UNPKG

node-user-accounts-boilerplate/setupTest.js

Version:

9.41 kBJavaScriptView Raw

1"use strict";
2
3const assert = require('assert');
4const describeConfig = require('./setupTester');
5const NoAuth = require('./auth/NoAuth');
6const PBKDF2 = require('./crypt/PBKDF2');
7
8describeConfig('empty', {}, function (handler)
9{
it('should have no login methods', async function ()
{
  const
  {
    status,
    data
  } = await handler.request('GET', '/api/accounts/methods.json');
  assert.deepEqual(status, 200);
  assert.deepEqual(data, []);
});
20
it('should not be able to access admin api', async function ()
{
  const
  {
    status
  } = await handler.request('GET', '/api/accounts/search.json');
  assert.deepEqual(status, 400);
});
29
it('should not be able to access admin api', async function ()
{
  const
  {
    data
  } = await handler.request('GET', '/api/accounts/current.json');
  assert.deepEqual(data, false);
});
38});
39
40async function config()
41{
const cfg = {};
cfg.users = await describeConfig.createUsers([{
  id: 'regular',
  password: 'INVALID'
}, {
  id: 'admin',
  roles: {
    admin: true
  }
}]);
52
cfg.auth = [
  new NoAuth({
    method: 'regular',
    loginUserId: 'regular'
  }),
  new NoAuth({
    method: 'admin',
    loginUserId: 'admin'
  })
];
63
cfg.custom = {
  custom: {},
  customInvalid: {
    validate: () =>
    {
      throw new Error('Invalid')
    }
  },
  customValid: {
    validate: i => i
  }
}
76
cfg.crypt = new PBKDF2();
78
cfg.administratorRoles = {
  admin: true
};
return cfg;
83}
84
85describeConfig('config', config, function (handler)
86{
it('should have login methods', async function ()
{
  const
  {
    status,
    data
  } = await handler.request('GET', '/api/accounts/methods.json');
  assert.deepEqual(status, 200);
  assert.notDeepEqual(data, []);
});
97
it('should be able to login', async function ()
{
  assert.deepEqual((await handler.request('GET', '/api/accounts/regular/login.json'))
    .status, 200);
  const
  {
    data
  } = await handler.request('GET', '/api/accounts/current.json');
  assert.deepEqual(data.id, 'regular');
  assert.deepEqual(data.password, true);
});
109
it('should be able to logout', async function ()
{
  await handler.request('GET', '/api/accounts/regular/login.json');
  await handler.request('GET', '/api/accounts/logout.json');
  assert.deepEqual((await handler.request('GET', '/api/accounts/current.json'))
    .data, false);
});
117
it('should be update display name', async function ()
{
  await handler.request('GET', '/api/accounts/regular/login.json');
  assert.deepEqual((await handler.request('PUT', '/api/accounts/current.json', {}, {
      displayName: 'TEST'
    }))
    .status, 200);
  assert.deepEqual((await handler.request('GET', '/api/accounts/current.json'))
    .data.displayName, 'TEST');
  assert.deepEqual((await handler.request('PUT', '/api/accounts/current.json', {}, {
      displayName: ['TEST2']
    }))
    .status, 400);
  assert.deepEqual((await handler.request('GET', '/api/accounts/current.json'))
    .data.displayName, 'TEST');
});
134
it('should be able to remove password', async function ()
{
  await handler.request('GET', '/api/accounts/regular/login.json');
  assert.deepEqual((await handler.request('PUT', '/api/accounts/current.json', {}, {
      password: false
    }))
    .status, 200);
  assert.deepEqual((await handler.request('GET', '/api/accounts/current.json'))
    .data.password, undefined);
});
145
it('should not be able to set password if a module that does not use passsword is not present', async function ()
{
  await handler.request('GET', '/api/accounts/admin/login.json');
  assert.deepEqual((await handler.request('PUT', '/api/accounts/current.json', {}, {
      password: 'QAAS91723891ASD98@#!#'
    }))
    .status, 400);
