Febbweiss/CloudBudget
1
0
Fork 0
mirror of https://github.com/Febbweiss/CloudBudget.git synced 2026-03-04 22:35:38 +00:00
Code Issues Packages Projects Releases Wiki Activity

Feature: First version of the REST API done

Browse Source
This commit is contained in:
febbweiss
2015-08-14 08:04:31 +00:00
commit e6fc0be0ed
28 changed files with 3170 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

543
test/accounts.js Normal file
View File

@@ -0,0 +1,543 @@
var should = require('should'),
request = require('supertest'),
app = require('../server.js'),
Db = require('./db.js'),
globalServer, token, hacker_token, account_id;
describe('API /accounts', function() {
before( function(done) {
globalServer = app.listen();
token = Db.get_user_token();
hacker_token = Db.get_hacker_token();
account_id = Db.ACCOUNT_ID;
Db.init(done);
});
after( function() {
globalServer.close();
});
describe('* Creation', function() {
it('should create an account', function(done) {
request(globalServer)
.post('/api/accounts')
.send({
name: 'Home',
reference: '1234567890'
})
.set('Authorization', 'JWT ' + token)
.set('Accept', 'application/json')
.expect(201)
.expect('Content-Type', /json/)
.end( function(error, result) {
should.not.exist(error);
var account = result.body;
should.exist(account);
account.name.should.be.equal('Home');
account.reference.should.be.equal('1234567890');
done();
});
});
it('should fail to create account without params', function(done) {
request(globalServer)
.post('/api/accounts')
.set('Authorization', 'JWT ' + token)
.set('Accept', 'application/json')
.expect(400)
.expect('Content-Type', /json/)
.end( function(error, result) {
var errors = result.body;
should.exist(errors);
errors.should.be.instanceof(Array).and.have.lengthOf(1);
var error = errors[0];
error.field.should.be.equal('name');
done();
});
});
it('should fail to create account without valid token', function(done) {
request(globalServer)
.post('/api/accounts')
.send({
name: 'Home',
reference: '1234567890'
})
.set('Authorization', 'JWT fake')
.expect(401, done);
});
it('should fail to create account without token', function(done) {
request(globalServer)
.post('/api/accounts')
.send({
name: 'Home',
reference: '1234567890'
})
.expect(401, done);
});
});
describe('* Deletion', function() {
it('should delete the given account', function(done) {
request(globalServer)
.post('/api/accounts')
.send({
name: 'Todelete',
reference: '0987654321'
})
.set('Authorization', 'JWT ' + token)
.end(function(error, result) {
var account_to_delete_id = result.body._id;
request(globalServer)
.delete('/api/accounts/' + account_to_delete_id)
.set('Authorization', 'JWT ' + token)
.set('Accept', 'application/json')
.expect(204, done);
});
});
it('should fail to delete unknown account', function(done) {
request(globalServer)
.delete('/api/accounts/4fc67871349bb7bf6a000002')
.set('Authorization', 'JWT ' + token)
.expect(404, done);
});
it('should fail to delete invalid account', function(done) {
request(globalServer)
.delete('/api/accounts/1')
.set('Authorization', 'JWT ' + token)
.expect(404, done);
});
it('should fail to delete account for another user', function(done) {
request(globalServer)
.post('/api/accounts')
.send({
name: 'Todelete',
reference: '0987654321'
})
.set('Authorization', 'JWT ' + token)
.end(function(error, result) {
var account_to_delete_id = result.body._id;
request(globalServer)
.delete('/api/accounts/' + account_to_delete_id)
.set('Authorization', 'JWT ' + hacker_token)
.expect(401, done);
});
});
});
describe('* Retrieve', function() {
it('should retrieve the given account', function(done) {
request(globalServer)
.get('/api/accounts/' + account_id)
.set('Authorization', 'JWT ' + token)
.expect(200)
.expect('Content-Type', /json/)
.end( function(error, result) {
should.not.exist(error);
var account = result.body;
should.exist(account);
account.name.should.be.equal('Default');
account.reference.should.be.equal('1234567890');
done();
})
});
it('should fail to retrieve an unknown account', function(done) {
request(globalServer)
.get('/api/accounts/4fc67871349bb7bf6a000002')
.set('Authorization', 'JWT ' + token)
.expect(404, done);
});
it('should fail to retrieve an invalid account', function(done) {
request(globalServer)
.get('/api/accounts/1')
.set('Authorization', 'JWT ' + token)
.expect(404, done);
});
it('should fail to retrieve the account for another user', function(done) {
request(globalServer)
.get('/api/accounts/' + account_id)
