Added tests for the auth.ts file

3179ab49 · Bernard Roland (Student Com20) · ca4fe049 · 3179ab49 · 3179ab49 · 3179ab49
Commit 3179ab49 authored 3 years ago by Bernard Roland (Student Com20)
--- a/server/package.json
+++ b/server/package.json
@@ -23,7 +23,7 @@
    "scripts": {
        "start": "nodemon src/index.ts",
        "build": "tsc --project .",
-        "test": "jest --passWithNoTests --config ./jest.config.json"
+        "test": "jest --passWithNoTests --verbose --config ./jest.config.json"
    },
    "devDependencies": {
        "@types/bcrypt": "^3.0.1",

--- a/server/src/setupTests.ts
+++ b/server/src/setupTests.ts
@@ -8,14 +8,14 @@ async function loadTestData() {
        .insert([
            {
                id: '00000000-0000-0000-0000-000000000000',
-                user_name: 'User0',
+                user_name: 'user0',
                passwd_hash: '$2b$10$sjHhJNz4sLNclKEwWISZRe4cVju6jn4QjMVs4wdZ6wug2SKG774pq',
                email: 'test0@example.com',
                real_name: 'Testing Tester',
                image: null,
            }, {
                id: '00000000-0000-0000-0000-000000000001',
-                user_name: 'User1',
+                user_name: 'user1',
                passwd_hash: '$2b$10$sjHhJNz4sLNclKEwWISZRe4cVju6jn4QjMVs4wdZ6wug2SKG774pq',
                email: 'test1@example.com',
                real_name: 'Tester Testing',

--- a/server/src/v1/auth.test.ts
+++ b/server/src/v1/auth.test.ts

-import supertest from 'supertest';
+import supertest, { Response } from 'supertest';

+import { database } from '../database';
 import { api } from '../api';
+import { generateAuthToken } from './auth';

 const request = supertest(api);

-test('', async () => {
+describe('requesting a token', () => {
+    test('fails if username does not exist', async () => {
+        const response = await request
+            .post('/v1/auth/token')
+            .send({
+                username: 'User2',
+                password: 'testtest',
+            });
+        expect(response.status).toEqual(404);
+        expect(response.body.status).toEqual('error');
+    });
+
+    test('fails if the password is wrong', async () => {
+        const response = await request
+            .post('/v1/auth/token')
+            .send({
+                username: 'User0',
+                password: 'test',
+            });
+        expect(response.status).toEqual(403);
+        expect(response.body.status).toEqual('error');
+    });
+
+    test('succeeds if username and password are correct', async () => {
+        const response = await request
+            .post('/v1/auth/token')
+            .send({
+                username: 'User0',
+                password: 'testtest',
+            });
+        expect(response.status).toEqual(200);
+        expect(response.body.status).toEqual('success');
+        expect(response.body.token).toBeTruthy();
+    });
+});
+
+test('registering a user with an existing username fails', async () => {
+    const response = await request
+        .post('/v1/auth/register')
+        .send({
+            username: 'User0',
+            password: 'testtest',
+        });
+    expect(response.status).toEqual(400);
+    expect(response.body.status).toEqual('error');
+});
+
+describe('successful user registration', () => {
+    let response: Response;
+
+    beforeAll(async () => {
+        response = await request
+            .post('/v1/auth/register')
+            .send({
+                username: 'User2',
+                password: 'testing',
+                email: 'test@example.com',
+                realname: 'Real Test',
+            });
+    });
+
+    test('returns a valid token', async () => {
+        expect(response.status).toEqual(200);
+        expect(response.body.status).toEqual('success');
+        expect(response.body.token).toBeTruthy();
+    });
+
+    test('creates a new user', async () => {
+        const user = await database('users')
+            .select()
+            .where({ 'users.user_name': 'user2' });
+        expect(user.length).toEqual(1);
+        expect(user[0].user_name).toEqual('user2');
+        expect(user[0].email).toEqual('test@example.com');
+        expect(user[0].real_name).toEqual('Real Test');
+    });
+
+    test('auth token can be requested', async () => {
+        const response = await request
+            .post('/v1/auth/token')
+            .send({
+                username: 'User2',
+                password: 'testing',
+            });
+        expect(response.status).toEqual(200);
+        expect(response.body.status).toEqual('success');
+        expect(response.body.token).toBeTruthy();
+    });
+
+    afterAll(async () => {
+        await database('users')
+            .delete()
+            .where({ 'users.user_name': 'user2' });
+    });
+})
+
+describe('password can be changed', () => {
+    let response: Response;
+
+    beforeAll(async () => {
+        response = await request
+            .put('/v1/auth/password')
+            .set('Authorization', `Bearer ${await generateAuthToken('00000000-0000-0000-0000-000000000000')}`)
+            .send({
+                password: 'testtest2',
+            });
+    })
+    
+    test('returns successfully', async () => {
+        expect(response.status).toEqual(200);
+        expect(response.body.status).toEqual('success');
+    });
+    
+    test('token request with old password fails', async () => {
+        const response = await request
+            .post('/v1/auth/token')
+            .send({
+                username: 'User0',
+                password: 'testtest',
+            });
+        expect(response.status).toEqual(403);
+        expect(response.body.status).toEqual('error');
+    });
    
