unleash.unleash/src/lib/routes/admin-api/user.test.js

'use strict';

import { createServices } from '../../services';
import { createTestConfig } from '../../../test/config/test-config';

const test = require('ava');
const supertest = require('supertest');
const { EventEmitter } = require('events');
const store = require('../../../test/fixtures/store');
const getApp = require('../../app');
const User = require('../../user');

const eventBus = new EventEmitter();

const currentUser = new User({ email: 'test@mail.com' });

function getSetup() {
    const base = `/random${Math.round(Math.random() * 1000)}`;
    const stores = store.createStores();
    stores.userStore.insert(currentUser);

    const config = createTestConfig({
        preHook: a => {
            a.use((req, res, next) => {
                req.user = currentUser;
                next();
            });
        },
        server: { baseUriPath: base },
    });
    const services = createServices(stores, config);
    const app = getApp(config, stores, services, eventBus);
    return {
        base,
        userStore: stores.userStore,
        request: supertest(app),
    };
}

test('should return current user', t => {
    t.plan(1);
    const { request, base } = getSetup();

    return request
        .get(`${base}/api/admin/user`)
        .expect(200)
        .expect('Content-Type', /json/)
        .expect(res => {
            t.is(res.body.user.email, currentUser.email);
        });
});
const owaspPassword = 't7GTx&$Y9pcsnxRv6';

test('should allow user to change password', async t => {
    t.plan(2);
    const { request, base, userStore } = getSetup();
    const before = await userStore.get(currentUser);
    t.falsy(before.passwordHash);
    await request
        .post(`${base}/api/admin/user/change-password`)
        .send({ password: owaspPassword, confirmPassword: owaspPassword })
        .expect(200);
    const updated = await userStore.get(currentUser);
    t.truthy(updated.passwordHash);
});

test('should deny if password and confirmPassword are not equal', async t => {
    t.plan(0);
    const { request, base } = getSetup();
    return request
        .post(`${base}/api/admin/user/change-password`)
        .send({ password: owaspPassword, confirmPassword: 'somethingelse' })
        .expect(400);
});

test('should deny if password does not fulfill owasp criteria', async t => {
    t.plan(0);
    const { request, base } = getSetup();
    return request
        .post(`${base}/api/admin/user/change-password`)
        .send({ password: 'hunter123', confirmPassword: 'hunter123' })
        .expect(400);
});
Add sign-out route #288 2018-01-17 09:46:16 +01:00			`'use strict';`

Feat/options need types (#794) feat: options are now typed - This makes it easier to know what to send to unleash.start / unleash.create - Using a Partial to instantiate the config, then melding it with defaults to get a config object with all fields set either to their defaults or to whatever is passed in. Co-authored-by: Fredrik Strand Oseberg <fredrik.no@gmail.com> Co-authored-by: Ivar Conradi Østhus <ivarconr@gmail.com> 2021-04-22 10:07:10 +02:00			`import { createServices } from '../../services';`
			`import { createTestConfig } from '../../../test/config/test-config';`

chore: Upgrade ava to 1.0.1 2018-12-17 09:24:49 +01:00			`const test = require('ava');`
Add sign-out route #288 2018-01-17 09:46:16 +01:00			`const supertest = require('supertest');`
fix: use airbnb lint rules directly (#583) This drops usage of finn-eslint rules as they are no longer maintained. 2020-04-14 22:29:11 +02:00			`const { EventEmitter } = require('events');`
			`const store = require('../../../test/fixtures/store');`
Add sign-out route #288 2018-01-17 09:46:16 +01:00			`const getApp = require('../../app');`
			`const User = require('../../user');`

			`const eventBus = new EventEmitter();`

			`const currentUser = new User({ email: 'test@mail.com' });`

			`function getSetup() {`
			const base = `/random${Math.round(Math.random() * 1000)}`;
			`const stores = store.createStores();`
feat: Add change-password endpoint to user-controller (#800) fixes: #801 Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com> 2021-04-22 16:05:59 +02:00			`stores.userStore.insert(currentUser);`

