asyavee/medusa-store
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

chore: Move admin invites + user tests to HTTP (#7596)

Browse Source
This commit is contained in:
Oli Juhl
2024-06-04 10:53:01 +02:00
committed by GitHub
parent c38f6d07c2
commit ce40fe88f5
6 changed files with 261 additions and 622 deletions
Download Patch File Download Diff File Expand all files Collapse all files

393
integration-tests/api/__tests__/admin/invite.js
View File

@@ -1,393 +0,0 @@
const path = require("path")
const setupServer = require("../../../environment-helpers/setup-server")
const { useApi } = require("../../../environment-helpers/use-api")
const { initDb, useDb } = require("../../../environment-helpers/use-db")
const userSeeder = require("../../../helpers/user-seeder")
const adminSeeder = require("../../../helpers/admin-seeder")
jest.setTimeout(30000)
describe("/admin/invites", () => {
let medusaProcess
let dbConnection
beforeAll(async () => {
const cwd = path.resolve(path.join(__dirname, "..", ".."))
dbConnection = await initDb({ cwd })
medusaProcess = await setupServer({ cwd })
})
afterAll(async () => {
const db = useDb()
await db.shutdown()
medusaProcess.kill()
})
describe("GET /admin/users", () => {
beforeEach(async () => {
await adminSeeder(dbConnection)
await userSeeder(dbConnection)
})
afterEach(async () => {
const db = useDb()
await db.teardown()
})
it("lists invites", async () => {
const api = useApi()
const response = await api
.get("/admin/invites", {
headers: {
"x-medusa-access-token": "test_token",
},
})
.catch((err) => {
console.log(err)
})
expect(response.status).toEqual(200)
expect(response.data.invites).toMatchSnapshot([
{
id: "memberInvite",
user_email: "invite-member@test.com",
role: "member",
accepted: false,
token: expect.any(String),
expires_at: expect.any(String),
created_at: expect.any(String),
updated_at: expect.any(String),
},
{
id: "adminInvite",
user_email: "invite-admin@test.com",
role: "admin",
accepted: false,
token: expect.any(String),
created_at: expect.any(String),
expires_at: expect.any(String),
updated_at: expect.any(String),
},
])
})
})
describe("POST /admin/invites", () => {
let user
beforeEach(async () => {
const api = useApi()
await adminSeeder(dbConnection)
await userSeeder(dbConnection)
const response = await api
.post(
"/admin/users",
{
email: "test@forgottenPassword.com",
role: "member",
password: "test123453",
},
{
headers: { "x-medusa-access-token": "test_token" },
}
)
.catch((err) => console.log(err))
user = response.data.user
})
afterEach(async () => {
const db = useDb()
await db.teardown()
})
describe("Invitations", () => {
it("create an invite with the specified emails and role", async () => {
const api = useApi()
const payload = {
user: "test@medusa-commerce.com",
role: "admin",
}
const createReponse = await api
.post("/admin/invites", payload, {
headers: { "x-medusa-access-token": "test_token" },
})
.catch((err) => console.log(err))
const response = await api
.get("/admin/invites", {
headers: {
"x-medusa-access-token": "test_token",
},
})
.catch((err) => {
console.log(err)
})
expect(createReponse.status).toEqual(200)
expect(response.data.invites).toEqual(
expect.arrayContaining([
expect.objectContaining({ user_email: payload.user }),
])
)
expect(response.status).toEqual(200)
})
it("updates invite with new role", async () => {
const api = useApi()
const payload = {
user: "invite-member@test.com",
role: "admin",
}
const createReponse = await api
.post("/admin/invites", payload, {
headers: { "x-medusa-access-token": "test_token" },
})
.catch((err) => console.log(err))
const response = await api
.get("/admin/invites", {
headers: {
"x-medusa-access-token": "test_token",
},
})
.catch((err) => {
console.log(err)
})
expect(createReponse.status).toEqual(200)
expect(response.data.invites).toEqual(
expect.arrayContaining([
expect.objectContaining({
user_email: payload.user,
role: "admin",
}),
])
)
expect(response.status).toEqual(200)
})
it("resends invite", async () => {
