From eb389969ac98d07322729d4378e47baba15a4510 Mon Sep 17 00:00:00 2001 From: suvidh Date: Wed, 25 Jun 2025 23:14:49 +0530 Subject: [PATCH 1/6] added integration tests for impersonation session feature --- .../integration/impersonationRequests.test.ts | 190 +++++++++++++++++- 1 file changed, 189 insertions(+), 1 deletion(-) diff --git a/test/integration/impersonationRequests.test.ts b/test/integration/impersonationRequests.test.ts index b00336f61..656934804 100644 --- a/test/integration/impersonationRequests.test.ts +++ b/test/integration/impersonationRequests.test.ts @@ -11,7 +11,7 @@ import addUser from "../utils/addUser"; import * as impersonationModel from "../../models/impersonationRequests"; import * as validationService from "../../services/impersonationRequests"; import { CreateImpersonationRequestBody, ImpersonationRequest } from "../../types/impersonationRequest"; -import { REQUEST_CREATED_SUCCESSFULLY, REQUEST_STATE } from "../../constants/requests"; +import { REQUEST_CREATED_SUCCESSFULLY, REQUEST_DOES_NOT_EXIST, REQUEST_STATE } from "../../constants/requests"; import { impersonationRequestsBodyData } from "../fixtures/impersonation-requests/impersonationRequests"; const { expect } = chai; @@ -264,4 +264,192 @@ describe("Impersonation Requests", () => { }); }); }); + + describe("PATCH /impersonation/:id", function () { + let tempAuthToken; + let impersonationRequest3; + + beforeEach(async () => { + tempAuthToken = authService.generateAuthToken({ userId: testUserId3 }); + + impersonationRequest3 = await impersonationModel.createImpersonationRequest({ + ...impersonationRequestsBodyData[0], + impersonatedUserId: testUserId4, + createdFor: userData[0].username, + userId: testSuperUserId, + status: "APPROVED", + isImpersonationFinished: true, + createdBy: userData[4].username + }); + }); + + it("should return 404 and 'Route not Found' message when dev is false", function (done) { + chai + .request(app) + .patch(`/${impersonationRequest1.id}?dev=false&action=START`) + .set("cookie", `${cookieName}=${authToken}`) + .end(function (err, res) { + if (err) return done(err); + try { + expect(res.statusCode).to.equal(404); + expect(res.body.message).to.equal("Not Found"); + done(); + } catch (e) { + done(e); + } + }); + }); + + it("should return 404 and 'Route not Found' message when dev is missing", function (done) { + chai + .request(app) + .patch(`/impersonation/${impersonationRequest1.id}`) + .set("cookie", `${cookieName}=${authToken}`) + .end(function (err, res) { + try { + expect(res.statusCode).to.equal(404); + expect(res.body.message).to.equal("Route not found"); + done(); + } catch (e) { + done(e); + } + }); + }); + + it("should return 400 BadRequest if the action is neither START/STOP", function (done) { + chai + .request(app) + .patch(`/impersonation/${impersonationRequest2.id}?dev=true&action=ACTIVE`) + .set("cookie", `${cookieName}=${superUserToken}`) + .end(function (err, res) { + try { + expect(res.statusCode).to.equal(400); + expect(res.body.message).to.equal("action must be START or STOP"); + done(); + } catch (e) { + done(e); + } + }); + }); + + it("should successfully start the impersonation when action is START", function (done) { + chai + .request(app) + .patch(`/impersonation/${impersonationRequest2.id}?dev=true&action=START`) + .set("cookie", `${cookieName}=${superUserToken}`) + .end(function (err, res) { + if (err) return done(err); + expect(res.statusCode).to.equal(200); + expect(res.body.message).to.equal("Impersonation session has started."); + expect(res.body.data.id).to.equal(impersonationRequest2.id); + done(); + }); + }); + + it("should successfully stop the impersonation when action is STOP", function (done) { + const impersonationToken = authService.generateImpersonationAuthToken({ + userId: testSuperUserId, + impersonatedUserId: testUserId3 + }); + + chai + .request(app) + .patch(`/impersonation/${impersonationRequest2.id}?dev=true&action=STOP`) + .set("cookie", `${cookieName}=${impersonationToken}`) + .end(function (err, res) { + if (err) return done(err); + try { + expect(res.statusCode).to.equal(200); + expect(res.body.message).to.equal("Impersonation session has been stopped."); + expect(res.body.data.id).to.equal(impersonationRequest2.id); + done(); + } catch (e) { + done(e); + } + }); + }); + + it("should return 403 if impersonation request is not approved", function (done) { + chai + .request(app) + .patch(`/impersonation/${impersonationRequest1.id}?dev=true&action=START`) + .set("cookie", `${cookieName}=${superUserToken}`) + .end(function (err, res) { + if (err) return done(err); + expect(res.statusCode).to.equal(403); + expect(res.body.message).to.equal("You are not allowed for this operation at the moment"); + done(); + }); + }); + + it("should return 403 if user trying to STOP is not the impersonated user", function (done) { + const fakeImpersonationToken = authService.generateImpersonationAuthToken({ + userId: testSuperUserId, + impersonatedUserId: testUserId5 + }); + + chai + .request(app) + .patch(`/impersonation/${impersonationRequest2.id}?dev=true&action=STOP`) + .set("cookie", `${cookieName}=${fakeImpersonationToken}`) + .end(function (err, res) { + expect(res.statusCode).to.equal(403); + expect(res.body.message).to.equal("You are not authorized for this action"); + done(); + }); + }); + + it("should return 404 if impersonation request does not exist", function (done) { + chai + .request(app) + .patch(`/impersonation/nonexistent-id?dev=true&action=START`) + .set("cookie", `${cookieName}=${superUserToken}`) + .end(function (err, res) { + expect(res.statusCode).to.equal(404); + expect(res.body.message).to.equal("Request does not exist"); + done(); + }); + }); + + it("should return 403 if trying to START an already finished impersonation session", function (done) { + chai + .request(app) + .patch(`/impersonation/${impersonationRequest3.id}?dev=true&action=START`) + .set("cookie", `${cookieName}=${superUserToken}`) + .end(function (err, res) { + if (err) return done(err); + try { + expect(res.statusCode).to.equal(403); + expect(res.body.message).to.equal("You are not allowed for this operation at the moment"); + done(); + } catch (e) { + done(e); + } + }); + }); + + it("should throw 404 NotFound if impersonation request does not exist at stopImpersonation Service", function (done) { + const impersonationToken = authService.generateImpersonationAuthToken({ + userId: testSuperUserId, + impersonatedUserId: testUserId3 + }); + const invalidRequestId = "non-existent-id"; + + chai + .request(app) + .patch(`/impersonation/${invalidRequestId}?dev=true&action=STOP`) + .set("cookie", `${cookieName}=${impersonationToken}`) + .end(function (err, res) { + if (err) return done(err); + try { + expect(res.statusCode).to.equal(404); + expect(res.body.message).to.equal(REQUEST_DOES_NOT_EXIST); + done(); + } catch (e) { + done(e); + } + }); + }); +}); + }); \ No newline at end of file From bbad3eab7d29e76d4dc3db3aefda19c6b8f5a2c2 Mon Sep 17 00:00:00 2001 From: suvidh Date: Wed, 25 Jun 2025 23:51:10 +0530 Subject: [PATCH 2/6] fixed linting and tests --- .../integration/impersonationRequests.test.ts | 323 ++++++++++-------- 1 file changed, 173 insertions(+), 150 deletions(-) diff --git a/test/integration/impersonationRequests.test.ts b/test/integration/impersonationRequests.test.ts index 656934804..e351f3c4c 100644 --- a/test/integration/impersonationRequests.test.ts +++ b/test/integration/impersonationRequests.test.ts @@ -265,117 +265,116 @@ describe("Impersonation Requests", () => { }); }); - describe("PATCH /impersonation/:id", function () { - let tempAuthToken; - let impersonationRequest3; - - beforeEach(async () => { - tempAuthToken = authService.generateAuthToken({ userId: testUserId3 }); + describe("PATCH /impersonation/:id", function(){ + let tempAuthToken; + let impersonationRequest3; + beforeEach(async ()=>{ + tempAuthToken = generateAuthToken({userId:testUserId3}); + impersonationRequest3 = await impersonationModel.createImpersonationRequest({ + ...impersonationRequestsBodyData[0], + impersonatedUserId: testUserId4, + createdFor: userData[0].username, + userId: testSuperUserId, + status:"APPROVED", + isImpersonationFinished:true, + createdBy: userData[4].username + }); + }) + + it("should return 404 and 'Route not Found' message when dev is false", function (done) { + chai + .request(app) + .patch(`/${impersonationRequest1.id}?dev=false&action=START`) + .set("cookie", `${cookieName}=${authToken}`) + .end(function (err, res) { + if (err) return done(err); + try { + expect(res.statusCode).to.equal(404); + expect(res.body.message).to.equal("Not Found"); + done(); + } catch (e) { + done(e); + } + }); + }); - impersonationRequest3 = await impersonationModel.createImpersonationRequest({ - ...impersonationRequestsBodyData[0], - impersonatedUserId: testUserId4, - createdFor: userData[0].username, - userId: testSuperUserId, - status: "APPROVED", - isImpersonationFinished: true, - createdBy: userData[4].username + it("should return 404 and 'Route not Found' message when dev is missing", function (done) { + chai + .request(app) + .patch(`/impersonation/${impersonationRequest1.id}`) + .set("cookie", `${cookieName}=${authToken}`) + .end(function (err, res) { + try { + expect(res.statusCode).to.equal(404); + expect(res.body.message).to.equal("Route not found"); + done(); + } catch (e) { + done(e); + } + }); }); - }); - it("should return 404 and 'Route not Found' message when dev is false", function (done) { - chai - .request(app) - .patch(`/${impersonationRequest1.id}?dev=false&action=START`) - .set("cookie", `${cookieName}=${authToken}`) - .end(function (err, res) { - if (err) return done(err); - try { - expect(res.statusCode).to.equal(404); - expect(res.body.message).to.equal("Not Found"); - done(); - } catch (e) { - done(e); - } - }); - }); + it("should