GitHub/outline
1
0
Fork 0
mirror of https://github.com/outline/outline.git synced 2026-06-13 03:14:59 +03:00
Code Issues Packages Projects Releases Wiki Activity

chore: getJWTToken -> getSessionToken (#12371)

Browse Source 
* getJWTToken -> getSessionToken

Ensure expiry is included in payload

* Refactor test harness to avoid direct usage of getSessionToken
This commit is contained in:
Tom Moor
2026-05-17 16:58:52 -04:00
committed by GitHub
parent 4774fa4fd0
commit 77cee2806c
51 changed files with 1164 additions and 2224 deletions
Download Patch File Download Diff File Expand all files Collapse all files
plugins/figma/server/api/figma.test.ts
+3 -3
View File
@@ -13,7 +13,7 @@ describe("#figma.callback", () => {
const res = await server.get(
`/api/figma.callback?state=${encodeURIComponent(
state
)}&code=123&token=${user.getJwtToken()}`,
)}&code=123&token=${user.getSessionToken()}`,
{ redirect: "manual" }
);
const body = await res.json();
@@ -27,7 +27,7 @@ describe("#figma.callback", () => {
const res = await server.get(
`/api/figma.callback?state=${encodeURIComponent(
state
)}&code=123&token=${user.getJwtToken()}`,
)}&code=123&token=${user.getSessionToken()}`,
{ redirect: "manual" }
);
expect(res.status).toEqual(400);
@@ -36,7 +36,7 @@ describe("#figma.callback", () => {
it("should fail when state is not valid JSON", async () => {
const user = await buildUser();
const res = await server.get(
`/api/figma.callback?state=bad&code=123&token=${user.getJwtToken()}`,
`/api/figma.callback?state=bad&code=123&token=${user.getSessionToken()}`,
{ redirect: "manual" }
);
expect(res.status).toEqual(400);
plugins/github/server/api/github.test.ts
+3 -3
View File
@@ -14,7 +14,7 @@ describe("#github.callback", () => {
const res = await server.get(
`/api/github.callback?state=${encodeURIComponent(
state
)}&code=123&setup_action=${SetupAction.install}&installation_id=1&token=${user.getJwtToken()}`,
)}&code=123&setup_action=${SetupAction.install}&installation_id=1&token=${user.getSessionToken()}`,
{ redirect: "manual" }
);
const body = await res.json();
@@ -28,7 +28,7 @@ describe("#github.callback", () => {
const res = await server.get(
`/api/github.callback?state=${encodeURIComponent(
state
)}&code=123&setup_action=${SetupAction.install}&installation_id=1&token=${user.getJwtToken()}`,
)}&code=123&setup_action=${SetupAction.install}&installation_id=1&token=${user.getSessionToken()}`,
{ redirect: "manual" }
);
expect(res.status).toEqual(400);
@@ -37,7 +37,7 @@ describe("#github.callback", () => {
it("should fail when state is not valid JSON", async () => {
const user = await buildUser();
const res = await server.get(
`/api/github.callback?state=bad&code=123&setup_action=${SetupAction.install}&installation_id=1&token=${user.getJwtToken()}`,
`/api/github.callback?state=bad&code=123&setup_action=${SetupAction.install}&installation_id=1&token=${user.getSessionToken()}`,
{ redirect: "manual" }
);
expect(res.status).toEqual(400);
plugins/gitlab/server/api/gitlab.test.ts
+3 -3
View File
@@ -13,7 +13,7 @@ describe("#gitlab.callback", () => {
const res = await server.get(
`/api/gitlab.callback?state=${encodeURIComponent(
state
)}&code=123&token=${user.getJwtToken()}`,
)}&code=123&token=${user.getSessionToken()}`,
{ redirect: "manual" }
);
const body = await res.json();
@@ -27,7 +27,7 @@ describe("#gitlab.callback", () => {
const res = await server.get(
`/api/gitlab.callback?state=${encodeURIComponent(
state
)}&code=123&token=${user.getJwtToken()}`,
)}&code=123&token=${user.getSessionToken()}`,
{ redirect: "manual" }
);
expect(res.status).toEqual(400);
@@ -36,7 +36,7 @@ describe("#gitlab.callback", () => {
it("should fail when state is not valid JSON", async () => {
const user = await buildUser();
const res = await server.get(
`/api/gitlab.callback?state=bad&code=123&token=${user.getJwtToken()}`,
`/api/gitlab.callback?state=bad&code=123&token=${user.getSessionToken()}`,
{ redirect: "manual" }
);
expect(res.status).toEqual(400);
plugins/linear/server/api/linear.test.ts
+3 -3
View File
@@ -13,7 +13,7 @@ describe("#linear.callback", () => {
const res = await server.get(
`/api/linear.callback?state=${encodeURIComponent(
state
)}&code=123&token=${user.getJwtToken()}`,
)}&code=123&token=${user.getSessionToken()}`,
{ redirect: "manual" }
);
const body = await res.json();
@@ -27,7 +27,7 @@ describe("#linear.callback", () => {
const res = await server.get(
`/api/linear.callback?state=${encodeURIComponent(
state
)}&code=123&token=${user.getJwtToken()}`,
)}&code=123&token=${user.getSessionToken()}`,
{ redirect: "manual" }
);
expect(res.status).toEqual(400);
@@ -36,7 +36,7 @@ describe("#linear.callback", () => {
it("should fail when state is not valid JSON", async () => {
const user = await buildUser();
const res = await server.get(
`/api/linear.callback?state=bad&code=123&token=${user.getJwtToken()}`,
`/api/linear.callback?state=bad&code=123&token=${user.getSessionToken()}`,
{ redirect: "manual" }
);
expect(res.status).toEqual(400);
plugins/notion/server/api/notion.test.ts
+3 -3
View File
@@ -13,7 +13,7 @@ describe("#notion.callback", () => {
const res = await server.get(
`/api/notion.callback?state=${encodeURIComponent(
state
)}&code=123&token=${user.getJwtToken()}`,
)}&code=123&token=${user.getSessionToken()}`,
{ redirect: "manual" }
);
const body = await res.json();
@@ -27,7 +27,7 @@ describe("#notion.callback", () => {
const res = await server.get(
`/api/notion.callback?state=${encodeURIComponent(
state
)}&code=123&token=${user.getJwtToken()}`,
)}&code=123&token=${user.getSessionToken()}`,
{ redirect: "manual" }
);
expect(res.status).toEqual(400);
@@ -36,7 +36,7 @@ describe("#notion.callback", () => {
it("should fail when state is not valid JSON", async () => {
const user = await buildUser();
const res = await server.get(
`/api/notion.callback?state=bad&code=123&token=${user.getJwtToken()}`,
`/api/notion.callback?state=bad&code=123&token=${user.getSessionToken()}`,
{ redirect: "manual" }
);
expect(res.status).toEqual(400);
plugins/slack/server/auth/slack.test.ts
+4 -4
View File
@@ -11,7 +11,7 @@ describe("#slack.post", () => {
const res = await server.get(
`/auth/slack.post?state=${JSON.stringify(
{}
)}&code=123&token=${user.getJwtToken()}`
)}&code=123&token=${user.getSessionToken()}`
);
expect(res.status).toEqual(400);
});
@@ -19,7 +19,7 @@ describe("#slack.post", () => {
it("should fail with status 400 bad request if query param state is not JSON", async () => {
const user = await buildUser();
const res = await server.get(
`/auth/slack.post?state=bad&code=123&token=${user.getJwtToken()}`
`/auth/slack.post?state=bad&code=123&token=${user.getSessionToken()}`
);
expect(res.status).toEqual(400);
});
@@ -43,7 +43,7 @@ describe("#slack.post", () => {
const res = await server.get(
`/auth/slack.post?state=${encodeURIComponent(
state
)}&code=123&token=${user.getJwtToken()}`,
)}&code=123&token=${user.getSessionToken()}`,
{ redirect: "manual" }
);
const body = await res.json();
@@ -60,7 +60,7 @@ describe("#slack.post", () => {
const res = await server.get(
`/auth/slack.post?state=${encodeURIComponent(
state
)}&code=123&token=${user.getJwtToken()}`,
)}&code=123&token=${user.getSessionToken()}`,
{ redirect: "manual" }
);
expect(res.status).toEqual(400);
plugins/storage/server/api/files.test.ts
+10 -11
View File
@@ -25,9 +25,8 @@ vi.setConfig({ testTimeout: 10000 });
describe("#files.create", () => {
it("should fail with status 400 bad request if key is invalid", async () => {
const user = await buildUser();
const res = await server.post("/api/files.create", {
const res = await server.post("/api/files.create", user, {
body: {
token: user.getJwtToken(),
key: "public/foo/bar/baz.png",
},
});
@@ -52,7 +51,7 @@ describe("#files.create", () => {
const form = new FormData();
form.append("key", attachment.key);
form.append("file", content, fileName);
form.append("token", user.getJwtToken());
form.append("token", user.getSessionToken());
const res = await server.post(`/api/files.create`, {
headers: form.getHeaders(),
@@ -89,7 +88,7 @@ describe("#files.create", () => {
const form = new FormData();
form.append("key", attachment.key);
form.append("file", content, fileName);
form.append("token", user.getJwtToken());
form.append("token", user.getSessionToken());
const res = await server.post(`/api/files.create`, {
headers: form.getHeaders(),
@@ -118,7 +117,7 @@ describe("#files.create", () => {
const form = new FormData();
form.append("key", attachment.key);
form.append("file", content, fileName);
form.append("token", user.getJwtToken());
form.append("token", user.getSessionToken());
const res = await server.post(`/api/files.create`, {
headers: form.getHeaders(),
@@ -150,7 +149,7 @@ describe("#files.create", () => {
const form = new FormData();
form.append("key", attachment.key);
form.append("file", content, fileName);
form.append("token", user.getJwtToken());
form.append("token", user.getSessionToken());
const res = await server.post(`/api/files.create`, {
headers: form.getHeaders(),
@@ -181,7 +180,7 @@ describe("#files.create", () => {
const form = new FormData();
form.append("key", attachment.key);
form.append("file", content, fileName);
form.append("token", user.getJwtToken());
form.append("token", user.getSessionToken());
const res = await server.post(`/api/files.create`, {
headers: form.getHeaders(),
@@ -262,7 +261,7 @@ describe("#files.get", () => {
const form = new FormData();
form.append("key", attachment.key);
form.append("file", content, fileName);
form.append("token", user.getJwtToken());
form.append("token", user.getSessionToken());
await server.post(`/api/files.create`, {
headers: form.getHeaders(),
@@ -298,7 +297,7 @@ describe("#files.get", () => {
const form = new FormData();
form.append("key", attachment.key);
form.append("file", content, fileName);
form.append("token", user.getJwtToken());
form.append("token", user.getSessionToken());
await server.post(`/api/files.create`, {
headers: form.getHeaders(),
@@ -432,7 +431,7 @@ describe("#files.get", () => {
// Non-owner user should be able to access public-read attachment
const res = await server.get(`/api/files.get?key=${key}`, {
headers: {
Authorization: `Bearer ${otherUser.getJwtToken()}`,
Authorization: `Bearer ${otherUser.getSessionToken()}`,
},
});
expect(res.status).toEqual(200);
@@ -467,7 +466,7 @@ describe("#files.get", () => {
// Non-owner user should NOT be able to access private attachment
const res = await server.get(`/api/files.get?key=${key}`, {
headers: {
Authorization: `Bearer ${otherUser.getJwtToken()}`,
Authorization: `Bearer ${otherUser.getSessionToken()}`,
},
});
expect(res.status).toEqual(403);
plugins/webhooks/server/api/webhookSubscriptions.test.ts
+16 -29
View File
@@ -21,9 +21,7 @@ describe("#webhookSubscriptions.list", () => {
it("should fail with status 403 forbidden for non-admin user", async () => {
const user = await buildUser();
const res = await server.post("/api/webhookSubscriptions.list", {
body: { token: user.getJwtToken() },
});
const res = await server.post("/api/webhookSubscriptions.list", user);
const body = await res.json();
expect(res.status).toEqual(403);
@@ -43,9 +41,7 @@ describe("#webhookSubscriptions.list", () => {
)
);
const res = await server.post("/api/webhookSubscriptions.list", {
body: { token: user.getJwtToken() },
});
const res = await server.post("/api/webhookSubscriptions.list", user);
const body = await res.json();
expect(res.status).toEqual(200);
@@ -70,8 +66,8 @@ describe("#webhookSubscriptions.list", () => {
name: "Development Hook",
});
const res = await server.post("/api/webhookSubscriptions.list", {
body: { token: user.getJwtToken(), query: "webhook" },
const res = await server.post("/api/webhookSubscriptions.list", user, {
body: { query: "webhook" },
});
const body = await res.json();
@@ -97,8 +93,8 @@ describe("#webhookSubscriptions.list", () => {
name: "Staging Webhook",
});
const res = await server.post("/api/webhookSubscriptions.list", {
body: { token: user.getJwtToken(), query: "PRODUCTION" },
const res = await server.post("/api/webhookSubscriptions.list", user, {
body: { query: "PRODUCTION" },
});
const body = await res.json();
@@ -115,8 +111,8 @@ describe("#webhookSubscriptions.list", () => {
name: "Production Webhook",
});
const res = await server.post("/api/webhookSubscriptions.list", {
body: { token: user.getJwtToken(), query: "nonexistent" },
const res = await server.post("/api/webhookSubscriptions.list", user, {
body: { query: "nonexistent" },
});
const body = await res.json();
@@ -139,9 +135,7 @@ describe("#webhookSubscriptions.create", () => {
it("should fail with status 403 forbidden for non-admin user", async () => {
const user = await buildUser();
const res = await server.post("/api/webhookSubscriptions.create", {
body: { token: user.getJwtToken() },
});
const res = await server.post("/api/webhookSubscriptions.create", user);
const body = await res.json();
expect(res.status).toEqual(403);
@@ -155,9 +149,8 @@ describe("#webhookSubscriptions.create", () => {
const events = ["comments"];
const secret = "Test secret";
const res = await server.post("/api/webhookSubscriptions.create", {
const res = await server.post("/api/webhookSubscriptions.create", user, {
body: {
token: user.getJwtToken(),
name,
url,
events,
@@ -190,9 +183,7 @@ describe("#webhookSubscriptions.update", () => {
it("should fail with status 403 forbidden for non-admin user", async () => {
const user = await buildUser();
const res = await server.post("/api/webhookSubscriptions.update", {
body: { token: user.getJwtToken() },
});
const res = await server.post("/api/webhookSubscriptions.update", user);
const body = await res.json();
expect(res.status).toEqual(403);
@@ -213,9 +204,8 @@ describe("#webhookSubscriptions.update", () => {
teamId: user.teamId,
});
const res = await server.post("/api/webhookSubscriptions.update", {
const res = await server.post("/api/webhookSubscriptions.update", user, {
body: {
token: user.getJwtToken(),
id: existingWebhook.id,
name,
url,
@@ -247,9 +237,8 @@ describe("#webhookSubscriptions.update", () => {
enabled: false,
});
const res = await server.post("/api/webhookSubscriptions.update", {
const res = await server.post("/api/webhookSubscriptions.update", user, {
body: {
token: user.getJwtToken(),
id: disabledWebhook.id,
name,
url,
@@ -281,9 +270,7 @@ describe("#webhookSubscriptions.delete", () => {
it("should fail with status 403 forbidden for non-admin user", async () => {
const user = await buildUser();
const res = await server.post("/api/webhookSubscriptions.delete", {
body: { token: user.getJwtToken() },
});
const res = await server.post("/api/webhookSubscriptions.delete", user);
const body = await res.json();
expect(res.status).toEqual(403);
@@ -300,8 +287,8 @@ describe("#webhookSubscriptions.delete", () => {
teamId: user.teamId,
});
const res = await server.post("/api/webhookSubscriptions.delete", {
body: { token: user.getJwtToken(), id: createdWebhook.id },
const res = await server.post("/api/webhookSubscriptions.delete", user, {
body: { id: createdWebhook.id },
});
const body = await res.json();
server/middlewares/authentication.test.ts
+7 -7
View File
@@ -21,7 +21,7 @@ describe("Authentication middleware", () => {
{
// @ts-expect-error mock request
request: {
get: vi.fn(() => `Bearer ${user.getJwtToken()}`),
get: vi.fn(() => `Bearer ${user.getSessionToken()}`),
},
state,
cache: {},
@@ -41,7 +41,7 @@ describe("Authentication middleware", () => {
{
// @ts-expect-error mock request
request: {
get: vi.fn(() => `Bearer ${user.getJwtToken()}error`),
get: vi.fn(() => `Bearer ${user.getSessionToken()}error`),
},
state,
cache: {},
@@ -65,7 +65,7 @@ describe("Authentication middleware", () => {
{
// @ts-expect-error mock request
request: {
get: vi.fn(() => `Bearer ${user.getJwtToken()}`),
get: vi.fn(() => `Bearer ${user.getSessionToken()}`),
},
state,
cache: {},
@@ -295,7 +295,7 @@ describe("Authentication middleware", () => {
// @ts-expect-error mock request
get: vi.fn(() => null),
query: {
token: user.getJwtToken(),
token: user.getSessionToken(),
},
},
state,
@@ -316,7 +316,7 @@ describe("Authentication middleware", () => {
// @ts-expect-error mock request
get: vi.fn(() => null),
body: {
token: user.getJwtToken(),
token: user.getSessionToken(),
},
},
state,
@@ -342,7 +342,7 @@ describe("Authentication middleware", () => {
{
// @ts-expect-error mock request
request: {
get: vi.fn(() => `Bearer ${user.getJwtToken()}`),
get: vi.fn(() => `Bearer ${user.getSessionToken()}`),
},
state,
cache: {},
@@ -372,7 +372,7 @@ describe("Authentication middleware", () => {
{
// @ts-expect-error mock request
request: {
get: vi.fn(() => `Bearer ${user.getJwtToken()}`),
get: vi.fn(() => `Bearer ${user.getSessionToken()}`),
},
state,
cache: {},
server/models/User.test.ts
+2 -2
View File
@@ -153,10 +153,10 @@ describe("user model", () => {
});
});
describe("getJwtToken", () => {
describe("getSessionToken", () => {
it("should set JWT secret", async () => {
const user = await buildUser();
expect(user.getJwtToken()).toBeTruthy();
expect(user.getSessionToken()).toBeTruthy();
});
});
server/models/User.ts
+1 -1
View File
@@ -608,7 +608,7 @@ class User extends ParanoidModel<
* @param service The authentication service used to generate the token, if applicable
* @returns The session token
*/
getJwtToken = (expiresAt?: Date, service?: string) =>
getSessionToken = (expiresAt?: Date, service?: string) =>
JWT.sign(
{
id: this.id,
server/routes/api/accessRequests/accessRequests.test.ts
+19 -44
View File
@@ -15,11 +15,7 @@ const server = getTestServer();
describe("#accessRequests.create", () => {
it("should require id", async () => {
const user = await buildUser();
const res = await server.post("/api/accessRequests.create", {
body: {
token: user.getJwtToken(),
},
});
const res = await server.post("/api/accessRequests.create", user);
const body = await res.json();
expect(res.status).toEqual(400);
expect(body.message).toEqual("documentId: Must be a valid UUID or slug");
@@ -37,9 +33,8 @@ describe("#accessRequests.create", () => {
it("should return 404 for non-existent document", async () => {
const user = await buildUser();
const res = await server.post("/api/accessRequests.create", {
const res = await server.post("/api/accessRequests.create", user, {
body: {
token: user.getJwtToken(),
documentId: "a8f22c38-f4eb-4909-8c30-b927af36c5f3",
},
});
@@ -63,9 +58,8 @@ describe("#accessRequests.create", () => {
collectionId: collection.id,
});
const res = await server.post("/api/accessRequests.create", {
const res = await server.post("/api/accessRequests.create", requester, {
body: {
token: requester.getJwtToken(),
documentId: document.id,
},
});
@@ -85,9 +79,8 @@ describe("#accessRequests.create", () => {
createdById: owner.id,
});
const res = await server.post("/api/accessRequests.create", {
const res = await server.post("/api/accessRequests.create", requester, {
body: {
token: requester.getJwtToken(),
documentId: document.id,
},
});
@@ -110,9 +103,8 @@ describe("#accessRequests.create", () => {
collectionId: collection.id,
});
const res = await server.post("/api/accessRequests.create", {
const res = await server.post("/api/accessRequests.create", requester, {
body: {
token: requester.getJwtToken(),
documentId: document.urlId,
},
});
@@ -135,17 +127,15 @@ describe("#accessRequests.create", () => {
});
// Create first access request
const res1 = await server.post("/api/accessRequests.create", {
const res1 = await server.post("/api/accessRequests.create", requester, {
body: {
token: requester.getJwtToken(),
documentId: document.id,
},
});
// Try to create another
const res2 = await server.post("/api/accessRequests.create", {
const res2 = await server.post("/api/accessRequests.create", requester, {
body: {
token: requester.getJwtToken(),
documentId: document.id,
},
});
@@ -189,9 +179,8 @@ describe("#accessRequests.create", () => {
});
// Create new request
const res2 = await server.post("/api/accessRequests.create", {
const res2 = await server.post("/api/accessRequests.create", requester, {
body: {
token: requester.getJwtToken(),
documentId: document.id,
},
});
@@ -211,11 +200,7 @@ describe("#accessRequests.info", () => {
it("should fail if both id and documentId are missing", async () => {
const user = await buildUser();
const res = await server.post("/api/accessRequests.info", {
body: {
token: user.getJwtToken(),
},
});
const res = await server.post("/api/accessRequests.info", user);
expect(res.status).toEqual(400);
});
@@ -234,9 +219,8 @@ describe("#accessRequests.info", () => {
teamId: team.id,
});
const res = await server.post("/api/accessRequests.info", {
const res = await server.post("/api/accessRequests.info", requester, {
body: {
token: requester.getJwtToken(),
id: accessRequest.id,
},
});
@@ -262,9 +246,8 @@ describe("#accessRequests.info", () => {
teamId: team.id,
});
const res = await server.post("/api/accessRequests.info", {
const res = await server.post("/api/accessRequests.info", requester, {
body: {
token: requester.getJwtToken(),
documentId: document.urlId,
},
});
@@ -277,9 +260,8 @@ describe("#accessRequests.info", () => {
it("should return 404 if access request not found", async () => {
const user = await buildUser();
const res = await server.post("/api/accessRequests.info", {
const res = await server.post("/api/accessRequests.info", user, {
body: {
token: user.getJwtToken(),
id: "00000000-0000-0000-0000-000000000000",
},
});
@@ -309,9 +291,8 @@ describe("#accessRequests.approve", () => {
status: AccessRequestStatus.Pending,
});
const res = await server.post("/api/accessRequests.approve", {
const res = await server.post("/api/accessRequests.approve", admin, {
body: {
token: admin.getJwtToken(),
id: accessRequest.id,
permission: DocumentPermission.ReadWrite,
},
@@ -355,9 +336,8 @@ describe("#accessRequests.approve", () => {
teamId: team.id,
});
const res = await server.post("/api/accessRequests.approve", {
const res = await server.post("/api/accessRequests.approve", nonManager, {
body: {
token: nonManager.getJwtToken(),
id: accessRequest.id,
permission: DocumentPermission.ReadWrite,
},
@@ -389,9 +369,8 @@ describe("#accessRequests.approve", () => {
status: AccessRequestStatus.Pending,
});
const res = await server.post("/api/accessRequests.approve", {
const res = await server.post("/api/accessRequests.approve", admin, {
body: {
token: admin.getJwtToken(),
id: accessRequest.id,
permission: DocumentPermission.ReadWrite,
},
@@ -429,9 +408,8 @@ describe("#accessRequests.approve", () => {
respondedAt: new Date(),
});
const res = await server.post("/api/accessRequests.approve", {
const res = await server.post("/api/accessRequests.approve", admin, {
body: {
token: admin.getJwtToken(),
id: accessRequest.id,
permission: DocumentPermission.ReadWrite,
},
@@ -463,9 +441,8 @@ describe("#accessRequests.dismiss", () => {
teamId: team.id,
});
const res = await server.post("/api/accessRequests.dismiss", {
const res = await server.post("/api/accessRequests.dismiss", admin, {
body: {
token: admin.getJwtToken(),
id: accessRequest.id,
},
});
@@ -509,9 +486,8 @@ describe("#accessRequests.dismiss", () => {
teamId: team.id,
});
const res = await server.post("/api/accessRequests.dismiss", {
const res = await server.post("/api/accessRequests.dismiss", nonManager, {
body: {
token: nonManager.getJwtToken(),
id: accessRequest.id,
},
});
@@ -539,9 +515,8 @@ describe("#accessRequests.dismiss", () => {
respondedAt,
});
const res = await server.post("/api/accessRequests.dismiss", {
const res = await server.post("/api/accessRequests.dismiss", admin, {
body: {
token: admin.getJwtToken(),
id: accessRequest.id,
},
});
server/routes/api/apiKeys/apiKeys.test.ts
+16 -35
View File
@@ -14,9 +14,8 @@ describe("#apiKeys.create", () => {
const now = new Date();
const user = await buildUser();
const res = await server.post("/api/apiKeys.create", {
const res = await server.post("/api/apiKeys.create", user, {
body: {
token: user.getJwtToken(),
name: "My API Key",
expiresAt: now.toISOString(),
},
@@ -32,9 +31,8 @@ describe("#apiKeys.create", () => {
it("should allow creating an api key without expiry", async () => {
const user = await buildUser();
const res = await server.post("/api/apiKeys.create", {
const res = await server.post("/api/apiKeys.create", user, {
body: {
token: user.getJwtToken(),
name: "My API Key",
},
});
@@ -49,9 +47,8 @@ describe("#apiKeys.create", () => {
it("should allow creating an api key with scopes", async () => {
const user = await buildUser();
const res = await server.post("/api/apiKeys.create", {
const res = await server.post("/api/apiKeys.create", user, {
body: {
token: user.getJwtToken(),
name: "My API Key",
scope: [
"/api/documents.list",
@@ -82,9 +79,8 @@ describe("#apiKeys.create", () => {
it("should allow viewers to create an api key", async () => {
const viewer = await buildViewer();
const res = await server.post("/api/apiKeys.create", {
const res = await server.post("/api/apiKeys.create", viewer, {
body: {
token: viewer.getJwtToken(),
name: "My API Key",
},
});
@@ -97,9 +93,8 @@ describe("#apiKeys.create", () => {
it("should not allow guests to create an api key", async () => {
const guest = await buildGuestUser();
const res = await server.post("/api/apiKeys.create", {
const res = await server.post("/api/apiKeys.create", guest, {
body: {
token: guest.getJwtToken(),
name: "My API Key",
},
});
@@ -119,10 +114,9 @@ describe("#apiKeys.list", () => {
const admin = await buildAdmin({ teamId: user.teamId });
await buildApiKey({ userId: user.id });
const res = await server.post("/api/apiKeys.list", {
const res = await server.post("/api/apiKeys.list", admin, {
body: {
userId: user.id,
token: admin.getJwtToken(),
},
});
const body = await res.json();
@@ -137,10 +131,9 @@ describe("#apiKeys.list", () => {
await buildApiKey({ userId: user.id });
await buildApiKey({ userId: admin.id });
const res = await server.post("/api/apiKeys.list", {
const res = await server.post("/api/apiKeys.list", admin, {
body: {
userId: admin.id,
token: admin.getJwtToken(),
},
});
const body = await res.json();
@@ -156,11 +149,7 @@ describe("#apiKeys.list", () => {
await buildApiKey({ userId: user.id });
await buildApiKey();
const res = await server.post("/api/apiKeys.list", {
body: {
token: admin.getJwtToken(),
},
});
const res = await server.post("/api/apiKeys.list", admin);
const body = await res.json();
@@ -174,9 +163,8 @@ describe("#apiKeys.list", () => {
await buildApiKey({ userId: admin.id, name: "Staging Key" });
await buildApiKey({ userId: admin.id, name: "Development Token" });
const res = await server.post("/api/apiKeys.list", {
const res = await server.post("/api/apiKeys.list", admin, {
body: {
token: admin.getJwtToken(),
query: "key",
},
});
@@ -196,9 +184,8 @@ describe("#apiKeys.list", () => {
await buildApiKey({ userId: admin.id, name: "Production Key" });
await buildApiKey({ userId: admin.id, name: "Staging Key" });
const res = await server.post("/api/apiKeys.list", {
const res = await server.post("/api/apiKeys.list", admin, {
body: {
token: admin.getJwtToken(),
query: "PRODUCTION",
},
});
@@ -213,9 +200,8 @@ describe("#apiKeys.list", () => {
const admin = await buildAdmin();
await buildApiKey({ userId: admin.id, name: "Production Key" });
const res = await server.post("/api/apiKeys.list", {
const res = await server.post("/api/apiKeys.list", admin, {
body: {
token: admin.getJwtToken(),
query: "nonexistent",
},
});
@@ -229,9 +215,8 @@ describe("#apiKeys.list", () => {
const viewer = await buildViewer();
await buildApiKey({ userId: viewer.id });
const res = await server.post("/api/apiKeys.list", {
const res = await server.post("/api/apiKeys.list", viewer, {
body: {
token: viewer.getJwtToken(),
userId: viewer.id,
},
});
@@ -255,9 +240,8 @@ describe("#apiKeys.delete", () => {
userId: user.id,
});
const res = await server.post("/api/apiKeys.delete", {
const res = await server.post("/api/apiKeys.delete", user, {
body: {
token: user.getJwtToken(),
id: apiKey.id,
},
});
@@ -273,9 +257,8 @@ describe("#apiKeys.delete", () => {
userId: otherUser.id,
});
const res = await server.post("/api/apiKeys.delete", {
const res = await server.post("/api/apiKeys.delete", user, {
body: {
token: user.getJwtToken(),
id: apiKey.id,
},
});
@@ -291,9 +274,8 @@ describe("#apiKeys.delete", () => {
userId: user.id,
});
const res = await server.post("/api/apiKeys.delete", {
const res = await server.post("/api/apiKeys.delete", admin, {
body: {
token: admin.getJwtToken(),
id: apiKey.id,
},
});
@@ -305,9 +287,8 @@ describe("#apiKeys.delete", () => {
const viewer = await buildViewer();
const apiKey = await buildApiKey({ userId: viewer.id });
const res = await server.post("/api/apiKeys.delete", {
const res = await server.post("/api/apiKeys.delete", viewer, {
body: {
token: viewer.getJwtToken(),
id: apiKey.id,
},
});
server/routes/api/attachments/attachments.test.ts
+26 -62
View File
@@ -33,11 +33,7 @@ describe("#attachments.list", () => {
userId: user.id,
});
const res = await server.post("/api/attachments.list", {
body: {
token: user.getJwtToken(),
},
});
const res = await server.post("/api/attachments.list", user);
const body = await res.json();
expect(res.status).toEqual(200);
@@ -61,10 +57,9 @@ describe("#attachments.list", () => {
userId: admin.id,
});
const res = await server.post("/api/attachments.list", {
const res = await server.post("/api/attachments.list", admin, {
body: {
userId: user.id,
token: admin.getJwtToken(),
},
});
const body = await res.json();
@@ -90,10 +85,9 @@ describe("#attachments.list", () => {
userId: user.id,
});
const res = await server.post("/api/attachments.list", {
const res = await server.post("/api/attachments.list", user, {
body: {
documentId: document.id,
token: user.getJwtToken(),
},
});
const body = await res.json();
@@ -113,11 +107,7 @@ describe("#attachments.list", () => {
userId: anotherUser.id,
});
const res = await server.post("/api/attachments.list", {
body: {
token: user.getJwtToken(),
},
});
const res = await server.post("/api/attachments.list", user);
const body = await res.json();
expect(res.status).toEqual(200);
