add authorization tests and restructure tests

Author: janishar

src/auth/authorization.ts

@@ -1,7 +1,7 @@
 import express from 'express';
 import { ProtectedRequest } from 'app-request';
 import { AuthFailureError } from '../core/ApiError';
-import RoleRepository from '../database/repository/RoleRepo';
+import RoleRepo from '../database/repository/RoleRepo';
 import asyncHandler from '../helpers/asyncHandler';
 
 const router = express.Router();
@@ -11,7 +11,7 @@ export default router.use(
 		if (!req.user || !req.user.roles || !req.currentRoleCode)
 			throw new AuthFailureError('Permission denied');
 
-		const role = await RoleRepository.findByCode(req.currentRoleCode);
+		const role = await RoleRepo.findByCode(req.currentRoleCode);
 		if (!role) throw new AuthFailureError('Permission denied');
 
 		const validRoles = req.user.roles

tests/auth/apikey.test.ts renamed to tests/auth/apikey/index.test.ts

@@ -1,17 +1,6 @@
-import app from '../../src/app';
+import { API_KEY, mockFindApiKey } from './mock'; // mock should be imported on the top
+import app from '../../../src/app';
 import supertest from 'supertest';
-import { IApiKey } from '../../src/database/model/ApiKey';
-
-export const API_KEY = 'abc';
-
-export const mockFindApiKey = jest.fn(async (key: string) => {
-	if (key == API_KEY) return <IApiKey>{ key: API_KEY };
-	else return null;
-});
-
-jest.mock('../../src/database/repository/ApiKeyRepo', () => ({
-	get findByKey() { return mockFindApiKey; }
-}));
 
 describe('apikey validation', () => {
 

tests/auth/apikey/mock.ts

@@ -0,0 +1,12 @@
+import { IApiKey } from '../../../src/database/model/ApiKey';
+
+export const API_KEY = 'abc';
+
+export const mockFindApiKey = jest.fn(async (key: string) => {
+	if (key == API_KEY) return <IApiKey>{ key: API_KEY };
+	else return null;
+});
+
+jest.mock('../../../src/database/repository/ApiKeyRepo', () => ({
+	get findByKey() { return mockFindApiKey; }
+}));

tests/auth/authentication.test.ts renamed to tests/auth/authentication/index.test.ts

@@ -1,61 +1,19 @@
-import app from '../../src/app';
-import supertest, { SuperTest } from 'supertest';
-import { IUser } from '../../src/database/model/User';
-import { Types } from 'mongoose';
-import { mockFindApiKey, API_KEY } from './apikey.test';
-import JWT, { ValidationParams, JwtPayload } from '../../src/core/JWT';
-import { BadTokenError } from '../../src/core/ApiError';
-import { IKeystore } from '../../src/database/model/Keystore';
+import {
+	USER_ID, ACCESS_TOKEN, addHeaders, addAuthHeaders,
+	mockValidateTokenData, mockUserFindById, mockJwtValidate, mockKeystoreFindForKey
+} from './mock';
 
-export const ACCESS_TOKEN = 'xyz';
-
-export const USER_ID = new Types.ObjectId('5e7b95923085872d3c378f35'); // random id with object id format
-
-const mockUserFindById = jest.fn(async (id: Types.ObjectId) => {
-	if (USER_ID.equals(id)) return <IUser>{ _id: new Types.ObjectId(id) };
-	else return null;
-});
-
-const mockJwtValidate = jest.fn(
-	async (token: string, validations: ValidationParams): Promise<JwtPayload> => {
-		if (token == ACCESS_TOKEN) return <JwtPayload>{ prm: 'abcdef' };
-		throw new BadTokenError();
-	});
-
-const mockKeystoreFindForKey = jest.fn(
-	async (client: IUser, key: string): Promise<IKeystore> => (<IKeystore>{ client: client, primaryKey: key }));
-
-const mockValidateTokenData =
-	jest.fn(async (payload: JwtPayload, userId: Types.ObjectId): Promise<JwtPayload> => payload);
-
-jest.mock('../../src/auth/authUtils', () => ({
-	get validateTokenData() { return mockValidateTokenData; }
-}));
-
-jest.mock('../../src/database/repository/UserRepo', () => ({
-	get findById() { return mockUserFindById; }
-}));
-
-jest.mock('../../src/database/repository/ApiKeyRepo', () => ({
-	get findByKey() { return mockFindApiKey; }
-}));
-
-jest.mock('../../src/database/repository/KeystoreRepo', () => ({
-	get findforKey() { return mockKeystoreFindForKey; }
-}));
-
-JWT.validate = mockJwtValidate;
+import app from '../../../src/app';
+import supertest from 'supertest';
 
