From b4fbb9ba1eff0d1ab5e80a7d622d111c96f67000 Mon Sep 17 00:00:00 2001
From: Jure Triglav <juretriglav@gmail.com>
Date: Sat, 26 Jan 2019 00:55:29 +1300
Subject: [PATCH] test(server): remove REST API tests
---
packages/server/test/api_admin_test.js | 77 ------
.../server/test/api_authenticated_test.js | 184 -------------
packages/server/test/api_file_upload_test.js | 14 +-
packages/server/test/api_locals_test.js | 12 +-
packages/server/test/api_sse_disabled_test.js | 48 ----
packages/server/test/api_sse_enabled_test.js | 162 -----------
.../server/test/api_unauthenticated_test.js | 115 --------
packages/server/test/api_users_test.js | 255 ------------------
8 files changed, 11 insertions(+), 856 deletions(-)
delete mode 100644 packages/server/test/api_admin_test.js
delete mode 100644 packages/server/test/api_authenticated_test.js
delete mode 100644 packages/server/test/api_sse_disabled_test.js
delete mode 100644 packages/server/test/api_sse_enabled_test.js
delete mode 100644 packages/server/test/api_unauthenticated_test.js
delete mode 100644 packages/server/test/api_users_test.js
diff --git a/packages/server/test/api_admin_test.js b/packages/server/test/api_admin_test.js
deleted file mode 100644
index b47727d07..000000000
--- a/packages/server/test/api_admin_test.js
+++ /dev/null
@@ -1,77 +0,0 @@
-const STATUS = require('http-status-codes')
-
-const createBasicCollection = require('./helpers/basic_collection')
-const cleanDB = require('./helpers/db_cleaner')
-const fixtures = require('./fixtures/fixtures')
-
-const { Fragment, User } = require('@pubsweet/models')
-
-const api = require('./helpers/api')
-
-describe('admin api', () => {
- let otherUser
- let collection
- let fragment
-
- beforeEach(() =>
- // Create collection with admin user and one non-admin user
- cleanDB()
- .then(createBasicCollection)
- .then(userAndCol => {
- collection = userAndCol.collection
- })
- .then(() => {
- // Create another user without any roles
- otherUser = new User(fixtures.updatedUser)
- return otherUser.save()
- })
- .then(() => {
- // Create fragment and add fragment to collection
- fragment = new Fragment(fixtures.fragment)
- fragment.setOwners([otherUser.id])
- return fragment.save().then(fragment => {
- collection.addFragment(fragment)
- return collection.save()
- })
- }),
- )
-
- afterEach(cleanDB)
-
- it('creates a fragment in the protected collection if authenticated', () =>
- api.users.authenticate
- .post(fixtures.user)
- .then(token =>
- api.fragments.post({
- fragment: fixtures.fragment,
- collection,
- token,
- }),
- )
- .then(res => expect(res.body.source).toEqual(fixtures.fragment.source)))
-
- it('reads all fragments', () =>
- api.users.authenticate
- .post(fixtures.user)
- .then(token => api.fragments.get({ collection, token }))
- .then(res => expect(res.body).toHaveLength(1)))
-
- it('updates a fragment owned by someone else', () => {
- const updatedFragment = Object.assign(
- {},
- fragment,
- fixtures.updatedFragment,
- )
-
- return api.users.authenticate.post(fixtures.user).then(token =>
- api.fragments
- .patch({
- fragmentId: fragment.id,
- update: updatedFragment,
- collection,
- token,
- })
- .expect(STATUS.OK),
- )
- })
-})
diff --git a/packages/server/test/api_authenticated_test.js b/packages/server/test/api_authenticated_test.js
deleted file mode 100644
index 0bc84dbef..000000000
--- a/packages/server/test/api_authenticated_test.js
+++ /dev/null
@@ -1,184 +0,0 @@
-const STATUS = require('http-status-codes')
-
-const createBasicCollection = require('./helpers/basic_collection')
-const dbCleaner = require('./helpers/db_cleaner')
-const api = require('./helpers/api')
-const setTeamForCollection = require('./helpers/set_team')
-const fixtures = require('./fixtures/fixtures')
-
