strapi/packages/core/admin/server/tests/admin-api-token.test.e2e.js

'use strict';

const { createStrapiInstance } = require('../../../../../test/helpers/strapi');
const { createAuthRequest } = require('../../../../../test/helpers/request');

/**
 * == Test Suite Overview ==
 *
 * N°   Description
 * -------------------------------------------
 * 1. Fails to creates an api token (missing parameters from the body)
 * 2. Fails to creates an api token (invalid `type` in the body)
 * 3. Creates an api token (successfully)
 * 4. Creates an api token without a description (successfully)
 * 5. Creates an api token with trimmed description and name (successfully)
 * 6. List all tokens (successfully)
 * 7. Deletes a token (successfully)
 * 8. Does not return an error if the ressource to delete does not exist
 * 9. Retrieves a token (successfully)
 * 10. Returns a 404 if the ressource to retrieve does not exist
 * 11. Updates a token (successfully)
 * 12. Returns a 404 if the ressource to update does not exist
 * 13. Fails to creates an api token (missing parameters from the body)
 * 14. Fails to creates an api token (invalid `type` in the body)
 */

describe('Admin API Token CRUD (e2e)', () => {
  let rq;
  let strapi;

  const apiTokens = [];

  // Initialization Actions
  beforeAll(async () => {
    strapi = await createStrapiInstance();
    rq = await createAuthRequest({ strapi });
  });

  // Cleanup actions
  afterAll(async () => {
    await strapi.destroy();
  });

  test('1. Fails to create an api token (missing parameters from the body)', async () => {
    const body = {
      name: 'api-token_tests-name',
      description: 'api-token_tests-description',
    };

    const res = await rq({
      url: '/admin/api-tokens',
      method: 'POST',
      body,
    });

    expect(res.statusCode).toBe(400);
    expect(res.body).toMatchObject({
      statusCode: 400,
      error: 'Bad Request',
      message: 'ValidationError',
      data: {
        type: ['type is a required field'],
      },
    });
  });

  test('2. Fails to create an api token (invalid `type` in the body)', async () => {
    const body = {
      name: 'api-token_tests-name',
      description: 'api-token_tests-description',
      type: 'invalid-type',
    };

    const res = await rq({
      url: '/admin/api-tokens',
      method: 'POST',
      body,
    });

    expect(res.statusCode).toBe(400);
    expect(res.body).toMatchObject({
      statusCode: 400,
      error: 'Bad Request',
      message: 'ValidationError',
      data: {
        type: ['type must be one of the following values: read-only, full-access'],
      },
    });
  });

  test('3. Creates an api token (successfully)', async () => {
    const body = {
      name: 'api-token_tests-name',
      description: 'api-token_tests-description',
      type: 'read-only',
    };

    const res = await rq({
      url: '/admin/api-tokens',
      method: 'POST',
      body,
    });

    expect(res.statusCode).toBe(201);
    expect(res.body.data).toStrictEqual({
      accessKey: expect.any(String),
      name: body.name,
      description: body.description,
      type: body.type,
      id: expect.any(Number),
    });

    apiTokens.push(res.body.data);
  });

  test('4. Creates an api token without a description (successfully)', async () => {
    const body = {
      name: 'api-token_tests-name-without-description',
      type: 'full-access',
    };

    const res = await rq({
      url: '/admin/api-tokens',
      method: 'POST',
      body,
    });

    expect(res.statusCode).toBe(201);
    expect(res.body.data).toStrictEqual({
      accessKey: expect.any(String),
      name: body.name,
      description: '',
      type: body.type,
      id: expect.any(Number),
    });

    apiTokens.push(res.body.data);
  });

  test('5. Creates an api token with trimmed description and name (successfully)', async () => {
    const body = {
      name: 'api-token_tests-name-with-spaces-at-the-end   ',
      description: 'api-token_tests-description-with-spaces-at-the-end   ',
      type: 'read-only',
    };

