2024-02-11 22:37:04 +01:00
|
|
|
import {} from 'dotenv/config';
|
|
|
|
import crypto from 'crypto';
|
2021-06-23 22:30:45 +02:00
|
|
|
import got from 'got';
|
|
|
|
import jwt from 'jsonwebtoken'
|
|
|
|
import test from 'tape';
|
|
|
|
|
2021-06-24 00:42:54 +02:00
|
|
|
let adminJWT;
|
|
|
|
let adminJWTString;
|
|
|
|
let user;
|
|
|
|
let userJWT;
|
|
|
|
let userJWTString;
|
|
|
|
const userName = 'test-tomte nöff #18';
|
|
|
|
const password = 'lurpassare7½TUR';
|
2021-06-23 22:30:45 +02:00
|
|
|
|
2024-02-11 22:37:04 +01:00
|
|
|
|
2021-06-24 00:42:54 +02:00
|
|
|
test('test-cases/01basic.js: Authing with configurated API KEY', async t => {
|
2021-06-23 22:30:45 +02:00
|
|
|
// Wrong API key
|
|
|
|
try {
|
|
|
|
await got.post(`${process.env.AUTH_URL}/auth/api-key`, {
|
|
|
|
json: 'a09ifa908wjf92fowreigaoijfaosidfđ@€£đawef',
|
|
|
|
responseType: 'json',
|
|
|
|
});
|
|
|
|
|
|
|
|
t.fail('Calling /auth/api-key with wrong api-key should result in a 403');
|
|
|
|
} catch (err) {
|
|
|
|
t.equal(err.message, 'Response code 403 (Forbidden)', 'Calling /auth/api-key with wrong api-key should result in a 403')
|
|
|
|
}
|
|
|
|
|
2021-06-24 00:42:54 +02:00
|
|
|
// Successful auth
|
2021-06-23 22:30:45 +02:00
|
|
|
const authRes = await got.post(`${process.env.AUTH_URL}/auth/api-key`, {
|
|
|
|
json: 'hihi',
|
|
|
|
responseType: 'json',
|
|
|
|
});
|
|
|
|
t.notEqual(authRes.body.jwt, undefined, 'The body should include a jwt key');
|
|
|
|
t.notEqual(authRes.body.renewalToken, undefined, 'The body should include a renewalToken');
|
2021-06-24 00:42:54 +02:00
|
|
|
adminJWTString = authRes.body.jwt;
|
2021-06-23 22:30:45 +02:00
|
|
|
|
2021-06-24 00:42:54 +02:00
|
|
|
adminJWT = jwt.verify(adminJWTString, process.env.JWT_SHARED_SECRET);
|
2021-06-23 22:30:45 +02:00
|
|
|
t.equal(adminJWT.accountName, 'admin', 'The verified account name should be "admin"');
|
2021-06-24 00:42:54 +02:00
|
|
|
});
|
2021-06-23 22:30:45 +02:00
|
|
|
|
2021-06-24 00:42:54 +02:00
|
|
|
test('test-cases/01basic.js: GETting the admin account, with the token we just obtained', async t => {
|
2021-06-23 22:30:45 +02:00
|
|
|
try {
|
2023-05-08 15:29:19 +02:00
|
|
|
await got(`${process.env.AUTH_URL}/accounts/${adminJWT.accountId}`);
|
|
|
|
t.fail('Calling /accounts/{id} without proper auth token should give 403');
|
2021-06-23 22:30:45 +02:00
|
|
|
} catch (err) {
|
2023-05-08 15:29:19 +02:00
|
|
|
t.equal(err.message, 'Response code 403 (Forbidden)', 'Calling /accounts/{id} without proper auth token should give 403');
|
2021-06-23 22:30:45 +02:00
|
|
|
}
|
|
|
|
|
2023-05-08 15:29:19 +02:00
|
|
|
const accountRes = await got(`${process.env.AUTH_URL}/accounts/${adminJWT.accountId}`, {
|
2021-06-24 00:42:54 +02:00
|
|
|
headers: { 'Authorization': `bearer ${adminJWTString}`},
|
2021-06-23 22:30:45 +02:00
|
|
|
responseType: 'json',
|
|
|
|
});
|
|
|
|
|
|
|
|
