2020-04-22 17:24:15 +02:00
import should from 'should/as-function' ;
2020-04-22 17:38:24 +02:00
import UserModel from '../models/user' ;
2020-05-08 09:58:12 +02:00
import TestHelper from "../test/helper" ;
2020-04-22 17:24:15 +02:00
2020-04-27 11:44:28 +02:00
describe ( '/user' , ( ) = > {
2020-04-24 12:25:32 +02:00
let server ;
2020-04-27 11:44:28 +02:00
before ( done = > TestHelper . before ( done ) ) ;
beforeEach ( done = > server = TestHelper . beforeEach ( server , done ) ) ;
afterEach ( done = > TestHelper . afterEach ( server , done ) ) ;
2020-04-24 12:25:32 +02:00
2020-04-27 11:44:28 +02:00
describe ( 'GET /users' , ( ) = > {
it ( 'returns all users' , done = > {
TestHelper . request ( server , done , {
method : 'get' ,
url : '/users' ,
auth : { basic : 'admin' } ,
httpStatus : 200
} ) . end ( ( err , res ) = > {
if ( err ) return done ( err ) ;
2020-04-24 12:25:32 +02:00
const json = require ( '../test/db.json' ) ;
should ( res . body ) . have . lengthOf ( json . collections . users . length ) ;
should ( res . body ) . matchEach ( user = > {
should ( user ) . have . only . keys ( '_id' , 'email' , 'name' , 'level' , 'location' , 'device_name' ) ;
should ( user ) . have . property ( '_id' ) . be . type ( 'string' ) ;
should ( user ) . have . property ( 'email' ) . be . type ( 'string' ) ;
should ( user ) . have . property ( 'name' ) . be . type ( 'string' ) ;
should ( user ) . have . property ( 'level' ) . be . type ( 'string' ) ;
should ( user ) . have . property ( 'location' ) . be . type ( 'string' ) ;
should ( user ) . have . property ( 'device_name' ) . be . type ( 'string' ) ;
} ) ;
done ( ) ;
} ) ;
2020-04-27 11:44:28 +02:00
} ) ;
it ( 'rejects requests from non-admins' , done = > {
TestHelper . request ( server , done , {
method : 'get' ,
url : '/users' ,
auth : { basic : 'janedoe' } ,
httpStatus : 403
2020-04-24 12:25:32 +02:00
} ) ;
} ) ;
2020-04-27 11:44:28 +02:00
it ( 'rejects requests from an admin API key' , done = > {
TestHelper . request ( server , done , {
method : 'get' ,
url : '/users' ,
auth : { key : 'admin' } ,
httpStatus : 401
2020-04-24 12:25:32 +02:00
} ) ;
2020-04-27 11:44:28 +02:00
} ) ;
2020-04-29 12:10:27 +02:00
it ( 'rejects unauthorized requests' , done = > {
TestHelper . request ( server , done , {
method : 'get' ,
url : '/users' ,
httpStatus : 401
} ) ;
} ) ;
2020-04-24 12:25:32 +02:00
} ) ;
2020-04-27 11:44:28 +02:00
describe ( 'GET /user/{name}' , ( ) = > {
it ( 'returns own user details' , done = > {
TestHelper . request ( server , done , {
method : 'get' ,
url : '/user' ,
auth : { basic : 'janedoe' } ,
httpStatus : 200
} ) . end ( ( err , res ) = > {
if ( err ) return done ( err ) ;
2020-04-24 12:25:32 +02:00
should ( res . body ) . have . only . keys ( '_id' , 'email' , 'name' , 'level' , 'location' , 'device_name' ) ;
should ( res . body ) . have . property ( '_id' ) . be . type ( 'string' ) ;
should ( res . body ) . have . property ( 'email' , 'jane.doe@bosch.com' ) ;
should ( res . body ) . have . property ( 'name' , 'janedoe' ) ;
should ( res . body ) . have . property ( 'level' , 'write' ) ;