    const res = await rq({
      url: '/admin/api-tokens',
      method: 'POST',
      body,
    });

    expect(res.statusCode).toBe(201);
    expect(res.body.data).toStrictEqual({
      accessKey: expect.any(String),
      name: 'api-token_tests-name-with-spaces-at-the-end',
      description: 'api-token_tests-description-with-spaces-at-the-end',
      type: body.type,
      id: expect.any(Number),
    });

    apiTokens.push(res.body.data);
  });

  test('6. List all tokens (successfully)', async () => {
    const res = await rq({
      url: '/admin/api-tokens',
      method: 'GET',
    });

    expect(res.statusCode).toBe(200);
    expect(res.body.data.length).toBe(3);
    expect(res.body.data).toStrictEqual([
      {
        id: expect.any(Number),
        name: 'api-token_tests-name',
        description: 'api-token_tests-description',
        type: 'read-only',
      },
      {
        id: expect.any(Number),
        name: 'api-token_tests-name-with-spaces-at-the-end',
        description: 'api-token_tests-description-with-spaces-at-the-end',
        type: 'read-only',
      },
      {
        id: expect.any(Number),
        name: 'api-token_tests-name-without-description',
        description: '',
        type: 'full-access',
      },
    ]);
  });

  test('7. Deletes a token (successfully)', async () => {
    const res = await rq({
      url: `/admin/api-tokens/${apiTokens[2].id}`,
      method: 'DELETE',
    });

    expect(res.statusCode).toBe(200);
    expect(res.body.data).toStrictEqual({
      name: apiTokens[2].name,
      description: apiTokens[2].description,
      type: apiTokens[2].type,
      id: apiTokens[2].id,
    });
  });

  test('8. Does not return an error if the ressource to delete does not exist', async () => {
    const res = await rq({
      url: '/admin/api-tokens/42',
      method: 'DELETE',
    });

    expect(res.statusCode).toBe(200);
    expect(res.body.data).toBeNull();
  });

  test('9. Retrieves a token (successfully)', async () => {
    const res = await rq({
      url: `/admin/api-tokens/${apiTokens[0].id}`,
      method: 'GET',
    });

    expect(res.statusCode).toBe(200);
    expect(res.body.data).toStrictEqual({
      name: apiTokens[0].name,
      description: apiTokens[0].description,
      type: apiTokens[0].type,
      id: apiTokens[0].id,
    });
  });

  test('10. Returns a 404 if the ressource to retrieve does not exist', async () => {
    const res = await rq({
      url: '/admin/api-tokens/42',
      method: 'GET',
    });

    expect(res.statusCode).toBe(404);
    expect(res.body.data).toBeUndefined();
  });

  test('11. Updates a token (successfully)', async () => {
    const body = {
      name: 'api-token_tests-updated-name',
      description: 'api-token_tests-description',
      type: 'read-only',
    };

    const res = await rq({
      url: `/admin/api-tokens/${apiTokens[0].id}`,
      method: 'PUT',
      body,
    });

    expect(res.statusCode).toBe(200);
    expect(res.body.data).toStrictEqual({
      name: body.name,
      description: body.description,
      type: body.type,
      id: apiTokens[0].id,
    });
  });

  test('12. Returns a 404 if the ressource to update does not exist', async () => {
    const body = {
      name: 'api-token_tests-updated-name',
      description: 'api-token_tests-description',
      type: 'read-only',
    };

    const res = await rq({
      url: '/admin/api-tokens/42',
      method: 'PUT',
      body,
    });

    expect(res.statusCode).toBe(404);
    expect(res.body.data).toBeUndefined();
  });

  test('13. Fails to update an api token (missing parameters from the body)', async () => {
    const body = {
      name: 'api-token_tests-updated-name',
      description: 'api-token_tests-description',
    };

    const res = await rq({
      url: '/admin/api-tokens/1',
      method: 'PUT',
      body,
    });

