Skip to content

Commit 660d856

Browse files
fehmerfehmer
authored
refactor: use bearer auth instead of uid auth for tests (@fehmer) (monkeytypegame#6318)
1 parent 3a5b378 commit 660d856

File tree

11 files changed

+404
-346
lines changed

11 files changed

+404
-346
lines changed

backend/__tests__/__testData__/auth.ts

Lines changed: 44 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,8 @@ import { hash } from "bcrypt";
44
import { ObjectId } from "mongodb";
55
import { base64UrlEncode } from "../../src/utils/misc";
66
import * as ApeKeyDal from "../../src/dal/ape-keys";
7+
import { DecodedIdToken } from "firebase-admin/auth";
8+
import * as AuthUtils from "../../src/utils/auth";
79

810
export async function mockAuthenticateWithApeKey(
911
uid: string,
@@ -35,3 +37,45 @@ export async function mockAuthenticateWithApeKey(
3537

3638
return base64UrlEncode(`${apeKeyId}.${apiKey}`);
3739
}
40+
41+
export function mockBearerAuthentication(uid: string) {
42+
const mockDecodedToken = {
43+
uid,
44+
email: "[email protected]",
45+
iat: Date.now(),
46+
} as DecodedIdToken;
47+
const verifyIdTokenMock = vi.spyOn(AuthUtils, "verifyIdToken");
48+
49+
return {
50+
/**
51+
* Reset the mock and return a default token. Call this method in the `beforeEach` of all tests.
52+
*/
53+
beforeEach: (): void => {
54+
verifyIdTokenMock.mockReset();
55+
verifyIdTokenMock.mockResolvedValue(mockDecodedToken);
56+
},
57+
/**
58+
* Reset the mock results in the authentication to fail.
59+
*/
60+
noAuth: (): void => {
61+
verifyIdTokenMock.mockReset();
62+
},
63+
/**
64+
* verify the authentication has been called
65+
*/
66+
expectToHaveBeenCalled: (): void => {
67+
expect(verifyIdTokenMock).toHaveBeenCalled();
68+
},
69+
/**
70+
* modify the token returned by the mock. This can be used to e.g. return a stale token.
71+
* @param customize
72+
*/
73+
modifyToken: (customize: Partial<DecodedIdToken>): void => {
74+
verifyIdTokenMock.mockReset();
75+
verifyIdTokenMock.mockResolvedValue({
76+
...mockDecodedToken,
77+
...customize,
78+
});
79+
},
80+
};
81+
}

backend/__tests__/api/controllers/admin.spec.ts

Lines changed: 30 additions & 27 deletions
Original file line numberDiff line numberDiff line change
@@ -9,10 +9,12 @@ import GeorgeQueue from "../../../src/queues/george-queue";
99
import * as AuthUtil from "../../../src/utils/auth";
1010
import _ from "lodash";
1111
import { enableRateLimitExpects } from "../../__testData__/rate-limit";
12+
import { mockBearerAuthentication } from "../../__testData__/auth";
1213

1314
const mockApp = request(app);
1415
const configuration = Configuration.getCachedConfiguration();
1516
const uid = new ObjectId().toHexString();
17+
const mockAuth = mockBearerAuthentication(uid);
1618
enableRateLimitExpects();
1719

1820
describe("AdminController", () => {
@@ -22,6 +24,7 @@ describe("AdminController", () => {
2224
isAdminMock.mockReset();
2325
await enableAdminEndpoints(true);
2426
isAdminMock.mockResolvedValue(true);
27+
mockAuth.beforeEach();
2528
});
2629

2730
describe("check for admin", () => {
@@ -31,7 +34,7 @@ describe("AdminController", () => {
3134
//WHEN
3235
const { body } = await mockApp
3336
.get("/admin")
34-
.set("authorization", `Uid ${uid}`)
37+
.set("Authorization", `Bearer ${uid}`)
3538
.expect(200);
3639