  assert.deepEqual((await handler.request('GET', '/api/accounts/current.json'))
    .data.password, undefined);
});
156
it('should not be able to set password if a crypt is not configured', async function ()
{
  handler.getconfig()
    .crypt = null;
  await handler.request('GET', '/admin/login.json');
  assert.deepEqual((await handler.request('PUT', '/api/accounts/current.json', {}, {
      password: 'QAAS91723891ASD98@#!#'
    }))
    .status, 400);
  assert.deepEqual((await handler.request('GET', '/api/accounts/current.json'))
    .data.password, undefined);
});
169
it('should be able to set password if a module that does use passsword is present', async function ()
{
  handler.getconfig()
    .auth[0].description.usesPassword = true;
  await handler.request('GET', '/api/accounts/admin/login.json');
  assert.deepEqual((await handler.request('PUT', '/api/accounts/current.json', {}, {
      password: 'QAAS91723891ASD98@#!#'
    }))
    .status, 200);
  assert.notDeepEqual((await handler.request('GET', '/api/accounts/current.json'))
    .data.password, undefined);
});
182
it('should not be able to update own roles', async function ()
{
  await handler.request('GET', '/api/accounts/regular/login.json');
  assert.deepEqual((await handler.request('PUT', '/api/accounts/current.json', {}, {
      roles: {}
    }))
    .status, 400);
});
191
it('should not be able to update random fields', async function ()
{
  await handler.request('GET', '/api/accounts/regular/login.json');
  assert.deepEqual((await handler.request('PUT', '/api/accounts/current.json', {}, {
      random: true
    }))
    .status, 400);
});
200
it('should be able to update custom fields', async function ()
{
  await handler.request('GET', '/api/accounts/regular/login.json');
  assert.deepEqual((await handler.request('PUT', '/api/accounts/current.json', {}, {
      custom: true
    }))
    .status, 200);
});
209
it('should be able to validate custom fields', async function ()
{
  await handler.request('GET', '/api/accounts/regular/login.json');
  assert.deepEqual((await handler.request('PUT', '/api/accounts/current.json', {}, {
      customInvalid: true
    }))
    .status, 400);
});
218
it('should be able to valid custom fields', async function ()
{
  await handler.request('GET', '/api/accounts/regular/login.json');
  assert.deepEqual((await handler.request('PUT', '/api/accounts/current.json', {}, {
      customValid: true
    }))
    .status, 200);
});
227
it('regular user should not see users list', async function ()
{
  await handler.request('GET', '/api/accounts/regular/login.json');
  assert.deepEqual((await handler.request('GET', '/api/accounts/search.json'))
    .status, 400);
});
234
it('regular user should not see other users', async function ()
{
  await handler.request('GET', '/api/accounts/regular/login.json');
  assert.deepEqual((await handler.request('GET', '/api/accounts/regular.json'))
    .status, 400);
});
241
it('regular user should not update other users', async function ()
{
  await handler.request('GET', '/api/accounts/regular/login.json');
  assert.deepEqual((await handler.request('PUT', '/api/accounts/regular.json', {}, {}))
    .status, 400);
});
248
it('regular user should not delete other users', async function ()
{
  await handler.request('GET', '/api/accounts/regular/login.json');
  assert.deepEqual((await handler.request('DELETE', '/api/accounts/regular.json'))
    .status, 400);
});
255
it('admin user should see users list', async function ()
{
  await handler.request('GET', '/api/accounts/admin/login.json');
  assert.deepEqual((await handler.request('GET', '/api/accounts/search.json'))
    .status, 200);
});
262
it('admin user should see other users', async function ()
{
  await handler.request('GET', '/api/accounts/admin/login.json');
  assert.deepEqual((await handler.request('GET', '/api/accounts/regular.json'))