.set('Authorization', 'JWT ' + hacker_token)
.expect(401, done);
});
});
describe('* Modify', function() {
it('should modify the given account', function(done) {
request(globalServer)
.put('/api/accounts/' + account_id)
.send( {
name: 'Home 2',
reference: '0987654321'
})
.set('Authorization', 'JWT ' + token)
.expect(200)
.expect('Content-Type', /json/)
.end(function(error, result) {
should.not.exist(error);
var account = result.body;
should.exist(account);
account.name.should.be.equal('Home 2');
account.reference.should.be.equal('0987654321');
done();
});
});
it('should fail to modify without arguments', function(done) {
request(globalServer)
.put('/api/accounts/' + account_id)
.set('Authorization', 'JWT ' + token)
.expect(400, done)
});
it('should fail to modify missing arguments', function(done) {
request(globalServer)
.put('/api/accounts/' + account_id)
.send({reference: 'AZERTY'})
.set('Authorization', 'JWT ' + token)
.expect(400, done);
});
it('should fail to modify invalid account', function(done) {
request(globalServer)
.put('/api/accounts/1')
.set('Authorization', 'JWT ' + token)
.expect(404, done)
});
it('should fail to modify account for another user', function(done) {
request(globalServer)
.put('/api/accounts/' + account_id)
.set('Authorization', 'JWT ' + hacker_token)
.expect(401, done)
});
});
describe('* Entries', function() {
describe('* Creation', function() {
it('should create an entry with minimal data (DEPOSIT)' , function(done) {
request(globalServer)
.post('/api/accounts/' + account_id + '/entries')
.send({
amount: 1000,
date: new Date('2014-12-08')
})
.set('Authorization', 'JWT ' + token)
.expect(201)
.expect('Content-Type', /json/)
.end(function(error, result) {
should.not.exist(error);
var entry = result.body;
should.exist(entry);
entry.amount.should.be.equal(1000);
new Date(entry.date).should.eql(new Date(2014, 11, 8));
entry.type.should.be.equal('DEPOSIT');
should.not.exist(entry.category);
should.not.exist(entry.sub_category);
done();
});
});
it('should create an entry with minimal data (BILL)' , function(done) {
request(globalServer)
.post('/api/accounts/' + account_id + '/entries')
.send({
label: 'test',
amount: -1000,
date: new Date('2014-12-08')
})
.set('Authorization', 'JWT ' + token)
.expect(201)
.expect('Content-Type', /json/)
.end(function(error, result) {
should.not.exist(error);
var entry = result.body;
should.exist(entry);
entry.amount.should.be.equal(-1000);
new Date(entry.date).should.eql(new Date(2014, 11, 8));
entry.type.should.be.equal('BILL');
should.not.exist(entry.category);
should.not.exist(entry.sub_category);
done();
});
});
it('should fail to create entry without data', function(done) {
request(globalServer)
.post('/api/accounts/' + account_id + '/entries')
.set('Authorization', 'JWT ' + token)
.expect(400, done);
});
it('should fail to create entry for not owned account', function(done) {
request(globalServer)
.post('/api/accounts/' + account_id + '/entries')
.set('Authorization', 'JWT ' + hacker_token)
.send({
label: 'test',
amount: -1000,
date: new Date('2014-12-08')
})
.expect(401, done);
});
it('should fail to create entry for not valid account', function(done) {
request(globalServer)
.post('/api/accounts/1/entries')
.send({
label: 'test',
amount: -1000,
date: new Date('2014-12-08')
})
.set('Authorization', 'JWT ' + token)
.expect(404, done);
});
it('should fail to create entry for unknown account', function(done) {
request(globalServer)
.post('/api/accounts/' + token + '/entries')
.send({
label: 'test',
amount: -1000,
date: new Date('2014-12-08')
})
.set('Authorization', 'JWT ' + token)
.expect(404, done);
});
});
describe('* Modify', function() {
it('should modify the given entry', function(done) {
request(globalServer)
.post('/api/accounts/' + account_id + '/entries')
.send({
label: 'test',
amount: 50,
date: new Date('2014-12-08')
})
.set('Authorization', 'JWT ' + token)
.end(function(error, result) {
var entry_id = result.body._id;
request(globalServer)
.put('/api/accounts/' + account_id + '/entries/' + entry_id)
.send({
label: 'modified',
amount: 55,
date: new Date('2014-12-09')
})
.set('Authorization', 'JWT ' + token)
.expect(200)
.expect('Content-Type', /json/)
.end( function(errors, result) {
should.not.exist(errors);
var entry = result.body;
should.exist(entry);
entry.label.should.be.equal('modified');
entry.amount.should.be.equal(55);
new Date(entry.date).should.eql(new Date(2014,11,9));
done();
});
});
});
