Nils-Johan Gynther
101 lines
3.3 KiB
TypeScript
101 lines
3.3 KiB
TypeScript
import { UnauthorizedException } from '@nestjs/common';
|
|
import { Reflector } from '@nestjs/core';
|
|
import { JwtAuthGuard } from '../auth/jwt-auth.guard';
|
|
import { RecipesController } from './recipes.controller';
|
|
|
|
describe('Recipes controller security', () => {
|
|
const makeUser = (overrides: Partial<{ userId: number; role: string }> = {}) => ({
|
|
userId: 42,
|
|
role: 'user',
|
|
...overrides,
|
|
});
|
|
|
|
const recipesServiceMock = {
|
|
findAll: jest.fn(),
|
|
findOne: jest.fn(),
|
|
create: jest.fn(),
|
|
update: jest.fn(),
|
|
remove: jest.fn(),
|
|
shareWithUser: jest.fn(),
|
|
unshareWithUser: jest.fn(),
|
|
setVisibility: jest.fn(),
|
|
};
|
|
|
|
const controller = new RecipesController(recipesServiceMock as any, {} as any);
|
|
|
|
beforeEach(() => {
|
|
jest.clearAllMocks();
|
|
});
|
|
|
|
it('JwtAuthGuard kräver autentisering på findAll', () => {
|
|
const guard = new JwtAuthGuard(new Reflector());
|
|
|
|
expect(() => guard.handleRequest(null, null, null)).toThrow(UnauthorizedException);
|
|
});
|
|
|
|
it('JwtAuthGuard tillåter autentiserad användare på findAll', () => {
|
|
const guard = new JwtAuthGuard(new Reflector());
|
|
const user = makeUser({ userId: 1 });
|
|
|
|
expect(guard.handleRequest(null, user, null)).toBe(user);
|
|
});
|
|
|
|
it('findOne vidarebefordrar @CurrentUser.userId till service', () => {
|
|
recipesServiceMock.findOne.mockResolvedValue({ id: 1 });
|
|
|
|
controller.findOne(1, makeUser());
|
|
|
|
expect(recipesServiceMock.findOne).toHaveBeenCalledWith(1, 42);
|
|
});
|
|
|
|
it('create vidarebefordrar @CurrentUser.userId till service', async () => {
|
|
const dto = { name: 'test' };
|
|
recipesServiceMock.create.mockResolvedValue({ id: 1 });
|
|
|
|
await controller.create(dto as any, makeUser());
|
|
|
|
expect(recipesServiceMock.create).toHaveBeenCalledWith(dto, 42);
|
|
});
|
|
|
|
it('update vidarebefordrar @CurrentUser.userId till service', async () => {
|
|
const dto = { name: 'updated' };
|
|
recipesServiceMock.update.mockResolvedValue({ id: 1 });
|
|
|
|
await controller.update(1, dto as any, makeUser());
|
|
|
|
expect(recipesServiceMock.update).toHaveBeenCalledWith(1, dto, 42);
|
|
});
|
|
|
|
it('remove vidarebefordrar @CurrentUser.userId till service', async () => {
|
|
recipesServiceMock.remove.mockResolvedValue(undefined);
|
|
|
|
await controller.remove(1, makeUser());
|
|
|
|
expect(recipesServiceMock.remove).toHaveBeenCalledWith(1, 42);
|
|
});
|
|
|
|
it('shareRecipe vidarebefordrar userId och trimmar username', async () => {
|
|
recipesServiceMock.shareWithUser.mockResolvedValue(undefined);
|
|
|
|
await controller.shareRecipe(1, { username: ' alice ' } as any, makeUser());
|
|
|
|
expect(recipesServiceMock.shareWithUser).toHaveBeenCalledWith(1, 42, 'alice');
|
|
});
|
|
|
|
it('unshareRecipe vidarebefordrar userId och trimmar username', async () => {
|
|
recipesServiceMock.unshareWithUser.mockResolvedValue(undefined);
|
|
|
|
await controller.unshareRecipe(1, ' alice ', makeUser());
|
|
|
|
expect(recipesServiceMock.unshareWithUser).toHaveBeenCalledWith(1, 42, 'alice');
|
|
});
|
|
|
|
it('setVisibility vidarebefordrar userId till service', async () => {
|
|
recipesServiceMock.setVisibility.mockResolvedValue(undefined);
|
|
|
|
await controller.setVisibility(1, { isPublic: true } as any, makeUser());
|
|
|
|
expect(recipesServiceMock.setVisibility).toHaveBeenCalledWith(1, 42, true);
|
|
});
|
|
});
|