Add create user test and refactor other tests

tests/fixtures/token.fixture.js

@@ -5,12 +5,12 @@ const tokenService = require('../../src/services/token.service');
 const { userOne, admin } = require('./user.fixture');
 
 const accessTokenExpires = moment().add(config.jwt.accessExpirationMinutes, 'minutes');
-const userOneAccessToken = tokenService.generateToken(userOne.id, accessTokenExpires);
-const adminAccessToken = tokenService.generateToken(admin.id, accessTokenExpires);
+const userOneAccessToken = tokenService.generateToken(userOne._id, accessTokenExpires);
+const adminAccessToken = tokenService.generateToken(admin._id, accessTokenExpires);
 
 const refreshTokenExpires = moment().add(config.jwt.refreshExpirationDays, 'days');
 const userOneRefreshTokenDoc = {
-  token: tokenService.generateToken(userOne.id, refreshTokenExpires),
+  token: tokenService.generateToken(userOne._id, refreshTokenExpires),
   user: userOne._id,
   type: 'refresh',
   expires: refreshTokenExpires.toDate(),

tests/integration/auth.test.js

@@ -10,13 +10,16 @@ setupDatabase();
 
 describe('Auth route', () => {
   describe('POST /v1/auth/register', () => {
-    test('should return 201 and successfully register user if request data is ok', async () => {
-      const newUser = {
+    let newUser;
+    beforeEach(() => {
+      newUser = {
         name: faker.name.findName(),
         email: faker.internet.email().toLowerCase(),
         password: 'password1',
       };
+    });
 
+    test('should return 201 and successfully register user if request data is ok', async () => {
       const res = await request(app)
         .post('/v1/auth/register')
         .send(newUser)
@@ -36,24 +39,8 @@ describe('Auth route', () => {
       });
     });
 
-    test('should return 400 error if email is missing', async () => {
-      const newUser = {
-        name: faker.name.findName(),
-        password: 'password1',
-      };
-
-      await request(app)
-        .post('/v1/auth/register')
-        .send(newUser)
-        .expect(httpStatus.BAD_REQUEST);
-    });
-
     test('should return 400 error if email is invalid', async () => {
-      const newUser = {
-        name: faker.name.findName(),
-        email: 'invalidEmail',
-        password: 'password1',
-      };
+      newUser.email = 'invalidEmail';
 
       await request(app)
         .post('/v1/auth/register')
@@ -63,23 +50,7 @@ describe('Auth route', () => {
 
     test('should return 400 error if email is already used', async () => {
       await insertUsers([userOne]);
-      const newUser = {
-        name: faker.name.findName(),
-        email: userOne.email,
-        password: 'password1',
-      };
-
-      await request(app)
-        .post('/v1/auth/register')
-        .send(newUser)
-        .expect(httpStatus.BAD_REQUEST);
-    });
-
-    test('should return 400 error if password is missing', async () => {
-      const newUser = {
-        name: faker.name.findName(),
-        email: faker.internet.email().toLowerCase(),
-      };
+      newUser.email = userOne.email;
 
       await request(app)
         .post('/v1/auth/register')
@@ -88,11 +59,7 @@ describe('Auth route', () => {
     });
 
     test('should return 400 error if password length is less than 8 characters', async () => {
-      const newUser = {
-        name: faker.name.findName(),
-        email: faker.internet.email().toLowerCase(),
-        password: 'passwo1',
-      };
+      newUser.password = 'passwo1';
 
       await request(app)
         .post('/v1/auth/register')
@@ -101,11 +68,7 @@ describe('Auth route', () => {
     });
 
     test('should return 400 error if password does not contain both letters and numbers', async () => {
-      const newUser = {
-        name: faker.name.findName(),
-        email: faker.internet.email().toLowerCase(),
-        password: 'password',
-      };
+      newUser.password = 'password';
 
       await request(app)
         .post('/v1/auth/register')
@@ -119,18 +82,6 @@ describe('Auth route', () => {
         .send(newUser)
         .expect(httpStatus.BAD_REQUEST);
     });
-
-    test('should return 400 error if name is missing', async () => {
-      const newUser = {
-        email: faker.internet.email().toLowerCase(),
-        password: 'password1',
-      };
-
-      await request(app)
-        .post('/v1/auth/register')
-        .send(newUser)
-        .expect(httpStatus.BAD_REQUEST);
-    });
   });
 
   describe('POST /v1/auth/login', () => {
@@ -159,30 +110,6 @@ describe('Auth route', () => {
       });
     });
 
