2014-01-03 13:32:13 -05:00
|
|
|
require '../common'
|
2014-01-15 14:36:59 -05:00
|
|
|
request = require 'request'
|
|
|
|
|
|
|
|
urlUser = '/db/user'
|
2014-01-03 13:32:13 -05:00
|
|
|
|
|
|
|
describe 'POST /db/user', ->
|
2014-01-15 14:36:59 -05:00
|
|
|
|
|
|
|
it 'preparing test : clears the db first', (done) ->
|
2014-01-03 13:32:13 -05:00
|
|
|
clearModels [User], (err) ->
|
|
|
|
throw err if err
|
|
|
|
done()
|
|
|
|
|
|
|
|
it 'converts the password into a hash', (done) ->
|
|
|
|
unittest.getNormalJoe (user) ->
|
|
|
|
expect(user).toBeTruthy()
|
|
|
|
expect(user.get('password')).toBeUndefined()
|
|
|
|
expect(user?.get('passwordHash')).not.toBeUndefined()
|
|
|
|
if user?.get('passwordHash')?
|
2014-01-15 14:36:59 -05:00
|
|
|
expect(user.get('passwordHash')[..5]).toBe('31dc3d')
|
2014-01-03 13:32:13 -05:00
|
|
|
expect(user.get('permissions').length).toBe(0)
|
|
|
|
done()
|
|
|
|
|
|
|
|
it 'serves the user through /db/user/id', (done) ->
|
|
|
|
unittest.getNormalJoe (user) ->
|
2014-01-15 14:36:59 -05:00
|
|
|
url = getURL(urlUser+'/'+user._id)
|
2014-01-03 13:32:13 -05:00
|
|
|
request.get url, (err, res, body) ->
|
|
|
|
expect(res.statusCode).toBe(200)
|
|
|
|
user = JSON.parse(body)
|
|
|
|
expect(user.email).toBe('normal@jo.com')
|
|
|
|
expect(user.passwordHash).toBeUndefined()
|
|
|
|
done()
|
|
|
|
|
|
|
|
it 'creates admins based on passwords', (done) ->
|
|
|
|
request.post getURL('/auth/logout'), ->
|
|
|
|
unittest.getAdmin (user) ->
|
|
|
|
expect(user).not.toBeUndefined()
|
|
|
|
if user
|
|
|
|
expect(user.get('permissions').length).toBe(1)
|
|
|
|
expect(user.get('permissions')[0]).toBe('admin')
|
|
|
|
done()
|
|
|
|
|
|
|
|
it 'does not return the full user object for regular users.', (done) ->
|
|
|
|
loginJoe ->
|
|
|
|
unittest.getAdmin (user) ->
|
|
|
|
|
2014-01-15 14:36:59 -05:00
|
|
|
url = getURL(urlUser+'/'+user._id)
|
2014-01-03 13:32:13 -05:00
|
|
|
request.get url, (err, res, body) ->
|
|
|
|
expect(res.statusCode).toBe(200)
|
|
|
|
user = JSON.parse(body)
|
|
|
|
expect(user.email).toBeUndefined()
|
|
|
|
expect(user.passwordHash).toBeUndefined()
|
|
|
|
done()
|
|
|
|
|
|
|
|
|
|
|
|
describe 'PUT /db/user', ->
|
|
|
|
|
|
|
|
it 'denies requests without any data', (done) ->
|
|
|
|
req = request.post getURL('/auth/logout'),
|
|
|
|
(err, res) ->
|
|
|
|
expect(res.statusCode).toBe(200)
|
2014-01-15 14:36:59 -05:00
|
|
|
req = request.put getURL(urlUser),
|
2014-01-03 13:32:13 -05:00
|
|
|
(err, res) ->
|
|
|
|
expect(res.statusCode).toBe(422)
|
|
|
|
expect(res.body).toBe('No input.')
