const chai = require('chai'); const chaiHttp = require('chai-http'); const express = require('express'); import { SetupApp } from '../../../app'; import * as helpers from '../helpers'; async function init() { chai.use(chaiHttp); const app = express(); const knex = await helpers.initTestDB(); SetupApp(app, knex, ''); // Login as a test user. var agent = chai.request.agent(app); return agent; } describe('Auth registration password and email constraints', () => { it('are enforced', async done => { let req = await init(); try { await helpers.createUser(req, "someone", "password1A!", 400); //no valid email await helpers.createUser(req, "someone@email.com", "password1A", 400); //no special char await helpers.createUser(req, "someone@email.com", "password1!", 400); //no capital letter await helpers.createUser(req, "someone@email.com", "passwordA!", 400); //no number await helpers.createUser(req, "someone@email.com", "Ϭassword1A!", 400); //non-ASCII in password await helpers.createUser(req, "Ϭomeone@email.com", "password1A!", 400); //non-ASCII in email await helpers.createUser(req, "someone@email.com", "pass1A!", 400); //password too short await helpers.createUser(req, "someone@email.com", "password1A!", 200); } finally { req.close(); done(); } }); }); describe('Attempting to register an already registered user', () => { it('should fail', async done => { let req = await init(); try { await helpers.createUser(req, "someone@email.com", "password1A!", 200); await helpers.createUser(req, "someone@email.com", "password1A!", 409); } finally { req.close(); done(); } }); }); describe('Auth login access for users', () => { it('is correctly enforced', async done => { let req = await init(); try { await helpers.createUser(req, "someone@email.com", "password1A!", 200); await helpers.createUser(req, "someoneelse@other.com", "password2B!", 200); await helpers.login(req, "someone@email.com", "password2B!", 401); await helpers.login(req, "someoneelse@other.com", "password1A!", 401); await helpers.login(req, "someone@email.com", "password1A!", 200); await helpers.login(req, "someoneelse@other.com", "password2B!", 200); } finally { req.close(); done(); } }); }); // describe('Auth access to objects', () => { // it('is only possible when logged in', async done => { // let req = await init(); // try { // await helpers.createUser(req, "someone@email.com", "password1A!", 200); // await helpers.login(req, "someone@email.com", "password1A!", 200); // await helpers.createTag(req, { name: "Tag1" }, 200, { id: 1 }); // await helpers.createArtist(req, { name: "Artist1" }, 200, { id: 1} ); // await helpers.createAlbum(req, { name: "Album1" }, 200, { id: 1 }); // await helpers.createSong(req, { title: "Song1" }, 200, { id: 1 }); // await helpers.checkTag(req, 1, 200); // await helpers.checkAlbum(req, 1, 200); // await helpers.checkArtist(req, 1, 200); // await helpers.checkSong(req, 1, 200); // await helpers.logout(req, 200); // await helpers.checkTag(req, 1, 401); // await helpers.checkAlbum(req, 1, 401); // await helpers.checkArtist(req, 1, 401); // await helpers.checkSong(req, 1, 401); // } finally { // req.close(); // done(); // } // }); // }); // describe('Auth access to user objects', () => { // it('is restricted to each user', async done => { // let req = await init(); // try { // await helpers.createUser(req, "someone@email.com", "password1A!", 200); // await helpers.createUser(req, "someoneelse@other.com", "password2B!", 200); // await helpers.login(req, "someone@email.com", "password1A!", 200); // await helpers.createTag(req, { name: "Tag1" }, 200, { id: 1 }); // await helpers.createArtist(req, { name: "Artist1" }, 200, { id: 1} ); // await helpers.createAlbum(req, { name: "Album1" }, 200, { id: 1 }); // await helpers.createSong(req, { title: "Song1" }, 200, { id: 1 }); // await helpers.logout(req, 200); // await helpers.login(req, "someoneelse@other.com", "password2B!", 200); // await helpers.createTag(req, { name: "Tag2" }, 200, { id: 2 }); // await helpers.createArtist(req, { name: "Artist2" }, 200, { id: 2 } ); // await helpers.createAlbum(req, { name: "Album2" }, 200, { id: 2 }); // await helpers.createSong(req, { title: "Song2" }, 200, { id: 2 }); // await helpers.logout(req, 200); // await helpers.login(req, "someone@email.com", "password1A!", 200); // await helpers.checkTag(req, 2, 404); // await helpers.checkAlbum(req, 2, 404); // await helpers.checkArtist(req, 2, 404); // await helpers.checkSong(req, 2, 404); // await helpers.checkTag(req, 1, 200); // await helpers.checkAlbum(req, 1, 200); // await helpers.checkArtist(req, 1, 200); // await helpers.checkSong(req, 1, 200); // await helpers.logout(req, 200); // await helpers.login(req, "someoneelse@other.com", "password2B!", 200); // await helpers.checkTag(req, 1, 404); // await helpers.checkAlbum(req, 1, 404); // await helpers.checkArtist(req, 1, 404); // await helpers.checkSong(req, 1, 404); // await helpers.checkTag(req, 2, 200); // await helpers.checkAlbum(req, 2, 200); // await helpers.checkArtist(req, 2, 200); // await helpers.checkSong(req, 2, 200); // await helpers.logout(req, 200); // } finally { // req.close(); // done(); // } // }); // });