yujunjun/strapi
1
0
Fork 0
mirror of https://github.com/strapi/strapi.git synced 2025-10-31 01:47:13 +00:00
Code Issues Packages Projects Releases Wiki Activity
strapi/packages/strapi-plugin-users-permissions/test/graphql.test.e2e.js
Alexandre Bodin 9eaabb1d58 Add tests on graphql upload and user perm graphql
2019-09-18 12:07:59 +02:00

242 lines
5.4 KiB
JavaScript
Raw Blame History

// Helpers.
const { registerAndLogin } = require('../../../test/helpers/auth');
const {
createAuthRequest,
createRequest,
} = require('../../../test/helpers/request');
let authReq;
const data = {};
describe('Test Graphql user service', () => {
beforeAll(async () => {
const token = await registerAndLogin();
authReq = createAuthRequest(token);
}, 60000);
describe('Check createUser authorizations', () => {
test('createUser is forbidden to public', async () => {
const rq = createRequest();
const res = await rq({
url: '/graphql',
method: 'POST',
body: {
query: /* GraphQL */ `
mutation {
createUser(
input: {
data: { username: "test", email: "test", password: "test" }
}
) {
user {
id
username
}
}
}
`,
},
});
expect(res.statusCode).toBe(200);
expect(res.body).toMatchObject({
data: {
createUser: null,
},
errors: [
{
message: 'Forbidden',
},
],
});
});
test('createUser is authorized for admins', async () => {
const res = await authReq({
url: '/graphql',
method: 'POST',
body: {
query: /* GraphQL */ `
mutation {
createUser(
input: {
data: {
username: "test"
email: "test@strapi.io"
password: "test"
}
}
) {
user {
id
username
}
}
}
`,
},
});
expect(res.statusCode).toBe(201);
expect(res.body).toMatchObject({
data: {
createUser: {
user: {
id: expect.anything(),
username: 'test',
},
},
},
});
data.user = res.body.data.createUser.user;
});
});
describe('Check updateUser authorizations', () => {
test('updateUser is forbidden to public', async () => {
const rq = createRequest();
const res = await rq({
url: '/graphql',
method: 'POST',
body: {
query: /* GraphQL */ `
mutation {
updateUser(
input: {
where: { id: 1 }
data: { username: "test", email: "test", password: "test" }
}
) {
user {
id
username
}
}
}
`,
},
});
expect(res.statusCode).toBe(200);
expect(res.body).toMatchObject({
data: {
updateUser: null,
},
errors: [
{
message: 'Forbidden',
},
],
});
});
test('updateUser is authorized for admins', async () => {
const res = await authReq({
url: '/graphql',
method: 'POST',
body: {
query: /* GraphQL */ `
mutation updateUser($id: ID!) {
updateUser(
input: { where: { id: $id }, data: { username: "newUsername" } }
) {
user {
id
username
}
}
}
`,
variables: {
id: data.user.id,
},
},
});
expect(res.statusCode).toBe(200);
expect(res.body).toMatchObject({
data: {
updateUser: {
user: {
id: expect.anything(),
username: 'newUsername',
},
},
},
});
data.user = res.body.data.updateUser.user;
});
});
describe('Check deleteUser authorizations', () => {
test('deleteUser is forbidden to public', async () => {
const rq = createRequest();
const res = await rq({
url: '/graphql',
method: 'POST',
body: {
query: /* GraphQL */ `
mutation deleteUser($id: ID!) {
deleteUser(input: { where: { id: $id } }) {
user {
id
username
}
}
}
`,
variables: {
id: data.user.id,
},
},
});
expect(res.statusCode).toBe(200);
expect(res.body).toMatchObject({
data: {
deleteUser: null,
},
errors: [
{
message: 'Forbidden',
},
],
});
});
test('deleteUser is authorized for admins', async () => {
const res = await authReq({
url: '/graphql',
method: 'POST',
body: {
query: /* GraphQL */ `
mutation deleteUser($id: ID!) {
deleteUser(input: { where: { id: $id } }) {
user {
id
username
}
}
}
`,
variables: {
id: data.user.id,
},
},
});
expect(res.statusCode).toBe(200);
expect(res.body).toMatchObject({
data: {
deleteUser: {
user: data.user,
},
},
});
});
});
});
Reference in New Issue View Git Blame Copy Permalink