@@ -139,13 +129,12 @@ describe("#attachments.create", () => {
describe("member", () => {
it("should allow upload using avatar preset", async () => {
const user = await buildUser();
const res = await server.post("/api/attachments.create", {
const res = await server.post("/api/attachments.create", user, {
body: {
name: "test.png",
contentType: "image/png",
size: 1000,
preset: AttachmentPreset.Avatar,
token: user.getJwtToken(),
},
});
expect(res.status).toEqual(200);
@@ -164,14 +153,13 @@ describe("#attachments.create", () => {
userId: user.id,
});
const res = await server.post("/api/attachments.create", {
const res = await server.post("/api/attachments.create", user, {
body: {
name: "test.png",
contentType: "image/png",
size: 1000,
documentId: document.id,
preset: AttachmentPreset.DocumentAttachment,
token: user.getJwtToken(),
},
});
expect(res.status).toEqual(200);
@@ -179,13 +167,12 @@ describe("#attachments.create", () => {
it("should create expiring attachment using import preset", async () => {
const user = await buildUser();
const res = await server.post("/api/attachments.create", {
const res = await server.post("/api/attachments.create", user, {
body: {
name: "test.zip",
contentType: "application/zip",
size: 10000,
preset: AttachmentPreset.WorkspaceImport,
token: user.getJwtToken(),
},
});
expect(res.status).toEqual(200);
@@ -201,14 +188,13 @@ describe("#attachments.create", () => {
const user = await buildUser();
const document = await buildDocument();
const res = await server.post("/api/attachments.create", {
const res = await server.post("/api/attachments.create", user, {
body: {
name: "test.png",
contentType: "image/png",
size: 1000,
documentId: document.id,
preset: AttachmentPreset.DocumentAttachment,
token: user.getJwtToken(),
},
});
expect(res.status).toEqual(403);
@@ -216,13 +202,12 @@ describe("#attachments.create", () => {
it("should not allow file upload for avatar preset", async () => {
const user = await buildUser();
const res = await server.post("/api/attachments.create", {
const res = await server.post("/api/attachments.create", user, {
body: {
name: "test.pdf",
contentType: "application/pdf",
size: 1000,
preset: AttachmentPreset.Avatar,
token: user.getJwtToken(),
},
});
expect(res.status).toEqual(400);
@@ -230,13 +215,12 @@ describe("#attachments.create", () => {
it("should reject negative size", async () => {
const user = await buildUser();
const res = await server.post("/api/attachments.create", {
const res = await server.post("/api/attachments.create", user, {
body: {
name: "test.png",
contentType: "image/png",
size: -1,
preset: AttachmentPreset.Emoji,
token: user.getJwtToken(),
},
});
expect(res.status).toEqual(400);
@@ -244,13 +228,12 @@ describe("#attachments.create", () => {
it("should reject non-integer size", async () => {
const user = await buildUser();
const res = await server.post("/api/attachments.create", {
const res = await server.post("/api/attachments.create", user, {
body: {
name: "test.png",
contentType: "image/png",
size: 1.5,
preset: AttachmentPreset.Emoji,
token: user.getJwtToken(),
},
});
expect(res.status).toEqual(400);
@@ -276,14 +259,13 @@ describe("#attachments.create", () => {
permission: CollectionPermission.ReadWrite,
});
const res = await server.post("/api/attachments.create", {
const res = await server.post("/api/attachments.create", user, {
body: {
name: "test.png",
contentType: "image/png",
size: 1000,
documentId: document.id,
preset: AttachmentPreset.DocumentAttachment,
token: user.getJwtToken(),
},
});
expect(res.status).toEqual(200);
@@ -293,14 +275,13 @@ describe("#attachments.create", () => {
const user = await buildViewer();
const document = await buildDocument({ teamId: user.teamId });
const res = await server.post("/api/attachments.create", {
const res = await server.post("/api/attachments.create", user, {
body: {
name: "test.png",
contentType: "image/png",
size: 1000,
documentId: document.id,
preset: AttachmentPreset.DocumentAttachment,
token: user.getJwtToken(),
},
});
expect(res.status).toEqual(403);
@@ -308,13 +289,12 @@ describe("#attachments.create", () => {
it("should allow upload using avatar preset", async () => {
const user = await buildViewer();
const res = await server.post("/api/attachments.create", {
const res = await server.post("/api/attachments.create", user, {
body: {
name: "test.png",
contentType: "image/png",
size: 1000,
preset: AttachmentPreset.Avatar,
token: user.getJwtToken(),
},
});
expect(res.status).toEqual(200);
@@ -334,9 +314,8 @@ describe("#attachments.delete", () => {
teamId: user.teamId,
userId: user.id,
});
const res = await server.post("/api/attachments.delete", {
const res = await server.post("/api/attachments.delete", user, {
body: {
token: user.getJwtToken(),
id: attachment.id,
},
});
@@ -358,9 +337,8 @@ describe("#attachments.delete", () => {
});
attachment.documentId = null;
await attachment.save();
const res = await server.post("/api/attachments.delete", {
const res = await server.post("/api/attachments.delete", user, {
body: {
token: user.getJwtToken(),
id: attachment.id,
},
});
@@ -381,9 +359,8 @@ describe("#attachments.delete", () => {
});
attachment.documentId = null;
await attachment.save();
const res = await server.post("/api/attachments.delete", {
const res = await server.post("/api/attachments.delete", user, {
body: {
token: user.getJwtToken(),
id: attachment.id,
},
});
@@ -402,9 +379,8 @@ describe("#attachments.delete", () => {
const attachment = await buildAttachment();
attachment.documentId = null;
await attachment.save();
const res = await server.post("/api/attachments.delete", {
const res = await server.post("/api/attachments.delete", user, {
body: {
token: user.getJwtToken(),
id: attachment.id,
},
});
@@ -418,9 +394,8 @@ describe("#attachments.delete", () => {
});
attachment.documentId = null;
await attachment.save();
const res = await server.post("/api/attachments.delete", {
const res = await server.post("/api/attachments.delete", user, {
body: {
token: user.getJwtToken(),
id: attachment.id,
},
});
@@ -443,9 +418,8 @@ describe("#attachments.delete", () => {
documentId: document.id,
acl: "private",
});
const res = await server.post("/api/attachments.delete", {
const res = await server.post("/api/attachments.delete", user, {
body: {
token: user.getJwtToken(),
id: attachment.id,
},
});
@@ -460,9 +434,8 @@ describe("#attachments.redirect", () => {
teamId: user.teamId,
userId: user.id,
});
const res = await server.post("/api/attachments.redirect", {
const res = await server.post("/api/attachments.redirect", user, {
body: {
token: user.getJwtToken(),
id: attachment.id,
},
redirect: "manual",
@@ -478,10 +451,8 @@ describe("#attachments.redirect", () => {
});
const res = await server.post(
`/api/attachments.redirect?id=${attachment.id}`,
user,
{
body: {
token: user.getJwtToken(),
},
redirect: "manual",
}
);
@@ -505,9 +476,8 @@ describe("#attachments.redirect", () => {
teamId: user.teamId,
userId: user.id,
});
const res = await server.post("/api/attachments.redirect", {
const res = await server.post("/api/attachments.redirect", user, {
body: {
token: user.getJwtToken(),
id: attachment.id,
},
redirect: "manual",
@@ -532,9 +502,8 @@ describe("#attachments.redirect", () => {
userId: user.id,
documentId: document.id,
});
const res = await server.post("/api/attachments.redirect", {
const res = await server.post("/api/attachments.redirect", user, {
body: {
token: user.getJwtToken(),
id: attachment.id,
},
redirect: "manual",
@@ -587,9 +556,8 @@ describe("#attachments.redirect", () => {
documentId: document.id,
acl: "private",
});
const res = await server.post("/api/attachments.redirect", {
const res = await server.post("/api/attachments.redirect", user, {
body: {
token: user.getJwtToken(),
id: attachment.id,
},
});
@@ -598,11 +566,7 @@ describe("#attachments.redirect", () => {
it("should fail in absence of id", async () => {
const user = await buildUser();
const res = await server.post("/api/attachments.redirect", {
body: {
token: user.getJwtToken(),
},
});
const res = await server.post("/api/attachments.redirect", user);
const body = await res.json();
expect(res.status).toEqual(400);
expect(body.message).toEqual("id is required");
server/routes/api/auth/auth.test.ts
+4 -20
View File
@@ -27,11 +27,7 @@ describe("#auth.info", () => {
teamId: team2.id,
email: user.email,
});
const res = await server.post("/api/auth.info", {
body: {
token: user.getJwtToken(),
},
});
const res = await server.post("/api/auth.info", user);
const body = await res.json();
expect(res.status).toEqual(200);
@@ -52,11 +48,7 @@ describe("#auth.info", () => {
const team = await buildTeam();
const user = await buildUser({ teamId: team.id });
await team.destroy();
const res = await server.post("/api/auth.info", {
body: {
token: user.getJwtToken(),
},
});
const res = await server.post("/api/auth.info", user);
expect(res.status).toEqual(401);
});
@@ -69,18 +61,10 @@ describe("#auth.info", () => {
describe("#auth.delete", () => {
it("should make the access token unusable", async () => {
const user = await buildUser();
const res = await server.post("/api/auth.delete", {
body: {
token: user.getJwtToken(),
},
});
const res = await server.post("/api/auth.delete", user);
expect(res.status).toEqual(200);
const res2 = await server.post("/api/auth.info", {
body: {
token: user.getJwtToken(),
},
});
const res2 = await server.post("/api/auth.info", user);
expect(res2.status).toEqual(401);
});
server/routes/api/authenticationProviders/authenticationProviders.test.ts
+9 -21
View File
@@ -20,10 +20,9 @@ describe("#authenticationProviders.info", () => {
teamId: team.id,
});
const authenticationProviders = await team.$get("authenticationProviders");
const res = await server.post("/api/authenticationProviders.info", {
const res = await server.post("/api/authenticationProviders.info", user, {
body: {
id: authenticationProviders[0].id,
token: user.getJwtToken(),
},
});
const body = await res.json();
@@ -39,10 +38,9 @@ describe("#authenticationProviders.info", () => {
const team = await buildTeam();
const user = await buildUser();
const authenticationProviders = await team.$get("authenticationProviders");
const res = await server.post("/api/authenticationProviders.info", {
const res = await server.post("/api/authenticationProviders.info", user, {
body: {
id: authenticationProviders[0].id,
token: user.getJwtToken(),
},
});
expect(res.status).toEqual(403);
@@ -69,11 +67,10 @@ describe("#authenticationProviders.update", () => {
teamId: team.id,
});
const authenticationProviders = await team.$get("authenticationProviders");
const res = await server.post("/api/authenticationProviders.update", {
const res = await server.post("/api/authenticationProviders.update", user, {
body: {
id: authenticationProviders[0].id,
isEnabled: false,
token: user.getJwtToken(),
},
});
expect(res.status).toEqual(400);
@@ -88,11 +85,10 @@ describe("#authenticationProviders.update", () => {
name: "google",
providerId: randomUUID(),
});
const res = await server.post("/api/authenticationProviders.update", {
const res = await server.post("/api/authenticationProviders.update", user, {
body: {
id: googleProvider.id,
isEnabled: false,
token: user.getJwtToken(),
},
});
const body = await res.json();
@@ -106,11 +102,10 @@ describe("#authenticationProviders.update", () => {
const team = await buildTeam();
const user = await buildUser({ teamId: team.id });
const authenticationProviders = await team.$get("authenticationProviders");
const res = await server.post("/api/authenticationProviders.update", {
const res = await server.post("/api/authenticationProviders.update", user, {
body: {
id: authenticationProviders[0].id,
isEnabled: false,
token: user.getJwtToken(),
},
});
expect(res.status).toEqual(403);
@@ -135,11 +130,7 @@ describe("#authenticationProviders.list", () => {
const user = await buildAdmin({
teamId: team.id,
});
const res = await server.post("/api/authenticationProviders.list", {
body: {
token: user.getJwtToken(),
},
});
const res = await server.post("/api/authenticationProviders.list", user);
const body = await res.json();
expect(res.status).toEqual(200);
expect(body.data.length).toBe(3);
@@ -170,10 +161,9 @@ describe("#authenticationProviders.delete", () => {
name: "google",
providerId: randomUUID(),
});
const res = await server.post("/api/authenticationProviders.delete", {
const res = await server.post("/api/authenticationProviders.delete", user, {
body: {
id: googleProvider.id,
token: user.getJwtToken(),
},
});
expect(res.status).toEqual(200);
@@ -191,10 +181,9 @@ describe("#authenticationProviders.delete", () => {
name: "google",
providerId: randomUUID(),
});
const res = await server.post("/api/authenticationProviders.delete", {
const res = await server.post("/api/authenticationProviders.delete", user, {
body: {
id: googleProvider.id,
token: user.getJwtToken(),
},
});
expect(res.status).toEqual(200);
@@ -213,10 +202,9 @@ describe("#authenticationProviders.delete", () => {
name: "google",
providerId: randomUUID(),
});
const res = await server.post("/api/authenticationProviders.delete", {
const res = await server.post("/api/authenticationProviders.delete", user, {
body: {
id: googleProvider.id,
token: user.getJwtToken(),
},
});
expect(res.status).toEqual(403);
server/routes/api/collections/collections.test.ts
+103 -216
View File
@@ -27,11 +27,7 @@ describe("#collections.list", () => {
userId: user.id,
teamId: team.id,
});
const res = await server.post("/api/collections.list", {
body: {
token: user.getJwtToken(),
},
});
const res = await server.post("/api/collections.list", user);
const body = await res.json();
expect(res.status).toEqual(200);
expect(body.data.length).toEqual(1);
@@ -47,9 +43,8 @@ describe("#collections.list", () => {
teamId: team.id,
archivedAt: new Date(),
});
const res = await server.post("/api/collections.list", {
const res = await server.post("/api/collections.list", admin, {
body: {
token: admin.getJwtToken(),
statusFilter: [CollectionStatusFilter.Archived],
},
});
@@ -68,11 +63,7 @@ describe("#collections.list", () => {
teamId: team.id,
archivedAt: new Date(),
});
const res = await server.post("/api/collections.list", {
body: {
token: admin.getJwtToken(),
},
});
const res = await server.post("/api/collections.list", admin);
const body = await res.json();
expect(res.status).toEqual(200);
expect(body.data).toHaveLength(0);
@@ -89,11 +80,7 @@ describe("#collections.list", () => {
permission: null,
teamId: user.teamId,
});
const res = await server.post("/api/collections.list", {
body: {
token: user.getJwtToken(),
},
});
const res = await server.post("/api/collections.list", user);
const body = await res.json();
expect(res.status).toEqual(200);
expect(body.data.length).toEqual(1);
@@ -112,11 +99,7 @@ describe("#collections.list", () => {
teamId: user.teamId,
userId: user.id,
});
const res = await server.post("/api/collections.list", {
body: {
token: user.getJwtToken(),
},
});
const res = await server.post("/api/collections.list", user);
const body = await res.json();
expect(res.status).toEqual(200);
expect(body.data.length).toEqual(2);
@@ -149,11 +132,7 @@ describe("#collections.list", () => {
createdById: user.id,
},
});
const res = await server.post("/api/collections.list", {
body: {
token: user.getJwtToken(),
},
});
const res = await server.post("/api/collections.list", user);
const body = await res.json();
expect(res.status).toEqual(200);
expect(body.data.length).toEqual(2);
@@ -169,11 +148,7 @@ describe("#collections.list", () => {
teamId: team.id,
archivedAt: new Date(),
});
const res = await server.post("/api/collections.list", {
body: {
token: user.getJwtToken(),
},
});
const res = await server.post("/api/collections.list", user);
const body = await res.json();
expect(res.status).toEqual(200);
expect(body.data.length).toEqual(0);
@@ -187,30 +162,21 @@ describe("#collections.list", () => {
teamId: team.id,
});
const beforeArchiveRes = await server.post("/api/collections.list", {
body: {
token: user.getJwtToken(),
},
});
const beforeArchiveRes = await server.post("/api/collections.list", user);
const beforeArchiveBody = await beforeArchiveRes.json();
expect(beforeArchiveRes.status).toEqual(200);
expect(beforeArchiveBody.data).toHaveLength(1);
expect(beforeArchiveBody.data[0].id).toEqual(collection.id);
const archiveRes = await server.post("/api/collections.archive", {
const archiveRes = await server.post("/api/collections.archive", user, {
body: {
token: user.getJwtToken(),
id: collection.id,
},
});
expect(archiveRes.status).toEqual(200);
const afterArchiveRes = await server.post("/api/collections.list", {
body: {
token: user.getJwtToken(),
},
});
const afterArchiveRes = await server.post("/api/collections.list", user);
const afterArchiveBody = await afterArchiveRes.json();
expect(afterArchiveRes.status).toEqual(200);
@@ -221,11 +187,7 @@ describe("#collections.list", () => {
describe("#collections.import", () => {
it("should error if no attachmentId is passed", async () => {
const user = await buildUser();
const res = await server.post("/api/collections.import", {
body: {
token: user.getJwtToken(),
},
});
const res = await server.post("/api/collections.import", user);
expect(res.status).toEqual(400);
});
@@ -248,9 +210,8 @@ describe("#collections.move", () => {
it("should require authorization", async () => {
const user = await buildUser();
const collection = await buildCollection();
const res = await server.post("/api/collections.move", {
const res = await server.post("/api/collections.move", user, {
body: {
token: user.getJwtToken(),
id: collection.id,
index: "P",
},
@@ -262,9 +223,8 @@ describe("#collections.move", () => {
const team = await buildTeam();
const admin = await buildAdmin({ teamId: team.id });
const collection = await buildCollection({ teamId: team.id });
const res = await server.post("/api/collections.move", {
const res = await server.post("/api/collections.move", admin, {
body: {
token: admin.getJwtToken(),
id: collection.id,
index: "P",
icon: "flame",
@@ -279,9 +239,8 @@ describe("#collections.move", () => {
const team = await buildTeam();
const admin = await buildAdmin({ teamId: team.id });
const collection = await buildCollection({ teamId: team.id });
const res = await server.post("/api/collections.move", {
const res = await server.post("/api/collections.move", admin, {
body: {
token: admin.getJwtToken(),
id: collection.id,
index: "P",
icon: "😁",
@@ -296,9 +255,8 @@ describe("#collections.move", () => {
const team = await buildTeam();
const admin = await buildAdmin({ teamId: team.id });
const collection = await buildCollection({ teamId: team.id });
const res = await server.post("/api/collections.move", {
const res = await server.post("/api/collections.move", admin, {
body: {
token: admin.getJwtToken(),
id: collection.id,
icon: "nonsRence",
},
@@ -310,9 +268,8 @@ describe("#collections.move", () => {
const team = await buildTeam();
const admin = await buildAdmin({ teamId: team.id });
const collection = await buildCollection({ teamId: team.id });
const res = await server.post("/api/collections.move", {
const res = await server.post("/api/collections.move", admin, {
body: {
token: admin.getJwtToken(),
id: collection.id,
index: "يونيكود",
},
@@ -330,9 +287,9 @@ describe("#collections.move", () => {
});
const createdCollectionResponse = await server.post(
"/api/collections.create",
user,
{
body: {
token: user.getJwtToken(),
name: "Test",
sharing: false,
index: "Q",
@@ -340,13 +297,16 @@ describe("#collections.move", () => {
}
);
await createdCollectionResponse.json();
const movedCollectionRes = await server.post("/api/collections.move", {
body: {
token: admin.getJwtToken(),
id: collection.id,
index: "Q",
},
});
const movedCollectionRes = await server.post(
"/api/collections.move",
admin,
{
body: {
id: collection.id,
index: "Q",
},
}
);
const movedCollection = await movedCollectionRes.json();
expect(movedCollectionRes.status).toEqual(200);
expect(movedCollection.success).toBe(true);
@@ -360,9 +320,9 @@ describe("#collections.move", () => {
const user = await buildUser({ teamId: team.id });
const createdCollectionAResponse = await server.post(
"/api/collections.create",
user,
{
body: {
token: user.getJwtToken(),
name: "A",
sharing: false,
index: "a",
@@ -371,9 +331,9 @@ describe("#collections.move", () => {
);
const createdCollectionBResponse = await server.post(
"/api/collections.create",
user,
{
body: {
token: user.getJwtToken(),
name: "B",
sharing: false,
index: "b",
@@ -382,9 +342,9 @@ describe("#collections.move", () => {
);
const createdCollectionCResponse = await server.post(
"/api/collections.create",
user,
{
body: {
token: user.getJwtToken(),
name: "C",
sharing: false,
index: "c",
@@ -396,9 +356,9 @@ describe("#collections.move", () => {
const createdCollectionC = await createdCollectionCResponse.json();
const movedCollectionCResponse = await server.post(
"/api/collections.move",
admin,
{
body: {
token: admin.getJwtToken(),
id: createdCollectionC.data.id,
index: "a",
},
@@ -420,9 +380,8 @@ describe("#collections.export", () => {
permission: null,
teamId: user.teamId,
});
const res = await server.post("/api/collections.export", {
const res = await server.post("/api/collections.export", user, {
body: {
token: user.getJwtToken(),
id: collection.id,
},
});
@@ -441,9 +400,8 @@ describe("#collections.export", () => {
userId: admin.id,
permission: CollectionPermission.ReadWrite,
});
const res = await server.post("/api/collections.export", {
const res = await server.post("/api/collections.export", admin, {
body: {
token: admin.getJwtToken(),
id: collection.id,
},
});
@@ -470,9 +428,8 @@ describe("#collections.export", () => {
createdById: admin.id,
},
});
const res = await server.post("/api/collections.export", {
const res = await server.post("/api/collections.export", admin, {
body: {
token: admin.getJwtToken(),
id: collection.id,
},
});
@@ -493,9 +450,8 @@ describe("#collections.export", () => {
userId: admin.id,
teamId: admin.teamId,
});
const res = await server.post("/api/collections.export", {
const res = await server.post("/api/collections.export", user, {
body: {
token: user.getJwtToken(),
id: collection.id,
},
});
@@ -507,9 +463,8 @@ describe("#collections.export", () => {
const collection = await buildCollection({
teamId: admin.teamId,
});
const res = await server.post("/api/collections.export", {
const res = await server.post("/api/collections.export", admin, {
body: {
token: admin.getJwtToken(),
id: collection.id,
},
});
@@ -530,21 +485,13 @@ describe("#collections.export_all", () => {
it("should require authorization", async () => {
const user = await buildUser();
const res = await server.post("/api/collections.export_all", {
body: {
token: user.getJwtToken(),
},
});
const res = await server.post("/api/collections.export_all", user);
expect(res.status).toEqual(403);
});
it("should return success", async () => {
const admin = await buildAdmin();
const res = await server.post("/api/collections.export_all", {
body: {
token: admin.getJwtToken(),
},
});
const res = await server.post("/api/collections.export_all", admin);
expect(res.status).toEqual(200);
});
});
@@ -566,9 +513,8 @@ describe("#collections.add_user", () => {
userId: user.id,
permission: CollectionPermission.Admin,
});
const res = await server.post("/api/collections.add_user", {
const res = await server.post("/api/collections.add_user", user, {
body: {
token: user.getJwtToken(),
id: collection.id,
userId: anotherUser.id,
},
@@ -588,9 +534,8 @@ describe("#collections.add_user", () => {
const anotherUser = await buildUser({
teamId: admin.teamId,
});
const res = await server.post("/api/collections.add_user", {
const res = await server.post("/api/collections.add_user", admin, {
body: {
token: admin.getJwtToken(),
id: collection.id,
userId: anotherUser.id,
},
@@ -606,9 +551,8 @@ describe("#collections.add_user", () => {
teamId: user.teamId,
permission: null,
});
const res = await server.post("/api/collections.add_user", {
const res = await server.post("/api/collections.add_user", user, {
body: {
token: user.getJwtToken(),
id: collection.id,
userId: user.id,
},
@@ -625,9 +569,8 @@ describe("#collections.add_user", () => {
permission: null,
});
const anotherUser = await buildUser();
const res = await server.post("/api/collections.add_user", {
const res = await server.post("/api/collections.add_user", user, {
body: {
token: user.getJwtToken(),
id: collection.id,
userId: anotherUser.id,
},
@@ -648,9 +591,8 @@ describe("#collections.add_user", () => {
const anotherUser = await buildUser({
teamId: user.teamId,
});
const res = await server.post("/api/collections.add_user", {
const res = await server.post("/api/collections.add_user", user, {
body: {
token: user.getJwtToken(),
id: collection.id,
userId: anotherUser.id,
},
@@ -670,9 +612,8 @@ describe("#collections.add_group", () => {
const group = await buildGroup({
teamId: user.teamId,
});
const res = await server.post("/api/collections.add_group", {
const res = await server.post("/api/collections.add_group", user, {
body: {
token: user.getJwtToken(),
id: collection.id,
groupId: group.id,
},
@@ -692,9 +633,8 @@ describe("#collections.add_group", () => {
const group = await buildGroup({
teamId: user.teamId,
});
const res = await server.post("/api/collections.add_group", {
const res = await server.post("/api/collections.add_group", user, {
body: {
token: user.getJwtToken(),
id: collection.id,
groupId: group.id,
permission: null,
@@ -715,9 +655,8 @@ describe("#collections.add_group", () => {
permission: null,
});
const group = await buildGroup();
const res = await server.post("/api/collections.add_group", {
const res = await server.post("/api/collections.add_group", user, {
body: {
token: user.getJwtToken(),
id: collection.id,
groupId: group.id,
},
@@ -738,9 +677,8 @@ describe("#collections.add_group", () => {
const group = await buildGroup({
teamId: user.teamId,
});
const res = await server.post("/api/collections.add_group", {
const res = await server.post("/api/collections.add_group", user, {
body: {
token: user.getJwtToken(),
id: collection.id,
groupId: group.id,
},
@@ -760,18 +698,16 @@ describe("#collections.remove_group", () => {
const group = await buildGroup({
teamId: user.teamId,
});
await server.post("/api/collections.add_group", {
await server.post("/api/collections.add_group", user, {
body: {
token: user.getJwtToken(),
id: collection.id,
groupId: group.id,
},
});
let groups = await collection.$get("groups");
expect(groups.length).toEqual(1);
const res = await server.post("/api/collections.remove_group", {
const res = await server.post("/api/collections.remove_group", user, {
body: {
token: user.getJwtToken(),
id: collection.id,
groupId: group.id,
},
@@ -788,9 +724,8 @@ describe("#collections.remove_group", () => {
permission: null,
});
const group = await buildGroup();
const res = await server.post("/api/collections.remove_group", {
const res = await server.post("/api/collections.remove_group", user, {
body: {
token: user.getJwtToken(),
id: collection.id,
groupId: group.id,
},
@@ -811,9 +746,8 @@ describe("#collections.remove_group", () => {
const group = await buildGroup({
teamId: user.teamId,
});
const res = await server.post("/api/collections.remove_group", {
const res = await server.post("/api/collections.remove_group", user, {
body: {
token: user.getJwtToken(),
id: collection.id,
groupId: group.id,
},
@@ -833,16 +767,14 @@ describe("#collections.remove_user", () => {
const anotherUser = await buildUser({
teamId: admin.teamId,
});
await server.post("/api/collections.add_user", {
await server.post("/api/collections.add_user", admin, {
body: {
token: admin.getJwtToken(),
id: collection.id,
userId: anotherUser.id,
},
});
const res = await server.post("/api/collections.remove_user", {
const res = await server.post("/api/collections.remove_user", admin, {
body: {
token: admin.getJwtToken(),
id: collection.id,
userId: anotherUser.id,
},
@@ -862,9 +794,8 @@ describe("#collections.remove_user", () => {
const nonMember = await buildUser({
teamId: admin.teamId,
});
const res = await server.post("/api/collections.remove_user", {
const res = await server.post("/api/collections.remove_user", admin, {
body: {
token: admin.getJwtToken(),
id: collection.id,
userId: nonMember.id,
},
@@ -881,9 +812,8 @@ describe("#collections.remove_user", () => {
permission: null,
});
const anotherUser = await buildUser();
const res = await server.post("/api/collections.remove_user", {
const res = await server.post("/api/collections.remove_user", user, {
body: {
token: user.getJwtToken(),
id: collection.id,
userId: anotherUser.id,
},
@@ -904,9 +834,8 @@ describe("#collections.remove_user", () => {
const anotherUser = await buildUser({
teamId: user.teamId,
});
const res = await server.post("/api/collections.remove_user", {
const res = await server.post("/api/collections.remove_user", user, {
body: {
token: user.getJwtToken(),
id: collection.id,
userId: anotherUser.id,
},
@@ -937,9 +866,8 @@ describe("#collections.group_memberships", () => {
groupId: group.id,
permission: CollectionPermission.ReadWrite,
});
const res = await server.post("/api/collections.group_memberships", {
const res = await server.post("/api/collections.group_memberships", user, {
body: {
token: user.getJwtToken(),
id: collection.id,
},
});
@@ -987,9 +915,8 @@ describe("#collections.group_memberships", () => {
groupId: group2.id,
permission: CollectionPermission.ReadWrite,
});
const res = await server.post("/api/collections.group_memberships", {
const res = await server.post("/api/collections.group_memberships", user, {
body: {
token: user.getJwtToken(),
id: collection.id,
query: "will",
},
@@ -1030,9 +957,8 @@ describe("#collections.group_memberships", () => {
groupId: group2.id,
permission: CollectionPermission.Read,
});
const res = await server.post("/api/collections.group_memberships", {
const res = await server.post("/api/collections.group_memberships", user, {
body: {
token: user.getJwtToken(),
id: collection.id,
permission: CollectionPermission.Read,
},
@@ -1056,9 +982,8 @@ describe("#collections.group_memberships", () => {
