import { beforeAll, describe, expect, it } from '@jest/globals'; import { Express } from 'express'; import request from 'supertest'; import INTERNAL_CONFIG from '../../../../src/config/internal-config.js'; import { MEET_API_KEY } from '../../../../src/environment.js'; import { UserRole } from '../../../../src/typings/ce/index.js'; import { loginUserAsRole, startTestServer } from '../../../helpers/request-helpers.js'; const PREFERENCES_PATH = `${INTERNAL_CONFIG.INTERNAL_API_BASE_PATH_V1}/preferences`; describe('Global Preferences API Security Tests', () => { let app: Express; let userCookie: string; let adminCookie: string; beforeAll(async () => { app = startTestServer(); // Get cookies for admin and user userCookie = await loginUserAsRole(UserRole.USER); adminCookie = await loginUserAsRole(UserRole.ADMIN); }); describe('Update Webhook Preferences Tests', () => { const webhookPreferences = { enabled: true, url: 'https://example.com/webhook' }; it('should fail when request includes API key', async () => { const response = await request(app) .put(`${PREFERENCES_PATH}/webhooks`) .set(INTERNAL_CONFIG.API_KEY_HEADER, MEET_API_KEY) .send(webhookPreferences); expect(response.status).toBe(401); }); it('should succeed when user is authenticated as admin', async () => { const response = await request(app) .put(`${PREFERENCES_PATH}/webhooks`) .set('Cookie', adminCookie) .send(webhookPreferences); expect(response.status).toBe(200); }); it('should fail when user is authenticated as user', async () => { const response = await request(app) .put(`${PREFERENCES_PATH}/webhooks`) .set('Cookie', userCookie) .send(webhookPreferences); expect(response.status).toBe(403); }); it('should fail when user is not authenticated', async () => { const response = await request(app).put(`${PREFERENCES_PATH}/webhooks`).send(webhookPreferences); expect(response.status).toBe(401); }); }); describe('Get Webhook Preferences Tests', () => { it('should fail when request includes API key', async () => { const response = await request(app) .get(`${PREFERENCES_PATH}/webhooks`) .set(INTERNAL_CONFIG.API_KEY_HEADER, MEET_API_KEY); expect(response.status).toBe(401); }); it('should succeed when user is authenticated as admin', async () => { const response = await request(app).get(`${PREFERENCES_PATH}/webhooks`).set('Cookie', adminCookie); expect(response.status).toBe(200); }); it('should fail when user is authenticated as user', async () => { const response = await request(app).get(`${PREFERENCES_PATH}/webhooks`).set('Cookie', userCookie); expect(response.status).toBe(403); }); it('should fail when user is not authenticated', async () => { const response = await request(app).get(`${PREFERENCES_PATH}/webhooks`); expect(response.status).toBe(401); }); }); describe('Update Security Preferences Tests', () => { const securityPreferences = { roomCreationPolicy: { allowRoomCreation: true, requireAuthentication: true } }; it('should fail when request includes API key', async () => { const response = await request(app) .put(`${PREFERENCES_PATH}/security`) .set(INTERNAL_CONFIG.API_KEY_HEADER, MEET_API_KEY) .send(securityPreferences); expect(response.status).toBe(401); }); it('should succeed when user is authenticated as admin', async () => { const response = await request(app) .put(`${PREFERENCES_PATH}/security`) .set('Cookie', adminCookie) .send(securityPreferences); expect(response.status).toBe(200); }); it('should fail when user is authenticated as user', async () => { const response = await request(app) .put(`${PREFERENCES_PATH}/security`) .set('Cookie', userCookie) .send(securityPreferences); expect(response.status).toBe(403); }); it('should fail when user is not authenticated', async () => { const response = await request(app).put(`${PREFERENCES_PATH}/security`).send(securityPreferences); expect(response.status).toBe(401); }); }); describe('Get Security Preferences Tests', () => { it('should succeed when user is not authenticated', async () => { const response = await request(app).get(`${PREFERENCES_PATH}/security`); expect(response.status).toBe(200); }); }); describe('Update Appearance Preferences Tests', () => { it('should fail when request includes API key', async () => { const response = await request(app) .put(`${PREFERENCES_PATH}/appearance`) .set(INTERNAL_CONFIG.API_KEY_HEADER, MEET_API_KEY) .send({}); expect(response.status).toBe(401); }); it('should succeed when user is authenticated as admin', async () => { const response = await request(app) .put(`${PREFERENCES_PATH}/appearance`) .set('Cookie', adminCookie) .send({}); expect(response.status).toBe(402); // Assuming 402 is the expected status code for this case }); it('should fail when user is authenticated as user', async () => { const response = await request(app) .put(`${PREFERENCES_PATH}/appearance`) .set('Cookie', userCookie) .send({}); expect(response.status).toBe(403); }); it('should fail when user is not authenticated', async () => { const response = await request(app).put(`${PREFERENCES_PATH}/appearance`).send({}); expect(response.status).toBe(401); }); }); describe('Get Appearance Preferences Tests', () => { it('should fail when request includes API key', async () => { const response = await request(app) .get(`${PREFERENCES_PATH}/appearance`) .set(INTERNAL_CONFIG.API_KEY_HEADER, MEET_API_KEY); expect(response.status).toBe(401); }); it('should succeed when user is authenticated as admin', async () => { const response = await request(app).get(`${PREFERENCES_PATH}/appearance`).set('Cookie', adminCookie); expect(response.status).toBe(402); // Assuming 402 is the expected status code for this case }); it('should fail when user is authenticated as user', async () => { const response = await request(app).get(`${PREFERENCES_PATH}/appearance`).set('Cookie', userCookie); expect(response.status).toBe(403); }); it('should fail when user is not authenticated', async () => { const response = await request(app).get(`${PREFERENCES_PATH}/appearance`); expect(response.status).toBe(401); }); }); });