yujunjun/strapi
1
0
Fork 0
mirror of https://github.com/strapi/strapi.git synced 2025-07-06 16:42:29 +00:00
Code Issues Packages Projects Releases Wiki Activity
strapi/tests/api/plugins/users-permissions/graphql.test.api.js
Ben Irvin cf82c830d8
test: restructure test dirs
2024-04-02 11:19:43 +02:00

225 lines
5.4 KiB
JavaScript
Raw Permalink Blame History

'use strict';
// Helpers.
const { createStrapiInstance } = require('api-tests/strapi');
const { createAuthRequest, createRequest } = require('api-tests/request');
let strapi;
let authReq;
describe('Test Graphql user service', () => {
beforeAll(async () => {
strapi = await createStrapiInstance({ bypassAuth: false });
authReq = await createAuthRequest({ strapi });
});
afterAll(async () => {
await strapi.destroy();
});
describe('Check createUser authorizations', () => {
test('createUser is forbidden to public', async () => {
const rq = createRequest({ strapi });
const res = await rq({
url: '/graphql',
method: 'POST',
body: {
query: /* GraphQL */ `
mutation {
createUsersPermissionsUser(
data: { username: "test", email: "test", password: "test" }
) {
data {
id
attributes {
username
}
}
}
}
`,
},
});
expect(res.statusCode).toBe(200);
expect(res.body).toMatchObject({
data: null,
errors: [
{
message: 'Forbidden access',
},
],
});
});
test('createUser is forbidden for admins', async () => {
const res = await authReq({
url: '/graphql',
method: 'POST',
body: {
query: /* GraphQL */ `
mutation {
createUsersPermissionsUser(
data: { username: "test", email: "test", password: "test" }
) {
data {
id
attributes {
username
}
}
}
}
`,
},
});
expect(res.statusCode).toBe(401);
expect(res.body).toMatchObject({
error: {
status: 401,
name: 'UnauthorizedError',
message: 'Missing or invalid credentials',
details: {},
},
});
});
});
describe('Check updateUser authorizations', () => {
test('updateUser is forbidden to public', async () => {
const rq = createRequest({ strapi });
const res = await rq({
url: '/graphql',
method: 'POST',
body: {
query: /* GraphQL */ `
mutation {
updateUsersPermissionsUser(
id: 1
data: { username: "test", email: "test", password: "test" }
) {
data {
id
attributes {
username
}
}
}
}
`,
},
});
expect(res.statusCode).toBe(200);
expect(res.body).toMatchObject({
data: null,
errors: [
{
message: 'Forbidden access',
},
],
});
});
test('updateUser is forbidden for admins', async () => {
const res = await authReq({
url: '/graphql',
method: 'POST',
body: {
query: /* GraphQL */ `
mutation {
updateUsersPermissionsUser(
id: 1
data: { username: "test", email: "test", password: "test" }
) {
data {
id
attributes {
username
}
}
}
}
`,
},
});
expect(res.statusCode).toBe(401);
expect(res.body).toMatchObject({
error: {
status: 401,
name: 'UnauthorizedError',
message: 'Missing or invalid credentials',
details: {},
},
});
});
describe('Check deleteUser authorizations', () => {
test('deleteUser is forbidden to public', async () => {
const rq = createRequest({ strapi });
const res = await rq({
url: '/graphql',
method: 'POST',
body: {
query: /* GraphQL */ `
mutation deleteUser {
deleteUsersPermissionsUser(id: 1) {
data {
id
attributes {
username
}
}
}
}
`,
},
});
expect(res.statusCode).toBe(200);
expect(res.body).toMatchObject({
data: null,
errors: [
{
message: 'Forbidden access',
},
],
});
});
test('deleteUser is authorized for admins', async () => {
const res = await authReq({
url: '/graphql',
method: 'POST',
body: {
query: /* GraphQL */ `
mutation deleteUser {
deleteUsersPermissionsUser(id: 1) {
data {
id
attributes {
username
}
}
}
}
`,
},
});
expect(res.statusCode).toBe(401);
expect(res.body).toMatchObject({
error: {
status: 401,
name: 'UnauthorizedError',
message: 'Missing or invalid credentials',
details: {},
},
});
});
});
});
});
Reference in New Issue View Git Blame Copy Permalink