groot/automatisch
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

test: Add test case for unauthorized user for getUser

Browse Source
This commit is contained in:
Faruk AYDIN
2023-10-14 20:12:10 +02:00
parent fb80d5d70d
commit 4de1fc49df
1 changed files with 128 additions and 99 deletions
Download Patch File Download Diff File Expand all files Collapse all files

227
packages/backend/src/graphql/queries/get-user.test.ts
View File

@@ -8,7 +8,7 @@ import createUser from '../../../test/fixtures/user';
import { IRole, IUser } from '@automatisch/types';
describe('graphQL getUser query', () => {
describe('with unauthorized user', () => {
describe('with unauthenticated user', () => {
it('should throw not authorized error', async () => {
const invalidUserId = '123123123';
@@ -32,118 +32,147 @@ describe('graphQL getUser query', () => {
});
});
describe('with authorized user', () => {
let role: IRole,
currentUser: IUser,
anotherUser: IUser,
token: string,
requestObject: Test;
describe('with authenticated user', () => {
describe('and without permissions', () => {
it('should throw not authorized error', async () => {
const userWithoutPermissions = await createUser();
const anotherUser = await createUser();
beforeEach(async () => {
role = await createRole({
key: 'sample',
name: 'sample',
});
await createPermission({
action: 'read',
subject: 'User',
roleId: role.id,
});
currentUser = await createUser({
roleId: role.id,
});
anotherUser = await createUser({
roleId: role.id,
});
token = createAuthTokenByUserId(currentUser.id);
requestObject = request(app)
.post('/graphql')
.set('Authorization', `${token}`);
});
it('should return user data for a valid user id', async () => {
const query = `
query {
getUser(id: "${anotherUser.id}") {
id
email
fullName
email
createdAt
updatedAt
role {
const query = `
query {
getUser(id: "${anotherUser.id}") {
id
name
email
}
}
}
`;
`;
const response = await requestObject.send({ query }).expect(200);
const token = createAuthTokenByUserId(userWithoutPermissions.id);
const expectedResponsePayload = {
data: {
getUser: {
createdAt: (anotherUser.createdAt as Date).getTime().toString(),
email: anotherUser.email,
fullName: anotherUser.fullName,
id: anotherUser.id,
role: { id: role.id, name: role.name },
updatedAt: (anotherUser.updatedAt as Date).getTime().toString(),
const response = await request(app)
.post('/graphql')
.set('Authorization', token)
.send({ query })
.expect(200);
expect(response.body.errors).toBeDefined();
expect(response.body.errors[0].message).toEqual('Not authorized!');
});
});
describe('and correct permissions', () => {
let role: IRole,
currentUser: IUser,
anotherUser: IUser,
token: string,
requestObject: Test;
beforeEach(async () => {
role = await createRole({
key: 'sample',
name: 'sample',
});
await createPermission({
action: 'read',
subject: 'User',
roleId: role.id,
});
currentUser = await createUser({
roleId: role.id,
});
anotherUser = await createUser({
roleId: role.id,
});
token = createAuthTokenByUserId(currentUser.id);
requestObject = request(app)
.post('/graphql')
.set('Authorization', `${token}`);
});
it('should return user data for a valid user id', async () => {
const query = `
query {
getUser(id: "${anotherUser.id}") {
id
email
fullName
email
createdAt
updatedAt
role {
id
name
}
}
}
`;
const response = await requestObject.send({ query }).expect(200);
const expectedResponsePayload = {
data: {
getUser: {
createdAt: (anotherUser.createdAt as Date).getTime().toString(),
email: anotherUser.email,
fullName: anotherUser.fullName,
id: anotherUser.id,
role: { id: role.id, name: role.name },
updatedAt: (anotherUser.updatedAt as Date).getTime().toString(),
},
},
},
};
};
expect(response.body).toEqual(expectedResponsePayload);
});
expect(response.body).toEqual(expectedResponsePayload);
});
it('should not return user password for a valid user id', async () => {
const query = `
query {
getUser(id: "${anotherUser.id}") {
id
email
password
}
}
`;
const response = await requestObject.send({ query }).expect(400);
expect(response.body.errors).toBeDefined();
expect(response.body.errors[0].message).toEqual(
'Cannot query field "password" on type "User".'
);
});
it('should return not found for invalid user id', async () => {
const invalidUserId = Crypto.randomUUID();
const query = `
query {
getUser(id: "${invalidUserId}") {
id
email
fullName
email
createdAt
updatedAt
role {
it('should not return user password for a valid user id', async () => {
const query = `
query {
getUser(id: "${anotherUser.id}") {
id
name
email
password
}
}
}
`;
`;
const response = await requestObject.send({ query }).expect(200);
const response = await requestObject.send({ query }).expect(400);
expect(response.body.errors).toBeDefined();
expect(response.body.errors[0].message).toEqual('NotFoundError');
expect(response.body.errors).toBeDefined();
expect(response.body.errors[0].message).toEqual(
'Cannot query field "password" on type "User".'
);
});
it('should return not found for invalid user id', async () => {
const invalidUserId = Crypto.randomUUID();
const query = `
query {
getUser(id: "${invalidUserId}") {
id
email
fullName
email
createdAt
updatedAt
role {
id
name
}
}
}
`;
const response = await requestObject.send({ query }).expect(200);
expect(response.body.errors).toBeDefined();
expect(response.body.errors[0].message).toEqual('NotFoundError');
});
});
});
});