From 589dad32df4e7c3f30af308d2e1a46bdd30867d2 Mon Sep 17 00:00:00 2001 From: Jack Date: Fri, 13 Oct 2017 16:17:18 -0400 Subject: [PATCH] Rename test file and add file upload tests --- test/api.js | 336 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ test/test.png | Bin 0 -> 8566 bytes test/user.js | 160 ---------------------------- 3 files changed, 336 insertions(+), 160 deletions(-) create mode 100644 test/api.js create mode 100644 test/test.png delete mode 100644 test/user.js diff --git a/test/api.js b/test/api.js new file mode 100644 index 0000000..f87b096 --- /dev/null +++ b/test/api.js @@ -0,0 +1,336 @@ +process.env.NODE_ENV = 'test'; + +var async = require('async'); + +var mongoose = require('mongoose'); +var User = require('../app/models/User.js'); +var Invite = require('../app/models/Invite.js'); + +var fs = require('fs'); +var path = require('path'); +var chai = require('chai'); +var http = require('chai-http'); +var should = chai.should(); +var app = require('../server'); +var server = app.server; +var db = app.db; + +chai.use(http); + +function register(user, cb) { + chai.request(server) + .post('/api/auth/register') + .send(user) + .end(cb); +} + +function verifySuccessfulRegister(user, done) { + register(user, function (err, res) { + res.should.have.status(200); + res.body.should.be.a('object'); + res.body.should.have.property('token'); + done(); + }); +} + +function verifyFailedUserRegister(user, done) { + register(user, function (err, res) { + res.should.have.status(401); + res.body.should.be.a('object'); + res.body.should.have.property('message').eql('Username in use.'); + done(); + }); +} + +function verifyFailedInviteRegister(user, done) { + register(user, function (err, res) { + res.should.have.status(401); + res.body.should.be.a('object'); + res.body.should.have.property('message').eql('Invalid invite code.'); + done(); + }) +} + + +function login(user, cb) { + chai.request(server) + .post('/api/auth/login') + .send(user) + .end(cb); +} + +function verifySuccessfulLogin(user, done) { + login(user, function (err, res) { + res.should.have.status(200); + res.body.should.be.a('object'); + res.body.should.have.property('token'); + done(); + }); +} + +function verifyFailedUsernameLogin(user, done) { + login(user, function (err, res) { + res.should.have.status(401); + res.body.should.be.a('object'); + res.body.should.have.property('message').eql('Invalid