From a84cdc3d097b9fb6d4b4e84849065b6ab83cd217 Mon Sep 17 00:00:00 2001 From: Girish Ramakrishnan Date: Sat, 1 Feb 2020 10:00:52 -0800 Subject: [PATCH] app password: add tests for the rest routes --- src/routes/apppasswords.js | 5 ++- src/routes/test/users-test.js | 70 +++++++++++++++++++++++++++++++++++ 2 files changed, 73 insertions(+), 2 deletions(-) diff --git a/src/routes/apppasswords.js b/src/routes/apppasswords.js index 75bd8b24e..f524dc42d 100644 --- a/src/routes/apppasswords.js +++ b/src/routes/apppasswords.js @@ -34,7 +34,7 @@ function add(req, res, next) { users.addAppPassword(req.user.id, req.body.identifier, req.body.name, function (error, result) { if (error) return next(BoxError.toHttpError(error)); - next(new HttpSuccess(200, result)); + next(new HttpSuccess(201, result)); }); } @@ -44,7 +44,7 @@ function list(req, res, next) { users.getAppPasswords(req.user.id, function (error, result) { if (error) return next(BoxError.toHttpError(error)); - next(new HttpSuccess(200, result)); + next(new HttpSuccess(200, { appPasswords: result })); }); } @@ -52,6 +52,7 @@ function del(req, res, next) { assert.strictEqual(typeof req.user, 'object'); assert.strictEqual(typeof req.params.id, 'string'); + // TODO: verify userId owns the id ? users.delAppPassword(req.params.id, function (error) { if (error) return next(BoxError.toHttpError(error)); diff --git a/src/routes/test/users-test.js b/src/routes/test/users-test.js index 212320210..76d4ca302 100644 --- a/src/routes/test/users-test.js +++ b/src/routes/test/users-test.js @@ -728,5 +728,75 @@ describe('Users API', function () { done(); }); }); + + it('cannot add app password with invalid token', function (done) { + superagent.post(SERVER_URL + '/api/v1/app_passwords') + .query({ access_token: token + 'xx' }) + .send({ name: 'my-device', identifier: 'someapp' }) + .end(function (error, result) { + expect(result.statusCode).to.equal(401); + done(); + }); + }); + + it('cannot add app password without name', function (done) { + superagent.post(SERVER_URL + '/api/v1/app_passwords') + .query({ access_token: token }) + .send({ identifier: 'someapp' }) + .end(function (error, result) { + expect(result.statusCode).to.equal(400); + done(); + }); + }); + + let pwd; + it('can add app password', function (done) { + superagent.post(SERVER_URL + '/api/v1/app_passwords') + .query({ access_token: token }) + .send({ name: 'my-device', identifier: 'someapp' }) + .end(function (error, result) { + expect(result.statusCode).to.equal(201); + expect(result.body.password).to.be.a('string'); + pwd = result.body; + done(); + }); + }); + + it('can get app passwords', function (done) { + superagent.get(SERVER_URL + '/api/v1/app_passwords') + .query({ access_token: token }) + .end(function (error, result) { + expect(result.statusCode).to.equal(200); + expect(result.body.appPasswords).to.be.an(Array); + expect(result.body.appPasswords.length).to.be(1); + expect(result.body.appPasswords[0].name).to.be('my-device'); + expect(result.body.appPasswords[0].identifier).to.be('someapp'); + expect(result.body.appPasswords[0].hashedPassword).to.be(undefined); + expect(result.body.appPasswords[0].password).to.be(undefined); + done(); + }); + }); + + it('can get app password', function (done) { + superagent.get(SERVER_URL + '/api/v1/app_passwords/' + pwd.id) + .query({ access_token: token }) + .end(function (error, result) { + expect(result.statusCode).to.equal(200); + expect(result.body.name).to.be('my-device'); + expect(result.body.identifier).to.be('someapp'); + expect(result.body.hashedPassword).to.be(undefined); + expect(result.body.password).to.be(undefined); + done(); + }); + }); + + it('can del app password', function (done) { + superagent.del(SERVER_URL + '/api/v1/app_passwords/' + pwd.id) + .query({ access_token: token }) + .end(function (error, result) { + expect(result.statusCode).to.equal(204); + done(); + }); + }); });