const api = useApi()
const id = "memberInvite"
const resendResponse = await api
.post(
`/admin/invites/${id}/resend`,
{},
{
headers: { "x-medusa-access-token": "test_token" },
}
)
.catch((err) => console.log(err))
expect(resendResponse.status).toEqual(200)
})
it("creates a user successfully when accepting an invite (unauthorized endpoint)", async () => {
const api = useApi()
const inviteResponse = await api.get("/admin/invites", {
headers: { "x-medusa-access-token": "test_token" },
})
const { token, ...rest } = inviteResponse.data.invites[0]
const user = {
first_name: "test",
last_name: "testesen",
password: "supersecret",
}
const payload = { token, user }
const createResponse = await api
.post("/admin/invites/accept", payload)
.catch((err) => console.log(err))
const userResponse = await api.get("/admin/users", {
headers: { "x-medusa-access-token": "test_token" },
})
const newUser = userResponse.data.users.find(
(usr) => usr.email == rest.user_email
)
expect(newUser).toEqual(expect.objectContaining({ role: rest.role }))
expect(createResponse.status).toEqual(200)
})
it("creates a user successfully with new role after updating invite (unauthorized endpoint)", async () => {
const api = useApi()
const inviteResponse = await api.get("/admin/invites", {
headers: { "x-medusa-access-token": "test_token" },
})
const { token, ...rest } = inviteResponse.data.invites.find(
(inv) => inv.role === "member"
)
const user = {
first_name: "test",
last_name: "testesen",
password: "supersecret",
}
const updatePayload = {
user: rest.user_email,
role: "admin",
}
const updateResponse = await api
.post("/admin/invites", updatePayload, {
headers: { "x-medusa-access-token": "test_token" },
})
.catch((err) => console.log(err))
const payload = { token, user }
const createResponse = await api.post("/admin/invites/accept", payload)
const userResponse = await api.get("/admin/users", {
headers: { "x-medusa-access-token": "test_token" },
})
const newUser = userResponse.data.users.find(
(usr) => usr.email == rest.user_email
)
expect(newUser).toEqual(expect.objectContaining({ role: "admin" }))
expect(updateResponse.status).toEqual(200)
expect(createResponse.status).toEqual(200)
})
it("Fails to accept an invite given an invalid token (unauthorized endpoint)", async () => {
expect.assertions(2)
const api = useApi()
const token =
"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpbnZpdGVfaWQiOiJpbnZpdGVfMDFGSFFWNlpBOERRRlgySjM3UVo5SjZTOTAiLCJyb2xlIjoiYWRtaW4iLCJ1c2VyX2VtYWlsIjoic2ZAc2RmLmNvbSIsImlhdCI6MTYzMzk2NDAyMCwiZXhwIjoxNjM0NTY4ODIwfQ.ZsmDvunBxhRW1iRqvfEfWixJLZ1zZVzaEYST38Vbl00"
await api
.post("/admin/invites/accept", {
token,
user: {
first_name: "test",
last_name: "testesen",
password: "supersecret",
},
})
.catch((err) => {
expect(err.response.status).toEqual(400)
expect(err.response.data.message).toEqual("Token is not valid")
})
})
it("fails to accept an already accepted invite (unauthorized endpoint)", async () => {
expect.assertions(4)
const api = useApi()
const inviteResponse = await api.get("/admin/invites", {
headers: { "x-medusa-access-token": "test_token" },
})
const { token } = inviteResponse.data.invites[0]
const user = {
first_name: "test",
last_name: "testesen",
password: "supersecret",
}
const payload = { token, user }
const createResponse = await api.post("/admin/invites/accept", payload)
const secondPayload = {
user: {
first_name: "testesens",
last_name: "test",
password: "testesens",
},
token,
}
await api.post("/admin/invites/accept", secondPayload).catch((err) => {
expect(err.response.status).toEqual(400)
expect(err.response.data.message).toEqual("Invalid invite")
expect(err.response.data.type).toEqual("invalid_data")
})
expect(createResponse.status).toEqual(200)
})
})
})
describe("DELETE /admin/users", () => {
beforeEach(async () => {
await adminSeeder(dbConnection)
await userSeeder(dbConnection)
})
afterEach(async () => {
const db = useDb()
await db.teardown()
})
it("/admin/invites Deletes an invite", async () => {