|
|
|
|
done()
|
|
|
|
|
|
|
|
it 'logs in as normal joe', (done) ->
|
|
|
|
loginJoe -> done()
|
|
|
|
|
|
|
|
it 'denies requests to edit someone who is not joe', (done) ->
|
|
|
|
unittest.getAdmin (admin) ->
|
2014-01-15 14:36:59 -05:00
|
|
|
req = request.put getURL(urlUser),
|
2014-01-03 13:32:13 -05:00
|
|
|
(err, res) ->
|
|
|
|
expect(res.statusCode).toBe(403)
|
|
|
|
done()
|
|
|
|
req.form().append('_id', admin.id)
|
|
|
|
|
|
|
|
it 'denies invalid data', (done) ->
|
|
|
|
unittest.getNormalJoe (joe) ->
|
2014-01-15 14:36:59 -05:00
|
|
|
req = request.put getURL(urlUser),
|
2014-01-03 13:32:13 -05:00
|
|
|
(err, res) ->
|
|
|
|
expect(res.statusCode).toBe(422)
|
|
|
|
expect(res.body.indexOf('too long')).toBeGreaterThan(-1)
|
|
|
|
done()
|
|
|
|
form = req.form()
|
|
|
|
form.append('_id', joe.id)
|
2014-01-09 16:36:06 -05:00
|
|
|
form.append('email', "farghlarghlfarghlarghlfarghlarghlfarghlarghlfarghlarghlfarghlar
|
|
|
|
ghlfarghlarghlfarghlarghlfarghlarghlfarghlarghlfarghlarghlfarghlarghlfarghlarghlfarghlarghl")
|
2014-01-03 13:32:13 -05:00
|
|
|
|
|
|
|
it 'logs in as admin', (done) ->
|
|
|
|
loginAdmin -> done()
|
|
|
|
|
|
|
|
it 'denies non-existent ids', (done) ->
|
2014-01-15 14:36:59 -05:00
|
|
|
req = request.put getURL(urlUser),
|
2014-01-03 13:32:13 -05:00
|
|
|
(err, res) ->
|
|
|
|
expect(res.statusCode).toBe(404)
|
|
|
|
done()
|
|
|
|
form = req.form()
|
|
|
|
form.append('_id', '513108d4cb8b610000000004')
|
|
|
|
form.append('email', "perfectly@good.com")
|
|
|
|
|
|
|
|
it 'denies if the email being changed is already taken', (done) ->
|
|
|
|
unittest.getNormalJoe (joe) ->
|
|
|
|
unittest.getAdmin (admin) ->
|
2014-01-15 14:36:59 -05:00
|
|
|
req = request.put getURL(urlUser), (err, res) ->
|
2014-01-03 13:32:13 -05:00
|
|
|
expect(res.statusCode).toBe(409)
|
|
|
|
expect(res.body.indexOf('already used')).toBeGreaterThan(-1)
|
|
|
|
done()
|
|
|
|
form = req.form()
|
|
|
|
form.append('_id', String(admin._id))
|
|
|
|
form.append('email', joe.get('email').toUpperCase())
|
|
|
|
|
|
|
|
it 'works', (done) ->
|
|
|
|
unittest.getNormalJoe (joe) ->
|
2014-01-15 14:36:59 -05:00
|
|
|
req = request.put getURL(urlUser), (err, res) ->
|
2014-01-03 13:32:13 -05:00
|
|
|
expect(res.statusCode).toBe(200)
|
|
|
|
unittest.getUser('New@email.com', 'null', (joe) ->
|
|
|
|
expect(joe.get('name')).toBe('Wilhelm')
|
|
|
|
expect(joe.get('emailLower')).toBe('new@email.com')
|
|
|
|
expect(joe.get('email')).toBe('New@email.com')
|
|
|
|
done())
|
|
|
|
form = req.form()
|
|
|
|
form.append('_id', String(joe._id))
|
|
|
|
form.append('email', 'New@email.com')
|
|
|
|
form.append('name', 'Wilhelm')
|
|
|
|
|
2014-01-15 14:36:59 -05:00
|
|
|
|
2014-01-03 13:32:13 -05:00
|
|
|
describe 'GET /db/user', ->
|
2014-01-15 14:36:59 -05:00
|
|
|
|
2014-01-03 13:32:13 -05:00
|
|
|
it 'logs in as admin', (done) ->
|
|
|
|
req = request.post(getURL('/auth/login'), (error, response) ->
|
|
|
|
expect(response.statusCode).toBe(200)
|
|
|
|
done()
|
|
|
|
)
|
|
|
|
form = req.form()
|
|
|
|
form.append('username', 'admin@afc.com')
|
|
|
|
form.append('password', '80yqxpb38j')
|
|
|
|
|
2014-01-23 17:06:12 -05:00
|
|
|
it 'get schema', (done) ->
|
|
|
|
request.get {uri:getURL(urlUser+'/schema')}, (err, res, body) ->
|
|
|
|
expect(res.statusCode).toBe(200)
|
|
|
|
body = JSON.parse(body)
|
|
|
|
expect(body.type).toBeDefined()
|
|
|
|
done()
|
|
|
|
|
2014-01-03 13:32:13 -05:00
|
|
|
it 'is able to do a sweet query', (done) ->
|
|
|
|
conditions = [
|
|
|
|
['limit', 20]
|
|
|
|
['where', 'email']
|
|
|
|
['equals', 'admin@afc.com']
|
|
|
|
['sort', '-dateCreated']
|
|
|
|
]
|
|
|
|
options = {
|
2014-01-15 14:36:59 -05:00
|
|
|
url: getURL(urlUser)
|
2014-01-03 13:32:13 -05:00
|
|
|
qs: {
|
|
|
|
conditions: JSON.stringify(conditions)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
req = request.get(options, (error, response) ->
|
|
|
|
expect(response.statusCode).toBe(200)
|
|
|
|
res = JSON.parse(response.body)
|
|
|
|
expect(res.length).toBeGreaterThan(0)
|
|
|
|
done()
|
|
|
|
)
|
|
|
|
|
|
|
|
it 'rejects bad conditions', (done) ->
|
|
|
|
conditions = [
|
|
|
|
['lime', 20]
|
|
|
|
]
|
|
|
|
options = {
|
2014-01-15 14:36:59 -05:00
|
|
|
url: getURL(urlUser)
|
2014-01-03 13:32:13 -05:00
|
|
|
qs: {
|
|
|
|
conditions: JSON.stringify(conditions)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
req = request.get(options, (error, response) ->
|
|
|
|
expect(response.statusCode).toBe(422)
|
|
|
|
done()
|
|
|
|
)
|