neoris/openvidu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

backend: Refactor tests to use a constant when having same routes for better maintainalibity

Browse Source
This commit is contained in:
juancarmore 2025-04-03 18:50:56 +02:00
parent c675fffd07
commit 985e882c7e
2 changed files with 77 additions and 76 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
backend/tests/integration/api/security/auth.test.ts
View File

@ -4,7 +4,7 @@ import { Express } from 'express';
import { startTestServer, stopTestServer } from '../../../utils/server-setup.js'; import { startTestServer, stopTestServer } from '../../../utils/server-setup.js';
const INTERNAL_BASE_URL = '/meet/internal-api/v1'; const INTERNAL_BASE_URL = '/meet/internal-api/v1';
const AUTH_BASE_URL = `${INTERNAL_BASE_URL}/auth`; const AUTH_URL = `${INTERNAL_BASE_URL}/auth`;
describe('OpenVidu Meet Authentication API Tests', () => { describe('OpenVidu Meet Authentication API Tests', () => {
let app: Express; let app: Express;
@ -20,7 +20,7 @@ describe('OpenVidu Meet Authentication API Tests', () => {
describe('Login Tests', () => { describe('Login Tests', () => {
it('should successfully login with valid credentials', async () => { it('should successfully login with valid credentials', async () => {
const response = await request(app) const response = await request(app)
.post(`${AUTH_BASE_URL}/login`) .post(`${AUTH_URL}/login`)
.send({ .send({
username: 'user', username: 'user',
password: 'user' password: 'user'
@ -41,7 +41,7 @@ describe('OpenVidu Meet Authentication API Tests', () => {
it('should return 404 for invalid credentials', async () => { it('should return 404 for invalid credentials', async () => {
const response = await request(app) const response = await request(app)
.post(`${AUTH_BASE_URL}/login`) .post(`${AUTH_URL}/login`)
.send({ .send({
username: 'user', username: 'user',
password: 'invalidpassword' password: 'invalidpassword'
@ -54,7 +54,7 @@ describe('OpenVidu Meet Authentication API Tests', () => {
it('should return 422 when username is missing', async () => { it('should return 422 when username is missing', async () => {
const response = await request(app) const response = await request(app)
.post(`${AUTH_BASE_URL}/login`) .post(`${AUTH_URL}/login`)
.send({ .send({
password: 'user' password: 'user'
}) })
@ -67,7 +67,7 @@ describe('OpenVidu Meet Authentication API Tests', () => {
it('should return 422 when password is missing', async () => { it('should return 422 when password is missing', async () => {
const response = await request(app) const response = await request(app)
.post(`${AUTH_BASE_URL}/login`) .post(`${AUTH_URL}/login`)
.send({ .send({
username: 'user' username: 'user'
}) })
@ -80,7 +80,7 @@ describe('OpenVidu Meet Authentication API Tests', () => {
it('should return 422 when username is too short', async () => { it('should return 422 when username is too short', async () => {
const response = await request(app) const response = await request(app)
.post(`${AUTH_BASE_URL}/login`) .post(`${AUTH_URL}/login`)
.send({ .send({
username: 'usr', username: 'usr',
password: 'user' password: 'user'
@ -94,7 +94,7 @@ describe('OpenVidu Meet Authentication API Tests', () => {
it('should return 422 when password is too short', async () => { it('should return 422 when password is too short', async () => {
const response = await request(app) const response = await request(app)
.post(`${AUTH_BASE_URL}/login`) .post(`${AUTH_URL}/login`)
.send({ .send({
username: 'user', username: 'user',
password: 'usr' password: 'usr'
@ -109,7 +109,7 @@ describe('OpenVidu Meet Authentication API Tests', () => {
describe('Logout Tests', () => { describe('Logout Tests', () => {
it('should successfully logout', async () => { it('should successfully logout', async () => {
const response = await request(app).post(`${AUTH_BASE_URL}/logout`).expect(200); const response = await request(app).post(`${AUTH_URL}/logout`).expect(200);
expect(response.body).toHaveProperty('message'); expect(response.body).toHaveProperty('message');
expect(response.body.message).toBe('Logout successful'); expect(response.body.message).toBe('Logout successful');
@ -127,7 +127,7 @@ describe('OpenVidu Meet Authentication API Tests', () => {