return 400 BadRequest if the action is neither START/STOP", function(done) { + chai. + request(app) + .patch(`/impersonation/${impersonationRequest2.id}?dev=true&action=ACTIVE`) + .set("cookie", `${cookieName}=${superUserToken}`) + .end(function (err, res) { + try { + expect(res.statusCode).to.equal(400); + expect(res.body.message).to.equal("action must be START or STOP"); + done(); + } catch (e) { + done(e); + } + }); + }) - it("should return 404 and 'Route not Found' message when dev is missing", function (done) { - chai - .request(app) - .patch(`/impersonation/${impersonationRequest1.id}`) - .set("cookie", `${cookieName}=${authToken}`) - .end(function (err, res) { - try { - expect(res.statusCode).to.equal(404); - expect(res.body.message).to.equal("Route not found"); - done(); - } catch (e) { - done(e); - } - }); - }); + it("should successfully start the impersonation when action is START", function(done) { + chai. + request(app) + .patch(`/impersonation/${impersonationRequest2.id}?dev=true&action=START`) + .send(updateImpersonationRequestApproved) + .set("cookie", `${cookieName}=${superUserToken}`) + .end(function (err, res) { + if(err) return done(err); + expect(res.statusCode).to.equal(200); + expect(res.body.message).to.equal("Impersonation session has started."); + expect(res.body.data.id).to.equal(impersonationRequest2.id); + done(); + }); + }) - it("should return 400 BadRequest if the action is neither START/STOP", function (done) { - chai - .request(app) - .patch(`/impersonation/${impersonationRequest2.id}?dev=true&action=ACTIVE`) - .set("cookie", `${cookieName}=${superUserToken}`) - .end(function (err, res) { - try { - expect(res.statusCode).to.equal(400); - expect(res.body.message).to.equal("action must be START or STOP"); - done(); - } catch (e) { - done(e); - } - }); + it("should successfully stop the impersonation when action is STOP", function (done) { + const impersonationToken = authService.generateImpersonationAuthToken({ + userId: testSuperUserId, + impersonatedUserId: testUserId3, }); - it("should successfully start the impersonation when action is START", function (done) { - chai - .request(app) - .patch(`/impersonation/${impersonationRequest2.id}?dev=true&action=START`) - .set("cookie", `${cookieName}=${superUserToken}`) - .end(function (err, res) { - if (err) return done(err); + chai + .request(app) + .patch(`/impersonation/${impersonationRequest2.id}?dev=true&action=STOP`) + .set("cookie", `${cookieName}=${impersonationToken}`) + .end(function (err, res) { + if (err) return done(err); + try { expect(res.statusCode).to.equal(200); - expect(res.body.message).to.equal("Impersonation session has started."); + expect(res.body.message).to.equal("Impersonation session has been stopped."); expect(res.body.data.id).to.equal(impersonationRequest2.id); done(); - }); - }); - - it("should successfully stop the impersonation when action is STOP", function (done) { - const impersonationToken = authService.generateImpersonationAuthToken({ - userId: testSuperUserId, - impersonatedUserId: testUserId3 + } catch (e) { + done(e); + } }); +}); - chai - .request(app) - .patch(`/impersonation/${impersonationRequest2.id}?dev=true&action=STOP`) - .set("cookie", `${cookieName}=${impersonationToken}`) - .end(function (err, res) { - if (err) return done(err); - try { - expect(res.statusCode).to.equal(200); - expect(res.body.message).to.equal("Impersonation session has been stopped."); - expect(res.body.data.id).to.equal(impersonationRequest2.id); - done(); - } catch (e) { - done(e); - } - }); - }); - - it("should return 403 if impersonation request is not approved", function (done) { +it("should return 403 if impersonation request is not approved", function (done) { chai .request(app) .patch(`/impersonation/${impersonationRequest1.id}?dev=true&action=START`) .set("cookie", `${cookieName}=${superUserToken}`) .end(function (err, res) { - if (err) return done(err); + if(err) return done(err); expect(res.statusCode).to.equal(403); expect(res.body.message).to.equal("You are not allowed for this operation at the moment"); done(); @@ -383,73 +382,97 @@ describe("Impersonation Requests", () => { }); it("should return 403 if user trying to STOP is not the impersonated user", function (done) { - const fakeImpersonationToken = authService.generateImpersonationAuthToken({ - userId: testSuperUserId, - impersonatedUserId: testUserId5 + const fakeImpersonationToken = authService.generateImpersonationAuthToken({ + userId: testSuperUserId, + impersonatedUserId: testUserId5, // wrong impersonated user + }); + + chai + .request(app) + .patch(`/impersonation/${impersonationRequest2.id}?dev=true&action=STOP`) + .set("cookie", `${cookieName}=${fakeImpersonationToken}`) + .end(function (err, res) { + expect(res.statusCode).to.equal(403); + expect(res.body.message).to.equal("You are not authorized for this action"); + done(); }); +}); - chai - .request(app) - .patch(`/impersonation/${impersonationRequest2.id}?dev=true&action=STOP`) - .set("cookie", `${cookieName}=${fakeImpersonationToken}`) - .end(function (err, res) { +it("should return 403 if action is STOP but user is not impersonating", function (done) { + const normalToken = authService.generateAuthToken({ + userId: testSuperUserId + }); + + chai + .request(app) + .patch(`/impersonation/${impersonationRequest2.id}?dev=true&action=STOP`) + .set("cookie", `${cookieName}=${normalToken}`) + .end(function (err, res) { + if (err) return done(err); + try { expect(res.statusCode).to.equal(403); - expect(res.body.message).to.equal("You are not authorized for this action"); + expect(res.body.message).to.equal("Invalid impersonation session"); done(); - }); - }); + } catch (e) { + done(e); + } + }); +}); - it("should return 404 if impersonation request does not exist", function (done) { - chai - .request(app) - .patch(`/impersonation/nonexistent-id?dev=true&action=START`) - .set("cookie", `${cookieName}=${superUserToken}`) - .end(function (err, res) { - expect(res.statusCode).to.equal(404); - expect(res.body.message).to.equal("Request does not exist"); + +it("should return 404 if impersonation request does not exist", function (done) { + chai + .request(app) + .patch(`/impersonation/nonexistent-id?dev=true&action=START`) + .set("cookie", `${cookieName}=${superUserToken}`) + .end(function (err, res) { + expect(res.statusCode).to.equal(404); + expect(res.body.message).to.equal("Request does not exist"); + done(); + }); +}); + +it("should return 403 if trying to START an already finished impersonation session", function (done) { + chai + .request(app) + .patch(`/impersonation/${impersonationRequest3.id}?dev=true&action=START`) + .set("cookie", `${cookieName}=${superUserToken}`) + .end(function (err, res) { + if (err) return done(err); + try { + expect(res.statusCode).to.equal(403); + expect(res.body.message).to.equal("You are not allowed for this operation at the moment"); done(); - }); - }); + } catch (e) { + done(e); + } + }); +}); - it("should return 403 if trying to START an already finished impersonation session", function (done) { - chai - .request(app) - .patch(`/impersonation/${impersonationRequest3.id}?dev=true&action=START`) - .set("cookie", `${cookieName}=${superUserToken}`) - .end(function (err, res) { - if (err) return done(err); - try { - expect(res.statusCode).to.equal(403); - expect(res.body.message).to.equal("You are not allowed for this operation at the moment"); - done(); - } catch (e) { - done(e); - } - }); - }); - it("should throw 404 NotFound if impersonation request does not exist at stopImpersonation Service", function (done) { +it("should throw 404 NotFound if impersonation request does not exist at stopImpersonation Service", function (done) { const impersonationToken = authService.generateImpersonationAuthToken({ - userId: testSuperUserId, - impersonatedUserId: testUserId3 + userId: testSuperUserId, + impersonatedUserId: testUserId3, + }); + const invalidRequestId = "non-existent-id"; + + chai + .request(app) + .patch(`/impersonation/${invalidRequestId}?dev=true&action=STOP`) + .set("cookie", `${cookieName}=${impersonationToken}`) + .end(function (err, res) { + if (err) return done(err); + try { + expect(res.statusCode).to.equal(404); + expect(res.body.message).to.equal(REQUEST_DOES_NOT_EXIST); + done(); + } catch (e) { + done(e); + } }); - const invalidRequestId = "non-existent-id"; +}); - chai - .request(app) - .patch(`/impersonation/${invalidRequestId}?dev=true&action=STOP`) - .set("cookie", `${cookieName}=${impersonationToken}`) - .end(function (err, res) { - if (err) return done(err); - try { - expect(res.statusCode).to.equal(404); - expect(res.body.message).to.equal(REQUEST_DOES_NOT_EXIST); - done(); - } catch (e) { - done(e); - } - }); - }); }); }); \ No newline at end of file From 993252c31930d4f99d0d5fd5470f255ce9252fd3 Mon Sep 17 00:00:00 2001 From: suvidh Date: Fri, 27 Jun 2025 20:06:34 +0530 Subject: [PATCH 3/6] fixed missing variable and identation --- .../integration/impersonationRequests.test.ts | 348 +++++++++--------- 1 file changed, 173 insertions(+), 175 deletions(-) diff --git a/test/integration/impersonationRequests.test.ts b/test/integration/impersonationRequests.test.ts index 03e675d30..507d18c57 100644 --- a/test/integration/impersonationRequests.test.ts +++ b/test/integration/impersonationRequests.test.ts @@ -30,6 +30,7 @@ let testUserId5: string; let testSuperUserId: string; let impersonationRequestBody: CreateImpersonationRequestBody; let impersonationRequest1: ImpersonationRequest; +let impersonationRequest2: ImpersonationRequest; describe("Impersonation Requests", () => { requestsEndpoint = "/impersonation/requests?dev=true"; @@ -580,215 +581,212 @@ describe("Impersonation Requests", () => { }); }) + describe("PATCH /impersonation/:id", function () { + let tempAuthToken; + let impersonationRequest3; - describe("PATCH /impersonation/:id", function(){ - let tempAuthToken; - let impersonationRequest3; - beforeEach(async ()=>{ - tempAuthToken = generateAuthToken({userId:testUserId3}); - impersonationRequest3 = await impersonationModel.createImpersonationRequest({ - ...impersonationRequestsBodyData[0], - impersonatedUserId: testUserId4, - createdFor: userData[0].username, - userId: testSuperUserId, - status:"APPROVED", - isImpersonationFinished:true, - createdBy: userData[4].username - }); - }) - - it("should return 404 and 'Route not Found' message when dev is false", function (done) { - chai - .request(app) - .patch(`/${impersonationRequest1.id}?dev=false&action=START`) - .set("cookie", `${cookieName}=${authToken}`) - .end(function (err, res) { - if (err) return done(err); - try { - expect(res.statusCode).to.equal(404); - expect(res.body.message).to.equal("Not Found"); - done(); - } catch (e) { - done(e); - } - }); - }); + beforeEach(async () => { + tempAuthToken = authService.generateAuthToken({ userId: testUserId3 }); - it("should return 404 and 'Route not Found' message when dev is missing", function (done) { - chai - .request(app) - .patch(`/impersonation/${impersonationRequest1.id}`) - .set("cookie", `${cookieName}=${authToken}`) - .end(function (err, res) { - try { - expect(res.statusCode).to.equal(404); - expect(res.body.message).to.equal("Route not found"); - done(); - } catch (e) { - done(e); - } - }); + impersonationRequest3 = await impersonationModel.createImpersonationRequest({ + ...impersonationRequestsBodyData[0], + impersonatedUserId: testUserId4, + createdFor: userData[0].username, + userId: testSuperUserId, + status: "APPROVED", + isImpersonationFinished: true, + createdBy: userData[4].username, }); + }); - it("should return 400 BadRequest if the action is neither START/STOP", function(done) { - chai. - request(app) - .patch(`/impersonation/${impersonationRequest2.id}?dev=true&action=ACTIVE`) - .set("cookie", `${cookieName}=${superUserToken}`) - .end(function (err, res) { - try { - expect(res.statusCode).to.equal(400); - expect(res.body.message).to.equal("action must be START or STOP"); - done(); - } catch (e) { - done(e); - } - }); - }) + it("should return 404 and 'Route not Found' message when dev is false", function (done) { + chai + .request(app) + .patch(`/impersonation/${impersonationRequest1.id}?dev=false&action=START`) + .set("cookie", `${cookieName}=${authToken}`) + .end(function (err, res) { + if (err) return done(err); + try { + expect(res.statusCode).to.equal(404); + expect(res.body.message).to.equal("Not Found"); + done(); + } catch (e) { + done(e); + } + }); + }); - it("should successfully start the impersonation when action is START", function(done) { - chai. - request(app) - .patch(`/impersonation/${impersonationRequest2.id}?dev=true&action=START`) - .send(updateImpersonationRequestApproved) - .set("cookie", `${cookieName}=${superUserToken}`) - .end(function (err, res) { - if(err) return done(err); - expect(res.statusCode).to.equal(200); - expect(res.body.message).to.equal("Impersonation session has started."); - expect(res.body.data.id).to.equal(impersonationRequest2.id); - done(); - }); - }) + it("should return 404 and 'Route not Found' message when dev is missing", function (done) { + chai + .request(app) + .patch(`/impersonation/${impersonationRequest1.id}`) + .set("cookie", `${cookieName}=${authToken}`) + .end(function (err, res) { + try { + expect(res.statusCode).to.equal(404); + expect(res.body.message).to.equal("Route not found"); + done(); + } catch (e) { + done(e); + } + }); + }); - it("should successfully stop the impersonation when action is STOP", function (done) { - const impersonationToken = authService.generateImpersonationAuthToken({ - userId: testSuperUserId, - impersonatedUserId: testUserId3, - }); + it("should return 400 BadRequest if the action is neither START/STOP", function (done) { + chai + .request(app) + .patch(`/impersonation/${impersonationRequest2.id}?dev=true&action=ACTIVE`) + .set("cookie", `${cookieName}=${superUserToken}`) + .end(function (err, res) { + try { + expect(res.statusCode).to.equal(400); + expect(res.body.message).to.equal("action must be START or STOP"); + done(); + } catch (e) { + done(e); + } + }); + }); - chai - .request(app) - .patch(`/impersonation/${impersonationRequest2.id}?dev=true&action=STOP`) - .set("cookie", `${cookieName}=${impersonationToken}`) - .end(function (err, res) { - if (err) return done(err); - try { + it("should successfully start the impersonation when action is START", function (done) { + chai + .request(app) + .patch(`/impersonation/${impersonationRequest2.id}?dev=true&action=START`) + .send({ status: "APPROVED" }) + .set("cookie", `${cookieName}=${superUserToken}`) + .end(function (err, res) { + if (err) return done(err); expect(res.statusCode).to.equal(200); - expect(res.body.message).to.equal("Impersonation session has been stopped."); + expect(res.body.message).to.equal("Impersonation session has started."); expect(res.body.data.id).to.equal(impersonationRequest2.id); done(); - } catch (e) { - done(e); - } + }); }); -}); -it("should return 403 if impersonation request is not approved", function (done) { + it("should successfully stop the impersonation when action is STOP", function (done) { + const impersonationToken = authService.generateImpersonationAuthToken({ + userId: testSuperUserId, + impersonatedUserId: testUserId3, + }); + + chai + .request(app) + .patch(`/impersonation/${impersonationRequest2.id}?dev=true&action=STOP`) + .set("cookie", `${cookieName}=${impersonationToken}`) + .end(function (err, res) { + if (err) return done(err); + try { + expect(res.statusCode).to.equal(200); + expect(res.body.message).to.equal("Impersonation session has been stopped."); + expect(res.body.data.id).to.equal(impersonationRequest2.id); + done(); + } catch (e) { + done(e); + } + }); + }); + + it("should return 403 if impersonation request is not approved", function (done) { chai .request(app) .patch(`/impersonation/${impersonationRequest1.id}?dev=true&action=START`) .set("cookie", `${cookieName}=${superUserToken}`) .end(function (err, res) { - if(err) return done(err); + if (err) return done(err); expect(res.statusCode).to.equal(403); expect(res.body.message).to.equal("You are not allowed for this operation at the moment"); done(); }); - }); - - it("should return 403 if user trying to STOP is not the impersonated user", function (done) { - const fakeImpersonationToken = authService.generateImpersonationAuthToken({ - userId: testSuperUserId, - impersonatedUserId: testUserId5, // wrong impersonated user - }); + }); - chai - .request(app) - .patch(`/impersonation/${impersonationRequest2.id}?dev=true&action=STOP`) - .set("cookie", `${cookieName}=${fakeImpersonationToken}`) - .end(function (err, res) { - expect(res.statusCode).to.equal(403); - expect(res.body.message).to.equal("You are not authorized for this action"); - done(); + it("should return 403 if user trying to STOP is not the impersonated user", function (done) { + const fakeImpersonationToken = authService.generateImpersonationAuthToken({ + userId: testSuperUserId, + impersonatedUserId: testUserId5, // wrong impersonated user }); -}); - -it("should return 403 if action is STOP but user is not impersonating", function (done) { - const normalToken = authService.generateAuthToken({ - userId: testSuperUserId - }); - chai - .request(app) - .patch(`/impersonation/${impersonationRequest2.id}?dev=true&action=STOP`) - .set("cookie", `${cookieName}=${normalToken}`) - .end(function (err, res) { - if (err) return done(err); - try { + chai + .request(app) + .patch(`/impersonation/${impersonationRequest2.id}?dev=true&action=STOP`) + .set("cookie", `${cookieName}=${fakeImpersonationToken}`) + .end(function (err, res) { expect(res.statusCode).to.equal(403); - expect(res.body.message).to.equal("Invalid impersonation session"); + expect(res.body.message).to.equal("You are not authorized for this action"); done(); - } catch (e) { - done(e); - } - }); -}); - + }); + }); -it("should return 404 if impersonation request does not exist", function (done) { - chai - .request(app) - .patch(`/impersonation/nonexistent-id?dev=true&action=START`) - .set("cookie", `${cookieName}=${superUserToken}`) - .end(function (err, res) { - expect(res.statusCode).to.equal(404); - expect(res.body.message).to.equal("Request does not exist"); - done(); + it("should return 403 if action is STOP but user is not impersonating", function (done) { + const normalToken = authService.generateAuthToken({ + userId: testSuperUserId, }); -}); -it("should return 403 if trying to START an already finished impersonation session", function (done) { - chai - .request(app) - .patch(`/impersonation/${impersonationRequest3.id}?dev=true&action=START`) - .set("cookie", `${cookieName}=${superUserToken}`) - .end(function (err, res) { - if (err) return done(err); - try { - expect(res.statusCode).to.equal(403); - expect(res.body.message).to.equal("You are not allowed for this operation at the moment"); + chai + .request(app) + .patch(`/impersonation/${impersonationRequest2.id}?dev=true&action=STOP`) + .set("cookie", `${cookieName}=${normalToken}`) + .end(function (err, res) { + if (err) return done(err); + try { + expect(res.statusCode).to.equal(403); + expect(res.body.message).to.equal("Invalid impersonation session"); + done(); + } catch (e) { + done(e); + } + }); + }); + + it("should return 404 if impersonation request does not exist", function (done) { + chai + .request(app) + .patch(`/impersonation/nonexistent-id?dev=true&action=START`) + .set("cookie", `${cookieName}=${superUserToken}`) + .end(function (err, res) { + expect(res.statusCode).to.equal(404); + expect(res.body.message).to.equal("Request does not exist"); done(); - } catch (e) { - done(e); - } - }); -}); + }); + }); + it("should