Feat: Extend user api (#460)

* api routes for user management * add invites and roles to db * services * invite repo * include user in accepting invitation * include user role in create user * api password reset * delete invite * include email in reset password token * added metadata as dbawarecolumn * added events for invite handling and delete functionality * added invite model to exports * add default value member and allow null roles * conditional inclusion of invites in "list-users" * integration tests for users * helpers for user testing * add unauthenticated routes to users * simplifying create invite * create users with first and last name, and dev role * reset password endpoint * removed token from response * update user with firstname, lastname and role * create invite refactor * test password reset without email in body * removed redundant router variable * cleanup * unit tests * adjustments * service tests * adjustments according to api changes * fix cart test * cloned now works * change name to verified token for the verified token * add a space * db aware columns * fix: timestampz dbaware * more testing * add list-invites endpoint * reset-password error handling * pr issues adjusted * fixed test * add optional to link templates * move invites to a new endpoint * migrate invites to own testsuite * adjust snapshots * email constraint for invite * fix integration tests * addressing pr feedback * unit tests for extended user api * linting * fix integration tests * fix unit tests * fix: Addresses breaking change from class-transformer * fix orders testing * merge "create-claim" js and ts files * add out commented tests * update typescript endpoints to reflect changes made for user management * converted invites to typescript * add exports from api endpoints * remove old js files used for reference * integration test * import reflect metadata * invite service conversion to ts * removed unused import * update invite service to match styleguide * add "expires_at" and "token" to invite table * update invite service to save tokens and validate expires_at * fix failing tests * fix tests after adding token and expires_at to invite * add expiration to create Co-authored-by: Sebastian Rindom <skrindom@gmail.com> Co-authored-by: olivermrbl <oliver@mrbltech.com>
2021-12-08 10:15:22 +01:00
parent 5cb09184d4
commit d1b8f4b50b
41 changed files with 2081 additions and 49 deletions
--- a/integration-tests/api/tests/admin/snapshots/auth.js.snap
+++ b/integration-tests/api/tests/admin/snapshots/auth.js.snap
@@ -10,6 +10,7 @@ Object {
  "id": "admin_user",
  "last_name": null,
  "metadata": null,
+  "role": "admin",
  "updated_at": Any<String>,
 }
 `;
--- a/integration-tests/api/tests/admin/snapshots/invite.js.snap
+++ b/integration-tests/api/tests/admin/snapshots/invite.js.snap
@@ -0,0 +1,30 @@
+// Jest Snapshot v1, https://goo.gl/fbAQLP
+
+exports[`/admin/invites GET /admin/users lists invites 1`] = `
+Array [
+  Object {
+    "accepted": false,
+    "created_at": Any<String>,
+    "deleted_at": null,
+    "expires_at": Any<String>,
+    "id": "memberInvite",
+    "metadata": null,
+    "role": "member",
+    "token": Any<String>,
+    "updated_at": Any<String>,
+    "user_email": "invite-member@test.com",
+  },
+  Object {
+    "accepted": false,
+    "created_at": Any<String>,
+    "deleted_at": null,
+    "expires_at": Any<String>,
+    "id": "adminInvite",
+    "metadata": null,
+    "role": "admin",
+    "token": Any<String>,
+    "updated_at": Any<String>,
+    "user_email": "invite-admin@test.com",
+  },
+]
+`;
--- a/integration-tests/api/tests/admin/snapshots/user.js.snap
+++ b/integration-tests/api/tests/admin/snapshots/user.js.snap
@@ -0,0 +1,76 @@
+// Jest Snapshot v1, https://goo.gl/fbAQLP
+
+exports[`/admin/users GET /admin/users lists users 1`] = `
+Array [
+  Object {
+    "api_token": "test_token",
+    "created_at": Any<String>,
+    "deleted_at": null,
+    "email": "admin@medusa.js",
+    "first_name": null,
+    "id": "admin_user",
+    "last_name": null,
+    "metadata": null,
+    "role": "admin",
+    "updated_at": Any<String>,
+  },
+  Object {
+    "api_token": null,
+    "created_at": Any<String>,
+    "deleted_at": null,
+    "email": "member@test.com",
+    "first_name": "member",
+    "id": "member-user",
+    "last_name": "user",
+    "metadata": null,
+    "role": "member",
+    "updated_at": Any<String>,
+  },
+]
+`;
+
