2020-04-22 17:24:15 +02:00
|
|
|
import supertest from 'supertest';
|
|
|
|
import should from 'should/as-function';
|
|
|
|
import db from '../db';
|
2020-04-22 17:38:24 +02:00
|
|
|
import UserModel from '../models/user';
|
2020-04-22 17:24:15 +02:00
|
|
|
|
|
|
|
|
|
|
|
describe('/user/new', () => {
|
|
|
|
let server;
|
|
|
|
|
|
|
|
before(done => {
|
|
|
|
process.env.port = '2999';
|
2020-04-22 17:38:24 +02:00
|
|
|
process.env.NODE_ENV = 'test';
|
2020-04-22 17:24:15 +02:00
|
|
|
db.connect('test', done);
|
|
|
|
});
|
|
|
|
beforeEach(done => {
|
|
|
|
delete require.cache[require.resolve('../index')]; // prevent loading from cache
|
|
|
|
server = require('../index');
|
|
|
|
db.drop(err => { // reset database
|
|
|
|
if (err) return done(err);
|
|
|
|
db.loadJson(require('../test/db.json'), done);
|
|
|
|
});
|
|
|
|
});
|
|
|
|
afterEach(done => {
|
|
|
|
server.close(done);
|
|
|
|
});
|
|
|
|
it('returns the added user data', done => {
|
|
|
|
supertest(server)
|
|
|
|
.post('/user/new')
|
2020-04-23 13:59:45 +02:00
|
|
|
.auth('admin', 'Abc123!#')
|
2020-04-22 17:24:15 +02:00
|
|
|
.send({email: 'john.doe@bosch.com', name: 'johndoe', pass: 'Abc123!#', level: 'read', location: 'Rng', device_name: 'Alpha II'})
|
|
|
|
.expect('Content-type', /json/)
|
2020-04-23 13:59:45 +02:00
|
|
|
.expect(200)
|
|
|
|
.end((err, res) => {
|
|
|
|
if (err) done (err);
|
2020-04-22 17:24:15 +02:00
|
|
|
should(res.body).have.property('_id').be.type('string');
|
|
|
|
should(res.body).have.property('email', 'john.doe@bosch.com');
|
|
|
|
should(res.body).have.property('name', 'johndoe');
|
|
|
|
should(res.body).have.property('level', 'read');
|
|
|
|
should(res.body).have.property('location', 'Rng');
|
|
|
|
should(res.body).have.property('device_name', 'Alpha II');
|
|
|
|
done();
|
|
|
|
});
|
|
|
|
});
|
|
|
|
it('stores the data', done => {
|
|
|
|
supertest(server)
|
|
|
|
.post('/user/new')
|
2020-04-23 13:59:45 +02:00
|
|
|
.auth('admin', 'Abc123!#')
|
2020-04-22 17:24:15 +02:00
|
|
|
.send({email: 'john.doe@bosch.com', name: 'johndoe', pass: 'Abc123!#', level: 'read', location: 'Rng', device_name: 'Alpha II'})
|
2020-04-23 13:59:45 +02:00
|
|
|
.expect(200)
|
|
|
|
.end(err => {
|
|
|
|
if (err) done (err);
|
2020-04-22 17:38:24 +02:00
|
|
|
UserModel.find({name: 'johndoe'}).lean().exec( 'find', (err, data) => {
|
2020-04-22 17:24:15 +02:00
|
|
|
if (err) return done(err);
|
|
|
|
should(data).have.lengthOf(1);
|
|
|
|
should(data[0]).have.only.keys('_id', 'name', 'pass', 'email', 'level', 'location', 'device_name', 'key', '__v');
|
|
|
|
should(data[0]).have.property('_id');
|
|
|
|
should(data[0]).have.property('name', 'johndoe');
|
|
|
|
should(data[0]).have.property('email', 'john.doe@bosch.com');
|
|
|
|
should(data[0]).have.property('pass').not.eql('Abc123!#');
|
|
|
|
should(data[0]).have.property('level', 'read');
|
|
|
|
should(data[0]).have.property('location', 'Rng');
|
|
|
|
should(data[0]).have.property('device_name', 'Alpha II');
|
|
|
|
done();
|
|
|
|
});
|
|
|
|
});
|
|
|
|
});
|
|
|
|
it('rejects a username already in use', done => {
|
|
|
|
supertest(server)
|
|
|
|
.post('/user/new')
|
2020-04-23 13:59:45 +02:00
|
|
|
.auth('admin', 'Abc123!#')
|
2020-04-22 17:24:15 +02:00
|
|
|
.send({email: 'j.doe@bosch.com', name: 'janedoe', pass: 'Abc123!#', level: 'read', location: 'Rng', device_name: 'Alpha II'})
|
2020-04-23 13:59:45 +02:00
|
|
|
.expect(400)
|
|
|
|
.end((err, res) => {
|
|
|
|
if (err) done (err);
|
2020-04-22 17:38:24 +02:00
|
|
|
should(res.body).be.eql({status: 'Username already taken'});
|
|
|
|
UserModel.find({name: 'janedoe'}).lean().exec( 'find', (err, data) => {
|
2020-04-22 17:24:15 +02:00
|
|
|
if (err) return done(err);
|
|
|
|
should(data).have.lengthOf(1);
|
|
|
|
done();
|
|
|
|
});
|
|
|
|
});
|
2020-04-23 13:59:45 +02:00
|
|
|
});
|
|
|
|
