feat(test): testing users editing

AEGEE · Feb 6, 2020 · a3e591a · a3e591a
1 parent 34f0d30
commit a3e591a
Show file tree

Hide file tree

Showing 3 changed files with 96 additions and 2 deletions.
diff --git a/lib/constants.js b/lib/constants.js
@@ -0,0 +1,6 @@
+module.exports = {
+    // Whitelist of fields allowed to be updated through PUT /object/:id
+    FIELDS_TO_UPDATE: {
+        USER: ['username', 'first_name', 'last_name', 'date_of_birth', 'gender', 'phone', 'address', 'about_me']
+    }
+};
diff --git a/middlewares/members.js b/middlewares/members.js
@@ -1,4 +1,5 @@
 const { User } = require('../models');
+const constants = require('../lib/constants');
 
 exports.listAllUsers = async (req, res) => {
     const users = await User.findAll({});
@@ -19,8 +20,7 @@ exports.getUser = async (req, res) => {
 
 exports.updateUser = async (req, res) => {
     // TODO: check permissions
-    // TODO: filter out fields that are changed in the other way
-    await req.currentUser.update(req.body);
+    await req.currentUser.update(req.body, { fields: constants.FIELDS_TO_UPDATE.USER });
     return res.json({
         success: true,
         data: req.currentUser

diff --git a/test/api/users-editing.test.js b/test/api/users-editing.test.js
@@ -0,0 +1,88 @@
+const { startServer, stopServer } = require('../../lib/server.js');
+const { request } = require('../scripts/helpers');
+const generator = require('../scripts/generator');
+
+describe('User details', () => {
+    beforeAll(async () => {
+        await startServer();
+    });
+
+    afterAll(async () => {
+        await stopServer();
+    });
+
+    afterEach(async () => {
+        await generator.clearAll();
+    });
+
+    test('should return 404 if the user is not found', async () => {
+        const user = await generator.createUser({ username: 'test', mail_confirmed_at: new Date() });
+        const token = await generator.createAccessToken({}, user);
+
+        const res = await request({
+            uri: '/members/1337',
+            method: 'PUT',
+            headers: { 'X-Auth-Token': token.value },
+            body: { username: 'test2' }
+        });
+
+        expect(res.statusCode).toEqual(404);
+        expect(res.body.success).toEqual(false);
+        expect(res.body).not.toHaveProperty('data');
+        expect(res.body).toHaveProperty('message');
+    });
+
+    test('should fail if there are validation errors', async () => {
+        const user = await generator.createUser({ username: 'test', mail_confirmed_at: new Date() });
+        const token = await generator.createAccessToken({}, user);
+
+        const res = await request({
+            uri: '/members/' + user.id,
+            method: 'PUT',
+            headers: { 'X-Auth-Token': token.value },
+            body: { username: 'username with spaces' }
+        });
+
+        expect(res.statusCode).toEqual(422);
+        expect(res.body.success).toEqual(false);
+        expect(res.body).not.toHaveProperty('data');
+        expect(res.body).toHaveProperty('errors');
+        expect(res.body.errors).toHaveProperty('username')
+    });
+
+    test('should succeed if everything is okay', async () => {
+        const user = await generator.createUser({ username: 'test', mail_confirmed_at: new Date() });
+        const token = await generator.createAccessToken({}, user);
+
+        const res = await request({
+            uri: '/members/' + user.id,
+            method: 'PUT',
+            headers: { 'X-Auth-Token': token.value },
+            body: { username: 'test2' }
+        });
+
+        expect(res.statusCode).toEqual(200);
+        expect(res.body.success).toEqual(true);
+        expect(res.body).not.toHaveProperty('errrors');
+        expect(res.body).toHaveProperty('data');
+        expect(res.body.data.username).toEqual('test2')
+    });
+
+    test('should discard fields edited in other endpoints', async () => {
+        const user = await generator.createUser({ username: 'test', mail_confirmed_at: new Date() });
+        const token = await generator.createAccessToken({}, user);
+
+        const res = await request({
+            uri: '/members/' + user.id,
+            method: 'PUT',
+            headers: { 'X-Auth-Token': token.value },
+            body: { email: 'test@test.io' }
+        });
+
+        expect(res.statusCode).toEqual(200);
+        expect(res.body.success).toEqual(true);
+        expect(res.body).not.toHaveProperty('errrors');
+        expect(res.body).toHaveProperty('data');
+        expect(res.body.data.email).not.toEqual('test@test.io')
+    });
+});