const api = useApi()
const inviteId = "memberInvite"
const invitesBeforeDeleteRequest = await api.get("/admin/invites", {
headers: {
"x-medusa-access-token": "test_token",
},
})
const invitesBeforeDelete = invitesBeforeDeleteRequest.data.invites
const response = await api
.delete(`/admin/invites/${inviteId}`, {
headers: { "x-medusa-access-token": "test_token" },
})
.catch((err) => console.log(err))
const invitesAfterDeleteRequest = await api.get("/admin/invites", {
headers: {
"x-medusa-access-token": "test_token",
},
})
expect(response.status).toEqual(200)
expect(response.data).toEqual({
id: inviteId,
object: "invite",
deleted: true,
})
const invitesAfterDelete = invitesAfterDeleteRequest.data.invites
expect(invitesAfterDelete.length).toEqual(invitesBeforeDelete.length - 1)
expect(invitesBeforeDelete).toEqual(
expect.arrayContaining([expect.objectContaining({ id: inviteId })])
)
expect(invitesAfterDelete).toEqual(
expect.not.arrayContaining([expect.objectContaining({ id: inviteId })])
)
})
})
})

536
integration-tests/api/__tests__/admin/user.js
View File

@@ -1,536 +0,0 @@
const jwt = require("jsonwebtoken")
const { medusaIntegrationTestRunner } = require("medusa-test-utils")
const {
createAdminUser,
adminHeaders,
} = require("../../../helpers/create-admin-user")
const { breaking } = require("../../../helpers/breaking")
const { ModuleRegistrationName } = require("@medusajs/modules-sdk")
jest.setTimeout(30000)
let userSeeder = {}
let simpleAnalyticsConfigFactory = {}
medusaIntegrationTestRunner({
// env: { MEDUSA_FF_MEDUSA_V2: true },
testSuite: ({ dbConnection, getContainer, api }) => {
let container
let userModuleService
beforeAll(() => {
userSeeder = require("../../../helpers/user-seeder")
simpleAnalyticsConfigFactory = require("../../../factories/simple-analytics-config-factory")
})
beforeEach(async () => {
container = getContainer()
userModuleService = container.resolve(ModuleRegistrationName.USER)
await createAdminUser(dbConnection, adminHeaders, container)
})
describe("GET /admin/users/:id", () => {
beforeEach(async () => {
await breaking(async () => {
await userSeeder(dbConnection)
})
})
it("should return user by id", async () => {
const response = await api.get("/admin/users/admin_user", adminHeaders)
const v1Response = {
id: "admin_user",
email: "admin@medusa.js",
api_token: "test_token",
role: "admin",
created_at: expect.any(String),
updated_at: expect.any(String),
}
const v2Response = {
id: "admin_user",
email: "admin@medusa.js",
created_at: expect.any(String),
updated_at: expect.any(String),
}
expect(response.status).toEqual(200)
expect(response.data.user).toEqual(
expect.objectContaining(
breaking(
() => v1Response,
() => v2Response
)
)
)
})
})
describe("GET /admin/users", () => {
beforeEach(async () => {
await breaking(
async () => {
await userSeeder(dbConnection)
},
async () => {
await userModuleService.create({
id: "member-user",
email: "member@test.com",
first_name: "member",
last_name: "user",
})
}
)
})
it("should list users", async () => {
const response = await api
.get("/admin/users", adminHeaders)
.catch((err) => {
console.log(err)
})
expect(response.status).toEqual(200)
const v1Response = [
expect.objectContaining({
id: "admin_user",
email: "admin@medusa.js",
created_at: expect.any(String),
updated_at: expect.any(String),
api_token: "test_token",
role: "admin",
}),
expect.objectContaining({
id: "member-user",
email: "member@test.com",
first_name: "member",
last_name: "user",
created_at: expect.any(String),
updated_at: expect.any(String),
role: "member",
}),
]
const v2Response = [
expect.objectContaining({
id: "admin_user",
email: "admin@medusa.js",
created_at: expect.any(String),
updated_at: expect.any(String),
}),
expect.objectContaining({
id: "member-user",
email: "member@test.com",
first_name: "member",
last_name: "user",
created_at: expect.any(String),
updated_at: expect.any(String),
}),
]
expect(response.data.users).toEqual(
expect.arrayContaining(
breaking(
() => v1Response,
