1
0
mirror of https://github.com/Foltik/Shimapan synced 2025-01-07 08:42:49 -05:00

Redo users api route and add tests

This commit is contained in:
Jack Foltz 2018-08-13 05:52:54 -04:00
parent b8d40032ca
commit cbebe2b003
Signed by: foltik
GPG Key ID: 303F88F996E95541
3 changed files with 156 additions and 25 deletions

View File

@ -1,33 +1,59 @@
var express = require('express');
var router = express.Router();
const express = require('express');
const router = express.Router();
var User = require('../../models/User.js');
const ModelPath = '../../models/';
const User = require(ModelPath + 'User.js');
var requireScope = function (perm) {
return function(req, res, next) {
User.findOne({username: req.session.passport.user}, function(err, user) {
if (err) throw err;
if (user.scope.indexOf(perm) === -1)
res.status(400).json({'message': 'No permission.'});
else
next();
});
}
};
const wrap = require('../../util/wrap');
const bodyVerifier = require('../../util/verifyBody').bodyVerifier;
const requireAuth = require('../../util/auth').requireAuth;
router.get('/get', requireScope('users.view'), function (req, res, next) {
var query = {};
const getParams = [
{name: 'username', type: 'string', optional: true},
{name: 'displayname', type: 'string', optional: true}];
router.get('/get', requireAuth('user.get'), bodyVerifier(getParams), wrap(async (req, res) => {
let query = {};
if (req.body.username)
query.username = req.body.username;
User.find(query, function (err, users) {
if (err) {
next(err)
} else {
if (req.body.displayname)
query.displayname = req.body.displayname;
//const users = User.find(query, 'username displayname scope uploadCount uploadSize date banned');
const users = await User.find(query);
res.status(200).json(users);
}
})
});
}));
const banParams = [{name: 'username', type: 'string'}];
router.post('/ban', requireAuth('user.ban'), bodyVerifier(banParams), wrap(async (req, res) => {
const user = await User.findOne({username: req.body.username});
if (!user)
return res.status(422).json({message: 'User not found.'});
if (user.banned)
return res.status(422).json({message: 'User already banned.'});
user.banned = true;
await user.save();
res.status(200).json({message: 'User banned.'});
}));
const unbanParams = [{name: 'username', type: 'string'}];
router.post('/unban', requireAuth('user.unban'), bodyVerifier(unbanParams), wrap(async (req, res) => {
const user = await User.findOne({username: req.body.username});
if (!user)
return res.status(422).json({message: 'User not found.'});
if (!user.banned)
return res.status(422).json({message: 'User not banned.'});
user.banned = false;
await user.save();
res.status(200).json({message: 'User unbanned.'});
}));
module.exports = router;

View File

@ -776,4 +776,95 @@ describe('Keys', () => {
});
});
describe('Users', () => {
describe('/GET get', () => {
beforeEach(() => Promise.all([
Promise.all([
util.insertInvite({code: 'test1', scope: ['file.upload'], issuer: 'Mocha'}),
util.insertInvite({code: 'test2', scope: ['file.upload'], issuer: 'Mocha'})
]),
Promise.all([
util.registerUser({displayname: 'user1', password: 'pass', invite: 'test1'}, agent),
util.registerUser({displayname: 'user2', password: 'pass', invite: 'test2'}, agent)
])
]));
async function verifyGetUsers(res, users) {
res.should.have.status(200);
res.body.should.be.a('Array');
res.body.map(user => user.username).sort().should.deep.equal(users.sort());
}
describe('0 Valid Request', () => {
it('must get all users with an empty query', async () => {
await util.createSession(agent, ['user.get'], 'admin');
const res = await util.getUsers({}, agent);
return verifyGetUsers(res, ['user1', 'user2', 'admin']);
});
it('must filter users by username', async () => {
await util.createSession(agent, ['user.get'], 'admin');
const res = await util.getUsers({username: 'user1'}, agent);
return verifyGetUsers(res, ['user1']);
});
it('must filter users by displayname', async () => {
await util.createSession(agent, ['user.get'], 'admin');
const res = await util.getUsers({displayname: 'user1'}, agent);
return verifyGetUsers(res, ['user1']);
});
it('must return an empty array when no users were found', async () => {
await util.createSession(agent, ['user.get'], 'admin');
const res = await util.getUsers({username: 'abc'}, agent);
return verifyGetUsers(res, []);
});
});
});
describe('/POST ban/unban', () => {
beforeEach(async () => {
await util.insertInvite({code: 'test1', scope: ['file.upload'], issuer: 'Mocha'});
await util.registerUser({displayname: 'user', password: 'pass', invite: 'test1'}, agent);
});
async function verifyBanned(res, statusCode, message, username, banStatus) {
util.verifyResponse(res, statusCode, message);
const user = await User.findOne({username: username});
user.should.exist;
user.should.have.property('banned').equal(banStatus, 'The user should have banned status ' + banStatus);
}
describe('0 Valid Request', () => {
it('must ban a not banned user', async () => {
await util.createSession(agent, ['user.ban'], 'admin');
const res = await util.ban('user', agent);
return verifyBanned(res, 200, 'User banned.', 'user', true);
});
it('must unban a banned user', async () => {
await util.setBanned('user', true);
await util.createSession(agent, ['user.unban'], 'admin');
const res = await util.unban('user', agent);
return verifyBanned(res, 200, 'User unbanned.', 'user', false);
});
});
describe('1 Already Requested Ban Status', () => {
it('must not ban an already banned user', async () => {
await util.setBanned('user', true);
await util.createSession(agent, ['user.ban'], 'admin');
const res = await util.ban('user', agent);
return verifyBanned(res, 422, 'User already banned.', 'user', true);
});
it('must not unban a not banned user', async () => {
await util.createSession(agent, ['user.unban'], 'admin');
const res = await util.unban('user', agent);
return verifyBanned(res, 422, 'User not banned.', 'user', false);
});
});
});
});
after(() => server.close(() => process.exit(0)));

View File

@ -187,3 +187,17 @@ exports.binaryFileParser = (res, cb) => {
exports.view = (id, agent) =>
agent.get('/v/' + id)
.buffer();
//---------------- Users ----------------//
exports.getUsers = (query, agent) =>
agent.get('/api/users/get')
.send(query);
exports.ban = (username, agent) =>
agent.post('/api/users/ban')
.send({username: username});
exports.unban = (username, agent) =>
agent.post('/api/users/unban')
.send({username: username});