should ( res . body ) . have . property ( 'location' , 'Rng' ) ;
should ( res . body ) . have . property ( 'device_name' , 'Alpha I' ) ;
done ( ) ;
} ) ;
2020-04-27 11:44:28 +02:00
} ) ;
it ( 'returns other user details for admin' , done = > {
TestHelper . request ( server , done , {
method : 'get' ,
url : '/user/janedoe' ,
auth : { basic : 'admin' } ,
httpStatus : 200
} ) . end ( ( err , res ) = > {
if ( err ) return done ( err ) ;
should ( res . body ) . have . only . keys ( '_id' , 'email' , 'name' , 'level' , 'location' , 'device_name' ) ;
should ( res . body ) . have . property ( '_id' ) . be . type ( 'string' ) ;
should ( res . body ) . have . property ( 'email' , 'jane.doe@bosch.com' ) ;
should ( res . body ) . have . property ( 'name' , 'janedoe' ) ;
should ( res . body ) . have . property ( 'level' , 'write' ) ;
should ( res . body ) . have . property ( 'location' , 'Rng' ) ;
should ( res . body ) . have . property ( 'device_name' , 'Alpha I' ) ;
done ( ) ;
} ) ;
} ) ;
it ( 'rejects requests from non-admins for another user' , done = > {
TestHelper . request ( server , done , {
method : 'get' ,
url : '/user/admin' ,
auth : { basic : 'janedoe' } ,
httpStatus : 403
2020-04-24 12:25:32 +02:00
} ) ;
2020-04-27 11:44:28 +02:00
} ) ;
it ( 'rejects requests from a user API key' , done = > {
TestHelper . request ( server , done , {
method : 'get' ,
url : '/user' ,
auth : { key : 'janedoe' } ,
httpStatus : 401
2020-04-24 17:36:39 +02:00
} ) ;
2020-04-24 12:25:32 +02:00
} ) ;
2020-04-27 11:44:28 +02:00
it ( 'rejects requests from an admin API key' , done = > {
TestHelper . request ( server , done , {
method : 'get' ,
url : '/user/janedoe' ,
auth : { key : 'janedoe' } ,
httpStatus : 401
2020-04-24 12:25:32 +02:00
} ) ;
2020-04-27 11:44:28 +02:00
} ) ;
it ( 'returns 404 for an unknown user' , done = > {
TestHelper . request ( server , done , {
method : 'get' ,
url : '/user/unknown' ,
auth : { basic : 'admin' } ,
httpStatus : 404
2020-04-24 12:25:32 +02:00
} ) ;
2020-04-27 11:44:28 +02:00
} ) ;
2020-04-29 12:10:27 +02:00
it ( 'rejects requests from an admin API key' , done = > {
TestHelper . request ( server , done , {
method : 'get' ,
url : '/user/janedoe' ,
httpStatus : 401
} ) ;
} ) ;
2020-04-24 12:25:32 +02:00
} ) ;
2020-04-27 11:44:28 +02:00
describe ( 'PUT /user/{name}' , ( ) = > {
it ( 'returns own user details' , done = > {
TestHelper . request ( server , done , {
method : 'put' ,
url : '/user' ,
auth : { basic : 'janedoe' } ,
httpStatus : 200 ,
req : { }
} ) . end ( ( err , res ) = > {
if ( err ) return done ( err ) ;
should ( res . body ) . have . only . keys ( '_id' , 'email' , 'name' , 'level' , 'location' , 'device_name' ) ;
should ( res . body ) . have . property ( '_id' ) . be . type ( 'string' ) ;
should ( res . body ) . have . property ( 'email' , 'jane.doe@bosch.com' ) ;
should ( res . body ) . have . property ( 'name' , 'janedoe' ) ;
should ( res . body ) . have . property ( 'level' , 'write' ) ;
should ( res . body ) . have . property ( 'location' , 'Rng' ) ;
should ( res . body ) . have . property ( 'device_name' , 'Alpha I' ) ;
2020-04-24 17:36:39 +02:00
done ( ) ;
} ) ;