-const { Fragment, User } = require('@pubsweet/models')
-
-describe('authenticated api', () => {
- let otherUser
- let user
- let collection
-
- beforeEach(async () => {
- // Create collection with admin user and one non-admin user
- await dbCleaner()
- ;({ user, collection } = await createBasicCollection())
- // Create another user without any roles
- otherUser = new User(fixtures.updatedUser)
- otherUser = await otherUser.save()
- })
-
- it(`fails to create a fragment in a protected
- collection if authenticated as user without permissions`, () =>
- api.users.authenticate.post(fixtures.updatedUser).then(token =>
- api.fragments
- .post({
- fragment: fixtures.fragment,
- collection,
- token,
- })
- .expect(STATUS.FORBIDDEN),
- ))
-
- describe('a non-admin user with a contributor role', () => {
- beforeEach(() =>
- setTeamForCollection(
- [otherUser.id],
- collection,
- fixtures.contributorTeam,
- ),
- )
-
- afterEach(() =>
- setTeamForCollection([], collection, fixtures.contributorTeam),
- )
-
- it('creates a fragment in a protected collection', () =>
- api.users.authenticate
- .post(fixtures.updatedUser)
- .then(token =>
- api.fragments
- .post({
- fragment: fixtures.fragment,
- collection,
- token,
- })
- .expect(STATUS.CREATED),
- )
- .then(res => {
- expect(res.body.owners).toContainEqual({
- id: otherUser.id,
- username: otherUser.username,
- })
- }))
-
- describe('a fragment owned by the same user', () => {
- let fragment
-
- beforeEach(async () => {
- fragment = new Fragment(fixtures.fragment)
- fragment.setOwners([otherUser.id])
- fragment = await fragment.save()
-
- collection.addFragment(fragment)
- collection = await collection.save()
- })
-
- afterEach(async () => {
- fragment = await fragment.delete()
- collection.removeFragment(fragment)
- collection = await collection.save()
- })
-
- it('updates a fragment in a protected collection if an owner', () =>
- api.users.authenticate.post(fixtures.updatedUser).then(token =>
- api.fragments
- .patch({
- fragmentId: fragment.id,
- update: { ...fixtures.updatedFragment, rev: fragment.rev },
- collection,
- token,
- })
- .expect(STATUS.OK),
- ))
- })
-
- describe('actions on a fragment owned by a different user', () => {
- let fragment
-
- beforeEach(async () => {
- fragment = new Fragment(fixtures.fragment)
- fragment.setOwners([user.id])
- await fragment.save()
- collection.addFragment(fragment)
- await collection.save()
- })
-
- afterEach(async () => {
- await fragment.delete()
- collection.removeFragment(fragment)
- await collection.save()
- })
-
- it('cannot read a fragment in a protected collection if it is not published', () =>
- api.users.authenticate
- .post(fixtures.updatedUser)
- .then(token =>
- api.fragments
- .get({
- collection,
- token,
- })
- .expect(STATUS.OK),
- )
- .then(res => expect(res.body).toEqual([])))
-
- it('cannot update a fragment in a protected collection', async () => {
- const token = await api.users.authenticate.post(fixtures.updatedUser)
- return api.fragments
- .patch({
- fragmentId: fragment.id,
- update: fixtures.updatedFragment,
- collection,
- token,
- })
- .expect(STATUS.FORBIDDEN)
- })
- })
- })
-
- describe('a non-admin user with a reader role', () => {
- beforeEach(() =>
- setTeamForCollection([otherUser.id], collection, fixtures.readerTeam),
- )
-
- afterEach(() => setTeamForCollection([], collection, fixtures.readerTeam))
-
- it('can not create a fragment', () =>
- api.users.authenticate.post(fixtures.updatedUser).then(token =>
- api.fragments
- .post({
- fragment: fixtures.fragment,
- collection,
- token,
- })
- .expect(STATUS.FORBIDDEN),
- ))
-
- it('can read a fragment', () =>
- api.users.authenticate
- .post(fixtures.updatedUser)
- .then(token => api.fragments.get({ collection, token })))
- })
-
