505 lines
13 KiB
JavaScript
505 lines
13 KiB
JavaScript
import User from "../../dist/models/user";
|
|
import mongoose from "../../dist/db/mongoose";
|
|
const conn = mongoose.connection;
|
|
const createUser = require("../fixtures/createUser");
|
|
import servers from "../../dist/server/server";
|
|
const request = require("supertest");
|
|
import env from "../../dist/enviroment/env";
|
|
const session = require("supertest-session");
|
|
const loginUser = require("../fixtures/loginUser");
|
|
const createUserNotEmailVerified = require("../fixtures/createUserNotEmailVerified");
|
|
|
|
const {server, serverHttps} = servers;
|
|
|
|
const app = server;
|
|
|
|
let user;
|
|
let userToken;
|
|
let userData;
|
|
|
|
const waitForDatabase = () => {
|
|
|
|
return new Promise((resolve, reject) => {
|
|
|
|
if (conn.readyState !== 1) {
|
|
|
|
conn.once("open", () => {
|
|
|
|
resolve();
|
|
|
|
})
|
|
|
|
} else {
|
|
|
|
resolve();
|
|
}
|
|
|
|
})
|
|
}
|
|
|
|
beforeEach(async(done) => {
|
|
|
|
await waitForDatabase();
|
|
|
|
const {user: gotUser, userData: gotUserData} = await createUser();
|
|
user = gotUser;
|
|
userData = gotUserData;
|
|
|
|
done();
|
|
// if (conn.readyState === 0) {
|
|
|
|
// // user = await createUser();
|
|
// // userToken = user.tokens[0].token;
|
|
// const {user: gotUser, token: gotToken} = await createUser();
|
|
// user = gotUser;
|
|
// userToken = gotToken;
|
|
|
|
// done()
|
|
|
|
// } else {
|
|
|
|
// // user = await createUser();
|
|
// // userToken = user.tokens[0].token;
|
|
// const {user: gotUser, token: gotToken} = await createUser();
|
|
// user = gotUser;
|
|
// userToken = gotToken;
|
|
|
|
// done();
|
|
// }
|
|
})
|
|
|
|
afterEach(async(done) => {
|
|
|
|
await User.deleteMany({});
|
|
done();
|
|
})
|
|
|
|
test("When authorized, should return user, with no sensitive data", async() => {
|
|
|
|
const appSession = session(app);
|
|
|
|
await loginUser(appSession, userData);
|
|
|
|
const response = await appSession
|
|
.get(`/user-service/user`)
|
|
.send()
|
|
.expect(200);
|
|
|
|
expect(response.body.password).toEqual(undefined);
|
|
expect(response.body.privateKey).toEqual(undefined);
|
|
expect(response.body.publicKey).toEqual(undefined);
|
|
expect(response.body.tokens).toEqual(undefined);
|
|
expect(response.body.tempTokens).toEqual(undefined);
|
|
expect(response.body.email).not.toEqual(undefined);
|
|
})
|
|
|
|
test("When not authorized should return 401 for user", async() => {
|
|
|
|
const response = await request(app)
|
|
.get(`/user-service/user`)
|
|
.send()
|
|
.expect(401);
|
|
|
|
expect(response.body).toEqual({});
|
|
})
|
|
|
|
test("When giving credentials, should login user, and not return sensitive info", async() => {
|
|
|
|
const response = await request(app)
|
|
.post(`/user-service/login`)
|
|
.send({
|
|
email: user.email,
|
|
password: "12345678"
|
|
})
|
|
.expect(200);
|
|
|
|
expect(response.body.user.password).toEqual(undefined);
|
|
expect(response.body.user.privateKey).toEqual(undefined);
|
|
expect(response.body.user.publicKey).toEqual(undefined);
|
|
expect(response.body.user.tokens).toEqual(undefined);
|
|
expect(response.body.user.tempTokens).toEqual(undefined);
|
|
})
|
|
|
|
test("When giving wrong creditentials, should return 500 error", async() => {
|
|
|
|
const response = await request(app)