+exports[`/admin/users GET /admin/users returns user by id 1`] = `
+Object {
+  "api_token": "test_token",
+  "created_at": Any<String>,
+  "deleted_at": null,
+  "email": "admin@medusa.js",
+  "first_name": null,
+  "id": "admin_user",
+  "last_name": null,
+  "metadata": null,
+  "role": "admin",
+  "updated_at": Any<String>,
+}
+`;
+
+exports[`/admin/users POST /admin/users creates a user 1`] = `
+Object {
+  "api_token": null,
+  "created_at": Any<String>,
+  "deleted_at": null,
+  "email": "test@test123.com",
+  "first_name": null,
+  "id": StringMatching /\\^usr_\\*/,
+  "last_name": null,
+  "metadata": null,
+  "role": "member",
+  "updated_at": Any<String>,
+}
+`;
+
+exports[`/admin/users POST /admin/users updates a user 1`] = `
+Object {
+  "api_token": null,
+  "created_at": Any<String>,
+  "deleted_at": null,
+  "email": "member@test.com",
+  "first_name": "karl",
+  "id": "member-user",
+  "last_name": "user",
+  "metadata": null,
+  "password_hash": null,
+  "role": "member",
+  "updated_at": Any<String>,
+}
+`;
--- a/integration-tests/api/tests/admin/invite.js
+++ b/integration-tests/api/tests/admin/invite.js
@@ -0,0 +1,394 @@
+const jwt = require("jsonwebtoken")
+const path = require("path")
+
+const setupServer = require("../../../helpers/setup-server")
+const { useApi } = require("../../../helpers/use-api")
+const { initDb, useDb } = require("../../../helpers/use-db")
+
+const userSeeder = require("../../helpers/user-seeder")
+const adminSeeder = require("../../helpers/admin-seeder")
+
+jest.setTimeout(30000)
+
+describe("/admin/invites", () => {
+  let medusaProcess
+  let dbConnection
+
+  beforeAll(async () => {
+    const cwd = path.resolve(path.join(__dirname, "..", ".."))
+    dbConnection = await initDb({ cwd })
+    medusaProcess = await setupServer({ cwd })
+  })
+
+  afterAll(async () => {
+    const db = useDb()
+    await db.shutdown()
+    medusaProcess.kill()
+  })
+
+  describe("GET /admin/users", () => {
+    beforeEach(async () => {
+      await adminSeeder(dbConnection)
+      await userSeeder(dbConnection)
+    })
+
+    afterEach(async () => {
+      const db = useDb()
+      await db.teardown()
+    })
+
+    it("lists invites", async () => {
+      const api = useApi()
+
+      const response = await api
+        .get("/admin/invites", {
+          headers: {
+            Authorization: "Bearer test_token",
+          },
+        })
+        .catch((err) => {
+          console.log(err)
+        })
+
+      expect(response.status).toEqual(200)
+
+      expect(response.data.invites).toMatchSnapshot([
+        {
+          id: "memberInvite",
+          user_email: "invite-member@test.com",
+          role: "member",
+          accepted: false,
+          token: expect.any(String),
+          expires_at: expect.any(String),
+          created_at: expect.any(String),
+          updated_at: expect.any(String),
+        },
+        {
+          id: "adminInvite",
+          user_email: "invite-admin@test.com",
+          role: "admin",
+          accepted: false,
+          token: expect.any(String),
+          created_at: expect.any(String),
+          expires_at: expect.any(String),
+          updated_at: expect.any(String),
+        },
+      ])
+    })
+  })
+
+  describe("POST /admin/invites", () => {
+    let user
+    beforeEach(async () => {
+      const api = useApi()
+      await adminSeeder(dbConnection)
+      await userSeeder(dbConnection)
+
+      const response = await api
+        .post(
+          "/admin/users",
+          {
+            email: "test@forgottenPassword.com",
+            role: "member",
+            password: "test123453",
+          },
+          {
+            headers: { Authorization: "Bearer test_token" },
+          }
+        )
+        .catch((err) => console.log(err))
+
+      user = response.data.user
+    })
+
+    afterEach(async () => {
+      const db = useDb()
+      await db.teardown()
+    })
+
+    describe("Invitations", () => {
+      it("create an invite with the specified emails and role", async () => {
+        const api = useApi()
+
+        const payload = {
+          user: "test@medusa-commerce.com",
+          role: "admin",
+        }
+
+        const createReponse = await api
+          .post("/admin/invites", payload, {
+            headers: { Authorization: "Bearer test_token" },
+          })
+          .catch((err) => console.log(err))
+
