Archived
2
This repository has been archived on 2023-03-02. You can view files and clone it, but cannot push or open issues or pull requests.
definma-api/src/routes/user.spec.ts

636 lines
20 KiB
TypeScript
Raw Normal View History

import supertest from 'supertest';
import should from 'should/as-function';
import db from '../db';
2020-04-22 17:38:24 +02:00
import UserModel from '../models/user';
2020-04-24 12:25:32 +02:00
describe('GET /users', () => {
let server;
before(done => {
process.env.port = '2999';
process.env.NODE_ENV = 'test';
db.connect('test', done);
});
beforeEach(done => {
delete require.cache[require.resolve('../index')]; // prevent loading from cache
server = require('../index');
db.drop(err => { // reset database
if (err) return done(err);
db.loadJson(require('../test/db.json'), done);
});
});
afterEach(done => {
server.close(done);
});
it('returns all users', done => {
supertest(server)
.get('/users')
.auth('admin', 'Abc123!#')
.expect('Content-type', /json/)
.expect(200)
.end((err, res) => {
if (err) done (err);
const json = require('../test/db.json');
should(res.body).have.lengthOf(json.collections.users.length);
should(res.body).matchEach(user => {
should(user).have.only.keys('_id', 'email', 'name', 'level', 'location', 'device_name');
should(user).have.property('_id').be.type('string');
should(user).have.property('email').be.type('string');
should(user).have.property('name').be.type('string');
should(user).have.property('level').be.type('string');
should(user).have.property('location').be.type('string');
should(user).have.property('device_name').be.type('string');
});
done();
});
});
it('rejects requests from non-admins', done => {
supertest(server)
.get('/users')
.auth('janedoe', 'Xyz890*)')
.expect('Content-type', /json/)
.expect(403)
.end((err, res) => {
if (err) done (err);
should(res.body).be.eql({status: 'Forbidden'});
done();
});
});
it('rejects requests from an admin API key', done => {
supertest(server)
.get('/users?key=5ea131671feb9c2ee0aafc9a')
.expect('Content-type', /json/)
.expect(401)
.end((err, res) => {
if (err) done (err);
should(res.body).be.eql({status: 'Unauthorized'});
done();
});
});
});
describe('GET /user/{name}', () => {
let server;
before(done => {
process.env.port = '2999';
process.env.NODE_ENV = 'test';
db.connect('test', done);
});
beforeEach(done => {
delete require.cache[require.resolve('../index')]; // prevent loading from cache
server = require('../index');
db.drop(err => { // reset database
if (err) return done(err);
db.loadJson(require('../test/db.json'), done);
});
});
afterEach(done => {
server.close(done);
});
it('returns own user details', done => {
supertest(server)
.get('/user')
.auth('janedoe', 'Xyz890*)')
.expect('Content-type', /json/)
.expect(200)
.end((err, res) => {
if (err) done (err);
should(res.body).have.only.keys('_id', 'email', 'name', 'level', 'location', 'device_name');
should(res.body).have.property('_id').be.type('string');
should(res.body).have.property('email', 'jane.doe@bosch.com');
should(res.body).have.property('name', 'janedoe');
should(res.body).have.property('level', 'write');
should(res.body).have.property('location', 'Rng');
should(res.body).have.property('device_name', 'Alpha I');
done();
});
});
it('returns other user details for admin', done => {
supertest(server)
.get('/user/janedoe')
.auth('admin', 'Abc123!#')
.expect('Content-type', /json/)
.expect(200)
.end((err, res) => {
if (err) done (err);
should(res.body).have.only.keys('_id', 'email', 'name', 'level', 'location', 'device_name');
should(res.body).have.property('_id').be.type('string');
should(res.body).have.property('email', 'jane.doe@bosch.com');
should(res.body).have.property('name', 'janedoe');