3740
//THEN
@@ -44,17 +47,17 @@ describe("AdminController", () => {
4447
});
4548
it("should fail if user is no admin", async () => {
4649
await expectFailForNonAdmin(
47-
mockApp.get("/admin").set("authorization", `Uid ${uid}`)
50+
mockApp.get("/admin").set("Authorization", `Bearer ${uid}`)
4851
);
4952
});
5053
it("should fail if admin endpoints are disabled", async () => {
5154
await expectFailForDisabledEndpoint(
52-
mockApp.get("/admin").set("authorization", `Uid ${uid}`)
55+
mockApp.get("/admin").set("Authorization", `Bearer ${uid}`)
5356
);
5457
});
5558
it("should be rate limited", async () => {
5659
await expect(
57-
mockApp.get("/admin").set("authorization", `Uid ${uid}`)
60+
mockApp.get("/admin").set("Authorization", `Bearer ${uid}`)
5861
).toBeRateLimited({ max: 1, windowMs: 5000 });
5962
});
6063
});
@@ -82,7 +85,7 @@ describe("AdminController", () => {
8285
const { body } = await mockApp
8386
.post("/admin/toggleBan")
8487
.send({ uid: victimUid })
85-
.set("authorization", `Uid ${uid}`)
88+
.set("Authorization", `Bearer ${uid}`)
8689
.expect(200);
8790

8891
//THEN
@@ -109,7 +112,7 @@ describe("AdminController", () => {
109112
const { body } = await mockApp
110113
.post("/admin/toggleBan")
111114
.send({ uid: victimUid })
112-
.set("authorization", `Uid ${uid}`)
115+
.set("Authorization", `Bearer ${uid}`)
113116
.expect(200);
114117

115118
//THEN
@@ -132,7 +135,7 @@ describe("AdminController", () => {
132135
const { body } = await mockApp
133136
.post("/admin/toggleBan")
134137
.send({})
135-
.set("authorization", `Uid ${uid}`)
138+
.set("Authorization", `Bearer ${uid}`)
136139
.expect(422);
137140

138141
//THEN
@@ -148,7 +151,7 @@ describe("AdminController", () => {
148151
const { body } = await mockApp
149152
.post("/admin/toggleBan")
150153
.send({ uid: new ObjectId().toHexString(), extra: "value" })
151-
.set("authorization", `Uid ${uid}`)
154+
.set("Authorization", `Bearer ${uid}`)
152155
.expect(422);
153156

154157
//THEN
@@ -162,7 +165,7 @@ describe("AdminController", () => {
162165
mockApp
163166
.post("/admin/toggleBan")
164167
.send({ uid: new ObjectId().toHexString() })
165-
.set("authorization", `Uid ${uid}`)
168+
.set("Authorization", `Bearer ${uid}`)
166169
);
167170
});
168171
it("should fail if admin endpoints are disabled", async () => {
@@ -171,7 +174,7 @@ describe("AdminController", () => {
171174
mockApp
172175
.post("/admin/toggleBan")
173176
.send({ uid: new ObjectId().toHexString() })
174-
.set("authorization", `Uid ${uid}`)
177+
.set("Authorization", `Bearer ${uid}`)
175178
);
176179
});
177180
it("should be rate limited", async () => {
@@ -187,7 +190,7 @@ describe("AdminController", () => {
187190
mockApp
188191
.post("/admin/toggleBan")
189192
.send({ uid: victimUid })
190-
.set("authorization", `Uid ${uid}`)
193+
.set("Authorization", `Bearer ${uid}`)
191194
).toBeRateLimited({ max: 1, windowMs: 5000 });
192195
});
193196
});
@@ -220,7 +223,7 @@ describe("AdminController", () => {
220223
.send({
221224
reports: [{ reportId: reportOne.id }, { reportId: reportTwo.id }],
222225
})
223-
.set("authorization", `Uid ${uid}`)
226+
.set("Authorization", `Bearer ${uid}`)
224227
.expect(200);
225228

226229
expect(body).toEqual({
@@ -236,7 +239,7 @@ describe("AdminController", () => {
236239
const { body } = await mockApp
237240
.post("/admin/report/accept")
238241
.send({})
239-
.set("authorization", `Uid ${uid}`)
242+
.set("Authorization", `Bearer ${uid}`)
240243
.expect(422);
241244

242245
expect(body).toEqual({
@@ -249,7 +252,7 @@ describe("AdminController", () => {
249252
const { body } = await mockApp
250253
.post("/admin/report/accept")
251254
.send({ reports: [] })
252-
.set("authorization", `Uid ${uid}`)
255+
.set("Authorization", `Bearer ${uid}`)
253256
.expect(422);
254257

255258
expect(body).toEqual({
@@ -264,7 +267,7 @@ describe("AdminController", () => {
264267
const { body } = await mockApp
265268
.post("/admin/report/accept")
266269
.send({ reports: [{ reportId: "1", extra2: "value" }], extra: "value" })
267-
.set("authorization", `Uid ${uid}`)
270+
.set("Authorization", `Bearer ${uid}`)
268271
.expect(422);
269272