it('should fail to modify the given entry without data', function(done) {
request(globalServer)
.post('/api/accounts/' + account_id + '/entries')
.send({
label: 'test',
amount: 50,
date: new Date('2014-12-08')
})
.set('Authorization', 'JWT ' + token)
.end(function(error, result) {
var entry_id = result.body._id;
request(globalServer)
.put('/api/accounts/' + account_id + '/entries/' + entry_id)
.set('Authorization', 'JWT ' + token)
.expect(400, done);
});
});
it('should fail to modify unknown entry', function(done) {
request(globalServer)
.post('/api/accounts/' + account_id + '/entries')
.send({
label: 'test',
amount: 50,
date: new Date('2014-12-08')
})
.set('Authorization', 'JWT ' + token)
.end(function(error, result) {
var entry_id = result.body._id;
request(globalServer)
.put('/api/accounts/' + account_id + '/entries/' + token)
.send({
label: 'modified',
amount: 55,
date: new Date('2014-12-09')
})
.set('Authorization', 'JWT ' + token)
.expect(404, done);
});
});
it('should fail to modify invalid entry', function(done) {
request(globalServer)
.post('/api/accounts/' + account_id + '/entries')
.send({
label: 'test',
amount: 50,
date: new Date('2014-12-08')
})
.set('Authorization', 'JWT ' + token)
.end(function(error, result) {
var entry_id = result.body._id;
request(globalServer)
.put('/api/accounts/' + account_id + '/entries/1')
.send({
label: 'modified',
amount: 55,
date: new Date('2014-12-09')
})
.set('Authorization', 'JWT ' + token)
.expect(404, done);
});
});
it('should fail to modify the given entry for unknown account', function(done) {
request(globalServer)
.post('/api/accounts/' + account_id + '/entries')
.send({
label: 'test',
amount: 50,
date: new Date('2014-12-08')
})
.set('Authorization', 'JWT ' + token)
.end(function(error, result) {
var entry_id = result.body._id;
request(globalServer)
.put('/api/accounts/' + token + '/entries/' + entry_id)
.send({
label: 'modified',
amount: 55,
date: new Date('2014-12-09')
})
.set('Authorization', 'JWT ' + token)
.expect(404, done);
});
});
it('should fail to modify the given entry for invalid account', function(done) {
request(globalServer)
.post('/api/accounts/' + account_id + '/entries')
.send({
label: 'test',
amount: 50,
date: new Date('2014-12-08')
})
.set('Authorization', 'JWT ' + token)
.end(function(error, result) {
var entry_id = result.body._id;
request(globalServer)
.put('/api/accounts/1/entries/' + entry_id)
.send({
label: 'modified',
amount: 55,
date: new Date('2014-12-09')
})
.set('Authorization', 'JWT ' + token)
.expect(404, done);
});
});
it('should fail to modify the given not owned entry', function(done) {
request(globalServer)
.post('/api/accounts/' + account_id + '/entries')
.send({
label: 'test',
amount: 50,
date: new Date('2014-12-08')
})
.set('Authorization', 'JWT ' + token)
.end(function(error, result) {
var entry_id = result.body._id;
request(globalServer)
.put('/api/accounts/' + account_id + '/entries/' + entry_id)
.send({
label: 'modified',
amount: 55,
date: new Date('2014-12-09')
})
.set('Authorization', 'JWT ' + hacker_token)
.expect(401, done);
});
});
});
describe('* Deletion', function() {
it('should delete the given entry', function(done) {
request(globalServer)
.post('/api/accounts/' + account_id + '/entries')
.send({
label: 'test',
amount: 50,
date: new Date('2014-12-08')
})
.set('Authorization', 'JWT ' + token)
.end(function(error, result) {
var entry_id = result.body._id;
request(globalServer)
.delete('/api/accounts/' + account_id + '/entries/' + entry_id)
.set('Authorization', 'JWT ' + token)
.expect(204, done);
});
});
it('should fail to delete an unknown entry', function(done) {
request(globalServer)
.delete('/api/accounts/' + account_id + '/entries/' + token)
.set('Authorization', 'JWT ' + token)
.expect(404, done);
});
it('should fail to delete an invalid entry', function(done) {
request(globalServer)
.delete('/api/accounts/' + account_id + '/entries/1')
.set('Authorization', 'JWT ' + token)
.expect(404, done);
});
it('should fail to delete the not owned given entry', function(done) {
request(globalServer)
.post('/api/accounts/' + account_id + '/entries')
.send({
label: 'test',
amount: 50,
date: new Date('2014-12-08')
})
.set('Authorization', 'JWT ' + token)
.end(function(error, result) {
var entry_id = result.body._id;
request(globalServer)
.delete('/api/accounts/' + account_id + '/entries/' + entry_id)
.set('Authorization', 'JWT ' + hacker_token)
.expect(401, done);
});
});
});
});
});

