codecombat/test/server/functional/user.spec.coffee

require '../common'
request = require 'request'
User = require '../../../server/users/User'

urlUser = '/db/user'

describe 'Server user object', ->

  it 'uses the schema defaults to fill in email preferences', (done) ->
    user = new User()
    expect(user.isEmailSubscriptionEnabled('generalNews')).toBeTruthy()
    expect(user.isEmailSubscriptionEnabled('anyNotes')).toBeTruthy()
    expect(user.isEmailSubscriptionEnabled('recruitNotes')).toBeTruthy()
    expect(user.isEmailSubscriptionEnabled('archmageNews')).toBeFalsy()
    done()

  it 'uses old subs if they\'re around', (done) ->
    user = new User()
    user.set 'emailSubscriptions', ['tester']
    expect(user.isEmailSubscriptionEnabled('adventurerNews')).toBeTruthy()
    expect(user.isEmailSubscriptionEnabled('generalNews')).toBeFalsy()
    done()

  it 'maintains the old subs list if it\'s around', (done) ->
    user = new User()
    user.set 'emailSubscriptions', ['tester']
    user.setEmailSubscription('artisanNews', true)
    expect(JSON.stringify(user.get('emailSubscriptions'))).toBe(JSON.stringify(['tester', 'level_creator']))
    done()

describe 'User.updateMailChimp', ->
  makeMC = (callback) ->
    GLOBAL.mc =
      lists:
        subscribe: callback

  it 'uses emails to determine what to send to MailChimp', (done) ->
    makeMC (params) ->
      expect(JSON.stringify(params.merge_vars.groupings[0].groups)).toBe(JSON.stringify(['Announcements']))
      done()

    user = new User({emailSubscriptions: ['announcement'], email: 'tester@gmail.com'})
    User.updateMailChimp(user)

describe 'POST /db/user', ->

  createAnonNameUser = (name, done)->
    request.post getURL('/auth/logout'), ->
      request.get getURL('/auth/whoami'), ->
        req = request.post(getURL('/db/user'), (err, response) ->
          expect(response.statusCode).toBe(200)
          request.get getURL('/auth/whoami'), (request, response, body) ->
            res = JSON.parse(response.body)
            expect(res.anonymous).toBeTruthy()
            expect(res.name).toEqual(name)
            done()
        )
        form = req.form()
        form.append('name', name)

  it 'preparing test : clears the db first', (done) ->
    clearModels [User], (err) ->
      throw err if err
      done()

  it 'converts the password into a hash', (done) ->
    unittest.getNormalJoe (user) ->
      expect(user).toBeTruthy()
      expect(user.get('password')).toBeUndefined()
      expect(user?.get('passwordHash')).not.toBeUndefined()
      if user?.get('passwordHash')?
        expect(user.get('passwordHash')[..5]).toBe('31dc3d')
        expect(user.get('permissions').length).toBe(0)
      done()

  it 'serves the user through /db/user/id', (done) ->
    unittest.getNormalJoe (user) ->
      url = getURL(urlUser+'/'+user._id)
      request.get url, (err, res, body) ->
        expect(res.statusCode).toBe(200)
        user = JSON.parse(body)
        expect(user.email).toBe('normal@jo.com')
        expect(user.passwordHash).toBeUndefined()
        done()

  it 'creates admins based on passwords', (done) ->
    request.post getURL('/auth/logout'), ->
      unittest.getAdmin (user) ->
        expect(user).not.toBeUndefined()
        if user
          expect(user.get('permissions').length).toBe(1)
          expect(user.get('permissions')[0]).toBe('admin')
        done()

  it 'does not return the full user object for regular users.', (done) ->
    loginJoe ->
      unittest.getAdmin (user) ->

        url = getURL(urlUser+'/'+user._id)
        request.get url, (err, res, body) ->
          expect(res.statusCode).toBe(200)
          user = JSON.parse(body)
          expect(user.email).toBeUndefined()
          expect(user.passwordHash).toBeUndefined()
          done()

  it 'should allow setting anonymous user name', (done) ->
    createAnonNameUser('Jim', done)

  it 'should allow multiple anonymous users with same name', (done) ->
    createAnonNameUser('Jim', done)

