bravo68web
/
mern-lpu-hrd-project
mirror of https://github.com/BRAVO68WEB/mern-lpu-hrd-project.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
mern-lpu-hrd-project/backend/src/api/user/index.test.js

393 lines
12 KiB
JavaScript
Raw Blame History

import request from 'supertest'
import { masterKey, apiRoot } from '../../config'
import { signSync } from '../../services/jwt'
import express from '../../services/express'
import routes, { User } from '.'
const app = () => express(apiRoot, routes)
let user1, user2, admin, session1, session2, adminSession
beforeEach(async () => {
user1 = await User.create({ name: 'user', email: 'a@a.com', password: '123456' })
user2 = await User.create({ name: 'user', email: 'b@b.com', password: '123456' })
admin = await User.create({ email: 'c@c.com', password: '123456', role: 'admin' })
session1 = signSync(user1.id)
session2 = signSync(user2.id)
adminSession = signSync(admin.id)
})
test('GET /users 200 (admin)', async () => {
const { status, body } = await request(app())
.get(apiRoot)
.query({ access_token: adminSession })
expect(status).toBe(200)
expect(Array.isArray(body.rows)).toBe(true)
expect(Number.isNaN(body.count)).toBe(false)
})
test('GET /users?page=2&limit=1 200 (admin)', async () => {
const { status, body } = await request(app())
.get(apiRoot)
.query({ access_token: adminSession, page: 2, limit: 1 })
expect(status).toBe(200)
expect(Array.isArray(body.rows)).toBe(true)
expect(Number.isNaN(body.count)).toBe(false)
expect(body.rows.length).toBe(1)
})
test('GET /users?q=user 200 (admin)', async () => {
const { status, body } = await request(app())
.get(apiRoot)
.query({ access_token: adminSession, q: 'user' })
expect(status).toBe(200)
expect(Array.isArray(body.rows)).toBe(true)
expect(Number.isNaN(body.count)).toBe(false)
expect(body.rows.length).toBe(2)
})
test('GET /users?fields=name 200 (admin)', async () => {
const { status, body } = await request(app())
.get(apiRoot)
.query({ access_token: adminSession, fields: 'name' })
expect(status).toBe(200)
expect(Array.isArray(body.rows)).toBe(true)
expect(Number.isNaN(body.count)).toBe(false)
expect(Object.keys(body.rows[0])).toEqual(['id', 'name'])
})
test('GET /users 401 (user)', async () => {
const { status } = await request(app())
.get(apiRoot)
.query({ access_token: session1 })
expect(status).toBe(401)
})
test('GET /users 401', async () => {
const { status } = await request(app())
.get(apiRoot)
expect(status).toBe(401)
})
test('GET /users/me 200 (user)', async () => {
const { status, body } = await request(app())
.get(apiRoot + '/me')
.query({ access_token: session1 })
expect(status).toBe(200)
expect(typeof body).toBe('object')
expect(body.id).toBe(user1.id)
})
test('GET /users/me 401', async () => {
const { status } = await request(app())
.get(apiRoot + '/me')
expect(status).toBe(401)
})
test('GET /users/:id 200', async () => {
const { status, body } = await request(app())
.get(`${apiRoot}/${user1.id}`)
expect(status).toBe(200)
expect(typeof body).toBe('object')
expect(body.id).toBe(user1.id)
})
test('GET /users/:id 404', async () => {
const { status } = await request(app())
.get(apiRoot + '/123456789098765432123456')
expect(status).toBe(404)
})
test('POST /users 201 (master)', async () => {
const { status, body } = await request(app())
.post(apiRoot)
.send({ access_token: masterKey, email: 'd@d.com', password: '123456' })
expect(status).toBe(201)
expect(typeof body).toBe('object')
expect(body.email).toBe('d@d.com')
})
test('POST /users 201 (master)', async () => {
const { status, body } = await request(app())
.post(apiRoot)
.send({ access_token: masterKey, email: 'd@d.com', password: '123456', role: 'user' })
expect(status).toBe(201)
expect(typeof body).toBe('object')
expect(body.email).toBe('d@d.com')
})
test('POST /users 201 (master)', async () => {
const { status, body } = await request(app())
.post(apiRoot)
.send({ access_token: masterKey, email: 'd@d.com', password: '123456', role: 'admin' })
expect(status).toBe(201)
expect(typeof body).toBe('object')