 describe('authentication validation', () => {
 
 	const endpoint = '/v1/profile/my/test';
 	const request = supertest(app);
 
-
 	beforeEach(() => {
 		mockValidateTokenData.mockClear();
 		mockUserFindById.mockClear();
-		mockFindApiKey.mockClear();
 		mockJwtValidate.mockClear();
 		mockKeystoreFindForKey.mockClear();
 	});
@@ -115,14 +73,4 @@ describe('authentication validation', () => {
 		expect(mockValidateTokenData).toBeCalledTimes(1);
 		expect(mockJwtValidate).toBeCalledTimes(1);
 	});
-});
-
-export const addHeaders = (request: any) => request
-	.set('Content-Type', 'application/json')
-	.set('x-api-key', API_KEY);
-
-export const addAuthHeaders = (request: any) => request
-	.set('Content-Type', 'application/json')
-	.set('x-api-key', API_KEY)
-	.set('x-access-token', ACCESS_TOKEN)
-	.set('x-user-id', USER_ID);
+});

tests/auth/authentication/mock.ts

@@ -0,0 +1,53 @@
+ // all dependent mock should be on the top
+import { API_KEY } from '../apikey/mock';
+
+import { IUser } from '../../../src/database/model/User';
+import { Types } from 'mongoose';
+import JWT, { ValidationParams, JwtPayload } from '../../../src/core/JWT';
+import { BadTokenError } from '../../../src/core/ApiError';
+import { IKeystore } from '../../../src/database/model/Keystore';
+
+export const ACCESS_TOKEN = 'xyz';
+
+export const USER_ID = new Types.ObjectId('5e7b95923085872d3c378f35'); // random id with object id format
+
+export const mockUserFindById = jest.fn(async (id: Types.ObjectId) => {
+	if (USER_ID.equals(id)) return <IUser>{ _id: new Types.ObjectId(id) };
+	else return null;
+});
+
+export const mockJwtValidate = jest.fn(
+	async (token: string, validations: ValidationParams): Promise<JwtPayload> => {
+		if (token == ACCESS_TOKEN) return <JwtPayload>{ prm: 'abcdef' };
+		throw new BadTokenError();
+	});
+
+export const mockKeystoreFindForKey = jest.fn(
+	async (client: IUser, key: string): Promise<IKeystore> => (<IKeystore>{ client: client, primaryKey: key }));
+
+export const mockValidateTokenData =
+	jest.fn(async (payload: JwtPayload, userId: Types.ObjectId): Promise<JwtPayload> => payload);
+
+jest.mock('../../../src/auth/authUtils', () => ({
+	get validateTokenData() { return mockValidateTokenData; }
+}));
+
+jest.mock('../../../src/database/repository/UserRepo', () => ({
+	get findById() { return mockUserFindById; }
+}));
+
+jest.mock('../../../src/database/repository/KeystoreRepo', () => ({
+	get findforKey() { return mockKeystoreFindForKey; }
+}));
+
+JWT.validate = mockJwtValidate;
+
+export const addHeaders = (request: any) => request
+	.set('Content-Type', 'application/json')
+	.set('x-api-key', API_KEY);
+
+export const addAuthHeaders = (request: any) => request
+	.set('Content-Type', 'application/json')
+	.set('x-api-key', API_KEY)
+	.set('x-access-token', ACCESS_TOKEN)
+	.set('x-user-id', USER_ID);