+        const response = await api
+          .get("/admin/invites", {
+            headers: {
+              Authorization: "Bearer test_token",
+            },
+          })
+          .catch((err) => {
+            console.log(err)
+          })
+
+        expect(createReponse.status).toEqual(200)
+
+        expect(response.data.invites).toEqual(
+          expect.arrayContaining([
+            expect.objectContaining({ user_email: payload.user }),
+          ])
+        )
+
+        expect(response.status).toEqual(200)
+      })
+
+      it("updates invite with new role", async () => {
+        const api = useApi()
+
+        const payload = {
+          user: "invite-member@test.com",
+          role: "admin",
+        }
+
+        const createReponse = await api
+          .post("/admin/invites", payload, {
+            headers: { Authorization: "Bearer test_token" },
+          })
+          .catch((err) => console.log(err))
+
+        const response = await api
+          .get("/admin/invites", {
+            headers: {
+              Authorization: "Bearer test_token",
+            },
+          })
+          .catch((err) => {
+            console.log(err)
+          })
+
+        expect(createReponse.status).toEqual(200)
+
+        expect(response.data.invites).toEqual(
+          expect.arrayContaining([
+            expect.objectContaining({
+              user_email: payload.user,
+              role: "admin",
+            }),
+          ])
+        )
+
+        expect(response.status).toEqual(200)
+      })
+
+      it("resends invite", async () => {
+        const api = useApi()
+
+        const id = "memberInvite"
+
+        const resendResponse = await api
+          .post(
+            `/admin/invites/${id}/resend`,
+            {},
+            {
+              headers: { Authorization: "Bearer test_token" },
+            }
+          )
+          .catch((err) => console.log(err))
+
+        expect(resendResponse.status).toEqual(200)
+      })
+
+      it("creates a user successfully when accepting an invite (unauthorized endpoint)", async () => {
+        const api = useApi()
+
+        const inviteResponse = await api.get("/admin/invites", {
+          headers: { Authorization: "Bearer test_token" },
+        })
+
+        const { token, ...rest } = inviteResponse.data.invites[0]
+
+        const user = {
+          first_name: "test",
+          last_name: "testesen",
+          password: "supersecret",
+        }
+
+        const payload = { token, user }
+
+        const createResponse = await api
+          .post("/admin/invites/accept", payload)
+          .catch((err) => console.log(err))
+
+        const userResponse = await api.get("/admin/users", {
+          headers: { Authorization: "Bearer test_token" },
+        })
+
+        const newUser = userResponse.data.users.find(
+          (usr) => usr.email == rest.user_email
+        )
+
+        expect(newUser).toEqual(expect.objectContaining({ role: rest.role }))
+        expect(createResponse.status).toEqual(200)
+      })
+
+      it("creates a user successfully with new role after updating invite (unauthorized endpoint)", async () => {
+        const api = useApi()
+
+        const inviteResponse = await api.get("/admin/invites", {
+          headers: { Authorization: "Bearer test_token" },
+        })
+
+        const { token, ...rest } = inviteResponse.data.invites.find(
+          (inv) => inv.role === "member"
+        )
+
+        const user = {
+          first_name: "test",
+          last_name: "testesen",
+          password: "supersecret",
+        }
+
+        const updatePayload = {
+          user: rest.user_email,
+          role: "admin",
+        }
+
+        const updateResponse = await api
+          .post("/admin/invites", updatePayload, {
+            headers: { Authorization: "Bearer test_token" },
+          })
+          .catch((err) => console.log(err))
+
+        const payload = { token, user }
+
+        const createResponse = await api.post("/admin/invites/accept", payload)
+
+        const userResponse = await api.get("/admin/users", {
+          headers: { Authorization: "Bearer test_token" },
+        })
+
+        const newUser = userResponse.data.users.find(
+          (usr) => usr.email == rest.user_email
+        )
+
+        expect(newUser).toEqual(expect.objectContaining({ role: "admin" }))
+        expect(updateResponse.status).toEqual(200)
