~vpzom/bracketmonster

ea4fc47be334133d756a2fae7e421b20d299af82 — Colin Reeder 5 months ago 23ee25d
More tests
1 files changed, 143 insertions(+), 0 deletions(-)

M tests/src/index.ts
M tests/src/index.ts => tests/src/index.ts +143 -0
@@ 4,6 4,15 @@ import * as request from "supertest";

const server = process.env.API_HOST || "http://localhost:5000";

function createUser(): Promise<{token: string; user: {id: number}}> {
	return Promise.resolve(
		request(server)
			.post("/v1/users")
			.expect(200)
	)
		.then(res => res.body);
}

test("create an anonymous account", async t => {
	await request(server)
		.post("/v1/users")


@@ 59,3 68,137 @@ test("login", async t => {

	t.pass();
});

test("login to account without password should fail", async t => {
	const token = (await createUser()).token;

	const username = hat();

	await request(server)
		.patch("/v1/users/~me")
		.set("Authorization", "Bearer " + token)
		.send({username})
		.expect(204);

	await request(server)
		.post("/unstable/loginSessions")
		.send({username, password: hat()})
		.expect(400);

	t.pass();
});

test("user editing should be disallowed without login", async t => {
	const bob = (await createUser()).user;

	await request(server)
		.patch("/v1/users/" + bob.id)
		.send({password: hat()})
		.expect(400);

	t.pass();
});

test("user editing should be disallowed for others", async t => {
	const [alice, malloryToken] = await Promise.all([
		createUser()
			.then(res => res.user),
		createUser()
			.then(res => res.token),
	]);

	await request(server)
		.patch("/v1/users/" + alice.id)
		.send({password: hat()})
		.set("Authorization", "Bearer " + malloryToken)
		.expect(403);

	t.pass();
});

test("creating a bracket should add it to the user's brackets", async t => {
	const charlie = await createUser();

	const bracket = (await request(server)
		.post("/v1/brackets")
		.send({name: hat(), players: [hat(), hat(), hat(), hat()], type: "RoundRobin"})
		.set("Authorization", "Bearer " + charlie.token)
		.expect(200)).body;

	const myBrackets = (await request(server)
		.get("/v1/users/~me/brackets")
		.set("Authorization", "Bearer " + charlie.token)
		.expect(200)).body;

	let found = null;

	for(const item of myBrackets) {
		if(item.id === bracket.id) {
			found = item;
			break;
		}
	}

	t.not(found, null);
});

test("disallowed username characters should not be allowed (creation)", async t => {
	await request(server)
		.post("/v1/users")
		.send({username: "~" + hat(), password: hat()})
		.expect(400);

	t.pass();
});

test("disallowed username characters should not be allowed (editing)", async t => {
	const user = await createUser();

	await request(server)
		.patch("/v1/users/~me")
		.send({username: "~" + hat()})
		.set("Authorization", "Bearer " + user.token)
		.expect(400);

	t.pass();
});

test("requesting my info when logged out should give 401", async t => {
	await request(server)
		.get("/v1/users/~me")
		.expect(401);

	t.pass();
});

test("password change", async t => {
	const username = hat();
	const password1 = hat();
	const password2 = hat();

	const user = (await request(server)
		.post("/v1/users")
		.send({username, password: password1})
		.expect(200)).body;

	// Change to new password
	await request(server)
		.patch("/v1/users/~me")
		.send({password: password2})
		.set("Authorization", "Bearer " + user.token)
		.expect(204);

	// Make sure old password no longer works
	await request(server)
		.post("/unstable/loginSessions")
		.send({username, password: password1})
		.expect(403);

	// Make sure new password works
	await request(server)
		.post("/unstable/loginSessions")
		.send({username, password: password2})
		.expect(200);

	t.pass();
});