Feat/options need types (#794) feat: options are now typed - This makes it easier to know what to send to unleash.start / unleash.create - Using a Partial to instantiate the config, then melding it with defaults to get a config object with all fields set either to their defaults or to whatever is passed in. Co-authored-by: Fredrik Strand Oseberg <fredrik.no@gmail.com> Co-authored-by: Ivar Conradi Østhus <ivarconr@gmail.com> 2021-04-22 10:07:10 +02:00			`const config = createTestConfig({`
			`preHook: a => {`
			`a.use((req, res, next) => {`
			`req.user = currentUser;`
			`next();`
			`});`
Add sign-out route #288 2018-01-17 09:46:16 +01:00			`},`
Feat/options need types (#794) feat: options are now typed - This makes it easier to know what to send to unleash.start / unleash.create - Using a Partial to instantiate the config, then melding it with defaults to get a config object with all fields set either to their defaults or to whatever is passed in. Co-authored-by: Fredrik Strand Oseberg <fredrik.no@gmail.com> Co-authored-by: Ivar Conradi Østhus <ivarconr@gmail.com> 2021-04-22 10:07:10 +02:00			`server: { baseUriPath: base },`
			`});`
			`const services = createServices(stores, config);`
			`const app = getApp(config, stores, services, eventBus);`
Add sign-out route #288 2018-01-17 09:46:16 +01:00			`return {`
			`base,`
feat: Add change-password endpoint to user-controller (#800) fixes: #801 Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com> 2021-04-22 16:05:59 +02:00			`userStore: stores.userStore,`
Add sign-out route #288 2018-01-17 09:46:16 +01:00			`request: supertest(app),`
			`};`
			`}`

feat: Add change-password endpoint to user-controller (#800) fixes: #801 Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com> 2021-04-22 16:05:59 +02:00			`test('should return current user', t => {`
Add sign-out route #288 2018-01-17 09:46:16 +01:00			`t.plan(1);`
			`const { request, base } = getSetup();`

			`return request`
			.get(`${base}/api/admin/user`)
			`.expect(200)`
			`.expect('Content-Type', /json/)`
			`.expect(res => {`
Feat/options need types (#794) feat: options are now typed - This makes it easier to know what to send to unleash.start / unleash.create - Using a Partial to instantiate the config, then melding it with defaults to get a config object with all fields set either to their defaults or to whatever is passed in. Co-authored-by: Fredrik Strand Oseberg <fredrik.no@gmail.com> Co-authored-by: Ivar Conradi Østhus <ivarconr@gmail.com> 2021-04-22 10:07:10 +02:00			`t.is(res.body.user.email, currentUser.email);`
Add sign-out route #288 2018-01-17 09:46:16 +01:00			`});`
			`});`
feat: Add change-password endpoint to user-controller (#800) fixes: #801 Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com> 2021-04-22 16:05:59 +02:00			`const owaspPassword = 't7GTx&$Y9pcsnxRv6';`

			`test('should allow user to change password', async t => {`
			`t.plan(2);`
			`const { request, base, userStore } = getSetup();`
			`const before = await userStore.get(currentUser);`
			`t.falsy(before.passwordHash);`
			`await request`
			.post(`${base}/api/admin/user/change-password`)
			`.send({ password: owaspPassword, confirmPassword: owaspPassword })`
			`.expect(200);`
			`const updated = await userStore.get(currentUser);`
			`t.truthy(updated.passwordHash);`
			`});`
Add sign-out route #288 2018-01-17 09:46:16 +01:00
feat: Add change-password endpoint to user-controller (#800) fixes: #801 Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com> 2021-04-22 16:05:59 +02:00			`test('should deny if password and confirmPassword are not equal', async t => {`
Add sign-out route #288 2018-01-17 09:46:16 +01:00			`t.plan(0);`
			`const { request, base } = getSetup();`
feat: Add change-password endpoint to user-controller (#800) fixes: #801 Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com> 2021-04-22 16:05:59 +02:00			`return request`
			.post(`${base}/api/admin/user/change-password`)
			`.send({ password: owaspPassword, confirmPassword: 'somethingelse' })`
			`.expect(400);`
			`});`
Add sign-out route #288 2018-01-17 09:46:16 +01:00
feat: Add change-password endpoint to user-controller (#800) fixes: #801 Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com> 2021-04-22 16:05:59 +02:00			`test('should deny if password does not fulfill owasp criteria', async t => {`
			`t.plan(0);`
			`const { request, base } = getSetup();`
Add sign-out route #288 2018-01-17 09:46:16 +01:00			`return request`
feat: Add change-password endpoint to user-controller (#800) fixes: #801 Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com> 2021-04-22 16:05:59 +02:00			.post(`${base}/api/admin/user/change-password`)
			`.send({ password: 'hunter123', confirmPassword: 'hunter123' })`
			`.expect(400);`
Add sign-out route #288 2018-01-17 09:46:16 +01:00			`});`