diff --git a/packages/backend/package.json b/packages/backend/package.json index 79935038..22a492e6 100644 --- a/packages/backend/package.json +++ b/packages/backend/package.json @@ -10,7 +10,7 @@ "build:watch": "nodemon --watch 'src/**/*.ts' --watch 'bin/**/*.ts' --exec yarn build --ext ts", "start": "node dist/src/server.js", "pretest": "APP_ENV=test ts-node ./test/setup/prepare-test-env.ts", - "test": "APP_ENV=test jest", + "test": "APP_ENV=test jest --verbose", "lint": "eslint . --ignore-path ../../.eslintignore", "db:create": "ts-node ./bin/database/create.ts", "db:seed:user": "ts-node ./bin/database/seed-user.ts", diff --git a/packages/backend/src/graphql/queries/get-current-user.test.ts b/packages/backend/src/graphql/queries/get-current-user.test.ts index 8c22c53d..a0299647 100644 --- a/packages/backend/src/graphql/queries/get-current-user.test.ts +++ b/packages/backend/src/graphql/queries/get-current-user.test.ts @@ -6,7 +6,7 @@ import createUser from '../../../test/fixtures/user'; import { IRole, IUser } from '@automatisch/types'; describe('graphQL getCurrentUser query', () => { - describe('with unauthorized user', () => { + describe('with unauthenticated user', () => { it('should throw not authorized error', async () => { const invalidUserToken = 'invalid-token'; @@ -30,7 +30,7 @@ describe('graphQL getCurrentUser query', () => { }); }); - describe('with authorized user', () => { + describe('with authenticated user', () => { let role: IRole, currentUser: IUser, token: string, requestObject: Test; beforeEach(async () => { @@ -44,9 +44,7 @@ describe('graphQL getCurrentUser query', () => { }); token = createAuthTokenByUserId(currentUser.id); - requestObject = request(app) - .post('/graphql') - .set('Authorization', token); + requestObject = request(app).post('/graphql').set('Authorization', token); }); it('should return user data', async () => { diff --git a/packages/backend/src/graphql/queries/get-user.test.ts b/packages/backend/src/graphql/queries/get-user.test.ts index 1605da61..30d26f83 100644 --- a/packages/backend/src/graphql/queries/get-user.test.ts +++ b/packages/backend/src/graphql/queries/get-user.test.ts @@ -8,7 +8,7 @@ import createUser from '../../../test/fixtures/user'; import { IRole, IUser } from '@automatisch/types'; describe('graphQL getUser query', () => { - describe('with unauthorized user', () => { + describe('with unauthenticated user', () => { it('should throw not authorized error', async () => { const invalidUserId = '123123123'; @@ -32,118 +32,147 @@ describe('graphQL getUser query', () => { }); }); - describe('with authorized user', () => { - let role: IRole, - currentUser: IUser, - anotherUser: IUser, - token: string, - requestObject: Test; + describe('with authenticated user', () => { + describe('and without permissions', () => { + it('should throw not authorized error', async () => { + const userWithoutPermissions = await createUser(); + const anotherUser = await createUser(); - beforeEach(async () => { - role = await createRole({ - key: 'sample', - name: 'sample', - }); - - await createPermission({ - action: 'read', - subject: 'User', - roleId: role.id, - }); - - currentUser = await createUser({ - roleId: role.id, - }); - - anotherUser = await createUser({ - roleId: role.id, - }); - - token = createAuthTokenByUserId(currentUser.id); - requestObject = request(app) - .post('/graphql') - .set('Authorization', `${token}`); - }); - - it('should return user data for a valid user id', async () => { - const query = ` - query { - getUser(id: "${anotherUser.id}") { - id - email - fullName - email - createdAt - updatedAt - role { + const query = ` + query { + getUser(id: "${anotherUser.id}") { id - name + email } } - } - `; + `; - const response = await requestObject.send({ query }).expect(200); + const token = createAuthTokenByUserId(userWithoutPermissions.id); - const expectedResponsePayload = { - data: { - getUser: { - createdAt: (anotherUser.createdAt as Date).getTime().toString(), - email: anotherUser.email, - fullName: anotherUser.fullName, - id: anotherUser.id, - role: { id: role.id, name: role.name }, - updatedAt: (anotherUser.updatedAt as Date).getTime().toString(), + const response = await request(app) + .post('/graphql') + .set('Authorization', token) + .send({ query }) + .expect(200); + + expect(response.body.errors).toBeDefined(); + expect(response.body.errors[0].message).toEqual('Not authorized!'); + }); + }); + + describe('and correct permissions', () => { + let role: IRole, + currentUser: IUser, + anotherUser: IUser, + token: string, + requestObject: Test; + + beforeEach(async () => { + role = await createRole({ + key: 'sample', + name: 'sample', + }); + + await createPermission({ + action: 'read', + subject: 'User', + roleId: role.id, + }); + + currentUser = await createUser({ + roleId: role.id, + }); + + anotherUser = await createUser({ + roleId: role.id, + }); + + token = createAuthTokenByUserId(currentUser.id); + requestObject = request(app) + .post('/graphql') + .set('Authorization', `${token}`); + }); + + it('should return user data for a valid user id', async () => { + const query = ` + query { + getUser(id: "${anotherUser.id}") { + id + email + fullName + email + createdAt + updatedAt + role { + id + name + } + } + } + `; + + const response = await requestObject.send({ query }).expect(200); + + const expectedResponsePayload = { + data: { + getUser: { + createdAt: (anotherUser.createdAt as Date).getTime().toString(), + email: anotherUser.email, + fullName: anotherUser.fullName, + id: anotherUser.id, + role: { id: role.id, name: role.name }, + updatedAt: (anotherUser.updatedAt as Date).getTime().toString(), + }, }, - }, - }; + }; - expect(response.body).toEqual(expectedResponsePayload); - }); + expect(response.body).toEqual(expectedResponsePayload); + }); - it('should not return user password for a valid user id', async () => { - const query = ` - query { - getUser(id: "${anotherUser.id}") { - id - email - password - } - } - `; - - const response = await requestObject.send({ query }).expect(400); - - expect(response.body.errors).toBeDefined(); - expect(response.body.errors[0].message).toEqual( - 'Cannot query field "password" on type "User".' - ); - }); - - it('should return not found for invalid user id', async () => { - const invalidUserId = Crypto.randomUUID(); - - const query = ` - query { - getUser(id: "${invalidUserId}") { - id - email - fullName - email - createdAt - updatedAt - role { + it('should not return user password for a valid user id', async () => { + const query = ` + query { + getUser(id: "${anotherUser.id}") { id - name + email + password } } - } - `; + `; - const response = await requestObject.send({ query }).expect(200); + const response = await requestObject.send({ query }).expect(400); - expect(response.body.errors).toBeDefined(); - expect(response.body.errors[0].message).toEqual('NotFoundError'); + expect(response.body.errors).toBeDefined(); + expect(response.body.errors[0].message).toEqual( + 'Cannot query field "password" on type "User".' + ); + }); + + it('should return not found for invalid user id', async () => { + const invalidUserId = Crypto.randomUUID(); + + const query = ` + query { + getUser(id: "${invalidUserId}") { + id + email + fullName + email + createdAt + updatedAt + role { + id + name + } + } + } + `; + + const response = await requestObject.send({ query }).expect(200); + + expect(response.body.errors).toBeDefined(); + expect(response.body.errors[0].message).toEqual('NotFoundError'); + }); }); }); });