+        expect(createResponse.status).toEqual(200)
+      })
+      it("Fails to accept an invite given an invalid token (unauthorized endpoint)", async () => {
+        expect.assertions(2)
+        const api = useApi()
+
+        const token =
+          "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpbnZpdGVfaWQiOiJpbnZpdGVfMDFGSFFWNlpBOERRRlgySjM3UVo5SjZTOTAiLCJyb2xlIjoiYWRtaW4iLCJ1c2VyX2VtYWlsIjoic2ZAc2RmLmNvbSIsImlhdCI6MTYzMzk2NDAyMCwiZXhwIjoxNjM0NTY4ODIwfQ.ZsmDvunBxhRW1iRqvfEfWixJLZ1zZVzaEYST38Vbl00"
+
+        await api
+          .post("/admin/invites/accept", {
+            token,
+            user: {
+              first_name: "test",
+              last_name: "testesen",
+              password: "supersecret",
+            },
+          })
+          .catch((err) => {
+            expect(err.response.status).toEqual(400)
+            expect(err.response.data.message).toEqual("Token is not valid")
+          })
+      })
+
+      it("fails to accept an already accepted invite (unauthorized endpoint)", async () => {
+        expect.assertions(4)
+
+        const api = useApi()
+
+        const inviteResponse = await api.get("/admin/invites", {
+          headers: { Authorization: "Bearer test_token" },
+        })
+
+        const { token } = inviteResponse.data.invites[0]
+
+        const user = {
+          first_name: "test",
+          last_name: "testesen",
+          password: "supersecret",
+        }
+
+        const payload = { token, user }
+
+        const createResponse = await api.post("/admin/invites/accept", payload)
+
+        const secondPayload = {
+          user: {
+            first_name: "testesens",
+            last_name: "test",
+            password: "testesens",
+          },
+          token,
+        }
+
+        await api.post("/admin/invites/accept", secondPayload).catch((err) => {
+          expect(err.response.status).toEqual(400)
+          expect(err.response.data.message).toEqual("Invalid invite")
+          expect(err.response.data.type).toEqual("invalid_data")
+        })
+        expect(createResponse.status).toEqual(200)
+      })
+    })
+  })
+
+  describe("DELETE /admin/users", () => {
+    beforeEach(async () => {
+      await adminSeeder(dbConnection)
+      await userSeeder(dbConnection)
+    })
+
+    afterEach(async () => {
+      const db = useDb()
+      await db.teardown()
+    })
+    it("/admin/invites Deletes an invite", async () => {
+      const api = useApi()
+
+      const inviteId = "memberInvite"
+
+      const invitesBeforeDeleteRequest = await api.get("/admin/invites", {
+        headers: {
+          Authorization: "Bearer test_token",
+        },
+      })
+
+      const invitesBeforeDelete = invitesBeforeDeleteRequest.data.invites
+
+      const response = await api
+        .delete(`/admin/invites/${inviteId}`, {
+          headers: { Authorization: "Bearer test_token" },
+        })
+        .catch((err) => console.log(err))
+
+      const invitesAfterDeleteRequest = await api.get("/admin/invites", {
+        headers: {
+          Authorization: "Bearer test_token",
+        },
+      })
+
+      expect(response.status).toEqual(200)
+      expect(response.data).toEqual({
+        id: inviteId,
+        object: "invite",
+        deleted: true,
+      })
+
+      const invitesAfterDelete = invitesAfterDeleteRequest.data.invites
+
+      expect(invitesAfterDelete.length).toEqual(invitesBeforeDelete.length - 1)
+      expect(invitesBeforeDelete).toEqual(
+        expect.arrayContaining([expect.objectContaining({ id: inviteId })])
+      )
+
+      expect(invitesAfterDelete).toEqual(
+        expect.not.arrayContaining([expect.objectContaining({ id: inviteId })])
+      )
+    })
+  })
+})
--- a/integration-tests/api/tests/admin/user.js
+++ b/integration-tests/api/tests/admin/user.js
@@ -0,0 +1,356 @@
+const jwt = require("jsonwebtoken")
+const path = require("path")
+
+const setupServer = require("../../../helpers/setup-server")
+const { useApi } = require("../../../helpers/use-api")
+const { initDb, useDb } = require("../../../helpers/use-db")
+
+const userSeeder = require("../../helpers/user-seeder")
+const adminSeeder = require("../../helpers/admin-seeder")
+
+jest.setTimeout(30000)
+
+describe("/admin/users", () => {
+  let medusaProcess
+  let dbConnection
+
+  beforeAll(async () => {
+    const cwd = path.resolve(path.join(__dirname, "..", ".."))