permission: null,
teamId: user.teamId,
});
const res = await server.post("/api/collections.group_memberships", {
const res = await server.post("/api/collections.group_memberships", user, {
body: {
token: user.getJwtToken(),
id: collection.id,
},
});
@@ -1077,9 +1002,8 @@ describe("#collections.memberships", () => {
collection.permission = null;
await collection.save();
const res = await server.post("/api/collections.memberships", {
const res = await server.post("/api/collections.memberships", user, {
body: {
token: user.getJwtToken(),
id: collection.id,
},
});
@@ -1111,9 +1035,8 @@ describe("#collections.memberships", () => {
userId: user2.id,
permission: CollectionPermission.ReadWrite,
});
const res = await server.post("/api/collections.memberships", {
const res = await server.post("/api/collections.memberships", user, {
body: {
token: user.getJwtToken(),
id: collection.id,
query: user.name.slice(0, 3),
},
@@ -1144,9 +1067,8 @@ describe("#collections.memberships", () => {
userId: user2.id,
permission: CollectionPermission.Read,
});
const res = await server.post("/api/collections.memberships", {
const res = await server.post("/api/collections.memberships", user, {
body: {
token: user.getJwtToken(),
id: collection.id,
permission: CollectionPermission.Read,
},
@@ -1167,9 +1089,8 @@ describe("#collections.memberships", () => {
it("should require authorization", async () => {
const collection = await buildCollection();
const user = await buildUser();
const res = await server.post("/api/collections.memberships", {
const res = await server.post("/api/collections.memberships", user, {
body: {
token: user.getJwtToken(),
id: collection.id,
},
});
@@ -1187,9 +1108,8 @@ describe("#collections.info", () => {
archivedAt: new Date(),
archivedById: user.id,
});
const res = await server.post("/api/collections.info", {
const res = await server.post("/api/collections.info", user, {
body: {
token: user.getJwtToken(),
id: collection.id,
},
});
@@ -1205,9 +1125,8 @@ describe("#collections.info", () => {
userId: user.id,
teamId: team.id,
});
const res = await server.post("/api/collections.info", {
const res = await server.post("/api/collections.info", user, {
body: {
token: user.getJwtToken(),
id: collection.id,
},
});
@@ -1223,9 +1142,8 @@ describe("#collections.info", () => {
userId: user.id,
teamId: team.id,
});
const res = await server.post("/api/collections.info", {
const res = await server.post("/api/collections.info", user, {
body: {
token: user.getJwtToken(),
id: `any-slug-${collection.urlId}`,
},
});
@@ -1250,9 +1168,8 @@ describe("#collections.info", () => {
userId: user.id,
},
});
const res = await server.post("/api/collections.info", {
const res = await server.post("/api/collections.info", user, {
body: {
token: user.getJwtToken(),
id: collection.id,
},
});
@@ -1274,9 +1191,8 @@ describe("#collections.info", () => {
createdById: user.id,
permission: CollectionPermission.Read,
});
const res = await server.post("/api/collections.info", {
const res = await server.post("/api/collections.info", user, {
body: {
token: user.getJwtToken(),
id: collection.id,
},
});
@@ -1295,9 +1211,8 @@ describe("#collections.info", () => {
it("should require authorization", async () => {
const collection = await buildCollection();
const user = await buildUser();
const res = await server.post("/api/collections.info", {
const res = await server.post("/api/collections.info", user, {
body: {
token: user.getJwtToken(),
id: collection.id,
},
});
@@ -1315,9 +1230,8 @@ describe("#collections.create", () => {
it("should create collection", async () => {
const user = await buildUser();
const res = await server.post("/api/collections.create", {
const res = await server.post("/api/collections.create", user, {
body: {
token: user.getJwtToken(),
name: "Test",
},
});
@@ -1333,9 +1247,8 @@ describe("#collections.create", () => {
it("should error when index is invalid", async () => {
const user = await buildUser();
const res = await server.post("/api/collections.create", {
const res = await server.post("/api/collections.create", user, {
body: {
token: user.getJwtToken(),
name: "Test",
index: "يونيكود",
},
@@ -1345,9 +1258,8 @@ describe("#collections.create", () => {
it("should allow setting sharing to false", async () => {
const user = await buildUser();
const res = await server.post("/api/collections.create", {
const res = await server.post("/api/collections.create", user, {
body: {
token: user.getJwtToken(),
name: "Test",
sharing: false,
},
@@ -1360,9 +1272,8 @@ describe("#collections.create", () => {
it("should return correct policies with private collection", async () => {
const user = await buildUser();
const res = await server.post("/api/collections.create", {
const res = await server.post("/api/collections.create", user, {
body: {
token: user.getJwtToken(),
name: "Test",
permission: null,
},
@@ -1381,15 +1292,13 @@ describe("#collections.create", () => {
buildAdmin({ teamId: team.id }),
]);
const resA = await server.post("/api/collections.create", {
const resA = await server.post("/api/collections.create", adminA, {
body: {
token: adminA.getJwtToken(),
name: "Test A",
},
});
const resB = await server.post("/api/collections.create", {
const resB = await server.post("/api/collections.create", adminB, {
body: {
token: adminB.getJwtToken(),
name: "Test B",
},
});
@@ -1404,9 +1313,9 @@ describe("#collections.create", () => {
const user = await buildUser();
const createdCollectionAResponse = await server.post(
"/api/collections.create",
user,
{
body: {
token: user.getJwtToken(),
name: "A",
sharing: false,
index: "a",
@@ -1416,9 +1325,9 @@ describe("#collections.create", () => {
await createdCollectionAResponse.json();
const createCollectionResponse = await server.post(
"/api/collections.create",
user,
{
body: {
token: user.getJwtToken(),
name: "C",
sharing: false,
index: "a",
@@ -1435,9 +1344,9 @@ describe("#collections.create", () => {
const user = await buildUser();
const createdCollectionAResponse = await server.post(
"/api/collections.create",
user,
{
body: {
token: user.getJwtToken(),
name: "A",
sharing: false,
index: "a",
@@ -1446,9 +1355,9 @@ describe("#collections.create", () => {
);
const createdCollectionBResponse = await server.post(
"/api/collections.create",
user,
{
body: {
token: user.getJwtToken(),
name: "B",
sharing: false,
index: "b",
@@ -1459,9 +1368,9 @@ describe("#collections.create", () => {
await createdCollectionBResponse.json();
const createCollectionResponse = await server.post(
"/api/collections.create",
user,
{
body: {
token: user.getJwtToken(),
name: "C",
sharing: false,
index: "a",
@@ -1493,9 +1402,8 @@ describe("#collections.update", () => {
it("should require authorization", async () => {
const collection = await buildCollection();
const user = await buildUser();
const res = await server.post("/api/collections.update", {
const res = await server.post("/api/collections.update", user, {
body: {
token: user.getJwtToken(),
id: collection.id,
name: "Test",
},
@@ -1507,9 +1415,8 @@ describe("#collections.update", () => {
const team = await buildTeam();
const admin = await buildAdmin({ teamId: team.id });
const collection = await buildCollection({ teamId: team.id });
const res = await server.post("/api/collections.update", {
const res = await server.post("/api/collections.update", admin, {
body: {
token: admin.getJwtToken(),
id: collection.id,
name: "Test",
},
@@ -1524,9 +1431,8 @@ describe("#collections.update", () => {
const team = await buildTeam();
const admin = await buildAdmin({ teamId: team.id });
const collection = await buildCollection({ teamId: team.id });
const res = await server.post("/api/collections.update", {
const res = await server.post("/api/collections.update", admin, {
body: {
token: admin.getJwtToken(),
id: collection.id,
description: "Test",
},
@@ -1545,9 +1451,8 @@ describe("#collections.update", () => {
const team = await buildTeam();
const admin = await buildAdmin({ teamId: team.id });
const collection = await buildCollection({ teamId: team.id });
const res = await server.post("/api/collections.update", {
const res = await server.post("/api/collections.update", admin, {
body: {
token: admin.getJwtToken(),
id: collection.id,
data: {
content: [
@@ -1570,9 +1475,8 @@ describe("#collections.update", () => {
field: "index",
direction: "desc",
};
const res = await server.post("/api/collections.update", {
const res = await server.post("/api/collections.update", admin, {
body: {
token: admin.getJwtToken(),
id: collection.id,
sort,
},
@@ -1587,9 +1491,8 @@ describe("#collections.update", () => {
const team = await buildTeam();
const admin = await buildAdmin({ teamId: team.id });
const collection = await buildCollection({ teamId: team.id });
const res = await server.post("/api/collections.update", {
const res = await server.post("/api/collections.update", admin, {
body: {
token: admin.getJwtToken(),
id: collection.id,
permission: null,
},
@@ -1604,9 +1507,8 @@ describe("#collections.update", () => {
const team = await buildTeam();
const admin = await buildAdmin({ teamId: team.id });
const collection = await buildCollection({ teamId: team.id });
const res = await server.post("/api/collections.update", {
const res = await server.post("/api/collections.update", admin, {
body: {
token: admin.getJwtToken(),
id: collection.id,
permission: null,
name: " Test ",
@@ -1633,9 +1535,8 @@ describe("#collections.update", () => {
createdById: admin.id,
permission: CollectionPermission.ReadWrite,
});
const res = await server.post("/api/collections.update", {
const res = await server.post("/api/collections.update", admin, {
body: {
token: admin.getJwtToken(),
id: collection.id,
permission: CollectionPermission.ReadWrite,
name: "Test",
@@ -1662,9 +1563,8 @@ describe("#collections.update", () => {
createdById: admin.id,
permission: CollectionPermission.ReadWrite,
});
const res = await server.post("/api/collections.update", {
const res = await server.post("/api/collections.update", admin, {
body: {
token: admin.getJwtToken(),
id: collection.id,
name: "Test",
},
@@ -1695,9 +1595,8 @@ describe("#collections.update", () => {
createdById: user.id,
},
});
const res = await server.post("/api/collections.update", {
const res = await server.post("/api/collections.update", user, {
body: {
token: user.getJwtToken(),
id: collection.id,
name: "Test",
},
@@ -1729,9 +1628,8 @@ describe("#collections.update", () => {
},
}
);
const res = await server.post("/api/collections.update", {
const res = await server.post("/api/collections.update", user, {
body: {
token: user.getJwtToken(),
id: collection.id,
name: "Test",
},
@@ -1747,9 +1645,8 @@ describe("#collections.update", () => {
field: "blah",
direction: "desc",
};
const res = await server.post("/api/collections.update", {
const res = await server.post("/api/collections.update", admin, {
body: {
token: admin.getJwtToken(),
id: collection.id,
sort,
},
@@ -1765,9 +1662,8 @@ describe("#collections.update", () => {
field: "title",
direction: "blah",
};
const res = await server.post("/api/collections.update", {
const res = await server.post("/api/collections.update", admin, {
body: {
token: admin.getJwtToken(),
id: collection.id,
sort,
},
@@ -1787,9 +1683,8 @@ describe("#collections.delete", () => {
it("should require authorization", async () => {
const collection = await buildCollection();
const user = await buildUser();
const res = await server.post("/api/collections.delete", {
const res = await server.post("/api/collections.delete", user, {
body: {
token: user.getJwtToken(),
id: collection.id,
},
});
@@ -1800,9 +1695,8 @@ describe("#collections.delete", () => {
const team = await buildTeam();
const admin = await buildAdmin({ teamId: team.id });
const collection = await buildCollection({ teamId: team.id });
const res = await server.post("/api/collections.delete", {
const res = await server.post("/api/collections.delete", admin, {
body: {
token: admin.getJwtToken(),
id: collection.id,
},
});
@@ -1815,9 +1709,8 @@ describe("#collections.delete", () => {
const collection = await buildCollection({ teamId: team.id });
await buildCollection({ teamId: team.id });
const res = await server.post("/api/collections.delete", {
const res = await server.post("/api/collections.delete", admin, {
body: {
token: admin.getJwtToken(),
id: collection.id,
},
});
@@ -1840,9 +1733,8 @@ describe("#collections.delete", () => {
collectionId: collection.id,
archivedAt: new Date(),
});
const res = await server.post("/api/collections.delete", {
const res = await server.post("/api/collections.delete", admin, {
body: {
token: admin.getJwtToken(),
id: collection.id,
},
});
@@ -1881,9 +1773,8 @@ describe("#collections.delete", () => {
createdById: user.id,
},
});
const res = await server.post("/api/collections.delete", {
const res = await server.post("/api/collections.delete", user, {
body: {
token: user.getJwtToken(),
id: collection.id,
},
});
@@ -1907,9 +1798,8 @@ describe("#collections.archive", () => {
await collection.reload();
expect(collection.documentStructure).not.toBe(null);
expect(document.archivedAt).toBe(null);
const res = await server.post("/api/collections.archive", {
const res = await server.post("/api/collections.archive", admin, {
body: {
token: admin.getJwtToken(),
id: collection.id,
},
});
@@ -1941,9 +1831,8 @@ describe("#collections.restore", () => {
// reload to ensure documentStructure is set
await collection.reload();
expect(collection.documentStructure).not.toBe(null);
const archiveRes = await server.post("/api/collections.archive", {
const archiveRes = await server.post("/api/collections.archive", admin, {
body: {
token: admin.getJwtToken(),
id: collection.id,
},
});
@@ -1953,9 +1842,8 @@ describe("#collections.restore", () => {
]);
expect(archiveRes.status).toEqual(200);
expect(archiveBody.data.archivedAt).not.toBe(null);
const res = await server.post("/api/collections.restore", {
const res = await server.post("/api/collections.restore", admin, {
body: {
token: admin.getJwtToken(),
id: collection.id,
},
});
@@ -1982,9 +1870,8 @@ describe("#collections.restore", () => {
expect(collection.index).toEqual("P");
expect(archivedCollection.index).toEqual("P");
const res = await server.post("/api/collections.restore", {
const res = await server.post("/api/collections.restore", admin, {
body: {
token: admin.getJwtToken(),
id: archivedCollection.id,
},
});
server/routes/api/comments/comments.test.ts
+33 -69
View File
@@ -36,9 +36,8 @@ describe("#comments.info", () => {
userId: user2.id,
documentId: document.id,
});
const res = await server.post("/api/comments.info", {
const res = await server.post("/api/comments.info", user, {
body: {
token: user.getJwtToken(),
id: comment.id,
},
});
@@ -65,9 +64,8 @@ describe("#comments.info", () => {
userId: user2.id,
documentId: document.id,
});
const res = await server.post("/api/comments.info", {
const res = await server.post("/api/comments.info", user, {
body: {
token: user.getJwtToken(),
id: comment.id,
},
});
@@ -111,9 +109,8 @@ describe("#comments.info", () => {
} as ProsemirrorData;
await document.update({ content });
const res = await server.post("/api/comments.info", {
const res = await server.post("/api/comments.info", user, {
body: {
token: user.getJwtToken(),
id: comment.id,
includeAnchorText: true,
},
@@ -154,9 +151,8 @@ describe("#comments.info", () => {
} as ProsemirrorData;
await document.update({ content });
const res = await server.post("/api/comments.info", {
const res = await server.post("/api/comments.info", user, {
body: {
token: user.getJwtToken(),
id: comment.id,
includeAnchorText: true,
},
@@ -194,9 +190,8 @@ describe("#comments.list", () => {
documentId: document.id,
createdAt: new Date(),
});
const res = await server.post("/api/comments.list", {
const res = await server.post("/api/comments.list", user, {
body: {
token: user.getJwtToken(),
documentId: document.id,
},
});
@@ -244,9 +239,8 @@ describe("#comments.list", () => {
} as ProsemirrorData;
await document.update({ content });
const res = await server.post("/api/comments.list", {
const res = await server.post("/api/comments.list", user, {
body: {
token: user.getJwtToken(),
documentId: document.id,
includeAnchorText: true,
sort: "createdAt",
@@ -279,9 +273,8 @@ describe("#comments.list", () => {
userId: user.id,
documentId: document.id,
});
const res = await server.post("/api/comments.list", {
const res = await server.post("/api/comments.list", user, {
body: {
token: user.getJwtToken(),
collectionId: collection.id,
},
});
@@ -311,9 +304,8 @@ describe("#comments.list", () => {
documentId: document.id,
parentCommentId: comment.id,
});
const res = await server.post("/api/comments.list", {
const res = await server.post("/api/comments.list", user, {
body: {
token: user.getJwtToken(),
parentCommentId: comment.id,
},
});
@@ -342,9 +334,8 @@ describe("#comments.list", () => {
userId: user.id,
documentId: document.id,
});
const res = await server.post("/api/comments.list", {
const res = await server.post("/api/comments.list", user, {
body: {
token: user.getJwtToken(),
documentId: document.id,
statusFilter: [CommentStatusFilter.Resolved],
},
@@ -390,11 +381,7 @@ describe("#comments.list", () => {
userId: user.id,
documentId: document2.id,
});
const res = await server.post("/api/comments.list", {
body: {
token: user.getJwtToken(),
},
});
const res = await server.post("/api/comments.list", user);
const body = await res.json();
expect(res.status).toEqual(200);
@@ -425,9 +412,8 @@ describe("#comments.list", () => {
reactions,
});
const res = await server.post("/api/comments.list", {
const res = await server.post("/api/comments.list", user, {
body: {
token: user.getJwtToken(),
documentId: document.id,
},
});
@@ -464,9 +450,8 @@ describe("#comments.create", () => {
documentId: document.id,
});
const res = await server.post("/api/comments.create", {
const res = await server.post("/api/comments.create", user, {
body: {
token: user.getJwtToken(),
documentId: document.id,
data: comment.data,
},
@@ -491,9 +476,8 @@ describe("#comments.create", () => {
const text = "test\n\n- list item 1\n- list item 2";
const res = await server.post("/api/comments.create", {
const res = await server.post("/api/comments.create", user, {
body: {
token: user.getJwtToken(),
documentId: document.id,
text,
},
@@ -515,17 +499,15 @@ describe("#comments.create", () => {
teamId: user.teamId,
});
const res = await server.post("/api/comments.create", {
const res = await server.post("/api/comments.create", user, {
body: {
token: user.getJwtToken(),
documentId: document.id,
data: null,
},
});
const anotherRes = await server.post("/api/comments.create", {
const anotherRes = await server.post("/api/comments.create", user, {
body: {
token: user.getJwtToken(),
documentId: document.id,
data: {
type: "doc",
@@ -546,9 +528,8 @@ describe("#comments.create", () => {
teamId: user.teamId,
});
const res = await server.post("/api/comments.create", {
const res = await server.post("/api/comments.create", user, {
body: {
token: user.getJwtToken(),
documentId: document.id,
data: {
type: "doc",
@@ -573,9 +554,8 @@ describe("#comments.create", () => {
teamId: user.teamId,
});
const res = await server.post("/api/comments.create", {
const res = await server.post("/api/comments.create", user, {
body: {
token: user.getJwtToken(),
documentId: document.id,
data: {
type: "doc",
@@ -608,9 +588,8 @@ describe("#comments.create", () => {
teamId: user.teamId,
});
const res = await server.post("/api/comments.create", {
const res = await server.post("/api/comments.create", user, {
body: {
token: user.getJwtToken(),
documentId: document.id,
data: {
type: "doc",
@@ -643,9 +622,8 @@ describe("#comments.create", () => {
teamId: user.teamId,
});
const res = await server.post("/api/comments.create", {
const res = await server.post("/api/comments.create", user, {
body: {
token: user.getJwtToken(),
documentId: document.id,
data: {
type: "nonsense",
@@ -664,9 +642,8 @@ describe("#comments.create", () => {
teamId: user.teamId,
});
const res = await server.post("/api/comments.create", {
const res = await server.post("/api/comments.create", user, {
body: {
token: user.getJwtToken(),
documentId: document.id,
data: {
type: "doc",
@@ -692,9 +669,8 @@ describe("#comments.create", () => {
teamId: user.teamId,
});
const res = await server.post("/api/comments.create", {
const res = await server.post("/api/comments.create", user, {
body: {
token: user.getJwtToken(),
documentId: document.id,
data: {
type: "doc",
@@ -730,9 +706,8 @@ describe("#comments.create", () => {
teamId: user.teamId,
});
const res = await server.post("/api/comments.create", {
const res = await server.post("/api/comments.create", user, {
body: {
token: user.getJwtToken(),
documentId: document.id,
data: {
type: "doc",
@@ -796,9 +771,8 @@ describe("#comments.update", () => {
documentId: document.id,
});
const res = await server.post("/api/comments.update", {
const res = await server.post("/api/comments.update", user, {
body: {
token: user.getJwtToken(),
id: comment.id,
data: comment.data,
},
@@ -825,9 +799,8 @@ describe("#comments.update", () => {
documentId: document.id,
});
const res = await server.post("/api/comments.update", {
const res = await server.post("/api/comments.update", user, {
body: {
token: user.getJwtToken(),
id: comment.id,
data: {
type: "doc",
@@ -867,9 +840,8 @@ describe("#comments.resolve", () => {
documentId: document.id,
});
const res = await server.post("/api/comments.resolve", {
const res = await server.post("/api/comments.resolve", user, {
body: {
token: user.getJwtToken(),
id: comment.id,
},
});
@@ -907,9 +879,8 @@ describe("#comments.resolve", () => {
parentCommentId: parentComment.id,
});
const res = await server.post("/api/comments.resolve", {
const res = await server.post("/api/comments.resolve", user, {
body: {
token: user.getJwtToken(),
id: comment.id,
},
});
@@ -938,9 +909,8 @@ describe("#comments.unresolve", () => {
documentId: document.id,
});
const res = await server.post("/api/comments.unresolve", {
const res = await server.post("/api/comments.unresolve", user, {
body: {
token: user.getJwtToken(),
id: comment.id,
},
});
@@ -980,9 +950,8 @@ describe("#comments.add_reaction", () => {
documentId: document.id,
});
const res = await server.post("/api/comments.add_reaction", {
const res = await server.post("/api/comments.add_reaction", user, {
body: {
token: user.getJwtToken(),
id: comment.id,
emoji: "😄",
},
@@ -1016,9 +985,8 @@ describe("#comments.add_reaction", () => {
reactions: [{ emoji: "😄", userIds: ["test-user"] }],
});
const res = await server.post("/api/comments.add_reaction", {
const res = await server.post("/api/comments.add_reaction", user, {
body: {
token: user.getJwtToken(),
id: comment.id,
emoji: "😄",
},
@@ -1055,9 +1023,8 @@ describe("#comments.add_reaction", () => {
createdById: user.id,
});
const res = await server.post("/api/comments.add_reaction", {
const res = await server.post("/api/comments.add_reaction", user, {
body: {
token: user.getJwtToken(),
id: comment.id,
emoji: emoji.id,
},
@@ -1094,9 +1061,8 @@ describe("#comments.add_reaction", () => {
teamId: otherTeam.id,
});
const res = await server.post("/api/comments.add_reaction", {
const res = await server.post("/api/comments.add_reaction", user, {
body: {
token: user.getJwtToken(),
id: comment.id,
emoji: emoji.id,
},
@@ -1134,9 +1100,8 @@ describe("#comments.remove_reaction", () => {
{ hooks: false }
);
const res = await server.post("/api/comments.remove_reaction", {
const res = await server.post("/api/comments.remove_reaction", user, {
body: {
token: user.getJwtToken(),
id: comment.id,
emoji: "😄",
},
@@ -1176,9 +1141,8 @@ describe("#comments.remove_reaction", () => {
{ hooks: false }
);
const res = await server.post("/api/comments.remove_reaction", {
const res = await server.post("/api/comments.remove_reaction", user, {
body: {
token: user.getJwtToken(),
id: comment.id,
emoji: "😄",
},
server/routes/api/documents/documents.test.ts
+234 -572
View File
File diff suppressed because it is too large Load Diff
server/routes/api/emojis/emojis.test.ts
+6 -12
View File
@@ -33,9 +33,8 @@ describe("#emojis.update", () => {
userId: user.id,
});
const res = await server.post("/api/emojis.update", {
const res = await server.post("/api/emojis.update", user, {
body: {
token: user.getJwtToken(),
id: emoji.id,
attachmentId: newAttachment.id,
},
@@ -69,9 +68,8 @@ describe("#emojis.update", () => {
userId: admin.id,
});
const res = await server.post("/api/emojis.update", {
const res = await server.post("/api/emojis.update", admin, {
body: {
token: admin.getJwtToken(),
id: emoji.id,
attachmentId: newAttachment.id,
},
@@ -97,9 +95,8 @@ describe("#emojis.update", () => {
userId: user.id,
});
const res = await server.post("/api/emojis.update", {
const res = await server.post("/api/emojis.update", user, {
body: {
token: user.getJwtToken(),
id: emoji.id,
attachmentId: newAttachment.id,
},
@@ -121,9 +118,8 @@ describe("#emojis.update", () => {
userId: user.id,
});
const res = await server.post("/api/emojis.update", {
const res = await server.post("/api/emojis.update", user, {
body: {
token: user.getJwtToken(),
id: emoji.id,
attachmentId: newAttachment.id,
},
@@ -139,9 +135,8 @@ describe("#emojis.update", () => {
userId: user.id,
});
const res = await server.post("/api/emojis.update", {
const res = await server.post("/api/emojis.update", user, {
body: {
token: user.getJwtToken(),
id: "00000000-0000-0000-0000-000000000000",
attachmentId: newAttachment.id,
},
@@ -157,9 +152,8 @@ describe("#emojis.update", () => {
createdById: user.id,
});
const res = await server.post("/api/emojis.update", {
const res = await server.post("/api/emojis.update", user, {
body: {
token: user.getJwtToken(),
id: emoji.id,
attachmentId: "00000000-0000-0000-0000-000000000000",
},
server/routes/api/events/events.test.ts
+15 -39
View File
@@ -37,9 +37,8 @@ describe("#events.list", () => {
teamId: user.teamId,
actorId: admin.id,
});
const res = await server.post("/api/events.list", {
const res = await server.post("/api/events.list", user, {
body: {
token: user.getJwtToken(),
collectionId: collection.id,
},
});
@@ -76,9 +75,8 @@ describe("#events.list", () => {
teamId: user.teamId,
actorId: admin.id,
});
const res = await server.post("/api/events.list", {
const res = await server.post("/api/events.list", admin, {
body: {
token: admin.getJwtToken(),
auditLog: true,
},
});
@@ -116,9 +114,8 @@ describe("#events.list", () => {
teamId: user.teamId,
actorId: user.id,
});
const res = await server.post("/api/events.list", {
const res = await server.post("/api/events.list", admin, {
body: {
token: admin.getJwtToken(),
auditLog: true,
actorId: admin.id,
},
@@ -156,9 +153,8 @@ describe("#events.list", () => {
teamId: user.teamId,
actorId: user.id,
});
const res = await server.post("/api/events.list", {
const res = await server.post("/api/events.list", user, {
body: {
token: user.getJwtToken(),
actorId: admin.id,
},
});
@@ -193,9 +189,8 @@ describe("#events.list", () => {
teamId: user.teamId,
actorId: user.id,
});
const res = await server.post("/api/events.list", {
const res = await server.post("/api/events.list", user, {
body: {
token: user.getJwtToken(),
actorId: user.id,
collectionId: collection.id,
},
@@ -225,9 +220,8 @@ describe("#events.list", () => {
teamId: user.teamId,
actorId: user.id,
});
const res = await server.post("/api/events.list", {
const res = await server.post("/api/events.list", admin, {
body: {
token: admin.getJwtToken(),
documentId: document.id,
},
});
@@ -256,9 +250,8 @@ describe("#events.list", () => {
teamId: user.teamId,
actorId: user.id,
});
const res = await server.post("/api/events.list", {
const res = await server.post("/api/events.list", actor, {
body: {
token: actor.getJwtToken(),
documentId: document.id,
},
});
@@ -292,9 +285,8 @@ describe("#events.list", () => {
teamId: user.teamId,
actorId: user.id,
});
const res = await server.post("/api/events.list", {
const res = await server.post("/api/events.list", user, {
body: {
token: user.getJwtToken(),
name: "documents.publish",
collectionId: collection.id,
},
@@ -332,9 +324,8 @@ describe("#events.list", () => {
teamId: user.teamId,
actorId: user.id,
});
const res = await server.post("/api/events.list", {
const res = await server.post("/api/events.list", user, {
body: {
token: user.getJwtToken(),
events: ["documents.publish"],
collectionId: collection.id,
},
@@ -366,11 +357,7 @@ describe("#events.list", () => {
actorId: user.id,
});
await user.destroy({ hooks: false });
const res = await server.post("/api/events.list", {
body: {
token: admin.getJwtToken(),
},
});
const res = await server.post("/api/events.list", admin);
const body = await res.json();
expect(res.status).toEqual(200);
expect(body.data.length).toEqual(1);
@@ -379,9 +366,8 @@ describe("#events.list", () => {
it("should require authorization for audit events", async () => {
const user = await buildUser();
const res = await server.post("/api/events.list", {
const res = await server.post("/api/events.list", user, {
body: {
token: user.getJwtToken(),
auditLog: true,
},
});
@@ -421,19 +407,14 @@ describe("#events.list", () => {
});
// user2 tries to list events without specifying documentId/collectionId
const res = await server.post("/api/events.list", {
body: {
token: user2.getJwtToken(),
},
});
const res = await server.post("/api/events.list", user2);
// Non-admins cannot list events without documentId or collectionId
expect(res.status).toEqual(403);
// Also verify user2 cannot see the draft when filtering by documentId
const res2 = await server.post("/api/events.list", {
const res2 = await server.post("/api/events.list", user2, {
body: {
token: user2.getJwtToken(),
documentId: privateDraft.id,
},
});
@@ -462,11 +443,7 @@ describe("#events.list", () => {
});
// admin lists events
const res = await server.post("/api/events.list", {
body: {
token: admin.getJwtToken(),
},
});
const res = await server.post("/api/events.list", admin);
const body = await res.json();
expect(res.status).toEqual(200);
@@ -497,9 +474,8 @@ describe("#events.list", () => {
});
// user lists events for their collection
