budibase/packages/server/src/api/routes/tests/user.spec.js

const {
  createApplication,
  supertest,
  defaultHeaders,
  createUser,
  testPermissionsForEndpoint,
} = require("./couchTestUtils")
const {
  BUILTIN_ROLE_IDS,
} = require("../../../utilities/security/roles")
const { cloneDeep } = require("lodash/fp")

const baseBody = {
  password: "yeeooo",
  roleId: BUILTIN_ROLE_IDS.POWER
}

describe("/users", () => {
  let request
  let server
  let app
  let appId

  beforeAll(async () => {
    ({ request, server } = await supertest(server))
  })

  beforeEach(async () => {
    app = await createApplication(request)
    appId = app.instance._id
  })

  afterAll(() => {
    server.close()
    server.destroy()
  })

  describe("fetch", () => {
    it("returns a list of users from an instance db", async () => {
      await createUser(request, appId, "brenda@brenda.com", "brendas_password")
      await createUser(request, appId, "pam@pam.com", "pam_password")
      const res = await request
        .get(`/api/users`)
        .set(defaultHeaders(appId))
        .expect('Content-Type', /json/)
        .expect(200)
      
      expect(res.body.length).toBe(2)
      expect(res.body.find(u => u.email === "brenda@brenda.com")).toBeDefined()
      expect(res.body.find(u => u.email === "pam@pam.com")).toBeDefined()
    })

    it("should apply authorization to endpoint", async () => {
      await createUser(request, appId, "brenda", "brendas_password")
      await testPermissionsForEndpoint({
        request,
        method: "GET",
        url: `/api/users`,
        appId: appId,
        passRole: BUILTIN_ROLE_IDS.ADMIN,
        failRole: BUILTIN_ROLE_IDS.PUBLIC,
      })
    })

  })

  describe("create", () => {
    it("returns a success message when a user is successfully created", async () => {
      const body = cloneDeep(baseBody)
      body.email = "bill@budibase.com"
      const res = await request
        .post(`/api/users`)
        .set(defaultHeaders(appId))
        .send(body)
        .expect(200)
        .expect('Content-Type', /json/)

      expect(res.res.statusMessage).toEqual("User created successfully.")
      expect(res.body._id).toBeUndefined()
    })

    it("should apply authorization to endpoint", async () => {
      const body = cloneDeep(baseBody)
      body.email = "brandNewUser@user.com"
      await testPermissionsForEndpoint({
        request,
        method: "POST",
        body,
        url: `/api/users`,
        appId: appId,
        passRole: BUILTIN_ROLE_IDS.ADMIN,
        failRole: BUILTIN_ROLE_IDS.PUBLIC,
      })
    })
  })
})
Initial work into multi-tenancy removal, experiencing issues with test cases at this point. 2020-10-29 09:35:06 +13:00			`const {`
server tests in-memory and passing 2020-05-15 02:12:30 +12:00			`createApplication,`
			`supertest,`
			`defaultHeaders,`
			`createUser,`
access levels 2020-05-28 04:23:01 +12:00			`testPermissionsForEndpoint,`
server tests in-memory and passing 2020-05-15 02:12:30 +12:00			`} = require("./couchTestUtils")`
Tests failing but starting to progress. 2020-11-13 06:06:55 +13:00			`const {`
Changing the naming of access levels to be roles. 2020-12-03 02:20:56 +13:00			`BUILTIN_ROLE_IDS,`
			`} = require("../../../utilities/security/roles")`
Changing the role system to have permissions integrated rather than the permissions being per user. 2020-12-03 06:08:25 +13:00			`const { cloneDeep } = require("lodash/fp")`

			`const baseBody = {`
			`password: "yeeooo",`
			`roleId: BUILTIN_ROLE_IDS.POWER`
			`}`
api tests 2020-04-10 03:53:48 +12:00
			`describe("/users", () => {`
server tests in-memory and passing 2020-05-15 02:12:30 +12:00			`let request`
			`let server`
			`let app`
Renaming instanceId -> appId to reduce confusion through the system, there only is one ID now. 2020-10-29 23:28:27 +13:00			`let appId`
api tests 2020-04-10 03:53:48 +12:00
			`beforeAll(async () => {`
server tests in-memory and passing 2020-05-15 02:12:30 +12:00			`({ request, server } = await supertest(server))`
Changing the role system to have permissions integrated rather than the permissions being per user. 2020-12-03 06:08:25 +13:00			`})`
server tests in-memory and passing 2020-05-15 02:12:30 +12:00
			`beforeEach(async () => {`
Initial work into multi-tenancy removal, experiencing issues with test cases at this point. 2020-10-29 09:35:06 +13:00			`app = await createApplication(request)`
Renaming instanceId -> appId to reduce confusion through the system, there only is one ID now. 2020-10-29 23:28:27 +13:00			`appId = app.instance._id`
Changing the role system to have permissions integrated rather than the permissions being per user. 2020-12-03 06:08:25 +13:00			`})`
api tests 2020-04-10 03:53:48 +12:00
Fixing test cases. 2020-10-29 11:37:58 +13:00			`afterAll(() => {`
			`server.close()`
			`server.destroy()`
			`})`