should(res.body).have.property('level', 'write');
should(res.body).have.property('location', 'Rng');
should(res.body).have.property('device_name', 'Alpha I');
done();
});
});
it('rejects requests from non-admins for another user', done => {
supertest(server)
.get('/user/admin')
.auth('janedoe', 'Xyz890*)')
.expect('Content-type', /json/)
.expect(403)
.end((err, res) => {
if (err) done (err);
should(res.body).be.eql({status: 'Forbidden'});
done();
});
});
it('rejects requests from a user API key', done => {
supertest(server)
.get('/user?key=5ea0450ed851c30a90e70899')
.expect('Content-type', /json/)
.expect(401)
.end((err, res) => {
if (err) done (err);
should(res.body).be.eql({status: 'Unauthorized'});
done();
});
});
it('rejects requests from an admin API key', done => {
supertest(server)
.get('/user/janedoe?key=5ea131671feb9c2ee0aafc9a')
.expect('Content-type', /json/)
.expect(401)
.end((err, res) => {
if (err) done (err);
should(res.body).be.eql({status: 'Unauthorized'});
done();
});
});
2020-04-24 17:36:39 +02:00
it('returns 404 for an unknown user', done => {
supertest(server)
.get('/user/unknown')
.auth('admin', 'Abc123!#')
.expect('Content-type', /json/)
.expect(404)
.end((err, res) => {
if (err) done (err);
should(res.body).be.eql({status: 'Not found'});
done();
});
});
2020-04-24 12:25:32 +02:00
});
describe('PUT /user/{name}', () => {
let server;
before(done => {
process.env.port = '2999';
process.env.NODE_ENV = 'test';
db.connect('test', done);
});
beforeEach(done => {
delete require.cache[require.resolve('../index')]; // prevent loading from cache
server = require('../index');
db.drop(err => { // reset database
if (err) return done(err);
db.loadJson(require('../test/db.json'), done);
});
});
afterEach(done => {
server.close(done);
});
it('returns own user details', done => {
supertest(server)
2020-04-24 17:36:39 +02:00
.put('/user')
.send({})
2020-04-24 12:25:32 +02:00
.auth('janedoe', 'Xyz890*)')
.expect('Content-type', /json/)
.expect(200)
.end((err, res) => {
if (err) done (err);
should(res.body).have.only.keys('_id', 'email', 'name', 'level', 'location', 'device_name');
should(res.body).have.property('_id').be.type('string');
should(res.body).have.property('email', 'jane.doe@bosch.com');
should(res.body).have.property('name', 'janedoe');
should(res.body).have.property('level', 'write');
should(res.body).have.property('location', 'Rng');
should(res.body).have.property('device_name', 'Alpha I');
done();
});
});
it('returns other user details for admin', done => {
supertest(server)
2020-04-24 17:36:39 +02:00
.put('/user/janedoe')
.send({})
2020-04-24 12:25:32 +02:00
.auth('admin', 'Abc123!#')
.expect('Content-type', /json/)
.expect(200)
.end((err, res) => {
if (err) done (err);
should(res.body).have.only.keys('_id', 'email', 'name', 'level', 'location', 'device_name');
should(res.body).have.property('_id').be.type('string');
should(res.body).have.property('email', 'jane.doe@bosch.com');
should(res.body).have.property('name', 'janedoe');
should(res.body).have.property('level', 'write');
should(res.body).have.property('location', 'Rng');
should(res.body).have.property('device_name', 'Alpha I');
done();
});
});
2020-04-24 17:36:39 +02:00
it('changes user details as given', done => {
supertest(server)
.put('/user')
.auth('admin', 'Abc123!#')
.send({name: 'adminnew', email: 'adminnew@bosch.com', pass: 'Abc123##', location: 'Abt', device_name: 'test'})
.expect(200)
.end(err => {
if (err) done (err);
UserModel.find({name: 'adminnew'}).lean().exec( 'find', (err, data) => {
if (err) return done(err);
should(data).have.lengthOf(1);
should(data[0]).have.only.keys('_id', 'name', 'pass', 'email', 'level', 'location', 'device_name', 'key', '__v');