    expect(res.statusCode).toBe(400);
    expect(res.body).toMatchObject({
      statusCode: 400,
      error: 'Bad Request',
      message: 'ValidationError',
      data: {
        type: ['type is a required field'],
      },
    });
  });

  test('14. Fails to update an api token (invalid `type` in the body)', async () => {
    const body = {
      name: 'api-token_tests-name',
      description: 'api-token_tests-description',
      type: 'invalid-type',
    };

    const res = await rq({
      url: '/admin/api-tokens/1',
      method: 'PUT',
      body,
    });

    expect(res.statusCode).toBe(400);
    expect(res.body).toMatchObject({
      statusCode: 400,
      error: 'Bad Request',
      message: 'ValidationError',
      data: {
        type: ['type must be one of the following values: read-only, full-access'],
      },
    });
  });
});
implement POST endpoint to create api tokens 2021-08-26 14:37:55 +02:00			`'use strict';`

			`const { createStrapiInstance } = require('../../../../../test/helpers/strapi');`
			`const { createAuthRequest } = require('../../../../../test/helpers/request');`

			`/**`
			`* == Test Suite Overview ==`
			`*`
			`* N° Description`
			`* -------------------------------------------`
store the hashed accessKey in the database 2021-08-27 16:23:19 +02:00			`* 1. Fails to creates an api token (missing parameters from the body)`
			* 2. Fails to creates an api token (invalid `type` in the body)
			`* 3. Creates an api token (successfully)`
			`* 4. Creates an api token without a description (successfully)`
add test to support trimming 2021-08-27 16:35:34 +02:00			`* 5. Creates an api token with trimmed description and name (successfully)`
add e2e tests 2021-08-27 08:39:08 +02:00			`* 6. List all tokens (successfully)`
fix typos 2021-09-02 11:57:53 +02:00			`* 7. Deletes a token (successfully)`
update tests and rename get method 2021-09-06 15:14:45 +02:00			`* 8. Does not return an error if the ressource to delete does not exist`
implement GET endpoint to get a single token 2021-09-02 11:56:14 +02:00			`* 9. Retrieves a token (successfully)`
update tests and rename get method 2021-09-06 15:14:45 +02:00			`* 10. Returns a 404 if the ressource to retrieve does not exist`
implement PUT endpoint to update a token 2021-09-06 13:30:52 +02:00			`* 11. Updates a token (successfully)`
			`* 12. Returns a 404 if the ressource to update does not exist`
			`* 13. Fails to creates an api token (missing parameters from the body)`
			* 14. Fails to creates an api token (invalid `type` in the body)
implement POST endpoint to create api tokens 2021-08-26 14:37:55 +02:00			`*/`

			`describe('Admin API Token CRUD (e2e)', () => {`
			`let rq;`
			`let strapi;`

update tests and rename get method 2021-09-06 15:14:45 +02:00			`const apiTokens = [];`

implement POST endpoint to create api tokens 2021-08-26 14:37:55 +02:00			`// Initialization Actions`
			`beforeAll(async () => {`
			`strapi = await createStrapiInstance();`
			`rq = await createAuthRequest({ strapi });`
			`});`

			`// Cleanup actions`
			`afterAll(async () => {`
			`await strapi.destroy();`
			`});`

implement PUT endpoint to update a token 2021-09-06 13:30:52 +02:00			`test('1. Fails to create an api token (missing parameters from the body)', async () => {`
implement POST endpoint to create api tokens 2021-08-26 14:37:55 +02:00			`const body = {`
			`name: 'api-token_tests-name',`
			`description: 'api-token_tests-description',`
			`};`

			`const res = await rq({`
			`url: '/admin/api-tokens',`
			`method: 'POST',`
			`body,`
			`});`