- it('fails to create a fragment in the protected collection if not authenticated', () =>
- api.fragments
- .post({
- fragment: fixtures.fragment,
- collection,
- })
- .expect(STATUS.UNAUTHORIZED))
-
- it('fails to create a fragment in the protected collection if authentication wrong', () =>
- api.fragments
- .post({
- fragment: fixtures.fragment,
- collection,
- token: 'wrong',
- })
- .expect(STATUS.UNAUTHORIZED))
-})
diff --git a/packages/server/test/api_file_upload_test.js b/packages/server/test/api_file_upload_test.js
index 838a37f31..6ae37c2a6 100644
--- a/packages/server/test/api_file_upload_test.js
+++ b/packages/server/test/api_file_upload_test.js
@@ -1,9 +1,10 @@
const fs = require('fs')
const path = require('path')
const api = require('./helpers/api')
-const fixtures = require('./fixtures/fixtures')
const cleanDB = require('./helpers/db_cleaner')
const { model: User } = require('@pubsweet/model-user')
+const { fixtures } = require('@pubsweet/model-user/test')
+const authentication = require('../src/authentication')
function fileName(name) {
return path.join(__dirname, 'fixtures', name)
@@ -17,18 +18,17 @@ function fileBuffer(name) {
return fs.readFileSync(fileName(name))
}
-const authenticateUser = () => api.users.authenticate.post(fixtures.user)
-
describe('File upload/download', () => {
+ let token
+
beforeEach(async () => {
await cleanDB()
- await new User(fixtures.user).save()
+ const user = await new User(fixtures.user).save()
+ token = authentication.token.create(user)
})
it('should upload a file and preserve the extension and serve the file (if authenticated)', async () => {
- const userToken = await authenticateUser()
-
- const res = await api.upload.post(file('fixture.jpg'), userToken)
+ const res = await api.upload.post(file('fixture.jpg'), token)
expect(res.statusCode).toBe(200)
expect(path.extname(res.text)).toBe('.jpg')
diff --git a/packages/server/test/api_locals_test.js b/packages/server/test/api_locals_test.js
index 8201fad1c..daa5ada45 100644
--- a/packages/server/test/api_locals_test.js
+++ b/packages/server/test/api_locals_test.js
@@ -1,25 +1,21 @@
const { model: User } = require('@pubsweet/model-user')
-const fixtures = require('./fixtures/fixtures')
+const { fixtures } = require('@pubsweet/model-user/test')
const cleanDB = require('./helpers/db_cleaner')
const api = require('../src/app')(require('express')())
describe('api/app locals', () => {
beforeEach(async () => {
await cleanDB()
- return new User(fixtures.adminUser).save()
+ return new User(fixtures.user).save()
})
- afterEach(cleanDB)
-
it('exposes models', async () => {
expect(api.locals.models.User.type).toEqual('user')
expect(api.locals.models.Team.type).toEqual('team')
expect(api.locals.models.Fragment.type).toEqual('fragment')
expect(api.locals.models.Collection.type).toEqual('collection')
- const user = await api.locals.models.User.findByEmail(
- fixtures.adminUser.email,
- )
- expect(user.username).toEqual(fixtures.adminUser.username)
+ const user = await api.locals.models.User.findByEmail(fixtures.user.email)
+ expect(user.username).toEqual(fixtures.user.username)
})
})
diff --git a/packages/server/test/api_sse_disabled_test.js b/packages/server/test/api_sse_disabled_test.js
deleted file mode 100644
index 57af5b7a6..000000000
--- a/packages/server/test/api_sse_disabled_test.js
+++ /dev/null
@@ -1,48 +0,0 @@
-const STATUS = require('http-status-codes')
-const EventSource = require('eventsource')
-
-const { model: User } = require('@pubsweet/model-user')
-
-const cleanDB = require('./helpers/db_cleaner')
-const fixtures = require('./fixtures/fixtures')
-const api = require('./helpers/api')
-
-const port = 30646
-
-describe('API SSE disabled', () => {
- let es
- let server
-
- beforeEach(async () => {
- await cleanDB()
