sander
/
MuDBase
1
0
Fork 0
Code Issues 17 Pull Requests Projects 6 Releases Wiki Activity

Add authentication tests.
continuous-integration/drone/push Build is passing
Details

Browse Source
pull/31/head
Sander Vocke 5 years ago
parent 8844b1f390
commit d4e66063ba
6 changed files with 217 additions and 30 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 5
      server/endpoints/AlbumDetails.ts
  2. 5
      server/endpoints/ArtistDetails.ts
  3. 5
      server/endpoints/SongDetails.ts
  4. 7
      server/endpoints/TagDetails.ts
  5. 132
      server/test/integration/flows/AuthFlow.js
  6. 43
      server/test/integration/flows/helpers.js

5
server/endpoints/AlbumDetails.ts
Unescape View File

@ -46,6 +46,7 @@ export const AlbumDetailsEndpointHandler: EndpointHandler = async (req: any, res
await Promise.all([albumPromise, tagIdsPromise, songIdsPromise, artistIdsPromise]); await Promise.all([albumPromise, tagIdsPromise, songIdsPromise, artistIdsPromise]);
// Respond to the request. // Respond to the request.
if (album) {
const response: api.AlbumDetailsResponse = { const response: api.AlbumDetailsResponse = {
name: album['name'], name: album['name'],
artistIds: artists, artistIds: artists,
@ -53,8 +54,10 @@ export const AlbumDetailsEndpointHandler: EndpointHandler = async (req: any, res
songIds: songs, songIds: songs,
storeLinks: asJson(album['storeLinks']), storeLinks: asJson(album['storeLinks']),
}; };
await res.send(response); await res.send(response);
} else {
await res.status(404).send({});
}
} catch (e) { } catch (e) {
catchUnhandledErrors(e); catchUnhandledErrors(e);
} }

5
server/endpoints/ArtistDetails.ts
Unescape View File

@ -25,13 +25,16 @@ export const ArtistDetailsEndpointHandler: EndpointHandler = async (req: any, re
.where({ 'user': userId }) .where({ 'user': userId })
.where({ 'id': req.params.id }); .where({ 'id': req.params.id });
if (results[0]) {
const response: api.ArtistDetailsResponse = { const response: api.ArtistDetailsResponse = {
name: results[0].name, name: results[0].name,
tagIds: tagIds, tagIds: tagIds,
storeLinks: asJson(results[0].storeLinks), storeLinks: asJson(results[0].storeLinks),
} }
await res.send(response); await res.send(response);
} else {
await res.status(404).send({});
}
} catch (e) { } catch (e) {
catchUnhandledErrors(e) catchUnhandledErrors(e)
} }

5
server/endpoints/SongDetails.ts
Unescape View File

@ -50,6 +50,7 @@ export const SongDetailsEndpointHandler: EndpointHandler = async (req: any, res:
const [tags, albums, artists, song] = const [tags, albums, artists, song] =
await Promise.all([tagIdsPromise, albumIdsPromise, artistIdsPromise, songPromise]); await Promise.all([tagIdsPromise, albumIdsPromise, artistIdsPromise, songPromise]);
if (song) {
const response: api.SongDetailsResponse = { const response: api.SongDetailsResponse = {
title: song.title, title: song.title,
tagIds: tags, tagIds: tags,
@ -57,8 +58,10 @@ export const SongDetailsEndpointHandler: EndpointHandler = async (req: any, res:
albumIds: albums, albumIds: albums,
storeLinks: asJson(song.storeLinks), storeLinks: asJson(song.storeLinks),
} }
await res.send(response); await res.send(response);
} else {
await res.status(404).send({});
}
} catch (e) { } catch (e) {
catchUnhandledErrors(e) catchUnhandledErrors(e)
} }

7
server/endpoints/TagDetails.ts
Unescape View File

@ -19,12 +19,15 @@ export const TagDetailsEndpointHandler: EndpointHandler = async (req: any, res:
.where({ 'user': userId }) .where({ 'user': userId })
.where({ 'id': req.params.id }); .where({ 'id': req.params.id });
if (results[0]) {
const response: api.TagDetailsResponse = { const response: api.TagDetailsResponse = {
name: results[0].name, name: results[0].name,
parentId: results[0].parentId, parentId: results[0].parentId || undefined,
} }
await res.send(response); await res.send(response);
} else {
await res.status(404).send({});
}
} catch (e) { } catch (e) {
catchUnhandledErrors(e) catchUnhandledErrors(e)
} }

