoServer: MongoMemoryServer
+
+  beforeAll(async () => {
+    mongoServer = await MongoMemoryServer.create()
+    con = await mongoose.connect(mongoServer.getUri())
+    await createClient(client)
+    await populateClients()
+  })
+
+  afterAll(async () => {
+    if (con) {
+      await con.connection.dropDatabase()
+      await con.connection.close()
+    }
+    if (mongoServer) {
+      await mongoServer.stop()
+    }
+  })
+
+  describe('authorize', () => {
+    afterEach(async () => {
+      const collections = mongoose.connection.collections
+      const collection = collections['users']
+      await collection.deleteMany({})
+    })
+
+    it('should respond with authorization code', async () => {
+      await createUser(user)
+
+      const res = await request(app)
+        .post('/SASjsApi/auth/authorize')
+        .send({
+          username: user.username,
+          password: user.password,
+          client_id: client.clientid
+        })
+        .expect(200)
+
+      expect(res.body).toHaveProperty('code')
+    })
+
+    it('should respond with Bad Request if username is missing', async () => {
+      const res = await request(app)
+        .post('/SASjsApi/auth/authorize')
+        .send({
+          password: user.password,
+          client_id: client.clientid
+        })
+        .expect(400)
+
+      expect(res.text).toEqual(`"username" is required`)
+      expect(res.body).toEqual({})
+    })
+
+    it('should respond with Bad Request if password is missing', async () => {
+      const res = await request(app)
+        .post('/SASjsApi/auth/authorize')
+        .send({
+          username: user.username,
+          client_id: client.clientid
+        })
+        .expect(400)
+
+      expect(res.text).toEqual(`"password" is required`)
+      expect(res.body).toEqual({})
+    })
+
+    it('should respond with Bad Request if client_id is missing', async () => {
+      const res = await request(app)
+        .post('/SASjsApi/auth/authorize')
+        .send({
+          username: user.username,
+          password: user.password
+        })
+        .expect(400)
+
+      expect(res.text).toEqual(`"client_id" is required`)
+      expect(res.body).toEqual({})
+    })
+
+    it('should respond with Forbidden if username is incorrect', async () => {
+      const res = await request(app)
+        .post('/SASjsApi/auth/authorize')
+        .send({
+          username: user.username,
+          password: user.password,
+          client_id: client.clientid
+        })
+        .expect(403)
+
+      expect(res.text).toEqual('Username is not found.')
+      expect(res.body).toEqual({})
+    })
+
+    it('should respond with Forbidden if password is incorrect', async () => {
+      await createUser(user)
+
+      const res = await request(app)
+        .post('/SASjsApi/auth/authorize')
+        .send({
+          username: user.username,
+          password: 'WrongPassword',
+          client_id: client.clientid
+        })
+        .expect(403)
+
+      expect(res.text).toEqual('Invalid password.')
+      expect(res.body).toEqual({})
+    })
+
+    it('should respond with Forbidden if client_id is incorrect', async () => {
+      await createUser(user)
+
+      const res = await request(app)
+        .post('/SASjsApi/auth/authorize')
+        .send({
+          username: user.username,
+          password: user.password,
+          client_id: 'WrongClientID'
+        })
+        .expect(403)
+
+      expect(res.text).toEqual('Invalid client_id.')
+      expect(res.body).toEqual({})
+    })
+  })
+
+  describe('token', () => {
+    const userInfo: InfoJWT = {
+      client_id: client.clientid,
+      username: user.username,
+      isadmin: user.isadmin,
+      isactive: user.isactive
+    }
+    beforeAll(async () => {
+      await createUser(user)
+    })
+    afterAll(async () => {
+      const collections = mongoose.connection.collections
+      const collection = collections['users']
+      await collection.deleteMany({})
+    })
+
+    it('should respond with access and refresh tokens', async () => {
+      const code = saveCode(userInfo.client_id, generateAuthCode(userInfo))
+
+      const res = await request(app)
+        .post('/SASjsApi/auth/token')
+        .send({
+          client_id: client.clientid,
+          client_secret: client.clientsecret,
+          code
+        })
+        .expect(200)
+
+      expect(res.body).toHaveProperty('accessToken')
+      expect(res.body).toHaveProperty('refreshToken')
+    })
+
+    it('should respond with Bad Request if code is missing', async () => {
+      const res = await request(app)
+        .post('/SASjsApi/auth/token')
+        .send({
+          client_id: client.clientid,
+          client_secret: client.clientsecret
+        })
+        .expect(400)
+
+      expect(res.text).toEqual(`"code" is required`)
+      expect(res.body).toEqual({})
+    })
+
+    it('should respond with Bad Request if client_id is missing', async () => {
+      const code = saveCode(userInfo.client_id, generateAuthCode(userInfo))
+
+      const res = await request(app)
+        .post('/SASjsApi/auth/token')
+        .send({
+          client_secret: client.clientsecret,
+          code
+        })
+        .expect(400)
+
+      expect(res.text).toEqual(`"client_id" is required`)
+      expect(res.body).toEqual({})
+    })
+
+    it('should respond with Bad Request if client_secret is missing', async () => {
+      const code = saveCode(userInfo.client_id, generateAuthCode(userInfo))
+
+      const res = await request(app)
+        .post('/SASjsApi/auth/token')
+        .send({
+          client_id: client.clientid,
+          code
+        })
+        .expect(400)
+
+      expect(res.text).toEqual(`"client_secret" is required`)
+      expect(res.body).toEqual({})
+    })
+
+    it('should respond with Forbidden if code is invalid', async () => {
+      const res = await request(app)
+        .post('/SASjsApi/auth/token')
+        .send({
+          client_id: client.clientid,
+          client_secret: client.clientsecret,
+          code: 'InvalidCode'
+        })
+        .expect(403)
+
+      expect(res.body).toEqual({})
+    })
+
+    it('should respond with Forbidden if client_id is invalid', async () => {
+      const code = saveCode(userInfo.client_id, generateAuthCode(userInfo))
+
+      const res = await request(app)
+        .post('/SASjsApi/auth/token')
+        .send({
+          client_id: 'WrongClientID',
+          client_secret: client.clientsecret,
+          code
+        })
+        .expect(403)
+
+      expect(res.body).toEqual({})
+    })
+
+    it('should respond with Forbidden if client_secret is invalid', async () => {
+      const code = saveCode(userInfo.client_id, generateAuthCode(userInfo))
+
+      const res = await request(app)
+        .post('/SASjsApi/auth/token')
+        .send({
+          client_id: client.clientid,
+          client_secret: 'WrongClientSecret',
+          code
+        })
+        .expect(403)
+
+      expect(res.body).toEqual({})
+    })
+  })
+})