-    test('should return 400 error if email is missing', async () => {
-      await insertUsers([userOne]);
-      const loginCredentials = {
-        password: userOne.password,
-      };
-
-      await request(app)
-        .post('/v1/auth/login')
-        .send(loginCredentials)
-        .expect(httpStatus.BAD_REQUEST);
-    });
-
-    test('should return 400 error if password is missing', async () => {
-      await insertUsers([userOne]);
-      const loginCredentials = {
-        email: userOne.email,
-      };
-
-      await request(app)
-        .post('/v1/auth/login')
-        .send(loginCredentials)
-        .expect(httpStatus.BAD_REQUEST);
-    });
-
     test('should return 401 error if there are no users with that email', async () => {
       const loginCredentials = {
         email: userOne.email,

tests/integration/user.test.js

@@ -0,0 +1,139 @@
+const request = require('supertest');
+const faker = require('faker');
+const httpStatus = require('http-status');
+const app = require('../../src/app');
+const setupDatabase = require('../utils/setupDatabase');
+const { User } = require('../../src/models');
+const { userOne, admin, insertUsers } = require('../fixtures/user.fixture');
+const { userOneAccessToken, adminAccessToken } = require('../fixtures/token.fixture');
+
+setupDatabase();
+
+describe('User route', () => {
+  describe('POST /v1/users', () => {
+    let newUser;
+
+    beforeEach(() => {
+      newUser = {
+        name: faker.name.findName(),
+        email: faker.internet.email().toLowerCase(),
+        password: 'password1',
+        role: 'user',
+      };
+    });
+
+    test('should return 201 and successfully create new user if data is ok', async () => {
+      await insertUsers([admin]);
+
+      const res = await request(app)
+        .post('/v1/users')
+        .set('Authorization', `Bearer ${adminAccessToken}`)
+        .send(newUser)
+        .expect(httpStatus.CREATED);
+
+      expect(res.body).not.toHaveProperty('password');
+      expect(res.body).toEqual({ id: expect.anything(), name: newUser.name, email: newUser.email, role: newUser.role });
+
+      const dbUser = await User.findById(res.body.id);
+      expect(dbUser).toBeDefined();
+      expect(dbUser.password).not.toBe(newUser.password);
+      expect(dbUser).toMatchObject({ name: newUser.name, email: newUser.email, role: newUser.role });
+    });
+
+    test('should be able to create an admin as well', async () => {
+      await insertUsers([admin]);
+      newUser.role = 'admin';
+
+      const res = await request(app)
+        .post('/v1/users')
+        .set('Authorization', `Bearer ${adminAccessToken}`)
+        .send(newUser)
+        .expect(httpStatus.CREATED);
+
+      expect(res.body.role).toBe('admin');
+
+      const dbUser = await User.findById(res.body.id);
+      expect(dbUser.role).toBe('admin');
+    });
+
+    test('should return 401 error is access token is missing', async () => {
+      await request(app)
+        .post('/v1/users')
+        .send(newUser)
+        .expect(httpStatus.UNAUTHORIZED);
+    });
+
+    test('should return 403 error if logged in user is not admin', async () => {
+      await insertUsers([userOne]);
+
+      await request(app)
+        .post('/v1/users')
+        .set('Authorization', `Bearer ${userOneAccessToken}`)
+        .send(newUser)
+        .expect(httpStatus.FORBIDDEN);
+    });
+
+    test('should return 400 error if email is invalid', async () => {
+      await insertUsers([admin]);
+      newUser.email = 'invalidEmail';
+
+      await request(app)
+        .post('/v1/users')
+        .set('Authorization', `Bearer ${adminAccessToken}`)
+        .send(newUser)
+        .expect(httpStatus.BAD_REQUEST);
+    });
+
+    test('should return 400 error if email is already used', async () => {
+      await insertUsers([admin, userOne]);
+      newUser.email = userOne.email;
+
+      await request(app)
+        .post('/v1/users')
+        .set('Authorization', `Bearer ${adminAccessToken}`)
+        .send(newUser)
+        .expect(httpStatus.BAD_REQUEST);
+    });
+
+    test('should return 400 error if password is less than 8 characters', async () => {
+      await insertUsers([admin]);
+      newUser.password = 'passwo1';
+
+      await request(app)
+        .post('/v1/users')
+        .set('Authorization', `Bearer ${adminAccessToken}`)
+        .send(newUser)
+        .expect(httpStatus.BAD_REQUEST);
+    });
+
+    test('should return 400 error if password does not contain both letters and numbers', async () => {
+      await insertUsers([admin]);
+      newUser.password = 'password';
+
+      await request(app)
+        .post('/v1/users')
+        .set('Authorization', `Bearer ${adminAccessToken}`)
+        .send(newUser)
+        .expect(httpStatus.BAD_REQUEST);
+
+      newUser.password = '1111111';
+
+      await request(app)
+        .post('/v1/users')
+        .set('Authorization', `Bearer ${adminAccessToken}`)
+        .send(newUser)
+        .expect(httpStatus.BAD_REQUEST);
+    });
+
+    test('should return 400 error if role is neither user nor admin', async () => {
+      await insertUsers([admin]);
+      newUser.role = 'invalid';
+
+      await request(app)
+        .post('/v1/users')
+        .set('Authorization', `Bearer ${adminAccessToken}`)
+        .send(newUser)
+        .expect(httpStatus.BAD_REQUEST);
+    });
+  });
+});