t.equal(adminJWT.accountId, accountRes.body.id, 'The account ids should match');
|
2021-06-24 00:42:54 +02:00
|
|
|
});
|
|
|
|
|
|
|
|
test('test-cases/01basic.js: Creating a new account', async t => {
|
2023-05-10 22:35:38 +02:00
|
|
|
const res = await got.post(`${process.env.AUTH_URL}/accounts`, {
|
2021-06-24 00:42:54 +02:00
|
|
|
headers: { 'Authorization': `bearer ${adminJWTString}`},
|
|
|
|
json: {
|
|
|
|
fields: [
|
|
|
|
{
|
|
|
|
name: 'nördområde',
|
|
|
|
values: ['tåg', 'trädgårdstomtar'],
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: 'role',
|
|
|
|
values: ['user'],
|
|
|
|
}
|
|
|
|
],
|
|
|
|
name: userName,
|
|
|
|
password,
|
|
|
|
},
|
|
|
|
responseType: 'json',
|
|
|
|
});
|
|
|
|
|
|
|
|
user = res.body;
|
|
|
|
|
|
|
|
t.notEqual(user.id, undefined, 'The new account should have an id');
|
|
|
|
t.notEqual(user.apiKey, undefined, 'The new account should have an apiKey');
|
|
|
|
|
|
|
|
try {
|
2023-05-10 22:35:38 +02:00
|
|
|
await got.post(`${process.env.AUTH_URL}/accounts`, {
|
2021-06-24 00:42:54 +02:00
|
|
|
headers: { 'Authorization': `bearer ${adminJWTString}`},
|
|
|
|
json: {
|
|
|
|
fields: [{name: 'role',values: ['user'],}],
|
|
|
|
name: userName,
|
|
|
|
password,
|
|
|
|
},
|
|
|
|
responseType: 'json',
|
|
|
|
});
|
|
|
|
t.fail('Trying to create another account with the same name should fail with a 409');
|
|
|
|
} catch(err) {
|
|
|
|
t.equal(err.message, 'Response code 409 (Conflict)', 'Trying to create another account with the same name should fail with a 409');
|
|
|
|
}
|
|
|
|
});
|
|
|
|
|
|
|
|
test('test-cases/01basic.js: Auth by username and password', async t => {
|
|
|
|
const authRes = await got.post(`${process.env.AUTH_URL}/auth/password`, {
|
|
|
|
json: {
|
|
|
|
name: userName,
|
|
|
|
password,
|
|
|
|
},
|
|
|
|
responseType: 'json',
|
|
|
|
});
|
|
|
|
t.notEqual(authRes.body.jwt, undefined, 'The body should include a jwt key');
|
|
|
|
t.notEqual(authRes.body.renewalToken, undefined, 'The body should include a renewalToken');
|
|
|
|
userJWTString = authRes.body.jwt;
|
|
|
|
|
|
|
|
userJWT = jwt.verify(userJWTString, process.env.JWT_SHARED_SECRET);
|
|
|
|
t.equal(userJWT.accountName, userName, 'The verified account name should match the created user');
|
|
|
|
});
|
|
|
|
|
2022-02-27 17:32:30 +01:00
|
|
|
test('test-cases/01basic.js: Auth by username and wrong password', async t => {
|
|
|
|
try {
|
|
|
|
await got.post(`${process.env.AUTH_URL}/auth/password`, {
|
|
|
|
json: {
|
|
|
|
name: userName,
|
|
|
|
password: 'isWrong',
|
|
|
|
},
|
|
|
|
responseType: 'json',
|
|
|
|
});
|
|
|
|
t.fail('Trying to login with wrong password should fail with a 403');
|
|
|
|
} catch(err) {
|
|
|
|
t.equal(err.message, 'Response code 403 (Forbidden)', 'Trying to login with wrong password should fail with a 403');
|
|
|
|
}
|
|
|
|
});
|
|
|
|
|
|
|
|
test('test-cases/01basic.js: Auth by wrong username', async t => {
|
|
|
|
try {
|
|
|
