Merge pull request #1514 from CVEProject/emathew/userCreateTest.js

david-rocca · web-flow · commit fcd694cf664b · 2025-09-10T10:17:03.000-04:00
Resolves issue #1503, Fix the userCreateTest.js unittest
diff --git a/src/controller/org.controller/org.controller.js b/src/controller/org.controller/org.controller.js
@@ -492,7 +492,7 @@ async function createUser (req, res, next) {
       }
 
       const users = await userRepo.findUsersByOrgShortname(orgShortName, { session })
-      if (users.toObject().length >= 100) {
+      if (users.length >= 100) {
         await session.abortTransaction()
         return res.status(400).json(error.userLimitReached())
       }
diff --git a/test/unit-tests/user/userCreateTest.js b/test/unit-tests/user/userCreateTest.js
@@ -3,13 +3,19 @@ const sinon = require('sinon')
 const chai = require('chai')
 const expect = chai.expect
 const { faker } = require('@faker-js/faker')
+const mongoose = require('mongoose')
+const argon2 = require('argon2')
 
 const { USER_CREATE_SINGLE } = require('../../../src/controller/org.controller/org.controller')
-
-const UserRepository = require('../../../src/repositories/userRepository')
-const OrgRepository = require('../../../src/repositories/orgRepository')
+const BaseOrgRepository = require('../../../src/repositories/baseOrgRepository.js')
+const RegistryUserModel = require('../../../src/model/registryuser.js')
+const BaseOrg = require('../../../src/model/baseorg.js')
+const BaseUserRepository = require('../../../src/repositories/baseUserRepository.js')
+const BaseUser = require('../../../src/model/baseuser.js')
+const UserRepository = require('../../../src/repositories/userRepository.js')
 
 const stubOrgUUID = faker.datatype.uuid()
+const stubUserUUID = faker.datatype.uuid()
 
 const stubOrg = {
   short_name: 'stubOrg',
@@ -19,16 +25,36 @@ const stubOrg = {
     active_roles: ['ADMIN', 'CNA']
   }
 }
-
+const fakeBaseUserSavedObject = {
+  username: 'test_user',
+  secret: 'test_secret',
+  role: 'Admin',
+  UUID: stubUserUUID
+}
+const fakeLegacySavedObject = {
+  short_name: 'mitre',
+  name: 'The MITRE Corporation',
+  authority: {
+    active_roles: [
+      'CNA',
+      'SECRETARIAT'
+    ]
+  },
+  policies: {
+    id_quota: 1000
+  }
+}
 const stubUser = {
   username: 'stubUser',
-  org_UUID: stubOrgUUID,
-  UUID: faker.datatype.uuid()
+  org_UUID: stubOrgUUID
 }
 
+const fakeUserMongooseDocument = new BaseUser(fakeBaseUserSavedObject)
+const fakeOrgMongooseDocument = new BaseOrg(fakeLegacySavedObject)
+
 // eslint-disable-next-line mocha/no-skipped-tests
-describe.skip('Testing the POST /org/:shortname/user endpoint in Org Controller', () => {
-  let status, json, res, next, orgRepo, getOrgRepository, getUserRepository, userRepo, req, getOrg
+describe('Testing the POST /org/:shortname/user endpoint in Org Controller', () => {
+  let status, json, res, next, mockSession, baseOrgRepo, getBaseOrgRepository, baseUserRepo, getBaseUserRepository, req, userRepo, getUserRepository
 
   beforeEach(() => {
     status = sinon.stub()
@@ -37,51 +63,64 @@ describe.skip('Testing the POST /org/:shortname/user endpoint in Org Controller'
     next = sinon.spy()
     status.returns(res)
 
-    userRepo = new UserRepository()
-    getUserRepository = sinon.stub()
-    getUserRepository.returns(userRepo)
+    // Stub Mongoose session methods
+    mockSession = {
+      startTransaction: sinon.stub(),
+      commitTransaction: sinon.stub().resolves(),
+      abortTransaction: sinon.stub().resolves(),
+      endSession: sinon.stub().resolves()
+    }
+    sinon.stub(mongoose, 'startSession').resolves(mockSession)
 