should(data[0]).have.property('_id');
should(data[0]).have.property('name', 'adminnew');
should(data[0]).have.property('email', 'adminnew@bosch.com');
should(data[0]).have.property('pass').not.eql('Abc123##');
should(data[0]).have.property('level', 'admin');
should(data[0]).have.property('location', 'Abt');
should(data[0]).have.property('device_name', 'test');
done();
});
});
});
it('lets the admin change a user level', done => {
supertest(server)
.put('/user/janedoe')
.auth('admin', 'Abc123!#')
.send({level: 'read'})
.expect(200)
.end(err => {
if (err) done (err);
UserModel.find({name: 'janedoe'}).lean().exec( 'find', (err, data) => {
if (err) return done(err);
should(data).have.lengthOf(1);
should(data[0]).have.property('level', 'read');
done();
});
});
});
it('does not change the level', done => {
supertest(server)
.put('/user')
.auth('janedoe', 'Xyz890*)')
.send({level: 'read'})
.expect(400)
.end((err, res) => {
if (err) done (err);
should(res.body).be.eql({status: 'Invalid body format'});
UserModel.find({name: 'janedoe'}).lean().exec( 'find', (err, data) => {
if (err) return done(err);
should(data).have.lengthOf(1);
should(data[0]).have.property('level', 'write');
done();
});
});
});
it('rejects a username already in use', done => {
supertest(server)
.put('/user')
.auth('admin', 'Abc123!#')
.send({name: 'janedoe'})
.expect(400)
.end((err, res) => {
if (err) done (err);
should(res.body).be.eql({status: 'Username already taken'});
UserModel.find({name: 'janedoe'}).lean().exec( 'find', (err, data) => {
if (err) return done(err);
should(data).have.lengthOf(1);
done();
});
});
});
it('rejects invalid user details', done => {
supertest(server)
.put('/user')
.auth('admin', 'Abc123!#')
.send({email: 'john.doe@bosch.com', name: 'johndoe', pass: 'Abc123!#', location: 44, device_name: 'Alpha II'})
.expect(400)
.end((err, res) => {
if (err) done (err);
should(res.body).be.eql({status: 'Invalid body format'});
done();
});
});
it('rejects an invalid email address', done => {
supertest(server)
.put('/user')
.auth('admin', 'Abc123!#')
.send({email: 'john.doe'})
.expect(400)
.end((err, res) => {
if (err) done (err);
should(res.body).be.eql({status: 'Invalid body format'});
done();
});
});
it('rejects an invalid password', done => {
supertest(server)
.put('/user')
.auth('admin', 'Abc123!#')
.send({pass: 'password'})
.expect(400)
.end((err, res) => {
if (err) done (err);
should(res.body).be.eql({status: 'Invalid body format'});
done();
});
});
2020-04-24 12:25:32 +02:00
it('rejects requests from non-admins for another user', done => {
supertest(server)
2020-04-24 17:36:39 +02:00
.put('/user/admin')
.send({})
2020-04-24 12:25:32 +02:00
.auth('janedoe', 'Xyz890*)')
.expect('Content-type', /json/)
.expect(403)
.end((err, res) => {
if (err) done (err);
should(res.body).be.eql({status: 'Forbidden'});
done();
});
});
it('rejects requests from a user API key', done => {
supertest(server)
2020-04-24 17:36:39 +02:00
.put('/user?key=5ea0450ed851c30a90e70899')
.send({})
2020-04-24 12:25:32 +02:00
.expect('Content-type', /json/)
.expect(401)
.end((err, res) => {
if (err) done (err);
should(res.body).be.eql({status: 'Unauthorized'});
done();
});
});
it('rejects requests from an admin API key', done => {
supertest(server)
2020-04-24 17:36:39 +02:00
.put('/user/janedoe?key=5ea131671feb9c2ee0aafc9a')
.send({})
2020-04-24 12:25:32 +02:00
.expect('Content-type', /json/)
.expect(401)
.end((err, res) => {
if (err) done (err);
should(res.body).be.eql({status: 'Unauthorized'});
done();
});
});
2020-04-24 17:36:39 +02:00
it('returns 404 for an unknown user', done => {
supertest(server)
.put('/user/unknown')
.auth('admin', 'Abc123!#')
.send({})
.expect(404)
.end((err, res) => {
if (err) done (err);
