From 67e3431fe30fc428ca56e71388bc3583f196bdb3 Mon Sep 17 00:00:00 2001
From: Tom Moor <tom.moor@gmail.com>
Date: Sat, 26 May 2018 13:29:42 -0700
Subject: [PATCH] More extensive specs around documents.info endpoint now that
 it doesn't require auth

---
 server/api/documents.test.js | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/server/api/documents.test.js b/server/api/documents.test.js
index 86aa35335..770fc4555 100644
--- a/server/api/documents.test.js
+++ b/server/api/documents.test.js
@@ -74,6 +74,23 @@ describe('#documents.info', async () => {
     expect(body.data.updatedBy.id).toEqual(user.id);
   });
 
+  it('should require authorization without token', async () => {
+    const { document } = await seed();
+    const res = await server.post('/api/documents.info', {
+      body: { id: document.id },
+    });
+    expect(res.status).toEqual(403);
+  });
+
+  it('should require authorization with incorrect token', async () => {
+    const { document } = await seed();
+    const user = await buildUser();
+    const res = await server.post('/api/documents.info', {
+      body: { token: user.getJwtToken(), id: document.id },
+    });
+    expect(res.status).toEqual(403);
+  });
+
   it('should require a valid shareId', async () => {
     const res = await server.post('/api/documents.info', {
       body: { shareId: 123 },