() => v2Response
)
)
)
})
it("should list users that match the free text search", async () => {
const response = await api.get("/admin/users?q=member", adminHeaders)
expect(response.status).toEqual(200)
expect(response.data.users.length).toEqual(1)
expect(response.data.users).toEqual(
expect.arrayContaining([
expect.objectContaining({
id: "member-user",
email: "member@test.com",
first_name: "member",
last_name: "user",
created_at: expect.any(String),
updated_at: expect.any(String),
...breaking(
() => ({ role: "member" }),
() => ({})
),
}),
])
)
})
})
describe("POST /admin/users", () => {
let token
beforeEach(async () => {
token = await breaking(
() => null,
async () => {
const emailPassResponse = await api.post("/auth/user/emailpass", {
email: "test@test123.com",
password: "test123",
})
return emailPassResponse.data.token
}
)
})
it("should create a user", async () => {
const payload = {
email: "test@test123.com",
...breaking(
() => ({ role: "member", password: "test123" }),
() => ({})
),
}
// In V2, the flow to create an authenticated user depends on the token or session of a previously created auth user
const headers = breaking(
() => adminHeaders,
() => {
return {
headers: { Authorization: `Bearer ${token}` },
}
}
)
const response = await api
.post("/admin/users", payload, headers)
.catch((err) => console.log(err))
expect(response.status).toEqual(200)
expect(response.data.user).toEqual(
expect.objectContaining({
id: expect.stringMatching(
breaking(
() => /^usr_*/,
() => /^user_*/
)
),
created_at: expect.any(String),
updated_at: expect.any(String),
email: "test@test123.com",
...breaking(
() => ({ role: "member" }),
() => ({})
),
})
)
})
// V2 only test
it.skip("should throw, if session/bearer auth is present for existing user", async () => {
const emailPassResponse = await api.post("/auth/user/emailpass", {
email: "test@test123.com",
password: "test123",
})
const token = emailPassResponse.data.token
const headers = (token) => ({
headers: { Authorization: `Bearer ${token}` },
})
// Create user
const res = await api
.post(
"/admin/users",
{
email: "test@test123.com",
},
headers(token)
)
.catch((err) => console.log(err))
const payload = {
email: "different@email.com",
}
const { response: errorResponse } = await api
.post("/admin/users", payload, headers(res.data.token))
.catch((err) => err)
expect(errorResponse.status).toEqual(400)
expect(errorResponse.data.message).toEqual(
"Request carries authentication for an existing user"
)
})
})
describe("POST /admin/users/:id", () => {
beforeEach(async () => {
await breaking(
async () => {
await userSeeder(dbConnection)
},
async () => {
await userModuleService.create([
{
id: "member-user",
email: "member@test.com",
first_name: "member",
last_name: "user",
},
])
}
)
})
it("should update a user", async () => {
const updateResponse = await api
.post(
"/admin/users/member-user",
{ first_name: "karl" },
adminHeaders
)
.catch((err) => console.log(err.response.data.message))
expect(updateResponse.status).toEqual(200)
expect(updateResponse.data.user).toEqual(
expect.objectContaining({
id: "member-user",
created_at: expect.any(String),
updated_at: expect.any(String),
email: "member@test.com",
first_name: "karl",
last_name: "user",
...breaking(
() => ({ role: "member" }),
() => ({})
),
})
)
})
})
describe("DELETE /admin/users", () => {
beforeEach(async () => {
await breaking(
async () => {
await userSeeder(dbConnection)
},
async () => {
await userModuleService.create([
{
id: "member-user",
email: "member@test.com",
first_name: "member",
last_name: "user",
},
])
}
)
})
it("Deletes a user", async () => {
const userId = "member-user"
const response = await api.delete(
`/admin/users/${userId}`,
adminHeaders
)
expect(response.status).toEqual(200)
expect(response.data).toEqual({
id: userId,
object: "user",
deleted: true,
})
})
// TODO: Migrate when analytics config is implemented in 2.0
it.skip("Deletes a user and their analytics config", async () => {
const userId = "member-user"