username.'); + done(); + }); +} + +function verifyFailedPasswordLogin(user, done) { + login(user, function (err, res) { + res.should.have.status(401); + res.body.should.be.a('object'); + res.body.should.have.property('message').eql('Invalid password.'); + done(); + }); +} + +function upload(token, cb) { + chai.request(server) + .post('/api/upload') + .attach('file', 'test/test.png') + .set('Authorization', 'Bearer ' + token) + .end(cb); +} + +function loginUpload(user, cb) { + login(user, function(err, res) { + upload(res.body.token, cb); + }); +} + +function verifySuccessfulUpload(user, done) { + loginUpload(user, function(err, res) { + res.should.have.status(200); + res.body.should.have.be.a('object'); + res.body.should.have.property('name'); + res.body.should.have.property('oname'); + res.body.should.have.property('created'); + done(); + }); +} + +function verifyFailedSizeUpload(user, done) { + loginUpload(user, done, function(err, res) { + //TODO + }); +} + +function verifyFailedPermissionUpload(user, done) { + loginUpload(user, function(err, res) { + res.should.have.status(401); + res.body.should.be.a('object'); + res.body.should.have.property('message').eql('Permission error.'); + done(); + }); +} + +function verifyFailedAuthUpload(done) { + async.parallel([ + function(cb) { + upload('bogus', function (err, res) { + res.should.have.status(401); + res.body.should.be.a('object'); + res.body.should.have.property('message').eql('UnauthorizedError: jwt malformed'); + cb(); + }); + }, + function(cb) { + upload('eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.' + + 'eyJpc3MiOiJzaGltYXBhbi5yb2NrcyIsImlhd' + + 'CI6MTUwNzkyNTAyNSwiZXhwIjoxNTM5NDYxMD' + + 'I1LCJhdWQiOiJ3d3cuc2hpbWFwYW4ucm9ja3M' + + 'iLCJzdWIiOiJUZXN0VXNlciIsInVzZXJuYW1l' + + 'IjoiVGVzdFVzZXIiLCJzY29wZSI6ImZpbGUud' + + 'XBsb2FkIn0.e746_BNNuxlbXKESKKYsxl6e5j' + + '8JwmEFxO3zRf66tWo', function(err, res) { + res.should.have.status(401); + res.body.should.be.a('object'); + res.body.should.have.property('message').eql('UnauthorizedError: invalid signature'); + cb(); + }) + } + ], function(err, res) { + if (err) console.log(err); + done(); + }); +} + +before(function (done) { + async.series([ + function (cb) { + db.once('open', function () { + cb(); + }); + }, + function (cb) { + User.remove({}, function (err) { + cb(err); + }); + }, + function (cb) { + Invite.remove({}, function (err) { + cb(err); + }); + }, + function (cb) { + var inv = new Invite(); + inv.code = 'TestCode1'; + inv.scope = ['test.perm']; + inv.save(function (err) { + cb(err); + }); + }, + function (cb) { + var inv = new Invite(); + inv.code = 'TestCode2'; + inv.scope = ['test.perm', 'file.upload']; + inv.save(function (err) { + cb(err); + }); + }, + function (cb) { + var inv = new Invite(); + inv.code = 'TestCode3'; + + var yesterday = new Date(); + yesterday.setDate(yesterday.getDate() - 1); + inv.exp = yesterday; + + inv.scope = ['test.perm', 'file.upload']; + inv.save(function (err) { + cb(err); + }); + } + ], function (err) { + if (err) console.log(err); + done(); + }); +}); + +describe('Users', function () { + describe('/POST register', function () { + it('SHOULD register valid user, valid invite', function (done) { + var user = { + username: 'TestUser1', + password: 'TestPassword', + invite: 'TestCode1' + }; + + verifySuccessfulRegister(user, done); + }); + + it('SHOULD register another valid user, valid invite', function(done) { + var user = { + username: 'TestUser2', + password: 'TestPassword', + invite: 'TestCode2' + }; + + verifySuccessfulRegister(user, done); + }); + + it('SHOULD NOT register invalid user, valid invite', function (done) { + var user = { + username: 'TestUser1', + password: 'TestPassword', + invite: 'TestCode2' + }; + + verifyFailedUserRegister(user, done); + }); + + it('SHOULD NOT register valid user, nonexistant invite', function (done) { + var user = { + username: 'TestUser3', + password: 'TestPassword', + invite: 'bogus' + }; + + verifyFailedInviteRegister(user, done); + }); + + it('SHOULD NOT register valid user, used invite', function (done) { + var user = { + username: 'TestUser3', + password: 'TestPassword', + invite: 'TestCode1' + }; + + verifyFailedInviteRegister(user, done); + }); + + it('SHOULD NOT register valid user, expired invite', function (done) { + var user = { + username: 'TestUser3', + password: 'TestPassword', + invite: 'TestCode3' + }; + + verifyFailedInviteRegister(user, done); + }) + }); + + describe('/POST login', function () { + it('SHOULD accept valid user, valid password', function (done) { + var user = { + username: 'TestUser1', + password: 'TestPassword' + }; + + verifySuccessfulLogin(user, done); + }); + + it('SHOULD NOT accept valid user, invalid password', function (done) { + var user = { + username: 'TestUser1', + password: 'bogus' + }; + + verifyFailedPasswordLogin(user, done); + }); + + it('SHOULD