Merge pull request auth0-extensions#27 from mostekcm/mostekcm-improve…

…-tests Updated a bunch of server/user tests to get better code coverage and …
siacomuzzi · Dec 7, 2017 · 1b423a0 · 1b423a0
2 parents 066fa82 + 03d606b
commit 1b423a0
Show file tree

Hide file tree

Showing 7 changed files with 326 additions and 123 deletions.
diff --git a/server/lib/middlewares/verifyUserAccess.js b/server/lib/middlewares/verifyUserAccess.js
@@ -19,7 +19,11 @@ module.exports = (action, scriptManager) => (req, res, next) =>
         }
       };
 
-      return scriptManager.execute('access', accessContext);
+      return scriptManager.execute('access', accessContext)
+        .then(() => {
+          // cache the target user so we don't have to get it again if it is needed
+          req.targetUser = user;
+        });
     })
     .then(() => next())
     .catch(next);
diff --git a/server/lib/removeGuardian.js b/server/lib/removeGuardian.js
@@ -13,7 +13,7 @@ const requestClearGuardian = (token, enrollmentId) =>
       .del('https://' + config('AUTH0_DOMAIN') + '/api/v2/guardian/enrollments/' + enrollmentId)
       .set('Authorization', 'Bearer ' + token)
       .set('Content-Type', 'application/json')
-      .end((err) => {
+      .end((err, res) => {
         if (err) {
           return reject(err);
         }

diff --git a/server/routes/me.js b/server/routes/me.js
@@ -39,10 +39,8 @@ export default (scriptManager) => {
 
         return res.json(me);
       })
-      .catch((err) => {
-        if (err) {
-          logger.error(err.message);
-        }
+      .catch(err => {
+        logger.error(err.message);
         res.json(me);
       });
   });

diff --git a/server/routes/users.js b/server/routes/users.js
@@ -10,25 +10,21 @@ import logger from '../lib/logger';
 import { verifyUserAccess } from '../lib/middlewares';
 import removeGuardian from '../lib/removeGuardian';
 
-function executeWriteHook(req, res, scriptManager, userFields) {
-  return req.auth0.users.get({ id: req.params.id })
-    .then((user) => {
-      if (!user) {
-        res.status(404);
-        throw new Error('User not found');
-      }
-      const context = {
-        method: 'update',
-        request: {
-          user: req.user,
-          originalUser: user
-        },
-        payload: req.body,
-        userFields
-      };
-      return context;
-    })
-    .then(context => scriptManager.execute('create', context));
+function executeWriteHook(req, scriptManager, userFields) {
+  const user = req.targetUser;
+  const context = {
+    method: 'update',
+    request: {
+      user: req.user,
+      originalUser: user
+    },
+    payload: req.body,
+    userFields
+  };
+  return scriptManager.execute('create', context)
+    .then(data => {
+      return data;
+    });
 }
 
 export default (storage, scriptManager) => {
@@ -61,9 +57,7 @@ export default (storage, scriptManager) => {
         };
 
         return scriptManager.execute('create', createContext)
-          .then((result) => {
-            const payload = result || createContext.defaultPayload;
-
+          .then((payload) => {
             if (!payload.email || payload.email.length === 0) {
               throw new ValidationError('The email address is required.');
             }
@@ -120,60 +114,44 @@ export default (storage, scriptManager) => {
             }))
           .then(() => data))
       .then(users => res.json(users))
-      .catch(next);
+      .catch(err => next(err));
   });
 
   /*
    * Get a single user.
    */
   api.get('/:id', verifyUserAccess('read:user', scriptManager), (req, res, next) => {
-    req.auth0.users.get({ id: req.params.id })
-      .then((user) => {
-        if (!user) {
-          res.status(404);
-          throw new Error('User not found');
-        }
-
-        const membershipContext = {
-          request: {
-            user: req.user
-          },
-          payload: {
-            user
-          }
-        };
+    const user = req.targetUser;
+    const membershipContext = {
+      request: {
+        user: req.user
+      },
+      payload: {
+        user
+      }
+    };
 
-        return scriptManager.execute('memberships', membershipContext)
-          .then((result) => {
-            if (result && Array.isArray(result)) {
-              return {
-                user,
-                memberships: result
-              };
-            }
+    return scriptManager.execute('memberships', membershipContext)
+      .then((result) => {
+        if (result && Array.isArray(result)) {
+          return {
+            user,
+            memberships: result
+          };
+        }
 
-            if (result && result.memberships) {
-              return {
-                user,
-                memberships: result.memberships
-              };
-            }
+        if (result && result.memberships) {
+          return {
+            user,
+            memberships: result.memberships
+          };
+        }
 