2020-04-27 11:44:28 +02:00
} ) ;
it ( 'returns other user details for admin' , done = > {
TestHelper . request ( server , done , {
method : 'put' ,
url : '/user/janedoe' ,
auth : { basic : 'admin' } ,
httpStatus : 200 ,
req : { }
} ) . end ( ( err , res ) = > {
if ( err ) return done ( err ) ;
should ( res . body ) . have . only . keys ( '_id' , 'email' , 'name' , 'level' , 'location' , 'device_name' ) ;
should ( res . body ) . have . property ( '_id' ) . be . type ( 'string' ) ;
should ( res . body ) . have . property ( 'email' , 'jane.doe@bosch.com' ) ;
should ( res . body ) . have . property ( 'name' , 'janedoe' ) ;
should ( res . body ) . have . property ( 'level' , 'write' ) ;
should ( res . body ) . have . property ( 'location' , 'Rng' ) ;
should ( res . body ) . have . property ( 'device_name' , 'Alpha I' ) ;
2020-04-24 17:36:39 +02:00
done ( ) ;
} ) ;
2020-04-27 11:44:28 +02:00
} ) ;
it ( 'changes user details as given' , done = > {
TestHelper . request ( server , done , {
method : 'put' ,
url : '/user' ,
auth : { basic : 'admin' } ,
httpStatus : 200 ,
req : { name : 'adminnew' , email : 'adminnew@bosch.com' , pass : 'Abc123##' , location : 'Abt' , device_name : 'test' }
} ) . end ( err = > {
if ( err ) return done ( err ) ;
2020-04-29 12:10:27 +02:00
UserModel . find ( { name : 'adminnew' } ) . lean ( ) . exec ( ( err , data ) = > {
2020-04-27 11:44:28 +02:00
if ( err ) return done ( err ) ;
should ( data ) . have . lengthOf ( 1 ) ;
should ( data [ 0 ] ) . have . only . keys ( '_id' , 'name' , 'pass' , 'email' , 'level' , 'location' , 'device_name' , 'key' , '__v' ) ;
should ( data [ 0 ] ) . have . property ( '_id' ) ;
should ( data [ 0 ] ) . have . property ( 'name' , 'adminnew' ) ;
should ( data [ 0 ] ) . have . property ( 'email' , 'adminnew@bosch.com' ) ;
should ( data [ 0 ] ) . have . property ( 'pass' ) . not . eql ( 'Abc123##' ) ;
should ( data [ 0 ] ) . have . property ( 'level' , 'admin' ) ;
should ( data [ 0 ] ) . have . property ( 'location' , 'Abt' ) ;
should ( data [ 0 ] ) . have . property ( 'device_name' , 'test' ) ;
done ( ) ;
} ) ;
2020-04-24 17:36:39 +02:00
} ) ;
2020-04-27 11:44:28 +02:00
} ) ;
it ( 'lets the admin change a user level' , done = > {
TestHelper . request ( server , done , {
method : 'put' ,
url : '/user/janedoe' ,
auth : { basic : 'admin' } ,
httpStatus : 200 ,
req : { level : 'read' }
} ) . end ( err = > {
if ( err ) return done ( err ) ;
2020-04-29 12:10:27 +02:00
UserModel . find ( { name : 'janedoe' } ) . lean ( ) . exec ( ( err , data ) = > {
2020-04-27 11:44:28 +02:00
if ( err ) return done ( err ) ;
should ( data ) . have . lengthOf ( 1 ) ;
should ( data [ 0 ] ) . have . property ( 'level' , 'read' ) ;
done ( ) ;
} ) ;
2020-04-24 17:36:39 +02:00
} ) ;
2020-04-27 11:44:28 +02:00
} ) ;
it ( 'does not change the level' , done = > {
TestHelper . request ( server , done , {
method : 'put' ,
url : '/user' ,
auth : { basic : 'janedoe' } ,
httpStatus : 400 , default : false ,
req : { level : 'read' }
} ) . end ( ( err , res ) = > {
if ( err ) return done ( err ) ;
2020-05-07 21:55:29 +02:00