119
test/db.js Normal file
View File

@@ -0,0 +1,119 @@
var mongoose = require('mongoose'),
jwt = require('jsonwebtoken'),
security = require('../config/security');
var USER_ID = '55c9e2e3d300cc798928cc87',
HACKER_ID = '55c9e2e4d300cc798928cc88',
ACCOUNT_ID = '55c9e2fcd300cc798928cc8b';
var DATA = {
User: [
{
_id: USER_ID,
username: 'test',
password: 's3cr3t'
},
{
_id: HACKER_ID,
username: 'hacker',
password: 'bl4ckh4t'
}
],
Account: [
{
_id: ACCOUNT_ID,
name: 'Default',
reference: '1234567890',
user_id: USER_ID,
categories: [{key: 'test', label: 'Test', sub_categories: []}]
}
],
Entry: [
{
account_id: ACCOUNT_ID,
label: 'Test bill',
type: 'BILL',
amount: -100,
date: '2015-08-13',
}
]
},
process_collection = function(collection, data, done) {
mongoose.connection.base.models[collection].find({}).remove(function(err) {
if (err) {
console.log('Can\'t delete collection ' + collection, err );
}
var res = [];
for( var item in data ) {
mongoose.connection.base.models[collection].create(data[item], function(err, newItem) {
res.push(err);
if( err ) {
console.log('Can\'t insert document', err);
}
if (res.length === data.length) {
return done();
}
newItem.save(function(error) {
res.push(err);
if (res.length === data.length) {
return done();
}
});
});
}
});
},
drop_collection = function(collection, data, done) {
mongoose.connection.base.models[collection].find({}).remove(function(err) {
if (err) {
console.log('Can\'t delete collection ' + collection, err );
}
return done();
});
};
module.exports = {
USER_ID: USER_ID,
HACKER_ID: HACKER_ID,
ACCOUNT_ID: ACCOUNT_ID,
init : function(done) {
var collections_to_process = Object.keys(DATA).length,
collectionsDone = 0;
for( var collection in DATA ) {
process_collection(collection, DATA[collection], function() {
collectionsDone++;
if( collectionsDone === collections_to_process ) {
done();
}
})
}
},
drop : function(done) {
var collections_to_process = Object.keys(DATA).length,
collectionsDone = 0;
for( var collection in DATA ) {
drop_collection(collection, DATA[collection], function() {
collectionsDone++;
if( collectionsDone === collections_to_process ) {
done();
}
})
}
},
get_user_token: function() {
return jwt.sign( { user_id: USER_ID}, security.jwt.secretOrKey);
},
get_hacker_token: function() {
return jwt.sign( { user_id: HACKER_ID}, security.jwt.secretOrKey);
}
}

23
test/server.js Normal file
View File

@@ -0,0 +1,23 @@
var should = require('should'),
request = require('supertest'),
app = require('../server.js'),
globalServer;
describe('Static resources', function(){
before(function () {
globalServer = app.listen();
});
after(function () {
globalServer.close();
});
it('should send index.html', function(done){
request(globalServer)
.get('/')
.set('Accept', 'text/html')
.expect('Content-Type', /html/)
.expect(200, done);
})
})