    .status, 200);
  assert.deepEqual((await handler.request('GET', '/api/accounts/admin.json'))
    .status, 200);
});
271
it('admin user should update other users', async function ()
{
  await handler.request('GET', '/api/accounts/admin/login.json');
  assert.deepEqual((await handler.request('PUT', '/api/accounts/admin.json', {}, {}))
    .status, 200);
});
278
it('admin user should update other user role', async function ()
{
  await handler.request('GET', '/api/accounts/admin/login.json');
  assert.deepEqual((await handler.request('PUT', '/api/accounts/regular.json', {}, {
      roles: {
        admin: true
      }
    }))
    .status, 200);
});
289
it('admin user should not update own role', async function ()
{
  await handler.request('GET', '/api/accounts/admin/login.json');
  assert.deepEqual((await handler.request('PUT', '/api/accounts/admin.json', {}, {
      roles: {}
    }))
    .status, 400);
});
298
it('admin user should delete other users', async function ()
{
  await handler.request('GET', '/api/accounts/admin/login.json');
  assert.deepEqual((await handler.request('DELETE', '/api/accounts/regular.json'))
    .status, 200);
});
305
it('admin user should not delete self', async function ()
{
  await handler.request('GET', '/api/accounts/admin/login.json');
  assert.deepEqual((await handler.request('DELETE', '/api/accounts/admin.json'))
    .status, 400);
});
312
313});

1	`"use strict";`
2
3	`const assert = require('assert');`
4	`const describeConfig = require('./setupTester');`
5	`const NoAuth = require('./auth/NoAuth');`
6	`const PBKDF2 = require('./crypt/PBKDF2');`
7
8	`describeConfig('empty', {}, function (handler)`
9	`{`
10	`it('should have no login methods', async function ()`
11	`{`
12	`const`
13	`{`
14	`status,`
15	`data`
16	`} = await handler.request('GET', '/api/accounts/methods.json');`
17	`assert.deepEqual(status, 200);`
18	`assert.deepEqual(data, []);`
19	`});`
20
21	`it('should not be able to access admin api', async function ()`
22	`{`
23	`const`
24	`{`
25	`status`
26	`} = await handler.request('GET', '/api/accounts/search.json');`
27	`assert.deepEqual(status, 400);`
28	`});`
29
30	`it('should not be able to access admin api', async function ()`
31	`{`
32	`const`
33	`{`
34	`data`
35	`} = await handler.request('GET', '/api/accounts/current.json');`
36	`assert.deepEqual(data, false);`
37	`});`
38	`});`
39
40	`async function config()`
41	`{`
42	`const cfg = {};`
43	`cfg.users = await describeConfig.createUsers([{`
44	`id: 'regular',`
45	`password: 'INVALID'`
46	`}, {`
47	`id: 'admin',`
48	`roles: {`
49	`admin: true`
50	`}`
51	`}]);`
52
53	`cfg.auth = [`
54	`new NoAuth({`
55	`method: 'regular',`
56	`loginUserId: 'regular'`
57	`}),`
58	`new NoAuth({`
59	`method: 'admin',`
60	`loginUserId: 'admin'`
61	`})`
62	`];`
63
64	`cfg.custom = {`
65	`custom: {},`
66	`customInvalid: {`
67	`validate: () =>`
68	`{`
69	`throw new Error('Invalid')`
70	`}`
71	`},`
72	`customValid: {`
73	`validate: i => i`
74	`}`
75	`}`
76
77	`cfg.crypt = new PBKDF2();`
78
79	`cfg.administratorRoles = {`
80	`admin: true`
81	`};`
82	`return cfg;`
83	`}`
84
85	`describeConfig('config', config, function (handler)`
86	`{`
87	`it('should have login methods', async function ()`
88	`{`
89	`const`
90	`{`
91	`status,`
92	`data`
93	`} = await handler.request('GET', '/api/accounts/methods.json');`
94	`assert.deepEqual(status, 200);`
95	`assert.notDeepEqual(data, []);`
96	`});`
97
98	`it('should be able to login', async function ()`
99	`{`
100	`assert.deepEqual((await handler.request('GET', '/api/accounts/regular/login.json'))`
101	`.status, 200);`
102	`const`
103	`{`
104	`data`
105	`} = await handler.request('GET', '/api/accounts/current.json');`
106	`assert.deepEqual(data.id, 'regular');`
107	`assert.deepEqual(data.password, true);`