should ( res . body ) . be . eql ( { status : 'Invalid body format' , details : '"level" is not allowed' } ) ;
2020-04-29 12:10:27 +02:00
UserModel . find ( { name : 'janedoe' } ) . lean ( ) . exec ( ( err , data ) = > {
2020-04-27 11:44:28 +02:00
if ( err ) return done ( err ) ;
should ( data ) . have . lengthOf ( 1 ) ;
should ( data [ 0 ] ) . have . property ( 'level' , 'write' ) ;
done ( ) ;
} ) ;
} ) ;
} ) ;
it ( 'rejects a username already in use' , done = > {
TestHelper . request ( server , done , {
method : 'put' ,
url : '/user' ,
auth : { basic : 'admin' } ,
httpStatus : 400 , default : false ,
req : { name : 'janedoe' }
} ) . end ( ( err , res ) = > {
if ( err ) return done ( err ) ;
should ( res . body ) . be . eql ( { status : 'Username already taken' } ) ;
2020-04-29 12:10:27 +02:00
UserModel . find ( { name : 'janedoe' } ) . lean ( ) . exec ( ( err , data ) = > {
2020-04-27 11:44:28 +02:00
if ( err ) return done ( err ) ;
should ( data ) . have . lengthOf ( 1 ) ;
done ( ) ;
} ) ;
} ) ;
} ) ;
2020-04-27 15:10:14 +02:00
it ( 'rejects a username which is in the special names' , done = > {
TestHelper . request ( server , done , {
method : 'post' ,
url : '/user/new' ,
auth : { basic : 'admin' } ,
httpStatus : 400 , default : false ,
req : { email : 'j.doe@bosch.com' , name : 'passreset' , pass : 'Abc123!#' , level : 'read' , location : 'Rng' , device_name : 'Alpha II' } ,
res : { status : 'Username already taken' }
} ) ;
} ) ;
2020-04-27 11:44:28 +02:00
it ( 'rejects invalid user details' , done = > {
TestHelper . request ( server , done , {
method : 'put' ,
url : '/user' ,
auth : { basic : 'admin' } ,
httpStatus : 400 ,
req : { email : 'john.doe@bosch.com' , name : 'johndoe' , pass : 'Abc123!#' , location : 44 , device_name : 'Alpha II' } ,
2020-05-07 21:55:29 +02:00
res : { status : 'Invalid body format' , details : '"location" must be a string' }
2020-04-24 17:36:39 +02:00
} ) ;
2020-04-27 11:44:28 +02:00
} ) ;
it ( 'rejects an invalid email address' , done = > {
TestHelper . request ( server , done , {
method : 'put' ,
url : '/user' ,
auth : { basic : 'admin' } ,
httpStatus : 400 ,
req : { email : 'john.doe' } ,
2020-05-07 21:55:29 +02:00
res : { status : 'Invalid body format' , details : '"email" must be a valid email' }
2020-04-24 17:36:39 +02:00
} ) ;
2020-04-27 11:44:28 +02:00
} ) ;
it ( 'rejects an invalid password' , done = > {
TestHelper . request ( server , done , {
method : 'put' ,
url : '/user' ,
auth : { basic : 'admin' } ,
httpStatus : 400 ,
req : { pass : 'password' } ,
2020-05-07 21:55:29 +02:00
res : { status : 'Invalid body format' , details : '"pass" with value "password" fails to match the required pattern: /^(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z])(?=.*[!"#%&\'()*+,-.\\/:;<=>?@[\\]^_`{|}~])(?=\\S+$).{8,}$/' }
2020-04-24 12:25:32 +02:00
} ) ;
2020-04-27 11:44:28 +02:00
} ) ;
it ( 'rejects requests from non-admins for another user' , done = > {
TestHelper . request ( server , done , {
method : 'put' ,
url : '/user/admin' ,
auth : { basic : 'janedoe' } ,
httpStatus : 403 ,
req : { }
2020-04-24 12:25:32 +02:00
} ) ;
2020-04-27 11:44:28 +02:00
} ) ;
it ( 'rejects requests from a user API key' , done = > {