const res = await server.post("/api/events.list", {
const res = await server.post("/api/events.list", user, {
body: {
token: user.getJwtToken(),
collectionId: collection.id,
},
});
server/routes/api/fileOperations/fileOperations.test.ts
+26 -40
View File
@@ -25,10 +25,9 @@ describe("#fileOperations.info", () => {
teamId: team.id,
userId: admin.id,
});
const res = await server.post("/api/fileOperations.info", {
const res = await server.post("/api/fileOperations.info", admin, {
body: {
id: exportData.id,
token: admin.getJwtToken(),
},
});
const body = await res.json();
@@ -45,10 +44,9 @@ describe("#fileOperations.info", () => {
teamId: team.id,
userId: user.id,
});
const res = await server.post("/api/fileOperations.info", {
const res = await server.post("/api/fileOperations.info", user, {
body: {
id: exportData.id,
token: user.getJwtToken(),
},
});
const body = await res.json();
@@ -65,10 +63,9 @@ describe("#fileOperations.info", () => {
teamId: team.id,
userId: admin.id,
});
const res = await server.post("/api/fileOperations.info", {
const res = await server.post("/api/fileOperations.info", user, {
body: {
id: exportData.id,
token: user.getJwtToken(),
},
});
expect(res.status).toEqual(403);
@@ -83,10 +80,9 @@ describe("#fileOperations.info", () => {
teamId: team.id,
userId: admin1.id,
});
const res = await server.post("/api/fileOperations.info", {
const res = await server.post("/api/fileOperations.info", admin2, {
body: {
id: exportData.id,
token: admin2.getJwtToken(),
},
});
const body = await res.json();
@@ -103,10 +99,9 @@ describe("#fileOperations.info", () => {
teamId: team.id,
userId: admin1.id,
});
const res = await server.post("/api/fileOperations.info", {
const res = await server.post("/api/fileOperations.info", admin2, {
body: {
id: importOp.id,
token: admin2.getJwtToken(),
},
});
const body = await res.json();
@@ -125,10 +120,9 @@ describe("#fileOperations.info", () => {
teamId: team.id,
userId: admin.id,
});
const res = await server.post("/api/fileOperations.info", {
const res = await server.post("/api/fileOperations.info", admin, {
body: {
id: exportData.id,
token: admin.getJwtToken(),
},
});
expect(res.status).toEqual(403);
@@ -146,9 +140,8 @@ describe("#fileOperations.list", () => {
teamId: team.id,
userId: admin.id,
});
const res = await server.post("/api/fileOperations.list", {
const res = await server.post("/api/fileOperations.list", admin, {
body: {
token: admin.getJwtToken(),
type: FileOperationType.Export,
},
});
@@ -176,9 +169,8 @@ describe("#fileOperations.list", () => {
userId: admin.id,
collectionId: collection.id,
});
const res = await server.post("/api/fileOperations.list", {
const res = await server.post("/api/fileOperations.list", admin, {
body: {
token: admin.getJwtToken(),
type: FileOperationType.Export,
},
});
@@ -210,9 +202,8 @@ describe("#fileOperations.list", () => {
await collection.destroy({ hooks: false });
const isCollectionPresent = await Collection.findByPk(collection.id);
expect(isCollectionPresent).toBe(null);
const res = await server.post("/api/fileOperations.list", {
const res = await server.post("/api/fileOperations.list", admin, {
body: {
token: admin.getJwtToken(),
type: FileOperationType.Export,
},
});
@@ -247,9 +238,8 @@ describe("#fileOperations.list", () => {
await admin.destroy();
const isAdminPresent = await User.findByPk(admin.id);
expect(isAdminPresent).toBe(null);
const res = await server.post("/api/fileOperations.list", {
const res = await server.post("/api/fileOperations.list", admin2, {
body: {
token: admin2.getJwtToken(),
type: FileOperationType.Export,
},
});
@@ -265,9 +255,8 @@ describe("#fileOperations.list", () => {
it("should require admin", async () => {
const user = await buildUser();
const res = await server.post("/api/fileOperations.list", {
const res = await server.post("/api/fileOperations.list", user, {
body: {
token: user.getJwtToken(),
type: FileOperationType.Export,
},
});
@@ -286,9 +275,8 @@ describe("#fileOperations.redirect", () => {
teamId: team.id,
userId: admin.id,
});
const res = await server.post("/api/fileOperations.redirect", {
const res = await server.post("/api/fileOperations.redirect", admin, {
body: {
token: admin.getJwtToken(),
id: exportData.id,
},
});
@@ -307,9 +295,8 @@ describe("#fileOperations.redirect", () => {
teamId: team.id,
userId: admin1.id,
});
const res = await server.post("/api/fileOperations.redirect", {
const res = await server.post("/api/fileOperations.redirect", admin2, {
body: {
token: admin2.getJwtToken(),
id: exportData.id,
},
redirect: "manual",
@@ -326,9 +313,8 @@ describe("#fileOperations.redirect", () => {
teamId: team.id,
userId: user.id,
});
const res = await server.post("/api/fileOperations.redirect", {
const res = await server.post("/api/fileOperations.redirect", user, {
body: {
token: user.getJwtToken(),
id: exportData.id,
},
redirect: "manual",
@@ -346,9 +332,8 @@ describe("#fileOperations.redirect", () => {
teamId: team.id,
userId: admin.id,
});
const res = await server.post("/api/fileOperations.redirect", {
const res = await server.post("/api/fileOperations.redirect", user, {
body: {
token: user.getJwtToken(),
id: exportData.id,
},
});
@@ -365,9 +350,8 @@ describe("#fileOperations.redirect", () => {
teamId: team.id,
userId: user.id,
});
const res = await server.post("/api/fileOperations.redirect", {
const res = await server.post("/api/fileOperations.redirect", admin, {
body: {
token: admin.getJwtToken(),
id: exportData.id,
},
});
@@ -387,12 +371,15 @@ describe("#fileOperations.delete", () => {
userId: admin.id,
state: FileOperationState.Complete,
});
const deleteResponse = await server.post("/api/fileOperations.delete", {
body: {
token: admin.getJwtToken(),
id: exportData.id,
},
});
const deleteResponse = await server.post(
"/api/fileOperations.delete",
admin,
{
body: {
id: exportData.id,
},
}
);
expect(deleteResponse.status).toBe(200);
expect(
await Event.count({
@@ -420,9 +407,8 @@ describe("#fileOperations.delete", () => {
teamId: team.id,
userId: user.id,
});
const res = await server.post("/api/fileOperations.delete", {
const res = await server.post("/api/fileOperations.delete", admin, {
body: {
token: admin.getJwtToken(),
id: exportData.id,
},
});
server/routes/api/groupMemberships/groupMemberships.test.ts
+4 -14
View File
@@ -41,19 +41,14 @@ describe("groupMemberships.list", () => {
createdById: user.id,
});
await server.post("/api/documents.add_group", {
await server.post("/api/documents.add_group", user, {
body: {
token: user.getJwtToken(),
id: document.id,
groupId: group.id,
},
});
const res = await server.post("/api/groupMemberships.list", {
body: {
token: member.getJwtToken(),
},
});
const res = await server.post("/api/groupMemberships.list", member);
const body = await res.json();
expect(res.status).toEqual(200);
expect(body.data).not.toBeFalsy();
@@ -107,20 +102,15 @@ describe("groupMemberships.list", () => {
]);
for (const document of documents) {
await server.post("/api/documents.add_group", {
await server.post("/api/documents.add_group", user, {
body: {
token: user.getJwtToken(),
id: document.id,
groupId: group.id,
},
});
}
const res = await server.post("/api/groupMemberships.list", {
body: {
token: member.getJwtToken(),
},
});
const res = await server.post("/api/groupMemberships.list", member);
const body = await res.json();
expect(res.status).toEqual(200);
expect(body.pagination).not.toBeFalsy();
server/routes/api/groups/groups.test.ts
+39 -87
View File
@@ -15,9 +15,8 @@ describe("#groups.create", () => {
it("should create a group", async () => {
const name = "hello I am a group";
const user = await buildAdmin();
const res = await server.post("/api/groups.create", {
const res = await server.post("/api/groups.create", user, {
body: {
token: user.getJwtToken(),
name,
externalId: "123",
},
@@ -46,9 +45,8 @@ describe("#groups.update", () => {
it("should require admin", async () => {
const group = await buildGroup();
const user = await buildUser();
const res = await server.post("/api/groups.update", {
const res = await server.post("/api/groups.update", user, {
body: {
token: user.getJwtToken(),
id: group.id,
name: "Test",
},
@@ -59,9 +57,8 @@ describe("#groups.update", () => {
it("should require authorization", async () => {
const group = await buildGroup();
const user = await buildAdmin();
const res = await server.post("/api/groups.update", {
const res = await server.post("/api/groups.update", user, {
body: {
token: user.getJwtToken(),
id: group.id,
name: "Test",
},
@@ -79,9 +76,8 @@ describe("#groups.update", () => {
});
it("allows admin to edit a group", async () => {
const res = await server.post("/api/groups.update", {
const res = await server.post("/api/groups.update", user, {
body: {
token: user.getJwtToken(),
id: group.id,
name: "Test",
externalId: "123",
@@ -113,9 +109,8 @@ describe("#groups.update", () => {
const admin = await buildAdmin({
teamId: user.teamId,
});
await server.post("/api/groups.add_user", {
await server.post("/api/groups.add_user", admin, {
body: {
token: admin.getJwtToken(),
id: group.id,
userId: user.id,
permission: "admin",
@@ -124,9 +119,8 @@ describe("#groups.update", () => {
});
it("allows group admin to edit a group", async () => {
const res = await server.post("/api/groups.update", {
const res = await server.post("/api/groups.update", user, {
body: {
token: user.getJwtToken(),
id: group.id,
name: "Test by Group Admin",
},
@@ -147,9 +141,8 @@ describe("#groups.update", () => {
});
it("does not create an event if the update is a noop", async () => {
const res = await server.post("/api/groups.update", {
const res = await server.post("/api/groups.update", user, {
body: {
token: user.getJwtToken(),
id: group.id,
name: group.name,
},
@@ -171,9 +164,8 @@ describe("#groups.update", () => {
teamId: user.teamId,
name: "test",
});
const res = await server.post("/api/groups.update", {
const res = await server.post("/api/groups.update", user, {
body: {
token: user.getJwtToken(),
id: group.id,
name: "TEST",
},
@@ -203,11 +195,7 @@ describe("#groups.list", () => {
createdById: user.id,
},
});
const res = await server.post("/api/groups.list", {
body: {
token: user.getJwtToken(),
},
});
const res = await server.post("/api/groups.list", user);
const body = await res.json();
expect(res.status).toEqual(200);
expect(body.pagination.total).toEqual(1);
@@ -239,11 +227,7 @@ describe("#groups.list", () => {
},
});
await user.destroy({ hooks: false });
const res = await server.post("/api/groups.list", {
body: {
token: me.getJwtToken(),
},
});
const res = await server.post("/api/groups.list", me);
const body = await res.json();
expect(res.status).toEqual(200);
expect(body.data.groups.length).toEqual(1);
@@ -277,11 +261,7 @@ describe("#groups.list", () => {
createdById: user.id,
},
});
const res = await server.post("/api/groups.list", {
body: {
token: user.getJwtToken(),
},
});
const res = await server.post("/api/groups.list", user);
const body = await res.json();
expect(res.status).toEqual(200);
@@ -304,10 +284,9 @@ describe("#groups.list", () => {
).toBe(true);
expect(body.policies.length).toEqual(2);
const anotherRes = await server.post("/api/groups.list", {
const anotherRes = await server.post("/api/groups.list", user, {
body: {
userId: user.id,
token: user.getJwtToken(),
},
});
const anotherBody = await anotherRes.json();
@@ -335,10 +314,9 @@ describe("#groups.list", () => {
const group = await buildGroup({ teamId: user.teamId });
await buildGroup({ teamId: user.teamId });
const res = await server.post("/api/groups.list", {
const res = await server.post("/api/groups.list", user, {
body: {
name: group.name,
token: user.getJwtToken(),
},
});
const body = await res.json();
@@ -353,10 +331,9 @@ describe("#groups.list", () => {
const group = await buildGroup({ teamId: user.teamId, externalId: "123" });
await buildGroup({ teamId: user.teamId });
const res = await server.post("/api/groups.list", {
const res = await server.post("/api/groups.list", user, {
body: {
externalId: "123",
token: user.getJwtToken(),
},
});
const body = await res.json();
@@ -371,10 +348,9 @@ describe("#groups.list", () => {
await buildGroup({ teamId: user.teamId });
await buildGroup({ teamId: user.teamId });
const res = await server.post("/api/groups.list", {
const res = await server.post("/api/groups.list", user, {
body: {
limit: 1,
token: user.getJwtToken(),
},
});
const body = await res.json();
@@ -414,10 +390,9 @@ describe("#groups.list", () => {
teamId: otherUser.teamId,
});
const res = await server.post("/api/groups.list", {
const res = await server.post("/api/groups.list", user, {
body: {
source: authProvider.name,
token: user.getJwtToken(),
},
});
const body = await res.json();
@@ -433,9 +408,8 @@ describe("#groups.info", () => {
const group = await buildGroup({
teamId: user.teamId,
});
const res = await server.post("/api/groups.info", {
const res = await server.post("/api/groups.info", user, {
body: {
token: user.getJwtToken(),
id: group.id,
},
});
@@ -450,9 +424,8 @@ describe("#groups.info", () => {
teamId: user.teamId,
externalId: "456",
});
const res = await server.post("/api/groups.info", {
const res = await server.post("/api/groups.info", user, {
body: {
token: user.getJwtToken(),
externalId: "456",
},
});
@@ -471,9 +444,8 @@ describe("#groups.info", () => {
createdById: user.id,
},
});
const res = await server.post("/api/groups.info", {
const res = await server.post("/api/groups.info", user, {
body: {
token: user.getJwtToken(),
id: group.id,
},
});
@@ -487,9 +459,8 @@ describe("#groups.info", () => {
const group = await buildGroup({
teamId: user.teamId,
});
const res = await server.post("/api/groups.info", {
const res = await server.post("/api/groups.info", user, {
body: {
token: user.getJwtToken(),
id: group.id,
},
});
@@ -510,9 +481,8 @@ describe("#groups.info", () => {
it("should require authorization", async () => {
const user = await buildUser();
const group = await buildGroup();
const res = await server.post("/api/groups.info", {
const res = await server.post("/api/groups.info", user, {
body: {
token: user.getJwtToken(),
id: group.id,
},
});
@@ -536,9 +506,8 @@ describe("#groups.delete", () => {
it("should require admin", async () => {
const group = await buildGroup();
const user = await buildUser();
const res = await server.post("/api/groups.delete", {
const res = await server.post("/api/groups.delete", user, {
body: {
token: user.getJwtToken(),
id: group.id,
},
});
@@ -548,9 +517,8 @@ describe("#groups.delete", () => {
it("should require authorization", async () => {
const group = await buildGroup();
const user = await buildAdmin();
const res = await server.post("/api/groups.delete", {
const res = await server.post("/api/groups.delete", user, {
body: {
token: user.getJwtToken(),
id: group.id,
},
});
@@ -562,9 +530,8 @@ describe("#groups.delete", () => {
const group = await buildGroup({
teamId: user.teamId,
});
const res = await server.post("/api/groups.delete", {
const res = await server.post("/api/groups.delete", user, {
body: {
token: user.getJwtToken(),
id: group.id,
},
});
@@ -585,9 +552,8 @@ describe("#groups.memberships", () => {
createdById: user.id,
},
});
const res = await server.post("/api/groups.memberships", {
const res = await server.post("/api/groups.memberships", user, {
body: {
token: user.getJwtToken(),
id: group.id,
},
});
@@ -627,9 +593,8 @@ describe("#groups.memberships", () => {
},
});
await user3.destroy();
const res = await server.post("/api/groups.memberships", {
const res = await server.post("/api/groups.memberships", user, {
body: {
token: user.getJwtToken(),
id: group.id,
query: user.name.slice(0, 3),
},
@@ -650,9 +615,8 @@ describe("#groups.memberships", () => {
it("should require authorization", async () => {
const user = await buildUser();
const group = await buildGroup();
const res = await server.post("/api/groups.memberships", {
const res = await server.post("/api/groups.memberships", user, {
body: {
token: user.getJwtToken(),
id: group.id,
},
});
@@ -666,9 +630,8 @@ describe("#groups.add_user", () => {
const group = await buildGroup({
teamId: user.teamId,
});
const res = await server.post("/api/groups.add_user", {
const res = await server.post("/api/groups.add_user", user, {
body: {
token: user.getJwtToken(),
id: group.id,
userId: user.id,
},
@@ -686,9 +649,8 @@ describe("#groups.add_user", () => {
const group = await buildGroup({
teamId: user.teamId,
});
const res = await server.post("/api/groups.add_user", {
const res = await server.post("/api/groups.add_user", user, {
body: {
token: user.getJwtToken(),
id: group.id,
userId: anotherUser.id,
permission: GroupPermission.Admin,
@@ -712,9 +674,8 @@ describe("#groups.add_user", () => {
teamId: user.teamId,
});
const anotherUser = await buildUser();
const res = await server.post("/api/groups.add_user", {
const res = await server.post("/api/groups.add_user", user, {
body: {
token: user.getJwtToken(),
id: group.id,
userId: anotherUser.id,
},
@@ -732,9 +693,8 @@ describe("#groups.add_user", () => {
const anotherUser = await buildUser({
teamId: user.teamId,
});
const res = await server.post("/api/groups.add_user", {
const res = await server.post("/api/groups.add_user", user, {
body: {
token: user.getJwtToken(),
id: group.id,
userId: anotherUser.id,
},
@@ -751,18 +711,16 @@ describe("#groups.remove_user", () => {
const group = await buildGroup({
teamId: user.teamId,
});
await server.post("/api/groups.add_user", {
await server.post("/api/groups.add_user", user, {
body: {
token: user.getJwtToken(),
id: group.id,
userId: user.id,
},
});
const users = await group.$get("users");
expect(users.length).toEqual(1);
const res = await server.post("/api/groups.remove_user", {
const res = await server.post("/api/groups.remove_user", user, {
body: {
token: user.getJwtToken(),
id: group.id,
userId: user.id,
},
@@ -783,9 +741,8 @@ describe("#groups.remove_user", () => {
teamId: user.teamId,
});
const anotherUser = await buildUser();
const res = await server.post("/api/groups.remove_user", {
const res = await server.post("/api/groups.remove_user", user, {
body: {
token: user.getJwtToken(),
id: group.id,
userId: anotherUser.id,
},
@@ -803,9 +760,8 @@ describe("#groups.remove_user", () => {
const anotherUser = await buildUser({
teamId: user.teamId,
});
const res = await server.post("/api/groups.remove_user", {
const res = await server.post("/api/groups.remove_user", user, {
body: {
token: user.getJwtToken(),
id: group.id,
userId: anotherUser.id,
},
@@ -833,9 +789,8 @@ describe("#groups.update_user", () => {
});
// Then update the user to be an admin
const res = await server.post("/api/groups.update_user", {
const res = await server.post("/api/groups.update_user", user, {
body: {
token: user.getJwtToken(),
id: group.id,
userId: anotherUser.id,
permission: GroupPermission.Admin,
@@ -849,9 +804,8 @@ describe("#groups.update_user", () => {
);
// Update the user to not be an admin
const res2 = await server.post("/api/groups.update_user", {
const res2 = await server.post("/api/groups.update_user", user, {
body: {
token: user.getJwtToken(),
id: group.id,
userId: anotherUser.id,
permission: "member",
@@ -891,9 +845,8 @@ describe("#groups.update_user", () => {
});
// Try to update as non-admin
const res = await server.post("/api/groups.update_user", {
const res = await server.post("/api/groups.update_user", user, {
body: {
token: user.getJwtToken(),
id: group.id,
userId: anotherUser.id,
permission: GroupPermission.Admin,
@@ -912,9 +865,8 @@ describe("#groups.update_user", () => {
teamId: user.teamId,
});
const res = await server.post("/api/groups.update_user", {
const res = await server.post("/api/groups.update_user", user, {
body: {
token: user.getJwtToken(),
id: group.id,
userId: anotherUser.id,
permission: GroupPermission.Admin,
server/routes/api/imports/imports.test.ts
+13 -41
View File
@@ -37,12 +37,11 @@ describe("#imports.create", () => {
});
const input: NotionImportInput = [{ permission: undefined }];
const res = await server.post("/api/imports.create", {
const res = await server.post("/api/imports.create", admin, {
body: {
integrationId: integration.id,
service: IntegrationService.Notion,
input,
token: admin.getJwtToken(),
},
});
const body = await res.json();
@@ -70,12 +69,11 @@ describe("#imports.create", () => {
integrationId: integration.id,
});
const res = await server.post("/api/imports.create", {
const res = await server.post("/api/imports.create", admin, {
body: {
integrationId: integration.id,
service: ImportableIntegrationService.Notion,
input,
token: admin.getJwtToken(),
},
});
@@ -91,11 +89,7 @@ describe("#imports.create", () => {
it("should require user to be admin", async () => {
const user = await buildUser();
const res = await server.post("/api/imports.create", {
body: {
token: user.getJwtToken(),
},
});
const res = await server.post("/api/imports.create", user);
expect(res.status).toEqual(403);
});
@@ -115,10 +109,9 @@ describe("#imports.list", () => {
}),
]);
const res = await server.post("/api/imports.list", {
const res = await server.post("/api/imports.list", admin, {
body: {
service: IntegrationService.Notion,
token: admin.getJwtToken(),
},
});
const body = await res.json();
@@ -143,11 +136,7 @@ describe("#imports.list", () => {
it("should require user to be admin", async () => {
const user = await buildUser();
const res = await server.post("/api/imports.list", {
body: {
token: user.getJwtToken(),
},
});
const res = await server.post("/api/imports.list", user);
expect(res.status).toEqual(403);
});
@@ -161,10 +150,9 @@ describe("#imports.info", () => {
teamId: admin.teamId,
});
const res = await server.post("/api/imports.info", {
const res = await server.post("/api/imports.info", admin, {
body: {
id: importModel.id,
token: admin.getJwtToken(),
},
});
const body = await res.json();
@@ -182,11 +170,7 @@ describe("#imports.info", () => {
it("should require user to be admin", async () => {
const user = await buildUser();
const res = await server.post("/api/imports.info", {
body: {
token: user.getJwtToken(),
},
});
const res = await server.post("/api/imports.info", user);
expect(res.status).toEqual(403);
});
@@ -201,10 +185,9 @@ describe("#imports.delete", () => {
teamId: admin.teamId,
});
const res = await server.post("/api/imports.delete", {
const res = await server.post("/api/imports.delete", admin, {
body: {
id: importModel.id,
token: admin.getJwtToken(),
},
});
const body = await res.json();
@@ -221,10 +204,9 @@ describe("#imports.delete", () => {
teamId: admin.teamId,
});
const res = await server.post("/api/imports.delete", {
const res = await server.post("/api/imports.delete", admin, {
body: {
id: importModel.id,
token: admin.getJwtToken(),
},
});
@@ -240,11 +222,7 @@ describe("#imports.delete", () => {
it("should require user to be admin", async () => {
const user = await buildUser();
const res = await server.post("/api/imports.delete", {
body: {
token: user.getJwtToken(),
},
});
const res = await server.post("/api/imports.delete", user);
expect(res.status).toEqual(403);
});
@@ -258,10 +236,9 @@ describe("#imports.cancel", () => {
teamId: admin.teamId,
});
const res = await server.post("/api/imports.cancel", {
const res = await server.post("/api/imports.cancel", admin, {
body: {
id: importModel.id,
token: admin.getJwtToken(),
},
});
const body = await res.json();
@@ -279,10 +256,9 @@ describe("#imports.cancel", () => {
teamId: admin.teamId,
});
const res = await server.post("/api/imports.cancel", {
const res = await server.post("/api/imports.cancel", admin, {
body: {
id: importModel.id,
token: admin.getJwtToken(),
},
});
@@ -298,11 +274,7 @@ describe("#imports.cancel", () => {
it("should require user to be admin", async () => {
const user = await buildUser();
const res = await server.post("/api/imports.cancel", {
body: {
token: user.getJwtToken(),
},
});
const res = await server.post("/api/imports.cancel", user);
expect(res.status).toEqual(403);
});
server/routes/api/installation/installation.test.ts
+1 -5
View File
@@ -64,11 +64,7 @@ describe("installation.info", () => {
it.skip("should return installation information", async () => {
const user = await buildUser();
const res = await server.post("/api/installation.info", {
body: {
token: user.getJwtToken(),
},
});
const res = await server.post("/api/installation.info", user);
const body = await res.json();
server/routes/api/integrations/integrations.test.ts
+11 -25
View File
@@ -20,10 +20,9 @@ describe("#integrations.update", () => {
teamId: team.id,
});
const res = await server.post("/api/integrations.update", {
const res = await server.post("/api/integrations.update", user, {
body: {
events: ["documents.update"],
token: user.getJwtToken(),
id: integration.id,
},
});
@@ -38,9 +37,8 @@ describe("#integrations.update", () => {
const integration = await buildIntegration({
userId: user.id,
});
const res = await server.post("/api/integrations.update", {
const res = await server.post("/api/integrations.update", user, {
body: {
token: user.getJwtToken(),
id: integration.id,
},
});
@@ -58,9 +56,8 @@ describe("#integrations.update", () => {
settings: { url: "https://example.com" },
});
const res = await server.post("/api/integrations.update", {
const res = await server.post("/api/integrations.update", admin, {
body: {
token: admin.getJwtToken(),
id: integration.id,
settings: { url: "https://foo.bar" },
},
@@ -82,9 +79,8 @@ describe("#integrations.update", () => {
settings: { url: "https://example.com" },
});
const res = await server.post("/api/integrations.update", {
const res = await server.post("/api/integrations.update", admin, {
body: {
token: admin.getJwtToken(),
id: integration.id,
settings: { url: "https://grist.example.com" },
},
@@ -100,9 +96,8 @@ describe("#integrations.create", () => {
it("should fail with status 400 bad request for an invalid url value supplied in settings param", async () => {
const admin = await buildAdmin();
const res = await server.post("/api/integrations.create", {
const res = await server.post("/api/integrations.create", admin, {
body: {
token: admin.getJwtToken(),
type: IntegrationType.Embed,
service: IntegrationService.Diagrams,
settings: { url: "not a url" },
@@ -116,9 +111,8 @@ describe("#integrations.create", () => {
it("should succeed with status 200 ok for an integration without url", async () => {
const admin = await buildAdmin();
const res = await server.post("/api/integrations.create", {
const res = await server.post("/api/integrations.create", admin, {
body: {
token: admin.getJwtToken(),
type: IntegrationType.Analytics,
service: IntegrationService.GoogleAnalytics,
settings: { measurementId: "123" },
@@ -135,9 +129,8 @@ describe("#integrations.create", () => {
it("should succeed with status 200 ok for an grist integration", async () => {
const admin = await buildAdmin();
const res = await server.post("/api/integrations.create", {
const res = await server.post("/api/integrations.create", admin, {
body: {
token: admin.getJwtToken(),
type: IntegrationType.Embed,
service: IntegrationService.Grist,
settings: { url: "https://grist.example.com" },
@@ -171,9 +164,8 @@ describe("#integrations.delete", () => {
it("should fail with status 403 unauthorized when the user is not an admin", async () => {
const user = await buildUser();
const res = await server.post("/api/integrations.delete", {
const res = await server.post("/api/integrations.delete", user, {
body: {
token: user.getJwtToken(),
id: integration.id,
},
});
@@ -181,11 +173,7 @@ describe("#integrations.delete", () => {
});
it("should fail with status 400 bad request when id is not sent", async () => {
const res = await server.post("/api/integrations.delete", {
body: {
token: admin.getJwtToken(),
},
});
const res = await server.post("/api/integrations.delete", admin);
const body = await res.json();
expect(res.status).toEqual(400);
@@ -202,9 +190,8 @@ describe("#integrations.delete", () => {
service: IntegrationService.Slack,
type: IntegrationType.LinkedAccount,
});
const res = await server.post("/api/integrations.delete", {
const res = await server.post("/api/integrations.delete", user, {
body: {
token: user.getJwtToken(),
id: linkedAccount.id,
},
});
@@ -212,9 +199,8 @@ describe("#integrations.delete", () => {
});
it("should succeed with status 200 ok when integration is deleted", async () => {
const res = await server.post("/api/integrations.delete", {
const res = await server.post("/api/integrations.delete", admin, {
body: {
token: admin.getJwtToken(),
id: integration.id,
},
});
server/routes/api/middlewares/pagination.test.ts
+5 -10
View File
@@ -6,9 +6,8 @@ const server = getTestServer();
describe("#pagination", () => {
it("should allow offset and limit", async () => {
const user = await buildUser();
const res = await server.post("/api/users.list", {
const res = await server.post("/api/users.list", user, {
body: {
token: user.getJwtToken(),
limit: 1,
offset: 1,
},
@@ -18,9 +17,8 @@ describe("#pagination", () => {
it("should not allow negative limit", async () => {
const user = await buildUser();
const res = await server.post("/api/users.list", {
const res = await server.post("/api/users.list", user, {
body: {
token: user.getJwtToken(),
limit: -1,
},
});
@@ -29,9 +27,8 @@ describe("#pagination", () => {
it("should not allow non-integer limit", async () => {
const user = await buildUser();
const res = await server.post("/api/users.list", {
const res = await server.post("/api/users.list", user, {
body: {
token: user.getJwtToken(),
limit: "blah",
},
});
@@ -40,9 +37,8 @@ describe("#pagination", () => {
it("should not allow negative offset", async () => {
const user = await buildUser();
const res = await server.post("/api/users.list", {
const res = await server.post("/api/users.list", user, {
body: {
token: user.getJwtToken(),
offset: -1,
},
});
@@ -51,9 +47,8 @@ describe("#pagination", () => {
it("should not allow non-integer offset", async () => {
const user = await buildUser();
const res = await server.post("/api/users.list", {
const res = await server.post("/api/users.list", user, {
body: {
token: user.getJwtToken(),
offset: "blah",
},
});
server/routes/api/notifications/notifications.test.ts
+11 -28
View File
