jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Add token scope tests in routes

Browse Source
This commit is contained in:
Johannes Zellner
2022-09-24 20:56:43 +02:00
parent 6d7f7fbc9a
commit cde22cd0a3
2 changed files with 32 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
src/routes/test/tokens-test.js
View File

@@ -15,7 +15,7 @@ describe('Tokens API', function () {
before(setup);
after(cleanup);
let token;
let token, readOnlyToken;
it('cannot create token with bad name', async function () {
const response = await superagent.post(`${serverUrl}/api/v1/tokens`)
@@ -35,13 +35,42 @@ describe('Tokens API', function () {
token = response.body;
});
it('can create read-only token', async function () {
const response = await superagent.post(`${serverUrl}/api/v1/tokens`)
.query({ access_token: owner.token })
.send({ name: 'mytoken1', scope: { '*': 'r' }});
expect(response.status).to.equal(201);
expect(response.body).to.be.a('object');
readOnlyToken = response.body;
});
it('cannot create read-only token with invalid scope', async function () {
const response = await superagent.post(`${serverUrl}/api/v1/tokens`)
.query({ access_token: owner.token })
.send({ name: 'mytoken1', scope: { 'foobar': 'rw' }})
.ok(() => true);
expect(response.status).to.equal(400);
});
it('can list tokens', async function () {
const response = await superagent.get(`${serverUrl}/api/v1/tokens`)
.query({ access_token: owner.token });
expect(response.statusCode).to.equal(200);
expect(response.body.tokens.length).to.be(2); // one is owner token on activation
expect(response.body.tokens.length).to.be(3); // one is owner token on activation
const tokenIds = response.body.tokens.map(t => t.id);
expect(tokenIds).to.contain(token.id);
expect(tokenIds).to.contain(readOnlyToken.id);
});
it('cannot create applink with read only token', async function () {
const response = await superagent.post(`${serverUrl}/api/v1/applinks`)
.query({ access_token: readOnlyToken.accessToken })
.send({ upstreamUri: 'https://cloudron.io' })
.ok(() => true);
expect(response.status).to.equal(403);
});
it('cannot get non-existent token', async function () {