expect(body.email).toBe('d@d.com')
})
test('POST /users 409 (master) - duplicated email', async () => {
const { status, body } = await request(app())
.post(apiRoot)
.send({ access_token: masterKey, email: 'a@a.com', password: '123456' })
expect(status).toBe(409)
expect(typeof body).toBe('object')
expect(body.param).toBe('email')
})
test('POST /users 400 (master) - invalid email', async () => {
const { status, body } = await request(app())
.post(apiRoot)
.send({ access_token: masterKey, email: 'invalid', password: '123456' })
expect(status).toBe(400)
expect(typeof body).toBe('object')
expect(body.param).toBe('email')
})
test('POST /users 400 (master) - missing email', async () => {
const { status, body } = await request(app())
.post(apiRoot)
.send({ access_token: masterKey, password: '123456' })
expect(status).toBe(400)
expect(typeof body).toBe('object')
expect(body.param).toBe('email')
})
test('POST /users 400 (master) - invalid password', async () => {
const { status, body } = await request(app())
.post(apiRoot)
.send({ access_token: masterKey, email: 'd@d.com', password: '123' })
expect(status).toBe(400)
expect(typeof body).toBe('object')
expect(body.param).toBe('password')
})
test('POST /users 400 (master) - missing password', async () => {
const { status, body } = await request(app())
.post(apiRoot)
.send({ access_token: masterKey, email: 'd@d.com' })
expect(status).toBe(400)
expect(typeof body).toBe('object')
expect(body.param).toBe('password')
})
test('POST /users 400 (master) - invalid role', async () => {
const { status, body } = await request(app())
.post(apiRoot)
.send({ access_token: masterKey, email: 'd@d.com', password: '123456', role: 'invalid' })
expect(status).toBe(400)
expect(typeof body).toBe('object')
expect(body.param).toBe('role')
})
test('POST /users 401 (admin)', async () => {
const { status } = await request(app())
.post(apiRoot)
.send({ access_token: adminSession, email: 'd@d.com', password: '123456' })
expect(status).toBe(401)
})
test('POST /users 401 (user)', async () => {
const { status } = await request(app())
.post(apiRoot)
.send({ access_token: session1, email: 'd@d.com', password: '123456' })
expect(status).toBe(401)
})
test('POST /users 401', async () => {
const { status } = await request(app())
.post(apiRoot)
.send({ email: 'd@d.com', password: '123456' })
expect(status).toBe(401)
})
test('PUT /users/me 200 (user)', async () => {
const { status, body } = await request(app())
.put(apiRoot + '/me')
.send({ access_token: session1, name: 'test' })
expect(status).toBe(200)
expect(typeof body).toBe('object')
expect(body.name).toBe('test')
})
test('PUT /users/me 200 (user)', async () => {
const { status, body } = await request(app())
.put(apiRoot + '/me')
.send({ access_token: session1, email: 'test@test.com' })
expect(status).toBe(200)
expect(typeof body).toBe('object')
expect(body.email).toBe('a@a.com')
})
test('PUT /users/me 401', async () => {
const { status } = await request(app())
.put(apiRoot + '/me')
.send({ name: 'test' })
expect(status).toBe(401)
})
test('PUT /users/:id 200 (user)', async () => {
const { status, body } = await request(app())
.put(`${apiRoot}/${user1.id}`)
.send({ access_token: session1, name: 'test' })
expect(status).toBe(200)
expect(typeof body).toBe('object')
expect(body.name).toBe('test')
})
test('PUT /users/:id 200 (user)', async () => {
const { status, body } = await request(app())
.put(`${apiRoot}/${user1.id}`)
.send({ access_token: session1, email: 'test@test.com' })
expect(status).toBe(200)
expect(typeof body).toBe('object')
expect(body.email).toBe('a@a.com')
})
test('PUT /users/:id 200 (admin)', async () => {
const { status, body } = await request(app())
.put(`${apiRoot}/${user1.id}`)
.send({ access_token: adminSession, name: 'test' })
expect(status).toBe(200)
expect(typeof body).toBe('object')
expect(body.name).toBe('test')
})
test('PUT /users/:id 401 (user) - another user', async () => {
const { status } = await request(app())
.put(`${apiRoot}/${user1.id}`)