|
|
.post(`/user-service/login`)
|
|
.send({
|
|
email: user.email,
|
|
password: "1454524"
|
|
})
|
|
.expect(500);
|
|
|
|
expect(response.body).toEqual({});
|
|
})
|
|
|
|
test("When authorized should logout user", async() => {
|
|
|
|
const appSession = session(app);
|
|
|
|
await loginUser(appSession, userData);
|
|
|
|
await appSession
|
|
.post(`/user-service/logout`)
|
|
.send()
|
|
.expect(200);
|
|
})
|
|
|
|
test("When not authorized for logout, should return 401 error", async() => {
|
|
|
|
const response = await request(app)
|
|
.post(`/user-service/logout`)
|
|
.send()
|
|
.expect(401);
|
|
|
|
expect(response.body).toEqual({});
|
|
})
|
|
|
|
test("When authoized should logout all sessions of a user", async() => {
|
|
|
|
const appSession = session(app);
|
|
|
|
await loginUser(appSession, userData);
|
|
|
|
await appSession
|
|
.post(`/user-service/logout-all`)
|
|
.send()
|
|
.expect(200);
|
|
})
|
|
|
|
test("When not authorized for logout all, should return 401 error", async() => {
|
|
|
|
const response = await request(app)
|
|
.post(`/user-service/logout-all`)
|
|
.send()
|
|
.expect(401);
|
|
|
|
expect(response.body).toEqual({});
|
|
})
|
|
|
|
test("When giving user data, should create account without returning sensitive data", async() => {
|
|
|
|
const response = await request(app)
|
|
.post(`/user-service/create`)
|
|
.send({
|
|
email: "test55@gmail.com",
|
|
password: "12345678"
|
|
})
|
|
.expect(201);
|
|
|
|
expect(response.body.password).toEqual(undefined);
|
|
expect(response.body.privateKey).toEqual(undefined);
|
|
expect(response.body.publicKey).toEqual(undefined);
|
|
expect(response.body.tokens).toEqual(undefined);
|
|
expect(response.body.tempTokens).toEqual(undefined);
|
|
})
|
|
|
|
test("When env variable is set to block accounts, should return 401 error", async() => {
|
|
|
|
env.createAcctBlocked = true;
|
|
|
|
await request(app)
|
|
.post(`/user-service/create`)
|
|
.send({
|
|
email: "test55@gmail.com",
|
|
password: "12345678"
|
|
})
|
|
.expect(401);
|
|
|
|
env.createAcctBlocked = false;
|
|
})
|
|
|
|
test("When giving old password, and new password, should change password", async() => {
|
|
|
|
const appSession = session(app);
|
|
|
|
await loginUser(appSession, userData);
|
|
|
|
const oldPassword = "12345678";
|
|
const newPassword = "987654321";
|
|
|
|
await appSession
|
|
.post(`/user-service/change-password`)
|
|
.send({
|
|
oldPassword,
|
|
newPassword
|
|
})
|
|
.expect(200);
|
|
|
|
await request(app)
|
|
.post(`/user-service/login`)
|
|
.send({
|
|
email: user.email,
|
|
password: oldPassword
|
|
})
|
|
.expect(500);
|
|
|
|
await request(app)
|
|
.post(`/user-service/login`)
|
|
.send({
|
|
email: user.email,
|
|
password: newPassword
|
|
})
|
|
.expect(200);
|
|
})
|
|
|
|
test("When giving wrong old password for change password, should return 500 error", async() => {
|
|
|
|
const appSession = session(app);
|
|
await loginUser(appSession, userData);
|
|
|
|
const wrongOldPassword = "12342345";
|
|
const newPassword = "987654321";
|
|
|
|
await appSession
|
|
.post(`/user-service/change-password`)
|
|
.send({
|
|
wrongOldPassword,
|
|
newPassword
|
|
})
|
|
.expect(500);
|
|
})
|
|
|
|
test("When not authorized for change password, should return 401 error", async() => {
|
|
|
|
const oldPassword = "12345678";
|
