Updated a bunch of server/user tests to get better code coverage and …

…to test out the new functionality with user fields. Also updated the access checks so that they don't require calling the management API twice to get the user, only will get the user once now.
siacomuzzi · Dec 7, 2017 · 03d606b · 03d606b
1 parent da920ef
commit 03d606b
Show file tree

Hide file tree

Showing 7 changed files with 326 additions and 123 deletions.
diff --git a/server/lib/middlewares/verifyUserAccess.js b/server/lib/middlewares/verifyUserAccess.js
@@ -19,7 +19,11 @@ module.exports = (action, scriptManager) => (req, res, next) =>
         }
       };
 
-      return scriptManager.execute('access', accessContext);
+      return scriptManager.execute('access', accessContext)
+        .then(() => {
+          // cache the target user so we don't have to get it again if it is needed
+          req.targetUser = user;
+        });
     })
     .then(() => next())
     .catch(next);
diff --git a/server/lib/removeGuardian.js b/server/lib/removeGuardian.js
@@ -13,7 +13,7 @@ const requestClearGuardian = (token, enrollmentId) =>
       .del('https://' + config('AUTH0_DOMAIN') + '/api/v2/guardian/enrollments/' + enrollmentId)
       .set('Authorization', 'Bearer ' + token)
       .set('Content-Type', 'application/json')
-      .end((err) => {
+      .end((err, res) => {
         if (err) {
           return reject(err);
         }

diff --git a/server/routes/me.js b/server/routes/me.js
@@ -39,10 +39,8 @@ export default (scriptManager) => {
 
         return res.json(me);
       })
-      .catch((err) => {
-        if (err) {
-          logger.error(err.message);
-        }
+      .catch(err => {
+        logger.error(err.message);
         res.json(me);
       });
   });

diff --git a/server/routes/users.js b/server/routes/users.js
@@ -10,25 +10,21 @@ import logger from '../lib/logger';
 import { verifyUserAccess } from '../lib/middlewares';
 import removeGuardian from '../lib/removeGuardian';
 
-function executeWriteHook(req, res, scriptManager, userFields) {
-  return req.auth0.users.get({ id: req.params.id })
-    .then((user) => {
-      if (!user) {
-        res.status(404);
-        throw new Error('User not found');
-      }
-      const context = {
-        method: 'update',
-        request: {
-          user: req.user,
-          originalUser: user
-        },
-        payload: req.body,
-        userFields
-      };
-      return context;
-    })
-    .then(context => scriptManager.execute('create', context));
+function executeWriteHook(req, scriptManager, userFields) {
+  const user = req.targetUser;
+  const context = {
+    method: 'update',
+    request: {
+      user: req.user,
+      originalUser: user
+    },
+    payload: req.body,
+    userFields
+  };
+  return scriptManager.execute('create', context)
+    .then(data => {
+      return data;
+    });
 }
 
 export default (storage, scriptManager) => {
@@ -61,9 +57,7 @@ export default (storage, scriptManager) => {
         };
 
         return scriptManager.execute('create', createContext)
-          .then((result) => {
-            const payload = result || createContext.defaultPayload;
-
+          .then((payload) => {
             if (!payload.email || payload.email.length === 0) {
               throw new ValidationError('The email address is required.');
             }
@@ -120,60 +114,44 @@ export default (storage, scriptManager) => {
             }))
           .then(() => data))
       .then(users => res.json(users))
-      .catch(next);
+      .catch(err => next(err));
   });
 
   /*
    * Get a single user.
    */
   api.get('/:id', verifyUserAccess('read:user', scriptManager), (req, res, next) => {
-    req.auth0.users.get({ id: req.params.id })
-      .then((user) => {
-        if (!user) {
-          res.status(404);
-          throw new Error('User not found');
-        }
-
-        const membershipContext = {
-          request: {
-            user: req.user
-          },
-          payload: {
-            user
-          }
-        };
+    const user = req.targetUser;
+    const membershipContext = {
+      request: {
+        user: req.user
+      },
+      payload: {
+        user
+      }
+    };
 
-        return scriptManager.execute('memberships', membershipContext)
-          .then((result) => {
-            if (result && Array.isArray(result)) {
-              return {
-                user,
-                memberships: result
-              };
-            }
+    return scriptManager.execute('memberships', membershipContext)
+      .then((result) => {
+        if (result && Array.isArray(result)) {
+          return {
+            user,
+            memberships: result
+          };
+        }
 
-            if (result && result.memberships) {
-              return {
-                user,
-                memberships: result.memberships
-              };
-            }
+        if (result && result.memberships) {
+          return {
+            user,
+            memberships: result.memberships
+          };
+        }
 