-    orgRepo = new OrgRepository()
-    getOrgRepository = sinon.stub()
-    getOrgRepository.returns(orgRepo)
-    // May have to replace this based on tests
-    getOrg = sinon.stub(orgRepo, 'getOrgUUID').returns(stubOrgUUID)
-    sinon.stub(userRepo, 'findUsersByOrgUUID').returns(1)
-    sinon.stub(orgRepo, 'isSecretariatUUID').returns(false)
-    sinon.stub(userRepo, 'isAdminUUID').returns(true)
-    sinon.stub(userRepo, 'findOneByUserNameAndOrgUUID').returns(null)
-    sinon.stub(userRepo, 'updateByUserNameAndOrgUUID').returns(true)
-    sinon.stub(userRepo, 'aggregate').returns([stubUser])
-    sinon.stub(userRepo, 'getUserUUID').returns(stubUser.UUID)
+    baseOrgRepo = new BaseOrgRepository()
+    getBaseOrgRepository = sinon.stub().returns(baseOrgRepo)
+    baseUserRepo = new BaseUserRepository()
+    getBaseUserRepository = sinon.stub().returns(baseUserRepo)
+    userRepo = new UserRepository()
+    getUserRepository = sinon.stub().returns(userRepo)
 
     req = {
       ctx: {
         org: stubOrg.short_name,
         uuid: stubOrg.UUID,
         params: {
-
+          shortname: stubOrg.short_name
         },
         repositories: {
-          getOrgRepository,
+          getBaseOrgRepository,
+          getBaseUserRepository,
           getUserRepository
         },
         body: {
-          stubUser
+          ...stubUser
         }
       }
     }
   })
+  afterEach(() => {
+    sinon.restore()
+  })
   context('Positive Tests', () => {
     it('User is created', async () => {
+      sinon.stub(baseUserRepo, 'orgHasUser').resolves(false)
+      sinon.stub(baseUserRepo, 'isAdminOrSecretariat').resolves(true)
+      sinon.stub(argon2, 'hash').resolves('hashedPassword')
+      sinon.stub(BaseOrgRepository.prototype, 'findOneByShortName').resolves(fakeOrgMongooseDocument)
+      sinon.stub(baseUserRepo, 'findUsersByOrgShortname').resolves([fakeUserMongooseDocument])
+      sinon.stub(RegistryUserModel.prototype, 'save').resolves(fakeBaseUserSavedObject)
+      // stub the prototype since createUser in baseUserRepository creates a new internal instance of the legacy UserRepository
+      sinon.stub(UserRepository.prototype, 'updateByUserNameAndOrgUUID').resolves(fakeUserMongooseDocument)
+
       await USER_CREATE_SINGLE(req, res, next)
       expect(status.args[0][0]).to.equal(200)
       expect(res.json.args[0][0].message).contains('was successfully created')
     })
   })
   context('Negitive tests', () => {
     it('User Fails to be created because not in the same org', async () => {
+      sinon.stub(baseUserRepo, 'orgHasUser').resolves(false)
+      sinon.stub(baseUserRepo, 'isAdminOrSecretariat').resolves(false)
       req.ctx.org = 'FakeShortName'
-      getOrg.withArgs('FakeShortName').returns('FAKEUUID')
       await USER_CREATE_SINGLE(req, res, next)
       expect(status.args[0][0]).to.equal(403)
       expect(res.json.args[0][0].error).contains('NOT_ORG_ADMIN_OR_SECRETARIAT')

Original file line number	Diff line number	Diff line change
`@@ -492,7 +492,7 @@ async function createUser (req, res, next) {`
`492`	`492`	`}`
`493`	`493`
`494`	`494`	`const users = await userRepo.findUsersByOrgShortname(orgShortName, { session })`
`495`		`- if (users.toObject().length >= 100) {`
	`495`	`+ if (users.length >= 100) {`
`496`	`496`	`await session.abortTransaction()`
`497`	`497`	`return res.status(400).json(error.userLimitReached())`
`498`	`498`	`}`