@@ -64,11 +64,7 @@ describe("#notifications.list", () => {
}),
]);
const res = await server.post("/api/notifications.list", {
body: {
token: user.getJwtToken(),
},
});
const res = await server.post("/api/notifications.list", user);
const body = await res.json();
expect(res.status).toBe(200);
@@ -130,9 +126,8 @@ describe("#notifications.list", () => {
}),
]);
const res = await server.post("/api/notifications.list", {
const res = await server.post("/api/notifications.list", user, {
body: {
token: user.getJwtToken(),
eventType: NotificationEventType.MentionedInComment,
},
});
@@ -197,9 +192,8 @@ describe("#notifications.list", () => {
}),
]);
const res = await server.post("/api/notifications.list", {
const res = await server.post("/api/notifications.list", user, {
body: {
token: user.getJwtToken(),
archived: true,
},
});
@@ -265,9 +259,8 @@ describe("#notifications.list", () => {
}),
]);
const res = await server.post("/api/notifications.list", {
const res = await server.post("/api/notifications.list", user, {
body: {
token: user.getJwtToken(),
archived: false,
},
});
@@ -385,9 +378,8 @@ describe("#notifications.update", () => {
expect(notification.viewedAt).toBeNull();
const res = await server.post("/api/notifications.update", {
const res = await server.post("/api/notifications.update", user, {
body: {
token: user.getJwtToken(),
id: notification.id,
viewedAt: new Date(),
},
@@ -425,9 +417,8 @@ describe("#notifications.update", () => {
expect(notification.archivedAt).toBeNull();
const res = await server.post("/api/notifications.update", {
const res = await server.post("/api/notifications.update", user, {
body: {
token: user.getJwtToken(),
id: notification.id,
archivedAt: new Date(),
},
@@ -483,11 +474,7 @@ describe("#notifications.update_all", () => {
}),
]);
const res = await server.post("/api/notifications.update_all", {
body: {
token: user.getJwtToken(),
},
});
const res = await server.post("/api/notifications.update_all", user);
const body = await res.json();
expect(res.status).toBe(200);
expect(body.success).toBe(true);
@@ -536,9 +523,8 @@ describe("#notifications.update_all", () => {
}),
]);
const res = await server.post("/api/notifications.update_all", {
const res = await server.post("/api/notifications.update_all", user, {
body: {
token: user.getJwtToken(),
viewedAt: new Date(),
},
});
@@ -591,9 +577,8 @@ describe("#notifications.update_all", () => {
}),
]);
const res = await server.post("/api/notifications.update_all", {
const res = await server.post("/api/notifications.update_all", user, {
body: {
token: user.getJwtToken(),
viewedAt: null,
},
});
@@ -645,9 +630,8 @@ describe("#notifications.update_all", () => {
}),
]);
const res = await server.post("/api/notifications.update_all", {
const res = await server.post("/api/notifications.update_all", user, {
body: {
token: user.getJwtToken(),
archivedAt: new Date(),
},
});
@@ -700,9 +684,8 @@ describe("#notifications.update_all", () => {
}),
]);
const res = await server.post("/api/notifications.update_all", {
const res = await server.post("/api/notifications.update_all", user, {
body: {
token: user.getJwtToken(),
archivedAt: null,
},
});
server/routes/api/oauthAuthentications/oauthAuthentications.test.ts
+6 -18
View File
@@ -32,11 +32,7 @@ describe("oauthAuthentications.list", () => {
scope: ["read"],
});
const res = await server.post("/api/oauthAuthentications.list", {
body: {
token: user.getJwtToken(),
},
});
const res = await server.post("/api/oauthAuthentications.list", user);
const body = await res.json();
expect(res.status).toEqual(200);
@@ -63,11 +59,7 @@ describe("oauthAuthentications.list", () => {
scope: ["read"],
});
const res = await server.post("/api/oauthAuthentications.list", {
body: {
token: user.getJwtToken(),
},
});
const res = await server.post("/api/oauthAuthentications.list", user);
const body = await res.json();
expect(res.status).toEqual(200);
@@ -87,9 +79,8 @@ describe("oauthAuthentications.delete", () => {
const team = await buildTeam();
const user = await buildUser({ teamId: team.id });
const res = await server.post("/api/oauthAuthentications.delete", {
const res = await server.post("/api/oauthAuthentications.delete", user, {
body: {
token: user.getJwtToken(),
oauthClientId: "",
},
});
@@ -113,9 +104,8 @@ describe("oauthAuthentications.delete", () => {
scope: ["read"],
});
const res = await server.post("/api/oauthAuthentications.delete", {
const res = await server.post("/api/oauthAuthentications.delete", user, {
body: {
token: user.getJwtToken(),
oauthClientId: oauthClient.id,
},
});
@@ -154,9 +144,8 @@ describe("oauthAuthentications.delete", () => {
scope: ["write"],
});
const res = await server.post("/api/oauthAuthentications.delete", {
const res = await server.post("/api/oauthAuthentications.delete", user, {
body: {
token: user.getJwtToken(),
oauthClientId: oauthClient.id,
scope: ["read"],
},
@@ -193,9 +182,8 @@ describe("oauthAuthentications.delete", () => {
scope: ["read"],
});
await server.post("/api/oauthAuthentications.delete", {
await server.post("/api/oauthAuthentications.delete", user, {
body: {
token: user.getJwtToken(),
oauthClientId: oauthClient.id,
scope: "read",
},
server/routes/api/oauthClients/oauthClients.test.ts
+11 -25
View File
@@ -41,11 +41,7 @@ describe("oauthClients.list", () => {
published: false,
});
const res = await server.post("/api/oauthClients.list", {
body: {
token: admin.getJwtToken(),
},
});
const res = await server.post("/api/oauthClients.list", admin);
const body = await res.json();
expect(res.status).toEqual(200);
@@ -78,9 +74,8 @@ describe("oauthClients.info", () => {
redirectUris: ["https://example.com/callback"],
});
const res = await server.post("/api/oauthClients.info", {
const res = await server.post("/api/oauthClients.info", user, {
body: {
token: user.getJwtToken(),
id: client.id,
},
});
@@ -105,9 +100,8 @@ describe("oauthClients.info", () => {
redirectUris: ["https://example.com/callback"],
});
const res = await server.post("/api/oauthClients.info", {
const res = await server.post("/api/oauthClients.info", user, {
body: {
token: user.getJwtToken(),
id: client.id,
},
});
@@ -132,9 +126,8 @@ describe("oauthClients.info", () => {
published: true,
});
const res = await server.post("/api/oauthClients.info", {
const res = await server.post("/api/oauthClients.info", user, {
body: {
token: user.getJwtToken(),
id: client.id,
},
});
@@ -160,9 +153,8 @@ describe("oauthClients.info", () => {
published: true,
});
const res = await server.post("/api/oauthClients.info", {
const res = await server.post("/api/oauthClients.info", user, {
body: {
token: user.getJwtToken(),
clientId: client.clientId,
},
});
@@ -192,9 +184,8 @@ describe("oauthClients.info", () => {
});
// Test with valid redirectUri
const validRes = await server.post("/api/oauthClients.info", {
const validRes = await server.post("/api/oauthClients.info", user, {
body: {
token: user.getJwtToken(),
clientId: client.clientId,
redirectUri: "https://example.com/callback",
},
@@ -205,9 +196,8 @@ describe("oauthClients.info", () => {
expect(validBody.data.name).toEqual("Test Client");
// Test with invalid redirectUri
const invalidRes = await server.post("/api/oauthClients.info", {
const invalidRes = await server.post("/api/oauthClients.info", user, {
body: {
token: user.getJwtToken(),
clientId: client.clientId,
redirectUri: "https://malicious.com/callback",
},
@@ -228,9 +218,8 @@ describe("oauthClients.create", () => {
const team = await buildTeam();
const admin = await buildAdmin({ teamId: team.id });
const res = await server.post("/api/oauthClients.create", {
const res = await server.post("/api/oauthClients.create", admin, {
body: {
token: admin.getJwtToken(),
name: "Test Client",
redirectUris: ["https://example.com/callback"],
},
@@ -264,9 +253,8 @@ describe("oauthclients.update", () => {
published: true,
});
const res = await server.post("/api/oauthClients.update", {
const res = await server.post("/api/oauthClients.update", admin, {
body: {
token: admin.getJwtToken(),
id: client.id,
published: false,
name: "Renamed",
@@ -301,9 +289,8 @@ describe("oauthClients.rotate_secret", () => {
const originalSecret = client.clientSecret;
const res = await server.post("/api/oauthClients.rotate_secret", {
const res = await server.post("/api/oauthClients.rotate_secret", admin, {
body: {
token: admin.getJwtToken(),
id: client.id,
},
});
@@ -335,9 +322,8 @@ describe("oauthClients.delete", () => {
redirectUris: ["https://example.com/callback"],
});
const res = await server.post("/api/oauthClients.delete", {
const res = await server.post("/api/oauthClients.delete", admin, {
body: {
token: admin.getJwtToken(),
id: client.id,
},
});
server/routes/api/pins/pins.test.ts
+27 -66
View File
@@ -47,20 +47,15 @@ describe("#pins.create", () => {
});
it("should fail with status 400 bad request when documentId is not suppled", async () => {
const res = await server.post("/api/pins.create", {
body: {
token: user.getJwtToken(),
},
});
const res = await server.post("/api/pins.create", user);
const body = await res.json();
expect(res.status).toEqual(400);
expect(body.message).toEqual("documentId: required");
});
it("should fail with status 400 bad request when documentId is invalid", async () => {
const res = await server.post("/api/pins.create", {
const res = await server.post("/api/pins.create", user, {
body: {
token: user.getJwtToken(),
documentId: "foo",
},
});
@@ -70,9 +65,8 @@ describe("#pins.create", () => {
});
it("should fail with status 400 bad request when index is invalid", async () => {
const res = await server.post("/api/pins.create", {
const res = await server.post("/api/pins.create", user, {
body: {
token: user.getJwtToken(),
documentId: "foo1234567",
index: "😀",
},
@@ -83,9 +77,8 @@ describe("#pins.create", () => {
});
it("should fail with status 403 forbidden when user is disallowed to read the document", async () => {
const res = await server.post("/api/pins.create", {
const res = await server.post("/api/pins.create", anotherUser, {
body: {
token: anotherUser.getJwtToken(),
documentId: document.id,
},
});
@@ -95,9 +88,8 @@ describe("#pins.create", () => {
});
it("should fail with status 403 forbidden when user is disallowed to update the collection", async () => {
const res = await server.post("/api/pins.create", {
const res = await server.post("/api/pins.create", user, {
body: {
token: user.getJwtToken(),
documentId: document.id,
collectionId: collection.id,
},
@@ -113,9 +105,8 @@ describe("#pins.create", () => {
teamId: admin.teamId,
collectionId: collection.id,
});
const res = await server.post("/api/pins.create", {
const res = await server.post("/api/pins.create", admin, {
body: {
token: admin.getJwtToken(),
// A draft document cannot be pinned, neither by a member nor by an admin
documentId: draft.id,
collectionId: collection.id,
@@ -127,9 +118,8 @@ describe("#pins.create", () => {
});
it("should fail with status 403 forbidden when user is disallowed to pin the document to home page", async () => {
const res = await server.post("/api/pins.create", {
const res = await server.post("/api/pins.create", user, {
body: {
token: user.getJwtToken(),
documentId: document.id,
},
});
@@ -139,9 +129,8 @@ describe("#pins.create", () => {
});
it("should succeed with status 200 ok when user is allowed to pin", async () => {
const res = await server.post("/api/pins.create", {
const res = await server.post("/api/pins.create", admin, {
body: {
token: admin.getJwtToken(),
documentId: document.id,
},
});
@@ -153,9 +142,8 @@ describe("#pins.create", () => {
});
it("should succeed with status 200 ok when valid collectionId is supplied", async () => {
const res = await server.post("/api/pins.create", {
const res = await server.post("/api/pins.create", admin, {
body: {
token: admin.getJwtToken(),
documentId: document.id,
collectionId: collection.id,
},
@@ -176,16 +164,14 @@ describe("#pins.info", () => {
teamId: admin.teamId,
});
await server.post("/api/pins.create", {
await server.post("/api/pins.create", admin, {
body: {
token: admin.getJwtToken(),
documentId: document.id,
},
});
const res = await server.post("/api/pins.info", {
const res = await server.post("/api/pins.info", admin, {
body: {
token: admin.getJwtToken(),
documentId: document.id,
},
});
@@ -204,17 +190,15 @@ describe("#pins.info", () => {
teamId: user.teamId,
});
await server.post("/api/pins.create", {
await server.post("/api/pins.create", user, {
body: {
token: user.getJwtToken(),
documentId: document.id,
collectionId: document.collectionId,
},
});
const res = await server.post("/api/pins.info", {
const res = await server.post("/api/pins.info", user, {
body: {
token: user.getJwtToken(),
documentId: document.id,
collectionId: document.collectionId,
},
@@ -234,9 +218,8 @@ describe("#pins.info", () => {
teamId: user.teamId,
});
const res = await server.post("/api/pins.info", {
const res = await server.post("/api/pins.info", user, {
body: {
token: user.getJwtToken(),
documentId: document.id,
collectionId: null,
},
@@ -292,11 +275,7 @@ describe("#pins.list", () => {
});
it("should succeed with status 200 ok returning pinned documents", async () => {
const res = await server.post("/api/pins.list", {
body: {
token: user.getJwtToken(),
},
});
const res = await server.post("/api/pins.list", user);
const body = await res.json();
expect(res.status).toEqual(200);
expect(body.data).toBeTruthy();
@@ -311,9 +290,8 @@ describe("#pins.list", () => {
});
it("should succeed with status 200 ok returning pinned documents filtered by collectionId supplied", async () => {
const res = await server.post("/api/pins.list", {
const res = await server.post("/api/pins.list", user, {
body: {
token: user.getJwtToken(),
collectionId: collection.id,
},
});
@@ -345,9 +323,8 @@ describe("#pins.list", () => {
// Create a user on the same team but without access to the private collection
const teamMember = await buildUser({ teamId: otherUser.teamId });
const res = await server.post("/api/pins.list", {
const res = await server.post("/api/pins.list", teamMember, {
body: {
token: teamMember.getJwtToken(),
collectionId: privateCollection.id,
},
});
@@ -372,9 +349,8 @@ describe("#pins.list", () => {
teamId: user.teamId,
});
const res = await server.post("/api/pins.list", {
const res = await server.post("/api/pins.list", user, {
body: {
token: user.getJwtToken(),
collectionId: collectionWithPins.id,
},
});
@@ -387,9 +363,8 @@ describe("#pins.list", () => {
});
it("should fail with status 403 forbidden when collection does not exist", async () => {
const res = await server.post("/api/pins.list", {
const res = await server.post("/api/pins.list", user, {
body: {
token: user.getJwtToken(),
collectionId: "00000000-0000-0000-0000-000000000000",
},
});
@@ -437,11 +412,7 @@ describe("#pins.update", () => {
});
it("should fail with status 400 bad request when id is missing", async () => {
const res = await server.post("/api/pins.update", {
body: {
token: admin.getJwtToken(),
},
});
const res = await server.post("/api/pins.update", admin);
const body = await res.json();
expect(res.status).toEqual(400);
expect(body.message).toEqual(
@@ -450,9 +421,8 @@ describe("#pins.update", () => {
});
it("should fail with status 400 bad request when index is missing", async () => {
const res = await server.post("/api/pins.update", {
const res = await server.post("/api/pins.update", admin, {
body: {
token: admin.getJwtToken(),
id: pin.id,
},
});
@@ -464,9 +434,8 @@ describe("#pins.update", () => {
});
it("should fail with status 400 bad request when an invalid index is sent", async () => {
const res = await server.post("/api/pins.update", {
const res = await server.post("/api/pins.update", admin, {
body: {
token: admin.getJwtToken(),
id: pin.id,
index: "😀",
},
@@ -477,9 +446,8 @@ describe("#pins.update", () => {
});
it("should fail with status 403 forbidden when user is disallowed to update the pin", async () => {
const res = await server.post("/api/pins.update", {
const res = await server.post("/api/pins.update", user, {
body: {
token: user.getJwtToken(),
id: pin.id,
index: "b",
},
@@ -490,9 +458,8 @@ describe("#pins.update", () => {
});
it("should succeed with status 200 ok and when user is allowed to update the pin", async () => {
const res = await server.post("/api/pins.update", {
const res = await server.post("/api/pins.update", admin, {
body: {
token: admin.getJwtToken(),
id: pin.id,
index: "b",
},
@@ -527,11 +494,7 @@ describe("#pins.delete", () => {
});
it("should fail with status 400 bad request when id is missing", async () => {
const res = await server.post("/api/pins.delete", {
body: {
token: admin.getJwtToken(),
},
});
const res = await server.post("/api/pins.delete", admin);
const body = await res.json();
expect(res.status).toEqual(400);
expect(body.message).toEqual(
@@ -543,9 +506,8 @@ describe("#pins.delete", () => {
const user = await buildUser({
teamId: admin.teamId,
});
const res = await server.post("/api/pins.delete", {
const res = await server.post("/api/pins.delete", user, {
body: {
token: user.getJwtToken(),
id: pin.id,
},
});
@@ -555,9 +517,8 @@ describe("#pins.delete", () => {
});
it("should succeed with status 200 ok when user is allowed to delete the pin", async () => {
const res = await server.post("/api/pins.delete", {
const res = await server.post("/api/pins.delete", admin, {
body: {
token: admin.getJwtToken(),
id: pin.id,
},
});
server/routes/api/reactions/reactions.test.ts
+1 -2
View File
@@ -33,9 +33,8 @@ describe("#reactions.list", () => {
{ emoji: "😅", commentId: comment.id, userId: user.id },
]);
const res = await server.post("/api/reactions.list", {
const res = await server.post("/api/reactions.list", user, {
body: {
token: user.getJwtToken(),
commentId: comment.id,
},
});
server/routes/api/relationships/relationships.test.ts
+17 -40
View File
@@ -55,11 +55,7 @@ describe("#relationships.info", () => {
});
it("should fail with status 400 bad request when id is not supplied", async () => {
const res = await server.post("/api/relationships.info", {
body: {
token: user.getJwtToken(),
},
});
const res = await server.post("/api/relationships.info", user);
const body = await res.json();
expect(res.status).toEqual(400);
expect(body.message).toEqual(
@@ -68,9 +64,8 @@ describe("#relationships.info", () => {
});
it("should fail with status 400 bad request when id is not a valid UUID", async () => {
const res = await server.post("/api/relationships.info", {
const res = await server.post("/api/relationships.info", user, {
body: {
token: user.getJwtToken(),
id: "invalid-uuid",
},
});
@@ -80,9 +75,8 @@ describe("#relationships.info", () => {
});
it("should fail with status 404 not found when relationship does not exist", async () => {
const res = await server.post("/api/relationships.info", {
const res = await server.post("/api/relationships.info", admin, {
body: {
token: admin.getJwtToken(),
id: "550e8400-e29b-41d4-a716-446655440000",
},
});
@@ -92,9 +86,8 @@ describe("#relationships.info", () => {
});
it("should fail with status 403 forbidden when user cannot read the document", async () => {
const res = await server.post("/api/relationships.info", {
const res = await server.post("/api/relationships.info", anotherUser, {
body: {
token: anotherUser.getJwtToken(),
id: relationship.id,
},
});
@@ -104,9 +97,8 @@ describe("#relationships.info", () => {
});
it("should succeed with status 200 ok when user can read the document", async () => {
const res = await server.post("/api/relationships.info", {
const res = await server.post("/api/relationships.info", admin, {
body: {
token: admin.getJwtToken(),
id: relationship.id,
},
});
@@ -143,9 +135,8 @@ describe("#relationships.info", () => {
reverseDocumentId: adminDocument.id,
});
const res = await server.post("/api/relationships.info", {
const res = await server.post("/api/relationships.info", user, {
body: {
token: user.getJwtToken(),
id: userRelationship.id,
},
});
@@ -165,9 +156,8 @@ describe("#relationships.info", () => {
// Make user team member so they can read both documents
const teamUser = await buildUser({ teamId: admin.teamId });
const res = await server.post("/api/relationships.info", {
const res = await server.post("/api/relationships.info", teamUser, {
body: {
token: teamUser.getJwtToken(),
id: relationship.id,
},
});
@@ -243,11 +233,7 @@ describe("#relationships.list", () => {
});
it("should succeed with status 200 ok returning all relationships", async () => {
const res = await server.post("/api/relationships.list", {
body: {
token: admin.getJwtToken(),
},
});
const res = await server.post("/api/relationships.list", admin);
const body = await res.json();
expect(res.status).toEqual(200);
expect(body.data).toBeTruthy();
@@ -259,9 +245,8 @@ describe("#relationships.list", () => {
});
it("should succeed with status 200 ok returning relationships filtered by type", async () => {
const res = await server.post("/api/relationships.list", {
const res = await server.post("/api/relationships.list", admin, {
body: {
token: admin.getJwtToken(),
type: RelationshipType.Backlink,
},
});
@@ -277,9 +262,8 @@ describe("#relationships.list", () => {
});
it("should succeed with status 200 ok returning relationships filtered by documentId", async () => {
const res = await server.post("/api/relationships.list", {
const res = await server.post("/api/relationships.list", admin, {
body: {
token: admin.getJwtToken(),
documentId: documents[0].id,
},
});
@@ -295,9 +279,8 @@ describe("#relationships.list", () => {
});
it("should succeed with status 200 ok returning relationships filtered by reverseDocumentId", async () => {
const res = await server.post("/api/relationships.list", {
const res = await server.post("/api/relationships.list", admin, {
body: {
token: admin.getJwtToken(),
reverseDocumentId: documents[1].id,
},
});
@@ -313,9 +296,8 @@ describe("#relationships.list", () => {
});
it("should succeed with status 200 ok returning relationships with multiple filters", async () => {
const res = await server.post("/api/relationships.list", {
const res = await server.post("/api/relationships.list", admin, {
body: {
token: admin.getJwtToken(),
type: RelationshipType.Backlink,
documentId: documents[0].id,
},
@@ -335,9 +317,8 @@ describe("#relationships.list", () => {
});
it("should fail with status 400 bad request when documentId is invalid", async () => {
const res = await server.post("/api/relationships.list", {
const res = await server.post("/api/relationships.list", admin, {
body: {
token: admin.getJwtToken(),
documentId: "invalid-id",
},
});
@@ -345,9 +326,8 @@ describe("#relationships.list", () => {
});
it("should fail with status 400 bad request when reverseDocumentId is invalid", async () => {
const res = await server.post("/api/relationships.list", {
const res = await server.post("/api/relationships.list", admin, {
body: {
token: admin.getJwtToken(),
reverseDocumentId: "invalid-id",
},
});
@@ -357,9 +337,8 @@ describe("#relationships.list", () => {
});
it("should respect pagination", async () => {
const res = await server.post("/api/relationships.list", {
const res = await server.post("/api/relationships.list", admin, {
body: {
token: admin.getJwtToken(),
limit: 1,
offset: 0,
},
@@ -373,9 +352,8 @@ describe("#relationships.list", () => {
});
it("should return empty results when no relationships match filters", async () => {
const res = await server.post("/api/relationships.list", {
const res = await server.post("/api/relationships.list", admin, {
body: {
token: admin.getJwtToken(),
documentId: "550e8400-e29b-41d4-a716-446655440000",
},
});
@@ -411,9 +389,8 @@ describe("#relationships.list", () => {
reverseDocumentId: cannotAccessDocument.id,
});
const res = await server.post("/api/relationships.list", {
const res = await server.post("/api/relationships.list", user, {
body: {
token: user.getJwtToken(),
documentId: userDocument.id,
},
});
server/routes/api/revisions/revisions.test.ts
+14 -28
View File
@@ -21,9 +21,8 @@ describe("#revisions.info", () => {
createContext({ user }),
document
);
const res = await server.post("/api/revisions.info", {
const res = await server.post("/api/revisions.info", user, {
body: {
token: user.getJwtToken(),
id: revision.id,
},
});
@@ -44,9 +43,8 @@ describe("#revisions.info", () => {
document
);
const user = await buildUser();
const res = await server.post("/api/revisions.info", {
const res = await server.post("/api/revisions.info", user, {
body: {
token: user.getJwtToken(),
id: revision.id,
},
});
@@ -66,9 +64,8 @@ describe("#revisions.update", () => {
document
);
const res = await server.post("/api/revisions.update", {
const res = await server.post("/api/revisions.update", user, {
body: {
token: user.getJwtToken(),
id: revision.id,
name: "new name",
},
@@ -89,9 +86,8 @@ describe("#revisions.update", () => {
document
);
const res = await server.post("/api/revisions.update", {
const res = await server.post("/api/revisions.update", user, {
body: {
token: user.getJwtToken(),
id: revision.id,
name: null,
},
@@ -112,9 +108,8 @@ describe("#revisions.update", () => {
document
);
const res = await server.post("/api/revisions.update", {
const res = await server.post("/api/revisions.update", user, {
body: {
token: user.getJwtToken(),
id: revision.id,
name: "",
},
@@ -133,9 +128,8 @@ describe("#revisions.update", () => {
document
);
const res = await server.post("/api/revisions.update", {
const res = await server.post("/api/revisions.update", admin, {
body: {
token: admin.getJwtToken(),
id: revision.id,
name: "new name",
},
@@ -156,9 +150,8 @@ describe("#revisions.update", () => {
document
);
const user = await buildUser();
const res = await server.post("/api/revisions.update", {
const res = await server.post("/api/revisions.update", user, {
body: {
token: user.getJwtToken(),
id: revision.id,
name: "new name",
},
@@ -175,9 +168,8 @@ describe("#revisions.list", () => {
teamId: user.teamId,
});
await Revision.createFromDocument(createContext({ user }), document);
const res = await server.post("/api/revisions.list", {
const res = await server.post("/api/revisions.list", user, {
body: {
token: user.getJwtToken(),
documentId: document.id,
},
});
@@ -208,9 +200,8 @@ describe("#revisions.list", () => {
collectionId: collection.id,
},
});
const res = await server.post("/api/revisions.list", {
const res = await server.post("/api/revisions.list", user, {
body: {
token: user.getJwtToken(),
documentId: document.id,
},
});
@@ -220,9 +211,8 @@ describe("#revisions.list", () => {
it("should require authorization", async () => {
const document = await buildDocument();
const user = await buildUser();
const res = await server.post("/api/revisions.list", {
const res = await server.post("/api/revisions.list", user, {
body: {
token: user.getJwtToken(),
documentId: document.id,
},
});
@@ -241,9 +231,8 @@ describe("#revisions.export", () => {
createContext({ user }),
document
);
const res = await server.post("/api/revisions.export", {
const res = await server.post("/api/revisions.export", user, {
body: {
token: user.getJwtToken(),
id: revision.id,
},
});
@@ -262,9 +251,8 @@ describe("#revisions.export", () => {
createContext({ user }),
document
);
const res = await server.post("/api/revisions.export", {
const res = await server.post("/api/revisions.export", user, {
body: {
token: user.getJwtToken(),
id: revision.id,
},
headers: {
@@ -286,9 +274,8 @@ describe("#revisions.export", () => {
createContext({ user }),
document
);
const res = await server.post("/api/revisions.export", {
const res = await server.post("/api/revisions.export", user, {
body: {
token: user.getJwtToken(),
id: revision.id,
},
headers: {
@@ -330,9 +317,8 @@ describe("#revisions.export", () => {
document
);
const user = await buildUser();
const res = await server.post("/api/revisions.export", {
const res = await server.post("/api/revisions.export", user, {
body: {
token: user.getJwtToken(),
id: revision.id,
},
});
server/routes/api/searches/searches.test.ts
+8 -22
View File
@@ -31,11 +31,7 @@ describe("#searches.list", () => {
});
it("should succeed with status 200 ok returning results", async () => {
const res = await server.post("/api/searches.list", {
body: {
token: user.getJwtToken(),
},
});
const res = await server.post("/api/searches.list", user);
const body = await res.json();
expect(res.status).toEqual(200);
expect(body.data).toHaveLength(3);
@@ -46,9 +42,8 @@ describe("#searches.list", () => {
});
it("should allow filtering by source", async () => {
const res = await server.post("/api/searches.list", {
const res = await server.post("/api/searches.list", user, {
body: {
token: user.getJwtToken(),
source: "api",
},
});
@@ -72,9 +67,8 @@ describe("#searches.update", () => {
});
it("should fail with status 400 bad request when an invalid id is provided", async () => {
const res = await server.post("/api/searches.update", {
const res = await server.post("/api/searches.update", user, {
body: {
token: user.getJwtToken(),
id: "id",
score: 1,
},
@@ -83,9 +77,8 @@ describe("#searches.update", () => {
});
it("should fail with status 400 bad request when an invalid score is provided", async () => {
const res = await server.post("/api/searches.update", {
const res = await server.post("/api/searches.update", user, {
body: {
token: user.getJwtToken(),
id: searchQuery.id,
score: 2,
},
@@ -94,9 +87,8 @@ describe("#searches.update", () => {
});
it("should succeed with status 200 ok and successfully update the query", async () => {
const res = await server.post("/api/searches.update", {
const res = await server.post("/api/searches.update", user, {
body: {
token: user.getJwtToken(),
id: searchQuery.id,
score: 1,
},
@@ -123,11 +115,7 @@ describe("#searches.delete", () => {
});
it("should fail with status 400 bad request when no id or query is provided", async () => {
const res = await server.post("/api/searches.delete", {
body: {
token: user.getJwtToken(),
},
});
const res = await server.post("/api/searches.delete", user);
const body = await res.json();
expect(res.status).toEqual(400);
@@ -135,9 +123,8 @@ describe("#searches.delete", () => {
});
it("should fail with status 400 bad request when an invalid id is provided", async () => {