- await new User(fixtures.adminUser).save()
- await new Promise((resolve, reject) => {
- server = api.app.listen(port, err => (err ? reject(err) : resolve()))
- })
- })
-
- afterEach(() => {
- if (es) es.close()
- if (server) server.close()
- })
-
- it('should not send an event if not configured', async () => {
- const token = await api.users.authenticate.post(fixtures.adminUser)
- es = new EventSource(
- `http://localhost:${port}/updates?access_token=${encodeURIComponent(
- token,
- )}`,
- )
-
- const eventPromise = new Promise((resolve, reject) => {
- es.addEventListener('message', resolve)
- es.addEventListener('error', reject)
- })
-
- await expect(eventPromise).rejects.toEqual({
- message: 'Not Found',
- type: 'error',
- status: STATUS.NOT_FOUND,
- })
- })
-})
diff --git a/packages/server/test/api_sse_enabled_test.js b/packages/server/test/api_sse_enabled_test.js
deleted file mode 100644
index 4aac00aeb..000000000
--- a/packages/server/test/api_sse_enabled_test.js
+++ /dev/null
@@ -1,162 +0,0 @@
-const STATUS = require('http-status-codes')
-const EventSource = require('eventsource')
-const config = require('config')
-
-// override config for test
-config['pubsweet-server'].sse = true
-
-const { model: User } = require('@pubsweet/model-user')
-
-const cleanDB = require('./helpers/db_cleaner')
-const fixtures = require('./fixtures/fixtures')
-
-const api = require('./helpers/api')
-
-const port = 30645
-
-describe('API SSE enabled', () => {
- let es
- let adminEs
- let server
-
- beforeEach(async () => {
- await cleanDB()
- await new User(fixtures.adminUser).save()
- await new User(fixtures.user).save()
-
- await new Promise((resolve, reject) => {
- server = api.app.listen(port, err => (err ? reject(err) : resolve()))
- })
- })
-
- afterEach(() => {
- if (es) es.close()
- if (adminEs) adminEs.close()
- if (server) server.close()
- })
-
- it('should send an event if configured', async () => {
- const token = await api.users.authenticate.post(fixtures.adminUser)
- es = new EventSource(
- `http://localhost:${port}/updates?access_token=${encodeURIComponent(
- token,
- )}`,
- )
-
- // wrap event listener in promise
- const eventPromise = new Promise(resolve =>
- es.addEventListener('message', resolve),
- )
-
- // perform action
- await api.collections
- .create(fixtures.collection, token)
- .expect(STATUS.CREATED)
-
- // await event
- const event = await eventPromise
- const eventData = JSON.parse(event.data)
- expect(eventData).toMatchObject({
- action: 'collection:create',
- data: {
- collection: fixtures.collection,
- },
- })
- })
-
- it('supports not sending an event', async () => {
- const adminToken = await api.users.authenticate.post(fixtures.adminUser)
- const token = await api.users.authenticate.post(fixtures.user)
-
- es = new EventSource(
- `http://localhost:${port}/updates?access_token=${encodeURIComponent(
- token,
- )}`,
- )
-
- // wrap user's event listener in promise
- const eventPromise = new Promise(resolve =>
- es.addEventListener('message', resolve),
- )
-
- // perform action (we'll block the SSE for this one)
- await api.fragments
- .post({ fragment: fixtures.fragment, token: adminToken })
- .expect(STATUS.CREATED)
-
- // perform action (let this one through filtered)
- await api.collections
- .create(fixtures.collection, adminToken)
- .expect(STATUS.CREATED)
-
- // await user's filtered event
- const event = await eventPromise
- const eventData = JSON.parse(event.data)
-
- expect(eventData).toEqual(
- expect.objectContaining({
- action: 'collection:create',
- data: {
- collection: {
- id: expect.any(String),
- title: fixtures.collection.title,
- },
- },
- }),
- )
- })
-
- it('supports property-filtering', async () => {
- const adminToken = await api.users.authenticate.post(fixtures.adminUser)