it('should successfully refresh token with valid refresh token', async () => { it('should successfully refresh token with valid refresh token', async () => {
// First, login to get a valid refresh token // First, login to get a valid refresh token
const loginResponse = await request(app) const loginResponse = await request(app)
.post(`${AUTH_BASE_URL}/login`) .post(`${AUTH_URL}/login`)
.send({ .send({
username: 'user', username: 'user',
password: 'user' password: 'user'
@ -138,7 +138,7 @@ describe('OpenVidu Meet Authentication API Tests', () => {
const refreshTokenCookie = cookies.find((cookie) => cookie.startsWith('OvMeetRefreshToken=')) as string; const refreshTokenCookie = cookies.find((cookie) => cookie.startsWith('OvMeetRefreshToken=')) as string;
const response = await request(app) const response = await request(app)
.post(`${AUTH_BASE_URL}/refresh`) .post(`${AUTH_URL}/refresh`)
.set('Cookie', [refreshTokenCookie]) .set('Cookie', [refreshTokenCookie])
.expect(200); .expect(200);
@ -152,7 +152,7 @@ describe('OpenVidu Meet Authentication API Tests', () => {
}); });
it('should return 400 when no refresh token is provided', async () => { it('should return 400 when no refresh token is provided', async () => {
const response = await request(app).post(`${AUTH_BASE_URL}/refresh`).expect(400); const response = await request(app).post(`${AUTH_URL}/refresh`).expect(400);
expect(response.body).toHaveProperty('message'); expect(response.body).toHaveProperty('message');
expect(response.body.message).toContain('No refresh token provided'); expect(response.body.message).toContain('No refresh token provided');
@ -160,7 +160,7 @@ describe('OpenVidu Meet Authentication API Tests', () => {
it('should return 400 when refresh token is invalid', async () => { it('should return 400 when refresh token is invalid', async () => {
const response = await request(app) const response = await request(app)
.post(`${AUTH_BASE_URL}/refresh`) .post(`${AUTH_URL}/refresh`)
.set('Cookie', 'OvMeetRefreshToken=invalidtoken') .set('Cookie', 'OvMeetRefreshToken=invalidtoken')
.expect(400); .expect(400);
@ -173,7 +173,7 @@ describe('OpenVidu Meet Authentication API Tests', () => {
it('should return 200 and user profile', async () => { it('should return 200 and user profile', async () => {
// First, login to get a valid access token // First, login to get a valid access token
const loginResponse = await request(app) const loginResponse = await request(app)
.post(`${AUTH_BASE_URL}/login`) .post(`${AUTH_URL}/login`)
.send({ .send({
username: 'user', username: 'user',
password: 'user' password: 'user'
@ -182,7 +182,7 @@ describe('OpenVidu Meet Authentication API Tests', () => {
const cookies = loginResponse.headers['set-cookie'] as unknown as string[]; const cookies = loginResponse.headers['set-cookie'] as unknown as string[];
const response = await request(app).get(`${AUTH_BASE_URL}/profile`).set('Cookie', cookies).expect(200); const response = await request(app).get(`${AUTH_URL}/profile`).set('Cookie', cookies).expect(200);
expect(response.body).toHaveProperty('username'); expect(response.body).toHaveProperty('username');
expect(response.body.username).toBe('user'); expect(response.body.username).toBe('user');
@ -193,7 +193,7 @@ describe('OpenVidu Meet Authentication API Tests', () => {
it('should return 200 and admin profile', async () => { it('should return 200 and admin profile', async () => {
// First, login to get a valid access token // First, login to get a valid access token
const loginResponse = await request(app) const loginResponse = await request(app)
.post(`${AUTH_BASE_URL}/login`) .post(`${AUTH_URL}/login`)
.send({ .send({
username: 'admin', username: 'admin',
password: 'admin' password: 'admin'
@ -202,7 +202,7 @@ describe('OpenVidu Meet Authentication API Tests', () => {
const cookies = loginResponse.headers['set-cookie'] as unknown as string[]; const cookies = loginResponse.headers['set-cookie'] as unknown as string[];
const response = await request(app).get(`${AUTH_BASE_URL}/profile`).set('Cookie', cookies).expect(200); const response = await request(app).get(`${AUTH_URL}/profile`).set('Cookie', cookies).expect(200);
expect(response.body).toHaveProperty('username'); expect(response.body).toHaveProperty('username');
expect(response.body.username).toBe('admin'); expect(response.body.username).toBe('admin');