|
const newPassword = "987654321";
|
|
|
|
const response = await request(app)
|
|
.post(`/user-service/change-password`)
|
|
.send({
|
|
oldPassword,
|
|
newPassword
|
|
})
|
|
.expect(401);
|
|
|
|
expect(response.body).toEqual({});
|
|
})
|
|
|
|
test("When not email verified should not change password", async() => {
|
|
|
|
const appSession = session(app);
|
|
|
|
const {userData: userData2} = await createUserNotEmailVerified()
|
|
await loginUser(appSession, userData2);
|
|
|
|
const oldPassword = "12345678";
|
|
const newPassword = "987654321";
|
|
|
|
await appSession
|
|
.post(`/user-service/change-password`)
|
|
.send({
|
|
oldPassword,
|
|
newPassword
|
|
})
|
|
.expect(401);
|
|
})
|
|
|
|
test("When not email verified, but email verification disabled, should change password", async() => {
|
|
|
|
env.disableEmailVerification = true;
|
|
|
|
const appSession = session(app);
|
|
|
|
const {userData: userData2} = await createUserNotEmailVerified();
|
|
await loginUser(appSession, userData2);
|
|
|
|
const oldPassword = "12345678";
|
|
const newPassword = "987654321";
|
|
|
|
await appSession
|
|
.post(`/user-service/change-password`)
|
|
.send({
|
|
oldPassword,
|
|
newPassword
|
|
})
|
|
.expect(200);
|
|
|
|
await request(app)
|
|
.post(`/user-service/login`)
|
|
.send({
|
|
email: userData2.email,
|
|
password: oldPassword
|
|
})
|
|
.expect(500);
|
|
|
|
await request(app)
|
|
.post(`/user-service/login`)
|
|
.send({
|
|
email: userData2.email,
|
|
password: newPassword
|
|
})
|
|
.expect(200);
|
|
|
|
env.disableEmailVerification = undefined;
|
|
})
|
|
|
|
test("When not giving email, should not create user", async() => {
|
|
|
|
await request(app)
|
|
.post(`/user-service/create`)
|
|
.send({
|
|
email: "",
|
|
password: "12345678"
|
|
})
|
|
.expect(500);
|
|
})
|
|
|
|
test("When giving not a valid email, should not create user", async() => {
|
|
|
|
await request(app)
|
|
.post(`/user-service/create`)
|
|
.send({
|
|
email: "imnotvalid",
|
|
password: "12345678"
|
|
})
|
|
.expect(500);
|
|
})
|
|
|
|
test("When not giving long enouph password, should not create user", async() => {
|
|
|
|
await request(app)
|
|
.post(`/user-service/create`)
|
|
.send({
|
|
email: "test12341@email.com",
|
|
password: "123"
|
|
})
|
|
.expect(500);
|
|
})
|
|
|
|
test("When giving duplicate email, should not create user", async() => {
|
|
|
|
await request(app)
|
|
.post(`/user-service/create`)
|
|
.send({
|
|
email: "test55@gmail.com",
|
|
password: "12345678"
|
|
})
|
|
.expect(201);
|
|
|
|
|
|
await request(app)
|
|
.post(`/user-service/create`)
|
|
.send({
|
|
email: "test55@gmail.com",
|
|
password: "12345678"
|
|
})
|
|
.expect(500);
|
|
})
|
|
|
|
test("When authenticated should get refresh token", async() => {
|
|
|
|
const appSession = session(app);
|
|
|
|
await loginUser(appSession, userData);
|
|
|
|
await appSession.post("/user-service/get-token").send().expect(201);
|
|
})
|
|
|
|
test("When authenticated should get detailed user", async() => {
|
|
|
|
const appSession = session(app);
|
|
|
|
await loginUser(appSession, userData);
|
|
|
|
const response = await appSession.get("/user-service/user-detailed").send().expect(200);
|
|
|
|
const responseData = response.body;
|
|
const email = responseData.email;
|
|
const username = responseData.username;
|
|