TestHelper . request ( server , done , {
method : 'put' ,
url : '/user' ,
auth : { key : 'janedoe' } ,
httpStatus : 401 ,
req : { }
2020-04-24 12:25:32 +02:00
} ) ;
2020-04-27 11:44:28 +02:00
} ) ;
it ( 'rejects requests from an admin API key' , done = > {
TestHelper . request ( server , done , {
method : 'put' ,
url : '/user/janedoe' ,
auth : { key : 'admin' } ,
httpStatus : 401 ,
req : { }
2020-04-24 17:36:39 +02:00
} ) ;
2020-04-22 17:24:15 +02:00
} ) ;
2020-04-27 11:44:28 +02:00
it ( 'returns 404 for an unknown user' , done = > {
TestHelper . request ( server , done , {
method : 'put' ,
url : '/user/unknown' ,
auth : { basic : 'admin' } ,
httpStatus : 404 ,
req : { }
2020-04-22 17:24:15 +02:00
} ) ;
2020-04-27 11:44:28 +02:00
} ) ;
2020-04-29 12:10:27 +02:00
it ( 'rejects unauthorized requests' , done = > {
TestHelper . request ( server , done , {
method : 'put' ,
url : '/user/janedoe' ,
httpStatus : 401 ,
req : { }
} ) ;
} ) ;
2020-04-22 17:24:15 +02:00
} ) ;
2020-04-27 11:44:28 +02:00
2020-04-27 15:10:14 +02:00
describe ( 'DELETE /user/{name}' , ( ) = > {
it ( 'deletes own user details' , done = > {
TestHelper . request ( server , done , {
method : 'delete' ,
url : '/user' ,
auth : { basic : 'janedoe' } ,
httpStatus : 200
} ) . end ( ( err , res ) = > {
if ( err ) return done ( err ) ;
should ( res . body ) . be . eql ( { status : 'OK' } ) ;
2020-04-29 12:10:27 +02:00
UserModel . find ( { name : 'janedoe' } ) . lean ( ) . exec ( ( err , data ) = > {
2020-04-27 15:10:14 +02:00
if ( err ) return done ( err ) ;
should ( data ) . have . lengthOf ( 0 ) ;
done ( ) ;
} ) ;
} ) ;
} ) ;
it ( 'deletes other user details for admin' , done = > {
TestHelper . request ( server , done , {
method : 'delete' ,
url : '/user/janedoe' ,
auth : { basic : 'admin' } ,
httpStatus : 200
} ) . end ( ( err , res ) = > {
if ( err ) return done ( err ) ;
should ( res . body ) . be . eql ( { status : 'OK' } ) ;
2020-04-29 12:10:27 +02:00
UserModel . find ( { name : 'janedoe' } ) . lean ( ) . exec ( ( err , data ) = > {
2020-04-27 15:10:14 +02:00
if ( err ) return done ( err ) ;
should ( data ) . have . lengthOf ( 0 ) ;
done ( ) ;
} ) ;
} ) ;
} ) ;
it ( 'rejects requests from non-admins for another user' , done = > {
TestHelper . request ( server , done , {
method : 'delete' ,
url : '/user/admin' ,
auth : { basic : 'janedoe' } ,
httpStatus : 403
} ) ;
} ) ;
it ( 'rejects requests from a user API key' , done = > {
TestHelper . request ( server , done , {
method : 'delete' ,
url : '/user' ,
auth : { key : 'janedoe' } ,
httpStatus : 401
} ) ;
} ) ;
it ( 'rejects requests from an admin API key' , done = > {
TestHelper . request ( server , done , {
method : 'delete' ,
url : '/user/janedoe' ,
auth : { key : 'admin' } ,
httpStatus : 401
} ) ;
} ) ;
it ( 'returns 404 for an unknown user' , done = > {
TestHelper . request ( server , done , {
method : 'delete' ,
url : '/user/unknown' ,
auth : { basic : 'admin' } ,
httpStatus : 404
} ) ;
} ) ;
2020-04-29 12:10:27 +02:00
it ( 'rejects unauthorized requests' , done = > {
TestHelper . request ( server , done , {
method : 'delete' ,