			`expect(res.statusCode).toBe(400);`
			`expect(res.body).toMatchObject({`
			`statusCode: 400,`
			`error: 'Bad Request',`
			`message: 'ValidationError',`
			`data: {`
			`type: ['type is a required field'],`
			`},`
			`});`
			`});`

implement PUT endpoint to update a token 2021-09-06 13:30:52 +02:00			test('2. Fails to create an api token (invalid `type` in the body)', async () => {
store the hashed accessKey in the database 2021-08-27 16:23:19 +02:00			`const body = {`
			`name: 'api-token_tests-name',`
			`description: 'api-token_tests-description',`
			`type: 'invalid-type',`
			`};`

			`const res = await rq({`
			`url: '/admin/api-tokens',`
			`method: 'POST',`
			`body,`
			`});`

			`expect(res.statusCode).toBe(400);`
			`expect(res.body).toMatchObject({`
			`statusCode: 400,`
			`error: 'Bad Request',`
			`message: 'ValidationError',`
			`data: {`
use plain text in tests in favor of constants 2021-09-01 09:18:31 +02:00			`type: ['type must be one of the following values: read-only, full-access'],`
store the hashed accessKey in the database 2021-08-27 16:23:19 +02:00			`},`
			`});`
			`});`

			`test('3. Creates an api token (successfully)', async () => {`
implement POST endpoint to create api tokens 2021-08-26 14:37:55 +02:00			`const body = {`
			`name: 'api-token_tests-name',`
			`description: 'api-token_tests-description',`
use plain text in tests in favor of constants 2021-09-01 09:18:31 +02:00			`type: 'read-only',`
implement POST endpoint to create api tokens 2021-08-26 14:37:55 +02:00			`};`

			`const res = await rq({`
			`url: '/admin/api-tokens',`
			`method: 'POST',`
			`body,`
			`});`

			`expect(res.statusCode).toBe(201);`
return deleted token 2021-09-02 10:47:06 +02:00			`expect(res.body.data).toStrictEqual({`
store the hashed accessKey in the database 2021-08-27 16:23:19 +02:00			`accessKey: expect.any(String),`
			`name: body.name,`
			`description: body.description,`
			`type: body.type,`
			`id: expect.any(Number),`
			`});`
update tests and rename get method 2021-09-06 15:14:45 +02:00
			`apiTokens.push(res.body.data);`
implement POST endpoint to create api tokens 2021-08-26 14:37:55 +02:00			`});`

store the hashed accessKey in the database 2021-08-27 16:23:19 +02:00			`test('4. Creates an api token without a description (successfully)', async () => {`
implement POST endpoint to create api tokens 2021-08-26 14:37:55 +02:00			`const body = {`
fix exists function 2021-08-27 08:47:27 +02:00			`name: 'api-token_tests-name-without-description',`
use plain text in tests in favor of constants 2021-09-01 09:18:31 +02:00			`type: 'full-access',`
implement POST endpoint to create api tokens 2021-08-26 14:37:55 +02:00			`};`

			`const res = await rq({`
			`url: '/admin/api-tokens',`
			`method: 'POST',`
			`body,`
			`});`

			`expect(res.statusCode).toBe(201);`
return deleted token 2021-09-02 10:47:06 +02:00			`expect(res.body.data).toStrictEqual({`
store the hashed accessKey in the database 2021-08-27 16:23:19 +02:00			`accessKey: expect.any(String),`
			`name: body.name,`
			`description: '',`
			`type: body.type,`
			`id: expect.any(Number),`
			`});`
update tests and rename get method 2021-09-06 15:14:45 +02:00
			`apiTokens.push(res.body.data);`
implement POST endpoint to create api tokens 2021-08-26 14:37:55 +02:00			`});`
add test to support trimming 2021-08-27 16:35:34 +02:00
			`test('5. Creates an api token with trimmed description and name (successfully)', async () => {`
			`const body = {`
			`name: 'api-token_tests-name-with-spaces-at-the-end ',`
			`description: 'api-token_tests-description-with-spaces-at-the-end ',`
use plain text in tests in favor of constants 2021-09-01 09:18:31 +02:00			`type: 'read-only',`
add test to support trimming 2021-08-27 16:35:34 +02:00			`};`

