From 287148e8fc22918b43e58cd1228b3a9217e78f58 Mon Sep 17 00:00:00 2001 From: juancarmore Date: Mon, 9 Jun 2025 22:35:22 +0200 Subject: [PATCH] test: add user API security tests for profile and change password functionality --- .../integration/api/security/auth.test.ts | 36 +---------- .../api/security/user-security.test.ts | 60 +++++++++++++++++++ 2 files changed, 61 insertions(+), 35 deletions(-) create mode 100644 backend/tests/integration/api/security/user-security.test.ts diff --git a/backend/tests/integration/api/security/auth.test.ts b/backend/tests/integration/api/security/auth.test.ts index a98d686..d59c03f 100644 --- a/backend/tests/integration/api/security/auth.test.ts +++ b/backend/tests/integration/api/security/auth.test.ts @@ -3,7 +3,7 @@ import { Express } from 'express'; import request from 'supertest'; import INTERNAL_CONFIG from '../../../../src/config/internal-config.js'; import { expectValidationError } from '../../../helpers/assertion-helpers.js'; -import { loginUser, startTestServer } from '../../../helpers/request-helpers.js'; +import { startTestServer } from '../../../helpers/request-helpers.js'; const AUTH_PATH = `${INTERNAL_CONFIG.INTERNAL_API_BASE_PATH_V1}/auth`; @@ -169,38 +169,4 @@ describe('Authentication API Tests', () => { expect(response.body.message).toContain('Invalid refresh token'); }); }); - - describe('Profile Tests', () => { - let adminCookie: string; - - beforeAll(async () => { - adminCookie = await loginUser(); - }); - - it('should return 200 and admin profile', async () => { - const response = await request(app).get(`${AUTH_PATH}/profile`).set('Cookie', adminCookie).expect(200); - - expect(response.body).toHaveProperty('username'); - expect(response.body.username).toBe('admin'); - expect(response.body).toHaveProperty('roles'); - expect(response.body.roles).toEqual(expect.arrayContaining(['admin', 'user'])); - }); - - it('should return 401 when no access token is provided', async () => { - const response = await request(app).get(`${AUTH_PATH}/profile`).expect(401); - - expect(response.body).toHaveProperty('message'); - expect(response.body.message).toContain('Unauthorized'); - }); - - it('should return 401 when access token is invalid', async () => { - const response = await request(app) - .get(`${AUTH_PATH}/profile`) - .set('Cookie', `${INTERNAL_CONFIG.ACCESS_TOKEN_COOKIE_NAME}=invalidtoken`) - .expect(401); - - expect(response.body).toHaveProperty('message'); - expect(response.body.message).toContain('Invalid token'); - }); - }); }); diff --git a/backend/tests/integration/api/security/user-security.test.ts b/backend/tests/integration/api/security/user-security.test.ts new file mode 100644 index 0000000..87ef8fa --- /dev/null +++ b/backend/tests/integration/api/security/user-security.test.ts @@ -0,0 +1,60 @@ +import { beforeAll, describe, expect, it } from '@jest/globals'; +import { Express } from 'express'; +import request from 'supertest'; +import INTERNAL_CONFIG from '../../../../src/config/internal-config.js'; +import { loginUser, startTestServer } from '../../../helpers/request-helpers.js'; + +const USERS_PATH = `${INTERNAL_CONFIG.INTERNAL_API_BASE_PATH_V1}/users`; + +describe('User API Security Tests', () => { + let app: Express; + + beforeAll(() => { + app = startTestServer(); + }); + + describe('Profile Tests', () => { + let adminCookie: string; + + beforeAll(async () => { + adminCookie = await loginUser(); + }); + + it('should succeed when user is authenticated as admin', async () => { + const response = await request(app).get(`${USERS_PATH}/profile`).set('Cookie', adminCookie); + expect(response.status).toBe(200); + }); + + it('should fail when user is not authenticated', async () => { + const response = await request(app).get(`${USERS_PATH}/profile`); + expect(response.status).toBe(401); + }); + }); + + describe('Change Password Tests', () => { + const changePasswordRequest = { + newPassword: 'newpassword123' + }; + + let adminCookie: string; + + beforeAll(async () => { + adminCookie = await loginUser(); + }); + + it('should succeed when user is authenticated as admin', async () => { + const response = await request(app) + .post(`${USERS_PATH}/change-password`) + .set('Cookie', adminCookie) + .send(changePasswordRequest); + expect(response.status).toBe(200); + }); + + it('should fail when user is not authenticated', async () => { + const response = await request(app) + .post(`${USERS_PATH}/change-password`) + .send(changePasswordRequest); + expect(response.status).toBe(401); + }); + }); +});