budibase/packages/server/src/api/routes/tests/user.spec.js

const {
  testPermissionsForEndpoint,
} = require("./couchTestUtils")
const { BUILTIN_ROLE_IDS } = require("../../../utilities/security/roles")
const TestConfig = require("./utilities/TestConfiguration")
const { cloneDeep } = require("lodash/fp")

const baseBody = {
  email: "bill@bill.com",
  password: "yeeooo",
  roleId: BUILTIN_ROLE_IDS.POWER,
}

describe("/users", () => {
  let request
  let server
  let app
  let appId
  let config

  beforeAll(async () => {
    config = new TestConfig()
    request = config.request
  })

  beforeEach(async () => {
    app = await config.init()
    appId = app.instance._id
  })

  afterAll(() => {
    config.end()
  })

  describe("fetch", () => {
    it("returns a list of users from an instance db", async () => {
      await config.createUser("brenda@brenda.com", "brendas_password")
      await config.createUser("pam@pam.com", "pam_password")
      const res = await request
        .get(`/api/users`)
        .set(config.defaultHeaders())
        .expect("Content-Type", /json/)
        .expect(200)

      expect(res.body.length).toBe(2)
      expect(res.body.find(u => u.email === "brenda@brenda.com")).toBeDefined()
      expect(res.body.find(u => u.email === "pam@pam.com")).toBeDefined()
    })

    it("should apply authorization to endpoint", async () => {
      await config.createUser("brenda@brenda.com", "brendas_password")
      await testPermissionsForEndpoint({
        request,
        method: "GET",
        url: `/api/users`,
        appId: appId,
        passRole: BUILTIN_ROLE_IDS.ADMIN,
        failRole: BUILTIN_ROLE_IDS.PUBLIC,
      })
    })
  })

  describe("create", () => {
    it("returns a success message when a user is successfully created", async () => {
      const body = cloneDeep(baseBody)
      body.email = "bill@budibase.com"
      const res = await request
        .post(`/api/users`)
        .set(defaultHeaders(appId))
        .send(body)
        .expect(200)
        .expect("Content-Type", /json/)

      expect(res.res.statusMessage).toEqual("User created successfully.")
      expect(res.body._id).toBeUndefined()
    })

    it("should apply authorization to endpoint", async () => {
      const body = cloneDeep(baseBody)
      body.email = "brandNewUser@user.com"
      await testPermissionsForEndpoint({
        request,
        method: "POST",
        body,
        url: `/api/users`,
        appId: appId,
        passRole: BUILTIN_ROLE_IDS.ADMIN,
        failRole: BUILTIN_ROLE_IDS.PUBLIC,
      })
    })
  })
})
Initial work into multi-tenancy removal, experiencing issues with test cases at this point. 2020-10-29 09:35:06 +13:00			`const {`
access levels 2020-05-28 04:23:01 +12:00			`testPermissionsForEndpoint,`
server tests in-memory and passing 2020-05-15 02:12:30 +12:00			`} = require("./couchTestUtils")`
Merge branch 'master' of github.com:Budibase/budibase into feature/security-update 2020-12-09 00:42:29 +13:00			`const { BUILTIN_ROLE_IDS } = require("../../../utilities/security/roles")`
refactor user test 2021-03-05 05:54:44 +13:00			`const TestConfig = require("./utilities/TestConfiguration")`
Changing the role system to have permissions integrated rather than the permissions being per user. 2020-12-03 06:08:25 +13:00			`const { cloneDeep } = require("lodash/fp")`

			`const baseBody = {`
Merge branch 'master' of github.com:Budibase/budibase into feature/security-update 2020-12-09 00:42:29 +13:00			`email: "bill@bill.com",`
Changing the role system to have permissions integrated rather than the permissions being per user. 2020-12-03 06:08:25 +13:00			`password: "yeeooo",`
Merge branch 'master' of github.com:Budibase/budibase into feature/security-update 2020-12-09 00:42:29 +13:00			`roleId: BUILTIN_ROLE_IDS.POWER,`
Changing the role system to have permissions integrated rather than the permissions being per user. 2020-12-03 06:08:25 +13:00			`}`
api tests 2020-04-10 03:53:48 +12:00
			`describe("/users", () => {`
server tests in-memory and passing 2020-05-15 02:12:30 +12:00			`let request`
			`let server`
			`let app`
Renaming instanceId -> appId to reduce confusion through the system, there only is one ID now. 2020-10-29 23:28:27 +13:00			`let appId`
refactor user test 2021-03-05 05:54:44 +13:00			`let config`
api tests 2020-04-10 03:53:48 +12:00
			`beforeAll(async () => {`
refactor user test 2021-03-05 05:54:44 +13:00			`config = new TestConfig()`
			`request = config.request`
Changing the role system to have permissions integrated rather than the permissions being per user. 2020-12-03 06:08:25 +13:00			`})`
server tests in-memory and passing 2020-05-15 02:12:30 +12:00
			`beforeEach(async () => {`
refactor user test 2021-03-05 05:54:44 +13:00			`app = await config.init()`
Renaming instanceId -> appId to reduce confusion through the system, there only is one ID now. 2020-10-29 23:28:27 +13:00			`appId = app.instance._id`
Changing the role system to have permissions integrated rather than the permissions being per user. 2020-12-03 06:08:25 +13:00			`})`
api tests 2020-04-10 03:53:48 +12:00
Fixing test cases. 2020-10-29 11:37:58 +13:00			`afterAll(() => {`
refactor user test 2021-03-05 05:54:44 +13:00			`config.end()`
Fixing test cases. 2020-10-29 11:37:58 +13:00			`})`

