added GET /user route

src/routes/root.spec.ts

@@ -3,7 +3,7 @@ import should from 'should/as-function';
 import db from '../db';
 
 
-describe('/', () => {
+describe('GET /', () => {
   let server;
 
   before(done => {

src/routes/user.spec.ts

@@ -4,7 +4,258 @@ import db from '../db';
 import UserModel from '../models/user';
 
 
-describe('/user/new', () => {
+describe('GET /users', () => {
+  let server;
+
+  before(done => {
+    process.env.port = '2999';
+    process.env.NODE_ENV = 'test';
+    db.connect('test', done);
+  });
+  beforeEach(done => {
+    delete require.cache[require.resolve('../index')];  // prevent loading from cache
+    server = require('../index');
+    db.drop(err => {  // reset database
+      if (err) return done(err);
+      db.loadJson(require('../test/db.json'), done);
+    });
+  });
+  afterEach(done => {
+    server.close(done);
+  });
+  it('returns all users', done => {
+    supertest(server)
+      .get('/users')
+      .auth('admin', 'Abc123!#')
+      .expect('Content-type', /json/)
+      .expect(200)
+      .end((err, res) => {
+        if (err) done (err);
+        const json = require('../test/db.json');
+        should(res.body).have.lengthOf(json.collections.users.length);
+        should(res.body).matchEach(user => {
+          should(user).have.only.keys('_id', 'email', 'name', 'level', 'location', 'device_name');
+          should(user).have.property('_id').be.type('string');
+          should(user).have.property('email').be.type('string');
+          should(user).have.property('name').be.type('string');
+          should(user).have.property('level').be.type('string');
+          should(user).have.property('location').be.type('string');
+          should(user).have.property('device_name').be.type('string');
+        });
+        done();
+      });
+  });
+  it('rejects requests from non-admins', done => {
+    supertest(server)
+      .get('/users')
+      .auth('janedoe', 'Xyz890*)')
+      .expect('Content-type', /json/)
+      .expect(403)
+      .end((err, res) => {
+        if (err) done (err);
+        should(res.body).be.eql({status: 'Forbidden'});
+        done();
+      });
+  });
+  it('rejects requests from an admin API key', done => {
+    supertest(server)
+      .get('/users?key=5ea131671feb9c2ee0aafc9a')
+      .expect('Content-type', /json/)
+      .expect(401)
+      .end((err, res) => {
+        if (err) done (err);
+        should(res.body).be.eql({status: 'Unauthorized'});
+        done();
+      });
+  });
+});
+
+
+describe('GET /user/{name}', () => {
+  let server;
+
+  before(done => {
+    process.env.port = '2999';
+    process.env.NODE_ENV = 'test';
+    db.connect('test', done);
+  });
+  beforeEach(done => {
+    delete require.cache[require.resolve('../index')];  // prevent loading from cache
+    server = require('../index');
+    db.drop(err => {  // reset database
+      if (err) return done(err);
+      db.loadJson(require('../test/db.json'), done);
+    });
+  });
+  afterEach(done => {
+    server.close(done);
+  });
+  it('returns own user details', done => {
+    supertest(server)
+      .get('/user')
+      .auth('janedoe', 'Xyz890*)')
+      .expect('Content-type', /json/)
+      .expect(200)
+      .end((err, res) => {
+        if (err) done (err);
+        should(res.body).have.only.keys('_id', 'email', 'name', 'level', 'location', 'device_name');
+        should(res.body).have.property('_id').be.type('string');
+        should(res.body).have.property('email', 'jane.doe@bosch.com');
+        should(res.body).have.property('name', 'janedoe');
+        should(res.body).have.property('level', 'write');
+        should(res.body).have.property('location', 'Rng');
+        should(res.body).have.property('device_name', 'Alpha I');
+        done();
+      });
+  });
+  it('returns other user details for admin', done => {
+    supertest(server)
+      .get('/user/janedoe')
+      .auth('admin', 'Abc123!#')
+      .expect('Content-type', /json/)
+      .expect(200)
+      .end((err, res) => {
+        if (err) done (err);
+        should(res.body).have.only.keys('_id', 'email', 'name', 'level', 'location', 'device_name');
+        should(res.body).have.property('_id').be.type('string');
+        should(res.body).have.property('email', 'jane.doe@bosch.com');
+        should(res.body).have.property('name', 'janedoe');
+        should(res.body).have.property('level', 'write');