- const token = await api.users.authenticate.post(fixtures.user)
-
- adminEs = new EventSource(
- `http://localhost:${port}/updates?access_token=${encodeURIComponent(
- adminToken,
- )}`,
- )
-
- es = new EventSource(
- `http://localhost:${port}/updates?access_token=${encodeURIComponent(
- token,
- )}`,
- )
-
- const adminEventPromise = new Promise(resolve =>
- adminEs.addEventListener('message', resolve),
- )
-
- const eventPromise = new Promise(resolve =>
- es.addEventListener('message', resolve),
- )
-
- // perform action
- await api.collections
- .create(fixtures.collection, adminToken)
- .expect(STATUS.CREATED)
-
- // await admins unfiltered event
- const adminEvent = await adminEventPromise
- const adminEventData = JSON.parse(adminEvent.data)
-
- expect(Object.keys(adminEventData.data.collection)).toEqual(
- expect.arrayContaining(['id', 'created', 'title', 'owners']),
- )
-
- // await user's filtered event
- const event = await eventPromise
- const eventData = JSON.parse(event.data)
-
- expect(eventData).toEqual(
- expect.objectContaining({
- action: 'collection:create',
- data: {
- collection: {
- id: expect.any(String),
- title: fixtures.collection.title,
- },
- },
- }),
- )
- })
-})
diff --git a/packages/server/test/api_unauthenticated_test.js b/packages/server/test/api_unauthenticated_test.js
deleted file mode 100644
index 6d2300005..000000000
--- a/packages/server/test/api_unauthenticated_test.js
+++ /dev/null
@@ -1,115 +0,0 @@
-const STATUS = require('http-status-codes')
-
-const api = require('./helpers/api')
-const createBasicCollection = require('./helpers/basic_collection')
-const createFragment = require('./helpers/fragment')
-const cleanDB = require('./helpers/db_cleaner')
-const { Collection } = require('@pubsweet/models')
-
-describe('unauthenticated/public api', () => {
- let fragment
- let unpublishedFragment
- let collection
-
- beforeEach(cleanDB)
-
- async function setNewFragment(opts) {
- const userAndCollection = await createBasicCollection()
- collection = userAndCollection.collection
- fragment = await createFragment(opts, collection)
- unpublishedFragment = await createFragment({}, collection)
- }
-
- describe('published fragment', () => {
- beforeEach(() => setNewFragment({ published: true }))
-
- it('can see a published fragment in a collection', () =>
- api.fragments
- .get({ collection })
- .expect(STATUS.OK)
- .then(res => expect(res.body[0].id).toEqual(fragment.id)))
-
- it('can only see the published fragment in a collection', () =>
- api.fragments
- .get({ collection })
- .expect(STATUS.OK)
- .then(res =>
- expect(res.body.map(f => f.id)).not.toContain(unpublishedFragment.id),
- ))
-
- it('can only see the filtered list of properties for a fragment', () =>
- api.collections
- .retrieveFragment(collection.id, fragment.id)
- .expect(STATUS.OK)
- .then(res =>
- expect(Object.keys(res.body).sort()).toEqual([
- 'id',
- 'owners',
- 'presentation',
- 'source',
- 'title',
- ]),
- ))
-
- it('can only see the filtered list of properties for a collection', () =>
- api.collections
- .retrieve(collection.id)
- .expect(STATUS.OK)
- .then(res =>
- expect(Object.keys(res.body).sort()).toEqual([
- 'id',
- 'owners',
- 'title',
- ]),
- ))
- })
-
- describe('unpublished fragment', () => {
- beforeEach(() => setNewFragment({ published: false }))
-
- it('can not list unpublished fragments in a protected collection', () =>
- api.fragments
- .get({ collection })
- .expect(STATUS.OK)
- .then(res => expect(res.body).toEqual([])))
-
- it('can not find a fragment in a protected collection', () =>
- api.fragments
- .get({ collection, fragmentId: fragment.id })
- .expect(STATUS.NOT_FOUND))
- })
-
- describe('collections filtering by object and properties', () => {
- let publicCollection