			`const res = await rq({`
			`url: '/admin/api-tokens',`
			`method: 'POST',`
			`body,`
			`});`

			`expect(res.statusCode).toBe(201);`
return deleted token 2021-09-02 10:47:06 +02:00			`expect(res.body.data).toStrictEqual({`
add test to support trimming 2021-08-27 16:35:34 +02:00			`accessKey: expect.any(String),`
			`name: 'api-token_tests-name-with-spaces-at-the-end',`
			`description: 'api-token_tests-description-with-spaces-at-the-end',`
			`type: body.type,`
			`id: expect.any(Number),`
			`});`
update tests and rename get method 2021-09-06 15:14:45 +02:00
			`apiTokens.push(res.body.data);`
add test to support trimming 2021-08-27 16:35:34 +02:00			`});`
add e2e tests 2021-08-27 08:39:08 +02:00
			`test('6. List all tokens (successfully)', async () => {`
			`const res = await rq({`
			`url: '/admin/api-tokens',`
			`method: 'GET',`
			`});`

			`expect(res.statusCode).toBe(200);`
adds tests 2021-08-30 14:00:53 +02:00			`expect(res.body.data.length).toBe(3);`
add e2e tests 2021-08-27 08:39:08 +02:00			`expect(res.body.data).toStrictEqual([`
			`{`
			`id: expect.any(Number),`
			`name: 'api-token_tests-name',`
			`description: 'api-token_tests-description',`
use plain text in tests in favor of constants 2021-09-01 09:18:31 +02:00			`type: 'read-only',`
add e2e tests 2021-08-27 08:39:08 +02:00			`},`
			`{`
			`id: expect.any(Number),`
adds tests 2021-08-30 14:00:53 +02:00			`name: 'api-token_tests-name-with-spaces-at-the-end',`
			`description: 'api-token_tests-description-with-spaces-at-the-end',`
use plain text in tests in favor of constants 2021-09-01 09:18:31 +02:00			`type: 'read-only',`
adds tests 2021-08-30 14:00:53 +02:00			`},`
			`{`
			`id: expect.any(Number),`
			`name: 'api-token_tests-name-without-description',`
add e2e tests 2021-08-27 08:39:08 +02:00			`description: '',`
use plain text in tests in favor of constants 2021-09-01 09:18:31 +02:00			`type: 'full-access',`
add e2e tests 2021-08-27 08:39:08 +02:00			`},`
			`]);`
			`});`
add DELETE route and logic 2021-08-31 15:31:54 +02:00
			`test('7. Deletes a token (successfully)', async () => {`
			`const res = await rq({`
update tests and rename get method 2021-09-06 15:14:45 +02:00			url: `/admin/api-tokens/${apiTokens[2].id}`,
add DELETE route and logic 2021-08-31 15:31:54 +02:00			`method: 'DELETE',`
			`});`

return deleted token 2021-09-02 10:47:06 +02:00			`expect(res.statusCode).toBe(200);`
			`expect(res.body.data).toStrictEqual({`
update tests and rename get method 2021-09-06 15:14:45 +02:00			`name: apiTokens[2].name,`
			`description: apiTokens[2].description,`
			`type: apiTokens[2].type,`
			`id: apiTokens[2].id,`
return deleted token 2021-09-02 10:47:06 +02:00			`});`
add DELETE route and logic 2021-08-31 15:31:54 +02:00			`});`

update tests and rename get method 2021-09-06 15:14:45 +02:00			`test('8. Does not return an error if the ressource to delete does not exist', async () => {`
add DELETE route and logic 2021-08-31 15:31:54 +02:00			`const res = await rq({`
			`url: '/admin/api-tokens/42',`
			`method: 'DELETE',`
			`});`

return deleted token 2021-09-02 10:47:06 +02:00			`expect(res.statusCode).toBe(200);`
			`expect(res.body.data).toBeNull();`
add DELETE route and logic 2021-08-31 15:31:54 +02:00			`});`
implement GET endpoint to get a single token 2021-09-02 11:56:14 +02:00
			`test('9. Retrieves a token (successfully)', async () => {`
			`const res = await rq({`
update tests and rename get method 2021-09-06 15:14:45 +02:00			url: `/admin/api-tokens/${apiTokens[0].id}`,
implement GET endpoint to get a single token 2021-09-02 11:56:14 +02:00			`method: 'GET',`
			`});`