NOT accept invalid user, any password', function (done) { + var user = { + username: 'BogusTestUser', + password: 'bogus' + }; + + verifyFailedUsernameLogin(user, done); + }); + }); + +}); + +describe('Uploads', function () { + describe('/POST upload', function () { + it('SHOULD accept logged in valid upload', function(done) { + var user = { + username: 'TestUser2', + password: 'TestPassword' + }; + + verifySuccessfulUpload(user, done); + }); + + it('SHOULD NOT accept unauthenticated valid upload', function(done) { + verifyFailedAuthUpload(done); + }); + + it('SHOULD NOT accept invalid permission, valid upload', function(done) { + var user = { + username: 'TestUser1', + password: 'TestPassword' + }; + + verifyFailedPermissionUpload(user, done); + }) + }); +}); + +after(function () { + server.close(function () { + process.exit(); + }); +}); diff --git a/test/test.png b/test/test.png new file mode 100644 index 0000000000000000000000000000000000000000..95bcd831801258087ce32b3c57708bf71f8fff21 GIT binary patch literal 8566 zcmZXadpwiz`~UCFN?uNt{gy7d|Nj7+2zPAU|OA77@4!3^MH zTG95mUP*1QM`FLUCNx6a6>H4Q$mhcyS7jnsca$xV)z zy02b)mY<=mFB$5mi<_Im&xKazRr*?Eg1#bZPb}Z2_ieC)(rbo$9w;vKKMgwFs6Z^m zX5IYY8)4r`a50Wt{@^x{bK~M>3d=-uMx{A&Ij(CEqe$YGiOT;OG<@^s;R{50m1kJ| zKD7Tw+oZsJL)Es!^|Z-~1mAo^x83f;0M=b`w%M@1Rer_Y$A8%1uU zd--gh{;d;Mpp};g#F0?PjD9V4*+r$?#h*iHu*Spe>7n|a7WIUqQB=8AZ&Yp;o|)if zr!X3&vh1(4qZ(|I;*Jb+7N3M4?+AD&Ilv=v6 zb2O@GsgYVLWuWGL-EhBLoVu#YrFVG(5JdmdS#RA{WqW$~#64FDobK448FZG6`J2<& zRmCjl!fm$?0ShB0$Kgj+E(PMmXeWEpYQ_(~&5OsoNx!P^NdMHvuE|IxvFk92?tVi^W)P)mT5D8j#O=LlXmZ3f^r z3e?vh+Qaiu1&cpmdSGt@OLXZ?bI$LGhuvu}MS;fOIE;^`+xV)!`5!2)RC{5tERT|x zQq-DyT`}!WM95dJVc(a*?JeaU>K>GHB{G?-^Vh$X(dMo8n|QXu=56IkjsT8)mEDQz z77%jUhb6ZLUN(z4LYZ#!!(4hS`_{I_r8SA2e}uATprOPgBRJo%E_~5XEg4gy_@Hro z8y(fx-!?9C%MQsdTG^VL#$4Hoxlg_en97R?fP0 zezU=;y7uMl6u%Ynn)GN<`_dwmERS<>L|mNxA@)k(=1^(R4Yn19nC3BU-qq&vb7Rd! zMFk+Up!Dmi&TW|thRq$Pd38*}`%UrcATFwLNDaFyAJ2EMwkY2@=||HEjb!cqz7@9C zNy^yFx~?kTyED$cI%buAm~pzo{7(Zq&wW(y>4LC+No?o`X_Xw&sgr5^Kny?bSLmAs zV_J3%>mE+GK-Bo#k0n&^a^;**Evw>;!8f*Tk8Tq>28Wer{aB+pYpp*KnHV6MrrYv2 z)kt+U9=11@(BBB~Vdte_p}Hf?J%M7=_p%jplbyb-mf= z)i5i;rtuj|WnN>3p1ozk&GBk3NjitC~2$|!eGIRRA zqz;-YG~BWHT$AhB$D8Hi z3C;7EE4_r(j@Vd%w)saqG-lm(!