- let privateCollection
-
- beforeEach(async () => {
- publicCollection = new Collection({
- title: 'Public collection',
- published: true,
- nonPublicProperty: 'example',
- })
-
- await publicCollection.save()
-
- privateCollection = new Collection({
- title: 'Private collection',
- })
- await privateCollection.save()
- })
-
- it('can only see the filtered list of collections and only filtered properties in each collection', () =>
- api.collections
- .list()
- .expect(STATUS.OK)
- .then(res => {
- const collections = res.body
- expect(collections).toHaveLength(1)
- expect(Object.keys(collections[0]).sort()).toEqual([
- 'id',
- 'owners',
- 'title',
- ])
- }))
- })
-})
diff --git a/packages/server/test/api_users_test.js b/packages/server/test/api_users_test.js
deleted file mode 100644
index 33f40b22b..000000000
--- a/packages/server/test/api_users_test.js
+++ /dev/null
@@ -1,255 +0,0 @@
-// jasmine.DEFAULT_TIMEOUT_INTERVAL = 100000
-
-const STATUS = require('http-status-codes')
-
-const cleanDB = require('./helpers/db_cleaner')
-const { model: User } = require('@pubsweet/model-user')
-const fixtures = require('./fixtures/fixtures')
-const api = require('./helpers/api')
-const setupBase = require('../src/setup-base')
-
-describe('users api', () => {
- let userId
-
- beforeEach(async () => {
- await cleanDB()
- const { user } = await setupBase.setup(fixtures.user, fixtures.collection)
- userId = user.id
- expect(userId).not.toBeNull()
- })
-
- describe('admin', () => {
- let otherUser
-
- beforeEach(async () => {
- const user = new User(fixtures.otherUser)
- otherUser = await user.save()
- })
-
- it('can get a list of users', () =>
- api.users.authenticate
- .post(fixtures.user)
- .then(token => api.users.get({ token }).expect(STATUS.OK))
- .then(res => {
- expect(res.body.users).toHaveLength(2)
- expect(res.body.users[0].username).not.toBe(undefined)
- }))
-
- it('can get another user', () =>
- api.users.authenticate
- .post(fixtures.user)
- .then(token =>
- api.users.get({ userId: otherUser.id, token }).expect(STATUS.OK),
- )
- .then(res => {
- expect(res.body.username).toBe(otherUser.username)
- }))
-
- it('can make another user an admin', () => {
- const patchedUser = { ...otherUser, admin: true }
-
- return api.users.authenticate
- .post(fixtures.user)
- .then(token =>
- api.users.patch(otherUser.id, patchedUser, token).expect(STATUS.OK),
- )
- })
-
- it('deletes a user', () =>
- api.users.authenticate
- .post(fixtures.user)
- .then(token => api.users.del(otherUser.id, token).expect(STATUS.OK)))
- })
-
- describe('unauthenticated user', () => {
- it('can not get a list of users', () =>
- api.users.get({}).expect(STATUS.UNAUTHORIZED))
-
- it('cannot sign up as an admin directly', () => {
- const fakeAdmin = Object.assign({}, fixtures.otherUser, { admin: true })
- return api.users.post(fakeAdmin).expect(STATUS.BAD_REQUEST)
- })
-
- it('can sign up', () =>
- api.users
- .post(fixtures.otherUser)
- .expect(STATUS.CREATED)
- .then(res => {
- expect(res.body.username).toBe(fixtures.otherUser.username)
- }))
- })
-
- describe('new user', () => {
- let otherUser
-
- beforeEach(async () => {
- const user = new User(fixtures.otherUser)
- otherUser = await user.save()
- })
-
- afterEach(
- () =>
- User.find(otherUser.id)
- .then(user => user.delete())
- .catch(() => {}), // we might have already deleted the user
- )
-
- it('cant log in with the wrong username', () =>
- api.users.authenticate
- .post(
- {
- username: 'wrongusername',
- password: 'wrongpassword',
- },
- {
- expect: false,
- token: false,
- },
- )
- .then(res => {
- expect(res.statusCode).toEqual(STATUS.UNAUTHORIZED)
- }))
-
- it('cant log in with the wrong password', () =>
- api.users.authenticate
- .post(
- {
- username: otherUser.username,