			`expect(res.statusCode).toBe(200);`
			`expect(res.body.data).toStrictEqual({`
update tests and rename get method 2021-09-06 15:14:45 +02:00			`name: apiTokens[0].name,`
			`description: apiTokens[0].description,`
			`type: apiTokens[0].type,`
			`id: apiTokens[0].id,`
implement GET endpoint to get a single token 2021-09-02 11:56:14 +02:00			`});`
			`});`

update tests and rename get method 2021-09-06 15:14:45 +02:00			`test('10. Returns a 404 if the ressource to retrieve does not exist', async () => {`
implement GET endpoint to get a single token 2021-09-02 11:56:14 +02:00			`const res = await rq({`
			`url: '/admin/api-tokens/42',`
			`method: 'GET',`
			`});`

			`expect(res.statusCode).toBe(404);`
			`expect(res.body.data).toBeUndefined();`
			`});`
implement PUT endpoint to update a token 2021-09-06 13:30:52 +02:00
			`test('11. Updates a token (successfully)', async () => {`
			`const body = {`
			`name: 'api-token_tests-updated-name',`
			`description: 'api-token_tests-description',`
			`type: 'read-only',`
			`};`

			`const res = await rq({`
			url: `/admin/api-tokens/${apiTokens[0].id}`,
			`method: 'PUT',`
			`body,`
			`});`

			`expect(res.statusCode).toBe(200);`
			`expect(res.body.data).toStrictEqual({`
			`name: body.name,`
			`description: body.description,`
			`type: body.type,`
			`id: apiTokens[0].id,`
			`});`
			`});`

			`test('12. Returns a 404 if the ressource to update does not exist', async () => {`
			`const body = {`
			`name: 'api-token_tests-updated-name',`
			`description: 'api-token_tests-description',`
			`type: 'read-only',`
			`};`

			`const res = await rq({`
			`url: '/admin/api-tokens/42',`
			`method: 'PUT',`
			`body,`
			`});`

			`expect(res.statusCode).toBe(404);`
			`expect(res.body.data).toBeUndefined();`
			`});`

			`test('13. Fails to update an api token (missing parameters from the body)', async () => {`
			`const body = {`
			`name: 'api-token_tests-updated-name',`
			`description: 'api-token_tests-description',`
			`};`

			`const res = await rq({`
			`url: '/admin/api-tokens/1',`
			`method: 'PUT',`
			`body,`
			`});`

			`expect(res.statusCode).toBe(400);`
			`expect(res.body).toMatchObject({`
			`statusCode: 400,`
			`error: 'Bad Request',`
			`message: 'ValidationError',`
			`data: {`
			`type: ['type is a required field'],`
			`},`
			`});`
			`});`

			test('14. Fails to update an api token (invalid `type` in the body)', async () => {
			`const body = {`
			`name: 'api-token_tests-name',`
			`description: 'api-token_tests-description',`
			`type: 'invalid-type',`
			`};`

			`const res = await rq({`
			`url: '/admin/api-tokens/1',`
			`method: 'PUT',`
			`body,`
			`});`

			`expect(res.statusCode).toBe(400);`
			`expect(res.body).toMatchObject({`
			`statusCode: 400,`
			`error: 'Bad Request',`
			`message: 'ValidationError',`
			`data: {`
			`type: ['type must be one of the following values: read-only, full-access'],`
			`},`
			`});`
			`});`
implement POST endpoint to create api tokens 2021-08-26 14:37:55 +02:00			`});`