Merge pull request #1656 from automatisch/api-controller-tests

test: Cover not found responses for API endpoint tests

packages/backend/src/controllers/api/v1/admin/app-auth-clients/get-app-auth-client.test.js

@@ -1,5 +1,6 @@
 import { vi, describe, it, expect, beforeEach } from 'vitest';
 import request from 'supertest';
+import Crypto from 'crypto';
 import app from '../../../../../app.js';
 import createAuthTokenByUserId from '../../../../../helpers/create-auth-token-by-user-id.js';
 import { createUser } from '../../../../../../test/factories/user.js';
@@ -31,5 +32,21 @@ describe('GET /api/v1/admin/app-auth-clients/:appAuthClientId', () => {
       const expectedPayload = getAdminAppAuthClientMock(currentAppAuthClient);
       expect(response.body).toEqual(expectedPayload);
     });
+
+    it('should return not found response for not existing app auth client UUID', async () => {
+      const notExistingAppAuthClientUUID = Crypto.randomUUID();
+
+      await request(app)
+        .get(`/api/v1/admin/app-auth-clients/${notExistingAppAuthClientUUID}`)
+        .set('Authorization', token)
+        .expect(404);
+    });
+
+    it('should return bad request response for invalid UUID', async () => {
+      await request(app)
+        .get('/api/v1/admin/app-auth-clients/invalidAppAuthClientUUID')
+        .set('Authorization', token)
+        .expect(400);
+    });
   });
 });

packages/backend/src/controllers/api/v1/admin/roles/get-role.ee.test.js

@@ -1,5 +1,6 @@
 import { vi, describe, it, expect, beforeEach } from 'vitest';
 import request from 'supertest';
+import Crypto from 'crypto';
 import app from '../../../../../app.js';
 import createAuthTokenByUserId from '../../../../../helpers/create-auth-token-by-user-id.js';
 import { createRole } from '../../../../../../test/factories/role.js';
@@ -20,7 +21,7 @@ describe('GET /api/v1/admin/roles/:roleId', () => {
     token = createAuthTokenByUserId(currentUser.id);
   });
 
-  it('should return roles', async () => {
+  it('should return role', async () => {
     vi.spyOn(license, 'hasValidLicense').mockResolvedValue(true);
 
     const response = await request(app)
@@ -35,4 +36,24 @@ describe('GET /api/v1/admin/roles/:roleId', () => {
 
     expect(response.body).toEqual(expectedPayload);
   });
+
+  it('should return not found response for not existing role UUID', async () => {
+    vi.spyOn(license, 'hasValidLicense').mockResolvedValue(true);
+
+    const notExistingRoleUUID = Crypto.randomUUID();
+
+    await request(app)
+      .get(`/api/v1/admin/roles/${notExistingRoleUUID}`)
+      .set('Authorization', token)
+      .expect(404);
+  });
+
+  it('should return bad request response for invalid UUID', async () => {
+    vi.spyOn(license, 'hasValidLicense').mockResolvedValue(true);
+
+    await request(app)
+      .get('/api/v1/admin/roles/invalidRoleUUID')
+      .set('Authorization', token)
+      .expect(400);
+  });
 });

packages/backend/src/controllers/api/v1/admin/saml-auth-providers/get-saml-auth-provider.ee.test.js

@@ -1,5 +1,6 @@
 import { vi, describe, it, expect, beforeEach } from 'vitest';
 import request from 'supertest';
+import Crypto from 'crypto';
 import app from '../../../../../app.js';
 import createAuthTokenByUserId from '../../../../../helpers/create-auth-token-by-user-id.js';
 import { createRole } from '../../../../../../test/factories/role.js';
@@ -31,4 +32,26 @@ describe('GET /api/v1/admin/saml-auth-provider/:samlAuthProviderId', () => {
 
     expect(response.body).toEqual(expectedPayload);
   });
+
+  it('should return not found response for not existing saml auth provider UUID', async () => {
+    vi.spyOn(license, 'hasValidLicense').mockResolvedValue(true);
+
+    const notExistingSamlAuthProviderUUID = Crypto.randomUUID();
+
+    await request(app)
+      .get(
+        `/api/v1/admin/saml-auth-providers/${notExistingSamlAuthProviderUUID}`
+      )
+      .set('Authorization', token)
+      .expect(404);
+  });
+
+  it('should return bad request response for invalid UUID', async () => {
+    vi.spyOn(license, 'hasValidLicense').mockResolvedValue(true);
+
+    await request(app)
+      .get('/api/v1/admin/saml-auth-providers/invalidSamlAuthProviderUUID')
+      .set('Authorization', token)
+      .expect(400);
+  });
 });