const res = await server.post("/api/searches.delete", {
const res = await server.post("/api/searches.delete", user, {
body: {
token: user.getJwtToken(),
id: "id",
},
});
@@ -156,9 +143,8 @@ describe("#searches.delete", () => {
});
expect(searchQueries).toHaveLength(1);
const res = await server.post("/api/searches.delete", {
const res = await server.post("/api/searches.delete", user, {
body: {
token: user.getJwtToken(),
id: searchQuery.id,
},
});
server/routes/api/shares/shares.test.ts
+61 -149
View File
@@ -19,9 +19,8 @@ const server = getTestServer();
describe("#shares.list", () => {
it("should fail with status 400 bad request when an invalid sort value is suppled", async () => {
const user = await buildUser();
const res = await server.post("/api/shares.list", {
const res = await server.post("/api/shares.list", user, {
body: {
token: user.getJwtToken(),
sort: "foo",
},
});
@@ -47,11 +46,7 @@ describe("#shares.list", () => {
teamId: user.teamId,
userId: user.id,
});
const res = await server.post("/api/shares.list", {
body: {
token: user.getJwtToken(),
},
});
const res = await server.post("/api/shares.list", user);
const body = await res.json();
expect(res.status).toEqual(200);
expect(body.data.length).toEqual(1);
@@ -71,9 +66,8 @@ describe("#shares.list", () => {
teamId: user.teamId,
userId: user.id,
});
const res = await server.post("/api/shares.list", {
const res = await server.post("/api/shares.list", user, {
body: {
token: user.getJwtToken(),
query: "test",
},
});
@@ -98,9 +92,8 @@ describe("#shares.list", () => {
teamId: user.teamId,
userId: user.id,
});
const res = await server.post("/api/shares.list", {
const res = await server.post("/api/shares.list", user, {
body: {
token: user.getJwtToken(),
query: "test",
},
});
@@ -123,11 +116,7 @@ describe("#shares.list", () => {
userId: user.id,
});
await share.revoke(createContext({ user }));
const res = await server.post("/api/shares.list", {
body: {
token: user.getJwtToken(),
},
});
const res = await server.post("/api/shares.list", user);
const body = await res.json();
expect(res.status).toEqual(200);
expect(body.data.length).toEqual(0);
@@ -145,11 +134,7 @@ describe("#shares.list", () => {
teamId: user.teamId,
userId: user.id,
});
const res = await server.post("/api/shares.list", {
body: {
token: user.getJwtToken(),
},
});
const res = await server.post("/api/shares.list", user);
const body = await res.json();
expect(res.status).toEqual(200);
expect(body.data.length).toEqual(0);
@@ -167,11 +152,7 @@ describe("#shares.list", () => {
userId: user.id,
});
await withAPIContext(user, (ctx) => document.destroyWithCtx(ctx));
const res = await server.post("/api/shares.list", {
body: {
token: user.getJwtToken(),
},
});
const res = await server.post("/api/shares.list", user);
const body = await res.json();
expect(res.status).toEqual(200);
expect(body.data.length).toEqual(0);
@@ -187,11 +168,7 @@ describe("#shares.list", () => {
teamId: admin.teamId,
userId: user.id,
});
const res = await server.post("/api/shares.list", {
body: {
token: admin.getJwtToken(),
},
});
const res = await server.post("/api/shares.list", admin);
const body = await res.json();
expect(res.status).toEqual(200);
expect(body.data.length).toEqual(1);
@@ -219,11 +196,7 @@ describe("#shares.list", () => {
});
collection.permission = null;
await collection.save();
const res = await server.post("/api/shares.list", {
body: {
token: admin.getJwtToken(),
},
});
const res = await server.post("/api/shares.list", admin);
const body = await res.json();
expect(res.status).toEqual(200);
expect(body.data.length).toEqual(0);
@@ -240,11 +213,7 @@ describe("#shares.list", () => {
describe("#shares.create", () => {
it("should fail with status 400 bad request when both documentId and collectionId are missing", async () => {
const user = await buildUser();
const res = await server.post("/api/shares.create", {
body: {
token: user.getJwtToken(),
},
});
const res = await server.post("/api/shares.create", user);
const body = await res.json();
expect(res.status).toEqual(400);
expect(body.message).toEqual(
@@ -254,9 +223,8 @@ describe("#shares.create", () => {
it("should fail with status 400 bad request when documentId is invalid", async () => {
const user = await buildUser();
const res = await server.post("/api/shares.create", {
const res = await server.post("/api/shares.create", user, {
body: {
token: user.getJwtToken(),
documentId: "foo",
},
});
@@ -271,9 +239,8 @@ describe("#shares.create", () => {
userId: user.id,
teamId: user.teamId,
});
const res = await server.post("/api/shares.create", {
const res = await server.post("/api/shares.create", user, {
body: {
token: user.getJwtToken(),
collectionId: collection.id,
},
});
@@ -289,9 +256,8 @@ describe("#shares.create", () => {
userId: user.id,
teamId: user.teamId,
});
const res = await server.post("/api/shares.create", {
const res = await server.post("/api/shares.create", user, {
body: {
token: user.getJwtToken(),
documentId: document.id,
},
});
@@ -307,9 +273,8 @@ describe("#shares.create", () => {
userId: user.id,
teamId: user.teamId,
});
const res = await server.post("/api/shares.create", {
const res = await server.post("/api/shares.create", user, {
body: {
token: user.getJwtToken(),
documentId: document.id,
includeChildDocuments: true,
published: true,
@@ -330,9 +295,8 @@ describe("#shares.create", () => {
userId: user.id,
teamId: user.teamId,
});
const res = await server.post("/api/shares.create", {
const res = await server.post("/api/shares.create", user, {
body: {
token: user.getJwtToken(),
documentId: document.id,
published: true,
},
@@ -349,9 +313,8 @@ describe("#shares.create", () => {
userId: user.id,
teamId: user.teamId,
});
const res = await server.post("/api/shares.create", {
const res = await server.post("/api/shares.create", user, {
body: {
token: user.getJwtToken(),
documentId: document.id,
published: true,
allowIndexing: false,
@@ -392,9 +355,8 @@ describe("#shares.create", () => {
},
}
);
const res = await server.post("/api/shares.create", {
const res = await server.post("/api/shares.create", user, {
body: {
token: user.getJwtToken(),
documentId: document.id,
published: true,
},
@@ -428,17 +390,15 @@ describe("#shares.create", () => {
},
}
);
const res = await server.post("/api/shares.create", {
const res = await server.post("/api/shares.create", user, {
body: {
token: user.getJwtToken(),
documentId: document.id,
},
});
const body = await res.json();
expect(res.status).toEqual(200);
const response = await server.post("/api/shares.update", {
const response = await server.post("/api/shares.update", user, {
body: {
token: user.getJwtToken(),
id: body.data.id,
published: true,
},
@@ -458,9 +418,8 @@ describe("#shares.create", () => {
userId: user.id,
});
await share.revoke(createContext({ user }));
const res = await server.post("/api/shares.create", {
const res = await server.post("/api/shares.create", user, {
body: {
token: user.getJwtToken(),
documentId: document.id,
},
});
@@ -481,9 +440,8 @@ describe("#shares.create", () => {
teamId: user.teamId,
userId: user.id,
});
const res = await server.post("/api/shares.create", {
const res = await server.post("/api/shares.create", user, {
body: {
token: user.getJwtToken(),
documentId: document.id,
},
});
@@ -499,17 +457,15 @@ describe("#shares.create", () => {
teamId: user.teamId,
userId: user.id,
});
const res = await server.post("/api/shares.create", {
const res = await server.post("/api/shares.create", user, {
body: {
token: user.getJwtToken(),
documentId: document.id,
},
});
const body = await res.json();
expect(res.status).toEqual(200);
const response = await server.post("/api/shares.update", {
const response = await server.post("/api/shares.update", user, {
body: {
token: user.getJwtToken(),
id: body.data.id,
published: true,
},
@@ -529,17 +485,15 @@ describe("#shares.create", () => {
collectionId: collection.id,
teamId: user.teamId,
});
const res = await server.post("/api/shares.create", {
const res = await server.post("/api/shares.create", user, {
body: {
token: user.getJwtToken(),
documentId: document.id,
},
});
const body = await res.json();
expect(res.status).toEqual(200);
const response = await server.post("/api/shares.update", {
const response = await server.post("/api/shares.update", user, {
body: {
token: user.getJwtToken(),
id: body.data.id,
published: true,
},
@@ -562,9 +516,8 @@ describe("#shares.create", () => {
it("should require authorization", async () => {
const document = await buildDocument();
const user = await buildUser();
const res = await server.post("/api/shares.create", {
const res = await server.post("/api/shares.create", user, {
body: {
token: user.getJwtToken(),
documentId: document.id,
},
});
@@ -575,9 +528,8 @@ describe("#shares.create", () => {
const user = await buildUser();
const otherDocument = await buildDocument();
const res = await server.post("/api/shares.create", {
const res = await server.post("/api/shares.create", user, {
body: {
token: user.getJwtToken(),
documentId: otherDocument.id,
},
});
@@ -588,9 +540,8 @@ describe("#shares.create", () => {
const user = await buildUser();
const otherDocument = await buildDocument();
const res = await server.post("/api/shares.create", {
const res = await server.post("/api/shares.create", user, {
body: {
token: user.getJwtToken(),
documentId: otherDocument.id,
published: true,
},
@@ -602,9 +553,8 @@ describe("#shares.create", () => {
const user = await buildUser();
const otherCollection = await buildCollection();
const res = await server.post("/api/shares.create", {
const res = await server.post("/api/shares.create", user, {
body: {
token: user.getJwtToken(),
collectionId: otherCollection.id,
},
});
@@ -622,9 +572,8 @@ describe("#shares.create", () => {
teamId: user.teamId,
});
const res = await server.post("/api/shares.create", {
const res = await server.post("/api/shares.create", user, {
body: {
token: user.getJwtToken(),
collectionId: collection.id,
documentId: document.id,
},
@@ -643,9 +592,8 @@ describe("#shares.create", () => {
teamId: user.teamId,
});
const res = await server.post("/api/shares.create", {
const res = await server.post("/api/shares.create", user, {
body: {
token: user.getJwtToken(),
collectionId: collection.id,
documentId: document.id,
published: true,
@@ -658,11 +606,7 @@ describe("#shares.create", () => {
describe("#shares.info", () => {
it("should fail with status 400 bad request when id, collectionId and documentId are missing", async () => {
const user = await buildUser();
const res = await server.post("/api/shares.info", {
body: {
token: user.getJwtToken(),
},
});
const res = await server.post("/api/shares.info", user);
const body = await res.json();
expect(res.status).toEqual(400);
expect(body.message).toEqual(
@@ -672,9 +616,8 @@ describe("#shares.info", () => {
it("should fail with status 400 bad request when documentId is invalid", async () => {
const user = await buildUser();
const res = await server.post("/api/shares.info", {
const res = await server.post("/api/shares.info", user, {
body: {
token: user.getJwtToken(),
documentId: "foo",
},
});
@@ -702,9 +645,8 @@ describe("#shares.info", () => {
teamId: admin.teamId,
userId: admin.id,
});
const res = await server.post("/api/shares.info", {
const res = await server.post("/api/shares.info", user, {
body: {
token: user.getJwtToken(),
documentId: document.id,
},
});
@@ -722,9 +664,8 @@ describe("#shares.info", () => {
teamId: user.teamId,
userId: user.id,
});
const res = await server.post("/api/shares.info", {
const res = await server.post("/api/shares.info", user, {
body: {
token: user.getJwtToken(),
id: share.id,
},
});
@@ -747,9 +688,8 @@ describe("#shares.info", () => {
teamId: user.teamId,
userId: user.id,
});
const res = await server.post("/api/shares.info", {
const res = await server.post("/api/shares.info", user, {
body: {
token: user.getJwtToken(),
documentId: document.id,
},
});
@@ -765,9 +705,8 @@ describe("#shares.info", () => {
userId: user.id,
teamId: user.teamId,
});
const res = await server.post("/api/shares.info", {
const res = await server.post("/api/shares.info", user, {
body: {
token: user.getJwtToken(),
documentId: document.id,
},
});
@@ -803,9 +742,8 @@ describe("#shares.info", () => {
});
await collection.reload();
await collection.addDocumentToStructure(childDocument, 0);
const res = await server.post("/api/shares.info", {
const res = await server.post("/api/shares.info", user, {
body: {
token: user.getJwtToken(),
documentId: childDocument.id,
},
});
@@ -852,9 +790,8 @@ describe("#shares.info", () => {
userId: user.id,
});
await collection.addDocumentToStructure(childDocument, 0);
const res = await server.post("/api/shares.info", {
const res = await server.post("/api/shares.info", user, {
body: {
token: user.getJwtToken(),
documentId: childDocument.id,
},
});
@@ -897,9 +834,8 @@ describe("#shares.info", () => {
});
await collection.reload();
await collection.addDocumentToStructure(childDocument, 0);
const res = await server.post("/api/shares.info", {
const res = await server.post("/api/shares.info", user, {
body: {
token: user.getJwtToken(),
documentId: childDocument.id,
},
});
@@ -928,9 +864,8 @@ describe("#shares.update", () => {
documentId: document.id,
teamId: user.teamId,
});
const res = await server.post("/api/shares.update", {
const res = await server.post("/api/shares.update", user, {
body: {
token: user.getJwtToken(),
id: share.id,
urlId: "url_id",
},
@@ -944,9 +879,8 @@ describe("#shares.update", () => {
it("should fail with status 400 bad request when id is missing", async () => {
const user = await buildUser();
const res = await server.post("/api/shares.update", {
const res = await server.post("/api/shares.update", user, {
body: {
token: user.getJwtToken(),
urlId: "url-id",
},
});
@@ -967,9 +901,8 @@ describe("#shares.update", () => {
documentId: document.id,
teamId: user.teamId,
});
const res = await server.post("/api/shares.update", {
const res = await server.post("/api/shares.update", user, {
body: {
token: user.getJwtToken(),
id: share.id,
urlId: "url-id",
},
@@ -989,17 +922,15 @@ describe("#shares.update", () => {
documentId: document.id,
teamId: user.teamId,
});
await server.post("/api/shares.update", {
await server.post("/api/shares.update", user, {
body: {
token: user.getJwtToken(),
id: share.id,
urlId: "url-id",
},
});
const res = await server.post("/api/shares.update", {
const res = await server.post("/api/shares.update", user, {
body: {
token: user.getJwtToken(),
id: share.id,
urlId: null,
},
@@ -1019,9 +950,8 @@ describe("#shares.update", () => {
documentId: document.id,
teamId: user.teamId,
});
const res = await server.post("/api/shares.update", {
const res = await server.post("/api/shares.update", user, {
body: {
token: user.getJwtToken(),
id: share.id,
title: "Custom Title",
iconUrl: "https://example.com/icon.png",
@@ -1045,9 +975,8 @@ describe("#shares.update", () => {
title: "Custom Title",
iconUrl: "https://example.com/icon.png",
});
const res = await server.post("/api/shares.update", {
const res = await server.post("/api/shares.update", user, {
body: {
token: user.getJwtToken(),
id: share.id,
title: null,
iconUrl: null,
@@ -1070,9 +999,8 @@ describe("#shares.update", () => {
teamId: user.teamId,
title: "Custom Title",
});
const res = await server.post("/api/shares.update", {
const res = await server.post("/api/shares.update", user, {
body: {
token: user.getJwtToken(),
id: share.id,
title: "",
},
@@ -1092,9 +1020,8 @@ describe("#shares.update", () => {
documentId: document.id,
teamId: user.teamId,
});
const res = await server.post("/api/shares.update", {
const res = await server.post("/api/shares.update", user, {
body: {
token: user.getJwtToken(),
id: share.id,
iconUrl: "/uploads/icon.png",
},
@@ -1114,9 +1041,8 @@ describe("#shares.update", () => {
documentId: document.id,
teamId: user.teamId,
});
const res = await server.post("/api/shares.update", {
const res = await server.post("/api/shares.update", user, {
body: {
token: user.getJwtToken(),
id: share.id,
iconUrl: "not a url",
},
@@ -1134,9 +1060,8 @@ describe("#shares.update", () => {
documentId: document.id,
teamId: user.teamId,
});
const res = await server.post("/api/shares.update", {
const res = await server.post("/api/shares.update", user, {
body: {
token: user.getJwtToken(),
id: share.id,
iconUrl: "javascript:alert(1)",
},
@@ -1154,9 +1079,8 @@ describe("#shares.update", () => {
documentId: document.id,
teamId: user.teamId,
});
const res = await server.post("/api/shares.update", {
const res = await server.post("/api/shares.update", user, {
body: {
token: user.getJwtToken(),
id: share.id,
published: true,
},
@@ -1178,9 +1102,8 @@ describe("#shares.update", () => {
teamId: user.teamId,
userId: user.id,
});
const res = await server.post("/api/shares.update", {
const res = await server.post("/api/shares.update", user, {
body: {
token: user.getJwtToken(),
id: share.id,
published: true,
},
@@ -1201,9 +1124,8 @@ describe("#shares.update", () => {
teamId: user.teamId,
userId: user.id,
});
const res = await server.post("/api/shares.update", {
const res = await server.post("/api/shares.update", admin, {
body: {
token: admin.getJwtToken(),
id: share.id,
published: true,
},
@@ -1246,9 +1168,8 @@ describe("#shares.update", () => {
teamId: admin.teamId,
userId: admin.id,
});
const res = await server.post("/api/shares.update", {
const res = await server.post("/api/shares.update", user, {
body: {
token: user.getJwtToken(),
id: share.id,
published: true,
},
@@ -1260,11 +1181,7 @@ describe("#shares.update", () => {
describe("#shares.revoke", () => {
it("should fail with status 400 bad request when id is missing", async () => {
const user = await buildUser();
const res = await server.post("/api/shares.revoke", {
body: {
token: user.getJwtToken(),
},
});
const res = await server.post("/api/shares.revoke", user);
const body = await res.json();
expect(res.status).toEqual(400);
expect(body.message).toEqual(
@@ -1283,9 +1200,8 @@ describe("#shares.revoke", () => {
teamId: user.teamId,
userId: user.id,
});
const res = await server.post("/api/shares.revoke", {
const res = await server.post("/api/shares.revoke", user, {
body: {
token: user.getJwtToken(),
id: share.id,
},
});
@@ -1303,9 +1219,8 @@ describe("#shares.revoke", () => {
teamId: user.teamId,
userId: user.id,
});
const res = await server.post("/api/shares.revoke", {
const res = await server.post("/api/shares.revoke", user, {
body: {
token: user.getJwtToken(),
id: share.id,
},
});
@@ -1324,9 +1239,8 @@ describe("#shares.revoke", () => {
userId: user.id,
});
await withAPIContext(user, (ctx) => document.destroyWithCtx(ctx));
const res = await server.post("/api/shares.revoke", {
const res = await server.post("/api/shares.revoke", user, {
body: {
token: user.getJwtToken(),
id: share.id,
},
});
@@ -1343,9 +1257,8 @@ describe("#shares.revoke", () => {
teamId: user.teamId,
userId: user.id,
});
const res = await server.post("/api/shares.revoke", {
const res = await server.post("/api/shares.revoke", admin, {
body: {
token: admin.getJwtToken(),
id: share.id,
},
});
@@ -1383,9 +1296,8 @@ describe("#shares.revoke", () => {
teamId: admin.teamId,
userId: admin.id,
});
const res = await server.post("/api/shares.revoke", {
const res = await server.post("/api/shares.revoke", user, {
body: {
token: user.getJwtToken(),
id: share.id,
},
});
server/routes/api/stars/stars.test.ts
+7 -26
View File
@@ -7,11 +7,7 @@ describe("#stars.create", () => {
it("should fail with status 400 bad request when both documentId and collectionId are missing", async () => {
const user = await buildUser();
const res = await server.post("/api/stars.create", {
body: {
token: user.getJwtToken(),
},
});
const res = await server.post("/api/stars.create", user);
const body = await res.json();
expect(res.status).toEqual(400);
@@ -27,9 +23,8 @@ describe("#stars.create", () => {
teamId: user.teamId,
});
const res = await server.post("/api/stars.create", {
const res = await server.post("/api/stars.create", user, {
body: {
token: user.getJwtToken(),
documentId: document.id,
},
});
@@ -55,11 +50,7 @@ describe("#stars.list", () => {
userId: user.id,
});
const res = await server.post("/api/stars.list", {
body: {
token: user.getJwtToken(),
},
});
const res = await server.post("/api/stars.list", user);
const body = await res.json();
expect(res.status).toEqual(200);
@@ -76,11 +67,7 @@ describe("#stars.list", () => {
describe("#stars.update", () => {
it("should fail with status 400 bad request when id is missing", async () => {
const user = await buildUser();
const res = await server.post("/api/stars.update", {
body: {
token: user.getJwtToken(),
},
});
const res = await server.post("/api/stars.update", user);
const body = await res.json();
expect(res.status).toEqual(400);
expect(body.message).toEqual(
@@ -93,9 +80,8 @@ describe("#stars.update", () => {
const star = await buildStar({
userId: user.id,
});
const res = await server.post("/api/stars.update", {
const res = await server.post("/api/stars.update", user, {
body: {
token: user.getJwtToken(),
id: star.id,
index: "i",
},
@@ -111,11 +97,7 @@ describe("#stars.update", () => {
describe("#stars.delete", () => {
it("should fail with status 400 bad request when id is missing", async () => {
const user = await buildUser();
const res = await server.post("/api/stars.delete", {
body: {
token: user.getJwtToken(),
},
});
const res = await server.post("/api/stars.delete", user);
const body = await res.json();
expect(res.status).toEqual(400);
expect(body.message).toEqual(
@@ -129,10 +111,9 @@ describe("#stars.delete", () => {
userId: user.id,
});
const res = await server.post("/api/stars.delete", {
const res = await server.post("/api/stars.delete", user, {
body: {
id: star.id,
token: user.getJwtToken(),
},
});
server/routes/api/subscriptions/subscriptions.test.ts
+53 -93
View File
@@ -22,9 +22,8 @@ describe("#subscriptions.create", () => {
teamId: user.teamId,
});
const res = await server.post("/api/subscriptions.create", {
const res = await server.post("/api/subscriptions.create", user, {
body: {
token: user.getJwtToken(),
collectionId: collection.id,
event: SubscriptionType.Document,
},
@@ -46,9 +45,8 @@ describe("#subscriptions.create", () => {
teamId: user.teamId,
});
const res = await server.post("/api/subscriptions.create", {
const res = await server.post("/api/subscriptions.create", user, {
body: {
token: user.getJwtToken(),
documentId: document.id,
event: SubscriptionType.Document,
},
@@ -70,9 +68,8 @@ describe("#subscriptions.create", () => {
teamId: user.teamId,
});
const res = await server.post("/api/subscriptions.create", {
const res = await server.post("/api/subscriptions.create", user, {
body: {
token: user.getJwtToken(),
documentId: document.id,
event: SubscriptionType.Document,
},
@@ -104,36 +101,32 @@ describe("#subscriptions.create", () => {
});
// First `subscriptions.create` request.
await server.post("/api/subscriptions.create", {
await server.post("/api/subscriptions.create", user, {
body: {
token: user.getJwtToken(),
documentId: document.id,
event: SubscriptionType.Document,
},
});
// Second `subscriptions.create` request.
await server.post("/api/subscriptions.create", {
await server.post("/api/subscriptions.create", user, {
body: {
token: user.getJwtToken(),
documentId: document.id,
event: SubscriptionType.Document,
},
});
// Third `subscriptions.create` request.
await server.post("/api/subscriptions.create", {
await server.post("/api/subscriptions.create", user, {
body: {
token: user.getJwtToken(),
documentId: document.id,
event: SubscriptionType.Document,
},
});
// List subscriptions associated with `document.id`
const res = await server.post("/api/subscriptions.list", {
const res = await server.post("/api/subscriptions.list", user, {
body: {
token: user.getJwtToken(),
documentId: document.id,
event: SubscriptionType.Document,
},
@@ -156,9 +149,8 @@ describe("#subscriptions.create", () => {
teamId: user.teamId,
});
const res = await server.post("/api/subscriptions.create", {
const res = await server.post("/api/subscriptions.create", user, {
body: {
token: user.getJwtToken(),
documentId: document.id,
// Subscription on event that cannot be subscribed to.
event: "documents.publish",
@@ -178,9 +170,8 @@ describe("#subscriptions.create", () => {
it("should throw 400 when neither documentId nor collectionId is provided", async () => {
const user = await buildUser();
const res = await server.post("/api/subscriptions.create", {
const res = await server.post("/api/subscriptions.create", user, {
body: {
token: user.getJwtToken(),
event: SubscriptionType.Document,
},
});
@@ -205,9 +196,8 @@ describe("#subscriptions.create", () => {
teamId: user.teamId,
});
const res = await server.post("/api/subscriptions.create", {
const res = await server.post("/api/subscriptions.create", user, {
body: {
token: user.getJwtToken(),
collectionId: collection.id,
documentId: document.id,
event: SubscriptionType.Document,
@@ -236,9 +226,8 @@ describe("#subscriptions.create", () => {
teamId: otherUser.teamId,
});
const res = await server.post("/api/subscriptions.create", {
const res = await server.post("/api/subscriptions.create", user, {
body: {
token: user.getJwtToken(),
collectionId: collection.id,
documentId: otherDocument.id,
event: SubscriptionType.Document,
@@ -265,17 +254,15 @@ describe("#subscriptions.info", () => {
teamId: user.teamId,
});
await server.post("/api/subscriptions.create", {
await server.post("/api/subscriptions.create", subscriber, {
body: {
token: subscriber.getJwtToken(),
collectionId: collection.id,
event: SubscriptionType.Document,
},
});
const res = await server.post("/api/subscriptions.info", {
const res = await server.post("/api/subscriptions.info", subscriber, {
body: {
token: subscriber.getJwtToken(),
collectionId: collection.id,
event: SubscriptionType.Document,
},
@@ -305,18 +292,16 @@ describe("#subscriptions.info", () => {
});
// `subscriber` subscribes to `document0`.
await server.post("/api/subscriptions.create", {
await server.post("/api/subscriptions.create", subscriber, {
body: {
token: subscriber.getJwtToken(),
documentId: document0.id,
event: SubscriptionType.Document,
},
});
// `subscriber` subscribes to `document1`.
await server.post("/api/subscriptions.create", {
await server.post("/api/subscriptions.create", subscriber, {
body: {
token: subscriber.getJwtToken(),
documentId: document1.id,
event: SubscriptionType.Document,
},
@@ -324,13 +309,16 @@ describe("#subscriptions.info", () => {
// `subscriber` wants info about
// their subscription on `document0`.
const subscription0 = await server.post("/api/subscriptions.info", {
body: {
token: subscriber.getJwtToken(),
documentId: document0.id,
event: SubscriptionType.Document,
},
});
const subscription0 = await server.post(
"/api/subscriptions.info",
subscriber,
{
body: {
documentId: document0.id,
event: SubscriptionType.Document,
},
}
);
const response0 = await subscription0.json();
@@ -343,9 +331,8 @@ describe("#subscriptions.info", () => {
it("should throw 400 when neither documentId nor collectionId is provided", async () => {
const user = await buildUser();
const res = await server.post("/api/subscriptions.info", {
const res = await server.post("/api/subscriptions.info", user, {
body: {
token: user.getJwtToken(),
event: SubscriptionType.Document,
},
});
@@ -367,9 +354,8 @@ describe("#subscriptions.info", () => {
teamId: author.teamId,
});
const res = await server.post("/api/subscriptions.info", {
const res = await server.post("/api/subscriptions.info", subscriber, {
body: {
token: subscriber.getJwtToken(),
documentId: document.id,
event: SubscriptionType.Document,
},
@@ -396,27 +382,24 @@ describe("#subscriptions.info", () => {
});
// `subscriber` subscribes to `document0`.
await server.post("/api/subscriptions.create", {
await server.post("/api/subscriptions.create", subscriber, {
body: {
token: subscriber.getJwtToken(),
documentId: document0.id,
event: SubscriptionType.Document,
},
});
// `subscriber` subscribes to `document1`.
await server.post("/api/subscriptions.create", {
await server.post("/api/subscriptions.create", subscriber, {
body: {
token: subscriber.getJwtToken(),
documentId: document1.id,
event: SubscriptionType.Document,
},
});
// `viewer` wants info about `subscriber`'s subscription on `document0`.
const subscription0 = await server.post("/api/subscriptions.info", {
const subscription0 = await server.post("/api/subscriptions.info", viewer, {
body: {
token: viewer.getJwtToken(),
documentId: document0.id,
event: SubscriptionType.Document,
},
@@ -431,9 +414,8 @@ describe("#subscriptions.info", () => {
expect(response0.message).toEqual("Authorization error");
// `viewer` wants info about `subscriber`'s subscription on `document0`.
const subscription1 = await server.post("/api/subscriptions.info", {
const subscription1 = await server.post("/api/subscriptions.info", viewer, {
body: {
token: viewer.getJwtToken(),
documentId: document1.id,
event: SubscriptionType.Document,
},
@@ -467,27 +449,24 @@ describe("#subscriptions.info", () => {
});
// `subscriber` subscribes to `document0`.
await server.post("/api/subscriptions.create", {
await server.post("/api/subscriptions.create", subscriber, {
body: {
token: subscriber.getJwtToken(),
documentId: document0.id,
event: SubscriptionType.Document,
},
});
// `subscriber` subscribes to `document1`.
await server.post("/api/subscriptions.create", {
await server.post("/api/subscriptions.create", subscriber, {
body: {
token: subscriber.getJwtToken(),
documentId: document1.id,
event: SubscriptionType.Document,
},
});
// `viewer` wants info about `subscriber`'s subscription on `document0` - they have requested an invalid event.
const subscription0 = await server.post("/api/subscriptions.info", {
const subscription0 = await server.post("/api/subscriptions.info", viewer, {
body: {
token: viewer.getJwtToken(),
documentId: document0.id,
event: "documents.changed",
},
@@ -505,9 +484,8 @@ describe("#subscriptions.info", () => {
// `viewer` wants info about `subscriber`'s
// subscription on `document0`.
