test(e2e/public/alias): test all error scenarios

Signed-off-by: David Mehren <git@herrmehren.de>
2025-01-23 01:12:37 +00:00 · 2021-12-14 20:23:07 +01:00 · 2021-12-14 20:23:07 +01:00 · 8f1aeab934
commit 8f1aeab934
parent 64b136fb8b
1 changed files with 38 additions and 0 deletions
--- a/test/public-api/alias.e2e-spec.ts
+++ b/test/public-api/alias.e2e-spec.ts
@ -86,6 +86,14 @@ describe('Alias', () => {
          .send(newAliasDto)
          .expect(400);
      });
+      it('because the user is not an owner', async () => {
+        await request(testSetup.app.getHttpServer())
+          .post(`/api/v2/alias`)
+          .set('Authorization', `Bearer ${testSetup.authTokens[1].secret}`)
+          .set('Content-Type', 'application/json')
+          .send(newAliasDto)
+          .expect(401);
+      });
    });
  });

@ -137,6 +145,22 @@ describe('Alias', () => {
          .send(changeAliasDto)
          .expect(404);
      });
+      it('a note with a forbidden id', async () => {
+        await request(testSetup.app.getHttpServer())
+          .put(`/api/v2/alias/${forbiddenNoteId}`)
+          .set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
+          .set('Content-Type', 'application/json')
+          .send(changeAliasDto)
+          .expect(400);
+      });
+      it('if the user is not an owner', async () => {
+        await request(testSetup.app.getHttpServer())
+          .put(`/api/v2/alias/${newAlias}`)
+          .set('Authorization', `Bearer ${testSetup.authTokens[1].secret}`)
+          .set('Content-Type', 'application/json')
+          .send(changeAliasDto)
+          .expect(401);
+      });
      it('if the property primaryAlias is false', async () => {
        changeAliasDto.primaryAlias = false;

@ -181,6 +205,20 @@ describe('Alias', () => {
        .expect(404);
    });

+    it('errors on forbidden notes', async () => {
+      await request(testSetup.app.getHttpServer())
+        .delete(`/api/v2/alias/${forbiddenNoteId}`)
+        .set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
+        .expect(400);
+    });
+
+    it('errors if the user is not the owner', async () => {
+      await request(testSetup.app.getHttpServer())
+        .delete(`/api/v2/alias/${testAlias}`)
+        .set('Authorization', `Bearer ${testSetup.authTokens[1].secret}`)
+        .expect(401);
+    });
+
    it('does not delete a primary alias (if it is not the only one)', async () => {
      const note = await testSetup.notesService.getNoteByIdOrAlias(testAlias);
      await testSetup.aliasService.addAlias(note, newAlias);