@ -211,7 +211,7 @@ describe('OpenVidu Meet Authentication API Tests', () => {
}); });
it('should return 401 when no access token is provided', async () => { it('should return 401 when no access token is provided', async () => {
const response = await request(app).get(`${AUTH_BASE_URL}/profile`).expect(401); const response = await request(app).get(`${AUTH_URL}/profile`).expect(401);
expect(response.body).toHaveProperty('message'); expect(response.body).toHaveProperty('message');
expect(response.body.message).toContain('Unauthorized'); expect(response.body.message).toContain('Unauthorized');
@ -219,7 +219,7 @@ describe('OpenVidu Meet Authentication API Tests', () => {
it('should return 401 when access token is invalid', async () => { it('should return 401 when access token is invalid', async () => {
const response = await request(app) const response = await request(app)
.get(`${AUTH_BASE_URL}/profile`) .get(`${AUTH_URL}/profile`)
.set('Cookie', 'OvMeetAccessToken=invalidtoken') .set('Cookie', 'OvMeetAccessToken=invalidtoken')
.expect(401); .expect(401);

117
backend/tests/integration/api/security/room-security.test.ts
View File

@ -6,6 +6,7 @@ import { AuthMode, AuthType } from '../../../../src/typings/ce/index.js';
const BASE_URL = '/meet/api/v1'; const BASE_URL = '/meet/api/v1';
const INTERNAL_BASE_URL = '/meet/internal-api/v1'; const INTERNAL_BASE_URL = '/meet/internal-api/v1';
const ROOMS_URL = `${BASE_URL}/rooms`;
const API_KEY_HEADER = 'X-API-Key'; const API_KEY_HEADER = 'X-API-Key';
const API_KEY = 'meet-api-key'; const API_KEY = 'meet-api-key';
@ -54,7 +55,7 @@ describe('Room API Security Tests', () => {
return accessTokenCookie; return accessTokenCookie;
}; };
const extractSecretByroomUrl = (urlString: string, type: string): string => { const extractSecretByRoomUrl = (urlString: string, type: string): string => {
const url = new URL(urlString); const url = new URL(urlString);
const secret = url.searchParams.get('secret'); const secret = url.searchParams.get('secret');
@ -73,33 +74,33 @@ describe('Room API Security Tests', () => {
afterAll(async () => { afterAll(async () => {
// Clean up created rooms // Clean up created rooms
const roomsResponse = await request(app).get(`${BASE_URL}/rooms`).set(API_KEY_HEADER, API_KEY); const roomsResponse = await request(app).get(ROOMS_URL).set(API_KEY_HEADER, API_KEY);
for (const room of roomsResponse.body) { for (const room of roomsResponse.body) {
await request(app).delete(`${BASE_URL}/rooms/${room.roomId}`).set(API_KEY_HEADER, API_KEY); await request(app).delete(`${ROOMS_URL}/${room.roomId}`).set(API_KEY_HEADER, API_KEY);
} }
await stopTestServer(); await stopTestServer();
}); }, 20000);
describe('Create Room Tests', () => { describe('Create Room Tests', () => {
it('should success when users cannot create rooms, and request includes API key', async () => { it('should succeed when users cannot create rooms, and request includes API key', async () => {
await changeSecurityPreferences({ await changeSecurityPreferences({
usersCanCreateRooms: false usersCanCreateRooms: false
}); });
const response = await request(app).post(`${BASE_URL}/rooms`).set('X-API-Key', 'meet-api-key').send({ const response = await request(app).post(ROOMS_URL).set(API_KEY_HEADER, API_KEY).send({
expirationDate: EXPIRATION_DATE expirationDate: EXPIRATION_DATE
}); });
expect(response.status).toBe(200); expect(response.status).toBe(200);
}); });
it('should success when users cannot create rooms, and user is authenticated as admin', async () => { it('should succeed when users cannot create rooms, and user is authenticated as admin', async () => {
await changeSecurityPreferences({ await changeSecurityPreferences({
usersCanCreateRooms: false usersCanCreateRooms: false
}); });
const response = await request(app).post(`${BASE_URL}/rooms`).set('Cookie', adminCookie).send({ const response = await request(app).post(ROOMS_URL).set('Cookie', adminCookie).send({
expirationDate: EXPIRATION_DATE expirationDate: EXPIRATION_DATE
}); });
expect(response.status).toBe(200); expect(response.status).toBe(200);
@ -110,7 +111,7 @@ describe('Room API Security Tests', () => {
usersCanCreateRooms: false usersCanCreateRooms: false
}); });
