API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jun 20th, 2019
90
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.73 KB | None | 0 0
raw download clone embed print report
  1. // Tests
  2. const request = require('supertest');
  3. const mongoose = require('mongoose');
  4. const app = require('../src/app');
  5. const Task = require('../src/models/task');
  6. const Project = require('../src/models/project');
  7. const {
  8. setUpDatabase,
  9. userOne,
  10. userTwo,
  11. taskOne,
  12. taskTwo,
  13. listOne,
  14. listTwo,
  15. projectOne,
  16. projectTwo,
  17. authorizedUserOneToken,
  18. authorizedUserTwoToken,
  19. } = require('./setupTests');
  20.  
  21. describe('Creating Projects', () => {
  22. beforeAll(setUpDatabase);
  23.  
  24. test('Should create a project for User One', async () => {
  25. const newProj = {
  26. _id: new mongoose.Types.ObjectId(),
  27. name: 'new project for user one',
  28. };
  29. const authToken = await authorizedUserOneToken();
  30. await request(app)
  31. .post('/projects')
  32. .set('Authorization', authToken)
  33. .send(newProj)
  34. .expect(201);
  35.  
  36. const project = await Project.findById(newProj._id);
  37. expect(project).not.toBeNull();
  38. });
  39.  
  40. test('Should not create a project with blank name', async () => {
  41. const newProj = {
  42. _id: new mongoose.Types.ObjectId(),
  43. name: ' ',
  44. };
  45. const authToken = await authorizedUserOneToken();
  46. await request(app)
  47. .post('/projects')
  48. .set('Authorization', authToken)
  49. .send(newProj)
  50. .expect(400);
  51.  
  52. const project = await Project.findById(newProj._id);
  53. expect(project).toBeNull();
  54. });
  55. });
  56.  
  57. describe('Reading Projects', () => {
  58. beforeAll(setUpDatabase);
  59.  
  60. test('Should read project by ID', async () => {
  61. const authToken = await authorizedUserOneToken();
  62. const response = await request(app)
  63. .get(`/projects/${projectOne._id}`)
  64. .set('Authorization', authToken)
  65. .expect(200);
  66. expect(response.body.project.name).toBe(projectOne.name);
  67. });
  68.  
  69. test('Should not read project by ID for a user that is not the owner or team member', async () => {
  70. const authToken = await authorizedUserOneToken();
  71. await request(app)
  72. .get(`/projects/${projectTwo._id}`)
  73. .set('Authorization', authToken)
  74. .expect(400);
  75. });
  76.  
  77. test('Should read all projects for user', async () => {
  78. const authToken = await authorizedUserOneToken();
  79. const response = await request(app)
  80. .get(`/projects`)
  81. .set('Authorization', authToken)
  82. .expect(200);
  83. expect(response.body.projects.length).toBe(1);
  84. });
  85. });
  86.  
  87. describe('Updating Projects', () => {
  88. beforeEach(setUpDatabase);
  89.  
  90. test('Should update name of project by id', async () => {
  91. const authToken = await authorizedUserOneToken();
  92. await request(app)
  93. .patch(`/projects/${projectOne._id}`)
  94. .set('Authorization', authToken)
  95. .send({ name: 'new project name' })
  96. .expect(200);
  97. const project = await Project.findById(projectOne._id);
  98. expect(project.name).not.toBe(projectOne.name);
  99. });
  100.  
  101. test('Should not update project if changing unauthorized field like id', async () => {
  102. const authToken = await authorizedUserOneToken();
  103. await request(app)
  104. .patch(`/projects/${projectOne._id}`)
  105. .set('Authorization', authToken)
  106. .send({ _id: new mongoose.Types.ObjectId(), name: 'new project name' })
  107. .expect(400);
  108. const project = await Project.findById(projectOne._id);
  109. expect(project.name).toBe(projectOne.name);
  110. });
  111. });
  112.  
  113. describe('Deleting Projects', () => {
  114. beforeEach(setUpDatabase);
  115.  
  116. test('Should delete project by ID with authorized user', async () => {
  117. const authToken = await authorizedUserTwoToken();
  118. await request(app)
  119. .delete(`/projects/${projectTwo._id}`)
  120. .set('Authorization', authToken)
  121. .send()
  122. .expect(200);
  123. const project = await Project.findById(projectTwo._id);
  124. expect(project).toBeNull();
  125. });
  126.  
  127. test('Should not delete project by ID with unauthorized user', async () => {
  128. const authToken = await authorizedUserTwoToken();
  129. await request(app)
  130. .delete(`/projects/${projectOne._id}`)
  131. .set('Authorization', authToken)
  132. .send()
  133. .expect(400);
  134. const project = await Project.findById(projectOne._id);
  135. expect(project).not.toBeNull();
  136. });
  137. });
  138.  
  139. // Project auth middleware
  140. const Project = require('../models/project');
  141.  
  142. const projectAuth = async (req, res, next) => {
  143. try {
  144. const project = await Project.findById(req.params.id);
  145. let isAuthorized = project.owner.toString() === req.user._id.toString();
  146. // check if teammember
  147. if (!isAuthorized) {
  148. throw new Error();
  149. }
  150. req.project = project;
  151. next();
  152. } catch (error) {
  153. res.status(400).send();
  154. }
  155. };
  156.  
  157. module.exports = projectAuth;
  158.  
  159. // project router
  160. const express = require('express');
  161. const router = express.Router();
  162. const auth = require('../middleware/auth');
  163. const projectAuth = require('../middleware/projectAuth');
  164. const Project = require('../models/project');
  165.  
  166. router.post('/projects', auth, async (req, res) => {
  167. try {
  168. const project = new Project(req.body);
  169. project.owner = req.user._id;
  170. await project.save();
  171. res.status(201).send(project);
  172. } catch (error) {
  173. res.status(400).send();
  174. }
  175. });
  176.  
  177. router.get('/projects', auth, async (req, res) => {
  178. try {
  179. const projects = await Project.find({ owner: req.user._id });
  180. res.send({ projects });
  181. } catch (error) {
  182. res.status(400).send();
  183. }
  184. });
  185.  
  186. router.get('/projects/:id', auth, projectAuth, (req, res) => {
  187. try {
  188. res.send({ project: req.project });
  189. } catch (error) {
  190. res.status(400).send();
  191. }
  192. });
  193.  
  194. router.patch('/projects/:id', auth, projectAuth, async (req, res) => {
  195. try {
  196. const updatable = ['name'];
  197. const updates = Object.keys(req.body);
  198. const isValidUpdate = updates.every(update => updatable.includes(update));
  199. if (!isValidUpdate) {
  200. throw new Error();
  201. }
  202. updates.forEach(update => (req.project[update] = req.body[update]));
  203. await req.project.save();
  204. res.send({ project: req.project });
  205. } catch (error) {
  206. res.status(400).send();
  207. }
  208. });
  209.  
  210. router.delete('/projects/:id', auth, projectAuth, async (req, res) => {
  211. try {
  212. const project = await req.project.remove();
  213. res.send({ project });
  214. } catch (error) {
  215. res.status(400).send();
  216. }
  217. });
  218. module.exports = router;
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!