strapi/packages/strapi-plugin-users-permissions/tests/graphql.test.e2e.js

'use strict';

// Helpers.
const { createStrapiInstance } = require('../../../test/helpers/strapi');
const { createAuthRequest, createRequest } = require('../../../test/helpers/request');

let strapi;
let authReq;
const data = {};

describe('Test Graphql user service', () => {
  beforeAll(async () => {
    strapi = await createStrapiInstance();
    authReq = await createAuthRequest({ strapi });
  });

  afterAll(async () => {
    await strapi.destroy();
  });

  describe('Check createUser authorizations', () => {
    test('createUser is forbidden to public', async () => {
      const rq = createRequest({ strapi });
      const res = await rq({
        url: '/graphql',
        method: 'POST',
        body: {
          query: /* GraphQL */ `
            mutation {
              createUser(input: { data: { username: "test", email: "test", password: "test" } }) {
                user {
                  id
                  username
                }
              }
            }
          `,
        },
      });

      expect(res.statusCode).toBe(200);
      expect(res.body).toMatchObject({
        data: {
          createUser: null,
        },
        errors: [
          {
            message: 'Forbidden',
          },
        ],
      });
    });

    test('createUser is authorized for admins', async () => {
      const res = await authReq({
        url: '/graphql',
        method: 'POST',
        body: {
          query: /* GraphQL */ `
            mutation {
              createUser(
                input: {
                  data: { username: "test", email: "test-graphql@strapi.io", password: "test" }
                }
              ) {
                user {
                  id
                  username
                }
              }
            }
          `,
        },
      });

      expect(res.statusCode).toBe(200);
      expect(res.body).toMatchObject({
        data: {
          createUser: {
            user: {
              id: expect.anything(),
              username: 'test',
            },
          },
        },
      });

      data.user = res.body.data.createUser.user;
    });
  });

  describe('Check updateUser authorizations', () => {
    test('updateUser is forbidden to public', async () => {
      const rq = createRequest({ strapi });
      const res = await rq({
        url: '/graphql',
        method: 'POST',
        body: {
          query: /* GraphQL */ `
            mutation {
              updateUser(
                input: {
                  where: { id: 1 }
                  data: { username: "test", email: "test", password: "test" }
                }
              ) {
                user {
                  id
                  username
                }
              }
            }
          `,
        },
      });

      expect(res.statusCode).toBe(200);
      expect(res.body).toMatchObject({
        data: {
          updateUser: null,
        },
        errors: [
          {
            message: 'Forbidden',
          },
        ],
      });
    });

    test('updateUser is authorized for admins', async () => {
      const res = await authReq({
        url: '/graphql',
        method: 'POST',
        body: {
          query: /* GraphQL */ `
            mutation updateUser($id: ID!) {
              updateUser(input: { where: { id: $id }, data: { username: "newUsername" } }) {
                user {
                  id
                  username
                }
              }
            }
          `,
          variables: {
            id: data.user.id,
          },
        },
      });

      expect(res.statusCode).toBe(200);
      expect(res.body).toMatchObject({
        data: {
          updateUser: {
            user: {
              id: expect.anything(),
              username: 'newUsername',
            },
          },
        },
      });

      data.user = res.body.data.updateUser.user;
    });
  });

  describe('Check deleteUser authorizations', () => {
    test('deleteUser is forbidden to public', async () => {
      const rq = createRequest({ strapi });
      const res = await rq({
        url: '/graphql',
        method: 'POST',
        body: {
          query: /* GraphQL */ `
            mutation deleteUser($id: ID!) {
              deleteUser(input: { where: { id: $id } }) {
                user {
                  id
                  username
                }
              }
            }
          `,
          variables: {
            id: data.user.id,
          },
        },
      });

      expect(res.statusCode).toBe(200);
      expect(res.body).toMatchObject({
        data: {
          deleteUser: null,
        },
        errors: [
          {
            message: 'Forbidden',
          },
        ],
      });
    });

    test('deleteUser is authorized for admins', async () => {
      const res = await authReq({
        url: '/graphql',
        method: 'POST',
        body: {
          query: /* GraphQL */ `
            mutation deleteUser($id: ID!) {
              deleteUser(input: { where: { id: $id } }) {
                user {
                  id
                  username
                }
              }
            }
          `,
          variables: {
            id: data.user.id,
          },
        },
      });

      expect(res.statusCode).toBe(200);
      expect(res.body).toMatchObject({
        data: {
          deleteUser: {
            user: data.user,
          },
        },
      });
    });
  });
});
Make lint stricter and fix the errors Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-10-27 11:27:17 +01:00			`'use strict';`

