foltik/shimapan
1
0
Fork 0
mirror of https://github.com/Foltik/Shimapan synced 2024-09-21 11:11:22 -04:00
Code Issues Releases Wiki Activity
9be1013bb7
shimapan/test/api.js

166 lines
6.1 KiB
JavaScript
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

process.env.NODE_ENV = 'test';
var async = require('async');
var mongoose = require('mongoose');
var User = require('../app/models/User.js');
var Invite = require('../app/models/Invite.js');
var Upload = require('../app/models/Upload.js');
var chai = require('chai');
var should = chai.should();
var app = require('../server');
var server = app.server;
var util = require('./testUtil.js');
before(util.resetDatabase);
describe('Users', function() {
describe('/POST register', function() {
describe('0 Well Formed Requests', function() {
beforeEach((done) => {
async.series([
util.resetDatabase,
util.createTestInvite
], done);
});
it('MUST register a valid user with a valid invite', function(done) {
util.verifySuccessfulRegister({username: 'user', password: 'pass', invite: 'code'}, done);
});
it('MUST register a username with unicode symbols and a valid invite', function(done) {
util.verifySuccessfulRegister({username: 'ᴮᴵᴳᴮᴵᴿᴰ', password: 'pass', invite: 'code'}, done);
})
});
describe('1 Invalid Invites', function() {
beforeEach(util.resetDatabase);
const verifyRejectedInvite = function(invite, message, done) {
const user = {username: 'user', password: 'pass', invite: invite && invite.code ? invite.code : 'code'};
const create = invite ? util.createInvite : (invite, cb) => cb();
async.series([
(cb) => create(invite, cb),
(cb) => util.verifyFailedRegister(user, message, 401, cb)
], done);
};
it('MUST NOT register a nonexistant invite', function(done) {
verifyRejectedInvite(null, 'Invalid invite code.', done);
});
it('MUST NOT register a used invite', function(done) {
verifyRejectedInvite({used: new Date()}, 'Invite already used.', done);
});
it('MUST NOT register an expired invite', function(done) {
verifyRejectedInvite({exp: new Date()}, 'Invite expired.', done);
})
});
describe('2 Invalid Usernames', function() {
beforeEach((done) => {
async.series([
util.resetDatabase,
(cb) => util.createTestInvites(3, cb)
], done);
});
it('MUST NOT register a duplicate username', function(done) {
const user0 = {username: 'user', password: 'pass', invite: 'code0'};
const user1 = {username: 'user', password: 'diff', invite: 'code1'};
async.series([
(cb) => util.verifySuccessfulRegister(user0, cb),
(cb) => util.verifyFailedRegister(user1, 'Username in use.', 401, cb)
], done);
});
it('MUST NOT register a username with a duplicate canonical name', function(done) {
const user0 = {username: 'bigbird', password: 'pass', invite: 'code0'};
const user1 = {username: 'ᴮᴵᴳᴮᴵᴿᴰ', password: 'diff', invite: 'code1'};
async.series([
(cb) => util.verifySuccessfulRegister(user0, cb),
(cb) => util.verifyFailedRegister(user1, 'Username in use.', 401, cb)
], done);
});
it('MUST NOT register a username containing whitespace', function(done) {
const users = [
{username: 'user name', password: 'pass', invite: 'code0'},
{username: 'user name', password: 'pass', invite: 'code1'},
{username: 'user name', password: 'pass', invite: 'code2'}
];
const failMsg = 'Username contains invalid characters.';
async.each(users, (user, cb) => util.verifyFailedRegister(user, failMsg, 401, cb), done);
});
it('MUST NOT register a username containing HTML', function(done) {
const user = {username: 'user<svg/onload=alert("XSS")>', password: 'pass', invite: 'code0'};
util.verifyFailedRegister(user, 'Username contains invalid characters.', 401, done);
});
});
});
describe('/POST login', function() {
it('SHOULD accept valid user, valid password', function(done) {
util.verifySuccessfulLogin({
username: 'TestUser1',
password: 'TestPassword'
}, done);
});
it('SHOULD NOT accept valid user, invalid password', function(done) {
util.verifyFailedPasswordLogin({
username: 'TestUser1',
password: 'bogus'
}, done);
});
it('SHOULD NOT accept invalid user, any password', function(done) {
util.verifyFailedUsernameLogin({
username: 'BogusTestUser',
password: 'bogus'
}, done);
});
});
});
describe('Uploads', function() {
describe('/POST upload', function() {
it('SHOULD accept logged in valid upload', function(done) {
util.verifySuccessfulUpload({
username: 'TestUser2',
password: 'TestPassword'
}, done);
});
it('SHOULD NOT accept unauthenticated valid upload', function(done) {
util.verifyFailedAuthUpload(done);
});
it('SHOULD NOT accept invalid permission, valid upload', function(done) {
util.verifyFailedPermissionUpload({
username: 'TestUser1',
password: 'TestPassword'
}, done);
});
it('SHOULD NOT accept invalid size upload', function(done) {
util.verifyFailedSizeUpload({
username: 'TestUser2',
password: 'TestPassword'
}, done);
})
});
});
after(function() {
server.close(function() {
process.exit();
});
});
Reference in New Issue View Git Blame Copy Permalink