should(res.body).be.eql({status: 'Not found'});
done();
});
});
2020-04-24 12:25:32 +02:00
});
describe('POST /user/new', () => {
let server;
before(done => {
process.env.port = '2999';
2020-04-22 17:38:24 +02:00
process.env.NODE_ENV = 'test';
db.connect('test', done);
});
beforeEach(done => {
delete require.cache[require.resolve('../index')]; // prevent loading from cache
server = require('../index');
db.drop(err => { // reset database
if (err) return done(err);
db.loadJson(require('../test/db.json'), done);
});
});
afterEach(done => {
server.close(done);
});
it('returns the added user data', done => {
supertest(server)
.post('/user/new')
2020-04-23 13:59:45 +02:00
.auth('admin', 'Abc123!#')
.send({email: 'john.doe@bosch.com', name: 'johndoe', pass: 'Abc123!#', level: 'read', location: 'Rng', device_name: 'Alpha II'})
.expect('Content-type', /json/)
2020-04-23 13:59:45 +02:00
.expect(200)
.end((err, res) => {
if (err) done (err);
2020-04-24 12:25:32 +02:00
should(res.body).have.only.keys('_id', 'email', 'name', 'level', 'location', 'device_name');
should(res.body).have.property('_id').be.type('string');
should(res.body).have.property('email', 'john.doe@bosch.com');
should(res.body).have.property('name', 'johndoe');
should(res.body).have.property('level', 'read');
should(res.body).have.property('location', 'Rng');
should(res.body).have.property('device_name', 'Alpha II');
done();
});
});
it('stores the data', done => {
supertest(server)
.post('/user/new')
2020-04-23 13:59:45 +02:00
.auth('admin', 'Abc123!#')
.send({email: 'john.doe@bosch.com', name: 'johndoe', pass: 'Abc123!#', level: 'read', location: 'Rng', device_name: 'Alpha II'})
2020-04-23 13:59:45 +02:00
.expect(200)
.end(err => {
if (err) done (err);
2020-04-22 17:38:24 +02:00
UserModel.find({name: 'johndoe'}).lean().exec( 'find', (err, data) => {
if (err) return done(err);
should(data).have.lengthOf(1);
should(data[0]).have.only.keys('_id', 'name', 'pass', 'email', 'level', 'location', 'device_name', 'key', '__v');
should(data[0]).have.property('_id');
should(data[0]).have.property('name', 'johndoe');
should(data[0]).have.property('email', 'john.doe@bosch.com');
should(data[0]).have.property('pass').not.eql('Abc123!#');
should(data[0]).have.property('level', 'read');
should(data[0]).have.property('location', 'Rng');
should(data[0]).have.property('device_name', 'Alpha II');
done();
});
});
});
it('rejects a username already in use', done => {
supertest(server)
.post('/user/new')
2020-04-23 13:59:45 +02:00
.auth('admin', 'Abc123!#')
.send({email: 'j.doe@bosch.com', name: 'janedoe', pass: 'Abc123!#', level: 'read', location: 'Rng', device_name: 'Alpha II'})
2020-04-23 13:59:45 +02:00
.expect(400)
.end((err, res) => {
if (err) done (err);
2020-04-22 17:38:24 +02:00
should(res.body).be.eql({status: 'Username already taken'});
UserModel.find({name: 'janedoe'}).lean().exec( 'find', (err, data) => {
if (err) return done(err);
should(data).have.lengthOf(1);
done();
});
});
2020-04-23 13:59:45 +02:00
});
2020-04-24 17:36:39 +02:00
it('rejects invalid user details', done => {
supertest(server)
.post('/user/new')
.auth('admin', 'Abc123!#')
.send({email: 'john.doe@bosch.com', name: 'johndoe', pass: 'Abc123!#', level: 'read', location: 44, device_name: 'Alpha II'})
.expect(400)
.end((err, res) => {
if (err) done (err);
should(res.body).be.eql({status: 'Invalid body format'});
done();
});
});
it('rejects an invalid user level', done => {
supertest(server)
.post('/user/new')
.auth('admin', 'Abc123!#')
.send({email: 'john.doe@bosch.com', name: 'johndoe', pass: 'Abc123!#', level: 'xxx', location: 'Rng', device_name: 'Alpha II'})
.expect(400)
.end((err, res) => {
if (err) done (err);