Initial work into multi-tenancy removal, experiencing issues with test cases at this point. 2020-10-29 09:35:06 +13:00			`describe("fetch", () => {`
server tests in-memory and passing 2020-05-15 02:12:30 +12:00			`it("returns a list of users from an instance db", async () => {`
refactor user test 2021-03-05 05:54:44 +13:00			`await config.createUser("brenda@brenda.com", "brendas_password")`
			`await config.createUser("pam@pam.com", "pam_password")`
server tests in-memory and passing 2020-05-15 02:12:30 +12:00			`const res = await request`
instanceid removal 2020-06-19 03:59:31 +12:00			.get(`/api/users`)
refactor user test 2021-03-05 05:54:44 +13:00			`.set(config.defaultHeaders())`
Merge branch 'master' of github.com:Budibase/budibase into feature/security-update 2020-12-09 00:42:29 +13:00			`.expect("Content-Type", /json/)`
test coverage for user creation 2020-04-11 03:37:59 +12:00			`.expect(200)`
Merge branch 'master' of github.com:Budibase/budibase into feature/security-update 2020-12-09 00:42:29 +13:00
server tests in-memory and passing 2020-05-15 02:12:30 +12:00			`expect(res.body.length).toBe(2)`
email as default user identifier 2020-12-05 01:22:45 +13:00			`expect(res.body.find(u => u.email === "brenda@brenda.com")).toBeDefined()`
			`expect(res.body.find(u => u.email === "pam@pam.com")).toBeDefined()`
server tests in-memory and passing 2020-05-15 02:12:30 +12:00			`})`
fixing tests 2020-04-25 05:02:51 +12:00
access levels 2020-05-28 04:23:01 +12:00			`it("should apply authorization to endpoint", async () => {`
refactor user test 2021-03-05 05:54:44 +13:00			`await config.createUser("brenda@brenda.com", "brendas_password")`
access levels 2020-05-28 04:23:01 +12:00			`await testPermissionsForEndpoint({`
			`request,`
			`method: "GET",`
fixing broken tests 2020-06-19 07:41:37 +12:00			url: `/api/users`,
Renaming instanceId -> appId to reduce confusion through the system, there only is one ID now. 2020-10-29 23:28:27 +13:00			`appId: appId,`
Changing the role system to have permissions integrated rather than the permissions being per user. 2020-12-03 06:08:25 +13:00			`passRole: BUILTIN_ROLE_IDS.ADMIN,`
			`failRole: BUILTIN_ROLE_IDS.PUBLIC,`
access levels 2020-05-28 04:23:01 +12:00			`})`
			`})`
server tests in-memory and passing 2020-05-15 02:12:30 +12:00			`})`
test coverage for user creation 2020-04-11 03:37:59 +12:00
server tests in-memory and passing 2020-05-15 02:12:30 +12:00			`describe("create", () => {`
			`it("returns a success message when a user is successfully created", async () => {`
Changing the role system to have permissions integrated rather than the permissions being per user. 2020-12-03 06:08:25 +13:00			`const body = cloneDeep(baseBody)`
Merge branch 'username-email' of github.com:Budibase/budibase into feature/security-update 2020-12-08 07:08:20 +13:00			`body.email = "bill@budibase.com"`
server tests in-memory and passing 2020-05-15 02:12:30 +12:00			`const res = await request`
fixing broken tests 2020-06-19 07:41:37 +12:00			.post(`/api/users`)
Renaming instanceId -> appId to reduce confusion through the system, there only is one ID now. 2020-10-29 23:28:27 +13:00			`.set(defaultHeaders(appId))`
Changing the role system to have permissions integrated rather than the permissions being per user. 2020-12-03 06:08:25 +13:00			`.send(body)`
api tests 2020-04-10 03:53:48 +12:00			`.expect(200)`
Merge branch 'master' of github.com:Budibase/budibase into feature/security-update 2020-12-09 00:42:29 +13:00			`.expect("Content-Type", /json/)`
server tests in-memory and passing 2020-05-15 02:12:30 +12:00
Changing the role system to have permissions integrated rather than the permissions being per user. 2020-12-03 06:08:25 +13:00			`expect(res.res.statusMessage).toEqual("User created successfully.")`
server tests in-memory and passing 2020-05-15 02:12:30 +12:00			`expect(res.body._id).toBeUndefined()`
			`})`
access levels 2020-05-28 04:23:01 +12:00
			`it("should apply authorization to endpoint", async () => {`
Changing the role system to have permissions integrated rather than the permissions being per user. 2020-12-03 06:08:25 +13:00			`const body = cloneDeep(baseBody)`
Merge branch 'username-email' of github.com:Budibase/budibase into feature/security-update 2020-12-08 07:08:20 +13:00			`body.email = "brandNewUser@user.com"`
access levels 2020-05-28 04:23:01 +12:00			`await testPermissionsForEndpoint({`
			`request,`
			`method: "POST",`
Changing the role system to have permissions integrated rather than the permissions being per user. 2020-12-03 06:08:25 +13:00			`body,`
fixing broken tests 2020-06-19 07:41:37 +12:00			url: `/api/users`,
Renaming instanceId -> appId to reduce confusion through the system, there only is one ID now. 2020-10-29 23:28:27 +13:00			`appId: appId,`
Changing the role system to have permissions integrated rather than the permissions being per user. 2020-12-03 06:08:25 +13:00			`passRole: BUILTIN_ROLE_IDS.ADMIN,`
			`failRole: BUILTIN_ROLE_IDS.PUBLIC,`
access levels 2020-05-28 04:23:01 +12:00			`})`
			`})`
Changing the role system to have permissions integrated rather than the permissions being per user. 2020-12-03 06:08:25 +13:00			`})`
server tests in-memory and passing 2020-05-15 02:12:30 +12:00			`})`