Add update user api tests

src/validations/custom.validation.js

@@ -1,6 +1,6 @@
-const objectId = value => {
+const objectId = (value, helpers) => {
   if (!value.match(/^[0-9a-fA-F]{24}$/)) {
-    throw Error('is not a valid mongo id');
+    return helpers.message('"{{#label}}" must be a valid mongo id');
   }
   return value;
 };

tests/integration/user.test.js

@@ -4,7 +4,7 @@ const httpStatus = require('http-status');
 const app = require('../../src/app');
 const setupDatabase = require('../utils/setupDatabase');
 const { User } = require('../../src/models');
-const { userOne, admin, insertUsers } = require('../fixtures/user.fixture');
+const { userOne, userTwo, admin, insertUsers } = require('../fixtures/user.fixture');
 const { userOneAccessToken, adminAccessToken } = require('../fixtures/token.fixture');
 
 setupDatabase();
@@ -136,4 +136,151 @@ describe('User routes', () => {
         .expect(httpStatus.BAD_REQUEST);
     });
   });
+
+  describe('PATCH /v1/users/:userId', () => {
+    test('should return 200 and successfully update user if data is ok', async () => {
+      await insertUsers([userOne]);
+      const updateBody = {
+        name: faker.name.findName(),
+        email: faker.internet.email().toLowerCase(),
+        password: 'newPassword1',
+      };
+
+      const res = await request(app)
+        .patch(`/v1/users/${userOne._id}`)
+        .set('Authorization', `Bearer ${userOneAccessToken}`)
+        .send(updateBody)
+        .expect(httpStatus.OK);
+
+      expect(res.body).not.toHaveProperty('password');
+      expect(res.body).toEqual({
+        id: userOne._id.toHexString(),
+        name: updateBody.name,
+        email: updateBody.email,
+        role: 'user',
+      });
+
+      const dbUser = await User.findById(userOne._id);
+      expect(dbUser).toBeDefined();
+      expect(dbUser.password).not.toBe(updateBody.password);
+      expect(dbUser).toMatchObject({ name: updateBody.name, email: updateBody.email, role: 'user' });
+    });
+
+    test('should return 401 error if access token is missing', async () => {
+      await insertUsers([userOne]);
+      const updateBody = { name: faker.name.findName() };
+
+      await request(app)
+        .patch(`/v1/users/${userOne._id}`)
+        .send(updateBody)
+        .expect(httpStatus.UNAUTHORIZED);
+    });
+
+    test('should return 403 if user is updating another user', async () => {
+      await insertUsers([userOne, userTwo]);
+      const updateBody = { name: faker.name.findName() };
+
+      await request(app)
+        .patch(`/v1/users/${userTwo._id}`)
+        .set('Authorization', `Bearer ${userOneAccessToken}`)
+        .send(updateBody)
+        .expect(httpStatus.FORBIDDEN);
+    });
+
+    test('should return 200 and successfully update user if admin is updating another user', async () => {
+      await insertUsers([userOne, admin]);
+      const updateBody = { name: faker.name.findName() };
+
+      await request(app)
+        .patch(`/v1/users/${userOne._id}`)
+        .set('Authorization', `Bearer ${adminAccessToken}`)
+        .send(updateBody)
+        .expect(httpStatus.OK);
+    });
+
+    test('should return 404 if admin is updating another user that is not found', async () => {
+      await insertUsers([admin]);
+      const updateBody = { name: faker.name.findName() };
+
+      await request(app)
+        .patch(`/v1/users/${userOne._id}`)
+        .set('Authorization', `Bearer ${adminAccessToken}`)
+        .send(updateBody)
+        .expect(httpStatus.NOT_FOUND);
+    });
+
+    test('should return 400 error if userId is not a valid mongo id', async () => {
+      await insertUsers([admin]);
+      const updateBody = { name: faker.name.findName() };
+
+      await request(app)
+        .patch(`/v1/users/invalidId`)
+        .set('Authorization', `Bearer ${adminAccessToken}`)
+        .send(updateBody)
+        .expect(httpStatus.BAD_REQUEST);
+    });
+
+    test('should return 400 if email is invalid', async () => {
+      await insertUsers([userOne]);
+      const updateBody = { email: 'invalidEmail' };
+
+      await request(app)
+        .patch(`/v1/users/${userOne._id}`)
+        .set('Authorization', `Bearer ${userOneAccessToken}`)
+        .send(updateBody)
+        .expect(httpStatus.BAD_REQUEST);
+    });
+
+    test('should return 400 if email is already taken', async () => {
+      await insertUsers([userOne, userTwo]);
+      const updateBody = { email: userTwo.email };
+
+      await request(app)
+        .patch(`/v1/users/${userOne._id}`)
+        .set('Authorization', `Bearer ${userOneAccessToken}`)
+        .send(updateBody)
+        .expect(httpStatus.BAD_REQUEST);
+    });
+
+    test('should not return 400 if email is my email', async () => {
+      await insertUsers([userOne]);
+      const updateBody = { email: userOne.email };
+
+      await request(app)
+        .patch(`/v1/users/${userOne._id}`)
+        .set('Authorization', `Bearer ${userOneAccessToken}`)
+        .send(updateBody)
+        .expect(httpStatus.OK);
+    });
+
+    test('should return 400 if password length is less than 8 characters', async () => {
+      await insertUsers([userOne]);
+      const updateBody = { password: 'passwo1' };
+
+      await request(app)
+        .patch(`/v1/users/${userOne._id}`)
+        .set('Authorization', `Bearer ${userOneAccessToken}`)
+        .send(updateBody)
+        .expect(httpStatus.BAD_REQUEST);
+    });
+
+    test('should return 400 if password does not contain both letters and numbers', async () => {
+      await insertUsers([userOne]);
+      const updateBody = { password: 'password' };
+
+      await request(app)
+        .patch(`/v1/users/${userOne._id}`)
+        .set('Authorization', `Bearer ${userOneAccessToken}`)
+        .send(updateBody)
+        .expect(httpStatus.BAD_REQUEST);
+
+      updateBody.password = '11111111';
+
+      await request(app)
+        .patch(`/v1/users/${userOne._id}`)
+        .set('Authorization', `Bearer ${userOneAccessToken}`)
+        .send(updateBody)
+        .expect(httpStatus.BAD_REQUEST);
+    });
+  });
 });