  it 'should allow setting existing user name to anonymous user', (done) ->
    req = request.post(getURL('/db/user'), (err, response, body) ->
      expect(response.statusCode).toBe(200)
      request.get getURL('/auth/whoami'), (request, response, body) ->
        res = JSON.parse(response.body)
        expect(res.anonymous).toBeFalsy()
        createAnonNameUser 'Jim', done
    )
    form = req.form()
    form.append('email', 'new@user.com')
    form.append('password', 'new')

describe 'PUT /db/user', ->

  it 'logs in as normal joe', (done) ->
    request.post getURL('/auth/logout'),
      loginJoe -> done()

  it 'denies requests without any data', (done) ->
    request.put getURL(urlUser),
      (err, res) ->
        expect(res.statusCode).toBe(422)
        expect(res.body).toBe('No input.')
        done()

  it 'denies requests to edit someone who is not joe', (done) ->
    unittest.getAdmin (admin) ->
      req = request.put getURL(urlUser),
      (err, res) ->
        expect(res.statusCode).toBe(403)
        done()
      req.form().append('_id', admin.id)

  it 'denies invalid data', (done) ->
    unittest.getNormalJoe (joe) ->
      req = request.put getURL(urlUser),
      (err, res) ->
        expect(res.statusCode).toBe(422)
        expect(res.body.indexOf('too long')).toBeGreaterThan(-1)
        done()
      form = req.form()
      form.append('_id', joe.id)
      form.append('email', 'farghlarghlfarghlarghlfarghlarghlfarghlarghlfarghlarghlfarghlar
ghlfarghlarghlfarghlarghlfarghlarghlfarghlarghlfarghlarghlfarghlarghlfarghlarghlfarghlarghl')

  it 'logs in as admin', (done) ->
    loginAdmin -> done()

  it 'denies non-existent ids', (done) ->
    req = request.put getURL(urlUser),
    (err, res) ->
      expect(res.statusCode).toBe(404)
      done()
    form = req.form()
    form.append('_id', '513108d4cb8b610000000004')
    form.append('email', 'perfectly@good.com')

  it 'denies if the email being changed is already taken', (done) ->
    unittest.getNormalJoe (joe) ->
      unittest.getAdmin (admin) ->
        req = request.put getURL(urlUser), (err, res) ->
          expect(res.statusCode).toBe(409)
          expect(res.body.indexOf('already used')).toBeGreaterThan(-1)
          done()
        form = req.form()
        form.append('_id', String(admin._id))
        form.append('email', joe.get('email').toUpperCase())

  it 'does not care if you include your existing name', (done) ->
    unittest.getNormalJoe (joe) ->
      req = request.put getURL(urlUser+'/'+joe._id), (err, res) ->
        expect(res.statusCode).toBe(200)
        done()
      form = req.form()
      form.append('_id', String(joe._id))
      form.append('name', 'Joe')

  it 'accepts name and email changes', (done) ->
    unittest.getNormalJoe (joe) ->
      req = request.put getURL(urlUser), (err, res) ->
        expect(res.statusCode).toBe(200)
        unittest.getUser('Wilhelm', 'New@email.com', 'null', (joe) ->
          expect(joe.get('name')).toBe('Wilhelm')
          expect(joe.get('emailLower')).toBe('new@email.com')
          expect(joe.get('email')).toBe('New@email.com')
          done())
      form = req.form()
      form.append('_id', String(joe._id))
      form.append('email', 'New@email.com')
      form.append('name', 'Wilhelm')

  it 'should not allow two users with the same name slug', (done) ->
    loginSam (sam) ->
      samsName = sam.get 'name'
      sam.set 'name', 'admin'
      request.put {uri:getURL(urlUser + '/' + sam.id), json: sam.toObject()}, (err, response) ->
        expect(err).toBeNull()
        expect(response.statusCode).toBe 409

        sam.set 'name', samsName
        done()

  it 'should silently rename an anonymous user if their name conflicts upon signup', (done) ->
    request.post getURL('/auth/logout'), ->
      request.get getURL('/auth/whoami'), ->
        req = request.post getURL('/db/user'), (err, response) ->
          expect(response.statusCode).toBe(200)
          request.get getURL('/auth/whoami'), (err, response) ->
            expect(err).toBeNull()
            guy = JSON.parse(response.body)
            expect(guy.anonymous).toBeTruthy()
            expect(guy.name).toEqual 'admin'

