Skip to content
This repository has been archived by the owner on Feb 5, 2024. It is now read-only.

Commit

Permalink
Merge pull request #366 from SELab-2/api/test/route-address-extra
Browse files Browse the repository at this point in the history 
API: extra tests address
  • Loading branch information
@jenspots
jenspots authored May 10, 2023
2 parents 9bb554c + 85ed2e9 commit b159d24
Show file tree
Hide file tree
Showing 5 changed files with 254 additions and 5 deletions.
11 changes: 10 additions & 1 deletion api/__tests__/mock/address.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,16 @@ export async function initialiseAddress() {
longitude: 3.71847,
};

const address4 = {
street: "Krijgslaan",
number: 282,
city: "Ghent",
zip_code: 9000,
latitude: 51.02776,
longitude: 3.71847,
};

await prisma.address.createMany({
data: [address1, address2, address3],
data: [address1, address2, address3, address4],
});
}
235 changes: 233 additions & 2 deletions api/__tests__/routes/address.test.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,12 @@ import {
initialiseDatabase,
restoreTables,
} from "../mock/database";
import {
badRequestResponse,
forbiddenResponse,
methodNotAllowedResponse,
notFoundResponse,
} from "../utilities/constants";

describe("Address tests", () => {
let runner: Testrunner;
Expand Down Expand Up @@ -83,8 +89,233 @@ describe("Address tests", () => {
});
});

afterAll(() => {
app.close();
test("DELETE /address/:id", async () => {
await runner.delete({ url: "/address/4" });
//verify that the address is truly deleted (no getAll method)
await runner.get({
url: "/address/4",
expectedData: [notFoundResponse],
statusCode: 404,
});
});

test("PATCH /address/:id (Student own address)", async () => {
runner.authLevel(AuthenticationLevel.STUDENT);
const expected = {
street: "Wallaby Way",
number: 42,
city: "Gent",
zip_code: 2000,
latitude: -33.865143,
longitude: 151.2099,
id: 1,
};

await runner.patch({
url: "/address/1",
data: { city: "Gent" },
expectedResponse: expected,
});
});
});

describe("Unsuccesful requests", () => {
let runner: Testrunner;
beforeAll(async () => {
const server = request(app);
runner = new Testrunner(server);

await deleteDatabaseData();
await initialiseDatabase();
});

describe("Must be correctly authorized to use any path", () => {
const newAddress = {
street: "Krijgslaan",
number: 2,
city: "Ghent",
zip_code: 9000,
latitude: 51.02776,
longitude: 3.71847,
};

describe("Cannot reach any path without authorisation", () => {
beforeEach(() => {
runner.authLevel(AuthenticationLevel.UNAUTHORIZED);
});

test("Cannot reach GET /address", async () => {
await runner.get({
url: "/address",
expectedData: [forbiddenResponse],
statusCode: 403,
});
});

test("Cannot reach GET /address/:id", async () => {
await runner.get({
url: "/address/1",
expectedData: [forbiddenResponse],
statusCode: 403,
});
});

test("Cannot reach POST /address", async () => {
await runner.post({
url: "/address",
data: newAddress,
expectedResponse: forbiddenResponse,
statusCode: 403,
});
});

test("Cannot reach PATCH /address/:id", async () => {
await runner.patch({
url: "/address/1",
data: newAddress,
expectedResponse: forbiddenResponse,
statusCode: 403,
});
});

test("Cannot reach DELETE /address/:id", async () => {
await runner.delete({
url: "/address/1",
statusCode: 403,
});
});
});
describe("Cannot reach any path as a student", () => {
beforeEach(() => {
runner.authLevel(AuthenticationLevel.STUDENT);
});

test("Cannot reach GET /address", async () => {
await runner.get({
url: "/address",
expectedData: [forbiddenResponse],
statusCode: 403,
});
});

test("Cannot reach POST /address", async () => {
await runner.post({
url: "/address",
data: newAddress,
expectedResponse: forbiddenResponse,
statusCode: 403,
});
});

test("PATCH /address/:id (not own address)", async () => {
const expected = {
street: "Wallaby Way",
number: 42,
city: "Gent",
zip_code: 2000,
latitude: -33.865143,
longitude: 151.2099,
id: 1,
};

await runner.patch({
url: "/address/2",
data: { city: "Gent" },
expectedResponse: forbiddenResponse,
statusCode: 403,
});
});

test("Cannot reach DELETE /address/:id", async () => {
await runner.delete({
url: "/address/1",
statusCode: 403,
});
});
});
});
describe("The requested path must exist", () => {
beforeEach(() => {
runner.authLevel(AuthenticationLevel.ADMINISTRATOR);
});

test("Find a nonexistent address", async () => {
await runner.get({
url: "/address/1000",
expectedData: [notFoundResponse],
statusCode: 404,
});
});

test("Update a nonexistent address", async () => {
const newAddress = {
street: "Krijgslaan",
number: 2,
};
await runner.patch({
url: "/address/1000",
data: newAddress,
expectedResponse: notFoundResponse,
statusCode: 404,
});
});
test("Delete a nonexistent address", async () => {
await runner.delete({ url: "/address/1000", statusCode: 404 });
});
});
describe("The type of address id must be correct", () => {
beforeEach(() => {
runner.authLevel(AuthenticationLevel.ADMINISTRATOR);
});

test("GET request", async () => {
await runner.get({
url: "/address/wrongtype",
expectedData: [badRequestResponse],
statusCode: 400,
});
});

test("PATCH request", async () => {
const newAddress = {
street: "Krijgslaan",
number: 2,
city: "Ghent",
zip_code: 9000,
latitude: 51.02776,
longitude: 3.71847,
};

await runner.patch({
url: "/address/wrongtype",
data: newAddress,
expectedResponse: badRequestResponse,
statusCode: 400,
});
});

test("DELETE request", async () => {
await runner.delete({
url: "/address/wrongtype",
statusCode: 400,
});
});
});
describe("The type of address id must be correct", () => {
beforeEach(() => {
runner.authLevel(AuthenticationLevel.ADMINISTRATOR);
});
test("Cannot reach GET /address", async () => {
await runner.get({
url: "/address",
expectedData: [methodNotAllowedResponse],
statusCode: 405,
});
});
});
});

afterAll(() => {
app.close();
});
});
4 changes: 2 additions & 2 deletions api/__tests__/routes/user.test.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -176,13 +176,13 @@ describe("User tests", () => {
last_login: "2020-01-01T00:00:00.000Z",
date_added: "2020-01-01T00:00:00.000Z",
phone: "23457890",
address_id: 4,
address_id: 5,
student: false,
super_student: true,
admin: false,
deleted: false,
address: {
id: 4,
id: 5,
street: "street",
number: 1,
city: "Gent",
Expand Down
4 changes: 4 additions & 0 deletions api/__tests__/utilities/constants.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,3 +29,7 @@ export const badRequestForeignKey = {
message: "Bad Request",
detail: "Foreign key constraint failed",
};

export const methodNotAllowedResponse = {
message: "Method not allowed",
};
5 changes: 5 additions & 0 deletions api/src/routes/address.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,11 @@ export class AddressRouting extends Routing {
async updateOne(req: CustomRequest, res: express.Response) {
const addressIdentifier = Parser.number(req.params["id"]);

// Must be a valid identifier.
if (!addressIdentifier || Number.isNaN(addressIdentifier)) {
throw new APIError(APIErrorCode.BAD_REQUEST);
}

// If the user is a student, they can only update their own address.
if (
process.env["DISABLE_AUTH"] !== "true" &&
Expand Down

0 comments on commit b159d24

Please sign in to comment.