|
await got.post(`${process.env.AUTH_URL}/auth/password`, {
|
|
|
|
json: {
|
|
|
|
name: 'lapptomte',
|
|
|
|
password: 'isWrong',
|
|
|
|
},
|
|
|
|
responseType: 'json',
|
|
|
|
});
|
|
|
|
t.fail('Trying to login with wrong username should fail with a 403');
|
|
|
|
} catch(err) {
|
|
|
|
t.equal(err.message, 'Response code 403 (Forbidden)', 'Trying to login with wrong username should fail with a 403');
|
|
|
|
}
|
|
|
|
});
|
|
|
|
|
2022-04-26 13:42:59 +02:00
|
|
|
test('test-cases/01basic.js: Auth by empty username and empty password', async t => {
|
|
|
|
try {
|
|
|
|
await got.post(`${process.env.AUTH_URL}/auth/password`, {
|
|
|
|
json: {
|
|
|
|
name: '',
|
|
|
|
password: '',
|
|
|
|
},
|
|
|
|
responseType: 'json',
|
|
|
|
});
|
|
|
|
t.fail('Trying to login with wrong username should fail with a 403');
|
|
|
|
} catch(err) {
|
|
|
|
t.equal(err.message, 'Response code 403 (Forbidden)', 'Trying to login with wrong username should fail with a 403');
|
|
|
|
}
|
|
|
|
});
|
|
|
|
|
2023-05-08 15:29:19 +02:00
|
|
|
test('test-cases/01basic.js: PUT /accounts/{id}/fields', async t => {
|
|
|
|
const res = await got.put(`${process.env.AUTH_URL}/accounts/${user.id}/fields`, {
|
2021-06-24 01:55:47 +02:00
|
|
|
headers: { 'Authorization': `bearer ${adminJWTString}`},
|
|
|
|
json: [
|
|
|
|
{
|
|
|
|
name: 'foo',
|
|
|
|
values: ['bar'],
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: 'role',
|
|
|
|
values: ['tomte'],
|
|
|
|
}
|
|
|
|
],
|
|
|
|
responseType: 'json',
|
|
|
|
});
|
|
|
|
|
|
|
|
t.equal(user.id, res.body.id, 'The responded account id should be the same as the old one');
|
|
|
|
t.equal(Object.keys(res.body.fields).length, 2, 'There should only be two fields in total');
|
|
|
|
t.equal(JSON.stringify(res.body.fields.foo), '["bar"]', 'The foo field should have values ["bar"]');
|
|
|
|
t.equal(JSON.stringify(res.body.fields.role), '["tomte"]', 'The role field should have values ["tomte"]');
|
|
|
|
|
|
|
|
// Overload the previous user
|
|
|
|
user.fields = res.body.fields;
|
|
|
|
user.name = res.body.name;
|
|
|
|
});
|
|
|
|
|
2021-06-24 00:42:54 +02:00
|
|
|
test('test-cases/01basic.js: Remove an account', async t => {
|
|
|
|
try {
|
|
|
|
// Random uuid that should not exist in the db. The chance of this existing is... small
|
2023-05-08 15:29:19 +02:00
|
|
|
await got.delete(`${process.env.AUTH_URL}/accounts/a423e690-74b9-4f37-9976-f5bf75a5ea32`, {
|
2021-06-24 00:42:54 +02:00
|
|
|
headers: { 'Authorization': `bearer ${adminJWTString}`},
|
|
|
|
responseType: 'json',
|
2023-05-10 22:35:38 +02:00
|
|
|
retry: { limit: 0 },
|
2021-06-24 00:42:54 +02:00
|
|
|
});
|
|
|
|
t.fail('Response status for DELETing an account that does not exist should be 404');
|
|
|
|
} catch (err) {
|
|
|
|
t.equal(err.message, 'Response code 404 (Not Found)', 'Response status for DELETing an account that does not exist should be 404');
|
|
|
|
}
|