            guy.email = 'blub@blub' # Email means registration
            req = request.post {url: getURL('/db/user'), json: guy}, (err, response) ->
              expect(err).toBeNull()
              finalGuy = response.body
              expect(finalGuy.anonymous).toBeFalsy()
              expect(finalGuy.name).not.toEqual guy.name
              expect(finalGuy.name.length).toBe guy.name.length + 1
              done()
        form = req.form()
        form.append('name', 'admin')

describe 'GET /db/user', ->

  it 'logs in as admin', (done) ->
    req = request.post(getURL('/auth/login'), (error, response) ->
      expect(response.statusCode).toBe(200)
      done()
    )
    form = req.form()
    form.append('username', 'admin@afc.com')
    form.append('password', '80yqxpb38j')

  it 'get schema', (done) ->
    request.get {uri: getURL(urlUser+'/schema')}, (err, res, body) ->
      expect(res.statusCode).toBe(200)
      body = JSON.parse(body)
      expect(body.type).toBeDefined()
      done()

  it 'is able to do a sweet query', (done) ->
    conditions = [
      ['limit', 20]
      ['where', 'email']
      ['equals', 'admin@afc.com']
      ['sort', '-dateCreated']
    ]
    options = {
      url: getURL(urlUser)
      qs: {
        conditions: JSON.stringify(conditions)
      }
    }

    req = request.get(options, (error, response) ->
      expect(response.statusCode).toBe(200)
      res = JSON.parse(response.body)
      expect(res.length).toBeGreaterThan(0)
      done()
    )

  it 'rejects bad conditions', (done) ->
    conditions = [
      ['lime', 20]
    ]
    options = {
      url: getURL(urlUser)
      qs: {
        conditions: JSON.stringify(conditions)
      }
    }

    req = request.get(options, (error, response) ->
      expect(response.statusCode).toBe(422)
      done()
    )

  it 'can fetch myself by id completely', (done) ->
    loginSam (sam) ->
      request.get {url: getURL(urlUser + '/' + sam.id)}, (err, response) ->
        expect(err).toBeNull()
        expect(response.statusCode).toBe(200)
        done()

  it 'can fetch myself by slug completely', (done) ->
    loginSam (sam) ->
      request.get {url: getURL(urlUser + '/sam')}, (err, response) ->
        expect(err).toBeNull()
        expect(response.statusCode).toBe(200)
        guy = JSON.parse response.body
        expect(guy._id).toBe sam.get('_id').toHexString()
        expect(guy.name).toBe sam.get 'name'
        done()

  # TODO Ruben should be able to fetch other users but probably with restricted data access
  # Add to the test case above an extra data check

  xit 'can unset name and undefine slug'

  xit 'can fetch another user with restricted fields'
Ready for action, sir! 2014-01-03 13:32:13 -05:00			`require '../common'`
Fix all server side test 2014-01-15 14:36:59 -05:00			`request = require 'request'`
Migrated to the new email system, along with a setting for recruit notifications. 2014-04-21 19:15:23 -04:00			`User = require '../../../server/users/User'`
Fix all server side test 2014-01-15 14:36:59 -05:00
			`urlUser = '/db/user'`
Ready for action, sir! 2014-01-03 13:32:13 -05:00
Migrated to the new email system, along with a setting for recruit notifications. 2014-04-21 19:15:23 -04:00			`describe 'Server user object', ->`
Clean up mixed quotes 2014-06-30 22:16:26 -04:00
Migrated to the new email system, along with a setting for recruit notifications. 2014-04-21 19:15:23 -04:00			`it 'uses the schema defaults to fill in email preferences', (done) ->`
			`user = new User()`
			`expect(user.isEmailSubscriptionEnabled('generalNews')).toBeTruthy()`
			`expect(user.isEmailSubscriptionEnabled('anyNotes')).toBeTruthy()`
			`expect(user.isEmailSubscriptionEnabled('recruitNotes')).toBeTruthy()`
			`expect(user.isEmailSubscriptionEnabled('archmageNews')).toBeFalsy()`
			`done()`