return 403 if trying to START an already finished impersonation session", function (done) { + chai + .request(app) + .patch(`/impersonation/${impersonationRequest3.id}?dev=true&action=START`) + .set("cookie", `${cookieName}=${superUserToken}`) + .end(function (err, res) { + if (err) return done(err); + try { + expect(res.statusCode).to.equal(403); + expect(res.body.message).to.equal("You are not allowed for this operation at the moment"); + done(); + } catch (e) { + done(e); + } + }); + }); -it("should throw 404 NotFound if impersonation request does not exist at stopImpersonation Service", function (done) { + it("should throw 404 NotFound if impersonation request does not exist at stopImpersonation Service", function (done) { const impersonationToken = authService.generateImpersonationAuthToken({ - userId: testSuperUserId, - impersonatedUserId: testUserId3, - }); - const invalidRequestId = "non-existent-id"; - - chai - .request(app) - .patch(`/impersonation/${invalidRequestId}?dev=true&action=STOP`) - .set("cookie", `${cookieName}=${impersonationToken}`) - .end(function (err, res) { - if (err) return done(err); - try { - expect(res.statusCode).to.equal(404); - expect(res.body.message).to.equal(REQUEST_DOES_NOT_EXIST); - done(); - } catch (e) { - done(e); - } + userId: testSuperUserId, + impersonatedUserId: testUserId3, }); -}); + const invalidRequestId = "non-existent-id"; + chai + .request(app) + .patch(`/impersonation/${invalidRequestId}?dev=true&action=STOP`) + .set("cookie", `${cookieName}=${impersonationToken}`) + .end(function (err, res) { + if (err) return done(err); + try { + expect(res.statusCode).to.equal(404); + expect(res.body.message).to.equal(REQUEST_DOES_NOT_EXIST); + done(); + } catch (e) { + done(e); + } + }); + }); }); - }); \ No newline at end of file From c61a6e3f877c3181fe3e6301ee13abbda2477378 Mon Sep 17 00:00:00 2001 From: suvidh Date: Sun, 29 Jun 2025 12:28:38 +0530 Subject: [PATCH 4/6] fixed tests --- .../integration/impersonationRequests.test.ts | 100 ++++++++++-------- 1 file changed, 55 insertions(+), 45 deletions(-) diff --git a/test/integration/impersonationRequests.test.ts b/test/integration/impersonationRequests.test.ts index 71b71dd65..4849947c0 100644 --- a/test/integration/impersonationRequests.test.ts +++ b/test/integration/impersonationRequests.test.ts @@ -39,8 +39,8 @@ let testUserId4: string; let testUserId5: string; let testSuperUserId: string; let impersonationRequestBody: CreateImpersonationRequestBody; -let impersonationRequest1: ImpersonationRequest; -let impersonationRequest2: ImpersonationRequest; +let unapprovedImpersonationRequest: ImpersonationRequest; +let approvedImpersonationRequest: ImpersonationRequest; describe("Impersonation Requests", () => { requestsEndpoint = "/impersonation/requests?dev=true"; @@ -68,7 +68,7 @@ describe("Impersonation Requests", () => { reason: "User assistance required for account debugging." }; - impersonationRequest1 = await impersonationModel.createImpersonationRequest({ + unapprovedImpersonationRequest = await impersonationModel.createImpersonationRequest({ ...impersonationRequestsBodyData[0], impersonatedUserId: testUserId2, createdFor: userData[19].username, @@ -76,7 +76,7 @@ describe("Impersonation Requests", () => { createdBy: userData[4].username }); - impersonationRequest2 = await impersonationModel.createImpersonationRequest({ + approvedImpersonationRequest = await impersonationModel.createImpersonationRequest({ ...impersonationRequestsBodyData[0], impersonatedUserId: testUserId3, createdFor: userData[12].username, @@ -553,13 +553,13 @@ describe("Impersonation Requests", () => { it("should return request by specific ID", function (done) { chai .request(app) - .get(`/impersonation/requests/${impersonationRequest1.id}?dev=true`) + .get(`/impersonation/requests/${unapprovedImpersonationRequest.id}?dev=true`) .set("cookie", `${cookieName}=${authToken}`) .end(function (err, res) { if (err) return done(err); expect(res).to.have.status(200); expect(res.body.data).to.be.an("object"); - expect(res.body.data.id).to.equal(impersonationRequest1.id); + expect(res.body.data.id).to.equal(unapprovedImpersonationRequest.id); done(); }); }); @@ -596,14 +596,14 @@ describe("Impersonation Requests", () => { let impersonationRequest3; beforeEach(async () => { - impersonationRequest1 = await impersonationModel.createImpersonationRequest({ + approvedImpersonationRequest = await impersonationModel.createImpersonationRequest({ ...impersonationRequestsBodyData[0], impersonatedUserId: testUserId1, createdBy: userData[16].username, status: REQUEST_STATE.APPROVED }); - impersonationRequest2 = await impersonationModel.createImpersonationRequest({ + unapprovedImpersonationRequest = await impersonationModel.createImpersonationRequest({ ...impersonationRequestsBodyData[1], impersonatedUserId: testUserId3, createdFor: userData[12].username @@ -624,7 +624,7 @@ describe("Impersonation Requests", () => { it("should return 404 and 'Route not found' message when dev is false", function (done) { chai .request(app) - .patch(`/impersonation/requests/${impersonationRequest1.id}?dev=false`) + .patch(`/impersonation/requests/${unapprovedImpersonationRequest.id}?dev=false`) .send({status:"APPROVED"}) .set("cookie", `${cookieName}=${authToken}`) .end(function (err, res) { @@ -642,7 +642,7 @@ describe("Impersonation Requests", () => { it("should return 404 and 'Route not found' message when dev is missing", function (done) { chai .request(app) - .patch(`/impersonation/requests/${impersonationRequest1.id}`) + .patch(`/impersonation/requests/${unapprovedImpersonationRequest.id}`) .send({status:"APPROVED"}) .set("cookie", `${cookieName}=${authToken}`) .end(function (err, res) { @@ -661,15 +661,15 @@ describe("Impersonation Requests", () => { const tempAuthToken = authService.generateAuthToken({ userId: testUserId3 }); chai .request(app) - .patch(`/impersonation/requests/${impersonationRequest2.id}?dev=true`) + .patch(`/impersonation/requests/${approvedImpersonationRequest.id}?dev=true`) .send({status:"APPROVED"}) .set("cookie", `${cookieName}=${tempAuthToken}`) .end(function (err, res) { if (err) return done(err); expect(res.statusCode).to.equal(200); expect(res.body.message).to.equal(REQUEST_APPROVED_SUCCESSFULLY); - expect(res.body.data.id).to.equal(impersonationRequest2.id); - expect(res.body.data.lastModifiedBy).to.equal(impersonationRequest2.impersonatedUserId); + expect(res.body.data.id).to.equal(approvedImpersonationRequest.id); + expect(res.body.data.lastModifiedBy).to.equal(approvedImpersonationRequest.impersonatedUserId); done(); }); }); @@ -694,7 +694,7 @@ describe("Impersonation Requests", () => { it("should return 401 if user is not logged in", function (done) { chai .request(app) - .patch(`/impersonation/requests/${impersonationRequest2.id}?dev=true`) + .patch(`/impersonation/requests/${unapprovedImpersonationRequest.id}?dev=true`) .send({status:"APPROVED"}) .end(function (err, res) { if (err) return done(err); @@ -729,7 +729,7 @@ describe("Impersonation Requests", () => { const tempAuthToken = authService.generateAuthToken({ userId: testUserId1 }); chai .request(app) - .patch(`/impersonation/requests/${impersonationRequest1.id}?dev=true`) + .patch(`/impersonation/requests/${approvedImpersonationRequest.id}?dev=true`) .set("cookie", `${cookieName}=${tempAuthToken}`) .send({status:"APPROVED"}) .end(function (err, res) { @@ -774,7 +774,7 @@ describe("Impersonation Requests", () => { it("should return 400 if status is not provided", function (done) { chai .request(app) - .patch(`/impersonation/requests/${impersonationRequest1.id}?dev=true`) + .patch(`/impersonation/requests/${unapprovedImpersonationRequest.id}?dev=true`) .set("cookie", `${cookieName}=${authToken}`) .send({ status: "" }) .end(function (err, res) { @@ -789,7 +789,7 @@ describe("Impersonation Requests", () => { it("should return 400 if status is not APPROVED/REJECTED", function (done) { chai .request(app) - .patch(`/impersonation/requests/${impersonationRequest1.id}?dev=true`) + .patch(`/impersonation/requests/${unapprovedImpersonationRequest.id}?dev=true`) .set("cookie", `${cookieName}=${authToken}`) .send({ status: "ACTIVE" }) .end(function (err, res) { @@ -839,7 +839,7 @@ describe("Impersonation Requests", () => { it("should return 404 and 'Route not Found' message when dev is false", function (done) { chai .request(app) - .patch(`/impersonation/${impersonationRequest1.id}?dev=false&action=START`) + .patch(`/impersonation/${unapprovedImpersonationRequest.id}?dev=false&action=START`) .set("cookie", `${cookieName}=${authToken}`) .end(function (err, res) { if (err) return done(err); @@ -856,7 +856,7 @@ describe("Impersonation Requests", () => { it("should return 404 and 'Route not Found' message when dev is missing", function (done) { chai .request(app) - .patch(`/impersonation/${impersonationRequest1.id}`) + .patch(`/impersonation/${unapprovedImpersonationRequest.id}`) .set("cookie", `${cookieName}=${authToken}`) .end(function (err, res) { try { @@ -869,10 +869,10 @@ describe("Impersonation Requests", () => { }); }); - it("should return 400 BadRequest if the action is neither START/STOP", function (done) { + it("should return 400 when action type is invalid (other than START, STOP)", function (done) { chai .request(app) - .patch(`/impersonation/${impersonationRequest2.id}?dev=true&action=ACTIVE`) + .patch(`/impersonation/${unapprovedImpersonationRequest.id}?dev=true&action=ACTIVE`) .set("cookie", `${cookieName}=${superUserToken}`) .end(function (err, res) { try { @@ -885,20 +885,34 @@ describe("Impersonation Requests", () => { }); }); - it("should successfully start the impersonation when action is START", function (done) { - chai - .request(app) - .patch(`/impersonation/${impersonationRequest2.id}?dev=true&action=START`) - .send({ status: "APPROVED" }) - .set("cookie", `${cookieName}=${superUserToken}`) - .end(function (err, res) { - if (err) return done(err); - expect(res.statusCode).to.equal(200); - expect(res.body.message).to.equal("Impersonation session has started."); - expect(res.body.data.id).to.equal(impersonationRequest2.id); - done(); - }); + it("should successfully start the impersonation when action is START", function (done) { + chai + .request(app) + .patch(`/impersonation/${approvedImpersonationRequest.id}?dev=true&action=START`) + .send({ status: "APPROVED" }) + .set("cookie", `${cookieName}=${superUserToken}`) + .end(function (err, res) { + if (err) return done(err); + + expect(res.statusCode).to.equal(200); + expect(res.body.message).to.equal("Impersonation session has started."); + expect(res.body.data.id).to.equal(approvedImpersonationRequest.id); + + const setCookieHeader = res.header["set-cookie"]; + expect(setCookieHeader).to.be.an("array"); + const tokenCookie = setCookieHeader.find((cookieStr) => + cookieStr.startsWith(`${cookieName}=`) + ); + expect(tokenCookie).to.exist; + + const tokenValue = tokenCookie.split(";")[0].split("=")[1]; + const decoded = authService.decodeAuthToken(tokenValue); + expect(decoded.userId).to.equal(approvedImpersonationRequest.impersonatedUserId); + + done(); }); +}); + it("should successfully stop the impersonation when action is STOP", function (done) { const impersonationToken = authService.generateImpersonationAuthToken({ @@ -908,25 +922,21 @@ describe("Impersonation Requests", () => { chai .request(app) - .patch(`/impersonation/${impersonationRequest2.id}?dev=true&action=STOP`) + .patch(`/impersonation/${approvedImpersonationRequest.id}?dev=true&action=STOP`) .set("cookie", `${cookieName}=${impersonationToken}`) .end(function (err, res) { if (err) return done(err); - try { expect(res.statusCode).to.equal(200); expect(res.body.message).to.equal("Impersonation session has been stopped."); - expect(res.body.data.id).to.equal(impersonationRequest2.id); + expect(res.body.data.id).to.equal(approvedImpersonationRequest.id); done(); - } catch (e) { - done(e); - } }); }); it("should return 403 if impersonation request is not approved", function (done) { chai .request(app) - .patch(`/impersonation/${impersonationRequest1.id}?dev=true&action=START`) + .patch(`/impersonation/${unapprovedImpersonationRequest.id}?dev=true&action=START`) .set("cookie", `${cookieName}=${superUserToken}`) .end(function (err, res) { if (err) return done(err); @@ -936,7 +946,7 @@ describe("Impersonation Requests", () => { }); }); - it("should return 403 if user trying to STOP is not the impersonated user", function (done) { + it("should return 403 if a user other than the impersonated user tries to STOP the session", function (done) { const fakeImpersonationToken = authService.generateImpersonationAuthToken({ userId: testSuperUserId, impersonatedUserId: testUserId5, // wrong impersonated user @@ -944,7 +954,7 @@ describe("Impersonation Requests", () => { chai .request(app) - .patch(`/impersonation/${impersonationRequest2.id}?dev=true&action=STOP`) + .patch(`/impersonation/${approvedImpersonationRequest.id}?dev=true&action=STOP`) .set("cookie", `${cookieName}=${fakeImpersonationToken}`) .end(function (err, res) { expect(res.statusCode).to.equal(403); @@ -953,14 +963,14 @@ describe("Impersonation Requests", () => { }); }); - it("should return 403 if action is STOP but user is not impersonating", function (done) { + it("should return 403 if a user who is not currently impersonating attempts to stop an impersonation session", function (done) { const normalToken = authService.generateAuthToken({ userId: testSuperUserId, }); chai .request(app) - .patch(`/impersonation/${impersonationRequest2.id}?dev=true&action=STOP`) + .patch(`/impersonation/${approvedImpersonationRequest.id}?dev=true&action=STOP`) .set("cookie", `${cookieName}=${normalToken}`) .end(function (err, res) { if (err) return done(err); From b000bdd70a1b22c663495f6a58d9e24f3a470ccd Mon Sep 17 00:00:00 2001 From: suvidh Date: Sun, 29 Jun 2025 16:01:11 +0530 Subject: [PATCH 5/6] fixed request names --- .../integration/impersonationRequests.test.ts | 311 +++++++++--------- 1 file changed, 164 insertions(+), 147 deletions(-) diff --git a/test/integration/impersonationRequests.test.ts b/test/integration/impersonationRequests.test.ts index 4849947c0..88731dfa1 100644 --- a/test/integration/impersonationRequests.test.ts +++ b/test/integration/impersonationRequests.test.ts @@ -19,7 +19,8 @@ import { REQUEST_DOES_NOT_EXIST, REQUEST_REJECTED_SUCCESSFULLY, REQUEST_STATE, - UNAUTHORIZED_TO_UPDATE_REQUEST + UNAUTHORIZED_TO_UPDATE_REQUEST, + OPERATION_NOT_ALLOWED } from "../../constants/requests"; import { impersonationRequestsBodyData } from "../fixtures/impersonation-requests/impersonationRequests"; @@ -38,9 +39,12 @@ let testUserId3: string; let testUserId4: string; let testUserId5: string; let testSuperUserId: string; +let tempAuthToken: string; let impersonationRequestBody: CreateImpersonationRequestBody; let unapprovedImpersonationRequest: ImpersonationRequest; +let unapprovedImpersonationRequest2: ImpersonationRequest; let approvedImpersonationRequest: ImpersonationRequest; +let finishedImpersonationRequest: ImpersonationRequest; describe("Impersonation Requests", () => { requestsEndpoint = "/impersonation/requests?dev=true"; @@ -238,7 +242,7 @@ describe("Impersonation Requests", () => { if (err) return done(err); expect(res).to.have.status(403); expect(res.body.error).to.equal("Forbidden"); - expect(res.body.message).to.equal("You are not allowed for this Operation at the moment"); + expect(res.body.message).to.equal(OPERATION_NOT_ALLOWED); done(); }); }); @@ -253,7 +257,7 @@ describe("Impersonation Requests", () => { if (err) return done(err); expect(res).to.have.status(403); expect(res.body.error).to.equal("Forbidden"); - expect(res.body.message).to.equal("You are not allowed for this Operation at the moment"); + expect(res.body.message).to.equal(OPERATION_NOT_ALLOWED); done(); }); }); @@ -593,7 +597,6 @@ describe("Impersonation Requests", () => { describe("PATCH /impersonation/requests/:id", function () { let rejectedRequest; - let impersonationRequest3; beforeEach(async () => { approvedImpersonationRequest = await impersonationModel.createImpersonationRequest({ @@ -609,7 +612,7 @@ describe("Impersonation Requests", () => { createdFor: userData[12].username }); - impersonationRequest3 = await impersonationModel.createImpersonationRequest({ + unapprovedImpersonationRequest2 = await impersonationModel.createImpersonationRequest({ ...impersonationRequestsBodyData[2], impersonatedUserId: testUserId4 }); @@ -661,15 +664,15 @@ describe("Impersonation Requests", () => { const tempAuthToken = authService.generateAuthToken({ userId: testUserId3 }); chai .request(app) - .patch(`/impersonation/requests/${approvedImpersonationRequest.id}?dev=true`) + .patch(`/impersonation/requests/${unapprovedImpersonationRequest.id}?dev=true`) .send({status:"APPROVED"}) .set("cookie", `${cookieName}=${tempAuthToken}`) .end(function (err, res) { if (err) return done(err); expect(res.statusCode).to.equal(200); expect(res.body.message).to.equal(REQUEST_APPROVED_SUCCESSFULLY); - expect(res.body.data.id).to.equal(approvedImpersonationRequest.id); - expect(res.body.data.lastModifiedBy).to.equal(approvedImpersonationRequest.impersonatedUserId); + expect(res.body.data.id).to.equal(unapprovedImpersonationRequest.id); + expect(res.body.data.lastModifiedBy).to.equal(unapprovedImpersonationRequest.impersonatedUserId); done(); }); }); @@ -678,15 +681,16 @@ describe("Impersonation Requests", () => { const tempAuthToken = authService.generateAuthToken({ userId: testUserId4 }); chai .request(app) - .patch(`/impersonation/requests/${impersonationRequest3.id}?dev=true`) + .patch(`/impersonation/requests/${unapprovedImpersonationRequest2.id}?dev=true`) .send({status:"REJECTED"}) .set("cookie", `${cookieName}=${tempAuthToken}`) .end(function (err, res) { if (err) return done(err); + console.log(res.body); expect(res.statusCode).to.equal(200); expect(res.body.message).to.equal(REQUEST_REJECTED_SUCCESSFULLY); - expect(res.body.data.id).to.equal(impersonationRequest3.id); - expect(res.body.data.lastModifiedBy).to.equal(impersonationRequest3.impersonatedUserId); + expect(res.body.data.id).to.equal(unapprovedImpersonationRequest2.id); + expect(res.body.data.lastModifiedBy).to.equal(unapprovedImpersonationRequest2.impersonatedUserId); done(); }); }); @@ -700,6 +704,7 @@ describe("Impersonation Requests", () => { if (err) return done(err); try { expect(res).to.have.status(401); + console.log(res.body); expect(res.body.error).to.equal("Unauthorized"); expect(res.body.message).to.equal("Unauthenticated User"); done(); @@ -717,6 +722,8 @@ describe("Impersonation Requests", () => { .set("cookie", `${cookieName}=${authToken}`) .end(function (err, res) { if (err) return done(err); + console.log(res.body); + expect(res).to.have.status(404); expect(res.body.error).to.equal("Not Found"); expect(res.body.message).to.equal(REQUEST_DOES_NOT_EXIST); @@ -734,6 +741,8 @@ describe("Impersonation Requests", () => { .send({status:"APPROVED"}) .end(function (err, res) { if (err) return done(err); + console.log(res.body); + expect(res).to.have.status(403); expect(res.body.error).to.equal("Forbidden"); expect(res.body.message).to.equal("You are not allowed for this Operation at the moment"); @@ -759,7 +768,7 @@ describe("Impersonation Requests", () => { it("should throw 403 Forbidden if unauthorized user tries to update the request", function (done) { chai .request(app) - .patch(`/impersonation/requests/${impersonationRequest3.id}?dev=true`) + .patch(`/impersonation/requests/${unapprovedImpersonationRequest2.id}?dev=true`) .send({ status: "APPROVED" }) .set("cookie", `${cookieName}=${authToken}`) .end(function (err, res) { @@ -806,7 +815,7 @@ describe("Impersonation Requests", () => { sinon.stub(impersonationModel, "updateImpersonationRequest").throws(new Error("Firestore error")); chai .request(app) - .patch(`/impersonation/requests/${impersonationRequest3.id}?dev=true`) + .patch(`/impersonation/requests/${unapprovedImpersonationRequest2.id}?dev=true`) .set("cookie", `${cookieName}=${tempAuthToken}`) .send({ status: "APPROVED" }) .end(function (err, res) { @@ -818,34 +827,47 @@ describe("Impersonation Requests", () => { }); }); }); - describe("PATCH /impersonation/:id", function () { - let tempAuthToken; - let impersonationRequest3; - beforeEach(async () => { - tempAuthToken = authService.generateAuthToken({ userId: testUserId3 }); +describe("PATCH /impersonation/requests/:id", function () { + let rejectedRequest; - impersonationRequest3 = await impersonationModel.createImpersonationRequest({ + beforeEach(async () => { + approvedImpersonationRequest = await impersonationModel.createImpersonationRequest({ ...impersonationRequestsBodyData[0], - impersonatedUserId: testUserId4, - createdFor: userData[0].username, - userId: testSuperUserId, - status: "APPROVED", - isImpersonationFinished: true, - createdBy: userData[4].username, + impersonatedUserId: testUserId1, + createdBy: userData[16].username, + status: REQUEST_STATE.APPROVED + }); + + unapprovedImpersonationRequest = await impersonationModel.createImpersonationRequest({ + ...impersonationRequestsBodyData[1], + impersonatedUserId: testUserId3, + createdFor: userData[12].username + }); + + unapprovedImpersonationRequest2 = await impersonationModel.createImpersonationRequest({ + ...impersonationRequestsBodyData[2], + impersonatedUserId: testUserId4 + }); + + rejectedRequest = await impersonationModel.createImpersonationRequest({ + ...impersonationRequestsBodyData[3], + impersonatedUserId: testUserId1, + status: REQUEST_STATE.REJECTED }); }); - it("should return 404 and 'Route not Found' message when dev is false", function (done) { + it("should return 404 and 'Route not found' message when dev is false", function (done) { chai .request(app) - .patch(`/impersonation/${unapprovedImpersonationRequest.id}?dev=false&action=START`) + .patch(`/impersonation/requests/${unapprovedImpersonationRequest.id}?dev=false`) + .send({ status: "APPROVED" }) .set("cookie", `${cookieName}=${authToken}`) .end(function (err, res) { if (err) return done(err); try { expect(res.statusCode).to.equal(404); - expect(res.body.message).to.equal("Not Found"); + expect(res.body.message).to.equal("Route not found"); done(); } catch (e) { done(e); @@ -853,12 +875,14 @@ describe("Impersonation Requests", () => { }); }); - it("should return 404 and 'Route not Found' message when dev is missing", function (done) { + it("should return 404 and 'Route not found' message when dev is missing", function (done) { chai .request(app) - .patch(`/impersonation/${unapprovedImpersonationRequest.id}`) + .patch(`/impersonation/requests/${unapprovedImpersonationRequest.id}`) + .send({ status: "APPROVED" }) .set("cookie", `${cookieName}=${authToken}`) .end(function (err, res) { + if (err) return done(err); try { expect(res.statusCode).to.equal(404); expect(res.body.message).to.equal("Route not found"); @@ -867,173 +891,166 @@ describe("Impersonation Requests", () => { done(e); } }); - }); + }); + + it("should update a request status to APPROVED if dev flag is present", function (done) { + const tempAuthToken = authService.generateAuthToken({ userId: testUserId3 }); + chai + .request(app) + .patch(`/impersonation/requests/${unapprovedImpersonationRequest.id}?dev=true`) + .send({ status: "APPROVED" }) + .set("cookie", `${cookieName}=${tempAuthToken}`) + .end(function (err, res) { + if (err) return done(err); + expect(res.statusCode).to.equal(200); + expect(res.body.message).to.equal(REQUEST_APPROVED_SUCCESSFULLY); + expect(res.body.data.id).to.equal(unapprovedImpersonationRequest.id); + expect(res.body.data.lastModifiedBy).to.equal(unapprovedImpersonationRequest.impersonatedUserId); + done(); + }); + }); + + it("should update a request status to REJECTED if dev flag is present", function (done) { + const tempAuthToken = authService.generateAuthToken({ userId: testUserId4 }); + chai + .request(app) + .patch(`/impersonation/requests/${unapprovedImpersonationRequest2.id}?dev=true`) + .send({ status: "REJECTED" }) + .set("cookie", `${cookieName}=${tempAuthToken}`) + .end(function (err, res) { + if (err) return done(err); + expect(res.statusCode).to.equal(200); + expect(res.body.message).to.equal(REQUEST_REJECTED_SUCCESSFULLY); + expect(res.body.data.id).to.equal(unapprovedImpersonationRequest2.id); + expect(res.body.data.lastModifiedBy).to.equal(unapprovedImpersonationRequest2.impersonatedUserId); + done(); + }); + }); - it("should return 400 when action type is invalid (other than START, STOP)", function (done) { + it("should return 401 if user is not logged in", function (done) { chai .request(app) - .patch(`/impersonation/${unapprovedImpersonationRequest.id}?dev=true&action=ACTIVE`) - .set("cookie", `${cookieName}=${superUserToken}`) + .patch(`/impersonation/requests/${unapprovedImpersonationRequest.id}?dev=true`) + .send({ status: "APPROVED" }) .end(function (err, res) { + if (err) return done(err); try { - expect(res.statusCode).to.equal(400); - expect(res.body.message).to.equal("action must be START or STOP"); + expect(res).to.have.status(401); + expect(res.body.error).to.equal("Unauthorized"); + expect(res.body.message).to.equal("Unauthenticated User"); done(); } catch (e) { done(e); } }); - }); - - it("should successfully start the impersonation when action is START", function (done) { - chai - .request(app) - .patch(`/impersonation/${approvedImpersonationRequest.id}?dev=true&action=START`) - .send({ status: "APPROVED" }) - .set("cookie", `${cookieName}=${superUserToken}`) - .end(function (err, res) { - if (err) return done(err); - - expect(res.statusCode).to.equal(200); - expect(res.body.message).to.equal("Impersonation session has started."); - expect(res.body.data.id).to.equal(approvedImpersonationRequest.id); - - const setCookieHeader = res.header["set-cookie"]; - expect(setCookieHeader).to.be.an("array"); - const tokenCookie = setCookieHeader.find((cookieStr) => - cookieStr.startsWith(`${cookieName}=`) - ); - expect(tokenCookie).to.exist; - - const tokenValue = tokenCookie.split(";")[0].split("=")[1]; - const decoded = authService.decodeAuthToken(tokenValue); - expect(decoded.userId).to.equal(approvedImpersonationRequest.impersonatedUserId); - - done(); - }); -}); - - - it("should successfully stop the impersonation when action is STOP", function (done) { - const impersonationToken = authService.generateImpersonationAuthToken({ - userId: testSuperUserId, - impersonatedUserId: testUserId3, - }); + }); + it("should return NotFound Error if request does not exist", function (done) { chai .request(app) - .patch(`/impersonation/${approvedImpersonationRequest.id}?dev=true&action=STOP`) - .set("cookie", `${cookieName}=${impersonationToken}`) + .patch(`/impersonation/requests/randomId?dev=true`) + .send({ status: "APPROVED" }) + .set("cookie", `${cookieName}=${authToken}`) .end(function (err, res) { if (err) return done(err); - expect(res.statusCode).to.equal(200); - expect(res.body.message).to.equal("Impersonation session has been stopped."); - expect(res.body.data.id).to.equal(approvedImpersonationRequest.id); - done(); + expect(res).to.have.status(404); + expect(res.body.error).to.equal("Not Found"); + expect(res.body.message).to.equal(REQUEST_DOES_NOT_EXIST); + done(); }); - }); + }); - it("should return 403 if impersonation request is not approved", function (done) { + it("should return 403 Forbidden if a request is already approved", function (done) { + const tempAuthToken = authService.generateAuthToken({ userId: testUserId1 }); chai .request(app) - .patch(`/impersonation/${unapprovedImpersonationRequest.id}?dev=true&action=START`) - .set("cookie", `${cookieName}=${superUserToken}`) + .patch(`/impersonation/requests/${approvedImpersonationRequest.id}?dev=true`) + .set("cookie", `${cookieName}=${tempAuthToken}`) + .send({ status: "APPROVED" }) .end(function (err, res) { if (err) return done(err); - expect(res.statusCode).to.equal(403); - expect(res.body.message).to.equal("You are not allowed for this operation at the moment"); + expect(res).to.have.status(403); + expect(res.body.error).to.equal("Forbidden"); + expect(res.body.message).to.equal("You are not allowed for this Operation at the moment"); done(); }); - }); - - it("should return 403 if a user other than the impersonated user tries to STOP the session", function (done) { - const fakeImpersonationToken = authService.generateImpersonationAuthToken({ - userId: testSuperUserId, - impersonatedUserId: testUserId5, // wrong impersonated user - }); + }); + it("should return 403 Forbidden if a request is already rejected", function (done) { chai .request(app) - .patch(`/impersonation/${approvedImpersonationRequest.id}?dev=true&action=STOP`) - .set("cookie", `${cookieName}=${fakeImpersonationToken}`) + .patch(`/impersonation/requests/${rejectedRequest.id}?dev=true`) + .set("cookie", `${cookieName}=${authToken}`) + .send({ status: "REJECTED" }) .end(function (err, res) { - expect(res.statusCode).to.equal(403); - expect(res.body.message).to.equal("You are not authorized for this action"); + if (err) return done(err); + expect(res).to.have.status(403); + expect(res.body.error).to.equal("Forbidden"); + expect(res.body.message).to.equal("You are not allowed for this Operation at the moment"); done(); }); - }); - - it("should return 403 if a user who is not currently impersonating attempts to stop an impersonation session", function (done) { - const normalToken = authService.generateAuthToken({ - userId: testSuperUserId, - }); + }); + it("should