.send({ access_token: session2, name: 'test' })
expect(status).toBe(401)
})
test('PUT /users/:id 401', async () => {
const { status } = await request(app())
.put(`${apiRoot}/${user1.id}`)
.send({ name: 'test' })
expect(status).toBe(401)
})
test('PUT /users/:id 404 (admin)', async () => {
const { status } = await request(app())
.put(apiRoot + '/123456789098765432123456')
.send({ access_token: adminSession, name: 'test' })
expect(status).toBe(404)
})
const passwordMatch = async (password, userId) => {
const user = await User.findById(userId)
return !!await user.authenticate(password)
}
test('PUT /users/me/password 200 (user)', async () => {
const { status, body } = await request(app())
.put(apiRoot + '/me/password')
.auth('a@a.com', '123456')
.send({ password: '654321' })
expect(status).toBe(200)
expect(typeof body).toBe('object')
expect(body.email).toBe('a@a.com')
expect(await passwordMatch('654321', body.id)).toBe(true)
})
test('PUT /users/me/password 400 (user) - invalid password', async () => {
const { status, body } = await request(app())
.put(apiRoot + '/me/password')
.auth('a@a.com', '123456')
.send({ password: '321' })
expect(status).toBe(400)
expect(typeof body).toBe('object')
expect(body.param).toBe('password')
})
test('PUT /users/me/password 401 (user) - invalid authentication method', async () => {
const { status } = await request(app())
.put(apiRoot + '/me/password')
.send({ access_token: session1, password: '654321' })
expect(status).toBe(401)
})
test('PUT /users/me/password 401', async () => {
const { status } = await request(app())
.put(apiRoot + '/me/password')
.send({ password: '654321' })
expect(status).toBe(401)
})
test('PUT /users/:id/password 200 (user)', async () => {
const { status, body } = await request(app())
.put(`${apiRoot}/${user1.id}/password`)
.auth('a@a.com', '123456')
.send({ password: '654321' })
expect(status).toBe(200)
expect(typeof body).toBe('object')
expect(body.email).toBe('a@a.com')
expect(await passwordMatch('654321', body.id)).toBe(true)
})
test('PUT /users/:id/password 400 (user) - invalid password', async () => {
const { status, body } = await request(app())
.put(`${apiRoot}/${user1.id}/password`)
.auth('a@a.com', '123456')
.send({ password: '321' })
expect(status).toBe(400)
expect(typeof body).toBe('object')
expect(body.param).toBe('password')
})
test('PUT /users/:id/password 401 (user) - another user', async () => {
const { status } = await request(app())
.put(`${apiRoot}/${user1.id}/password`)
.auth('b@b.com', '123456')
.send({ password: '654321' })
expect(status).toBe(401)
})
test('PUT /users/:id/password 401 (user) - invalid authentication method', async () => {
const { status } = await request(app())
.put(`${apiRoot}/${user1.id}/password`)
.send({ access_token: session1, password: '654321' })
expect(status).toBe(401)
})
test('PUT /users/:id/password 401', async () => {
const { status } = await request(app())
.put(`${apiRoot}/${user1.id}/password`)
.send({ password: '654321' })
expect(status).toBe(401)
})
test('PUT /users/:id/password 404 (user)', async () => {
const { status } = await request(app())
.put(apiRoot + '/123456789098765432123456/password')
.auth('a@a.com', '123456')
.send({ password: '654321' })
expect(status).toBe(404)
})
test('DELETE /users/:id 204 (admin)', async () => {
const { status } = await request(app())
.delete(`${apiRoot}/${user1.id}`)
.send({ access_token: adminSession })
expect(status).toBe(204)
})
test('DELETE /users/:id 401 (user)', async () => {
const { status } = await request(app())
.delete(`${apiRoot}/${user1.id}`)
.send({ access_token: session1 })
expect(status).toBe(401)
})
test('DELETE /users/:id 401', async () => {
const { status } = await request(app())
.delete(`${apiRoot}/${user1.id}`)
expect(status).toBe(401)
})
test('DELETE /users/:id 404 (admin)', async () => {
const { status } = await request(app())
.delete(apiRoot + '/123456789098765432123456')
.send({ access_token: adminSession })
expect(status).toBe(404)
})
Reference in New Issue View Git Blame Copy Permalink