			`it 'uses old subs if they\'re around', (done) ->`
			`user = new User()`
			`user.set 'emailSubscriptions', ['tester']`
			`expect(user.isEmailSubscriptionEnabled('adventurerNews')).toBeTruthy()`
			`expect(user.isEmailSubscriptionEnabled('generalNews')).toBeFalsy()`
			`done()`
Added a regressive test for e87592059bab141d73e7dda18bc66a74637019e2 2014-05-08 16:56:54 -04:00
Migrated to the new email system, along with a setting for recruit notifications. 2014-04-21 19:15:23 -04:00			`it 'maintains the old subs list if it\'s around', (done) ->`
			`user = new User()`
			`user.set 'emailSubscriptions', ['tester']`
			`user.setEmailSubscription('artisanNews', true)`
Clean up mixed quotes 2014-06-30 22:16:26 -04:00			`expect(JSON.stringify(user.get('emailSubscriptions'))).toBe(JSON.stringify(['tester', 'level_creator']))`
Migrated to the new email system, along with a setting for recruit notifications. 2014-04-21 19:15:23 -04:00			`done()`
Clean up mixed quotes 2014-06-30 22:16:26 -04:00
Migrated to the new email system, along with a setting for recruit notifications. 2014-04-21 19:15:23 -04:00			`describe 'User.updateMailChimp', ->`
			`makeMC = (callback) ->`
			`GLOBAL.mc =`
			`lists:`
			`subscribe: callback`
Added a regressive test for e87592059bab141d73e7dda18bc66a74637019e2 2014-05-08 16:56:54 -04:00
Migrated to the new email system, along with a setting for recruit notifications. 2014-04-21 19:15:23 -04:00			`it 'uses emails to determine what to send to MailChimp', (done) ->`
			`makeMC (params) ->`
			`expect(JSON.stringify(params.merge_vars.groupings[0].groups)).toBe(JSON.stringify(['Announcements']))`
			`done()`

Clean up mixed quotes 2014-06-30 22:16:26 -04:00			`user = new User({emailSubscriptions: ['announcement'], email: 'tester@gmail.com'})`
Migrated to the new email system, along with a setting for recruit notifications. 2014-04-21 19:15:23 -04:00			`User.updateMailChimp(user)`
Added a regressive test for e87592059bab141d73e7dda18bc66a74637019e2 2014-05-08 16:56:54 -04:00
Ready for action, sir! 2014-01-03 13:32:13 -05:00			`describe 'POST /db/user', ->`
Fix all server side test 2014-01-15 14:36:59 -05:00
Anonymous users can have the same name 2014-07-09 15:33:25 -04:00			`createAnonNameUser = (name, done)->`
			`request.post getURL('/auth/logout'), ->`
			`request.get getURL('/auth/whoami'), ->`
			`req = request.post(getURL('/db/user'), (err, response) ->`
			`expect(response.statusCode).toBe(200)`
			`request.get getURL('/auth/whoami'), (request, response, body) ->`
			`res = JSON.parse(response.body)`
			`expect(res.anonymous).toBeTruthy()`
			`expect(res.name).toEqual(name)`
			`done()`
			`)`
			`form = req.form()`
			`form.append('name', name)`

Fix all server side test 2014-01-15 14:36:59 -05:00			`it 'preparing test : clears the db first', (done) ->`
Ready for action, sir! 2014-01-03 13:32:13 -05:00			`clearModels [User], (err) ->`
			`throw err if err`
			`done()`

			`it 'converts the password into a hash', (done) ->`
			`unittest.getNormalJoe (user) ->`
			`expect(user).toBeTruthy()`
			`expect(user.get('password')).toBeUndefined()`
			`expect(user?.get('passwordHash')).not.toBeUndefined()`
			`if user?.get('passwordHash')?`
Fix all server side test 2014-01-15 14:36:59 -05:00			`expect(user.get('passwordHash')[..5]).toBe('31dc3d')`
Ready for action, sir! 2014-01-03 13:32:13 -05:00			`expect(user.get('permissions').length).toBe(0)`
			`done()`

			`it 'serves the user through /db/user/id', (done) ->`
			`unittest.getNormalJoe (user) ->`
Fix all server side test 2014-01-15 14:36:59 -05:00			`url = getURL(urlUser+'/'+user._id)`
Ready for action, sir! 2014-01-03 13:32:13 -05:00			`request.get url, (err, res, body) ->`
			`expect(res.statusCode).toBe(200)`
			`user = JSON.parse(body)`
			`expect(user.email).toBe('normal@jo.com')`
			`expect(user.passwordHash).toBeUndefined()`
			`done()`

			`it 'creates admins based on passwords', (done) ->`
			`request.post getURL('/auth/logout'), ->`
			`unittest.getAdmin (user) ->`
			`expect(user).not.toBeUndefined()`
			`if user`
			`expect(user.get('permissions').length).toBe(1)`
			`expect(user.get('permissions')[0]).toBe('admin')`
			`done()`