Initial work into multi-tenancy removal, experiencing issues with test cases at this point. 2020-10-29 09:35:06 +13:00			`describe("fetch", () => {`
server tests in-memory and passing 2020-05-15 02:12:30 +12:00			`it("returns a list of users from an instance db", async () => {`
email as default user identifier 2020-12-05 01:22:45 +13:00			`await createUser(request, appId, "brenda@brenda.com", "brendas_password")`
			`await createUser(request, appId, "pam@pam.com", "pam_password")`
server tests in-memory and passing 2020-05-15 02:12:30 +12:00			`const res = await request`
instanceid removal 2020-06-19 03:59:31 +12:00			.get(`/api/users`)
Renaming instanceId -> appId to reduce confusion through the system, there only is one ID now. 2020-10-29 23:28:27 +13:00			`.set(defaultHeaders(appId))`
test coverage for user creation 2020-04-11 03:37:59 +12:00			`.expect('Content-Type', /json/)`
			`.expect(200)`
server tests in-memory and passing 2020-05-15 02:12:30 +12:00
			`expect(res.body.length).toBe(2)`
email as default user identifier 2020-12-05 01:22:45 +13:00			`expect(res.body.find(u => u.email === "brenda@brenda.com")).toBeDefined()`
			`expect(res.body.find(u => u.email === "pam@pam.com")).toBeDefined()`
server tests in-memory and passing 2020-05-15 02:12:30 +12:00			`})`
fixing tests 2020-04-25 05:02:51 +12:00
access levels 2020-05-28 04:23:01 +12:00			`it("should apply authorization to endpoint", async () => {`
Renaming instanceId -> appId to reduce confusion through the system, there only is one ID now. 2020-10-29 23:28:27 +13:00			`await createUser(request, appId, "brenda", "brendas_password")`
access levels 2020-05-28 04:23:01 +12:00			`await testPermissionsForEndpoint({`
			`request,`
			`method: "GET",`
fixing broken tests 2020-06-19 07:41:37 +12:00			url: `/api/users`,
Renaming instanceId -> appId to reduce confusion through the system, there only is one ID now. 2020-10-29 23:28:27 +13:00			`appId: appId,`
Changing the role system to have permissions integrated rather than the permissions being per user. 2020-12-03 06:08:25 +13:00			`passRole: BUILTIN_ROLE_IDS.ADMIN,`
			`failRole: BUILTIN_ROLE_IDS.PUBLIC,`
access levels 2020-05-28 04:23:01 +12:00			`})`
			`})`

server tests in-memory and passing 2020-05-15 02:12:30 +12:00			`})`
test coverage for user creation 2020-04-11 03:37:59 +12:00
server tests in-memory and passing 2020-05-15 02:12:30 +12:00			`describe("create", () => {`
			`it("returns a success message when a user is successfully created", async () => {`
Changing the role system to have permissions integrated rather than the permissions being per user. 2020-12-03 06:08:25 +13:00			`const body = cloneDeep(baseBody)`
Merge branch 'username-email' of github.com:Budibase/budibase into feature/security-update 2020-12-08 07:08:20 +13:00			`body.email = "bill@budibase.com"`
server tests in-memory and passing 2020-05-15 02:12:30 +12:00			`const res = await request`
fixing broken tests 2020-06-19 07:41:37 +12:00			.post(`/api/users`)
Renaming instanceId -> appId to reduce confusion through the system, there only is one ID now. 2020-10-29 23:28:27 +13:00			`.set(defaultHeaders(appId))`
Changing the role system to have permissions integrated rather than the permissions being per user. 2020-12-03 06:08:25 +13:00			`.send(body)`
api tests 2020-04-10 03:53:48 +12:00			`.expect(200)`
server tests in-memory and passing 2020-05-15 02:12:30 +12:00			`.expect('Content-Type', /json/)`

Changing the role system to have permissions integrated rather than the permissions being per user. 2020-12-03 06:08:25 +13:00			`expect(res.res.statusMessage).toEqual("User created successfully.")`
server tests in-memory and passing 2020-05-15 02:12:30 +12:00			`expect(res.body._id).toBeUndefined()`
			`})`
access levels 2020-05-28 04:23:01 +12:00
			`it("should apply authorization to endpoint", async () => {`
Changing the role system to have permissions integrated rather than the permissions being per user. 2020-12-03 06:08:25 +13:00			`const body = cloneDeep(baseBody)`
Merge branch 'username-email' of github.com:Budibase/budibase into feature/security-update 2020-12-08 07:08:20 +13:00			`body.email = "brandNewUser@user.com"`
access levels 2020-05-28 04:23:01 +12:00			`await testPermissionsForEndpoint({`
			`request,`
			`method: "POST",`
Changing the role system to have permissions integrated rather than the permissions being per user. 2020-12-03 06:08:25 +13:00			`body,`
fixing broken tests 2020-06-19 07:41:37 +12:00			url: `/api/users`,
Renaming instanceId -> appId to reduce confusion through the system, there only is one ID now. 2020-10-29 23:28:27 +13:00			`appId: appId,`
Changing the role system to have permissions integrated rather than the permissions being per user. 2020-12-03 06:08:25 +13:00			`passRole: BUILTIN_ROLE_IDS.ADMIN,`
			`failRole: BUILTIN_ROLE_IDS.PUBLIC,`
access levels 2020-05-28 04:23:01 +12:00			`})`
			`})`
Changing the role system to have permissions integrated rather than the permissions being per user. 2020-12-03 06:08:25 +13:00			`})`
server tests in-memory and passing 2020-05-15 02:12:30 +12:00			`})`