--- /dev/null
+'use strict';
+
+var should = require('should');
+var app = require('../../app');
+var request = require('supertest');
+var jwt = require('jsonwebtoken');
+var User = require('../user/user.model');
+var config = require('../../config/environment');
+
+var localMock = (function () {
+ var privUser;
+
+ var token = function () {
+ privUser.authenticate('password');
+ return jwt.sign({_id: privUser._id}, config.secrets.session, {expiresIn: 60 * 60 * 5});
+ };
+
+
+ var generateUserObj = function (isAdmin, username) {
+ return new User({
+ provider: 'local',
+ name: 'Fake User',
+ email: username,
+ password: 'password',
+ role: isAdmin ? 'admin' : undefined
+ });
+ };
+
+ var createUser = function (cb) {
+ // Clear users before testing
+ User.remove().exec().then(function () {
+ privUser = generateUserObj(false, 'test@test.com');
+ privUser.save(cb);
+ });
+ };
+
+ var createNew = function (username, cb) {
+ generateUserObj(false, username).save(function (err, newuser) {
+ cb(newuser);
+ });
+ };
+
+ var deleteCurrent = function (cb) {
+ User.remove().exec().then(function () {
+ cb();
+ });
+ };
+
+ var makeUserAdmin = function (done) {
+ privUser.role = 'admin';
+ privUser.save(done);
+ };
+
+ var beforeEach = function (cb) {
+ createUser(function () {
+ cb();
+ });
+ };
+
+ var afterEach = function (cb) {
+ User.remove().exec().then(function () {
+ cb();
+ });
+ };
+
+ var getId = function () {
+ return privUser._id;
+ };
+
+ privUser = generateUserObj(false, 'test@test.com');
+
+ return {
+ afterEach: afterEach,
+ beforeEach: beforeEach,
+ user: {
+ token: token,
+ create: createUser,
+ admin: makeUserAdmin,
+ createNew: createNew,
+ delete: deleteCurrent,
+ id: getId,
+ get: privUser
+ }
+ }
+})();
+
+describe('GET /api/users', function () {
+
+ beforeEach(localMock.beforeEach);
+
+ afterEach(localMock.afterEach);
+
+ it('should be not autorized for guests', function (done) {
+ request(app)
+ .get('/api/users')
+ .expect(401, done);
+ });
+
+ it('should be forbidden for non admin users', function (done) {
+ request(app)
+ .get('/api/users?access_token=' + localMock.user.token())
+ .expect(403, done);
+ });
+
+ it('should list users for administrators', function (done) {
+ localMock.user.admin(function () {
+ request(app)
+ .get('/api/users?access_token=' + localMock.user.token())
+ .expect(200)
+ .expect('Content-Type', /json/)
+ .end(function (err, res) {
+ if (err) return done(err);
+ res.body.should.be.instanceOf(Array);
+ done();
+ });
+ })
+ })
+});
+
+describe('DELETE /api/users/:id', function () {
+
+ var newUserId;
+
+ beforeEach(function (done) {
+ localMock.user.createNew('test2@test.com', function () {
+ User.findOne({email: 'test2@test.com'}, function (err, user) {
+ newUserId = user._id;
+ localMock.beforeEach(done);
+ });
+ })
+ });
+
+
+ afterEach(localMock.afterEach);
+
+ it('should be not autorized for guests', function (done) {
+ request(app)
+ .delete('/api/users/' + newUserId)
+ .expect(401, done);
+ });
+
+ it('should be forbidden for non admin users', function (done) {
+ request(app)
+ .delete('/api/users/' + newUserId + '?access_token=' + localMock.user.token())
+ .expect(403, done);
+ });
+
+ it('should remove user for administrators', function (done) {
+ localMock.user.admin(function () {
+ request(app)
+ .delete('/api/users/' + newUserId + '?access_token=' + localMock.user.token())
+ .expect(204)
+ .end(function (err, res) {
+ if (err) return done(err);
+ User.findById(newUserId, function (err, user) {
+ should(user).be.null();
+ done();
+ });
+ });
+ })
+ })
+});
+
+describe('GET /api/users/me', function () {
+
+ beforeEach(localMock.beforeEach);
+
+ afterEach(localMock.afterEach);
+
+ it('should be not autorized for guests', function (done) {
+ request(app)
+ .get('/api/users/me')
+ .expect(401, done);
+ });
+
+ it('should return info of current user', function (done) {
+ request(app)
+ .get('/api/users/me?access_token=' + localMock.user.token())
+ .expect(200)
+ .expect('Content-Type', /json/)
+ .end(function (err, res) {
+ if (err) return done(err);
+ res.body.should.be.instanceOf(Object);
+ done();
+ });
+ });
+
+ it('should be unauthorized if the user does not longer exists', function (done) {
+ var token = localMock.user.token();
+ localMock.user.delete(function () {
+ request(app)
+ .get('/api/users/me?access_token=' + token)
+ .expect(401, done);
+ });
+ });
+});
+
+describe('PUT /api/users/me', function () {
+
+ beforeEach(localMock.beforeEach);
+
+ afterEach(localMock.afterEach);
+
+ it('should be not autorized for guests', function (done) {
+ request(app)
+ .put('/api/users/me')
+ .expect(401, done);
+ });
+
+ it('should update current user', function (done) {
+ request(app)
+ .put('/api/users/me?access_token=' + localMock.user.token())
+ .type('json')
+ .send('{"referential":{"RGS":"valid"}}')
+ .expect(200)
+ .end(function (err, res) {
+ if (err) return done(err);
+ done();
+ });
+ });
+});
+
+describe('PUT /api/users/password', function () {
+