			`it 'does not return the full user object for regular users.', (done) ->`
			`loginJoe ->`
			`unittest.getAdmin (user) ->`

Fix all server side test 2014-01-15 14:36:59 -05:00			`url = getURL(urlUser+'/'+user._id)`
Ready for action, sir! 2014-01-03 13:32:13 -05:00			`request.get url, (err, res, body) ->`
			`expect(res.statusCode).toBe(200)`
			`user = JSON.parse(body)`
			`expect(user.email).toBeUndefined()`
			`expect(user.passwordHash).toBeUndefined()`
			`done()`

Added jasmine spec reporter and tests for anonymous name collisions. 2014-04-28 05:46:43 -04:00			`it 'should allow setting anonymous user name', (done) ->`
Anonymous users can have the same name 2014-07-09 15:33:25 -04:00			`createAnonNameUser('Jim', done)`
Added jasmine spec reporter and tests for anonymous name collisions. 2014-04-28 05:46:43 -04:00
User name slugs can now be unset by emptying their name 2014-07-10 04:46:34 -04:00			`it 'should allow multiple anonymous users with same name', (done) ->`
Anonymous users can have the same name 2014-07-09 15:33:25 -04:00			`createAnonNameUser('Jim', done)`
Added jasmine spec reporter and tests for anonymous name collisions. 2014-04-28 05:46:43 -04:00
Anonymous users are now silently renamed upon signup in case of conflict 2014-07-10 12:00:32 -04:00			`it 'should allow setting existing user name to anonymous user', (done) ->`
Clean up mixed quotes 2014-06-30 22:16:26 -04:00			`req = request.post(getURL('/db/user'), (err, response, body) ->`
Added jasmine spec reporter and tests for anonymous name collisions. 2014-04-28 05:46:43 -04:00			`expect(response.statusCode).toBe(200)`
			`request.get getURL('/auth/whoami'), (request, response, body) ->`
			`res = JSON.parse(response.body)`
			`expect(res.anonymous).toBeFalsy()`
Anonymous users are now silently renamed upon signup in case of conflict 2014-07-10 12:00:32 -04:00			`createAnonNameUser 'Jim', done`
Added jasmine spec reporter and tests for anonymous name collisions. 2014-04-28 05:46:43 -04:00			`)`
			`form = req.form()`
			`form.append('email', 'new@user.com')`
			`form.append('password', 'new')`

Ready for action, sir! 2014-01-03 13:32:13 -05:00			`describe 'PUT /db/user', ->`

Made the server resistant to req.user being undefined sometimes. 2014-02-24 23:27:38 -05:00			`it 'logs in as normal joe', (done) ->`
			`request.post getURL('/auth/logout'),`
			`loginJoe -> done()`

Ready for action, sir! 2014-01-03 13:32:13 -05:00			`it 'denies requests without any data', (done) ->`
Made the server resistant to req.user being undefined sometimes. 2014-02-24 23:27:38 -05:00			`request.put getURL(urlUser),`
Ready for action, sir! 2014-01-03 13:32:13 -05:00			`(err, res) ->`
Made the server resistant to req.user being undefined sometimes. 2014-02-24 23:27:38 -05:00			`expect(res.statusCode).toBe(422)`
			`expect(res.body).toBe('No input.')`
			`done()`
Ready for action, sir! 2014-01-03 13:32:13 -05:00
			`it 'denies requests to edit someone who is not joe', (done) ->`
			`unittest.getAdmin (admin) ->`
Fix all server side test 2014-01-15 14:36:59 -05:00			`req = request.put getURL(urlUser),`
Ready for action, sir! 2014-01-03 13:32:13 -05:00			`(err, res) ->`
			`expect(res.statusCode).toBe(403)`
			`done()`
			`req.form().append('_id', admin.id)`