it('rejects requests from non-admins', done => {
|
|
|
|
supertest(server)
|
|
|
|
.post('/user/new')
|
|
|
|
.auth('janedoe', 'Abc123!#')
|
|
|
|
.send({email: 'john.doe@bosch.com', name: 'johndoe', pass: 'Abc123!#', level: 'read', location: 'Rng', device_name: 'Alpha II'})
|
|
|
|
.expect('Content-type', /json/)
|
|
|
|
.expect(403)
|
|
|
|
.end((err, res) => {
|
|
|
|
if (err) done (err);
|
|
|
|
should(res.body).be.eql({status: 'Forbidden'});
|
|
|
|
done();
|
|
|
|
});
|
|
|
|
});
|
|
|
|
it('rejects requests from an admin API key', done => {
|
|
|
|
supertest(server)
|
|
|
|
.post('/user/new?key=5ea131671feb9c2ee0aafc9a')
|
|
|
|
.send({email: 'john.doe@bosch.com', name: 'johndoe', pass: 'Abc123!#', level: 'read', location: 'Rng', device_name: 'Alpha II'})
|
|
|
|
.expect('Content-type', /json/)
|
|
|
|
.expect(401)
|
|
|
|
.end((err, res) => {
|
|
|
|
if (err) done (err);
|
|
|
|
should(res.body).be.eql({status: 'Unauthorized'});
|
|
|
|
done();
|
|
|
|
});
|
|
|
|
});
|
2020-04-23 17:46:00 +02:00
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
describe('/user/passreset', () => {
|
|
|
|
let server;
|
|
|
|
|
|
|
|
before(done => {
|
|
|
|
process.env.port = '2999';
|
|
|
|
process.env.NODE_ENV = 'test';
|
|
|
|
db.connect('test', done);
|
|
|
|
});
|
|
|
|
beforeEach(done => {
|
|
|
|
delete require.cache[require.resolve('../index')]; // prevent loading from cache
|
|
|
|
server = require('../index');
|
|
|
|
db.drop(err => { // reset database
|
|
|
|
if (err) return done(err);
|
|
|
|
db.loadJson(require('../test/db.json'), done);
|
|
|
|
});
|
|
|
|
});
|
|
|
|
afterEach(done => {
|
|
|
|
server.close(done);
|
|
|
|
});
|
|
|
|
it('returns the ok response', done => {
|
|
|
|
supertest(server)
|
|
|
|
.post('/user/passreset')
|
|
|
|
.send({
|
|
|
|
email: 'jane.doe@bosch.com',
|
|
|
|
name: 'janedoe'
|
|
|
|
})
|
|
|
|
.expect('Content-type', /json/)
|
|
|
|
.expect(200)
|
|
|
|
.end((err, res) => {
|
|
|
|
if (err) done(err);
|
|
|
|
should(res.body).be.eql({status: 'OK'});
|
|
|
|
done();
|
|
|
|
});
|
|
|
|
});
|
|
|
|
it('returns 404 for wrong username/email combo', done => {
|
|
|
|
supertest(server)
|
|
|
|
.post('/user/passreset')
|
|
|
|
.send({
|
|
|
|
email: 'jane.doe@bosch.com',
|
|
|
|
name: 'admin'
|
|
|
|
})
|
|
|
|
.expect('Content-type', /json/)
|
|
|
|
.expect(404)
|
|
|
|
.end((err, res) => {
|
|
|
|
if (err) done(err);
|
|
|
|
should(res.body).be.eql({status: 'Not found'});
|
|
|
|
done();
|
|
|
|
});
|
|
|
|
});
|
|
|
|
it('returns 404 for unknown username', done => {
|
|
|
|
supertest(server)
|
|
|
|
.post('/user/passreset')
|
|
|
|
.send({
|
|
|
|
email: 'jane.doe@bosch.com',
|
|
|
|
name: 'admin'
|
|
|
|
})
|
|
|
|
.expect('Content-type', /json/)
|
|
|
|
.expect(404)
|
|
|
|
.end((err, res) => {
|
|
|
|
if (err) done(err);
|
|
|
|
should(res.body).be.eql({status: 'Not found'});
|
|
|
|
done();
|
|
|
|
});
|
|
|
|
});
|
|
|
|
it('changes the user password', done => {
|
2020-04-24 10:53:45 +02:00
|
|
|
UserModel.find({name: 'janedoe'}).lean().exec( 'find', (err, data: any) => {
|
2020-04-23 17:46:00 +02:00
|
|
|
if (err) return done(err);
|
|
|
|
const oldpass = data[0].pass;
|
|
|
|
supertest(server)
|
|
|
|
.post('/user/passreset')
|
|
|
|
.send({
|
|
|
|
email: 'jane.doe@bosch.com',
|
|
|
|
name: 'janedoe'
|
|
|
|
})
|
|
|
|
.expect('Content-type', /json/)
|
|
|
|
.expect(200)
|
|
|
|
.end((err, res) => {
|
|
|
|
if (err) done(err);
|
|
|
|
should(res.body).be.eql({status: 'OK'});
|
2020-04-24 10:53:45 +02:00
|
|
|
UserModel.find({name: 'janedoe'}).lean().exec( (err, data: any) => {
|
2020-04-23 17:46:00 +02:00
|
|
|
if (err) return done(err);
|
2020-04-24 10:53:45 +02:00
|
|
|
console.log(data);
|
2020-04-23 17:46:00 +02:00
|
|
|
should(data[0].pass).not.eql(oldpass);
|
|
|
|
done();
|
|
|
|
});
|
|
|
|
});
|
|
|
|
});
|
|
|
|
});
|
2020-04-22 17:24:15 +02:00
|
|
|
});
|