await simpleAnalyticsConfigFactory(dbConnection, {
user_id: userId,
})
const response = await api.delete(
`/admin/users/${userId}`,
adminHeaders
)
expect(response.status).toEqual(200)
expect(response.data).toEqual({
id: userId,
object: "user",
deleted: true,
})
const configs = await dbConnection.manager.query(
`SELECT * FROM public.analytics_config WHERE user_id = '${userId}'`
)
expect(configs).toEqual(
expect.arrayContaining([
expect.objectContaining({
created_at: expect.any(Date),
updated_at: expect.any(Date),
deleted_at: expect.any(Date),
id: expect.any(String),
user_id: userId,
opt_out: false,
anonymize: false,
}),
])
)
})
})
// TODO: Migrate when implemented in 2.0
describe("POST /admin/users/reset-password + POST /admin/users/password-token", () => {
let user
beforeEach(async () => {
const response = await api
.post(
"/admin/users",
{
email: "test@forgottenPassword.com",
role: "member",
password: "test123453",
},
adminHeaders
)
.catch((err) => console.log(err))
user = response.data.user
})
it("Doesn't fail to fetch user when resetting password for an unknown email (unauthorized endpoint)", async () => {
const resp = await api.post("/admin/users/password-token", {
email: "test-doesnt-exist@test.com",
})
expect(resp.status).toEqual(204)
})
it("Doesn't fail when generating password reset token (unauthorized endpoint)", async () => {
const resp = await api
.post("/admin/users/password-token", {
email: user.email,
})
.catch((err) => {
console.log(err)
})
expect(resp.data).toEqual("")
expect(resp.status).toEqual(204)
})
it("Resets the password given a valid token (unauthorized endpoint)", async () => {
const expiry = Math.floor(Date.now() / 1000) + 60 * 15
const dbUser = await dbConnection.manager.query(
`SELECT * FROM public.user WHERE email = '${user.email}'`
)
const token_payload = {
user_id: user.id,
email: user.email,
exp: expiry,
}
const token = jwt.sign(token_payload, dbUser[0].password_hash)
const result = await api
.post("/admin/users/reset-password", {
token,
email: "test@forgottenpassword.com",
password: "new password",
})
.catch((err) => console.log(err))
const loginResult = await api.post("admin/auth", {
email: "test@forgottenpassword.com",
password: "new password",
})
expect(result.status).toEqual(200)
expect(result.data.user).toEqual(
expect.objectContaining({
email: user.email,
role: user.role,
})
)
expect(result.data.user.password_hash).toEqual(undefined)
expect(loginResult.status).toEqual(200)
expect(loginResult.data.user).toEqual(
expect.objectContaining({
email: user.email,
role: user.role,
})
)
})
it("Resets the password given a valid token without including email(unauthorized endpoint)", async () => {
const expiry = Math.floor(Date.now() / 1000) + 60 * 15
const dbUser = await dbConnection.manager.query(
`SELECT * FROM public.user WHERE email = '${user.email}'`
)
const token_payload = {
user_id: user.id,
email: user.email,
exp: expiry,
}
const token = jwt.sign(token_payload, dbUser[0].password_hash)
const result = await api
.post("/admin/users/reset-password", {
token,
password: "new password",
})
.catch((err) => console.log(err.response.data.message))
const loginResult = await api.post("admin/auth", {
email: user.email,
password: "new password",
})
expect(result.status).toEqual(200)
expect(result.data.user).toEqual(
expect.objectContaining({
email: user.email,
role: user.role,
})
)
expect(result.data.user.password_hash).toEqual(undefined)
expect(loginResult.status).toEqual(200)
expect(loginResult.data.user).toEqual(
expect.objectContaining({
email: user.email,
role: user.role,
})
)
})
it("Fails to Reset the password given an invalid token (unauthorized endpoint)", async () => {
expect.assertions(2)
const token = "test.test.test"
await api
.post("/admin/users/reset-password", {
token,
email: "test@forgottenpassword.com",
password: "new password",
})
.catch((err) => {
expect(err.response.status).toEqual(400)
expect(err.response.data.message).toEqual("invalid token")
})
})
})
},
})