it('should report error if logged user is not an admin', () => { return request(app) .get('/v1/users') .set('Authorization', `Bearer ${userAccessToken}`) .expect(httpStatus.FORBIDDEN) .then((res) => { expect(res.body.code).to.be.equal(httpStatus.FORBIDDEN); expect(res.body.message).to.be.equal('Forbidden'); }); });
it('should return a new accessToken when refreshToken and email match', async () => { await RefreshToken.create(refreshToken); return request(app) .post('/v1/auth/refresh-token') .send({ email: dbUser.email, refreshToken: refreshToken.token }) .expect(httpStatus.OK) .then((res) => { expect(res.body).to.have.a.property('accessToken'); expect(res.body).to.have.a.property('refreshToken'); expect(res.body).to.have.a.property('expiresIn'); }); });
it('should not update the role of the user (not admin)', async () => { const id = (await User.findOne({ email: dbUsers.jonSnow.email }))._id; const role = 'admin'; return request(app) .patch(`/v1/users/${id}`) .set('Authorization', `Bearer ${userAccessToken}`) .send({ role }) .expect(httpStatus.OK) .then((res) => { expect(res.body.role).to.not.be.equal(role); }); });
it('should not update user when no parameters were given', async () => { delete dbUsers.branStark.password; const id = (await User.findOne(dbUsers.branStark))._id; return request(app) .patch(`/v1/users/${id}`) .set('Authorization', `Bearer ${adminAccessToken}`) .send() .expect(httpStatus.OK) .then((res) => { expect(res.body).to.include(dbUsers.branStark); }); });
it('should report error when logged user is not an admin', () => { return request(app) .post('/v1/users') .set('Authorization', `Bearer ${userAccessToken}`) .send(user) .expect(httpStatus.FORBIDDEN) .then((res) => { expect(res.body.code).to.be.equal(httpStatus.FORBIDDEN); expect(res.body.message).to.be.equal('Forbidden'); }); });
it('should report error when logged user is not the same as the requested one', async () => { const id = (await User.findOne({ email: dbUsers.branStark.email }))._id; return request(app) .patch(`/v1/users/${id}`) .set('Authorization', `Bearer ${userAccessToken}`) .expect(httpStatus.FORBIDDEN) .then((res) => { expect(res.body.code).to.be.equal(httpStatus.FORBIDDEN); expect(res.body.message).to.be.equal('Forbidden'); }); });
it('should register a new user when request is ok', () => { return request(app) .post('/v1/auth/register') .send(user) .expect(httpStatus.CREATED) .then((res) => { delete user.password; expect(res.body.token).to.have.a.property('accessToken'); expect(res.body.token).to.have.a.property('refreshToken'); expect(res.body.token).to.have.a.property('expiresIn'); expect(res.body.user).to.include(user); }); });
it('should report error when email and password are not provided', () => { return request(app) .post('/v1/auth/register') .send({}) .expect(httpStatus.BAD_REQUEST) .then((res) => { const { field } = res.body.errors[0]; const { location } = res.body.errors[0]; const { messages } = res.body.errors[0]; expect(field).to.be.equal('email'); expect(location).to.be.equal('body'); expect(messages).to.include('"email" is required'); }); });
it('should report error when the refreshToken is expired', async () => { await RefreshToken.create(expiredRefreshToken); return request(app) .post('/v1/auth/refresh-token') .send({ email: dbUser.email, refreshToken: expiredRefreshToken.token }) .expect(httpStatus.UNAUTHORIZED) .then((res) => { expect(res.body.code).to.be.equal(401); expect(res.body.message).to.be.equal('Invalid refresh token.'); }); });
it('should create a new user when request is ok', () => { return request(app) .post('/v1/users') .set('Authorization', `Bearer ${adminAccessToken}`) .send(admin) .expect(httpStatus.CREATED) .then((res) => { delete admin.password; expect(res.body).to.include(admin); }); });
it('should report error "User does not exist" when user does not exists', () => { return request(app) .put('/v1/users/palmeiras1914') .set('Authorization', `Bearer ${adminAccessToken}`) .expect(httpStatus.NOT_FOUND) .then((res) => { expect(res.body.code).to.be.equal(404); expect(res.body.message).to.be.equal('User does not exist'); }); });
it('should create a new user and set default role to "user"', () => { return request(app) .post('/v1/users') .set('Authorization', `Bearer ${adminAccessToken}`) .send(user) .expect(httpStatus.CREATED) .then((res) => { expect(res.body.role).to.be.equal('user'); }); });
it('should not replace the role of the user (not admin)', async () => { const id = (await User.findOne({ email: dbUsers.jonSnow.email }))._id; const role = 'admin'; return request(app) .put(`/v1/users/${id}`) .set('Authorization', `Bearer ${userAccessToken}`) .send(admin) .expect(httpStatus.OK) .then((res) => { expect(res.body.role).to.not.be.equal(role); }); });
it('should report error when logged user is not the same as the requested one', async () => { const id = (await User.findOne({ email: dbUsers.branStark.email }))._id; return request(app) .put(`/v1/users/${id}`) .set('Authorization', `Bearer ${userAccessToken}`) .expect(httpStatus.FORBIDDEN) .then((res) => { expect(res.body.code).to.be.equal(httpStatus.FORBIDDEN); expect(res.body.message).to.be.equal('Forbidden'); }); });
it('should report error "User does not exist" when user does not exists', () => { return request(app) .patch('/v1/users/palmeiras1914') .set('Authorization', `Bearer ${adminAccessToken}`) .expect(httpStatus.NOT_FOUND) .then((res) => { expect(res.body.code).to.be.equal(404); expect(res.body.message).to.be.equal('User does not exist'); }); });