-            return {
-              user,
-              memberships: []
-            };
-          });
+        return {
+          user,
+          memberships: []
+        };
       })
-      .then(data =>
-        scriptManager.execute('access', {
-          request: { user: req.user },
-          payload: { user: data.user, action: 'read:user' }
-        })
-          .then((parsedUser) => {
-            data.user = parsedUser || data.user;
-            return data;
-          }))
       .then(data => res.json(data))
       .catch((err) => {
         logger.error('Failed to get user because: ', err);
@@ -197,17 +175,19 @@ export default (storage, scriptManager) => {
   /*
    * Patch a user.
    */
-  api.patch('/:id', (req, res, next) => {
+  api.patch('/:id', verifyUserAccess('change:profile', scriptManager), (req, res, next) => {
     const settingsContext = {
       request: {
         user: req.user
       }
     };
 
     scriptManager.execute('settings', settingsContext)
-      .then(settings => executeWriteHook(req, res, scriptManager, settings.userFields))
-      .then(payload => req.auth0.users.update({ id: req.params.id }, payload))
-      .then(() => res.status(201).send())
+      .then(settings => executeWriteHook(req, scriptManager, settings.userFields))
+      .then(payload => {
+        return req.auth0.users.update({ id: req.params.id }, payload)
+      })
+      .then(() => res.status(204).send())
       .catch(next);
   });
 
@@ -220,9 +200,9 @@ export default (storage, scriptManager) => {
       clientId: config('AUTH0_CLIENT_ID')
     });
 
-    req.auth0.users.get({ id: req.params.id, fields: 'email' })
-      .then(user => ({ email: user.email, connection: req.body.connection, client_id: req.body.clientId }))
-      .then(data => client.requestChangePasswordEmail(data))
+    const user = req.targetUser;
+    const data = { email: user.email, connection: req.body.connection, client_id: req.body.clientId };
+    return client.requestChangePasswordEmail(data)
       .then(() => res.sendStatus(204))
       .catch(next);
   });
@@ -245,7 +225,7 @@ export default (storage, scriptManager) => {
       .then((settings) => {
         // If userFields is specified in the settings hook, then call the write hook and pass the userFields.
         if (settings && settings.userFields) {
-          return executeWriteHook(req, res, scriptManager, settings.userFields)
+          return executeWriteHook(req, scriptManager, settings.userFields)
             .then((payload) => {
               if (!payload.password) {
                 throw new ValidationError('The password is required.');
@@ -286,7 +266,7 @@ export default (storage, scriptManager) => {
       .then((settings) => {
         // If userFields is specified in the settings hook, then call the write hook and pass the userFields.
         if (settings && settings.userFields) {
-          executeWriteHook(req, res, scriptManager, settings.userFields)
+          executeWriteHook(req, scriptManager, settings.userFields)
             .then((payload) => {
               if (!payload.username) {
                 throw new ValidationError('The username is required.');
@@ -319,7 +299,7 @@ export default (storage, scriptManager) => {
       .then((settings) => {
         // If userFields is specified in the settings hook, then call the write hook and pass the userFields.
         if (settings && settings.userFields) {
-          executeWriteHook(req, res, scriptManager, settings.userFields)
+          executeWriteHook(req, scriptManager, settings.userFields)
             .then((payload) => {
               if (!payload.email) {
                 throw new ValidationError('The email is required.');

diff --git a/tests/server/routes/me.tests.js b/tests/server/routes/me.tests.js
@@ -1,3 +1,4 @@
+import _ from 'lodash';
 import expect from 'expect';
 import Promise from 'bluebird';
 import request from 'supertest';
@@ -6,8 +7,10 @@ import express from 'express';
 import me from '../../../server/routes/me';
 import ScriptManager from '../../../server/lib/scriptmanager';
 import { user } from '../../utils/dummyData';
+import * as constants from '../../../server/constants';
 
-function initServer(script) {
+
+function initServer(script, newUser) {
   const storage = {
     read: () => Promise.resolve(storage.data),
     data: {
@@ -18,7 +21,8 @@ function initServer(script) {
   };
 
   const app = express();
-  app.use('/me', (req, res, next) => { req.user = user; next(); }, me(new ScriptManager(storage)));
+  const theUser = newUser || user;
+  app.use('/me', (req, res, next) => { req.user = theUser; next(); }, me(new ScriptManager(storage)));
   return app;
 }
 
@@ -116,4 +120,21 @@ describe('# /me', () => {
         return done();
       });
   });
+
+  it('check role 2', (done) => {
+    const newUser = _.cloneDeep(user);
+    newUser.scope += ` ${constants.ADMIN_PERMISSION}`;
+    const app = initServer(undefined, newUser);
+    request(app)
+      .get('/me')
+      .expect(200)
+      .end((err, res) => {
+        if (err) {
+          return done(err);
+        }
+
+        expect(res.body.role).toEqual(2);
+        return done();
+      });
+  });
 });