const response = await request(app).post(`${BASE_URL}/rooms`).set('Cookie', userCookie).send({ const response = await request(app).post(ROOMS_URL).set('Cookie', userCookie).send({
expirationDate: EXPIRATION_DATE expirationDate: EXPIRATION_DATE
}); });
expect(response.status).toBe(403); expect(response.status).toBe(403);
@ -121,31 +122,31 @@ describe('Room API Security Tests', () => {
usersCanCreateRooms: false usersCanCreateRooms: false
}); });
const response = await request(app).post(`${BASE_URL}/rooms`).send({ const response = await request(app).post(ROOMS_URL).send({
expirationDate: EXPIRATION_DATE expirationDate: EXPIRATION_DATE
}); });
expect(response.status).toBe(401); expect(response.status).toBe(401);
}); });
it('should success when users can create rooms and auth is not required, and user is not authenticated', async () => { it('should succeed when users can create rooms and auth is not required, and user is not authenticated', async () => {
await changeSecurityPreferences({ await changeSecurityPreferences({
usersCanCreateRooms: true, usersCanCreateRooms: true,
authRequired: false authRequired: false
}); });
const response = await request(app).post(`${BASE_URL}/rooms`).send({ const response = await request(app).post(ROOMS_URL).send({
expirationDate: EXPIRATION_DATE expirationDate: EXPIRATION_DATE
}); });
expect(response.status).toBe(200); expect(response.status).toBe(200);
}); });
it('should success when users can create rooms and auth is required, and user is authenticated', async () => { it('should succeed when users can create rooms and auth is required, and user is authenticated', async () => {
await changeSecurityPreferences({ await changeSecurityPreferences({
usersCanCreateRooms: true, usersCanCreateRooms: true,
authRequired: true authRequired: true
}); });
const response = await request(app).post(`${BASE_URL}/rooms`).set('Cookie', userCookie).send({ const response = await request(app).post(ROOMS_URL).set('Cookie', userCookie).send({
expirationDate: EXPIRATION_DATE expirationDate: EXPIRATION_DATE
}); });
expect(response.status).toBe(200); expect(response.status).toBe(200);
@ -157,7 +158,7 @@ describe('Room API Security Tests', () => {
authRequired: true authRequired: true
}); });
const response = await request(app).post(`${BASE_URL}/rooms`).send({ const response = await request(app).post(ROOMS_URL).send({
expirationDate: EXPIRATION_DATE expirationDate: EXPIRATION_DATE
}); });
expect(response.status).toBe(401); expect(response.status).toBe(401);
@ -165,23 +166,23 @@ describe('Room API Security Tests', () => {
}); });
describe('Get Rooms Tests', () => { describe('Get Rooms Tests', () => {
it('should success when request includes API key', async () => { it('should succeed when request includes API key', async () => {
const response = await request(app).get(`${BASE_URL}/rooms`).set(API_KEY_HEADER, API_KEY); const response = await request(app).get(ROOMS_URL).set(API_KEY_HEADER, API_KEY);
expect(response.status).toBe(200); expect(response.status).toBe(200);
}); });
it('should success when user is authenticated as admin', async () => { it('should succeed when user is authenticated as admin', async () => {
const response = await request(app).get(`${BASE_URL}/rooms`).set('Cookie', adminCookie); const response = await request(app).get(ROOMS_URL).set('Cookie', adminCookie);
expect(response.status).toBe(200); expect(response.status).toBe(200);
}); });
it('should fail when user is authenticated as user', async () => { it('should fail when user is authenticated as user', async () => {
const response = await request(app).get(`${BASE_URL}/rooms`).set('Cookie', userCookie); const response = await request(app).get(ROOMS_URL).set('Cookie', userCookie);
expect(response.status).toBe(403); expect(response.status).toBe(403);
}); });
it('should fail when user is not authenticated', async () => { it('should fail when user is not authenticated', async () => {
const response = await request(app).get(`${BASE_URL}/rooms`); const response = await request(app).get(ROOMS_URL);
expect(response.status).toBe(401); expect(response.status).toBe(401);
}); });
}); });
@ -221,77 +222,77 @@ describe('Room API Security Tests', () => {
beforeAll(async () => { beforeAll(async () => {
// Create a room and extract the roomId to test the get room endpoint // Create a room and extract the roomId to test the get room endpoint