270273
expect(body).toEqual({
@@ -280,7 +283,7 @@ describe("AdminController", () => {
280283
mockApp
281284
.post("/admin/report/accept")
282285
.send({ reports: [] })
283-
.set("authorization", `Uid ${uid}`)
286+
.set("Authorization", `Bearer ${uid}`)
284287
);
285288
});
286289
it("should fail if admin endpoints are disabled", async () => {
@@ -289,7 +292,7 @@ describe("AdminController", () => {
289292
mockApp
290293
.post("/admin/report/accept")
291294
.send({ reports: [] })
292-
.set("authorization", `Uid ${uid}`)
295+
.set("Authorization", `Bearer ${uid}`)
293296
);
294297
});
295298
it("should be rate limited", async () => {
@@ -301,7 +304,7 @@ describe("AdminController", () => {
301304
mockApp
302305
.post("/admin/report/accept")
303306
.send({ reports: [{ reportId: "1" }] })
304-
.set("authorization", `Uid ${uid}`)
307+
.set("Authorization", `Bearer ${uid}`)
305308
).toBeRateLimited({ max: 1, windowMs: 5000 });
306309
});
307310
});
@@ -337,7 +340,7 @@ describe("AdminController", () => {
337340
{ reportId: reportTwo.id },
338341
],
339342
})
340-
.set("authorization", `Uid ${uid}`)
343+
.set("Authorization", `Bearer ${uid}`)
341344
.expect(200);
342345

343346
expect(body).toEqual({
@@ -353,7 +356,7 @@ describe("AdminController", () => {
353356
const { body } = await mockApp
354357
.post("/admin/report/reject")
355358
.send({})
356-
.set("authorization", `Uid ${uid}`)
359+
.set("Authorization", `Bearer ${uid}`)
357360
.expect(422);
358361

359362
expect(body).toEqual({
@@ -366,7 +369,7 @@ describe("AdminController", () => {
366369
const { body } = await mockApp
367370
.post("/admin/report/reject")
368371
.send({ reports: [] })
369-
.set("authorization", `Uid ${uid}`)
372+
.set("Authorization", `Bearer ${uid}`)
370373
.expect(422);
371374

372375
expect(body).toEqual({
@@ -381,7 +384,7 @@ describe("AdminController", () => {
381384
const { body } = await mockApp
382385
.post("/admin/report/reject")
383386
.send({ reports: [{ reportId: "1", extra2: "value" }], extra: "value" })
384-
.set("authorization", `Uid ${uid}`)
387+
.set("Authorization", `Bearer ${uid}`)
385388
.expect(422);
386389

387390
expect(body).toEqual({
@@ -397,7 +400,7 @@ describe("AdminController", () => {
397400
mockApp
398401
.post("/admin/report/reject")
399402
.send({ reports: [] })
400-
.set("authorization", `Uid ${uid}`)
403+
.set("Authorization", `Bearer ${uid}`)
401404
);
402405
});
403406
it("should fail if admin endpoints are disabled", async () => {
@@ -406,7 +409,7 @@ describe("AdminController", () => {
406409
mockApp
407410
.post("/admin/report/reject")
408411
.send({ reports: [] })
409-
.set("authorization", `Uid ${uid}`)
412+
.set("Authorization", `Bearer ${uid}`)
410413
);
411414
});
412415
it("should be rate limited", async () => {
@@ -418,7 +421,7 @@ describe("AdminController", () => {
418421
mockApp
419422
.post("/admin/report/reject")
420423
.send({ reports: [{ reportId: "1" }] })
421-
.set("authorization", `Uid ${uid}`)
424+
.set("Authorization", `Bearer ${uid}`)
422425
).toBeRateLimited({ max: 1, windowMs: 5000 });
423426
});
424427
});
@@ -439,7 +442,7 @@ describe("AdminController", () => {
439442
const { body } = await mockApp
440443
.post("/admin/sendForgotPasswordEmail")
441444
.send({ email: "[email protected]" })
442-
.set("authorization", `Uid ${uid}`)
445+
.set("Authorization", `Bearer ${uid}`)
443446
.expect(200);
444447

445448
//THEN
@@ -458,7 +461,7 @@ describe("AdminController", () => {
458461
mockApp
459462
.post("/admin/sendForgotPasswordEmail")
460463
.send({ email: "[email protected]" })
461-
.set("authorization", `Uid ${uid}`)
464+
.set("Authorization", `Bearer ${uid}`)
462465
).toBeRateLimited({ max: 1, windowMs: 5000 });
463466
});
464467
});

0 commit comments

Comments
 (0)