- password: 'wrongpassword',
- },
- {
- expect: false,
- token: false,
- },
- )
- .then(res => {
- expect(res.statusCode).toEqual(STATUS.UNAUTHORIZED)
- }))
-
- it('can filter response with authsome', async () => {
- const response = await api.request.post('/api/users/authenticate').send({
- username: fixtures.otherUser.username,
- password: fixtures.otherUser.password,
- })
-
- expect(Object.keys(response.body)).not.toContain('passwordHash')
- })
-
- it('can verify its token', async () => {
- const token = await api.users.authenticate.post(fixtures.otherUser)
- const res = await api.users.authenticate.get(token).expect(STATUS.OK)
-
- expect(res.body.id).toBe(otherUser.id)
- expect(res.body.token).toBe(token)
- })
-
- it('can not get a list of users', () =>
- api.users.authenticate
- .post(fixtures.otherUser)
- .then(token => api.users.get({ token }).expect(STATUS.FORBIDDEN)))
-
- it('can not delete other users', () =>
- api.users.authenticate
- .post(fixtures.otherUser)
- .then(token => api.users.del(userId, token).expect(STATUS.FORBIDDEN)))
-
- it('can not get other users', () =>
- api.users.authenticate
- .post(fixtures.otherUser)
- .then(token =>
- api.users.get({ userId, token }).expect(STATUS.FORBIDDEN),
- ))
-
- it('can get itself', () =>
- api.users.authenticate
- .post(fixtures.otherUser)
- .then(token =>
- api.users.get({ userId: otherUser.id, token }).expect(STATUS.OK),
- )
- .then(res => {
- expect(res.body.id).toBe(otherUser.id)
- expect(res.body.username).toBe(fixtures.otherUser.username)
- }))
-
- it('can not make itself admin', () => {
- const newself = Object.assign(
- { id: otherUser.id, admin: true },
- fixtures.otherUser,
- )
-
- return api.users.authenticate
- .post(fixtures.otherUser)
- .then(token =>
- api.users
- .patch(otherUser.id, newself, token)
- .expect(STATUS.FORBIDDEN),
- )
- })
-
- it('updates itself', () => {
- const newSelf = Object.assign({}, otherUser, fixtures.updatedUser)
-
- return api.users.authenticate
- .post(fixtures.otherUser)
- .then(token =>
- api.users.patch(otherUser.id, newSelf, token).expect(STATUS.OK),
- )
- })
-
- it('authenticates an updated user', async () => {
- // authenticate
- const token = await api.users.authenticate.post(fixtures.otherUser)
-
- // change the username, email and password
- const updatedUser = Object.assign({}, otherUser, fixtures.updatedUser)
- await api.users.patch(otherUser.id, updatedUser, token).expect(STATUS.OK)
-
- // authenticate with the updated details
- await api.users.authenticate.post(fixtures.updatedUser)
- })
-
- it('persists an updated user', () => {
- const newSelf = Object.assign({}, otherUser, fixtures.updatedUser)
-
- return api.users.authenticate
- .post(fixtures.otherUser)
- .then(token =>
- api.users
- .patch(otherUser.id, newSelf, token)
- .expect(STATUS.OK)
- .then(() => token),
- )
- .then(token =>
- api.users.get({ userId: otherUser.id, token }).expect(STATUS.OK),
- )
- .then(res => {
- expect(res.body.id).toBe(otherUser.id)
- expect(res.body.username).toBe(fixtures.updatedUser.username)
- })
- })
-
- it('user can delete itself', async () => {
- // authenticate
- const otherUserToken = await api.users.authenticate.post(
- fixtures.otherUser,
- )
-
- // change username, email and password
- const updatedUser = Object.assign({}, otherUser, fixtures.updatedUser)
- await api.users
- .patch(otherUser.id, updatedUser, otherUserToken)
- .expect(STATUS.OK)
-
- // authenticate with updated details
- const updatedUserToken = await api.users.authenticate.post(
- fixtures.updatedUser,
- )
-
- // delete the updated user
- await api.users.del(otherUser.id, updatedUserToken).expect(STATUS.OK)
- })
- })
-
- it('cannot create a user if user exists', () =>
- api.users.post(fixtures.user).expect(STATUS.CONFLICT))
-})
--
GitLab