url : '/user/janedoe' ,
httpStatus : 401
} ) ;
} ) ;
} ) ;
describe ( 'GET /user/key' , ( ) = > {
it ( 'returns the right API key' , done = > {
TestHelper . request ( server , done , {
method : 'get' ,
url : '/user/key' ,
auth : { basic : 'janedoe' } ,
httpStatus : 200 ,
res : { key : TestHelper.auth.janedoe.key }
} ) ;
} ) ;
it ( 'rejects requests from an API key' , done = > {
TestHelper . request ( server , done , {
method : 'get' ,
url : '/user/key' ,
auth : { key : 'janedoe' } ,
httpStatus : 401
} ) ;
} ) ;
it ( 'rejects requests from an API key' , done = > {
TestHelper . request ( server , done , {
method : 'get' ,
url : '/user/key' ,
httpStatus : 401
} ) ;
} ) ;
2020-04-27 15:10:14 +02:00
} ) ;
2020-04-27 11:44:28 +02:00
describe ( 'POST /user/new' , ( ) = > {
it ( 'returns the added user data' , done = > {
TestHelper . request ( server , done , {
method : 'post' ,
url : '/user/new' ,
auth : { basic : 'admin' } ,
httpStatus : 200 ,
req : { email : 'john.doe@bosch.com' , name : 'johndoe' , pass : 'Abc123!#' , level : 'read' , location : 'Rng' , device_name : 'Alpha II' }
} ) . end ( ( err , res ) = > {
if ( err ) return done ( err ) ;
should ( res . body ) . have . only . keys ( '_id' , 'email' , 'name' , 'level' , 'location' , 'device_name' ) ;
should ( res . body ) . have . property ( '_id' ) . be . type ( 'string' ) ;
should ( res . body ) . have . property ( 'email' , 'john.doe@bosch.com' ) ;
should ( res . body ) . have . property ( 'name' , 'johndoe' ) ;
should ( res . body ) . have . property ( 'level' , 'read' ) ;
should ( res . body ) . have . property ( 'location' , 'Rng' ) ;
should ( res . body ) . have . property ( 'device_name' , 'Alpha II' ) ;
2020-04-22 17:24:15 +02:00
done ( ) ;
} ) ;
2020-04-27 11:44:28 +02:00
} ) ;
it ( 'stores the data' , done = > {
TestHelper . request ( server , done , {
method : 'post' ,
url : '/user/new' ,
auth : { basic : 'admin' } ,
httpStatus : 200 ,
req : { email : 'john.doe@bosch.com' , name : 'johndoe' , pass : 'Abc123!#' , level : 'read' , location : 'Rng' , device_name : 'Alpha II' }
} ) . end ( err = > {
if ( err ) return done ( err ) ;
2020-04-29 12:10:27 +02:00
UserModel . find ( { name : 'johndoe' } ) . lean ( ) . exec ( ( err , data ) = > {
2020-04-27 11:44:28 +02:00
if ( err ) return done ( err ) ;
should ( data ) . have . lengthOf ( 1 ) ;
should ( data [ 0 ] ) . have . only . keys ( '_id' , 'name' , 'pass' , 'email' , 'level' , 'location' , 'device_name' , 'key' , '__v' ) ;
should ( data [ 0 ] ) . have . property ( '_id' ) ;
should ( data [ 0 ] ) . have . property ( 'name' , 'johndoe' ) ;
should ( data [ 0 ] ) . have . property ( 'email' , 'john.doe@bosch.com' ) ;
should ( data [ 0 ] ) . have . property ( 'pass' ) . not . eql ( 'Abc123!#' ) ;
should ( data [ 0 ] ) . have . property ( 'level' , 'read' ) ;
should ( data [ 0 ] ) . have . property ( 'location' , 'Rng' ) ;
should ( data [ 0 ] ) . have . property ( 'device_name' , 'Alpha II' ) ;
done ( ) ;
} ) ;
2020-04-22 17:24:15 +02:00
} ) ;
2020-04-27 11:44:28 +02:00
} ) ;
it ( 'rejects a username already in use' , done = > {
TestHelper . request ( server , done , {