Add tests on graphql upload and user perm graphql 2019-09-18 12:07:59 +02:00			`// Helpers.`
Add all missing e2e tests (draft) Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-11-17 15:38:41 +01:00			`const { createStrapiInstance } = require('../../../test/helpers/strapi');`
Fix context issue in custom GraphQL query and mutation (#5532) * fix context issue in custom query and mutation Signed-off-by: harimkims <harimkims@gmail.com> * merge only state-related context Signed-off-by: harimkims <harimkims@gmail.com> * roll back the code, fix the test instead Signed-off-by: harimkims <harimkims@gmail.com> 2020-03-20 22:24:14 +09:00			`const { createAuthRequest, createRequest } = require('../../../test/helpers/request');`
Add tests on graphql upload and user perm graphql 2019-09-18 12:07:59 +02:00
Add all missing e2e tests (draft) Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-11-17 15:38:41 +01:00			`let strapi;`
Add tests on graphql upload and user perm graphql 2019-09-18 12:07:59 +02:00			`let authReq;`
			`const data = {};`

			`describe('Test Graphql user service', () => {`
			`beforeAll(async () => {`
Cleanup Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-11-30 20:20:36 +01:00			`strapi = await createStrapiInstance();`
Add all missing e2e tests (draft) Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-11-17 15:38:41 +01:00			`authReq = await createAuthRequest({ strapi });`
Use a global timeout instead of redefining it everytime 2021-03-26 20:15:38 +01:00			`});`
Add tests on graphql upload and user perm graphql 2019-09-18 12:07:59 +02:00
Add all missing e2e tests (draft) Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-11-17 15:38:41 +01:00			`afterAll(async () => {`
			`await strapi.destroy();`
			`});`

Add tests on graphql upload and user perm graphql 2019-09-18 12:07:59 +02:00			`describe('Check createUser authorizations', () => {`
			`test('createUser is forbidden to public', async () => {`
Add all missing e2e tests (draft) Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-11-17 15:38:41 +01:00			`const rq = createRequest({ strapi });`
Add tests on graphql upload and user perm graphql 2019-09-18 12:07:59 +02:00			`const res = await rq({`
			`url: '/graphql',`
			`method: 'POST',`
			`body: {`
			query: /* GraphQL */ `
			`mutation {`
Fix context issue in custom GraphQL query and mutation (#5532) * fix context issue in custom query and mutation Signed-off-by: harimkims <harimkims@gmail.com> * merge only state-related context Signed-off-by: harimkims <harimkims@gmail.com> * roll back the code, fix the test instead Signed-off-by: harimkims <harimkims@gmail.com> 2020-03-20 22:24:14 +09:00			`createUser(input: { data: { username: "test", email: "test", password: "test" } }) {`
Add tests on graphql upload and user perm graphql 2019-09-18 12:07:59 +02:00			`user {`
			`id`
			`username`
			`}`
			`}`
			`}`
			`,
			`},`
			`});`

			`expect(res.statusCode).toBe(200);`
			`expect(res.body).toMatchObject({`
			`data: {`
			`createUser: null,`
			`},`
			`errors: [`
			`{`
			`message: 'Forbidden',`
			`},`
			`],`
			`});`
			`});`

			`test('createUser is authorized for admins', async () => {`
			`const res = await authReq({`
			`url: '/graphql',`
			`method: 'POST',`
			`body: {`
			query: /* GraphQL */ `
			`mutation {`
			`createUser(`
Remove email update of admin during test that break next tests Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-05-18 20:39:39 +02:00			`input: {`
			`data: { username: "test", email: "test-graphql@strapi.io", password: "test" }`
			`}`
Add tests on graphql upload and user perm graphql 2019-09-18 12:07:59 +02:00			`) {`
			`user {`
			`id`
			`username`
			`}`
			`}`
			`}`
			`,
			`},`
			`});`

Fix context issue in custom GraphQL query and mutation (#5532) * fix context issue in custom query and mutation Signed-off-by: harimkims <harimkims@gmail.com> * merge only state-related context Signed-off-by: harimkims <harimkims@gmail.com> * roll back the code, fix the test instead Signed-off-by: harimkims <harimkims@gmail.com> 2020-03-20 22:24:14 +09:00			`expect(res.statusCode).toBe(200);`
Add tests on graphql upload and user perm graphql 2019-09-18 12:07:59 +02:00			`expect(res.body).toMatchObject({`
			`data: {`
			`createUser: {`
			`user: {`
			`id: expect.anything(),`
			`username: 'test',`
			`},`
			`},`
			`},`
			`});`

