2020-06-09 11:48:49 +02:00
|
|
|
'use strict';
|
|
|
|
|
|
2020-05-18 20:39:39 +02:00
|
|
|
// Helpers.
|
2023-04-05 10:32:20 +02:00
|
|
|
const { createStrapiInstance } = require('api-tests/strapi');
|
|
|
|
|
const { createAuthRequest, createRequest } = require('api-tests/request');
|
2020-05-18 20:39:39 +02:00
|
|
|
|
|
|
|
|
describe('Authenticated User', () => {
|
2020-11-10 14:15:31 +01:00
|
|
|
let rq;
|
|
|
|
|
let strapi;
|
2020-05-18 20:39:39 +02:00
|
|
|
|
2020-11-10 14:15:31 +01:00
|
|
|
beforeAll(async () => {
|
2020-11-30 20:20:36 +01:00
|
|
|
strapi = await createStrapiInstance();
|
2020-11-10 14:15:31 +01:00
|
|
|
rq = await createAuthRequest({ strapi });
|
2021-03-26 20:15:38 +01:00
|
|
|
});
|
2020-05-18 20:39:39 +02:00
|
|
|
|
2020-11-10 14:15:31 +01:00
|
|
|
afterAll(async () => {
|
|
|
|
|
await strapi.destroy();
|
|
|
|
|
});
|
|
|
|
|
|
2020-05-18 20:39:39 +02:00
|
|
|
describe('GET /users/me', () => {
|
|
|
|
|
test('Returns sanitized user info', async () => {
|
|
|
|
|
const res = await rq({
|
|
|
|
|
url: '/admin/users/me',
|
|
|
|
|
method: 'GET',
|
|
|
|
|
body: {},
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
expect(res.statusCode).toBe(200);
|
|
|
|
|
expect(res.body.data).toMatchObject({
|
|
|
|
|
id: expect.anything(),
|
|
|
|
|
firstname: expect.stringOrNull(),
|
|
|
|
|
lastname: expect.stringOrNull(),
|
|
|
|
|
username: expect.stringOrNull(),
|
|
|
|
|
email: expect.any(String),
|
|
|
|
|
isActive: expect.any(Boolean),
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
test('Returns forbidden on unauthenticated query', async () => {
|
2020-11-30 20:20:36 +01:00
|
|
|
const req = createRequest({ strapi });
|
2020-05-18 20:39:39 +02:00
|
|
|
const res = await req({
|
|
|
|
|
url: '/admin/users/me',
|
|
|
|
|
method: 'GET',
|
|
|
|
|
body: {},
|
|
|
|
|
});
|
|
|
|
|
|
2021-09-07 21:03:30 +02:00
|
|
|
expect(res.statusCode).toBe(401);
|
2020-05-18 20:39:39 +02:00
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
describe('PUT /users/me', () => {
|
|
|
|
|
test('Returns forbidden on unauthenticated query', async () => {
|
2020-11-30 20:20:36 +01:00
|
|
|
const req = createRequest({ strapi });
|
2020-05-18 20:39:39 +02:00
|
|
|
const res = await req({
|
|
|
|
|
url: '/admin/users/me',
|
|
|
|
|
method: 'PUT',
|
|
|
|
|
body: {},
|
|
|
|
|
});
|
|
|
|
|
|
2021-09-07 21:03:30 +02:00
|
|
|
expect(res.statusCode).toBe(401);
|
2020-05-18 20:39:39 +02:00
|
|
|
});
|
|
|
|
|
|
|
|
|
|
test('Fails when trying to edit roles', async () => {
|
|
|
|
|
const res = await rq({
|
|
|
|
|
url: '/admin/users/me',
|
|
|
|
|
method: 'PUT',
|
|
|
|
|
body: {
|
|
|
|
|
roles: [1],
|
|
|
|
|
},
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
expect(res.statusCode).toBe(400);
|
|
|
|
|
expect(res.body).toMatchObject({
|
2021-10-20 17:30:05 +02:00
|
|
|
error: {
|
|
|
|
|
details: {
|
|
|
|
|
errors: [
|
|
|
|
|
{
|
|
|
|
|
message: 'this field has unspecified keys: roles',
|
|
|
|
|
name: 'ValidationError',
|
2021-11-04 10:54:13 +01:00
|
|
|
path: [],
|
2021-10-20 17:30:05 +02:00
|
|
|
},
|
|
|
|
|
],
|
|
|
|
|
},
|
|
|
|
|
message: 'this field has unspecified keys: roles',
|
|
|
|
|
name: 'ValidationError',
|
|
|
|
|
status: 400,
|
|
|
|
|
},
|
2020-05-18 20:39:39 +02:00
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
test('Fails when trying to edit isActive', async () => {
|
|
|
|
|
const res = await rq({
|
|
|
|
|
url: '/admin/users/me',
|
|
|
|
|
method: 'PUT',
|
|
|
|
|
body: {
|
|
|
|
|
isActive: 12,
|
|
|
|
|
},
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
expect(res.statusCode).toBe(400);
|
|
|
|
|
expect(res.body).toMatchObject({
|
2021-10-20 17:30:05 +02:00
|
|
|
error: {
|
|
|
|
|
details: {
|
|
|
|
|
errors: [
|
|
|
|
|
{
|
|
|
|
|