-3Vk0v~((90^RJ4pzk&hTyn+->I>!258PLM*jJ&W``*hwz81mW$zAd@{KXaWwTN;nW59%bD4bopG3jRIyz;k% zgu$?J01n%rGIM5+q6(c+O9(lbXyK0BZ9;Zq_`NSQjkVylL)oW`x;L!9t9mi0eKBXp zXV|g1BK}8LP$^np$zc6s==gC69Kuk}?M|IF_~8Lb%84}VJL<1%gh1tLZ7}>-RsCMx zwWq&n`mKW-RWS>XzxvJNrLNziqvz}$F%vSc3+A|e&_oAe-k3;ws_gT_e(uVX+9-Q^ z=H!I`a+>eZsRZ9*i$MD5Vu`gdUQ2L(yHK2Cpx1+yCn1Va*9MA=3^o(IG>JV=hXqRd z^vzz96ebNjV%rxKty{JIK2AQ8k9rr<0(glzMf*m`CGSs(=U>0gZgCBI^y$eS_kviwXQfs5vK_r9=kesX(GIGa05DAruIRJb zPdyZ$y0L8}0#~Yxev_ixFCm3mhj?hMWF%8X@9|vN`9mMy5=iE6zmyh~fCc!Iq!%v6X%ows7x?gHQ# zQVP~N?AQf%3`2XKRe0AZNWI3+gxnYF6TAuj=(pAte}Qucx&WD>Mx)rg^Rpcvto z3v|Fu$e#i7m6MOTu;!L$WMbzdnNGb=WUCd_%5{Z+f%ITcz*AlpDGMxE#nb{)L!NL% z*<(qUZ6$pMptBcfw`ZiJ>Fa#Fza79&QUn10CRo;0AT04J9C&m}`22kUQT-T?VtZ5#0yI58V`fEaS%*I6(yLR0_)SlT3i$zg z*YD%MpsOGmmyAt(?PR4ezy*mjTkpakI|KO+HJbQWA_8pZKEZ(M{ZfStLiO0R#fJd4Wjo@~a>x&q~)$v`*24(I@UmS>zO8?yH}I`dcW>ja^hcg5uK4C`L9wGP?XNs=@Jj zNocz8c5F*)CJL(e9fy4g!CqH784Bo4Jj9El??bRR{b1g}jw3?1zzy>~;>ruWtLk7} zQ~|d}%iui>OICv%hhRNK?I$>$Ayk%WzIu44_(Z5)MhZ4iOKMD{YY_q@ilUwA!qT4= z{Gydb0Wxe!OlUW{gG(sxoQkK39_@^PiC#?YPVs*)GmGyv!X8L2kzwQV1SvJh>;3^W z66(KK1c&Y5O_ju94?Nr^E46g*Ew`+cq3d0q9i)t@yF6bm+aaN6RXo9}nw)oyy<9@O z!Ok^`!4_ai(cNV-%tucaNl(35a(4e6j0un2&jfeLgur!y5AKrI>g&fYEwv}OZeG@G zJNLnL-X@UlyvQj3?1+Tk<1%4iTyG;oC@gWDsY01 zAMnJB(eLTU+|N1m$gI%PFKXhGPK?_6?vR;xdcRyFv4QoHu)ww$b$BE8C%Um%;QM%u$4lpc$FqHodjuZ{QFITc3&{ zO6f*on^`b-9uZ}nU1ju&`YL;A+-{Xe<3q4QdjKc8b-a3%;7YR^sA4M|{WWym zL?wa6JLMK$h6)P%IQ$vLIfQ}_d2pk>w(Y_ZuT~u2ibdObeJ(~5OQXHLEXyt45WIIA zn3d~H-Z6&$t4zCPtP;hf^jlNV0^aNk$j3>Y>wDT~BD1nbu}trpa+nEO7NZK85*hiS z;IRFtYk{20?C#kjW8y|ioA`!;;d)T0syEwr%I%P4cD(pR}3rdC8#Q@_R{o5xr&v6n30 zG<(=l^oa7@DYozQe{v()ua)E(2ft~G;;=ebp%z$==(j;;GNgx3k}qAZi$0i??-MvR z_iT^1bhp*`&rs#$y6F2a-Tz3?8D*oS6^eh`#W-vrF2-;nyGQI~UwCAh^mfbOwMo{M zQF{E`z-FfyaO%W#S;dz7fM1$dVyhi+>&#R~T68)eMPNNi1fTbX?#(Wt>#r<(Jb&g_ zxt#4nqlBOMlVLESj^-*Q{a{gz0?KiaZpm+Qd`C833y!}DNa))vConA!M{o41-@l>b zx^)2p)%+Z!fonD2b@785@W>lXxf`Y;AEg4<_fYjOq^;;&xq0w}E>IlN-aHT$EYV`3 zhb|jz&YI%2KDtf{uG&<|w3iZw&=PG5Nn1`>W~Y#OA7v8fepr3Ih;Vu#lIl0Q^J=8{ z6soy&qVPw306afr%W)^ko9Nlk#}>C6*o{rm_U&t4uezwt^z$tY@*Dirgtc$z{yVBG zw1u9~-Gx)?gBX1qYP`ZFu;1FF4%Q_Wc>qoj9VSlo^2XiCZu3KS+Co>x3AN<6- z{kOXkN~TTW?SGa7_iJa>X}c$aY2AqPrUm+S&}rY`a7-nBh_B>vKDR9Lc?}NBL@x~} z5u?(Z-hFUIsLud7__b%1)ba=m-WM86Bj8fN`$~4x0T8KAip1m$6Wlq8$mN2S75(H$ z&6z68t^${e8xaXbnUq)SMWC|-0|Tc;0_BtGdSUI=iUEcpJECRTy~h2O^{E1Vc>W*I zh-*)IPP}v$=T_d)ZQ4iR1|2@_E)NZi@q^2dDJkeT%7$etNfPX zfR|qxPt<#xYOW8vOz!;T6v2sy(r^fBxl3_--FiacJT}dHeQMEpkL{n|euFFhucf!9 zGXfzy$RbP8fn0kKZ_>K%zw(*Nu3V!MdUBqeT6?8qbF6E_U^hkO22~M^vUY>#kx=4m z(V>^b1j!zw_UX)~pv!i0GAqs}o<*`!