198
test/users.js Normal file
View File

@@ -0,0 +1,198 @@
var should = require('should'),
request = require('supertest'),
app = require('../server.js'),
mongoose = require('mongoose'),
User = mongoose.model('User'),
Db = require('./db.js'),
sinon = require('sinon'),
EventEmitter = require('../app/events/listeners'),
globalServer, token, hacker_token, account_id, user_id;
describe('API /users', function() {
before(function(done) {
globalServer = app.listen();
token = Db.get_user_token();
hacker_token = Db.get_hacker_token();
account_id = Db.ACCOUNT_ID;
user_id = Db.USER_ID;
Db.init(done);
});
after( function() {
globalServer.close();
});
describe('* Login', function() {
it('should log successfully', function(done) {
request(globalServer)
.post('/api/users/login')
.send({
username: 'test',
password: 's3cr3t'
})
.set('Accept', 'application/json')
.expect(200)
.expect('Content-Type', /json/)
.end( function(error, result) {
should.not.exist(error);
var user = result.body;
should.exist(user);
user.username.should.be.equal('test');
should.exist(user.token);
done();
});
});
it('should fail login', function(done) {
request(globalServer)
.post('/api/users/login')
.send({
username: 'test',
password: 'secret'
})
.set('Accept', 'application/json')
.expect(401, done);
});
it('should logout', function(done) {
request(globalServer)
.delete('/api/users/login')
.expect(200, done);
});
});
describe('* Registration', function() {
it('should fail without any params', function(done) {
request(globalServer)
.post('/api/users')
.set('Accept', 'application/json')
.expect(400)
.end(function(err, result) {
var errors = result.body;
should.exist(errors);
errors.should.be.instanceof(Array).and.have.lengthOf(2);
done();
});
});
it('should fail without a password', function(done) {
request(globalServer)
.post('/api/users')
.send( { username: 'registration'})
.expect(400, done);
});
it('should fail without an username', function(done) {
request(globalServer)
.post('/api/users')
.send({password: 'secret'})
.set('Accept', 'application/json')
.expect(400, done);
});
it('should fail on duplicate account', function(done) {
request(globalServer)
.post('/api/users')
.send({
username: 'test',
password: 'secret'
})
.set('Accept', 'application/json')
.expect(409, done);
});
it('should register successfully', function(done) {
request(globalServer)
.post('/api/users')
.send({
username: 'registration',
password: 'secret'
})
.set('Accept', 'application/json')
.expect(201)
.end(function(error, result) {
should.not.exist(error);
var user = result.body;
should.exist(user);
user.username.should.be.equal('registration');
should.exist(user.token);
User.getAuthenticated('registration', 'secret', function(error, user) {
should.not.exist(error);
should.exist(user);
done();
});
});
});
});
describe('* Deregistration', function() {
it('should fail to delete user account without security token', function(done) {
request(globalServer)
.delete('/api/users')
.expect(401, done);
});
it('should fail to delete user account with fake security token', function(done) {
request(globalServer)
.delete('/api/users')
.set('Authorization', 'JWT fake_token')
.expect(401, done);
});
it('should delete user with accounts and entries', function(done) {
var eventEmitter= EventEmitter.eventEmitter,
spy_accounts = sinon.spy(),
spy_entries = sinon.spy();
eventEmitter.on(EventEmitter.events.ACCOUNTS_DELETE_BY_USER_ID_EVT, spy_accounts);
eventEmitter.on(EventEmitter.events.ENTRIES_DELETE_BY_ACCOUNT_EVT, spy_entries)
request(globalServer)
.delete('/api/users')
.set('Authorization', 'JWT ' + token)
.expect(204)
.end(function(error, result) {
User.findOne({username: 'test'}, function(error, user) {
should.not.exist(error);
should.not.exist(user);
sinon.assert.calledWith(spy_accounts, user_id);
spy_entries.called.should.equal.true;
spy_entries.args[0][0].id.should.be.equal(account_id);
done();
});
});
});
it('should delete user without account', function(done) {
var eventEmitter= EventEmitter.eventEmitter,
spy_accounts = sinon.spy(),
spy_entries = sinon.spy();
eventEmitter.on(EventEmitter.events.ACCOUNTS_DELETE_BY_USER_ID_EVT, spy_accounts);
eventEmitter.on(EventEmitter.events.ENTRIES_DELETE_BY_ACCOUNT_EVT, spy_entries)
request(globalServer)
.delete('/api/users')
.set('Authorization', 'JWT ' + hacker_token)
.expect(204)
.end(function(error, result) {
User.findOne({username: 'hacker'}, function(error, user) {
should.not.exist(error);
should.not.exist(user);
spy_accounts.called.should.equal.true;
spy_entries.called.should.equal.false;
done();
});
});
});
});
});