jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

add usermanager tests

Browse Source
This commit is contained in:
Girish Ramakrishnan
2020-02-14 14:34:29 -08:00
parent 655a740b0c
commit 00c6ad675e
3 changed files with 140 additions and 51 deletions
Download Patch File Download Diff File Expand all files Collapse all files

169
src/routes/test/users-test.js
View File

@@ -483,7 +483,6 @@ describe('Users API', function () {
});
describe('admin status', function () {
it('set second user as admin succeeds', function (done) {
superagent.post(SERVER_URL + '/api/v1/users/' + user_1.id)
.query({ access_token: token })
@@ -593,45 +592,6 @@ describe('Users API', function () {
});
});
describe('remove', function () {
it('remove random user fails', function (done) {
superagent.del(SERVER_URL + '/api/v1/users/randomid')
.query({ access_token: token })
.end(function (err, res) {
expect(res.statusCode).to.equal(404);
done();
});
});
it('user removes himself is not allowed', function (done) {
superagent.del(SERVER_URL + '/api/v1/users/' + user_0.id)
.query({ access_token: token })
.end(function (err, res) {
expect(res.statusCode).to.equal(409);
done();
});
});
it('admin removes normal user', function (done) {
superagent.del(SERVER_URL + '/api/v1/users/' + user_1.id)
.query({ access_token: token })
.end(function (err, res) {
expect(res.statusCode).to.equal(204);
done();
});
});
it('admin removes himself should not be allowed', function (done) {
superagent.del(SERVER_URL + '/api/v1/users/' + user_0.id)
.query({ access_token: token })
.end(function (err, res) {
expect(res.statusCode).to.equal(409);
done();
});
});
});
describe('update', function () {
// Change email
it('change email fails due to missing token', function (done) {
@@ -835,5 +795,134 @@ describe('Users API', function () {
});
});
});
describe('permissions', function () {
it('can make second user a usermanager', function (done) {
superagent.post(SERVER_URL + '/api/v1/users/' + user_1.id)
.query({ access_token: token })
.send({ permissions: [ 'manage_users' ] })
.end(function (err, res) {
expect(res.statusCode).to.equal(204);
done();
});
});
it('can list users as usermanager', function (done) {
superagent.get(SERVER_URL + '/api/v1/users')
.query({ access_token: token_1 })
.end(function (error, res) {
expect(res.statusCode).to.equal(200);
done();
});
});
it('cannot set password of admin', function (done) {
superagent.post(SERVER_URL + '/api/v1/users/' + user_0.id + '/password')
.query({ access_token: token_1 })
.send({ password: 'bigenough' })
.end(function (error, result) {
expect(result.statusCode).to.equal(403);
done();
});
});
it('can set password of another', function (done) {
superagent.post(SERVER_URL + '/api/v1/users/' + user_2.id + '/password')
.query({ access_token: token_1 })
.send({ password: 'bigenough' })
.end(function (error, result) {
expect(result.statusCode).to.equal(204);
done();
});
});
it('cannot create invite for admin', function (done) {
superagent.post(SERVER_URL + '/api/v1/users/' + user_0.id + '/create_invite')
.query({ access_token: token_1 })
.send({})
.end(function (err, result) {
expect(result.statusCode).to.equal(403);
done();
});
});
it('cannot change admin bit of another', function (done) {
superagent.post(SERVER_URL + '/api/v1/users/' + user_2.id)
.query({ access_token: token_1 })
.send({ admin: true })
.end(function (err, result) {
expect(result.statusCode).to.equal(403);
done();
});
});
it('cannot change admin bit of self', function (done) {
superagent.post(SERVER_URL + '/api/v1/users/' + user_1.id)
.query({ access_token: token_1 })
.send({ admin: true })
.end(function (err, result) {
expect(result.statusCode).to.equal(403);
done();
});
});
it('cannot remove admin', function (done) {
superagent.del(SERVER_URL + '/api/v1/users/' + user_0.id)
.query({ access_token: token_1 })
.end(function (err, res) {
expect(res.statusCode).to.equal(403);
done();
});
});
it('can remove normal user', function (done) {
superagent.del(SERVER_URL + '/api/v1/users/' + user_2.id)
.query({ access_token: token_1 })
.end(function (err, res) {
expect(res.statusCode).to.equal(204);
done();
});
});
});
describe('remove', function () {
it('remove random user fails', function (done) {
superagent.del(SERVER_URL + '/api/v1/users/randomid')
.query({ access_token: token })
.end(function (err, res) {
expect(res.statusCode).to.equal(404);
done();
});
});
it('user removes himself is not allowed', function (done) {
superagent.del(SERVER_URL + '/api/v1/users/' + user_0.id)
.query({ access_token: token })
.end(function (err, res) {
expect(res.statusCode).to.equal(409);
done();
});
});
it('admin removes normal user', function (done) {
superagent.del(SERVER_URL + '/api/v1/users/' + user_1.id)
.query({ access_token: token })
.end(function (err, res) {
expect(res.statusCode).to.equal(204);
done();
});
});
it('admin removes himself should not be allowed', function (done) {
superagent.del(SERVER_URL + '/api/v1/users/' + user_0.id)
.query({ access_token: token })
.end(function (err, res) {
expect(res.statusCode).to.equal(409);
done();
});
});
});
});