yuuza/outline
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add missing authorization on views endpoints

Browse Source 
Updated ApiKeys authorization to match elsewhere
This commit is contained in:
Tom Moor
2018-02-18 10:56:56 -08:00
parent e84fb5e6ba
commit 83f32be6f7
19 changed files with 129 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

73
server/api/views.test.js Normal file
View File

@@ -0,0 +1,73 @@
/* eslint-disable flowtype/require-valid-file-annotation */
import TestServer from 'fetch-test-server';
import app from '..';
import { flushdb, seed } from '../test/support';
import { buildUser } from '../test/factories';
const server = new TestServer(app.callback());
beforeEach(flushdb);
afterAll(server.close);
describe('#views.list', async () => {
it('should return views for a document', async () => {
const { user, document } = await seed();
const res = await server.post('/api/views.list', {
body: { token: user.getJwtToken(), id: document.id },
});
expect(res.status).toEqual(200);
});
it('should require authentication', async () => {
const { document } = await seed();
const res = await server.post('/api/views.list', {
body: { id: document.id },
});
const body = await res.json();
expect(res.status).toEqual(401);
expect(body).toMatchSnapshot();
});
it('should require authorization', async () => {
const { document } = await seed();
const user = await buildUser();
const res = await server.post('/api/views.list', {
body: { token: user.getJwtToken(), id: document.id },
});
expect(res.status).toEqual(403);
});
});
describe('#views.create', async () => {
it('should allow creating a view record for document', async () => {
const { user, document } = await seed();
const res = await server.post('/api/views.create', {
body: { token: user.getJwtToken(), id: document.id },
});
const body = await res.json();
expect(res.status).toEqual(200);
expect(body.success).toBe(true);
});
it('should require authentication', async () => {
const { document } = await seed();
const res = await server.post('/api/views.create', {
body: { id: document.id },
});
const body = await res.json();
expect(res.status).toEqual(401);
expect(body).toMatchSnapshot();
});
it('should require authorization', async () => {
const { document } = await seed();
const user = await buildUser();
const res = await server.post('/api/views.create', {
body: { token: user.getJwtToken(), id: document.id },
});
expect(res.status).toEqual(403);
});
});