+    dbConnection = await initDb({ cwd })
+    medusaProcess = await setupServer({ cwd })
+  })
+
+  afterAll(async () => {
+    const db = useDb()
+    await db.shutdown()
+    medusaProcess.kill()
+  })
+
+  describe("GET /admin/users", () => {
+    beforeEach(async () => {
+      await adminSeeder(dbConnection)
+      await userSeeder(dbConnection)
+    })
+
+    afterEach(async () => {
+      const db = useDb()
+      await db.teardown()
+    })
+
+    it("returns user by id", async () => {
+      const api = useApi()
+
+      const response = await api.get("/admin/users/admin_user", {
+        headers: { Authorization: "Bearer test_token " },
+      })
+
+      expect(response.status).toEqual(200)
+      expect(response.data.user).toMatchSnapshot({
+        id: "admin_user",
+        email: "admin@medusa.js",
+        api_token: "test_token",
+        role: "admin",
+        created_at: expect.any(String),
+        updated_at: expect.any(String),
+      })
+    })
+
+    it("lists users", async () => {
+      const api = useApi()
+
+      const response = await api
+        .get("/admin/users", {
+          headers: {
+            Authorization: "Bearer test_token",
+          },
+        })
+        .catch((err) => {
+          console.log(err)
+        })
+
+      expect(response.status).toEqual(200)
+
+      expect(response.data.users).toMatchSnapshot([
+        {
+          id: "admin_user",
+          email: "admin@medusa.js",
+          api_token: "test_token",
+          role: "admin",
+          created_at: expect.any(String),
+          updated_at: expect.any(String),
+        },
+        {
+          id: "member-user",
+          role: "member",
+          email: "member@test.com",
+          first_name: "member",
+          last_name: "user",
+          created_at: expect.any(String),
+          updated_at: expect.any(String),
+        },
+      ])
+    })
+  })
+
+  describe("POST /admin/users", () => {
+    let user
+    beforeEach(async () => {
+      const api = useApi()
+      await adminSeeder(dbConnection)
+      await userSeeder(dbConnection)
+
+      const response = await api
+        .post(
+          "/admin/users",
+          {
+            email: "test@forgottenPassword.com",
+            role: "member",
+            password: "test123453",
+          },
+          {
+            headers: { Authorization: "Bearer test_token" },
+          }
+        )
+        .catch((err) => console.log(err))
+
+      user = response.data.user
+    })
+
+    afterEach(async () => {
+      const db = useDb()
+      await db.teardown()
+    })
+
+    it("creates a user", async () => {
+      const api = useApi()
+
+      const payload = {
+        email: "test@test123.com",
+        role: "member",
+        password: "test123",
+      }
+
+      const response = await api
+        .post("/admin/users", payload, {
+          headers: { Authorization: "Bearer test_token" },
+        })
+        .catch((err) => console.log(err))
+
+      expect(response.status).toEqual(200)
+      expect(response.data.user).toMatchSnapshot({
+        id: expect.stringMatching(/^usr_*/),
+        created_at: expect.any(String),
+        updated_at: expect.any(String),
+        role: "member",
+        email: "test@test123.com",
+      })
+    })
+
+    it("updates a user", async () => {
+      const api = useApi()
+
+      const updateResponse = await api
+        .post(
+          "/admin/users/member-user",
+          { first_name: "karl" },
+          {
+            headers: { Authorization: "Bearer test_token " },
+          }
+        )
+        .catch((err) => console.log(err.response.data.message))
+
+      expect(updateResponse.status).toEqual(200)
+      expect(updateResponse.data.user).toMatchSnapshot({
+        id: "member-user",
+        created_at: expect.any(String),
+        updated_at: expect.any(String),
+        role: "member",
+        email: "member@test.com",
+        first_name: "karl",
+        last_name: "user",
+      })
+    })
+
+    describe("Password reset", () => {
+      it("Doesn't fail when generating password reset token (unauthorized endpoint)", async () => {
+        const api = useApi()
+
+        const resp = await api
+          .post("/admin/users/password-token", {
+            email: user.email,
+          })
+          .catch((err) => {
+            console.log(err)
+          })
+
+        expect(resp.data).toEqual("")
+        expect(resp.status).toEqual(204)
+      })
+
+      it("Resets the password given a valid token (unauthorized endpoint)", async () => {
+        const api = useApi()
+
+        const expiry = Math.floor(Date.now() / 1000) + 60 * 15
+        const dbUser = await dbConnection.manager.query(