			`data.user = res.body.data.createUser.user;`
			`});`
			`});`

			`describe('Check updateUser authorizations', () => {`
			`test('updateUser is forbidden to public', async () => {`
Add all missing e2e tests (draft) Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-11-17 15:38:41 +01:00			`const rq = createRequest({ strapi });`
Add tests on graphql upload and user perm graphql 2019-09-18 12:07:59 +02:00			`const res = await rq({`
			`url: '/graphql',`
			`method: 'POST',`
			`body: {`
			query: /* GraphQL */ `
			`mutation {`
			`updateUser(`
			`input: {`
			`where: { id: 1 }`
			`data: { username: "test", email: "test", password: "test" }`
			`}`
			`) {`
			`user {`
			`id`
			`username`
			`}`
			`}`
			`}`
			`,
			`},`
			`});`

			`expect(res.statusCode).toBe(200);`
			`expect(res.body).toMatchObject({`
			`data: {`
			`updateUser: null,`
			`},`
			`errors: [`
			`{`
			`message: 'Forbidden',`
			`},`
			`],`
			`});`
			`});`

			`test('updateUser is authorized for admins', async () => {`
			`const res = await authReq({`
			`url: '/graphql',`
			`method: 'POST',`
			`body: {`
			query: /* GraphQL */ `
			`mutation updateUser($id: ID!) {`
Fix context issue in custom GraphQL query and mutation (#5532) * fix context issue in custom query and mutation Signed-off-by: harimkims <harimkims@gmail.com> * merge only state-related context Signed-off-by: harimkims <harimkims@gmail.com> * roll back the code, fix the test instead Signed-off-by: harimkims <harimkims@gmail.com> 2020-03-20 22:24:14 +09:00			`updateUser(input: { where: { id: $id }, data: { username: "newUsername" } }) {`
Add tests on graphql upload and user perm graphql 2019-09-18 12:07:59 +02:00			`user {`
			`id`
			`username`
			`}`
			`}`
			`}`
			`,
			`variables: {`
			`id: data.user.id,`
			`},`
			`},`
			`});`

			`expect(res.statusCode).toBe(200);`
			`expect(res.body).toMatchObject({`
			`data: {`
			`updateUser: {`
			`user: {`
			`id: expect.anything(),`
			`username: 'newUsername',`
			`},`
			`},`
			`},`
			`});`

			`data.user = res.body.data.updateUser.user;`
			`});`
			`});`

			`describe('Check deleteUser authorizations', () => {`
			`test('deleteUser is forbidden to public', async () => {`
Add all missing e2e tests (draft) Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-11-17 15:38:41 +01:00			`const rq = createRequest({ strapi });`
Add tests on graphql upload and user perm graphql 2019-09-18 12:07:59 +02:00			`const res = await rq({`
			`url: '/graphql',`
			`method: 'POST',`
			`body: {`
			query: /* GraphQL */ `
			`mutation deleteUser($id: ID!) {`
			`deleteUser(input: { where: { id: $id } }) {`
			`user {`
			`id`
			`username`
			`}`
			`}`
			`}`
			`,
			`variables: {`
			`id: data.user.id,`
			`},`
			`},`
			`});`

			`expect(res.statusCode).toBe(200);`
			`expect(res.body).toMatchObject({`
			`data: {`
			`deleteUser: null,`
			`},`
			`errors: [`
			`{`
			`message: 'Forbidden',`
			`},`
			`],`
			`});`
			`});`

			`test('deleteUser is authorized for admins', async () => {`
			`const res = await authReq({`
			`url: '/graphql',`
			`method: 'POST',`
			`body: {`
			query: /* GraphQL */ `
			`mutation deleteUser($id: ID!) {`
			`deleteUser(input: { where: { id: $id } }) {`
			`user {`
			`id`
			`username`
			`}`
			`}`
			`}`
			`,
			`variables: {`
			`id: data.user.id,`
			`},`
			`},`
			`});`

			`expect(res.statusCode).toBe(200);`
			`expect(res.body).toMatchObject({`
			`data: {`
			`deleteUser: {`
			`user: data.user,`
			`},`
			`},`
			`});`
			`});`
			`});`
			`});`