// They have requested an invalid event.
const subscription1 = await server.post("/api/subscriptions.info", {
const subscription1 = await server.post("/api/subscriptions.info", viewer, {
body: {
token: viewer.getJwtToken(),
documentId: document1.id,
event: "doc.affected",
},
@@ -538,9 +516,8 @@ describe("#subscriptions.list", () => {
documentId: document.id,
});
const res = await server.post("/api/subscriptions.list", {
const res = await server.post("/api/subscriptions.list", user, {
body: {
token: user.getJwtToken(),
documentId: document.id,
event: SubscriptionType.Document,
},
@@ -570,9 +547,8 @@ describe("#subscriptions.list", () => {
// `subscriber0` wants to be notified about
// changes on this document.
await server.post("/api/subscriptions.create", {
await server.post("/api/subscriptions.create", subscriber0, {
body: {
token: subscriber0.getJwtToken(),
documentId: document.id,
event: "documents.update",
},
@@ -580,9 +556,8 @@ describe("#subscriptions.list", () => {
// `subscriber1` wants to be notified about
// changes on this document.
await server.post("/api/subscriptions.create", {
await server.post("/api/subscriptions.create", subscriber1, {
body: {
token: subscriber1.getJwtToken(),
documentId: document.id,
event: "documents.update",
},
@@ -590,9 +565,8 @@ describe("#subscriptions.list", () => {
// `viewer` just wants to know the subscribers
// for this document.
const res = await server.post("/api/subscriptions.list", {
const res = await server.post("/api/subscriptions.list", viewer, {
body: {
token: viewer.getJwtToken(),
documentId: document.id,
event: "documents.update",
},
@@ -606,9 +580,8 @@ describe("#subscriptions.list", () => {
// `subscriber0` wants to know the subscribers
// for this document.
const res0 = await server.post("/api/subscriptions.list", {
const res0 = await server.post("/api/subscriptions.list", subscriber0, {
body: {
token: subscriber0.getJwtToken(),
documentId: document.id,
event: "documents.update",
},
@@ -623,9 +596,8 @@ describe("#subscriptions.list", () => {
// `subscriber1` wants to know the subscribers
// for this document.
const res1 = await server.post("/api/subscriptions.list", {
const res1 = await server.post("/api/subscriptions.list", subscriber1, {
body: {
token: subscriber1.getJwtToken(),
documentId: document.id,
event: "documents.update",
},
@@ -654,9 +626,8 @@ describe("#subscriptions.list", () => {
// `subscriber0` wants to be notified about
// changes on this document.
await server.post("/api/subscriptions.create", {
await server.post("/api/subscriptions.create", subscriber0, {
body: {
token: subscriber0.getJwtToken(),
documentId: document.id,
event: "documents.update",
},
@@ -664,9 +635,8 @@ describe("#subscriptions.list", () => {
// `subscriber1` wants to be notified about
// changes on this document.
await server.post("/api/subscriptions.create", {
await server.post("/api/subscriptions.create", subscriber1, {
body: {
token: subscriber1.getJwtToken(),
documentId: document.id,
event: "documents.update",
},
@@ -674,9 +644,8 @@ describe("#subscriptions.list", () => {
// `viewer` just wants to know the subscribers
// for this document.
const res = await server.post("/api/subscriptions.list", {
const res = await server.post("/api/subscriptions.list", viewer, {
body: {
token: viewer.getJwtToken(),
documentId: document.id,
event: "changes.on.documents",
},
@@ -707,9 +676,8 @@ describe("#subscriptions.list", () => {
// `subscriber0` wants to be notified about
// changes on this document.
await server.post("/api/subscriptions.create", {
await server.post("/api/subscriptions.create", subscriber0, {
body: {
token: subscriber0.getJwtToken(),
documentId: document.id,
event: "documents.update",
},
@@ -717,9 +685,8 @@ describe("#subscriptions.list", () => {
// `subscriber1` wants to be notified about
// changes on this document.
await server.post("/api/subscriptions.create", {
await server.post("/api/subscriptions.create", subscriber1, {
body: {
token: subscriber1.getJwtToken(),
documentId: document.id,
event: "documents.update",
},
@@ -727,9 +694,8 @@ describe("#subscriptions.list", () => {
// `viewer` wants to know the subscribers
// for this internal document.
const res = await server.post("/api/subscriptions.info", {
const res = await server.post("/api/subscriptions.info", viewer, {
body: {
token: viewer.getJwtToken(),
documentId: document.id,
event: "documents.update",
},
@@ -748,9 +714,8 @@ describe("#subscriptions.list", () => {
it("should throw 400 when neither documentId nor collectionId is provided", async () => {
const user = await buildUser();
const res = await server.post("/api/subscriptions.list", {
const res = await server.post("/api/subscriptions.list", user, {
body: {
token: user.getJwtToken(),
event: SubscriptionType.Document,
},
});
@@ -870,10 +835,9 @@ describe("#subscriptions.delete", () => {
documentId: document.id,
});
const res = await server.post("/api/subscriptions.delete", {
const res = await server.post("/api/subscriptions.delete", user, {
body: {
id: subscription.id,
token: user.getJwtToken(),
},
});
@@ -904,10 +868,9 @@ describe("#subscriptions.delete", () => {
collectionId: collection.id,
});
const res = await server.post("/api/subscriptions.delete", {
const res = await server.post("/api/subscriptions.delete", user, {
body: {
id: subscription.id,
token: user.getJwtToken(),
},
});
@@ -943,9 +906,8 @@ describe("#subscriptions.delete", () => {
// `subscriber0` wants to be notified about
// changes on this document.
await server.post("/api/subscriptions.create", {
await server.post("/api/subscriptions.create", subscriber0, {
body: {
token: subscriber0.getJwtToken(),
documentId: document.id,
event: "documents.update",
},
@@ -953,9 +915,8 @@ describe("#subscriptions.delete", () => {
// `subscriber1` wants to be notified about
// changes on this document.
const resp = await server.post("/api/subscriptions.create", {
const resp = await server.post("/api/subscriptions.create", subscriber1, {
body: {
token: subscriber1.getJwtToken(),
documentId: document.id,
event: "documents.update",
},
@@ -966,10 +927,9 @@ describe("#subscriptions.delete", () => {
// `subscriber0` wants to change `subscriber1`'s
// subscription for this document.
const res = await server.post("/api/subscriptions.delete", {
const res = await server.post("/api/subscriptions.delete", subscriber0, {
body: {
id: subscription1Id,
token: subscriber0.getJwtToken(),
},
});
server/routes/api/teams/teams.test.ts
+18 -39
View File
@@ -15,9 +15,8 @@ describe("teams.create", () => {
const team = await buildTeam();
const user = await buildAdmin({ teamId: team.id });
const name = faker.company.name();
const res = await server.post("/api/teams.create", {
const res = await server.post("/api/teams.create", user, {
body: {
token: user.getJwtToken(),
name,
},
});
@@ -31,9 +30,8 @@ describe("teams.create", () => {
const team = await buildTeam();
const user = await buildAdmin({ teamId: team.id });
const res = await server.post("/api/teams.create", {
const res = await server.post("/api/teams.create", user, {
body: {
token: user.getJwtToken(),
name: faker.company.name(),
},
});
@@ -45,9 +43,8 @@ describe("#team.update", () => {
it("should update team details", async () => {
const admin = await buildAdmin();
const name = faker.company.name();
const res = await server.post("/api/team.update", {
const res = await server.post("/api/team.update", admin, {
body: {
token: admin.getJwtToken(),
name,
},
});
@@ -59,9 +56,8 @@ describe("#team.update", () => {
it("should add avatar", async () => {
const team = await buildTeam();
const admin = await buildAdmin({ teamId: team.id });
const res = await server.post("/api/team.update", {
const res = await server.post("/api/team.update", admin, {
body: {
token: admin.getJwtToken(),
avatarUrl: "https://random-url.com",
},
});
@@ -73,9 +69,8 @@ describe("#team.update", () => {
it("should remove avatar", async () => {
const team = await buildTeam({ avatarUrl: "https://random-url.com" });
const admin = await buildAdmin({ teamId: team.id });
const res = await server.post("/api/team.update", {
const res = await server.post("/api/team.update", admin, {
body: {
token: admin.getJwtToken(),
avatarUrl: null,
},
});
@@ -86,9 +81,8 @@ describe("#team.update", () => {
it("should not invalidate request if subdomain is sent as null", async () => {
const admin = await buildAdmin();
const res = await server.post("/api/team.update", {
const res = await server.post("/api/team.update", admin, {
body: {
token: admin.getJwtToken(),
subdomain: null,
},
});
@@ -100,9 +94,8 @@ describe("#team.update", () => {
const admin = await buildAdmin({ teamId: team.id });
const domain1 = faker.internet.domainName();
const domain2 = faker.internet.domainName();
const res = await server.post("/api/team.update", {
const res = await server.post("/api/team.update", admin, {
body: {
token: admin.getJwtToken(),
allowedDomains: [domain1, "", domain2, "", ""],
},
});
@@ -127,9 +120,8 @@ describe("#team.update", () => {
createdById: admin.id,
});
const res = await server.post("/api/team.update", {
const res = await server.post("/api/team.update", admin, {
body: {
token: admin.getJwtToken(),
allowedDomains: [],
},
});
@@ -156,9 +148,8 @@ describe("#team.update", () => {
const domain1 = faker.internet.domainName();
const domain2 = faker.internet.domainName();
const res = await server.post("/api/team.update", {
const res = await server.post("/api/team.update", admin, {
body: {
token: admin.getJwtToken(),
allowedDomains: [domain1, domain2],
},
});
@@ -177,16 +168,14 @@ describe("#team.update", () => {
it("should only allow member,viewer or admin as default role", async () => {
const admin = await buildAdmin();
const res = await server.post("/api/team.update", {
const res = await server.post("/api/team.update", admin, {
body: {
token: admin.getJwtToken(),
defaultUserRole: "New name",
},
});
expect(res.status).toEqual(400);
const successRes = await server.post("/api/team.update", {
const successRes = await server.post("/api/team.update", admin, {
body: {
token: admin.getJwtToken(),
defaultUserRole: "viewer",
},
});
@@ -198,9 +187,8 @@ describe("#team.update", () => {
it("should allow identical team details", async () => {
const team = await buildTeam();
const admin = await buildAdmin({ teamId: team.id });
const res = await server.post("/api/team.update", {
const res = await server.post("/api/team.update", admin, {
body: {
token: admin.getJwtToken(),
name: team.name,
},
});
@@ -211,9 +199,8 @@ describe("#team.update", () => {
it("should require admin", async () => {
const user = await buildUser();
const res = await server.post("/api/team.update", {
const res = await server.post("/api/team.update", user, {
body: {
token: user.getJwtToken(),
name: faker.company.name(),
},
});
@@ -227,9 +214,8 @@ describe("#team.update", () => {
it("should not allow setting team name to null", async () => {
const admin = await buildAdmin();
const res = await server.post("/api/team.update", {
const res = await server.post("/api/team.update", admin, {
body: {
token: admin.getJwtToken(),
name: null,
},
});
@@ -244,9 +230,8 @@ describe("#team.update", () => {
userId: admin.id,
});
const res = await server.post("/api/team.update", {
const res = await server.post("/api/team.update", admin, {
body: {
token: admin.getJwtToken(),
defaultCollectionId: collection.id,
},
});
@@ -268,9 +253,8 @@ describe("#team.update", () => {
userId: admin.id,
});
const res = await server.post("/api/team.update", {
const res = await server.post("/api/team.update", admin, {
body: {
token: admin.getJwtToken(),
defaultCollectionId: collection.id,
},
});
@@ -279,9 +263,8 @@ describe("#team.update", () => {
expect(res.status).toEqual(200);
expect(body.data.defaultCollectionId).toEqual(collection.id);
const updateRes = await server.post("/api/collections.update", {
const updateRes = await server.post("/api/collections.update", admin, {
body: {
token: admin.getJwtToken(),
id: collection.id,
permission: null,
},
@@ -289,11 +272,7 @@ describe("#team.update", () => {
expect(updateRes.status).toEqual(200);
const res3 = await server.post("/api/auth.info", {
body: {
token: admin.getJwtToken(),
},
});
const res3 = await server.post("/api/auth.info", admin);
const body3 = await res3.json();
expect(res3.status).toEqual(200);
expect(body3.data.team.defaultCollectionId).toEqual(null);
server/routes/api/templates/templates.test.ts
+33 -72
View File
@@ -20,11 +20,7 @@ describe("#templates.list", () => {
teamId: user.teamId,
});
const res = await server.post("/api/templates.list", {
body: {
token: user.getJwtToken(),
},
});
const res = await server.post("/api/templates.list", user);
const body = await res.json();
expect(res.status).toEqual(200);
@@ -45,9 +41,8 @@ describe("#templates.list", () => {
collectionId: collection.id,
});
const res = await server.post("/api/templates.list", {
const res = await server.post("/api/templates.list", user, {
body: {
token: user.getJwtToken(),
collectionId: collection.id,
},
});
@@ -72,9 +67,8 @@ describe("#templates.info", () => {
teamId: user.teamId,
});
const res = await server.post("/api/templates.info", {
const res = await server.post("/api/templates.info", user, {
body: {
token: user.getJwtToken(),
id: template.id,
},
});
@@ -92,9 +86,8 @@ describe("#templates.info", () => {
it("should fail for invalid template id", async () => {
const user = await buildUser();
const res = await server.post("/api/templates.info", {
const res = await server.post("/api/templates.info", user, {
body: {
token: user.getJwtToken(),
id: "invalid",
},
});
@@ -112,9 +105,8 @@ describe("#templates.update", () => {
title: "Original title",
});
const res = await server.post("/api/templates.update", {
const res = await server.post("/api/templates.update", user, {
body: {
token: user.getJwtToken(),
id: template.id,
title: "New title",
},
@@ -148,9 +140,8 @@ describe("#templates.update", () => {
],
};
const res = await server.post("/api/templates.update", {
const res = await server.post("/api/templates.update", user, {
body: {
token: user.getJwtToken(),
id: template.id,
data,
},
@@ -173,9 +164,8 @@ describe("#templates.update", () => {
teamId: admin.teamId,
});
const res = await server.post("/api/templates.update", {
const res = await server.post("/api/templates.update", admin, {
body: {
token: admin.getJwtToken(),
id: template.id,
collectionId: targetCollection.id,
},
@@ -199,9 +189,8 @@ describe("#templates.update", () => {
permission: null,
});
const res = await server.post("/api/templates.update", {
const res = await server.post("/api/templates.update", user, {
body: {
token: user.getJwtToken(),
id: template.id,
collectionId: inaccessibleCollection.id,
},
@@ -222,9 +211,8 @@ describe("#templates.update", () => {
// but is not a team admin
const user = await buildUser({ teamId: admin.teamId });
const res = await server.post("/api/templates.update", {
const res = await server.post("/api/templates.update", user, {
body: {
token: user.getJwtToken(),
id: template.id,
collectionId: null,
},
@@ -240,9 +228,8 @@ describe("#templates.update", () => {
teamId: admin.teamId,
});
const res = await server.post("/api/templates.update", {
const res = await server.post("/api/templates.update", admin, {
body: {
token: admin.getJwtToken(),
id: template.id,
collectionId: null,
},
@@ -255,9 +242,8 @@ describe("#templates.update", () => {
it("should fail with status 400 bad request when id is missing", async () => {
const user = await buildUser();
const res = await server.post("/api/templates.update", {
const res = await server.post("/api/templates.update", user, {
body: {
token: user.getJwtToken(),
title: "New title",
},
});
@@ -281,9 +267,8 @@ describe("#templates.duplicate", () => {
title: "test",
});
const res = await server.post("/api/templates.duplicate", {
const res = await server.post("/api/templates.duplicate", user, {
body: {
token: user.getJwtToken(),
id: template.id,
},
});
@@ -302,9 +287,8 @@ describe("#templates.duplicate", () => {
teamId: user.teamId,
});
const res = await server.post("/api/templates.duplicate", {
const res = await server.post("/api/templates.duplicate", user, {
body: {
token: user.getJwtToken(),
id: template.id,
title: "New title",
},
@@ -329,9 +313,8 @@ describe("#templates.duplicate", () => {
teamId: admin.teamId,
});
const res = await server.post("/api/templates.duplicate", {
const res = await server.post("/api/templates.duplicate", admin, {
body: {
token: admin.getJwtToken(),
id: template.id,
collectionId: targetCollection.id,
},
@@ -355,9 +338,8 @@ describe("#templates.duplicate", () => {
permission: null,
});
const res = await server.post("/api/templates.duplicate", {
const res = await server.post("/api/templates.duplicate", user, {
body: {
token: user.getJwtToken(),
id: template.id,
collectionId: inaccessibleCollection.id,
},
@@ -376,9 +358,8 @@ describe("#templates.duplicate", () => {
// Non-admin member on the same team
const user = await buildUser({ teamId: admin.teamId });
const res = await server.post("/api/templates.duplicate", {
const res = await server.post("/api/templates.duplicate", user, {
body: {
token: user.getJwtToken(),
id: template.id,
collectionId: null,
},
@@ -394,9 +375,8 @@ describe("#templates.duplicate", () => {
teamId: admin.teamId,
});
const res = await server.post("/api/templates.duplicate", {
const res = await server.post("/api/templates.duplicate", admin, {
body: {
token: admin.getJwtToken(),
id: template.id,
collectionId: null,
},
@@ -414,9 +394,8 @@ describe("#templates.duplicate", () => {
teamId: user.teamId,
});
const res = await server.post("/api/templates.duplicate", {
const res = await server.post("/api/templates.duplicate", user, {
body: {
token: user.getJwtToken(),
id: template.id,
},
});
@@ -433,9 +412,8 @@ describe("#templates.duplicate", () => {
it("should fail for invalid template id", async () => {
const user = await buildUser();
const res = await server.post("/api/templates.duplicate", {
const res = await server.post("/api/templates.duplicate", user, {
body: {
token: user.getJwtToken(),
id: "invalid",
},
});
@@ -452,9 +430,8 @@ describe("#templates.delete", () => {
teamId: user.teamId,
});
const res = await server.post("/api/templates.delete", {
const res = await server.post("/api/templates.delete", user, {
body: {
token: user.getJwtToken(),
id: template.id,
},
});
@@ -466,11 +443,7 @@ describe("#templates.delete", () => {
it("should fail with status 400 bad request when id is missing", async () => {
const user = await buildUser();
const res = await server.post("/api/templates.delete", {
body: {
token: user.getJwtToken(),
},
});
const res = await server.post("/api/templates.delete", user);
const body = await res.json();
expect(res.status).toEqual(400);
expect(body.message).toEqual("id: Must be a valid UUID or slug");
@@ -494,9 +467,8 @@ describe("templateManagement", () => {
const member = await buildUser({ teamId: admin.teamId });
const res = await server.post("/api/templates.create", {
const res = await server.post("/api/templates.create", member, {
body: {
token: member.getJwtToken(),
collectionId: collection.id,
title: "Member template",
data: {
@@ -527,9 +499,8 @@ describe("templateManagement", () => {
const member = await buildUser({ teamId: admin.teamId });
const res = await server.post("/api/templates.create", {
const res = await server.post("/api/templates.create", member, {
body: {
token: member.getJwtToken(),
collectionId: collection.id,
title: "Member template",
data: {
@@ -564,9 +535,8 @@ describe("templateManagement", () => {
permission: CollectionPermission.ReadWrite,
});
const res = await server.post("/api/templates.create", {
const res = await server.post("/api/templates.create", member, {
body: {
token: member.getJwtToken(),
collectionId: collection.id,
title: "Member template",
data: {
@@ -603,9 +573,8 @@ describe("templateManagement", () => {
permission: CollectionPermission.Read,
});
const res = await server.post("/api/templates.create", {
const res = await server.post("/api/templates.create", member, {
body: {
token: member.getJwtToken(),
collectionId: collection.id,
title: "Member template",
data: {
@@ -640,9 +609,8 @@ describe("templateManagement", () => {
collectionId: collection.id,
});
const res = await server.post("/api/templates.update", {
const res = await server.post("/api/templates.update", member, {
body: {
token: member.getJwtToken(),
id: template.id,
title: "Updated by member",
},
@@ -668,9 +636,8 @@ describe("templateManagement", () => {
collectionId: collection.id,
});
const res = await server.post("/api/templates.update", {
const res = await server.post("/api/templates.update", member, {
body: {
token: member.getJwtToken(),
id: template.id,
title: "Updated by member",
},
@@ -696,9 +663,8 @@ describe("templateManagement", () => {
collectionId: collection.id,
});
const res = await server.post("/api/templates.duplicate", {
const res = await server.post("/api/templates.duplicate", member, {
body: {
token: member.getJwtToken(),
id: template.id,
},
});
@@ -723,9 +689,8 @@ describe("templateManagement", () => {
collectionId: collection.id,
});
const res = await server.post("/api/templates.duplicate", {
const res = await server.post("/api/templates.duplicate", member, {
body: {
token: member.getJwtToken(),
id: template.id,
},
});
@@ -751,9 +716,8 @@ describe("templateManagement", () => {
});
await template.destroy();
const res = await server.post("/api/templates.restore", {
const res = await server.post("/api/templates.restore", member, {
body: {
token: member.getJwtToken(),
id: template.id,
},
});
@@ -779,9 +743,8 @@ describe("templateManagement", () => {
});
await template.destroy();
const res = await server.post("/api/templates.restore", {
const res = await server.post("/api/templates.restore", member, {
body: {
token: member.getJwtToken(),
id: template.id,
},
});
@@ -806,9 +769,8 @@ describe("templateManagement", () => {
collectionId: collection.id,
});
const res = await server.post("/api/templates.delete", {
const res = await server.post("/api/templates.delete", member, {
body: {
token: member.getJwtToken(),
id: template.id,
},
});
@@ -833,9 +795,8 @@ describe("templateManagement", () => {
collectionId: collection.id,
});
const res = await server.post("/api/templates.delete", {
const res = await server.post("/api/templates.delete", member, {
body: {
token: member.getJwtToken(),
id: template.id,
},
});
server/routes/api/urls/urls.test.ts
+20 -43
View File
@@ -53,9 +53,8 @@ describe("#urls.unfurl", () => {
});
it("should fail with status 400 bad request when url is invalid", async () => {
const res = await server.post("/api/urls.unfurl", {
const res = await server.post("/api/urls.unfurl", user, {
body: {
token: user.getJwtToken(),
url: "/doc/foo-bar",
},
});
@@ -66,9 +65,8 @@ describe("#urls.unfurl", () => {
});
it("should fail with status 400 bad request when mention url is invalid", async () => {
const res = await server.post("/api/urls.unfurl", {
const res = await server.post("/api/urls.unfurl", user, {
body: {
token: user.getJwtToken(),
url: "mention://1/foo/1",
},
});
@@ -79,9 +77,8 @@ describe("#urls.unfurl", () => {
});
it("should fail with status 400 bad request when mention url is supplied without documentId", async () => {
const res = await server.post("/api/urls.unfurl", {
const res = await server.post("/api/urls.unfurl", user, {
body: {
token: user.getJwtToken(),
url: "mention://2767ba0e-ac5c-4533-b9cf-4f5fc456600e/user/34095ac1-c808-45c0-8c6e-6c554497de64",
},
});
@@ -92,9 +89,8 @@ describe("#urls.unfurl", () => {
});
it("should fail with status 404 not found when mention user does not exist", async () => {
const res = await server.post("/api/urls.unfurl", {
const res = await server.post("/api/urls.unfurl", user, {
body: {
token: user.getJwtToken(),
url: "mention://2767ba0e-ac5c-4533-b9cf-4f5fc456600e/user/34095ac1-c808-45c0-8c6e-6c554497de64",
documentId: "2767ba0e-ac5c-4533-b9cf-4f5fc456600e",
},
@@ -110,9 +106,8 @@ describe("#urls.unfurl", () => {
teamId: user.teamId,
});
const res = await server.post("/api/urls.unfurl", {
const res = await server.post("/api/urls.unfurl", user, {
body: {
token: user.getJwtToken(),
url: `mention://2767ba0e-ac5c-4533-b9cf-4f5fc456600e/user/${mentionedUser.id}`,
documentId: "2767ba0e-ac5c-4533-b9cf-4f5fc456600e",
},
@@ -129,9 +124,8 @@ describe("#urls.unfurl", () => {
teamId: user.teamId,
});
const res = await server.post("/api/urls.unfurl", {
const res = await server.post("/api/urls.unfurl", user, {
body: {
token: user.getJwtToken(),
url: `mention://2767ba0e-ac5c-4533-b9cf-4f5fc456600e/user/${mentionedUser.id}`,
documentId: document.id,
},
@@ -147,9 +141,8 @@ describe("#urls.unfurl", () => {
teamId: user.teamId,
});
const res = await server.post("/api/urls.unfurl", {
const res = await server.post("/api/urls.unfurl", user, {
body: {
token: user.getJwtToken(),
url: `mention://2767ba0e-ac5c-4533-b9cf-4f5fc456600e/user/${mentionedUser.id}`,
documentId: document.id,
},
@@ -161,9 +154,8 @@ describe("#urls.unfurl", () => {
});
it("should return 204 when internal document url points to non-existent document", async () => {
const res = await server.post("/api/urls.unfurl", {
const res = await server.post("/api/urls.unfurl", user, {
body: {
token: user.getJwtToken(),
url: `${env.URL}/doc/non-existent-doc-abc123`,
},
});
@@ -175,9 +167,8 @@ describe("#urls.unfurl", () => {
teamId: user.teamId,
});
const res = await server.post("/api/urls.unfurl", {
const res = await server.post("/api/urls.unfurl", user, {
body: {
token: user.getJwtToken(),
url: `${env.URL}/${document.url}`,
documentId: document.id,
},
@@ -200,9 +191,8 @@ describe("#urls.unfurl", () => {
published: true,
});
const res = await server.post("/api/urls.unfurl", {
const res = await server.post("/api/urls.unfurl", user, {
body: {
token: user.getJwtToken(),
url: `${env.URL}/s/${share.id}/doc/${document.urlId}`,
},
});
@@ -225,9 +215,8 @@ describe("#urls.unfurl", () => {
published: true,
});
const res = await server.post("/api/urls.unfurl", {
const res = await server.post("/api/urls.unfurl", user, {
body: {
token: user.getJwtToken(),
url: `${env.URL}/s/${share.urlId}/doc/${document.urlId}`,
},
});
@@ -272,9 +261,8 @@ describe("#urls.unfurl", () => {
published: true,
});
const res = await server.post("/api/urls.unfurl", {
const res = await server.post("/api/urls.unfurl", user, {
body: {
token: user.getJwtToken(),
url: `${env.URL}/s/${share.id}/doc/${document.urlId}`,
},
});
@@ -294,9 +282,8 @@ describe("#urls.unfurl", () => {
published: true,
});
const res = await server.post("/api/urls.unfurl", {
const res = await server.post("/api/urls.unfurl", user, {
body: {
token: user.getJwtToken(),
url: `${env.URL}/s/${share.id}`,
},
});
@@ -337,9 +324,8 @@ describe("#urls.unfurl", () => {
})
);
const res = await server.post("/api/urls.unfurl", {
const res = await server.post("/api/urls.unfurl", user, {
body: {
token: user.getJwtToken(),
url: "https://www.flickr.com",
},
});
@@ -368,9 +354,8 @@ describe("#urls.unfurl", () => {
})
);
const res = await server.post("/api/urls.unfurl", {
const res = await server.post("/api/urls.unfurl", user, {
body: {
token: user.getJwtToken(),
url: "https://random.url",
},
});
@@ -386,19 +371,14 @@ describe("#urls.checkEmbed", () => {
});
it("should fail with status 400 bad request when url is missing", async () => {
const res = await server.post("/api/urls.checkEmbed", {
body: {
token: user.getJwtToken(),
},
});
const res = await server.post("/api/urls.checkEmbed", user);
expect(res.status).toEqual(400);
});
it("should fail with status 400 bad request when url is not a valid URL", async () => {
const res = await server.post("/api/urls.checkEmbed", {
const res = await server.post("/api/urls.checkEmbed", user, {
body: {
token: user.getJwtToken(),
url: "not-a-url",
},
});
@@ -408,9 +388,8 @@ describe("#urls.checkEmbed", () => {
it("should return a result for valid URLs", async () => {
// Use a YouTube URL which matches a known embed pattern
const res = await server.post("/api/urls.checkEmbed", {
const res = await server.post("/api/urls.checkEmbed", user, {
body: {
token: user.getJwtToken(),
url: "https://www.youtube.com/watch?v=dQw4w9WgXcQ",
},
});
@@ -425,9 +404,8 @@ describe("#urls.checkEmbed", () => {
describe("#urls.validateCustomDomain", () => {
it("should succeed with custom domain pointing at server", async () => {
const user = await buildUser();
const res = await server.post("/api/urls.validateCustomDomain", {
const res = await server.post("/api/urls.validateCustomDomain", user, {
body: {
token: user.getJwtToken(),
hostname: "valid.custom.domain",
},
});
@@ -436,9 +414,8 @@ describe("#urls.validateCustomDomain", () => {
it("should fail with another domain", async () => {
const user = await buildUser();
const res = await server.post("/api/urls.validateCustomDomain", {
const res = await server.post("/api/urls.validateCustomDomain", user, {
body: {
token: user.getJwtToken(),
hostname: "google.com",
},
});
server/routes/api/userMemberships/userMemberships.test.ts
+4 -11
View File
@@ -30,20 +30,15 @@ describe("#userMemberships.list", () => {
const member = await buildUser({
teamId: user.teamId,
});
await server.post("/api/documents.add_user", {
await server.post("/api/documents.add_user", user, {
body: {
token: user.getJwtToken(),
id: document.id,
userId: member.id,
},
});
const users = await document.$get("users");
expect(users.length).toEqual(1);
const res = await server.post("/api/userMemberships.list", {
body: {
token: member.getJwtToken(),
},
});
const res = await server.post("/api/userMemberships.list", member);
const body = await res.json();
expect(res.status).toEqual(200);
expect(body.data).not.toBeFalsy();
@@ -79,9 +74,8 @@ describe("#userMemberships.update", () => {
const member = await buildUser({
teamId: user.teamId,
});
const resp = await server.post("/api/documents.add_user", {
const resp = await server.post("/api/documents.add_user", user, {
body: {
token: user.getJwtToken(),
id: document.id,
userId: member.id,
},
@@ -93,9 +87,8 @@ describe("#userMemberships.update", () => {
const users = await document.$get("users");
expect(users.length).toEqual(1);
const res = await server.post("/api/userMemberships.update", {
const res = await server.post("/api/userMemberships.update", member, {
body: {
token: member.getJwtToken(),
id: respBody.data.memberships[0].id,
index: "V",
},
server/routes/api/users/users.test.ts
+60 -146
View File
@@ -27,10 +27,9 @@ describe("#users.list", () => {
email: "john.doe@example.com",
});
const res = await server.post("/api/users.list", {
const res = await server.post("/api/users.list", user, {
body: {
query: "john.doe@e",
token: user.getJwtToken(),
},
});
const body = await res.json();
@@ -49,10 +48,9 @@ describe("#users.list", () => {
teamId: user.teamId,
suspendedAt: new Date(),
});
const res = await server.post("/api/users.list", {