method : 'post' ,
url : '/user/new' ,
auth : { basic : 'admin' } ,
httpStatus : 400 , default : false ,
req : { email : 'j.doe@bosch.com' , name : 'janedoe' , pass : 'Abc123!#' , level : 'read' , location : 'Rng' , device_name : 'Alpha II' }
} ) . end ( ( err , res ) = > {
if ( err ) return done ( err ) ;
should ( res . body ) . be . eql ( { status : 'Username already taken' } ) ;
2020-04-29 12:10:27 +02:00
UserModel . find ( { name : 'janedoe' } ) . lean ( ) . exec ( ( err , data ) = > {
2020-04-27 11:44:28 +02:00
if ( err ) return done ( err ) ;
should ( data ) . have . lengthOf ( 1 ) ;
done ( ) ;
} ) ;
} ) ;
} ) ;
2020-04-27 15:10:14 +02:00
it ( 'rejects a username which is in the special names' , done = > {
TestHelper . request ( server , done , {
method : 'post' ,
url : '/user/new' ,
auth : { basic : 'admin' } ,
httpStatus : 400 , default : false ,
req : { email : 'j.doe@bosch.com' , name : 'passreset' , pass : 'Abc123!#' , level : 'read' , location : 'Rng' , device_name : 'Alpha II' } ,
res : { status : 'Username already taken' }
} ) ;
} ) ;
2020-04-27 11:44:28 +02:00
it ( 'rejects invalid user details' , done = > {
TestHelper . request ( server , done , {
method : 'post' ,
url : '/user/new' ,
auth : { basic : 'admin' } ,
httpStatus : 400 ,
req : { email : 'john.doe@bosch.com' , name : 'johndoe' , pass : 'Abc123!#' , level : 'read' , location : 44 , device_name : 'Alpha II' } ,
2020-05-07 21:55:29 +02:00
res : { status : 'Invalid body format' , details : '"location" must be a string' }
2020-04-22 17:24:15 +02:00
} ) ;
2020-04-27 11:44:28 +02:00
} ) ;
it ( 'rejects an invalid user level' , done = > {
TestHelper . request ( server , done , {
method : 'post' ,
url : '/user/new' ,
auth : { basic : 'admin' } ,
httpStatus : 400 ,
req : { email : 'john.doe@bosch.com' , name : 'johndoe' , pass : 'Abc123!#' , level : 'xxx' , location : 'Rng' , device_name : 'Alpha II' } ,
2020-05-07 21:55:29 +02:00
res : { status : 'Invalid body format' , details : '"level" must be one of [read, write, maintain, dev, admin]' }
2020-04-24 17:36:39 +02:00
} ) ;
2020-04-27 11:44:28 +02:00
} ) ;
it ( 'rejects an invalid email address' , done = > {
TestHelper . request ( server , done , {
method : 'post' ,
url : '/user/new' ,
auth : { basic : 'admin' } ,
httpStatus : 400 ,
req : { email : 'john.doe' , name : 'johndoe' , pass : 'Abc123!#' , level : 'read' , location : 'Rng' , device_name : 'Alpha II' } ,
2020-05-07 21:55:29 +02:00
res : { status : 'Invalid body format' , details : '"email" must be a valid email' }
2020-04-24 17:36:39 +02:00
} ) ;
2020-04-27 11:44:28 +02:00
} ) ;
it ( 'rejects an invalid password' , done = > {
TestHelper . request ( server , done , {
method : 'post' ,
url : '/user/new' ,
auth : { basic : 'admin' } ,
httpStatus : 400 ,
req : { email : 'john.doe@bosch.com' , name : 'johndoe' , pass : 'password' , level : 'read' , location : 'Rng' , device_name : 'Alpha II' } ,
2020-05-07 21:55:29 +02:00
res : { status : 'Invalid body format' , details : '"pass" with value "password" fails to match the required pattern: /^(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z])(?=.*[!"#%&\'()*+,-.\\/:;<=>?@[\\]^_`{|}~])(?=\\S+$).{8,}$/' }