108	`});`
109
110	`it('should be able to logout', async function ()`
111	`{`
112	`await handler.request('GET', '/api/accounts/regular/login.json');`
113	`await handler.request('GET', '/api/accounts/logout.json');`
114	`assert.deepEqual((await handler.request('GET', '/api/accounts/current.json'))`
115	`.data, false);`
116	`});`
117
118	`it('should be update display name', async function ()`
119	`{`
120	`await handler.request('GET', '/api/accounts/regular/login.json');`
121	`assert.deepEqual((await handler.request('PUT', '/api/accounts/current.json', {}, {`
122	`displayName: 'TEST'`
123	`}))`
124	`.status, 200);`
125	`assert.deepEqual((await handler.request('GET', '/api/accounts/current.json'))`
126	`.data.displayName, 'TEST');`
127	`assert.deepEqual((await handler.request('PUT', '/api/accounts/current.json', {}, {`
128	`displayName: ['TEST2']`
129	`}))`
130	`.status, 400);`
131	`assert.deepEqual((await handler.request('GET', '/api/accounts/current.json'))`
132	`.data.displayName, 'TEST');`
133	`});`
134
135	`it('should be able to remove password', async function ()`
136	`{`
137	`await handler.request('GET', '/api/accounts/regular/login.json');`
138	`assert.deepEqual((await handler.request('PUT', '/api/accounts/current.json', {}, {`
139	`password: false`
140	`}))`
141	`.status, 200);`
142	`assert.deepEqual((await handler.request('GET', '/api/accounts/current.json'))`
143	`.data.password, undefined);`
144	`});`
145
146	`it('should not be able to set password if a module that does not use passsword is not present', async function ()`
147	`{`
148	`await handler.request('GET', '/api/accounts/admin/login.json');`
149	`assert.deepEqual((await handler.request('PUT', '/api/accounts/current.json', {}, {`
150	`password: 'QAAS91723891ASD98@#!#'`
151	`}))`
152	`.status, 400);`
153	`assert.deepEqual((await handler.request('GET', '/api/accounts/current.json'))`
154	`.data.password, undefined);`
155	`});`
156
157	`it('should not be able to set password if a crypt is not configured', async function ()`
158	`{`
159	`handler.getconfig()`
160	`.crypt = null;`
161	`await handler.request('GET', '/admin/login.json');`
162	`assert.deepEqual((await handler.request('PUT', '/api/accounts/current.json', {}, {`
163	`password: 'QAAS91723891ASD98@#!#'`
164	`}))`
165	`.status, 400);`
166	`assert.deepEqual((await handler.request('GET', '/api/accounts/current.json'))`
167	`.data.password, undefined);`
168	`});`
169
170	`it('should be able to set password if a module that does use passsword is present', async function ()`
171	`{`
172	`handler.getconfig()`
173	`.auth[0].description.usesPassword = true;`
174	`await handler.request('GET', '/api/accounts/admin/login.json');`
175	`assert.deepEqual((await handler.request('PUT', '/api/accounts/current.json', {}, {`
176	`password: 'QAAS91723891ASD98@#!#'`
177	`}))`
178	`.status, 200);`
179	`assert.notDeepEqual((await handler.request('GET', '/api/accounts/current.json'))`
180	`.data.password, undefined);`
181	`});`
182
183	`it('should not be able to update own roles', async function ()`
184	`{`
185	`await handler.request('GET', '/api/accounts/regular/login.json');`
186	`assert.deepEqual((await handler.request('PUT', '/api/accounts/current.json', {}, {`
187	`roles: {}`
188	`}))`
189	`.status, 400);`
190	`});`
191
192	`it('should not be able to update random fields', async function ()`
193	`{`
194	`await handler.request('GET', '/api/accounts/regular/login.json');`
195	`assert.deepEqual((await handler.request('PUT', '/api/accounts/current.json', {}, {`
196	`random: true`
197	`}))`
198	`.status, 400);`
199	`});`
200
201	`it('should be able to update custom fields', async function ()`
202	`{`
203	`await handler.request('GET', '/api/accounts/regular/login.json');`
204	`assert.deepEqual((await handler.request('PUT', '/api/accounts/current.json', {}, {`