+          `SELECT * FROM public.user WHERE email = '${user.email}'`
+        )
+
+        const token_payload = {
+          user_id: user.id,
+          email: user.email,
+          exp: expiry,
+        }
+        const token = jwt.sign(token_payload, dbUser[0].password_hash)
+
+        const result = await api
+          .post("/admin/users/reset-password", {
+            token,
+            email: "test@forgottenpassword.com",
+            password: "new password",
+          })
+          .catch((err) => console.log(err))
+
+        const loginResult = await api.post("admin/auth", {
+          email: "test@forgottenpassword.com",
+          password: "new password",
+        })
+
+        expect(result.status).toEqual(200)
+        expect(result.data.user).toEqual(
+          expect.objectContaining({
+            email: user.email,
+            role: user.role,
+          })
+        )
+        expect(result.data.user.password_hash).toEqual(undefined)
+
+        expect(loginResult.status).toEqual(200)
+        expect(loginResult.data.user).toEqual(
+          expect.objectContaining({
+            email: user.email,
+            role: user.role,
+          })
+        )
+      })
+
+      it("Resets the password given a valid token without including email(unauthorized endpoint)", async () => {
+        const api = useApi()
+
+        const expiry = Math.floor(Date.now() / 1000) + 60 * 15
+        const dbUser = await dbConnection.manager.query(
+          `SELECT * FROM public.user WHERE email = '${user.email}'`
+        )
+
+        const token_payload = {
+          user_id: user.id,
+          email: user.email,
+          exp: expiry,
+        }
+        const token = jwt.sign(token_payload, dbUser[0].password_hash)
+
+        const result = await api
+          .post("/admin/users/reset-password", {
+            token,
+            password: "new password",
+          })
+          .catch((err) => console.log(err.response.data.message))
+
+        const loginResult = await api.post("admin/auth", {
+          email: user.email,
+          password: "new password",
+        })
+
+        expect(result.status).toEqual(200)
+        expect(result.data.user).toEqual(
+          expect.objectContaining({
+            email: user.email,
+            role: user.role,
+          })
+        )
+        expect(result.data.user.password_hash).toEqual(undefined)
+
+        expect(loginResult.status).toEqual(200)
+        expect(loginResult.data.user).toEqual(
+          expect.objectContaining({
+            email: user.email,
+            role: user.role,
+          })
+        )
+      })
+
+      it("Fails to Reset the password given an invalid token (unauthorized endpoint)", async () => {
+        expect.assertions(2)
+        const api = useApi()
+
+        const token = "test.test.test"
+
+        await api
+          .post("/admin/users/reset-password", {
+            token,
+            email: "test@forgottenpassword.com",
+            password: "new password",
+          })
+          .catch((err) => {
+            expect(err.response.status).toEqual(400)
+            expect(err.response.data.message).toEqual("invalid token")
+          })
+      })
+    })
+  })
+
+  describe("DELETE /admin/users", () => {
+    beforeEach(async () => {
+      await adminSeeder(dbConnection)
+      await userSeeder(dbConnection)
+    })
+
+    afterEach(async () => {
+      const db = useDb()
+      await db.teardown()
+    })
+
+    it("Deletes a user", async () => {
+      const api = useApi()
+
+      const userId = "member-user"
+
+      const usersBeforeDeleteResponse = await api.get("/admin/users", {
+        headers: {
+          Authorization: "Bearer test_token",
+        },
+      })
+
+      const usersBeforeDelete = usersBeforeDeleteResponse.data.users
+
+      const response = await api
+        .delete(`/admin/users/${userId}`, {
+          headers: { Authorization: "Bearer test_token" },
+        })
+        .catch((err) => console.log(err))
+
+      const usersAfterDeleteResponse = await api.get("/admin/users", {
+        headers: {
+          Authorization: "Bearer test_token",
+        },
+      })
+
+      expect(response.status).toEqual(200)
+      expect(response.data).toEqual({
+        id: userId,
+        object: "user",
+        deleted: true,
+      })
+
+      const usersAfterDelete = usersAfterDeleteResponse.data.users
+
+      expect(usersAfterDelete.length).toEqual(usersBeforeDelete.length - 1)
+      expect(usersBeforeDelete).toEqual(
+        expect.arrayContaining([expect.objectContaining({ id: userId })])
+      )
+
+      expect(usersAfterDelete).toEqual(
+        expect.not.arrayContaining([expect.objectContaining({ id: userId })])
+      )
+    })
+  })
+})