packages/backend/src/controllers/api/v1/admin/users/get-user.ee.test.js

@@ -1,5 +1,6 @@
 import { vi, describe, it, expect, beforeEach } from 'vitest';
 import request from 'supertest';
+import Crypto from 'crypto';
 import app from '../../../../../app.js';
 import createAuthTokenByUserId from '../../../../../helpers/create-auth-token-by-user-id';
 import { createUser } from '../../../../../../test/factories/user';
@@ -31,4 +32,24 @@ describe('GET /api/v1/admin/users/:userId', () => {
     const expectedPayload = getUserMock(anotherUser, anotherUserRole);
     expect(response.body).toEqual(expectedPayload);
   });
+
+  it('should return not found response for not existing user UUID', async () => {
+    vi.spyOn(license, 'hasValidLicense').mockResolvedValue(true);
+
+    const notExistingUserUUID = Crypto.randomUUID();
+
+    await request(app)
+      .get(`/api/v1/admin/users/${notExistingUserUUID}`)
+      .set('Authorization', token)
+      .expect(404);
+  });
+
+  it('should return bad request response for invalid UUID', async () => {
+    vi.spyOn(license, 'hasValidLicense').mockResolvedValue(true);
+
+    await request(app)
+      .get('/api/v1/admin/users/invalidUserUUID')
+      .set('Authorization', token)
+      .expect(400);
+  });
 });

packages/backend/src/controllers/api/v1/app-auth-clients/get-app-auth-client.test.js

@@ -1,5 +1,6 @@
 import { vi, describe, it, expect, beforeEach } from 'vitest';
 import request from 'supertest';
+import Crypto from 'crypto';
 import app from '../../../../app.js';
 import createAuthTokenByUserId from '../../../../helpers/create-auth-token-by-user-id.js';
 import { createUser } from '../../../../../test/factories/user.js';
@@ -28,4 +29,20 @@ describe('GET /api/v1/app-auth-clients/:id', () => {
     const expectedPayload = getAppAuthClientMock(currentAppAuthClient);
     expect(response.body).toEqual(expectedPayload);
   });
+
+  it('should return not found response for not existing app auth client ID', async () => {
+    const notExistingAppAuthClientUUID = Crypto.randomUUID();
+
+    await request(app)
+      .get(`/api/v1/app-auth-clients/${notExistingAppAuthClientUUID}`)
+      .set('Authorization', token)
+      .expect(404);
+  });
+
+  it('should return bad request response for invalid UUID', async () => {
+    await request(app)
+      .get('/api/v1/app-auth-clients/invalidAppAuthClientUUID')
+      .set('Authorization', token)
+      .expect(400);
+  });
 });

packages/backend/src/controllers/api/v1/flows/get-flow.test.js

@@ -1,5 +1,6 @@
 import { describe, it, expect, beforeEach } from 'vitest';
 import request from 'supertest';
+import Crypto from 'crypto';
 import app from '../../../../app.js';
 import createAuthTokenByUserId from '../../../../helpers/create-auth-token-by-user-id';
 import { createUser } from '../../../../../test/factories/user';
@@ -68,4 +69,34 @@ describe('GET /api/v1/flows/:flowId', () => {
 
     expect(response.body).toEqual(expectedPayload);
   });
+
+  it('should return not found response for not existing flow UUID', async () => {
+    await createPermission({
+      action: 'read',
+      subject: 'Flow',
+      roleId: currentUserRole.id,
+      conditions: [],
+    });
+
+    const notExistingFlowUUID = Crypto.randomUUID();
+
+    await request(app)
+      .get(`/api/v1/flows/${notExistingFlowUUID}`)
+      .set('Authorization', token)
+      .expect(404);
+  });
+
+  it('should return bad request response for invalid UUID', async () => {
+    await createPermission({
+      action: 'read',
+      subject: 'Flow',
+      roleId: currentUserRole.id,
+      conditions: [],
+    });
+
+    await request(app)
+      .get('/api/v1/flows/invalidFlowUUID')
+      .set('Authorization', token)
+      .expect(400);
+  });
 });

packages/backend/src/helpers/error-handler.js

@@ -1,14 +1,20 @@
 import logger from './logger.js';
+import objection from 'objection';
+const { NotFoundError, DataError } = objection;
 
 // Do not remove `next` argument as the function signature will not fit for an error handler middleware
 // eslint-disable-next-line no-unused-vars
-const errorHandler = (err, req, res, next) => {
+const errorHandler = (error, request, response, next) => {
-  if (err.message === 'Not Found') {
+  if (error.message === 'Not Found' || error instanceof NotFoundError) {
-    res.status(404).end();
+    response.status(404).end();
-  } else {
-    logger.error(err.message + '\n' + err.stack);
-    res.status(err.statusCode || 500).send(err.message);
   }
+
+  if (error instanceof DataError) {
+    response.status(400).end();
+  }
+
+  logger.error(error.message + '\n' + error.stack);
+  response.status(error.statusCode || 500);
 };
 
 export default errorHandler;