			`it 'denies invalid data', (done) ->`
			`unittest.getNormalJoe (joe) ->`
Fix all server side test 2014-01-15 14:36:59 -05:00			`req = request.put getURL(urlUser),`
Ready for action, sir! 2014-01-03 13:32:13 -05:00			`(err, res) ->`
			`expect(res.statusCode).toBe(422)`
			`expect(res.body.indexOf('too long')).toBeGreaterThan(-1)`
			`done()`
			`form = req.form()`
			`form.append('_id', joe.id)`
Clean up mixed quotes 2014-06-30 22:16:26 -04:00			`form.append('email', 'farghlarghlfarghlarghlfarghlarghlfarghlarghlfarghlarghlfarghlar`
			`ghlfarghlarghlfarghlarghlfarghlarghlfarghlarghlfarghlarghlfarghlarghlfarghlarghlfarghlarghl')`
Ready for action, sir! 2014-01-03 13:32:13 -05:00
			`it 'logs in as admin', (done) ->`
			`loginAdmin -> done()`

			`it 'denies non-existent ids', (done) ->`
Fix all server side test 2014-01-15 14:36:59 -05:00			`req = request.put getURL(urlUser),`
Ready for action, sir! 2014-01-03 13:32:13 -05:00			`(err, res) ->`
			`expect(res.statusCode).toBe(404)`
			`done()`
			`form = req.form()`
			`form.append('_id', '513108d4cb8b610000000004')`
Clean up mixed quotes 2014-06-30 22:16:26 -04:00			`form.append('email', 'perfectly@good.com')`
Ready for action, sir! 2014-01-03 13:32:13 -05:00
			`it 'denies if the email being changed is already taken', (done) ->`
			`unittest.getNormalJoe (joe) ->`
			`unittest.getAdmin (admin) ->`
Fix all server side test 2014-01-15 14:36:59 -05:00			`req = request.put getURL(urlUser), (err, res) ->`
Ready for action, sir! 2014-01-03 13:32:13 -05:00			`expect(res.statusCode).toBe(409)`
			`expect(res.body.indexOf('already used')).toBeGreaterThan(-1)`
			`done()`
			`form = req.form()`
			`form.append('_id', String(admin._id))`
			`form.append('email', joe.get('email').toUpperCase())`

Added a regressive test for e87592059bab141d73e7dda18bc66a74637019e2 2014-05-08 16:56:54 -04:00			`it 'does not care if you include your existing name', (done) ->`
			`unittest.getNormalJoe (joe) ->`
			`req = request.put getURL(urlUser+'/'+joe._id), (err, res) ->`
			`expect(res.statusCode).toBe(200)`
			`done()`
			`form = req.form()`
			`form.append('_id', String(joe._id))`
			`form.append('name', 'Joe')`

			`it 'accepts name and email changes', (done) ->`
Ready for action, sir! 2014-01-03 13:32:13 -05:00			`unittest.getNormalJoe (joe) ->`
Fix all server side test 2014-01-15 14:36:59 -05:00			`req = request.put getURL(urlUser), (err, res) ->`
Ready for action, sir! 2014-01-03 13:32:13 -05:00			`expect(res.statusCode).toBe(200)`
Creators of documents are automatically added as watchers. Added a patch creation email for watchers. 2014-04-17 20:09:01 -04:00			`unittest.getUser('Wilhelm', 'New@email.com', 'null', (joe) ->`
Ready for action, sir! 2014-01-03 13:32:13 -05:00			`expect(joe.get('name')).toBe('Wilhelm')`
			`expect(joe.get('emailLower')).toBe('new@email.com')`
			`expect(joe.get('email')).toBe('New@email.com')`
			`done())`
			`form = req.form()`
			`form.append('_id', String(joe._id))`
			`form.append('email', 'New@email.com')`
			`form.append('name', 'Wilhelm')`

Anonymous users are now silently renamed upon signup in case of conflict 2014-07-10 12:00:32 -04:00			`it 'should not allow two users with the same name slug', (done) ->`
			`loginSam (sam) ->`
			`samsName = sam.get 'name'`
			`sam.set 'name', 'admin'`
			`request.put {uri:getURL(urlUser + '/' + sam.id), json: sam.toObject()}, (err, response) ->`
			`expect(err).toBeNull()`
			`expect(response.statusCode).toBe 409`

			`sam.set 'name', samsName`
			`done()`

			`it 'should silently rename an anonymous user if their name conflicts upon signup', (done) ->`
			`request.post getURL('/auth/logout'), ->`
			`request.get getURL('/auth/whoami'), ->`
			`req = request.post getURL('/db/user'), (err, response) ->`
			`expect(response.statusCode).toBe(200)`
			`request.get getURL('/auth/whoami'), (err, response) ->`
			`expect(err).toBeNull()`
			`guy = JSON.parse(response.body)`
			`expect(guy.anonymous).toBeTruthy()`
			`expect(guy.name).toEqual 'admin'`