2020-04-24 17:36:39 +02:00
} ) ;
2020-04-27 11:44:28 +02:00
} ) ;
it ( 'rejects requests from non-admins' , done = > {
TestHelper . request ( server , done , {
method : 'post' ,
url : '/user/new' ,
auth : { basic : 'janedoe' } ,
httpStatus : 403 ,
req : { email : 'john.doe@bosch.com' , name : 'johndoe' , pass : 'Abc123!#' , level : 'read' , location : 'Rng' , device_name : 'Alpha II' }
2020-04-23 13:59:45 +02:00
} ) ;
2020-04-27 11:44:28 +02:00
} ) ;
it ( 'rejects requests from an admin API key' , done = > {
TestHelper . request ( server , done , {
method : 'post' ,
url : '/user/new' ,
auth : { key : 'admin' } ,
httpStatus : 401 ,
req : { email : 'john.doe@bosch.com' , name : 'johndoe' , pass : 'Abc123!#' , level : 'read' , location : 'Rng' , device_name : 'Alpha II' }
2020-04-23 13:59:45 +02:00
} ) ;
2020-04-23 17:46:00 +02:00
} ) ;
2020-04-29 12:10:27 +02:00
it ( 'rejects unauthorized requests' , done = > {
TestHelper . request ( server , done , {
method : 'post' ,
url : '/user/new' ,
httpStatus : 401 ,
req : { email : 'john.doe@bosch.com' , name : 'johndoe' , pass : 'Abc123!#' , level : 'read' , location : 'Rng' , device_name : 'Alpha II' }
} ) ;
} ) ;
2020-04-23 17:46:00 +02:00
} ) ;
2020-04-27 11:44:28 +02:00
describe ( 'POST /user/passreset' , ( ) = > {
it ( 'returns the ok response' , done = > {
TestHelper . request ( server , done , {
method : 'post' ,
url : '/user/passreset' ,
httpStatus : 200 ,
req : { email : 'jane.doe@bosch.com' , name : 'janedoe' } ,
res : { status : 'OK' }
2020-04-23 17:46:00 +02:00
} ) ;
2020-04-27 11:44:28 +02:00
} ) ;
it ( 'returns 404 for wrong username/email combo' , done = > {
TestHelper . request ( server , done , {
method : 'post' ,
url : '/user/passreset' ,
httpStatus : 404 ,
req : { email : 'jane.doe@bosch.com' , name : 'admin' }
2020-04-23 17:46:00 +02:00
} ) ;
2020-04-27 11:44:28 +02:00
} ) ;
it ( 'returns 404 for unknown username' , done = > {
TestHelper . request ( server , done , {
method : 'post' ,
url : '/user/passreset' ,
httpStatus : 404 ,
req : { email : 'jane.doe@bosch.com' , name : 'username' }
2020-04-23 17:46:00 +02:00
} ) ;
2020-04-27 11:44:28 +02:00
} ) ;
it ( 'changes the user password' , done = > {
2020-04-29 12:10:27 +02:00
UserModel . find ( { name : 'janedoe' } ) . lean ( ) . exec ( ( err , data : any ) = > {
2020-04-27 11:44:28 +02:00
if ( err ) return done ( err ) ;
const oldpass = data [ 0 ] . pass ;
TestHelper . request ( server , done , {
method : 'post' ,
url : '/user/passreset' ,
httpStatus : 200 ,
req : { email : 'jane.doe@bosch.com' , name : 'janedoe' }
} ) . end ( ( err , res ) = > {
2020-04-23 17:46:00 +02:00
if ( err ) return done ( err ) ;
2020-04-27 11:44:28 +02:00
should ( res . body ) . be . eql ( { status : 'OK' } ) ;
UserModel . find ( { name : 'janedoe' } ) . lean ( ) . exec ( ( err , data : any ) = > {
if ( err ) return done ( err ) ;
should ( data [ 0 ] . pass ) . not . eql ( oldpass ) ;
done ( ) ;
} ) ;
2020-04-23 17:46:00 +02:00
} ) ;
2020-04-27 11:44:28 +02:00
} ) ;
2020-04-23 17:46:00 +02:00
} ) ;
} ) ;
2020-04-27 11:44:28 +02:00
} ) ;