tests/auth/authorization/index.test.ts

@@ -0,0 +1,45 @@
+import { addAuthHeaders } from '../authentication/mock';
+import { mockRoleRepoyFindByCode, mockUserFindByIdForWriter } from './mock';
+
+import app from '../../../src/app';
+import supertest from 'supertest';
+import { RoleCode } from '../../../src/database/model/Role';
+
+describe('authentication validation for editor', () => {
+
+	const endpoint = '/v1/editor/blog/test';
+	const request = supertest(app);
+
+	beforeEach(() => {
+		mockRoleRepoyFindByCode.mockClear();
+		mockUserFindByIdForWriter.mockClear();
+	});
+
+	it('Should response with 401 if user do not have editor role', async () => {
+		const response = await addAuthHeaders(request.get(endpoint));
+		expect(response.status).toBe(401);
+		expect(response.body.message).toMatch(/denied/);
+		expect(mockRoleRepoyFindByCode).toBeCalledTimes(1);
+		expect(mockUserFindByIdForWriter).toBeCalledTimes(1);
+		expect(mockRoleRepoyFindByCode).toBeCalledWith(RoleCode.EDITOR);
+	});
+});
+
+describe('authentication validation for writer', () => {
+
+	const endpoint = '/v1/writer/blog/test';
+	const request = supertest(app);
+
+	beforeEach(() => {
+		mockRoleRepoyFindByCode.mockClear();
+		mockUserFindByIdForWriter.mockClear();
+	});
+
+	it('Should response with 404 if user have writer role', async () => {
+		const response = await addAuthHeaders(request.get(endpoint));
+		expect(response.status).toBe(404);
+		expect(mockRoleRepoyFindByCode).toBeCalledTimes(1);
+		expect(mockUserFindByIdForWriter).toBeCalledTimes(1);
+		expect(mockRoleRepoyFindByCode).toBeCalledWith(RoleCode.WRITER);
+	});
+});

tests/auth/authorization/mock.ts

@@ -0,0 +1,51 @@
+// all dependent mock should be on the top
+import { USER_ID } from '../authentication/mock';
+
+import { Types } from 'mongoose';
+import { IUser } from '../../../src/database/model/User';
+import { RoleCode, IRole } from '../../../src/database/model/Role';
+
+const LEARNER_ROLE_ID = new Types.ObjectId('5e7b95923085872d3c378f35'); // RONDOM ID
+const WRITER_ROLE_ID = new Types.ObjectId('56cb91bdc3464f14678934ca'); // RONDOM ID
+const EDITOR_ROLE_ID = new Types.ObjectId('58cd7cfcf9f1150515ee9fb0'); // RONDOM ID
+
+export const mockUserFindByIdForWriter = jest.fn(async (id: Types.ObjectId) => {
+	if (USER_ID.equals(id)) return <IUser>{
+		_id: USER_ID,
+		roles: [
+			<IRole>{ _id: LEARNER_ROLE_ID, code: RoleCode.LEARNER },
+			<IRole>{ _id: WRITER_ROLE_ID, code: RoleCode.WRITER },
+		]
+	};
+	else return null;
+});
+
+export const mockRoleRepoyFindByCode = jest.fn(
+	async (code: string): Promise<IRole> => {
+		switch (code) {
+			case RoleCode.WRITER: return <IRole>{
+				_id: WRITER_ROLE_ID,
+				code: RoleCode.WRITER,
+				status: true
+			};
+			case RoleCode.EDITOR: return <IRole>{
+				_id: EDITOR_ROLE_ID,
+				code: RoleCode.EDITOR,
+				status: true
+			};
+			case RoleCode.LEARNER: return <IRole>{
+				_id: LEARNER_ROLE_ID,
+				code: RoleCode.LEARNER,
+				status: true
+			};
+		}
+		return null;
+	});
+
+jest.mock('../../../src/database/repository/UserRepo', () => ({
+	get findById() { return mockUserFindByIdForWriter; }
+}));
+
+jest.mock('../../../src/database/repository/RoleRepo', () => ({
+	get findByCode() { return mockRoleRepoyFindByCode; }
+}));