const password = responseData.password;
|
|
const emailVerified = responseData.emailVerified;
|
|
const tokens = responseData.tokens;
|
|
const publicKey = responseData.publicKey;
|
|
const privateKey = responseData.privateKey;
|
|
|
|
expect(email).toEqual(userData.email);
|
|
expect(username).toEqual(userData.username);
|
|
expect(password).toEqual(undefined);
|
|
expect(emailVerified).toEqual(true);
|
|
expect(tokens).toEqual(undefined);
|
|
expect(publicKey).toEqual(undefined);
|
|
expect(privateKey).toEqual(undefined)
|
|
})
|
|
|
|
test("When not authenticated should not get detailed user", async() => {
|
|
|
|
await request(app).get("/user-service/user-detailed").send().expect(401);
|
|
})
|
|
|
|
test("When not email verified should not get detailed user", async() => {
|
|
|
|
const appSession = session(app);
|
|
|
|
const {userData: userData2} = await createUserNotEmailVerified();
|
|
await loginUser(appSession, userData2);
|
|
|
|
await request(app).get("/user-service/user-detailed").send().expect(401);
|
|
})
|
|
|
|
test("When not email verified but email verification disabled should get detailed user", async() => {
|
|
|
|
env.disableEmailVerification = true;
|
|
|
|
const appSession = session(app);
|
|
|
|
const {userData: userData2} = await createUserNotEmailVerified();
|
|
await loginUser(appSession, userData2);
|
|
|
|
const response = await appSession.get("/user-service/user-detailed").send().expect(200);
|
|
|
|
const responseData = response.body;
|
|
const email = responseData.email;
|
|
const username = responseData.username;
|
|
const password = responseData.password;
|
|
const emailVerified = responseData.emailVerified;
|
|
const tokens = responseData.tokens;
|
|
const publicKey = responseData.publicKey;
|
|
const privateKey = responseData.privateKey;
|
|
|
|
expect(email).toEqual(userData2.email);
|
|
expect(username).toEqual(userData2.username);
|
|
expect(password).toEqual(undefined);
|
|
expect(emailVerified).toEqual(false);
|
|
expect(tokens).toEqual(undefined);
|
|
expect(publicKey).toEqual(undefined);
|
|
expect(privateKey).toEqual(undefined)
|
|
|
|
env.disableEmailVerification = undefined;
|
|
})
|
|
|
|
test("When giving existing email should send password reset email", async() => {
|
|
|
|
await request(app).post("/user-service/send-password-reset").send({email: userData.email}).expect(200);
|
|
})
|
|
|
|
test("When giving not existing email should return 404", async() => {
|
|
|
|
await request(app).post("/user-service/send-password-reset").send({email: "idontexist@void.com"}).expect(404);
|
|
})
|
|
|
|
test("When autheniticated should set users name", async() => {
|
|
|
|
const appSession = session(app);
|
|
await loginUser(appSession, userData);
|
|
|
|
await appSession.patch("/user-service/add-name").send({name: "testname"}).expect(200);
|
|
})
|
|
|
|
test("When giving a not valid name length should not set users name", async() => {
|
|
|
|
const appSession = session(app);
|
|
await loginUser(appSession, userData);
|
|
|
|
await appSession.patch("/user-service/add-name").send({name: ""}).expect(403);
|
|
})
|
|
|
|
test("When not giving name should not set users name", async() => {
|
|
|
|
const appSession = session(app);
|
|
await loginUser(appSession, userData);
|
|
|
|
await appSession.patch("/user-service/add-name").send().expect(403);
|
|
})
|
|
|