+        should(res.body).have.property('location', 'Rng');
+        should(res.body).have.property('device_name', 'Alpha I');
+        done();
+      });
+  });
+  it('rejects requests from non-admins for another user', done => {
+    supertest(server)
+      .get('/user/admin')
+      .auth('janedoe', 'Xyz890*)')
+      .expect('Content-type', /json/)
+      .expect(403)
+      .end((err, res) => {
+        if (err) done (err);
+        should(res.body).be.eql({status: 'Forbidden'});
+        done();
+      });
+  });
+  it('rejects requests from a user API key', done => {
+    supertest(server)
+      .get('/user?key=5ea0450ed851c30a90e70899')
+      .expect('Content-type', /json/)
+      .expect(401)
+      .end((err, res) => {
+        if (err) done (err);
+        should(res.body).be.eql({status: 'Unauthorized'});
+        done();
+      });
+  });
+  it('rejects requests from an admin API key', done => {
+    supertest(server)
+      .get('/user/janedoe?key=5ea131671feb9c2ee0aafc9a')
+      .expect('Content-type', /json/)
+      .expect(401)
+      .end((err, res) => {
+        if (err) done (err);
+        should(res.body).be.eql({status: 'Unauthorized'});
+        done();
+      });
+  });
+});
+
+
+describe('PUT /user/{name}', () => {
+  let server;
+
+  before(done => {
+    process.env.port = '2999';
+    process.env.NODE_ENV = 'test';
+    db.connect('test', done);
+  });
+  beforeEach(done => {
+    delete require.cache[require.resolve('../index')];  // prevent loading from cache
+    server = require('../index');
+    db.drop(err => {  // reset database
+      if (err) return done(err);
+      db.loadJson(require('../test/db.json'), done);
+    });
+  });
+  afterEach(done => {
+    server.close(done);
+  });
+  it('returns own user details', done => {
+    supertest(server)
+      .get('/user')
+      .auth('janedoe', 'Xyz890*)')
+      .expect('Content-type', /json/)
+      .expect(200)
+      .end((err, res) => {
+        if (err) done (err);
+        should(res.body).have.only.keys('_id', 'email', 'name', 'level', 'location', 'device_name');
+        should(res.body).have.property('_id').be.type('string');
+        should(res.body).have.property('email', 'jane.doe@bosch.com');
+        should(res.body).have.property('name', 'janedoe');
+        should(res.body).have.property('level', 'write');
+        should(res.body).have.property('location', 'Rng');
+        should(res.body).have.property('device_name', 'Alpha I');
+        done();
+      });
+  });
+  it('returns other user details for admin', done => {
+    supertest(server)
+      .get('/user/janedoe')
+      .auth('admin', 'Abc123!#')
+      .expect('Content-type', /json/)
+      .expect(200)
+      .end((err, res) => {
+        if (err) done (err);
+        should(res.body).have.only.keys('_id', 'email', 'name', 'level', 'location', 'device_name');
+        should(res.body).have.property('_id').be.type('string');
+        should(res.body).have.property('email', 'jane.doe@bosch.com');
+        should(res.body).have.property('name', 'janedoe');
+        should(res.body).have.property('level', 'write');
+        should(res.body).have.property('location', 'Rng');
+        should(res.body).have.property('device_name', 'Alpha I');
+        done();
+      });
+  });
+  it('rejects requests from non-admins for another user', done => {
+    supertest(server)
+      .get('/user/admin')
+      .auth('janedoe', 'Xyz890*)')
+      .expect('Content-type', /json/)
+      .expect(403)
+      .end((err, res) => {
+        if (err) done (err);
+        should(res.body).be.eql({status: 'Forbidden'});
+        done();
+      });
+  });
+  it('rejects requests from a user API key', done => {
+    supertest(server)
+      .get('/user?key=5ea0450ed851c30a90e70899')
+      .expect('Content-type', /json/)
+      .expect(401)
+      .end((err, res) => {
+        if (err) done (err);
+        should(res.body).be.eql({status: 'Unauthorized'});
+        done();
+      });
+  });
+  it('rejects requests from an admin API key', done => {
+    supertest(server)
+      .get('/user/janedoe?key=5ea131671feb9c2ee0aafc9a')
+      .expect('Content-type', /json/)
+      .expect(401)
+      .end((err, res) => {
+        if (err) done (err);
+        should(res.body).be.eql({status: 'Unauthorized'});
+        done();
+      });
+  });
+});
+
+
+describe('POST /user/new', () => {
   let server;
 