			`guy.email = 'blub@blub' # Email means registration`
			`req = request.post {url: getURL('/db/user'), json: guy}, (err, response) ->`
			`expect(err).toBeNull()`
			`finalGuy = response.body`
			`expect(finalGuy.anonymous).toBeFalsy()`
			`expect(finalGuy.name).not.toEqual guy.name`
			`expect(finalGuy.name.length).toBe guy.name.length + 1`
			`done()`
			`form = req.form()`
			`form.append('name', 'admin')`

Ready for action, sir! 2014-01-03 13:32:13 -05:00			`describe 'GET /db/user', ->`
Fix all server side test 2014-01-15 14:36:59 -05:00
Ready for action, sir! 2014-01-03 13:32:13 -05:00			`it 'logs in as admin', (done) ->`
			`req = request.post(getURL('/auth/login'), (error, response) ->`
			`expect(response.statusCode).toBe(200)`
			`done()`
			`)`
			`form = req.form()`
			`form.append('username', 'admin@afc.com')`
			`form.append('password', '80yqxpb38j')`

server db route (handlers and schemas) - use associative arrays to store path/filename - add more test for schemas 2014-01-23 17:06:12 -05:00			`it 'get schema', (done) ->`
Clean up mixed quotes 2014-06-30 22:16:26 -04:00			`request.get {uri: getURL(urlUser+'/schema')}, (err, res, body) ->`
server db route (handlers and schemas) - use associative arrays to store path/filename - add more test for schemas 2014-01-23 17:06:12 -05:00			`expect(res.statusCode).toBe(200)`
			`body = JSON.parse(body)`
			`expect(body.type).toBeDefined()`
			`done()`

Ready for action, sir! 2014-01-03 13:32:13 -05:00			`it 'is able to do a sweet query', (done) ->`
			`conditions = [`
			`['limit', 20]`
			`['where', 'email']`
			`['equals', 'admin@afc.com']`
			`['sort', '-dateCreated']`
			`]`
			`options = {`
Fix all server side test 2014-01-15 14:36:59 -05:00			`url: getURL(urlUser)`
Ready for action, sir! 2014-01-03 13:32:13 -05:00			`qs: {`
			`conditions: JSON.stringify(conditions)`
			`}`
			`}`

			`req = request.get(options, (error, response) ->`
			`expect(response.statusCode).toBe(200)`
			`res = JSON.parse(response.body)`
			`expect(res.length).toBeGreaterThan(0)`
			`done()`
			`)`

			`it 'rejects bad conditions', (done) ->`
			`conditions = [`
			`['lime', 20]`
			`]`
			`options = {`
Fix all server side test 2014-01-15 14:36:59 -05:00			`url: getURL(urlUser)`
Ready for action, sir! 2014-01-03 13:32:13 -05:00			`qs: {`
			`conditions: JSON.stringify(conditions)`
			`}`
			`}`

			`req = request.get(options, (error, response) ->`
			`expect(response.statusCode).toBe(422)`
			`done()`
			`)`
Test coverage for GETting users by slug 2014-07-09 15:29:57 -04:00
			`it 'can fetch myself by id completely', (done) ->`
			`loginSam (sam) ->`
			`request.get {url: getURL(urlUser + '/' + sam.id)}, (err, response) ->`
			`expect(err).toBeNull()`
			`expect(response.statusCode).toBe(200)`
			`done()`

			`it 'can fetch myself by slug completely', (done) ->`
			`loginSam (sam) ->`
			`request.get {url: getURL(urlUser + '/sam')}, (err, response) ->`
			`expect(err).toBeNull()`
			`expect(response.statusCode).toBe(200)`
			`guy = JSON.parse response.body`
			`expect(guy._id).toBe sam.get('_id').toHexString()`
			`expect(guy.name).toBe sam.get 'name'`
			`done()`

User name slugs can now be unset by emptying their name 2014-07-10 04:46:34 -04:00			`# TODO Ruben should be able to fetch other users but probably with restricted data access`
			`# Add to the test case above an extra data check`

			`xit 'can unset name and undefine slug'`

			`xit 'can fetch another user with restricted fields'`
Test coverage for GETting users by slug 2014-07-09 15:29:57 -04:00