const res = await server.post("/api/users.list", user, {
body: {
query: "test",
token: user.getJwtToken(),
},
});
const body = await res.json();
@@ -69,10 +67,9 @@ describe("#users.list", () => {
name: "Admin",
teamId: user.teamId,
});
const res = await server.post("/api/users.list", {
const res = await server.post("/api/users.list", user, {
body: {
role: UserRole.Admin,
token: user.getJwtToken(),
},
});
const body = await res.json();
@@ -88,11 +85,10 @@ describe("#users.list", () => {
teamId: admin.teamId,
suspendedAt: new Date(),
});
const res = await server.post("/api/users.list", {
const res = await server.post("/api/users.list", admin, {
body: {
query: "test",
filter: "suspended",
token: admin.getJwtToken(),
},
});
const body = await res.json();
@@ -107,10 +103,9 @@ describe("#users.list", () => {
teamId: user.teamId,
suspendedAt: new Date(),
});
const res = await server.post("/api/users.list", {
const res = await server.post("/api/users.list", user, {
body: {
query: "test",
token: user.getJwtToken(),
},
});
const body = await res.json();
@@ -126,11 +121,10 @@ describe("#users.list", () => {
name: "Tester",
teamId: user.teamId,
});
const res = await server.post("/api/users.list", {
const res = await server.post("/api/users.list", user, {
body: {
query: "test",
filter: "active",
token: user.getJwtToken(),
},
});
const body = await res.json();
@@ -147,11 +141,10 @@ describe("#users.list", () => {
teamId: user.teamId,
lastActiveAt: null,
});
const res = await server.post("/api/users.list", {
const res = await server.post("/api/users.list", user, {
body: {
query: "test",
filter: "invited",
token: user.getJwtToken(),
},
});
const body = await res.json();
@@ -164,9 +157,8 @@ describe("#users.list", () => {
const admin = await buildAdmin({ teamId: team.id });
await buildUser({ teamId: team.id });
const res = await server.post("/api/users.list", {
const res = await server.post("/api/users.list", admin, {
body: {
token: admin.getJwtToken(),
sort: "createdAt",
direction: "DESC",
},
@@ -181,9 +173,8 @@ describe("#users.list", () => {
const admin = await buildAdmin({ teamId: team.id });
const user = await buildUser({ teamId: team.id });
const res = await server.post("/api/users.list", {
const res = await server.post("/api/users.list", admin, {
body: {
token: admin.getJwtToken(),
ids: [user.id],
},
});
@@ -198,9 +189,8 @@ describe("#users.list", () => {
const admin = await buildAdmin({ teamId: team.id });
const user = await buildUser({ teamId: team.id });
const res = await server.post("/api/users.list", {
const res = await server.post("/api/users.list", admin, {
body: {
token: admin.getJwtToken(),
emails: [user.email],
},
});
@@ -216,9 +206,8 @@ describe("#users.list", () => {
const user = await buildUser({ teamId: team.id });
// Test with uppercase email
const res = await server.post("/api/users.list", {
const res = await server.post("/api/users.list", admin, {
body: {
token: admin.getJwtToken(),
emails: [user.email!.toUpperCase()],
},
});
@@ -235,9 +224,8 @@ describe("#users.list", () => {
)
.join("@");
const res2 = await server.post("/api/users.list", {
const res2 = await server.post("/api/users.list", admin, {
body: {
token: admin.getJwtToken(),
emails: [mixedCaseEmail],
},
});
@@ -251,11 +239,7 @@ describe("#users.list", () => {
const team = await buildTeam();
await buildUser({ teamId: team.id });
const guest = await buildUser({ teamId: team.id, role: UserRole.Guest });
const res = await server.post("/api/users.list", {
body: {
token: guest.getJwtToken(),
},
});
const res = await server.post("/api/users.list", guest);
const body = await res.json();
expect(res.status).toEqual(200);
expect(body.data).toHaveLength(2);
@@ -267,11 +251,7 @@ describe("#users.list", () => {
const team = await buildTeam();
await buildUser({ teamId: team.id });
const viewer = await buildUser({ teamId: team.id, role: UserRole.Viewer });
const res = await server.post("/api/users.list", {
body: {
token: viewer.getJwtToken(),
},
});
const res = await server.post("/api/users.list", viewer);
const body = await res.json();
expect(res.status).toEqual(200);
expect(body.data).toHaveLength(2);
@@ -283,11 +263,7 @@ describe("#users.list", () => {
const team = await buildTeam();
const user = await buildUser({ teamId: team.id });
const member = await buildUser({ teamId: team.id, role: UserRole.Member });
const res = await server.post("/api/users.list", {
body: {
token: member.getJwtToken(),
},
});
const res = await server.post("/api/users.list", member);
const body = await res.json();
expect(res.status).toEqual(200);
expect(body.data).toHaveLength(2);
@@ -299,11 +275,7 @@ describe("#users.list", () => {
const team = await buildTeam();
await buildUser({ teamId: team.id });
const guest = await buildUser({ teamId: team.id, role: UserRole.Guest });
const res = await server.post("/api/users.list", {
body: {
token: guest.getJwtToken(),
},
});
const res = await server.post("/api/users.list", guest);
const body = await res.json();
expect(res.status).toEqual(200);
expect(body.data).toHaveLength(2);
@@ -321,11 +293,7 @@ describe("#users.list", () => {
const team = await buildTeam();
await buildUser({ teamId: team.id });
const viewer = await buildUser({ teamId: team.id, role: UserRole.Viewer });
const res = await server.post("/api/users.list", {
body: {
token: viewer.getJwtToken(),
},
});
const res = await server.post("/api/users.list", viewer);
const body = await res.json();
expect(res.status).toEqual(200);
expect(body.data).toHaveLength(2);
@@ -343,11 +311,7 @@ describe("#users.list", () => {
const team = await buildTeam();
await buildUser({ teamId: team.id });
const member = await buildUser({ teamId: team.id, role: UserRole.Member });
const res = await server.post("/api/users.list", {
body: {
token: member.getJwtToken(),
},
});
const res = await server.post("/api/users.list", member);
const body = await res.json();
expect(res.status).toEqual(200);
expect(body.data).toHaveLength(2);
@@ -365,11 +329,7 @@ describe("#users.list", () => {
const team = await buildTeam();
const admin = await buildAdmin({ teamId: team.id });
const user = await buildUser({ teamId: team.id });
const res = await server.post("/api/users.list", {
body: {
token: admin.getJwtToken(),
},
});
const res = await server.post("/api/users.list", admin);
const body = await res.json();
expect(res.status).toEqual(200);
expect(body.data).toHaveLength(2);
@@ -389,11 +349,7 @@ describe("#users.list", () => {
describe("#users.info", () => {
it("should return current user with no id", async () => {
const user = await buildUser();
const res = await server.post("/api/users.info", {
body: {
token: user.getJwtToken(),
},
});
const res = await server.post("/api/users.info", user);
const body = await res.json();
expect(res.status).toEqual(200);
expect(body.data.id).toEqual(user.id);
@@ -406,9 +362,8 @@ describe("#users.info", () => {
const another = await buildUser({
teamId: user.teamId,
});
const res = await server.post("/api/users.info", {
const res = await server.post("/api/users.info", user, {
body: {
token: user.getJwtToken(),
id: another.id,
},
});
@@ -423,9 +378,8 @@ describe("#users.info", () => {
it("should now return user without permission", async () => {
const user = await buildUser();
const another = await buildUser();
const res = await server.post("/api/users.info", {
const res = await server.post("/api/users.info", user, {
body: {
token: user.getJwtToken(),
id: another.id,
},
});
@@ -441,9 +395,8 @@ describe("#users.info", () => {
describe("#users.invite", () => {
it("should return sent invites", async () => {
const user = await buildAdmin();
const res = await server.post("/api/users.invite", {
const res = await server.post("/api/users.invite", user, {
body: {
token: user.getJwtToken(),
invites: [
{
email: "test@example.com",
@@ -460,9 +413,8 @@ describe("#users.invite", () => {
it("should require invites to be an array", async () => {
const admin = await buildAdmin();
const res = await server.post("/api/users.invite", {
const res = await server.post("/api/users.invite", admin, {
body: {
token: admin.getJwtToken(),
invites: {
email: "test@example.com",
name: "Test",
@@ -475,9 +427,8 @@ describe("#users.invite", () => {
it("should allow members to invite members", async () => {
const user = await buildUser();
const res = await server.post("/api/users.invite", {
const res = await server.post("/api/users.invite", user, {
body: {
token: user.getJwtToken(),
invites: [
{
email: "test@example.com",
@@ -494,9 +445,8 @@ describe("#users.invite", () => {
it("should now allow viewers to invite", async () => {
const user = await buildViewer();
const res = await server.post("/api/users.invite", {
const res = await server.post("/api/users.invite", user, {
body: {
token: user.getJwtToken(),
invites: [
{
email: "test@example.com",
@@ -515,9 +465,8 @@ describe("#users.invite", () => {
await team.save();
const user = await buildUser({ teamId: team.id });
const res = await server.post("/api/users.invite", {
const res = await server.post("/api/users.invite", user, {
body: {
token: user.getJwtToken(),
invites: [
{
email: "test@example.com",
@@ -532,9 +481,8 @@ describe("#users.invite", () => {
it("should invite user as an admin", async () => {
const admin = await buildAdmin();
const res = await server.post("/api/users.invite", {
const res = await server.post("/api/users.invite", admin, {
body: {
token: admin.getJwtToken(),
invites: [
{
email: "test@example.com",
@@ -552,9 +500,8 @@ describe("#users.invite", () => {
it("should invite user as a viewer", async () => {
const admin = await buildAdmin();
const res = await server.post("/api/users.invite", {
const res = await server.post("/api/users.invite", admin, {
body: {
token: admin.getJwtToken(),
invites: [
{
email: "test@example.com",
@@ -572,9 +519,8 @@ describe("#users.invite", () => {
it("should limit number of invites", async () => {
const user = await buildUser();
const res = await server.post("/api/users.invite", {
const res = await server.post("/api/users.invite", user, {
body: {
token: user.getJwtToken(),
invites: new Array(21).fill({
email: "test@example.com",
name: "Test",
@@ -597,11 +543,7 @@ describe("#users.delete", () => {
await buildUser({
teamId: user.teamId,
});
const res = await server.post("/api/users.delete", {
body: {
token: user.getJwtToken(),
},
});
const res = await server.post("/api/users.delete", user);
expect(res.status).toEqual(400);
});
@@ -610,10 +552,9 @@ describe("#users.delete", () => {
await buildUser({
teamId: user.teamId,
});
const res = await server.post("/api/users.delete", {
const res = await server.post("/api/users.delete", user, {
body: {
code: "123",
token: user.getJwtToken(),
},
});
expect(res.status).toEqual(400);
@@ -624,10 +565,9 @@ describe("#users.delete", () => {
await buildUser({
teamId: user.teamId,
});
const res = await server.post("/api/users.delete", {
const res = await server.post("/api/users.delete", user, {
body: {
code: user.deleteConfirmationCode,
token: user.getJwtToken(),
},
});
expect(res.status).toEqual(200);
@@ -638,10 +578,9 @@ describe("#users.delete", () => {
const user = await buildUser({
teamId: admin.teamId,
});
const res = await server.post("/api/users.delete", {
const res = await server.post("/api/users.delete", admin, {
body: {
id: user.id,
token: admin.getJwtToken(),
},
});
expect(res.status).toEqual(200);
@@ -658,9 +597,8 @@ describe("#users.delete", () => {
describe("#users.update", () => {
it("should update user profile information", async () => {
const user = await buildUser();
const res = await server.post("/api/users.update", {
const res = await server.post("/api/users.update", user, {
body: {
token: user.getJwtToken(),
name: "New name",
},
});
@@ -674,10 +612,9 @@ describe("#users.update", () => {
const user = await buildUser({
teamId: admin.teamId,
});
const res = await server.post("/api/users.update", {
const res = await server.post("/api/users.update", admin, {
body: {
id: user.id,
token: admin.getJwtToken(),
name: "New name",
},
});
@@ -692,10 +629,9 @@ describe("#users.update", () => {
const user = await buildUser({
teamId: actor.teamId,
});
const res = await server.post("/api/users.update", {
const res = await server.post("/api/users.update", actor, {
body: {
id: user.id,
token: actor.getJwtToken(),
name: "New name",
},
});
@@ -704,9 +640,8 @@ describe("#users.update", () => {
it("should fail upon sending invalid user preference", async () => {
const user = await buildUser();
const res = await server.post("/api/users.update", {
const res = await server.post("/api/users.update", user, {
body: {
token: user.getJwtToken(),
name: "New name",
preferences: { invalidPreference: "invalidValue" },
},
@@ -716,9 +651,8 @@ describe("#users.update", () => {
it("should fail upon sending invalid user preference value", async () => {
const user = await buildUser();
const res = await server.post("/api/users.update", {
const res = await server.post("/api/users.update", user, {
body: {
token: user.getJwtToken(),
name: "New name",
preferences: { rememberLastPath: "invalidValue" },
},
@@ -728,9 +662,8 @@ describe("#users.update", () => {
it("should update rememberLastPath user preference", async () => {
const user = await buildUser();
const res = await server.post("/api/users.update", {
const res = await server.post("/api/users.update", user, {
body: {
token: user.getJwtToken(),
name: "New name",
preferences: {
rememberLastPath: true,
@@ -744,9 +677,8 @@ describe("#users.update", () => {
it("should update user timezone", async () => {
const user = await buildUser();
const res = await server.post("/api/users.update", {
const res = await server.post("/api/users.update", user, {
body: {
token: user.getJwtToken(),
timezone: "Asia/Calcutta",
},
});
@@ -768,9 +700,8 @@ describe("#users.updateEmail", () => {
it("should trigger verification email", async () => {
const spy = vi.spyOn(ConfirmUpdateEmail.prototype, "schedule");
const user = await buildUser();
const res = await server.post("/api/users.updateEmail", {
const res = await server.post("/api/users.updateEmail", user, {
body: {
token: user.getJwtToken(),
email: faker.internet.email(),
},
});
@@ -791,9 +722,8 @@ describe("#users.updateEmail", () => {
createdById: user.id,
});
const res = await server.post("/api/users.updateEmail", {
const res = await server.post("/api/users.updateEmail", user, {
body: {
token: user.getJwtToken(),
email: faker.internet.email(),
},
});
@@ -807,9 +737,8 @@ describe("#users.updateEmail", () => {
const email = faker.internet.email().toLowerCase();
await buildUser({ teamId: user.teamId, email });
const res = await server.post("/api/users.updateEmail", {
const res = await server.post("/api/users.updateEmail", user, {
body: {
token: user.getJwtToken(),
email,
},
});
@@ -831,7 +760,7 @@ describe("#users.updateEmail", () => {
const user = await buildUser();
const email = faker.internet.email();
await server.get(
`/api/users.updateEmail?token=${user.getJwtToken()}&code=${user.getEmailUpdateToken(
`/api/users.updateEmail?token=${user.getSessionToken()}&code=${user.getEmailUpdateToken(
email
)}&follow=true`
);
@@ -848,9 +777,8 @@ describe("#users.update_role", () => {
const admin = await buildAdmin({ teamId: team.id });
const user = await buildUser({ teamId: team.id });
const res = await server.post("/api/users.update_role", {
const res = await server.post("/api/users.update_role", admin, {
body: {
token: admin.getJwtToken(),
id: user.id,
role: UserRole.Admin,
},
@@ -864,9 +792,8 @@ describe("#users.update_role", () => {
const admin = await buildAdmin({ teamId: team.id });
const user = await buildAdmin({ teamId: team.id });
const res = await server.post("/api/users.update_role", {
const res = await server.post("/api/users.update_role", admin, {
body: {
token: admin.getJwtToken(),
id: user.id,
role: UserRole.Viewer,
},
@@ -880,9 +807,8 @@ describe("#users.update_role", () => {
const admin = await buildAdmin({ teamId: team.id });
const user = await buildAdmin({ teamId: team.id });
const res = await server.post("/api/users.update_role", {
const res = await server.post("/api/users.update_role", admin, {
body: {
token: admin.getJwtToken(),
id: user.id,
role: UserRole.Admin,
},
@@ -897,9 +823,8 @@ describe("#users.promote", () => {
const admin = await buildAdmin({ teamId: team.id });
const user = await buildUser({ teamId: team.id });
const res = await server.post("/api/users.promote", {
const res = await server.post("/api/users.promote", admin, {
body: {
token: admin.getJwtToken(),
id: user.id,
},
});
@@ -908,9 +833,8 @@ describe("#users.promote", () => {
it("should require admin", async () => {
const user = await buildUser();
const res = await server.post("/api/users.promote", {
const res = await server.post("/api/users.promote", user, {
body: {
token: user.getJwtToken(),
id: user.id,
},
});
@@ -926,9 +850,8 @@ describe("#users.demote", () => {
const admin = await buildAdmin({ teamId: team.id });
const user = await buildAdmin({ teamId: team.id });
const res = await server.post("/api/users.demote", {
const res = await server.post("/api/users.demote", admin, {
body: {
token: admin.getJwtToken(),
id: user.id,
},
});
@@ -940,9 +863,8 @@ describe("#users.demote", () => {
const admin = await buildAdmin({ teamId: team.id });
const user = await buildAdmin({ teamId: team.id });
const res = await server.post("/api/users.demote", {
const res = await server.post("/api/users.demote", admin, {
body: {
token: admin.getJwtToken(),
id: user.id,
to: "viewer",
},
@@ -955,9 +877,8 @@ describe("#users.demote", () => {
const admin = await buildAdmin({ teamId: team.id });
const user = await buildAdmin({ teamId: team.id });
const res = await server.post("/api/users.demote", {
const res = await server.post("/api/users.demote", admin, {
body: {
token: admin.getJwtToken(),
id: user.id,
to: "member",
},
@@ -968,9 +889,8 @@ describe("#users.demote", () => {
it("should not allow demoting self", async () => {
const admin = await buildAdmin();
await buildAdmin({ teamId: admin.teamId });
const res = await server.post("/api/users.demote", {
const res = await server.post("/api/users.demote", admin, {
body: {
token: admin.getJwtToken(),
id: admin.id,
},
});
@@ -981,9 +901,8 @@ describe("#users.demote", () => {
it("should require admin", async () => {
const user = await buildUser();
const res = await server.post("/api/users.promote", {
const res = await server.post("/api/users.promote", user, {
body: {
token: user.getJwtToken(),
id: user.id,
},
});
@@ -999,9 +918,8 @@ describe("#users.suspend", () => {
const admin = await buildAdmin({ teamId: team.id });
const user = await buildUser({ teamId: team.id });
const res = await server.post("/api/users.suspend", {
const res = await server.post("/api/users.suspend", admin, {
body: {
token: admin.getJwtToken(),
id: user.id,
},
});
@@ -1010,9 +928,8 @@ describe("#users.suspend", () => {
it("should not allow suspending self", async () => {
const admin = await buildAdmin();
const res = await server.post("/api/users.suspend", {
const res = await server.post("/api/users.suspend", admin, {
body: {
token: admin.getJwtToken(),
id: admin.id,
},
});
@@ -1023,9 +940,8 @@ describe("#users.suspend", () => {
it("should require admin", async () => {
const user = await buildUser();
const res = await server.post("/api/users.suspend", {
const res = await server.post("/api/users.suspend", user, {
body: {
token: user.getJwtToken(),
id: user.id,
},
});
@@ -1046,9 +962,8 @@ describe("#users.activate", () => {
suspendedAt: new Date(),
});
expect(user.isSuspended).toBe(true);
const res = await server.post("/api/users.activate", {
const res = await server.post("/api/users.activate", admin, {
body: {
token: admin.getJwtToken(),
id: user.id,
},
});
@@ -1057,9 +972,8 @@ describe("#users.activate", () => {
it("should require admin", async () => {
const user = await buildUser();
const res = await server.post("/api/users.activate", {
const res = await server.post("/api/users.activate", user, {
body: {
token: user.getJwtToken(),
id: user.id,
},
});
server/routes/api/views/views.test.ts
+7 -14
View File
@@ -23,9 +23,8 @@ describe("#views.list", () => {
documentId: document.id,
userId: user.id,
});
const res = await server.post("/api/views.list", {
const res = await server.post("/api/views.list", user, {
body: {
token: user.getJwtToken(),
documentId: document.id,
},
});
@@ -47,9 +46,8 @@ describe("#views.list", () => {
await user.update({ suspendedAt: new Date() });
const res = await server.post("/api/views.list", {
const res = await server.post("/api/views.list", admin, {
body: {
token: admin.getJwtToken(),
documentId: document.id,
},
});
@@ -82,9 +80,8 @@ describe("#views.list", () => {
documentId: document.id,
userId: user.id,
});
const res = await server.post("/api/views.list", {
const res = await server.post("/api/views.list", user, {
body: {
token: user.getJwtToken(),
documentId: document.id,
},
});
@@ -109,9 +106,8 @@ describe("#views.list", () => {
it("should require authorization", async () => {
const document = await buildDocument();
const user = await buildUser();
const res = await server.post("/api/views.list", {
const res = await server.post("/api/views.list", user, {
body: {
token: user.getJwtToken(),
documentId: document.id,
},
});
@@ -126,9 +122,8 @@ describe("#views.create", () => {
userId: user.id,
teamId: user.teamId,
});
const res = await server.post("/api/views.create", {
const res = await server.post("/api/views.create", user, {
body: {
token: user.getJwtToken(),
documentId: document.id,
},
});
@@ -157,9 +152,8 @@ describe("#views.create", () => {
userId: user.id,
permission: CollectionPermission.Read,
});
const res = await server.post("/api/views.create", {
const res = await server.post("/api/views.create", user, {
body: {
token: user.getJwtToken(),
documentId: document.id,
},
});
@@ -183,9 +177,8 @@ describe("#views.create", () => {
it("should require authorization", async () => {
const document = await buildDocument();
const user = await buildUser();
const res = await server.post("/api/views.create", {
const res = await server.post("/api/views.create", user, {
body: {
token: user.getJwtToken(),
documentId: document.id,
},
});
server/routes/auth/index.test.ts
+30 -1
View File
@@ -1,5 +1,7 @@
import { addMonths } from "date-fns";
import { buildUser, buildCollection } from "@server/test/factories";
import { getTestServer } from "@server/test/support";
import { getJWTPayload } from "@server/utils/jwt";
const server = getTestServer();
@@ -33,9 +35,36 @@ describe("auth/redirect", () => {
expect(res.headers.get("location")!.includes(collection.path)).toBeTruthy();
});
it("should issue a session token with an expiry", async () => {
const user = await buildUser();
const before = Date.now();
const res = await server.get(
`/auth/redirect?token=${user.getTransferToken()}`,
{
redirect: "manual",
}
);
expect(res.status).toEqual(302);
const cookie = res.headers.get("set-cookie");
expect(cookie).not.toBeNull();
const match = cookie!.match(/accessToken=([^;]+)/);
expect(match).not.toBeNull();
const payload = getJWTPayload(match![1]);
expect(payload.type).toEqual("session");
expect(payload.expiresAt).toBeDefined();
const expiresAt = new Date(payload.expiresAt as string).getTime();
const expectedMin = addMonths(before, 3).getTime() - 1000;
const expectedMax = addMonths(Date.now(), 3).getTime() + 1000;
expect(expiresAt).toBeGreaterThanOrEqual(expectedMin);
expect(expiresAt).toBeLessThanOrEqual(expectedMax);
});
it("should prevent token extension by rejecting JWT tokens", async () => {
const user = await buildUser();
const jwtToken = user.getJwtToken();
const jwtToken = user.getSessionToken();
const res = await server.get(`/auth/redirect?token=${jwtToken}`, {
redirect: "manual",
server/routes/auth/index.ts
+3 -2
View File
@@ -43,14 +43,15 @@ router.get(
throw AuthenticationError("Cannot extend token");
}
const jwtToken = user.getJwtToken(undefined, service);
const expires = addMonths(new Date(), 3);
const jwtToken = user.getSessionToken(expires, service);
// ensure that the lastActiveAt on user is updated to prevent replay requests
await user.updateActiveAt(ctx, true);
ctx.cookies.set("accessToken", jwtToken, {
sameSite: "lax",
expires: addMonths(new Date(), 3),
expires,
});
const [team, collection, view] = await Promise.all([
Team.findByPk(user.teamId),
server/routes/mcp/index.test.ts
+1 -1
View File
@@ -34,7 +34,7 @@ describe("POST /mcp/", () => {
const { body } = mcpRequest("tools/list");
const res = await server.post("/mcp/", {
headers: {
Authorization: `Bearer ${user.getJwtToken()}`,
Authorization: `Bearer ${user.getSessionToken()}`,
Accept: "application/json, text/event-stream",
},
body,
server/test/TestServer.ts
+151 -15
View File
@@ -11,6 +11,34 @@ type TestRequestOptions = Omit<RequestInit, "body" | "headers"> & {
headers?: Record<string, string>;
};
interface Authable {
getSessionToken(): string;
}
const tokenCache = new WeakMap<Authable, string>();
function getCachedSessionToken(user: Authable): string {
let token = tokenCache.get(user);
if (!token) {
token = user.getSessionToken();
tokenCache.set(user, token);
}
return token;
}
function normalizeArgs(
userOrOpts?: Authable | TestRequestOptions,
maybeOpts?: TestRequestOptions
): { user?: Authable; opts: TestRequestOptions } {
if (
userOrOpts &&
typeof (userOrOpts as Authable).getSessionToken === "function"
) {
return { user: userOrOpts as Authable, opts: maybeOpts ?? {} };
}
return { opts: (userOrOpts as TestRequestOptions) ?? {} };
}
class TestServer {
private server: http.Server;
private listener?: Promise<void> | null;
@@ -36,10 +64,24 @@ class TestServer {
return this.listener;
}
fetch(path: string, opts: TestRequestOptions) {
fetch(path: string, opts?: TestRequestOptions): ReturnType<typeof nodeFetch>;
fetch(
path: string,
user: Authable,
opts?: TestRequestOptions
): ReturnType<typeof nodeFetch>;
fetch(
path: string,
userOrOpts?: Authable | TestRequestOptions,
maybeOpts?: TestRequestOptions
) {
const { user, opts } = normalizeArgs(userOrOpts, maybeOpts);
return this.listen().then(() => {
const url = `${this.address}${path}`;
const headers: Record<string, string> = { ...opts.headers };
if (user && !headers.Authorization && !headers.authorization) {
headers.Authorization = `Bearer ${getCachedSessionToken(user)}`;
}
let body = opts.body;
const contentType = headers["Content-Type"] ?? headers["content-type"];
// automatic JSON encoding
@@ -62,32 +104,126 @@ class TestServer {
this.server.close();
}
delete(path: string, options?: TestRequestOptions) {
return this.fetch(path, { ...options, method: "DELETE" });
delete(path: string, opts?: TestRequestOptions): ReturnType<typeof nodeFetch>;
delete(
path: string,
user: Authable,
opts?: TestRequestOptions
): ReturnType<typeof nodeFetch>;
delete(
path: string,
userOrOpts?: Authable | TestRequestOptions,
maybeOpts?: TestRequestOptions
) {
const { user, opts } = normalizeArgs(userOrOpts, maybeOpts);
return user
? this.fetch(path, user, { ...opts, method: "DELETE" })
: this.fetch(path, { ...opts, method: "DELETE" });
}
get(path: string, options?: TestRequestOptions) {
return this.fetch(path, { ...options, method: "GET" });
get(path: string, opts?: TestRequestOptions): ReturnType<typeof nodeFetch>;
get(
path: string,
user: Authable,
opts?: TestRequestOptions
): ReturnType<typeof nodeFetch>;
get(
path: string,
userOrOpts?: Authable | TestRequestOptions,
maybeOpts?: TestRequestOptions
) {
const { user, opts } = normalizeArgs(userOrOpts, maybeOpts);
return user
? this.fetch(path, user, { ...opts, method: "GET" })
: this.fetch(path, { ...opts, method: "GET" });
}
head(path: string, options?: TestRequestOptions) {
return this.fetch(path, { ...options, method: "HEAD" });
head(path: string, opts?: TestRequestOptions): ReturnType<typeof nodeFetch>;
head(
path: string,
user: Authable,
opts?: TestRequestOptions
): ReturnType<typeof nodeFetch>;
head(
path: string,
userOrOpts?: Authable | TestRequestOptions,
maybeOpts?: TestRequestOptions
) {
const { user, opts } = normalizeArgs(userOrOpts, maybeOpts);
return user
? this.fetch(path, user, { ...opts, method: "HEAD" })
: this.fetch(path, { ...opts, method: "HEAD" });
}
options(path: string, options?: TestRequestOptions) {
return this.fetch(path, { ...options, method: "OPTIONS" });
options(
path: string,
opts?: TestRequestOptions
): ReturnType<typeof nodeFetch>;
options(
path: string,
user: Authable,
opts?: TestRequestOptions
): ReturnType<typeof nodeFetch>;
options(
path: string,
userOrOpts?: Authable | TestRequestOptions,
maybeOpts?: TestRequestOptions
) {
const { user, opts } = normalizeArgs(userOrOpts, maybeOpts);
return user
? this.fetch(path, user, { ...opts, method: "OPTIONS" })
: this.fetch(path, { ...opts, method: "OPTIONS" });
}
patch(path: string, options?: TestRequestOptions) {
return this.fetch(path, { ...options, method: "PATCH" });
patch(path: string, opts?: TestRequestOptions): ReturnType<typeof nodeFetch>;
patch(
path: string,
user: Authable,
opts?: TestRequestOptions
): ReturnType<typeof nodeFetch>;
patch(
path: string,
userOrOpts?: Authable | TestRequestOptions,
maybeOpts?: TestRequestOptions
) {
const { user, opts } = normalizeArgs(userOrOpts, maybeOpts);
return user
? this.fetch(path, user, { ...opts, method: "PATCH" })
: this.fetch(path, { ...opts, method: "PATCH" });
}
post(path: string, options?: TestRequestOptions) {
return this.fetch(path, { ...options, method: "POST" });
post(path: string, opts?: TestRequestOptions): ReturnType<typeof nodeFetch>;
post(
path: string,
user: Authable,
opts?: TestRequestOptions
): ReturnType<typeof nodeFetch>;
post(
path: string,
userOrOpts?: Authable | TestRequestOptions,
maybeOpts?: TestRequestOptions
) {
const { user, opts } = normalizeArgs(userOrOpts, maybeOpts);
return user
? this.fetch(path, user, { ...opts, method: "POST" })
: this.fetch(path, { ...opts, method: "POST" });
}
put(path: string, options?: TestRequestOptions) {
return this.fetch(path, { ...options, method: "PUT" });
put(path: string, opts?: TestRequestOptions): ReturnType<typeof nodeFetch>;
put(
path: string,
user: Authable,
opts?: TestRequestOptions
): ReturnType<typeof nodeFetch>;
put(
path: string,
userOrOpts?: Authable | TestRequestOptions,
maybeOpts?: TestRequestOptions
) {
const { user, opts } = normalizeArgs(userOrOpts, maybeOpts);
return user
? this.fetch(path, user, { ...opts, method: "PUT" })
: this.fetch(path, { ...opts, method: "PUT" });
}
}
server/test/support.ts
+1 -1
View File
@@ -64,7 +64,7 @@ export function withAPIContext<T>(
auth: {
user,
type: AuthenticationType.APP,
token: user.getJwtToken(),
token: user.getSessionToken(),
},
transaction,
};
server/utils/authentication.ts
+1 -1
View File
@@ -134,7 +134,7 @@ export async function signIn(
);
}
} else {
ctx.cookies.set("accessToken", user.getJwtToken(expires, service), {
ctx.cookies.set("accessToken", user.getSessionToken(expires, service), {
sameSite: "lax",
expires,
});