+ beforeEach(localMock.beforeEach);
+
+ afterEach(localMock.afterEach);
+
+ it('should be not autorized for guests', function (done) {
+ request(app)
+ .put('/api/users/password')
+ .expect(401, done);
+ });
+
+ it('should change password of current user', function (done) {
+ request(app)
+ .put('/api/users/password?access_token=' + localMock.user.token())
+ .type('json')
+ .send('{"oldPassword":"password", "newPassword":"newpassword"}')
+ .expect(200)
+ .end(function (err) {
+ if (err) return done(err);
+ User.find({}, function (err, user) {
+ should(user[0].authenticate('password')).be.false();
+ done();
+ });
+ });
+ });
+
+ it('should be forbidden if old password is wrong', function (done) {
+ request(app)
+ .put('/api/users/password?access_token=' + localMock.user.token())
+ .type('json')
+ .send('{"oldPassword":"wrong", "newPassword":"newpassword"}')
+ .expect(403, done);
+ });
+
+ it('should fail if request is malformed', function (done) {
+ request(app)
+ .put('/api/users/password?access_token=' + localMock.user.token())
+ .type('json')
+ .send('{"oldPassword":"wrong", "newPassword":{"test": "non}}')
+ .expect(400, done);
+ });
+});
+
+describe('GET /api/users/:id', function () {
+
+ beforeEach(localMock.beforeEach);
+
+ afterEach(localMock.afterEach);
+
+ it('should be not autorized for guests', function (done) {
+ request(app)
+ .get('/api/users/' + localMock.user.id())
+ .expect(401, done);
+ });
+
+ it('should fail for non admin users', function (done) {
+ request(app)
+ .get('/api/users/' + localMock.user.id() + '?access_token=' + localMock.user.token())
+ .expect(403, done);
+ });
+
+ it('should get user with specified ID', function (done) {
+ localMock.user.createNew('testuser@test.com', function (newUser) {
+ localMock.user.admin(function () {
+ request(app)
+ .get('/api/users/' + newUser._id + '?access_token=' + localMock.user.token())
+ .expect(200)
+ .expect('Content-Type', /json/)
+ .end(function (err, res) {
+ if (err) return done(err);
+ res.body.name.should.be.exactly('Fake User');
+ done();
+ });
+ });
+ });
+ });
+
+ it('should fail with wrong ID', function (done) {
+ localMock.user.admin(function () {
+ request(app)
+ .get('/api/users/fakeid?access_token=' + localMock.user.token())
+ .expect(500, done);
+ });
+ });
+});
+
+describe('POST /api/users/:id', function () {
+
+ beforeEach(localMock.beforeEach);
+
+ afterEach(localMock.afterEach);
+
+ it('should be not autorized for guests', function (done) {
+ request(app)
+ .post('/api/users/' + localMock.user.id())
+ .expect(401, done);
+ });
+
+ it('should be not autorized for non admin users', function (done) {
+ request(app)
+ .post('/api/users/' + localMock.user.id() + '?access_token=' + localMock.user.token())
+ .expect(403, done);
+ });
+
+ it('should update user "name" field', function (done) {
+ localMock.user.admin(function () {
+ request(app)
+ .post('/api/users/' + localMock.user.id() + '?access_token=' + localMock.user.token())
+ .type('json')
+ .send({name: 'Username 2'})
+ .expect(200)
+ .expect('Content-Type', /json/)
+ .end(function (err, res) {
+ if (err) return done(err);
+ User.findById(localMock.user.id(), function (err, user) {
+ user.name.should.be.exactly(res.body.name);
+ done();
+ });
+ });
+ });
+ });
+});
+
+describe('POST /api/users', function () {
+
+ beforeEach(localMock.beforeEach);
+
+ afterEach(localMock.afterEach);
+
+ it('should be not autorized for guests', function (done) {
+ request(app)
+ .post('/api/users')
+ .expect(401, done);
+ });
+
+ it('should be not autorized for non admin users', function (done) {
+ request(app)
+ .post('/api/users?access_token=' + localMock.user.token())
+ .expect(403, done);
+ });
+
+ it('should fail when email field is missing', function (done) {
+ localMock.user.admin(function () {
+ request(app)
+ .post('/api/users?access_token=' + localMock.user.token())
+ .type('json')
+ .send({name: 'Username 2', password: 'secret'})
+ .expect(422, done);
+ });
+ });
+
+ it('should fail when password field is missing', function (done) {
+ localMock.user.admin(function () {
+ request(app)
+ .post('/api/users?access_token=' + localMock.user.token())
+ .type('json')
+ .send({name: 'Username 2', email: 'fake@test.com'})
+ .expect(422, done);
+ });
+ });
+
+ it('should fail when found duplicate email', function (done) {
+ localMock.user.admin(function () {
+ request(app)
+ .post('/api/users?access_token=' + localMock.user.token())
+ .type('json')
+ .send({name: 'Username 2', email: 'test@test.com', password: 'secret'})
+ .expect(422, done);
+ });
+ });
+
+ it('should create user', function (done) {
+ localMock.user.admin(function () {
+ request(app)
+ .post('/api/users?access_token=' + localMock.user.token())
+ .type('json')
+ .send({name: 'Username 2', email: 'test2@test.com', password: 'secret'})
+ .expect(200)
+ .end(function (err, res) {
+ User.findById(res.body._id, function (err, user) {
+ user.email.should.be.exactly('test2@test.com');
+ done();
+ })
+ });
+ });
+ });
+});
\ No newline at end of file