UNPKG

declarapi

Version:

Declarative API generation

github.com/mmagyar/declarapi

mmagyar/declarapi

215 lines (177 loc) 7.79 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
import { AuthInput } from 'declarapi-runtime' import { Contracts } from './common' import * as get from './unauthenticated/get' import * as post from './unauthenticated/post' import * as put from './unauthenticated/put' import * as patch from './unauthenticated/patch' import * as uaDel from './unauthenticated/delete' import * as authGet from './authenticated/get' import * as authPatch from './authenticated/patch' import * as authPut from './authenticated/put' import * as authDel from './authenticated/delete' let m:Contracts describe('authenticated schema test', () => { const auth: AuthInput = { sub: 'user1', permissions: ['admin'] } const unAuthorized:AuthInput = { sub: 'user2', permissions: ['editor'] } beforeAll(async () => { m = (global as any).contract.authenticated }) beforeEach((global as any).beforeTestCategory.authenticated) afterEach((global as any).afterTestCategory.authenticated) describe('basic workflow test with authorized user', () => { describe('get empty', () => { it('will return 404 when the element is requested by id', async () => { await get.expectNotFound(m.get.handle, auth) }) it('will get empty sets when there are no params or multiple ids requested', async () => { await get.expectEmptyForNonMatchingInput(m.get.handle, auth) await get.expectEmptyWhenNoRecordsPresent(m.get.handle, auth) }) it('will get empty sets when searching for text', async () => { await get.expectEmptyWithTextSearch(m.get.handle, auth) }) }) describe('POST', () => { it('can post items and get all with empty arguments', async () => { await post.postAndGetRecordsByEmptyGet(m.post, m.get.handle, auth) }) it('can get all posted items by id, one by one', async () => { await post.postAndGetRecordsByIdParam(m.post, m.get.handle, auth) }) it('can get all posted items by id array', async () => { await post.postAndGetRecordsByIdArray(m.post, m.get.handle, auth) }) it('can get some of the posted items by id array', async () => { await post.postAndGetSomeRecordsByIdArray(m.post, m.get.handle, auth) }) it('Text search for the first generated, and it should be the first result returned', async () => { const posted :any[] = await post.postRecords(m.post, auth) await get.expectFirstRecordToEqual(posted[0], { search: get.findFirstTextFieldContent(posted[0], m.get) }, m.get.handle, auth) }) it('will return 404 when the element is requested by id', async () => { await post.postRecords(m.post, auth) await get.expectNotFound(m.get.handle, auth) }) it('will get empty sets when there are no params or multiple ids requested', async () => { await post.postRecords(m.post, auth) await get.expectEmptyForNonMatchingInput(m.get.handle, auth) }) it('Gets available records, ignores non existent ones when an array of ids is supplied', async () => { await post.postAndGetAvailableIdsIgnoringWrong(m.post, m.get.handle, auth) }) it('can perform text search', async () => { await post.postAndGetByTextSearch(m.post, m.get, auth) }) it('rejects re-post', async () => { await post.postAndRejectRePost(m.post, m.get.handle, auth) }) it('rejects post with same id', async () => { await post.postAndRejectPostWithSameId(m.post, m.get.handle, auth) }) }) describe('PATCH', () => { it('can patch item and verify that only that one record changed', async () => { await patch.canPatch(m.post, m.patch, m.get.handle, auth) }) it('can not patch non existing record', async () => { await patch.cantPatchNonExistent(m.post, m.patch, m.get.handle, auth) }) it('can not change id', async () => { await patch.patchCantChangeId(m.post, m.patch, m.get.handle, auth) }) it('can not remove optional field', async () => { await patch.patchCanNotRemoveOptionalParameters(m.post, m.patch, m.get.handle, auth) }) }) describe('PUT', () => { it('can put item and verify that only that one record changed', async () => { await put.canPut(m.post, m.put, m.get.handle, auth) }) it('can not put non existing record', async () => { await put.cantPutNonExistent(m.post, m.put, m.get.handle, auth) }) it('can not change id', async () => { await put.putCantChangeId(m.post, m.put, m.get.handle, auth) }) it('rejects put that is missing a non optional field', async () => { await put.putRejectsPartialModification(m.post, m.put, m.get.handle, auth) }) it('can remove optional field', async () => { await put.putCanRemoveOptionalParameters(m.post, m.put, m.get.handle, auth) }) }) describe('DELETE', () => { it('can delete one of many', async () => { await uaDel.canDeleteOneOfMany(m.post, m.del, m.get.handle, auth) }) it('can delete some one of many', async () => { await uaDel.canDeleteSomeOfMany(m.post, m.del, m.get.handle, auth) }) it('can delete all of many', async () => { await uaDel.canDeleteAll(m.post, m.del, m.get.handle, auth) }) }) }) describe('Auth reject tests', () => { describe('get empty', () => { it('Unauthenticated user can\'t access the get endpoint, error 401', async () => { await authGet.expect401ForUnauthenticatedUser(m.get.handle) }) it('Unauthorized user can\'t access the get endpoint, error 403', async () => { await authGet.expect403ForUnauthorizedUser(m.get.handle, unAuthorized) }) }) describe('POST', () => { it('Unauthenticated user can\'t access the post endpoint, error 401', async () => { let err:any try { await post.postRecords(m.post, {}) } catch (e) { err = e } expect(err).toHaveProperty('status', 401) expect(err.response).toEqual({ status: 401, data: { id: undefined }, errorType: 'unauthorized', errors: ['Only logged in users can do this'] }) await get.expectEmptyWhenNoRecordsPresent(m.get.handle, auth) }) it('Unauthorized user can\'t access the post endpoint, error 403', async () => { let err:any try { await post.postRecords(m.post, unAuthorized) } catch (e) { err = e } expect(err).toHaveProperty('status', 403) expect(err.response).toEqual({ status: 403, data: { id: undefined }, errorType: 'forbidden', errors: ['You don\'t have permission to do this'] }) await get.expectEmptyWhenNoRecordsPresent(m.get.handle, auth) }) it('posted records cannot be read by unauthenticated user', async () => { await post.postRecords(m.post, auth) await authGet.expect401ForUnauthenticatedUser(m.get.handle) await authGet.expect403ForUnauthorizedUser(m.get.handle, unAuthorized) }) }) describe('PATCH', () => { it('Authenticated but not authorized user gets 403', async () => { await authPatch.cantPatch(m.post, m.patch, m.get.handle, auth, unAuthorized) }) }) describe('PUT', () => { it('Authenticated but not authorized user gets 403', async () => { await authPut.cantPut(m.post, m.put, m.get.handle, auth, unAuthorized) }) }) describe('DELETE', () => { it('can not delete one of many', async () => { await authDel.cantDeleteOneOfMany(m.post, m.del, m.get.handle, auth, unAuthorized) }) }) }) })