*iY41@{Lat!dNgyTu_PDqo(Ni)kS+a1VQit zr}Em?KGrn3vqazmeEoPhx6jd_BPH-WcxQTvcaK3V?4xco+G{^zl;1?pg&$tg{+B=q zVFAb#Y{z}@giQE>+zVn$fbkZtfRSPcf>x3JpK}HR%gDdm;|4t|fc6D92xJmzRmf{@ zgw__!9P0!L=04sM0f(fqS~&x}1j86D0EC&0$@2mxWB{BcH^~bG6}}xpafU_Lt^0j~ zemxg>_anrjlQ4fFa>Ecz$~|tm-N+hHC9)kmXZDehKG=|3TZ|4kF5NCg1g(vHB<|ri;r{3$A;Fjys z$M5@kP*>o_28JtuX~wZnEBIqiuQBW*JP(o^_FTDbU!n^OU~+6X2S_Ok#qH`qJt7wE6i$@W% zajDj`jIu_eN)q4j3qHn!F&e3`8_Q4EAbNU#P7t=m@_e}ya1IWcvT|`UTt8WQt&S!3 zN}AyNFcn3PbuY-q3r5S4Vc6d7Y?Y?tjd4A@x2fsIaQZ>YHyqT*x)Kt5ws<`_s=4s%>VNxfMW~ zL%5)Gjq{zk9dHwq-J)|KHQ`rs*@g&QNMos0wqe%8kNyPq+*+DKi zx-Weq5 z=37o6^w&1ZRm)9kL*LZdIM=PIwlm5e9(93hiQ3e(E z=}ah?#GeKIFg(_^&8&JiMoKr-ymMwt-enH1@X<1foe@J>9+WX92}Nbgy5_N@b-}Vm zJX%p?;t_afICOC%!Hg%MIdTI*40#)pi1ZR+)>hRI`&jdPYk0GV=Is1)1*0*!7RPat zM!QNL|EJN@e)E7ERQkDir-x_AKJCiw*Jnzuq`OnbIJ!_?XMML%IMQ40Z;awlNTf?N zW|N+n%$HMEf=mB+gq@u`#oCd?qRjspP?t#!iwpux)MoC(^X>k+S={yz5v_tyg()S+ zDxb&VrmW(Z_A=ktQygvq<2gq!1jWp8@r}N=u{w|dz~tcCXjy#*KFguKm{wXisA(J% zRAbS_0>$qS4a8I#%C2mbf`DUff-V}^!9kJ5t4cw;!70RbgUBMX9S99>$o+C_aq!`jBxkC@^|a9b z#au6S=2hDj$@4$gIcdhpHUU}W<>!~m=dS-nk&(fWkHJOW`(ridu58=dZ!o)y2JzK6 z0wfXDOS6du2k5~gv(&=6Bx{GF`~QU%SE%4@I-FwQx#D6U{GFdNRwdlXr_seo@OFr) zi=IT<{Qm2GFXONuMi2fN7+}1LiMbm;;u7h(={fg$C>i?~@NE}yJmU`!V^A~Eg zqtVHGL`Og5>&5U>Z3_7RfPC0^oan7Y^%r6rQTE&Zr7x~f zi&sk{+RP9BVY!=Kg74p2&j=YLaE~-RT|VH~mtb4_f3g_Hcd7KBs`)+xW|J#x$z8k! z!?!ExPtPDq#oUE$L66NzA{fiG_YO;cl&XIb2~m*}-+L@;ZuhcMncCli&Haw=O;@A^ zh!?xo7!YrnbqPKHPn#jk;djGep2@kR*=e_Jnr;n0P@ITmZM>i-+LnC%Ao%cG;em&fJGavv z?^@^y=lrW$HwF6gGdLk1zR&{O#QT`mvYK7Ow<}p&yk0yKp0b50IW5N3Eaz0rg2cAf z^M}egVIo}>qF7_zB_Y30=$+X_c6dZl>ISoaOPL;@4BSm|nfB3xL+CiMJvgk1;e9?u--CqTd1!;oUuzDZTKb_}GzE<#Z-~LBp|H~jeNuw0q zw3-|~-L>qTBL~Ua_c%lvh2QZ{?}*)L4CBOo5Gp6qxVB(`3_FGi_|BmXyu*LFnRcdK z2@J+tzMX>!|Ik}-i$uU!&hg{XTO{)OFNthPCmgOA7zQ4(xS1mQ&f9 z1G9P@8sV(*>r>j_S&_xv8^PKfL53`Ty-|hp7;DW10t2YRa3ern5ma1&g&3ZF9AWs) zU}$%bq))XYH##0yE)EAAs$zOw3W+rEo|(`JOh~M38Xo3NO1C|YvFgAQRK2X z4lB7*0is+j-?IYnm_>0ZgXOM~jUWlf%~Cm%QceSz@7X&Lo|0M{PA~Ty9v&LMY-$#x9YAjj~#z$)AIkBCMb)5{W^F2^=SY9ipa8@ zNqqtbTik1tj7Xs$E4N!bqOgCdzW225y`I5tZCqtpr46Y9R3{}QxDE@~X*b>9mKHje z0r)Vemt z&T1Fgnvesv^vY`}54Uv_=DXjDD5xyecO9l+C@cZx#_MfsNjuue@sZ4@s znKU7f$k5$i#`3A-zL47Ek;MkjW-*g(g?ClKIpk+c7F@MxtL9`>d%vOa<%8*~r%xlo zoKF3#+PDyJ*|&V`G9zp(Pt4v7GNixb|(hnOcz_(ul!go70M{+Hux(@JP%} zHxq->4I={TVQrI86Mxqy3vl$Lp*-~Tlo9b8Wnp4<#4r2p&cC0{Ewe|#?{cLs?%BvQ0eL4*qEkQz z)`}*E+o`rqR4+P=O5g27-FQ*gcA_t{TQ(5TS8F@|&Zk4jUd7U|;K2~HN4T2daL2b; z>g0&Z_dNW8*_1