github/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2024-10-18 21:30:15 -04:00
Code Issues Projects Releases Packages Wiki Activity

test(e2e/private/tokens): check token can't be deleted by wrong user

Browse source 
Signed-off-by: David Mehren <git@herrmehren.de>
This commit is contained in:
David Mehren 2022-06-26 23:26:21 +02:00 committed by Yannick Bungers
parent 921cffb76f
commit 7256717611
1 changed files with 24 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

39
backend/test/private-api/tokens.e2e-spec.ts
View file

@ -12,22 +12,16 @@ describe('Tokens', () => {
let testSetup: TestSetup; let testSetup: TestSetup;
let agent: request.SuperAgentTest; let agent: request.SuperAgentTest;
let user: User;
let keyId: string; let keyId: string;
beforeAll(async () => { beforeAll(async () => {
testSetup = await TestSetupBuilder.create().build(); testSetup = await TestSetupBuilder.create().withUsers().build();
const username = 'hardcoded';
const password = 'AHardcodedStrongP@ssword123';
user = await testSetup.userService.createUser(username, 'Testy');
await testSetup.identityService.createLocalIdentity(user, password);
await testSetup.app.init(); await testSetup.app.init();
agent = request.agent(testSetup.app.getHttpServer()); agent = request.agent(testSetup.app.getHttpServer());
await agent await agent
.post('/api/private/auth/local/login') .post('/api/private/auth/local/login')
.send({ username: username, password: password }) .send({ username: 'testuser1', password: 'testuser1' })
.expect(201); .expect(201);
}); });
@ -55,7 +49,7 @@ describe('Tokens', () => {
}); });
it(`GET /tokens`, async () => { it(`GET /tokens`, async () => {
const tokenName = 'testToken'; const tokenName = 'test';
const response = await agent const response = await agent
.get('/api/private/tokens/') .get('/api/private/tokens/')
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
@ -68,16 +62,31 @@ describe('Tokens', () => {
expect(response.body[0].secret).not.toBeDefined(); expect(response.body[0].secret).not.toBeDefined();
}); });
it(`DELETE /tokens/:keyid`, async () => { it(`DELETE /tokens/:keyid`, async () => {
const response = await agent // try to delete token with wrong user
const agent2 = request.agent(testSetup.app.getHttpServer());
await agent2
.post('/api/private/auth/local/login')
.send({ username: 'testuser2', password: 'testuser2' })
.expect(201);
let response = await agent2
.delete('/api/private/tokens/' + keyId) .delete('/api/private/tokens/' + keyId)
.expect(204); .expect(401);
expect(response.body.statusCode).toEqual(401);
// delete token with correct user
response = await agent.delete('/api/private/tokens/' + keyId).expect(204);
expect(response.body).toStrictEqual({}); expect(response.body).toStrictEqual({});
});
it(`GET /tokens 2`, async () => { // token should be deleted
const response = await agent response = await agent
.get('/api/private/tokens/') .get('/api/private/tokens/')
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
.expect(200); .expect(200);
expect(response.body).toStrictEqual([]); const tokenList: any[] = response.body;
expect(
tokenList.find((token: any) => {
return token.keyId === keyId;
}),
).toBeUndefined();
}); });
}); });