should(res.body).be.eql({status: 'Invalid body format'});
done();
});
});
it('rejects an invalid email address', done => {
supertest(server)
.post('/user/new')
.auth('admin', 'Abc123!#')
.send({email: 'john.doe', name: 'johndoe', pass: 'Abc123!#', level: 'read', location: 'Rng', device_name: 'Alpha II'})
.expect(400)
.end((err, res) => {
if (err) done (err);
should(res.body).be.eql({status: 'Invalid body format'});
done();
});
});
it('rejects an invalid password', done => {
supertest(server)
.post('/user/new')
.auth('admin', 'Abc123!#')
.send({email: 'john.doe@bosch.com', name: 'johndoe', pass: 'password', level: 'read', location: 'Rng', device_name: 'Alpha II'})
.expect(400)
.end((err, res) => {
if (err) done (err);
should(res.body).be.eql({status: 'Invalid body format'});
done();
});
});
2020-04-23 13:59:45 +02:00
it('rejects requests from non-admins', done => {
supertest(server)
.post('/user/new')
2020-04-24 12:25:32 +02:00
.auth('janedoe', 'Xyz890*)')
2020-04-23 13:59:45 +02:00
.send({email: 'john.doe@bosch.com', name: 'johndoe', pass: 'Abc123!#', level: 'read', location: 'Rng', device_name: 'Alpha II'})
.expect('Content-type', /json/)
.expect(403)
.end((err, res) => {
if (err) done (err);
should(res.body).be.eql({status: 'Forbidden'});
done();
});
});
it('rejects requests from an admin API key', done => {
supertest(server)
.post('/user/new?key=5ea131671feb9c2ee0aafc9a')
.send({email: 'john.doe@bosch.com', name: 'johndoe', pass: 'Abc123!#', level: 'read', location: 'Rng', device_name: 'Alpha II'})
.expect('Content-type', /json/)
.expect(401)
.end((err, res) => {
if (err) done (err);
should(res.body).be.eql({status: 'Unauthorized'});
done();
});
});
2020-04-23 17:46:00 +02:00
});
2020-04-24 12:25:32 +02:00
describe('POST /user/passreset', () => {
2020-04-23 17:46:00 +02:00
let server;
before(done => {
process.env.port = '2999';
process.env.NODE_ENV = 'test';
db.connect('test', done);
});
beforeEach(done => {
delete require.cache[require.resolve('../index')]; // prevent loading from cache
server = require('../index');
db.drop(err => { // reset database
if (err) return done(err);
db.loadJson(require('../test/db.json'), done);
});
});
afterEach(done => {
server.close(done);
});
it('returns the ok response', done => {
supertest(server)
.post('/user/passreset')
.send({
email: 'jane.doe@bosch.com',
name: 'janedoe'
})
.expect('Content-type', /json/)
.expect(200)
.end((err, res) => {
if (err) done(err);
should(res.body).be.eql({status: 'OK'});
done();
});
});
it('returns 404 for wrong username/email combo', done => {
supertest(server)
.post('/user/passreset')
.send({
email: 'jane.doe@bosch.com',
name: 'admin'
})
.expect('Content-type', /json/)
.expect(404)
.end((err, res) => {
if (err) done(err);
should(res.body).be.eql({status: 'Not found'});
done();
});
});
it('returns 404 for unknown username', done => {
supertest(server)
.post('/user/passreset')
.send({
email: 'jane.doe@bosch.com',
name: 'admin'
})
.expect('Content-type', /json/)
.expect(404)
.end((err, res) => {
if (err) done(err);
should(res.body).be.eql({status: 'Not found'});
done();
});
});
it('changes the user password', done => {
UserModel.find({name: 'janedoe'}).lean().exec( 'find', (err, data: any) => {
2020-04-23 17:46:00 +02:00
if (err) return done(err);
const oldpass = data[0].pass;
supertest(server)
.post('/user/passreset')
.send({
email: 'jane.doe@bosch.com',
name: 'janedoe'
})
.expect('Content-type', /json/)
.expect(200)
.end((err, res) => {
if (err) done(err);
should(res.body).be.eql({status: 'OK'});
UserModel.find({name: 'janedoe'}).lean().exec( (err, data: any) => {
2020-04-23 17:46:00 +02:00
if (err) return done(err);
should(data[0].pass).not.eql(oldpass);
done();
});
});
});
});
2020-04-24 12:25:32 +02:00
});