throw 403 Forbidden if unauthorized user tries to update the request", function (done) { chai .request(app) - .patch(`/impersonation/${approvedImpersonationRequest.id}?dev=true&action=STOP`) - .set("cookie", `${cookieName}=${normalToken}`) + .patch(`/impersonation/requests/${unapprovedImpersonationRequest2.id}?dev=true`) + .send({ status: "APPROVED" }) + .set("cookie", `${cookieName}=${authToken}`) .end(function (err, res) { if (err) return done(err); - try { - expect(res.statusCode).to.equal(403); - expect(res.body.message).to.equal("Invalid impersonation session"); - done(); - } catch (e) { - done(e); - } + expect(res).to.have.status(403); + expect(res.body.error).to.equal("Forbidden"); + expect(res.body.message).to.equal("You are not allowed for this Operation at the moment"); + done(); }); - }); + }); - it("should return 404 if impersonation request does not exist", function (done) { - chai + it("should return 400 if status is not provided", function (done) { + chai .request(app) - .patch(`/impersonation/nonexistent-id?dev=true&action=START`) - .set("cookie", `${cookieName}=${superUserToken}`) + .patch(`/impersonation/requests/${unapprovedImpersonationRequest.id}?dev=true`) + .set("cookie", `${cookieName}=${authToken}`) + .send({ status: "" }) .end(function (err, res) { - expect(res.statusCode).to.equal(404); - expect(res.body.message).to.equal("Request does not exist"); + if (err) return done(err); + expect(res).to.have.status(400); + expect(res.body.error).to.equal("Bad Request"); + expect(res.body.message).to.equal(`status must be APPROVED or REJECTED,"status" is not allowed to be empty`); done(); }); - }); + }); - it("should return 403 if trying to START an already finished impersonation session", function (done) { + it("should return 400 if status is not APPROVED/REJECTED", function (done) { chai .request(app) - .patch(`/impersonation/${impersonationRequest3.id}?dev=true&action=START`) - .set("cookie", `${cookieName}=${superUserToken}`) + .patch(`/impersonation/requests/${unapprovedImpersonationRequest.id}?dev=true`) + .set("cookie", `${cookieName}=${authToken}`) + .send({ status: "ACTIVE" }) .end(function (err, res) { if (err) return done(err); - try { - expect(res.statusCode).to.equal(403); - expect(res.body.message).to.equal("You are not allowed for this operation at the moment"); - done(); - } catch (e) { - done(e); - } + expect(res).to.have.status(400); + expect(res.body.error).to.equal("Bad Request"); + expect(res.body.message).to.equal(`status must be APPROVED or REJECTED`); + done(); }); - }); - - it("should throw 404 NotFound if impersonation request does not exist at stopImpersonation Service", function (done) { - const impersonationToken = authService.generateImpersonationAuthToken({ - userId: testSuperUserId, - impersonatedUserId: testUserId3, - }); - const invalidRequestId = "non-existent-id"; + }); + it("should return 500 if Firestore fails during updateImpersonationRequest (service catch block)", function (done) { + const tempAuthToken = authService.generateAuthToken({ userId: testUserId4 }); + sinon.stub(impersonationModel, "updateImpersonationRequest").throws(new Error("Firestore error")); chai .request(app) - .patch(`/impersonation/${invalidRequestId}?dev=true&action=STOP`) - .set("cookie", `${cookieName}=${impersonationToken}`) + .patch(`/impersonation/requests/${unapprovedImpersonationRequest2.id}?dev=true`) + .set("cookie", `${cookieName}=${tempAuthToken}`) + .send({ status: "APPROVED" }) .end(function (err, res) { if (err) return done(err); - try { - expect(res.statusCode).to.equal(404); - expect(res.body.message).to.equal(REQUEST_DOES_NOT_EXIST); - done(); - } catch (e) { - done(e); - } + expect(res).to.have.status(500); + expect(res.body.message).to.equal("An internal server error occurred"); + sinon.restore(); + done(); }); - }); -}); + }); + }); }); \ No newline at end of file From 552f26a7796030aca1b6f48e2735f1018bf86013 Mon Sep 17 00:00:00 2001 From: suvidh Date: Sun, 29 Jun 2025 15:38:07 +0530 Subject: [PATCH 6/6] fixed spacing in tests --- .../integration/impersonationRequests.test.ts | 240 +++++++----------- 1 file changed, 97 insertions(+), 143 deletions(-) diff --git a/test/integration/impersonationRequests.test.ts b/test/integration/impersonationRequests.test.ts index 88731dfa1..1d2b0c9ce 100644 --- a/test/integration/impersonationRequests.test.ts +++ b/test/integration/impersonationRequests.test.ts @@ -42,6 +42,7 @@ let testSuperUserId: string; let tempAuthToken: string; let impersonationRequestBody: CreateImpersonationRequestBody; let unapprovedImpersonationRequest: ImpersonationRequest; +let rejectedRequest: ImpersonationRequest; let unapprovedImpersonationRequest2: ImpersonationRequest; let approvedImpersonationRequest: ImpersonationRequest; let finishedImpersonationRequest: ImpersonationRequest; @@ -596,8 +597,6 @@ describe("Impersonation Requests", () => { }); describe("PATCH /impersonation/requests/:id", function () { - let rejectedRequest; - beforeEach(async () => { approvedImpersonationRequest = await impersonationModel.createImpersonationRequest({ ...impersonationRequestsBodyData[0], @@ -686,7 +685,6 @@ describe("Impersonation Requests", () => { .set("cookie", `${cookieName}=${tempAuthToken}`) .end(function (err, res) { if (err) return done(err); - console.log(res.body); expect(res.statusCode).to.equal(200); expect(res.body.message).to.equal(REQUEST_REJECTED_SUCCESSFULLY); expect(res.body.data.id).to.equal(unapprovedImpersonationRequest2.id); @@ -704,7 +702,6 @@ describe("Impersonation Requests", () => { if (err) return done(err); try { expect(res).to.have.status(401); - console.log(res.body); expect(res.body.error).to.equal("Unauthorized"); expect(res.body.message).to.equal("Unauthenticated User"); done(); @@ -722,8 +719,6 @@ describe("Impersonation Requests", () => { .set("cookie", `${cookieName}=${authToken}`) .end(function (err, res) { if (err) return done(err); - console.log(res.body); - expect(res).to.have.status(404); expect(res.body.error).to.equal("Not Found"); expect(res.body.message).to.equal(REQUEST_DOES_NOT_EXIST); @@ -741,11 +736,9 @@ describe("Impersonation Requests", () => { .send({status:"APPROVED"}) .end(function (err, res) { if (err) return done(err); - console.log(res.body); - expect(res).to.have.status(403); expect(res.body.error).to.equal("Forbidden"); - expect(res.body.message).to.equal("You are not allowed for this Operation at the moment"); + expect(res.body.message).to.equal(OPERATION_NOT_ALLOWED); done(); }); }); @@ -760,7 +753,7 @@ describe("Impersonation Requests", () => { if (err) return done(err); expect(res).to.have.status(403); expect(res.body.error).to.equal("Forbidden"); - expect(res.body.message).to.equal("You are not allowed for this Operation at the moment"); + expect(res.body.message).to.equal(OPERATION_NOT_ALLOWED); done(); }); }); @@ -775,7 +768,7 @@ describe("Impersonation Requests", () => { if (err) return done(err); expect(res).to.have.status(403); expect(res.body.error).to.equal("Forbidden"); - expect(res.body.message).to.equal("You are not allowed for this Operation at the moment"); + expect(res.body.message).to.equal(OPERATION_NOT_ALLOWED); done(); }); }); @@ -827,228 +820,189 @@ describe("Impersonation Requests", () => { }); }); }); - -describe("PATCH /impersonation/requests/:id", function () { - let rejectedRequest; - + describe("PATCH /impersonation/:id", function () { beforeEach(async () => { - approvedImpersonationRequest = await impersonationModel.createImpersonationRequest({ - ...impersonationRequestsBodyData[0], - impersonatedUserId: testUserId1, - createdBy: userData[16].username, - status: REQUEST_STATE.APPROVED - }); - - unapprovedImpersonationRequest = await impersonationModel.createImpersonationRequest({ - ...impersonationRequestsBodyData[1], - impersonatedUserId: testUserId3, - createdFor: userData[12].username - }); + tempAuthToken = authService.generateAuthToken({ userId: testUserId3 }); - unapprovedImpersonationRequest2 = await impersonationModel.createImpersonationRequest({ - ...impersonationRequestsBodyData[2], - impersonatedUserId: testUserId4 - }); - - rejectedRequest = await impersonationModel.createImpersonationRequest({ - ...impersonationRequestsBodyData[3], - impersonatedUserId: testUserId1, - status: REQUEST_STATE.REJECTED + finishedImpersonationRequest = await impersonationModel.createImpersonationRequest({ + ...impersonationRequestsBodyData[0], + impersonatedUserId: testUserId4, + createdFor: userData[0].username, + userId: testSuperUserId, + status: "APPROVED", + isImpersonationFinished: true, + createdBy: userData[4].username, }); }); - it("should return 404 and 'Route not found' message when dev is false", function (done) { + it("should return 404 and 'Route not Found' message when dev is false", function (done) { chai .request(app) - .patch(`/impersonation/requests/${unapprovedImpersonationRequest.id}?dev=false`) - .send({ status: "APPROVED" }) + .patch(`/impersonation/${unapprovedImpersonationRequest.id}?dev=false&action=START`) .set("cookie", `${cookieName}=${authToken}`) .end(function (err, res) { if (err) return done(err); - try { - expect(res.statusCode).to.equal(404); - expect(res.body.message).to.equal("Route not found"); - done(); - } catch (e) { - done(e); - } + expect(res.statusCode).to.equal(404); + expect(res.body.message).to.equal("Route not found"); + done(); }); }); - it("should return 404 and 'Route not found' message when dev is missing", function (done) { + it("should return 404 and 'Route not Found' message when dev is missing", function (done) { chai .request(app) - .patch(`/impersonation/requests/${unapprovedImpersonationRequest.id}`) - .send({ status: "APPROVED" }) + .patch(`/impersonation/${unapprovedImpersonationRequest.id}`) .set("cookie", `${cookieName}=${authToken}`) .end(function (err, res) { if (err) return done(err); - try { - expect(res.statusCode).to.equal(404); - expect(res.body.message).to.equal("Route not found"); - done(); - } catch (e) { - done(e); - } + expect(res.statusCode).to.equal(404); + expect(res.body.message).to.equal("Route not found"); + done(); }); }); - it("should update a request status to APPROVED if dev flag is present", function (done) { - const tempAuthToken = authService.generateAuthToken({ userId: testUserId3 }); + it("should return 400 when action type is invalid (other than START, STOP)", function (done) { chai .request(app) - .patch(`/impersonation/requests/${unapprovedImpersonationRequest.id}?dev=true`) - .send({ status: "APPROVED" }) - .set("cookie", `${cookieName}=${tempAuthToken}`) + .patch(`/impersonation/${unapprovedImpersonationRequest.id}?dev=true&action=ACTIVE`) + .set("cookie", `${cookieName}=${superUserToken}`) .end(function (err, res) { if (err) return done(err); - expect(res.statusCode).to.equal(200); - expect(res.body.message).to.equal(REQUEST_APPROVED_SUCCESSFULLY); - expect(res.body.data.id).to.equal(unapprovedImpersonationRequest.id); - expect(res.body.data.lastModifiedBy).to.equal(unapprovedImpersonationRequest.impersonatedUserId); + expect(res.statusCode).to.equal(400); + expect(res.body.message).to.equal("action must be START or STOP"); done(); }); }); - it("should update a request status to REJECTED if dev flag is present", function (done) { - const tempAuthToken = authService.generateAuthToken({ userId: testUserId4 }); + it("should successfully start the impersonation when action is START", function (done) { chai .request(app) - .patch(`/impersonation/requests/${unapprovedImpersonationRequest2.id}?dev=true`) - .send({ status: "REJECTED" }) - .set("cookie", `${cookieName}=${tempAuthToken}`) + .patch(`/impersonation/${approvedImpersonationRequest.id}?dev=true&action=START`) + .send({ status: "APPROVED" }) + .set("cookie", `${cookieName}=${superUserToken}`) .end(function (err, res) { if (err) return done(err); expect(res.statusCode).to.equal(200); - expect(res.body.message).to.equal(REQUEST_REJECTED_SUCCESSFULLY); - expect(res.body.data.id).to.equal(unapprovedImpersonationRequest2.id); - expect(res.body.data.lastModifiedBy).to.equal(unapprovedImpersonationRequest2.impersonatedUserId); + expect(res.body.message).to.equal("Impersonation session has started."); + expect(res.body.data.id).to.equal(approvedImpersonationRequest.id); done(); }); }); - it("should return 401 if user is not logged in", function (done) { - chai - .request(app) - .patch(`/impersonation/requests/${unapprovedImpersonationRequest.id}?dev=true`) - .send({ status: "APPROVED" }) - .end(function (err, res) { - if (err) return done(err); - try { - expect(res).to.have.status(401); - expect(res.body.error).to.equal("Unauthorized"); - expect(res.body.message).to.equal("Unauthenticated User"); - done(); - } catch (e) { - done(e); - } - }); - }); + it("should successfully stop the impersonation when action is STOP", function (done) { + const impersonationToken = authService.generateImpersonationAuthToken({ + userId: testSuperUserId, + impersonatedUserId: testUserId3, + }); - it("should return NotFound Error if request does not exist", function (done) { chai .request(app) - .patch(`/impersonation/requests/randomId?dev=true`) - .send({ status: "APPROVED" }) - .set("cookie", `${cookieName}=${authToken}`) + .patch(`/impersonation/${approvedImpersonationRequest.id}?dev=true&action=STOP`) + .set("cookie", `${cookieName}=${impersonationToken}`) .end(function (err, res) { if (err) return done(err); - expect(res).to.have.status(404); - expect(res.body.error).to.equal("Not Found"); - expect(res.body.message).to.equal(REQUEST_DOES_NOT_EXIST); + expect(res.statusCode).to.equal(200); + expect(res.body.message).to.equal("Impersonation session has been stopped."); + expect(res.body.data.id).to.equal(approvedImpersonationRequest.id); done(); }); }); - it("should return 403 Forbidden if a request is already approved", function (done) { - const tempAuthToken = authService.generateAuthToken({ userId: testUserId1 }); + it("should return 403 if impersonation request is not approved", function (done) { chai .request(app) - .patch(`/impersonation/requests/${approvedImpersonationRequest.id}?dev=true`) - .set("cookie", `${cookieName}=${tempAuthToken}`) - .send({ status: "APPROVED" }) + .patch(`/impersonation/${unapprovedImpersonationRequest.id}?dev=true&action=START`) + .set("cookie", `${cookieName}=${superUserToken}`) .end(function (err, res) { if (err) return done(err); - expect(res).to.have.status(403); - expect(res.body.error).to.equal("Forbidden"); - expect(res.body.message).to.equal("You are not allowed for this Operation at the moment"); + expect(res.statusCode).to.equal(403); + expect(res.body.message).to.equal(OPERATION_NOT_ALLOWED); done(); }); }); - it("should return 403 Forbidden if a request is already rejected", function (done) { + it("should return 403 if a user other than the impersonated user tries to STOP the session", function (done) { + const fakeImpersonationToken = authService.generateImpersonationAuthToken({ + userId: testSuperUserId, + impersonatedUserId: testUserId5, + }); + chai .request(app) - .patch(`/impersonation/requests/${rejectedRequest.id}?dev=true`) - .set("cookie", `${cookieName}=${authToken}`) - .send({ status: "REJECTED" }) + .patch(`/impersonation/${approvedImpersonationRequest.id}?dev=true&action=STOP`) + .set("cookie", `${cookieName}=${fakeImpersonationToken}`) .end(function (err, res) { if (err) return done(err); - expect(res).to.have.status(403); - expect(res.body.error).to.equal("Forbidden"); - expect(res.body.message).to.equal("You are not allowed for this Operation at the moment"); + expect(res.statusCode).to.equal(403); + expect(res.body.message).to.equal(OPERATION_NOT_ALLOWED); done(); }); }); - it("should throw 403 Forbidden if unauthorized user tries to update the request", function (done) { + it("should return 403 if a user who is not currently impersonating attempts to stop the impersonation session", function (done) { + const normalToken = authService.generateAuthToken({ + userId: testSuperUserId, // not impersonating anyone + }); + chai .request(app) - .patch(`/impersonation/requests/${unapprovedImpersonationRequest2.id}?dev=true`) - .send({ status: "APPROVED" }) - .set("cookie", `${cookieName}=${authToken}`) + .patch(`/impersonation/${approvedImpersonationRequest.id}?dev=true&action=STOP`) + .set("cookie", `${cookieName}=${normalToken}`) .end(function (err, res) { if (err) return done(err); - expect(res).to.have.status(403); - expect(res.body.error).to.equal("Forbidden"); - expect(res.body.message).to.equal("You are not allowed for this Operation at the moment"); - done(); + try { + expect(res).to.have.status(403); + expect(res.body).to.have.property("message", OPERATION_NOT_ALLOWED); + expect(res.body).to.have.property("error", "Forbidden"); + done(); + } catch (e) { + done(e); + } }); }); - it("should return 400 if status is not provided", function (done) { + it("should return 404 if impersonation request does not exist", function (done) { chai .request(app) - .patch(`/impersonation/requests/${unapprovedImpersonationRequest.id}?dev=true`) - .set("cookie", `${cookieName}=${authToken}`) - .send({ status: "" }) + .patch(`/impersonation/nonexistent-id?dev=true&action=START`) + .set("cookie", `${cookieName}=${superUserToken}`) .end(function (err, res) { if (err) return done(err); - expect(res).to.have.status(400); - expect(res.body.error).to.equal("Bad Request"); - expect(res.body.message).to.equal(`status must be APPROVED or REJECTED,"status" is not allowed to be empty`); + expect(res.statusCode).to.equal(404); + expect(res.body.message).to.equal("Request does not exist"); done(); }); }); - it("should return 400 if status is not APPROVED/REJECTED", function (done) { + it("should return 403 if trying to START an already finished impersonation session", function (done) { chai .request(app) - .patch(`/impersonation/requests/${unapprovedImpersonationRequest.id}?dev=true`) - .set("cookie", `${cookieName}=${authToken}`) - .send({ status: "ACTIVE" }) + .patch(`/impersonation/${finishedImpersonationRequest.id}?dev=true&action=START`) + .set("cookie", `${cookieName}=${superUserToken}`) .end(function (err, res) { if (err) return done(err); - expect(res).to.have.status(400); - expect(res.body.error).to.equal("Bad Request"); - expect(res.body.message).to.equal(`status must be APPROVED or REJECTED`); + expect(res.statusCode).to.equal(403); + expect(res.body.message).to.equal("You are not allowed for this operation at the moment"); done(); }); }); - it("should return 500 if Firestore fails during updateImpersonationRequest (service catch block)", function (done) { - const tempAuthToken = authService.generateAuthToken({ userId: testUserId4 }); - sinon.stub(impersonationModel, "updateImpersonationRequest").throws(new Error("Firestore error")); + it("should throw 404 NotFound if impersonation request does not exist at stopImpersonation Service", function (done) { + const impersonationToken = authService.generateImpersonationAuthToken({ + userId: testSuperUserId, + impersonatedUserId: testUserId3, + }); + + const invalidRequestId = "non-existent-id"; + chai .request(app) - .patch(`/impersonation/requests/${unapprovedImpersonationRequest2.id}?dev=true`) - .set("cookie", `${cookieName}=${tempAuthToken}`) - .send({ status: "APPROVED" }) + .patch(`/impersonation/${invalidRequestId}?dev=true&action=STOP`) + .set("cookie", `${cookieName}=${impersonationToken}`) .end(function (err, res) { if (err) return done(err); - expect(res).to.have.status(500); - expect(res.body.message).to.equal("An internal server error occurred"); - sinon.restore(); + expect(res.statusCode).to.equal(404); + expect(res.body.message).to.equal(REQUEST_DOES_NOT_EXIST); done(); }); });