132
server/test/integration/flows/AuthFlow.js
Unescape View File

@ -0,0 +1,132 @@
const chai = require('chai');
const chaiHttp = require('chai-http');
const express = require('express');
import { SetupApp } from '../../../app';
import * as helpers from './helpers';
async function init() {
chai.use(chaiHttp);
const app = express();
const knex = await helpers.initTestDB();
SetupApp(app, knex, '');
// Login as a test user.
var agent = chai.request.agent(app);
return agent;
}
describe('Auth registration password and email constraints', () => {
it('are enforced', async done => {
let req = await init();
try {
await helpers.createUser(req, "someone", "password1A!", 400); //no valid email
await helpers.createUser(req, "someone@email.com", "password1A", 400); //no special char
await helpers.createUser(req, "someone@email.com", "password1!", 400); //no capital letter
await helpers.createUser(req, "someone@email.com", "passwordA!", 400); //no number
await helpers.createUser(req, "someone@email.com", "Ϭassword1A!", 400); //non-ASCII in password
await helpers.createUser(req, "Ϭomeone@email.com", "password1A!", 400); //non-ASCII in email
await helpers.createUser(req, "someone@email.com", "pass1A!", 400); //password too short
await helpers.createUser(req, "someone@email.com", "password1A!", 200);
} finally {
req.close();
done();
}
});
});
describe('Auth login access for users', () => {
it('is correctly enforced', async done => {
let req = await init();
try {
await helpers.createUser(req, "someone@email.com", "password1A!", 200);
await helpers.createUser(req, "someoneelse@other.com", "password2B!", 200);
await helpers.login(req, "someone@email.com", "password2B!", 401);
await helpers.login(req, "someoneelse@other.com", "password1A!", 401);
await helpers.login(req, "someone@email.com", "password1A!", 200);
await helpers.login(req, "someoneelse@other.com", "password2B!", 200);
} finally {
req.close();
done();
}
});
});
describe('Auth access to objects', () => {
it('is only possible when logged in', async done => {
let req = await init();
try {
await helpers.createUser(req, "someone@email.com", "password1A!", 200);
await helpers.login(req, "someone@email.com", "password1A!", 200);
await helpers.createTag(req, { name: "Tag1" }, 200, { id: 1 });
await helpers.createArtist(req, { name: "Artist1" }, 200, { id: 1} );
await helpers.createAlbum(req, { name: "Album1" }, 200, { id: 1 });
await helpers.createSong(req, { title: "Song1" }, 200, { id: 1 });
await helpers.checkTag(req, 1, 200);
await helpers.checkAlbum(req, 1, 200);
await helpers.checkArtist(req, 1, 200);
await helpers.checkSong(req, 1, 200);
await helpers.logout(req, 200);
await helpers.checkTag(req, 1, 401);
await helpers.checkAlbum(req, 1, 401);
await helpers.checkArtist(req, 1, 401);
await helpers.checkSong(req, 1, 401);
} finally {
req.close();
done();
}
});
});
describe('Auth access to user objects', () => {
it('is restricted to each user', async done => {
let req = await init();
try {
await helpers.createUser(req, "someone@email.com", "password1A!", 200);
await helpers.createUser(req, "someoneelse@other.com", "password2B!", 200);
await helpers.login(req, "someone@email.com", "password1A!", 200);
await helpers.createTag(req, { name: "Tag1" }, 200, { id: 1 });
await helpers.createArtist(req, { name: "Artist1" }, 200, { id: 1} );
await helpers.createAlbum(req, { name: "Album1" }, 200, { id: 1 });
await helpers.createSong(req, { title: "Song1" }, 200, { id: 1 });
await helpers.logout(req, 200);
await helpers.login(req, "someoneelse@other.com", "password2B!", 200);
await helpers.createTag(req, { name: "Tag2" }, 200, { id: 2 });
await helpers.createArtist(req, { name: "Artist2" }, 200, { id: 2 } );
await helpers.createAlbum(req, { name: "Album2" }, 200, { id: 2 });
await helpers.createSong(req, { title: "Song2" }, 200, { id: 2 });
await helpers.logout(req, 200);
await helpers.login(req, "someone@email.com", "password1A!", 200);
await helpers.checkTag(req, 2, 404);
await helpers.checkAlbum(req, 2, 404);
await helpers.checkArtist(req, 2, 404);
await helpers.checkSong(req, 2, 404);
await helpers.checkTag(req, 1, 200);
await helpers.checkAlbum(req, 1, 200);
await helpers.checkArtist(req, 1, 200);
await helpers.checkSong(req, 1, 200);
await helpers.logout(req, 200);
await helpers.login(req, "someoneelse@other.com", "password2B!", 200);
await helpers.checkTag(req, 1, 404);
await helpers.checkAlbum(req, 1, 404);
await helpers.checkArtist(req, 1, 404);
await helpers.checkSong(req, 1, 404);
await helpers.checkTag(req, 2, 200);
await helpers.checkAlbum(req, 2, 200);
await helpers.checkArtist(req, 2, 200);
await helpers.checkSong(req, 2, 200);
await helpers.logout(req, 200);
} finally {
req.close();
done();
}
});
});

43
server/test/integration/flows/helpers.js
Unescape View File

@ -187,3 +187,46 @@ export async function checkAlbum(
expectResponse && expect(res.body).to.deep.equal(expectResponse); expectResponse && expect(res.body).to.deep.equal(expectResponse);
}) })
} }
export async function createUser(
req,
email,
password,
expectStatus = undefined,
expectResponse = undefined,
) {
const res = await req
.post('/register')
.send({
email: email,
password: password,
});
expectStatus && expect(res).to.have.status(expectStatus);
expectResponse && expect(res.body).to.deep.equal(expectResponse);
}
export async function login(
req,
email,
password,
expectStatus = undefined,
expectResponse = undefined,
) {
const res = await req
.post('/login?username=' + encodeURIComponent(email) + '&password=' + encodeURIComponent(password))
.send({});
expectStatus && expect(res).to.have.status(expectStatus);
expectResponse && expect(res.body).to.deep.equal(expectResponse);
}
export async function logout(
req,
expectStatus = undefined,
expectResponse = undefined,
) {
const res = await req
.post('/logout')
.send({});
expectStatus && expect(res).to.have.status(expectStatus);
expectResponse && expect(res.body).to.deep.equal(expectResponse);
}
Write Preview
Loading…
Cancel
Save