groot/automatisch
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

test: Add test case for unauthorized user for getUser

Browse Source
This commit is contained in:
Faruk AYDIN
2023-10-14 20:12:10 +02:00
parent fb80d5d70d
commit 4de1fc49df
1 changed files with 128 additions and 99 deletions
Download Patch File Download Diff File Expand all files Collapse all files

227
packages/backend/src/graphql/queries/get-user.test.ts
View File

@@ -8,7 +8,7 @@ import createUser from '../../../test/fixtures/user';
import { IRole, IUser } from '@automatisch/types'; import { IRole, IUser } from '@automatisch/types';
describe('graphQL getUser query', () => { describe('graphQL getUser query', () => {
describe('with unauthorized user', () => { describe('with unauthenticated user', () => {
it('should throw not authorized error', async () => { it('should throw not authorized error', async () => {
const invalidUserId = '123123123'; const invalidUserId = '123123123';
@@ -32,118 +32,147 @@ describe('graphQL getUser query', () => {
}); });
}); });
describe('with authorized user', () => { describe('with authenticated user', () => {
let role: IRole, describe('and without permissions', () => {
currentUser: IUser, it('should throw not authorized error', async () => {
anotherUser: IUser, const userWithoutPermissions = await createUser();
token: string, const anotherUser = await createUser();
requestObject: Test;
beforeEach(async () => { const query = `
role = await createRole({ query {
key: 'sample', getUser(id: "${anotherUser.id}") {
name: 'sample',
});
await createPermission({
action: 'read',
subject: 'User',
roleId: role.id,
});
currentUser = await createUser({
roleId: role.id,
});
anotherUser = await createUser({
roleId: role.id,
});
token = createAuthTokenByUserId(currentUser.id);
requestObject = request(app)
.post('/graphql')
.set('Authorization', `${token}`);
});
it('should return user data for a valid user id', async () => {
const query = `
query {
getUser(id: "${anotherUser.id}") {
id
email
fullName
email
createdAt
updatedAt
role {
id id
name email
} }
} }
} `;
`;
const response = await requestObject.send({ query }).expect(200); const token = createAuthTokenByUserId(userWithoutPermissions.id);
const expectedResponsePayload = { const response = await request(app)
data: { .post('/graphql')
getUser: { .set('Authorization', token)
createdAt: (anotherUser.createdAt as Date).getTime().toString(), .send({ query })
email: anotherUser.email, .expect(200);
fullName: anotherUser.fullName,
id: anotherUser.id, expect(response.body.errors).toBeDefined();
role: { id: role.id, name: role.name }, expect(response.body.errors[0].message).toEqual('Not authorized!');
updatedAt: (anotherUser.updatedAt as Date).getTime().toString(), });
});
describe('and correct permissions', () => {
let role: IRole,
currentUser: IUser,
anotherUser: IUser,
token: string,
requestObject: Test;
beforeEach(async () => {
role = await createRole({
key: 'sample',
name: 'sample',
});
await createPermission({
action: 'read',
subject: 'User',
roleId: role.id,
});
currentUser = await createUser({
roleId: role.id,
});
anotherUser = await createUser({
roleId: role.id,
});
token = createAuthTokenByUserId(currentUser.id);
requestObject = request(app)
.post('/graphql')
.set('Authorization', `${token}`);
});
it('should return user data for a valid user id', async () => {
const query = `
query {
getUser(id: "${anotherUser.id}") {
id
email
fullName
email
createdAt
updatedAt
role {
id
name
}
}
}
`;
const response = await requestObject.send({ query }).expect(200);
const expectedResponsePayload = {
data: {
getUser: {
createdAt: (anotherUser.createdAt as Date).getTime().toString(),
email: anotherUser.email,
fullName: anotherUser.fullName,
id: anotherUser.id,
role: { id: role.id, name: role.name },
updatedAt: (anotherUser.updatedAt as Date).getTime().toString(),
},
}, },
}, };
};
expect(response.body).toEqual(expectedResponsePayload); expect(response.body).toEqual(expectedResponsePayload);
}); });
it('should not return user password for a valid user id', async () => { it('should not return user password for a valid user id', async () => {
const query = ` const query = `
query { query {
getUser(id: "${anotherUser.id}") { getUser(id: "${anotherUser.id}") {
id
email
password
}
}
`;
const response = await requestObject.send({ query }).expect(400);
expect(response.body.errors).toBeDefined();
expect(response.body.errors[0].message).toEqual(
'Cannot query field "password" on type "User".'
);
});
it('should return not found for invalid user id', async () => {
const invalidUserId = Crypto.randomUUID();
const query = `
query {
getUser(id: "${invalidUserId}") {
id
email
fullName
email
createdAt
updatedAt
role {
id id
name email
password
} }
} }
} `;
`;
const response = await requestObject.send({ query }).expect(200); const response = await requestObject.send({ query }).expect(400);
expect(response.body.errors).toBeDefined(); expect(response.body.errors).toBeDefined();
expect(response.body.errors[0].message).toEqual('NotFoundError'); expect(response.body.errors[0].message).toEqual(
'Cannot query field "password" on type "User".'
);
});
it('should return not found for invalid user id', async () => {
const invalidUserId = Crypto.randomUUID();
const query = `
query {
getUser(id: "${invalidUserId}") {
id
email
fullName
email
createdAt
updatedAt
role {
id
name
}
}
}
`;
const response = await requestObject.send({ query }).expect(200);
expect(response.body.errors).toBeDefined();
expect(response.body.errors[0].message).toEqual('NotFoundError');
});
}); });
}); });
}); });