const response = await request(app).post(`${BASE_URL}/rooms`).set(API_KEY_HEADER, API_KEY).send({ const response = await request(app).post(ROOMS_URL).set(API_KEY_HEADER, API_KEY).send({
expirationDate: EXPIRATION_DATE expirationDate: EXPIRATION_DATE
}); });
roomId = response.body.roomId; roomId = response.body.roomId;
// Extract the moderator and publisher secrets from the room URL // Extract the moderator and publisher secrets from the room URL
const { moderatorRoomUrl, publisherRoomUrl } = response.body; const { moderatorRoomUrl, publisherRoomUrl } = response.body;
const moderatorSecret = extractSecretByroomUrl(moderatorRoomUrl, 'Moderator'); const moderatorSecret = extractSecretByRoomUrl(moderatorRoomUrl, 'Moderator');
const publisherSecret = extractSecretByroomUrl(publisherRoomUrl, 'Publisher'); const publisherSecret = extractSecretByRoomUrl(publisherRoomUrl, 'Publisher');
// Generate participant tokens for the room and extract the cookies // Generate participant tokens for the room and extract the cookies
moderatorCookie = await generateParticipantToken(roomId, 'Moderator', moderatorSecret); moderatorCookie = await generateParticipantToken(roomId, 'Moderator', moderatorSecret);
publisherCookie = await generateParticipantToken(roomId, 'Publisher', publisherSecret); publisherCookie = await generateParticipantToken(roomId, 'Publisher', publisherSecret);
}); });
it('should success when request includes API key', async () => { it('should succeed when request includes API key', async () => {
const response = await request(app).get(`${BASE_URL}/rooms/${roomId}`).set(API_KEY_HEADER, API_KEY); const response = await request(app).get(`${ROOMS_URL}/${roomId}`).set(API_KEY_HEADER, API_KEY);
expect(response.status).toBe(200); expect(response.status).toBe(200);
}); });
it('should success when user is authenticated as admin', async () => { it('should succeed when user is authenticated as admin', async () => {
const response = await request(app).get(`${BASE_URL}/rooms/${roomId}`).set('Cookie', adminCookie); const response = await request(app).get(`${ROOMS_URL}/${roomId}`).set('Cookie', adminCookie);
expect(response.status).toBe(200); expect(response.status).toBe(200);
}); });
it('should fail when user is authenticated as user', async () => { it('should fail when user is authenticated as user', async () => {
const response = await request(app).get(`${BASE_URL}/rooms/${roomId}`).set('Cookie', userCookie); const response = await request(app).get(`${ROOMS_URL}/${roomId}`).set('Cookie', userCookie);
expect(response.status).toBe(401); expect(response.status).toBe(401);
}); });
it('should fail when user is not authenticated', async () => { it('should fail when user is not authenticated', async () => {
const response = await request(app).get(`${BASE_URL}/rooms/${roomId}`); const response = await request(app).get(`${ROOMS_URL}/${roomId}`);
expect(response.status).toBe(401); expect(response.status).toBe(401);
}); });
it('should fail when participant is publisher', async () => { it('should fail when participant is publisher', async () => {
const response = await request(app).get(`${BASE_URL}/rooms/${roomId}`).set('Cookie', publisherCookie); const response = await request(app).get(`${ROOMS_URL}/${roomId}`).set('Cookie', publisherCookie);
expect(response.status).toBe(403); expect(response.status).toBe(403);
}); });
it('should fail when participant is moderator of a different room', async () => { it('should fail when participant is moderator of a different room', async () => {
// Create a new room to get a different roomId // Create a new room to get a different roomId
const roomResponse = await request(app).post(`${BASE_URL}/rooms`).set(API_KEY_HEADER, API_KEY).send({ const roomResponse = await request(app).post(ROOMS_URL).set(API_KEY_HEADER, API_KEY).send({
expirationDate: EXPIRATION_DATE expirationDate: EXPIRATION_DATE
}); });
const newRoomId = roomResponse.body.roomId; const newRoomId = roomResponse.body.roomId;
// Extract the moderator secret and generate a participant token for the new room // Extract the moderator secret and generate a participant token for the new room
const newModeratorSecret = extractSecretByroomUrl(roomResponse.body.moderatorRoomUrl, 'Moderator'); const newModeratorSecret = extractSecretByRoomUrl(roomResponse.body.moderatorRoomUrl, 'Moderator');