+    test('token request with new password succeeds', async () => {
+        const response = await request
+            .post('/v1/auth/token')
+            .send({
+                username: 'User0',
+                password: 'testtest2',
+            });
+        expect(response.status).toEqual(200);
+        expect(response.body.status).toEqual('success');
+        expect(response.body.token).toBeTruthy();
+    });
+
+    afterAll(async () => {
+        response = await request
+            .put('/v1/auth/password')
+            .set('Authorization', `Bearer ${await generateAuthToken('00000000-0000-0000-0000-000000000000')}`)
+            .send({
+                password: 'testtest',
+            });
+    })
+});
+
+test('changing username to an existing one fails', async () => {
+    const response = await request
+        .put('/v1/auth/username')
+        .set('Authorization', `Bearer ${await generateAuthToken('00000000-0000-0000-0000-000000000000')}`)
+        .send({
+            username: 'User1',
+        });
+    expect(response.status).toEqual(400);
+    expect(response.body.status).toEqual('error');
+});
+
+describe('username can be changed', () => {
+    let response: Response;
+
+    beforeAll(async () => {
+        response = await request
+            .put('/v1/auth/username')
+            .set('Authorization', `Bearer ${await generateAuthToken('00000000-0000-0000-0000-000000000000')}`)
+            .send({
+                username: 'User00',
+            });
+    })
+    
+    test('returns successfully', async () => {
+        expect(response.status).toEqual(200);
+        expect(response.body.status).toEqual('success');
+    });
+    
+    test('token request with old username fails', async () => {
+        const response = await request
+            .post('/v1/auth/token')
+            .send({
+                username: 'User0',
+                password: 'testtest',
+            });
+        expect(response.status).toEqual(404);
+        expect(response.body.status).toEqual('error');
+    });
+    
+    test('token request with new username succeeds', async () => {
+        const response = await request
+            .post('/v1/auth/token')
+            .send({
+                username: 'User00',
+                password: 'testtest',
+            });
+        expect(response.status).toEqual(200);
+        expect(response.body.status).toEqual('success');
+        expect(response.body.token).toBeTruthy();
+    });
+
+    afterAll(async () => {
+        response = await request
+            .put('/v1/auth/username')
+            .set('Authorization', `Bearer ${await generateAuthToken('00000000-0000-0000-0000-000000000000')}`)
+            .send({
+                username: 'User0',
+            });
+    })
+});
+
+test('valid tokens can be extended', async () => {
+    const response = await request
+        .get('/v1/auth/extend')
+        .set('Authorization', `Bearer ${await generateAuthToken('00000000-0000-0000-0000-000000000000')}`);
+    expect(response.status).toEqual(200);
+    expect(response.body.status).toEqual('success');
+});
+
+test('invalid tokens cause an 403 error', async () => {
+    const response = await request
+        .get('/v1/auth/extend')
+        .set('Authorization', 'Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9.Kq2cI42E_-c1No89CpGyqwLV3BL4fFpe5fGhDjrUr2c');
+    expect(response.status).toEqual(403);
+    expect(response.body.status).toEqual('error');
 });

--- a/server/src/v1/auth.ts
+++ b/server/src/v1/auth.ts
@@ -65,7 +65,7 @@ export function requireVerification(req: Request, res: Response, next: NextFunct
    }
 }

-async function generateAuthToken(id: string) {
+export async function generateAuthToken(id: string) {
    const token: Token = {
        id: id,
        type: authTokenType,
@@ -90,31 +90,24 @@ auth.post('/register', async (req, res) => {
        const id = uuid();
        const passwdHash = await hash(body.password, 10);
        const name = body.username.trim().toLowerCase();
-        if (name.length >= 4) {
-            try {
-                const token = await generateAuthToken(id);
-                await database('users').insert({
-                    id: id,
-                    user_name: name,
-                    passwd_hash: passwdHash,
-                    email: body.email ?? null,
-                    real_name: body.realname ?? null,
-                });
-                res.status(200).json({
-                    status: 'success',
-                    token: token,
-                });
-            } catch (e) {
-                // Fails if unique constraint for username is not met
-                res.status(400).json({
-                    status: 'error',
-                    message: 'failed to create user',
-                });
-            }
-        } else {
+        try {
+            const token = await generateAuthToken(id);
+            await database('users').insert({
+                id: id,
+                user_name: name,
+                passwd_hash: passwdHash,
+                email: body.email ?? null,
+                real_name: body.realname ?? null,
+            });
+            res.status(200).json({
+                status: 'success',
+                token: token,
+            });
+        } catch (e) {
+            // Fails if unique constraint for username is not met
            res.status(400).json({
                status: 'error',
-                message: 'usernames must be four letters or longer',
+                message: 'failed to create user',
            });
        }
    } else {

--- a/server/src/v1/user.test.ts
+++ b/server/src/v1/user.test.ts
@@ -6,11 +6,8 @@ import { api } from '../api';
 const request = supertest(api);

 test('non existant username returns 404 for /v1/user/name/', async () => {
-    const response = await request.get('/v1/user/name/__NO_REAL_NAME__');
+    const response = await request.get('/v1/user/name/User3');
    expect(response.status).toEqual(404);
-    expect(response.body).toEqual({
-        status: 'error',
-        message: 'user not found',
-    });
+    expect(response.body.status).toEqual('error');
 });