-            return {
-              user,
-              memberships: []
-            };
-          });
+        return {
+          user,
+          memberships: []
+        };
       })
-      .then(data =>
-        scriptManager.execute('access', {
-          request: { user: req.user },
-          payload: { user: data.user, action: 'read:user' }
-        })
-          .then((parsedUser) => {
-            data.user = parsedUser || data.user;
-            return data;
-          }))
       .then(data => res.json(data))
       .catch((err) => {
         logger.error('Failed to get user because: ', err);
@@ -197,17 +175,19 @@ export default (storage, scriptManager) => {
   /*
    * Patch a user.
    */
-  api.patch('/:id', (req, res, next) => {
+  api.patch('/:id', verifyUserAccess('change:profile', scriptManager), (req, res, next) => {
     const settingsContext = {
       request: {
         user: req.user
       }
     };
 
     scriptManager.execute('settings', settingsContext)
-      .then(settings => executeWriteHook(req, res, scriptManager, settings.userFields))
-      .then(payload => req.auth0.users.update({ id: req.params.id }, payload))
-      .then(() => res.status(201).send())
+      .then(settings => executeWriteHook(req, scriptManager, settings.userFields))
+      .then(payload => {
+        return req.auth0.users.update({ id: req.params.id }, payload)
+      })
+      .then(() => res.status(204).send())
       .catch(next);
   });
 
@@ -220,9 +200,9 @@ export default (storage, scriptManager) => {
       clientId: config('AUTH0_CLIENT_ID')
     });
 
-    req.auth0.users.get({ id: req.params.id, fields: 'email' })
-      .then(user => ({ email: user.email, connection: req.body.connection, client_id: req.body.clientId }))
-      .then(data => client.requestChangePasswordEmail(data))
+    const user = req.targetUser;
+    const data = { email: user.email, connection: req.body.connection, client_id: req.body.clientId };
+    return client.requestChangePasswordEmail(data)
       .then(() => res.sendStatus(204))
       .catch(next);
   });
@@ -245,7 +225,7 @@ export default (storage, scriptManager) => {
       .then((settings) => {
         // If userFields is specified in the settings hook, then call the write hook and pass the userFields.
         if (settings && settings.userFields) {
-          return executeWriteHook(req, res, scriptManager, settings.userFields)
+          return executeWriteHook(req, scriptManager, settings.userFields)
             .then((payload) => {
               if (!payload.password) {
                 throw new ValidationError('The password is required.');
@@ -286,7 +266,7 @@ export default (storage, scriptManager) => {
       .then((settings) => {
         // If userFields is specified in the settings hook, then call the write hook and pass the userFields.
         if (settings && settings.userFields) {
-          executeWriteHook(req, res, scriptManager, settings.userFields)
+          executeWriteHook(req, scriptManager, settings.userFields)
             .then((payload) => {
               if (!payload.username) {
                 throw new ValidationError('The username is required.');
@@ -319,7 +299,7 @@ export default (storage, scriptManager) => {
       .then((settings) => {
         // If userFields is specified in the settings hook, then call the write hook and pass the userFields.
         if (settings && settings.userFields) {
-          executeWriteHook(req, res, scriptManager, settings.userFields)
+          executeWriteHook(req, scriptManager, settings.userFields)
             .then((payload) => {
               if (!payload.email) {
                 throw new ValidationError('The email is required.');

diff --git a/tests/server/routes/me.tests.js b/tests/server/routes/me.tests.js
@@ -1,3 +1,4 @@
+import _ from 'lodash';
 import expect from 'expect';
 import Promise from 'bluebird';
 import request from 'supertest';
@@ -6,8 +7,10 @@ import express from 'express';
 import me from '../../../server/routes/me';
 import ScriptManager from '../../../server/lib/scriptmanager';
 import { user } from '../../utils/dummyData';
+import * as constants from '../../../server/constants';
 
-function initServer(script) {
+
+function initServer(script, newUser) {
   const storage = {
     read: () => Promise.resolve(storage.data),
     data: {
@@ -18,7 +21,8 @@ function initServer(script) {
   };
 
   const app = express();
-  app.use('/me', (req, res, next) => { req.user = user; next(); }, me(new ScriptManager(storage)));
+  const theUser = newUser || user;
+  app.use('/me', (req, res, next) => { req.user = theUser; next(); }, me(new ScriptManager(storage)));
   return app;
 }
 
@@ -116,4 +120,21 @@ describe('# /me', () => {
         return done();
       });
   });
+
+  it('check role 2', (done) => {
+    const newUser = _.cloneDeep(user);
+    newUser.scope += ` ${constants.ADMIN_PERMISSION}`;
+    const app = initServer(undefined, newUser);
+    request(app)
+      .get('/me')
+      .expect(200)
+      .end((err, res) => {
+        if (err) {
+          return done(err);
+        }
+
+        expect(res.body.role).toEqual(2);
+        return done();
+      });
+  });
 });