2021-06-23 22:30:45 +02:00
|
|
|
|
2023-05-08 15:29:19 +02:00
|
|
|
const delRes = await got.delete(`${process.env.AUTH_URL}/accounts/${user.id}`, {
|
2021-06-24 00:42:54 +02:00
|
|
|
headers: { 'Authorization': `bearer ${adminJWTString}`},
|
|
|
|
responseType: 'json',
|
2023-05-10 22:35:38 +02:00
|
|
|
retry: { limit: 0 },
|
2021-06-24 00:42:54 +02:00
|
|
|
});
|
|
|
|
|
|
|
|
t.equal(delRes.statusCode, 204, 'Response status for DELETE should be 204');
|
|
|
|
|
|
|
|
try {
|
2023-05-08 15:29:19 +02:00
|
|
|
await got(`${process.env.AUTH_URL}/accounts/${user.id}`, {
|
2021-06-24 00:42:54 +02:00
|
|
|
headers: { 'Authorization': `bearer ${adminJWTString}`},
|
|
|
|
responseType: 'json',
|
2023-05-10 22:35:38 +02:00
|
|
|
retry: { limit: 0 },
|
2021-06-24 00:42:54 +02:00
|
|
|
});
|
|
|
|
t.fail('Response status for GETing the account again should be 404');
|
|
|
|
} catch (err) {
|
|
|
|
t.equal(err.message, 'Response code 404 (Not Found)', 'Response status for GETing the account again should be 404');
|
|
|
|
}
|
2021-06-23 22:30:45 +02:00
|
|
|
});
|
2024-02-11 22:37:04 +01:00
|
|
|
|
|
|
|
test('test-cases/01basic.js: list accounts', async t => {
|
|
|
|
// Create three accounts we can have to test with
|
|
|
|
const users = [
|
|
|
|
{
|
|
|
|
fields: [{ name: 'role', values: ['user'] }],
|
|
|
|
name: crypto.randomUUID(),
|
|
|
|
password: crypto.randomUUID(),
|
|
|
|
},
|
|
|
|
{
|
|
|
|
fields: [{ name: 'role', values: ['user', 'field-surgeon'] }],
|
|
|
|
name: crypto.randomUUID(),
|
|
|
|
password: crypto.randomUUID(),
|
|
|
|
},
|
|
|
|
{
|
|
|
|
fields: [{ name: 'role', values: ['user'] }, { name: 'foo', values: ['bar']}],
|
|
|
|
name: crypto.randomUUID(),
|
|
|
|
password: crypto.randomUUID(),
|
|
|
|
},
|
|
|
|
];
|
|
|
|
|
|
|
|
for (const [idx, user] of Object.entries(users)) {
|
|
|
|
const res = await got.post(`${process.env.AUTH_URL}/accounts`, {
|
|
|
|
headers: { 'Authorization': `bearer ${adminJWTString}`},
|
|
|
|
json: user,
|
|
|
|
responseType: 'json',
|
|
|
|
});
|
|
|
|
users[idx].id = res.body.id;
|
|
|
|
}
|
|
|
|
|
|
|
|
// List accounts
|
|
|
|
const res = await got.get(`${process.env.AUTH_URL}/accounts`, {
|
|
|
|
headers: { 'Authorization': `bearer ${adminJWTString}`},
|
|
|
|
responseType: 'json',
|
|
|
|
});
|
|
|
|
|
|
|
|
let foundAccounts = 0
|
|
|
|
for (const account of res.body) {
|
|
|
|
for (const user of users) {
|
|
|
|
if (user.id === account.id) {
|
|
|
|
foundAccounts++;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
t.equal(foundAccounts, 3, 'Expected 3 accounts to be found, found: ' + foundAccounts);
|
|
|
|
|
|
|
|
// Clean up our test accounts
|
|
|
|
for (const [idx, user] of Object.entries(users)) {
|
|
|
|
await got.delete(`${process.env.AUTH_URL}/accounts/${user.id}`, {
|
|
|
|
headers: { 'Authorization': `bearer ${adminJWTString}`},
|
|
|
|
json: user,
|
|
|
|
responseType: 'json',
|
|
|
|
});
|
|
|
|
}
|
|
|
|
});
|