const newModeratorCookie = await generateParticipantToken(newRoomId, 'Moderator', newModeratorSecret); const newModeratorCookie = await generateParticipantToken(newRoomId, 'Moderator', newModeratorSecret);
const response = await request(app).get(`${BASE_URL}/rooms/${roomId}`).set('Cookie', newModeratorCookie); const response = await request(app).get(`${ROOMS_URL}/${roomId}`).set('Cookie', newModeratorCookie);
expect(response.status).toBe(403); expect(response.status).toBe(403);
}); });
it('should success when no authentication is required and participant is moderator', async () => { it('should succeed when no authentication is required and participant is moderator', async () => {
await changeSecurityPreferences({ await changeSecurityPreferences({
authMode: AuthMode.NONE authMode: AuthMode.NONE
}); });
const response = await request(app).get(`${BASE_URL}/rooms/${roomId}`).set('Cookie', moderatorCookie); const response = await request(app).get(`${ROOMS_URL}/${roomId}`).set('Cookie', moderatorCookie);
expect(response.status).toBe(200); expect(response.status).toBe(200);
}); });
it('should success when authentication is required for moderators, participant is moderator and user is authenticated', async () => { it('should succeed when authentication is required for moderators, participant is moderator and user is authenticated', async () => {
await changeSecurityPreferences({ await changeSecurityPreferences({
authMode: AuthMode.MODERATORS_ONLY authMode: AuthMode.MODERATORS_ONLY
}); });
const response = await request(app) const response = await request(app)
.get(`${BASE_URL}/rooms/${roomId}`) .get(`${ROOMS_URL}/${roomId}`)
.set('Cookie', [moderatorCookie, userCookie]); .set('Cookie', [moderatorCookie, userCookie]);
expect(response.status).toBe(200); expect(response.status).toBe(200);
}); });
@ -301,17 +302,17 @@ describe('Room API Security Tests', () => {
authMode: AuthMode.MODERATORS_ONLY authMode: AuthMode.MODERATORS_ONLY
}); });
const response = await request(app).get(`${BASE_URL}/rooms/${roomId}`).set('Cookie', moderatorCookie); const response = await request(app).get(`${ROOMS_URL}/${roomId}`).set('Cookie', moderatorCookie);
expect(response.status).toBe(401); expect(response.status).toBe(401);
}); });
it('should success when authentication is required for all participants, participant is moderator and user is authenticated', async () => { it('should succeed when authentication is required for all participants, participant is moderator and user is authenticated', async () => {
await changeSecurityPreferences({ await changeSecurityPreferences({
authMode: AuthMode.ALL_USERS authMode: AuthMode.ALL_USERS
}); });
const response = await request(app) const response = await request(app)
.get(`${BASE_URL}/rooms/${roomId}`) .get(`${ROOMS_URL}/${roomId}`)
.set('Cookie', [moderatorCookie, userCookie]); .set('Cookie', [moderatorCookie, userCookie]);
expect(response.status).toBe(200); expect(response.status).toBe(200);
}); });
@ -321,7 +322,7 @@ describe('Room API Security Tests', () => {
authMode: AuthMode.ALL_USERS authMode: AuthMode.ALL_USERS
}); });
const response = await request(app).get(`${BASE_URL}/rooms/${roomId}`).set('Cookie', moderatorCookie); const response = await request(app).get(`${ROOMS_URL}/${roomId}`).set('Cookie', moderatorCookie);
expect(response.status).toBe(401); expect(response.status).toBe(401);
}); });
}); });
@ -331,51 +332,51 @@ describe('Room API Security Tests', () => {
beforeEach(async () => { beforeEach(async () => {
// Create a room and extract the roomId to test the delete room endpoint // Create a room and extract the roomId to test the delete room endpoint
const response = await request(app).post(`${BASE_URL}/rooms`).set(API_KEY_HEADER, API_KEY).send({ const response = await request(app).post(ROOMS_URL).set(API_KEY_HEADER, API_KEY).send({
expirationDate: EXPIRATION_DATE expirationDate: EXPIRATION_DATE
}); });
roomId = response.body.roomId; roomId = response.body.roomId;
}); });
it('should success when request includes API key', async () => { it('should succeed when request includes API key', async () => {
const response = await request(app).delete(`${BASE_URL}/rooms/${roomId}`).set(API_KEY_HEADER, API_KEY); const response = await request(app).delete(`${ROOMS_URL}/${roomId}`).set(API_KEY_HEADER, API_KEY);