205	`custom: true`
206	`}))`
207	`.status, 200);`
208	`});`
209
210	`it('should be able to validate custom fields', async function ()`
211	`{`
212	`await handler.request('GET', '/api/accounts/regular/login.json');`
213	`assert.deepEqual((await handler.request('PUT', '/api/accounts/current.json', {}, {`
214	`customInvalid: true`
215	`}))`
216	`.status, 400);`
217	`});`
218
219	`it('should be able to valid custom fields', async function ()`
220	`{`
221	`await handler.request('GET', '/api/accounts/regular/login.json');`
222	`assert.deepEqual((await handler.request('PUT', '/api/accounts/current.json', {}, {`
223	`customValid: true`
224	`}))`
225	`.status, 200);`
226	`});`
227
228	`it('regular user should not see users list', async function ()`
229	`{`
230	`await handler.request('GET', '/api/accounts/regular/login.json');`
231	`assert.deepEqual((await handler.request('GET', '/api/accounts/search.json'))`
232	`.status, 400);`
233	`});`
234
235	`it('regular user should not see other users', async function ()`
236	`{`
237	`await handler.request('GET', '/api/accounts/regular/login.json');`
238	`assert.deepEqual((await handler.request('GET', '/api/accounts/regular.json'))`
239	`.status, 400);`
240	`});`
241
242	`it('regular user should not update other users', async function ()`
243	`{`
244	`await handler.request('GET', '/api/accounts/regular/login.json');`
245	`assert.deepEqual((await handler.request('PUT', '/api/accounts/regular.json', {}, {}))`
246	`.status, 400);`
247	`});`
248
249	`it('regular user should not delete other users', async function ()`
250	`{`
251	`await handler.request('GET', '/api/accounts/regular/login.json');`
252	`assert.deepEqual((await handler.request('DELETE', '/api/accounts/regular.json'))`
253	`.status, 400);`
254	`});`
255
256	`it('admin user should see users list', async function ()`
257	`{`
258	`await handler.request('GET', '/api/accounts/admin/login.json');`
259	`assert.deepEqual((await handler.request('GET', '/api/accounts/search.json'))`
260	`.status, 200);`
261	`});`
262
263	`it('admin user should see other users', async function ()`
264	`{`
265	`await handler.request('GET', '/api/accounts/admin/login.json');`
266	`assert.deepEqual((await handler.request('GET', '/api/accounts/regular.json'))`
267	`.status, 200);`
268	`assert.deepEqual((await handler.request('GET', '/api/accounts/admin.json'))`
269	`.status, 200);`
270	`});`
271
272	`it('admin user should update other users', async function ()`
273	`{`
274	`await handler.request('GET', '/api/accounts/admin/login.json');`
275	`assert.deepEqual((await handler.request('PUT', '/api/accounts/admin.json', {}, {}))`
276	`.status, 200);`
277	`});`
278
279	`it('admin user should update other user role', async function ()`
280	`{`
281	`await handler.request('GET', '/api/accounts/admin/login.json');`
282	`assert.deepEqual((await handler.request('PUT', '/api/accounts/regular.json', {}, {`
283	`roles: {`
284	`admin: true`
285	`}`
286	`}))`
287	`.status, 200);`
288	`});`
289
290	`it('admin user should not update own role', async function ()`
291	`{`
292	`await handler.request('GET', '/api/accounts/admin/login.json');`
293	`assert.deepEqual((await handler.request('PUT', '/api/accounts/admin.json', {}, {`
294	`roles: {}`
295	`}))`
296	`.status, 400);`
297	`});`
298
299	`it('admin user should delete other users', async function ()`
300	`{`
301	`await handler.request('GET', '/api/accounts/admin/login.json');`
302	`assert.deepEqual((await handler.request('DELETE', '/api/accounts/regular.json'))`
303	`.status, 200);`
304	`});`
305
306	`it('admin user should not delete self', async function ()`
307	`{`
308	`await handler.request('GET', '/api/accounts/admin/login.json');`
309	`assert.deepEqual((await handler.request('DELETE', '/api/accounts/admin.json'))`
310	`.status, 400);`
311	`});`
312
313	`});`