IT4Change/Ocelot-Social
3
0
Fork 0
mirror of https://github.com/IT4Change/Ocelot-Social.git synced 2025-12-13 07:45:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

Test that admin can access the email of a user

Browse Source 
- Refactor all tests on permissionsMiddleware
This commit is contained in:
aonomike 2019-10-05 17:18:11 +03:00
parent 14c44877b7
commit f8cf975d6c
1 changed files with 71 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

110
backend/src/middleware/permissionsMiddleware.spec.js
View File

@ -8,7 +8,7 @@ const factory = Factory()
const instance = getNeode() const instance = getNeode()
const driver = getDriver() const driver = getDriver()
let query, authenticatedUser, owner, someoneElse, adminExtraordinaire, variables let query, authenticatedUser, owner, anotherRegularUser, administrator, variables, moderator
const userQuery = gql` const userQuery = gql`
query($name: String) { query($name: String) {
@ -19,7 +19,7 @@ const userQuery = gql`
` `
describe('authorization', () => { describe('authorization', () => {
beforeAll(async()=>{ beforeAll(async () => {
await factory.cleanDatabase() await factory.cleanDatabase()
const { server } = createServer({ const { server } = createServer({
context: () => ({ context: () => ({
@ -33,21 +33,28 @@ describe('authorization', () => {
describe('given two existing users', () => { describe('given two existing users', () => {
beforeEach(async () => { beforeEach(async () => {
[owner, someoneElse, adminExtraordinaire] = await Promise.all([ ;[owner, anotherRegularUser, administrator, moderator] = await Promise.all([
factory.create('User', { factory.create('User', {
email: 'owner@example.org', email: 'owner@example.org',
name: 'Owner', name: 'Owner',
password: 'iamtheowner', password: 'iamtheowner',
}), }),
factory.create('User', { factory.create('User', {
email: 'someone@example.org', email: 'another.regular.user@example.org',
name: 'Someone else', name: 'Another Regular User',
password: 'else', password: 'else',
}), }),
factory.create('User', { factory.create('User', {
email: 'admin@example.org', email: 'admin@example.org',
name: 'Admin extraordinaire', name: 'Admin',
password: 'admin', password: 'admin',
role: 'admin',
}),
factory.create('User', {
email: 'moderator@example.org',
name: 'Moderator',
password: 'moderator',
role: 'moderator',
}), }),
]) ])
variables = {} variables = {}
@ -58,52 +65,77 @@ describe('authorization', () => {
}) })
describe('access email address', () => { describe('access email address', () => {
describe('not logged in', () => { describe('unauthenticated', () => {
beforeEach(()=>{ beforeEach(() => {
authenticatedUser = null authenticatedUser = null
}) })
it("throws an error and does not expose the owner's email address", async () => { it("throws an error and does not expose the owner's email address", async () => {
const expected = await query({ query: userQuery, variables: { name: 'Owner' } }) await expect(
await expect(query({ query: userQuery, variables: { name: 'Owner' } })).resolves.toMatchObject({ query({ query: userQuery, variables: { name: 'Owner' } }),
errors: [{ message: 'Not Authorised!'}], ).resolves.toMatchObject({
data: { User: [null]} errors: [{ message: 'Not Authorised!' }],
data: { User: [null] },
}) })
}) })
}) })
describe('as owner', () => { describe('authenticated', () => {
beforeEach(() => { describe('as the owner', () => {
loginCredentials = { beforeEach(async () => {
email: 'owner@example.org', authenticatedUser = await owner.toJson()
password: 'iamtheowner', })
}
it("exposes the owner's email address", async () => {
variables = { name: 'Owner' }
await expect(query({ query: userQuery, variables })).resolves.toMatchObject({
data: { User: [{ email: 'owner@example.org' }] },
errors: undefined,
})
})
}) })
it("exposes the owner's email address", async () => { describe('as another regular user', () => {
await expect(action()).resolves.toEqual({ User: [{ email: 'owner@example.org' }] }) beforeEach(async () => {
}) authenticatedUser = await anotherRegularUser.toJson()
}) })
describe('authenticated as another user', () => { it("throws an error and does not expose the owner's email address", async () => {
beforeEach(async () => { await expect(
loginCredentials = { query({ query: userQuery, variables: { name: 'Owner' } }),
email: 'someone@example.org', ).resolves.toMatchObject({
password: 'else', errors: [{ message: 'Not Authorised!' }],
} data: { User: [null] },
})
})
}) })
it('rejects', async () => { describe('as a moderator', () => {
await expect(action()).rejects.toThrow('Not Authorised!') beforeEach(async () => {
authenticatedUser = await moderator.toJson()
})
it("throws an error and does not expose the owner's email address", async () => {
await expect(
query({ query: userQuery, variables: { name: 'Owner' } }),
).resolves.toMatchObject({
errors: [{ message: 'Not Authorised!' }],
data: { User: [null] },
})
})
}) })
it("does not expose the owner's email address", async () => { describe('administrator', () => {
let response beforeEach(async () => {
try { authenticatedUser = await administrator.toJson()
await action() })
} catch (error) {
response = error.response.data it("exposes the owner's email address", async () => {
} variables = { name: 'Owner' }
expect(response).toEqual({ User: [null] }) await expect(query({ query: userQuery, variables })).resolves.toMatchObject({
data: { User: [{ email: 'owner@example.org' }] },
errors: undefined,
})
})
}) })
}) })
}) })