expect(response.status).toBe(200); expect(response.status).toBe(200);
}); });
it('should success when user is authenticated as admin', async () => { it('should succeed when user is authenticated as admin', async () => {
const response = await request(app).delete(`${BASE_URL}/rooms/${roomId}`).set('Cookie', adminCookie); const response = await request(app).delete(`${ROOMS_URL}/${roomId}`).set('Cookie', adminCookie);
expect(response.status).toBe(200); expect(response.status).toBe(200);
}); });
it('should fail when user is authenticated as user', async () => { it('should fail when user is authenticated as user', async () => {
const response = await request(app).delete(`${BASE_URL}/rooms/${roomId}`).set('Cookie', userCookie); const response = await request(app).delete(`${ROOMS_URL}/${roomId}`).set('Cookie', userCookie);
expect(response.status).toBe(403); expect(response.status).toBe(403);
}); });
it('should fail when user is not authenticated', async () => { it('should fail when user is not authenticated', async () => {
const response = await request(app).delete(`${BASE_URL}/rooms/${roomId}`); const response = await request(app).delete(`${ROOMS_URL}/${roomId}`);
expect(response.status).toBe(401); expect(response.status).toBe(401);
}); });
}); });
describe.skip('Update Room Preferences Tests', () => { describe.skip('Update Room Preferences Tests', () => {
it('should success when request includes API key', async () => { it('should succeed when request includes API key', async () => {
const response = await request(app).put(`${BASE_URL}/rooms`).set(API_KEY_HEADER, API_KEY).send({}); const response = await request(app).put(ROOMS_URL).set(API_KEY_HEADER, API_KEY).send({});
expect(response.status).toBe(200); expect(response.status).toBe(200);
}); });
it('should success when user is authenticated as admin', async () => { it('should succeed when user is authenticated as admin', async () => {
const response = await request(app).put(`${BASE_URL}/rooms`).set('Cookie', adminCookie).send({}); const response = await request(app).put(ROOMS_URL).set('Cookie', adminCookie).send({});
expect(response.status).toBe(200); expect(response.status).toBe(200);
}); });
it('should fail when user is authenticated as user', async () => { it('should fail when user is authenticated as user', async () => {
const response = await request(app).put(`${BASE_URL}/rooms`).set('Cookie', userCookie).send({}); const response = await request(app).put(ROOMS_URL).set('Cookie', userCookie).send({});
expect(response.status).toBe(403); expect(response.status).toBe(403);
}); });
it('should fail when user is not authenticated', async () => { it('should fail when user is not authenticated', async () => {
const response = await request(app).put(`${BASE_URL}/rooms`).send({}); const response = await request(app).put(ROOMS_URL).send({});
expect(response.status).toBe(401); expect(response.status).toBe(401);
}); });
}); });
@ -386,16 +387,16 @@ describe('Room API Security Tests', () => {
beforeAll(async () => { beforeAll(async () => {
// Create a room and extract the roomId to test the get participant role endpoint // Create a room and extract the roomId to test the get participant role endpoint
const response = await request(app).post(`${BASE_URL}/rooms`).set(API_KEY_HEADER, API_KEY).send({ const response = await request(app).post(ROOMS_URL).set(API_KEY_HEADER, API_KEY).send({
expirationDate: EXPIRATION_DATE expirationDate: EXPIRATION_DATE
}); });
roomId = response.body.roomId; roomId = response.body.roomId;
// Extract the moderator secret from the room URL // Extract the moderator secret from the room URL
moderatorSecret = extractSecretByroomUrl(response.body.moderatorRoomUrl, 'Moderator'); moderatorSecret = extractSecretByRoomUrl(response.body.moderatorRoomUrl, 'Moderator');
}); });
it('should success if user is not authenticated', async () => { it('should succeed if user is not authenticated', async () => {
const response = await request(app).get(`${INTERNAL_BASE_URL}/rooms/${roomId}/participant-role`).query({ const response = await request(app).get(`${INTERNAL_BASE_URL}/rooms/${roomId}/participant-role`).query({
secret: moderatorSecret secret: moderatorSecret
}); });