message: 'this field has unspecified keys: isActive',
|
|
|
|
|
name: 'ValidationError',
|
2021-11-04 10:54:13 +01:00
|
|
|
path: [],
|
2021-10-20 17:30:05 +02:00
|
|
|
},
|
|
|
|
|
],
|
|
|
|
|
},
|
|
|
|
|
message: 'this field has unspecified keys: isActive',
|
|
|
|
|
name: 'ValidationError',
|
|
|
|
|
status: 400,
|
|
|
|
|
},
|
2020-05-18 20:39:39 +02:00
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
test('Fails when trying to set invalid inputs', async () => {
|
|
|
|
|
const res = await rq({
|
|
|
|
|
url: '/admin/users/me',
|
|
|
|
|
method: 'PUT',
|
|
|
|
|
body: {
|
|
|
|
|
isActive: 12,
|
|
|
|
|
},
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
expect(res.statusCode).toBe(400);
|
|
|
|
|
expect(res.body).toMatchObject({
|
2021-10-20 17:30:05 +02:00
|
|
|
error: {
|
|
|
|
|
details: {
|
|
|
|
|
errors: [
|
|
|
|
|
{
|
|
|
|
|
message: 'this field has unspecified keys: isActive',
|
|
|
|
|
name: 'ValidationError',
|
2021-11-04 10:54:13 +01:00
|
|
|
path: [],
|
2021-10-20 17:30:05 +02:00
|
|
|
},
|
|
|
|
|
],
|
|
|
|
|
},
|
|
|
|
|
message: 'this field has unspecified keys: isActive',
|
|
|
|
|
name: 'ValidationError',
|
|
|
|
|
status: 400,
|
|
|
|
|
},
|
2020-05-18 20:39:39 +02:00
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
test('Allows edition of names', async () => {
|
|
|
|
|
const input = {
|
|
|
|
|
firstname: 'newFirstName',
|
|
|
|
|
lastname: 'newLastaName',
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
const res = await rq({
|
|
|
|
|
url: '/admin/users/me',
|
|
|
|
|
method: 'PUT',
|
|
|
|
|
body: input,
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
expect(res.statusCode).toBe(200);
|
|
|
|
|
expect(res.body.data).toMatchObject({
|
|
|
|
|
id: expect.anything(),
|
|
|
|
|
email: expect.any(String),
|
|
|
|
|
firstname: input.firstname,
|
|
|
|
|
lastname: input.lastname,
|
|
|
|
|
username: expect.stringOrNull(),
|
|
|
|
|
isActive: expect.any(Boolean),
|
|
|
|
|
});
|
|
|
|
|
});
|
2021-10-21 13:20:57 +02:00
|
|
|
|
|
|
|
|
test('Updating password requires currentPassword', async () => {
|
|
|
|
|
const input = {
|
|
|
|
|
password: 'newPassword1234',
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
const res = await rq({
|
|
|
|
|
url: '/admin/users/me',
|
|
|
|
|
method: 'PUT',
|
|
|
|
|
body: input,
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
expect(res.statusCode).toBe(400);
|
|
|
|
|
expect(res.body).toMatchObject({
|
2021-10-27 10:36:43 +02:00
|
|
|
data: null,
|
|
|
|
|
error: {
|
|
|
|
|
status: 400,
|
|
|
|
|
name: 'ValidationError',
|
|
|
|
|
message: 'currentPassword is a required field',
|
|
|
|
|
details: {
|
|
|
|
|
errors: [
|
|
|
|
|
{
|
|
|
|
|
message: 'currentPassword is a required field',
|
|
|
|
|
name: 'ValidationError',
|
|
|
|
|
path: ['currentPassword'],
|
|
|
|
|
},
|
|
|
|
|
],
|
|
|
|
|
},
|
2021-10-21 13:20:57 +02:00
|
|
|
},
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
test('Updating password requires currentPassword to be valid', async () => {
|
|
|
|
|
const input = {
|
|
|
|
|
password: 'newPassword1234',
|
|
|
|
|
currentPassword: 'wrongPass',
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
const res = await rq({
|
|
|
|
|
url: '/admin/users/me',
|
|
|
|
|
method: 'PUT',
|
|
|
|
|
body: input,
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
expect(res.statusCode).toBe(400);
|
|
|
|
|
expect(res.body).toMatchObject({
|
2021-10-27 10:36:43 +02:00
|
|
|
data: null,
|
|
|
|
|
error: {
|
|
|
|
|
details: {
|
|
|
|
|
currentPassword: ['Invalid credentials'],
|
|
|
|
|
},
|
|
|
|
|
message: 'ValidationError',
|
|
|
|
|
name: 'BadRequestError',
|
|
|
|
|
status: 400,
|
2021-10-21 13:20:57 +02:00
|
|
|
},
|
|
|
|
|
});
|
|
|
|
|
});
|
2020-05-18 20:39:39 +02:00
|
|
|
});
|
|
|
|
|
});
|
