jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
8e0d1b61afbaf0d149bb750fb1d8fe7e0cb96d3f
cloudron-box/src/routes/test/api-test.js
Girish Ramakrishnan 43f86674b4 Remove delay module
2022-04-15 07:52:35 -05:00

106 lines
3.9 KiB
JavaScript
Raw Blame History

/* jslint node:true */
/* global it:false */
/* global describe:false */
/* global before:false */
/* global after:false */
'use strict';
const common = require('./common.js'),
delay = require('../../delay.js'),
expect = require('expect.js'),
superagent = require('superagent'),
tokens = require('../../tokens.js');
describe('REST API', function () {
const { setup, cleanup, serverUrl, owner, user } = common;
before(setup);
after(cleanup);
describe('express handlers', function () {
it('does not crash with invalid JSON', async function () {
const response = await superagent.post(`${serverUrl}/api/v1/users`)
.query({ access_token: owner.token })
.set('content-type', 'application/json')
.send('some invalid non-strict json')
.ok(() => true);
expect(response.statusCode).to.equal(400);
expect(response.body.message).to.be('Failed to parse body');
});
it('does not crash with invalid string', async function () {
const response = await superagent.post(`${serverUrl}/api/v1/users`)
.query({ access_token: owner.token })
.set('content-type', 'application/x-www-form-urlencoded')
.send('some string')
.ok(() => true);
expect(response.statusCode).to.equal(400);
});
});
describe('authentication', function () {
it('cannot get userInfo only with basic auth', async function () {
const response = await superagent.get(`${serverUrl}/api/v1/users/${user.id}`)
.auth(owner.username, owner.password)
.ok(() => true);
expect(response.statusCode).to.equal(401);
});
it('cannot get userInfo with invalid token (token length)', async function () {
const response = await superagent.get(`${serverUrl}/api/v1/users/${user.id}`)
.query({ access_token: 'x' + owner.token })
.ok(() => true);
expect(response.statusCode).to.equal(401);
});
it('can get userInfo with token in auth header', async function () {
const response = await superagent.get(`${serverUrl}/api/v1/users/${user.id}`)
.set('Authorization', 'Bearer ' + owner.token);
expect(response.statusCode).to.equal(200);
expect(response.body.username).to.equal(user.username.toLowerCase());
expect(response.body.email).to.equal(user.email.toLowerCase());
});
it('cannot get userInfo with invalid token in auth header', async function () {
const response = await superagent.get(`${serverUrl}/api/v1/users/${user.id}`)
.set('Authorization', 'Bearer ' + 'x' + owner.token)
.ok(() => true);
expect(response.statusCode).to.equal(401);
});
it('cannot get userInfo with expired token', async function () {
const token2 = {
name: 'token2',
identifier: owner.id,
clientId: 'clientid-2',
expires: Date.now() + 2000, // expires in 3 seconds
lastUsedTime: null
};
let result = await tokens.add(token2);
token2.id = result.id;
token2.accessToken = result.accessToken;
const response = await superagent.get(`${serverUrl}/api/v1/users/${user.id}`)
.set('Authorization', 'Bearer ' + token2.accessToken);
expect(response.statusCode).to.be(200);
await delay(3000); // wait for token to expire
const response2 = await superagent.get(`${serverUrl}/api/v1/users/${user.id}`)
.set('Authorization', 'Bearer ' + token2.accessToken)
.ok(() => true);
expect(response2.statusCode).to.be(401);
});
});
});
Reference in New Issue View Git Blame Copy Permalink