   before(done => {
@@ -32,6 +283,7 @@ describe('/user/new', () => {
       .expect(200)
       .end((err, res) => {
         if (err) done (err);
+        should(res.body).have.only.keys('_id', 'email', 'name', 'level', 'location', 'device_name');
         should(res.body).have.property('_id').be.type('string');
         should(res.body).have.property('email', 'john.doe@bosch.com');
         should(res.body).have.property('name', 'johndoe');
@@ -83,7 +335,7 @@ describe('/user/new', () => {
   it('rejects requests from non-admins', done => {
     supertest(server)
       .post('/user/new')
-      .auth('janedoe', 'Abc123!#')
+      .auth('janedoe', 'Xyz890*)')
       .send({email: 'john.doe@bosch.com', name: 'johndoe', pass: 'Abc123!#', level: 'read', location: 'Rng', device_name: 'Alpha II'})
       .expect('Content-type', /json/)
       .expect(403)
@@ -108,9 +360,7 @@ describe('/user/new', () => {
 });
 
 
-
-
-describe('/user/passreset', () => {
+describe('POST /user/passreset', () => {
   let server;
 
   before(done => {
@@ -191,11 +441,10 @@ describe('/user/passreset', () => {
           should(res.body).be.eql({status: 'OK'});
           UserModel.find({name: 'janedoe'}).lean().exec(  (err, data: any) => {
             if (err) return done(err);
-            console.log(data);
             should(data[0].pass).not.eql(oldpass);
             done();
           });
         });
     });
   });
-});
+});

src/routes/user.ts

@@ -8,7 +8,24 @@ import mail from '../helpers/mail';
 const router = express.Router();
 
 router.get('/users', (req, res) => {
-  res.json({message: 'users up and running!'});
+  if (!req.auth(res, ['admin'], 'basic')) return;
+
+  UserModel.find({}).lean().exec(  (err, data:any) => {
+    res.json(data.map(e => UserValidate.output(e)).filter(e => e !== null));  // validate all and filter null values from validation errors
+  });
+});
+
+router.get('/user/:username*?', (req, res) => {
+  if (!req.auth(res, ['read', 'write', 'maintain', 'dev', 'admin'], 'basic')) return;
+  let username = req.authDetails.username;
+  if (req.params.username !== undefined) {
+    if (!req.auth(res, ['admin'], 'basic')) return;
+    username = req.params.username;
+  }
+
+  UserModel.findOne({name: username}).lean().exec(  (err, data:any) => {
+    res.json(UserValidate.output(data));  // validate all and filter null values from validation errors
+  });
 });
 
 router.post('/user/new', (req, res, next) => {
@@ -22,7 +39,7 @@ router.post('/user/new', (req, res, next) => {
   }
 
   // check that user does not already exist
-  UserModel.find({name: user.name}).lean().exec( 'find', (err, data) => {
+  UserModel.find({name: user.name}).lean().exec(  (err, data:any) => {
     if (err) next(err);
     if (data.length > 0) {
       res.status(400).json({status: 'Username already taken'});

src/routes/validate/user.ts

@@ -33,13 +33,14 @@ export default class UserValidate {  // validate input for user
   }
 
   static output (data) {  // validate output from database for needed properties, strip everything else
-    return joi.object({
+    const {value, error} = joi.object({
       _id: joi.any(),
       name: joi.string(),
       email: joi.string(),
       level: joi.string(),
       location: joi.string(),
-      device_name: joi.string()
-    }).validate(data, {stripUnknown: true}).value;
+      device_name: joi.string().allow('')
+    }).validate(data, {stripUnknown: true})
+    return error !== undefined? null : value;
   }
 }