diff --git a/test/unit-tests/middleware/validateOrgTest.js b/test/unit-tests/middleware/validateOrgTest.js new file mode 100644 index 000000000..af239880f --- /dev/null +++ b/test/unit-tests/middleware/validateOrgTest.js @@ -0,0 +1,172 @@ +/* eslint-disable no-unused-expressions */ +const chai = require('chai') +const sinon = require('sinon') +const { validateOrg } = require('../../../src/middleware/middleware.js') +const OrgRepository = require('../../../src/repositories/orgRepository.js') +const expect = chai.expect + +const secretariat = { + short_name: 'mitre', + name: 'MITRE Corporation', + authority: { + active_roles: [ + 'SECRETARIAT', + 'CNA' + ] + }, + policies: { + id_quota: 1248 + } +} + +const nonSecretariat = { + short_name: 'win_5', + name: 'test_org', + authority: { + active_roles: [ + 'CNA' + ] + }, + policies: { + id_quota: 200 + } +} + +const nonSecretariat2 = { + short_name: 'cause_8', + name: 'test_org2', + authority: { + active_roles: [ + 'CNA' + ] + }, + policies: { + id_quota: 888 + } +} + +describe('Testing the validateOrg function', () => { + let status, json, res, next, getOrgRepository, orgRepo + beforeEach(() => { + status = sinon.stub() + json = sinon.spy() + res = { json, status } + next = sinon.stub() + status.returns(res) + + orgRepo = new OrgRepository() + getOrgRepository = sinon.stub() + getOrgRepository.returns(orgRepo) + }) + context('Positive Tests', () => { + it('Secretariat can update itself', async () => { + sinon.stub(orgRepo, 'isSecretariat').returns(true) + + const req = { + ctx: { + org: secretariat.short_name, + repositories: { + getOrgRepository + } + }, + params: { + shortname: secretariat.short_name + }, + query: { + id_quota: 111 + } + } + await validateOrg(req, res, next) + + expect(next.calledOnce).to.be.true + expect(next.firstCall.args).to.be.empty + }) + it('Secretariat can update another org', async () => { + sinon.stub(orgRepo, 'isSecretariat').returns(true) + + const req = { + ctx: { + org: secretariat.short_name, + repositories: { + getOrgRepository + } + }, + params: { + shortname: nonSecretariat.short_name + }, + query: { + id_quota: 999 + } + } + await validateOrg(req, res, next) + + expect(next.calledOnce).to.be.true + expect(next.firstCall.args).to.be.empty + }) + it('Non-secretariat can update itself', async () => { + sinon.stub(orgRepo, 'isSecretariat').returns(true) + + const req = { + ctx: { + org: nonSecretariat.short_name, + repositories: { + getOrgRepository + } + }, + params: { + shortname: nonSecretariat.short_name + } + } + await validateOrg(req, res, next) + + expect(next.calledOnce).to.be.true + expect(next.firstCall.args).to.be.empty + }) + }) + context('Negative Tests', () => { + it('Non-secretariat cannot update its fields other than last_active', async () => { + sinon.stub(orgRepo, 'isSecretariat').returns(false) + + const req = { + ctx: { + org: nonSecretariat.short_name, + repositories: { + getOrgRepository + } + }, + params: { + shortname: nonSecretariat.short_name + }, + query: { + id_quota: 999 + } + } + await validateOrg(req, res, next) + + expect(status.calledWith(403)).to.be.true + expect(next.calledOnce).to.be.false + }) + it('Non-secretariat cannot update another org', async () => { + sinon.stub(orgRepo, 'isSecretariat').returns(false) + + const req = { + ctx: { + org: nonSecretariat.short_name, + repositories: { + getOrgRepository + } + }, + params: { + shortname: nonSecretariat2.short_name + }, + query: { + id_quota: 999 + } + } + await validateOrg(req, res, next) + + expect(status.calledWith(403)).to.be.true + expect(next.calledOnce).to.be.false + }) + }) +}) diff --git a/test/unit-tests/org/orgUpdateLastActiveTest.js b/test/unit-tests/org/orgUpdateLastActiveTest.js new file mode 100644 index 000000000..1bffe773a --- /dev/null +++ b/test/unit-tests/org/orgUpdateLastActiveTest.js @@ -0,0 +1,136 @@ +/* eslint-disable no-unused-expressions */ +const chai = require('chai') +const sinon = require('sinon') +const { ORG_UPDATE_SINGLE } = require('../../../src/controller/org.controller/org.controller.js') +const OrgRepository = require('../../../src/repositories/orgRepository.js') +const UserRepository = require('../../../src/repositories/userRepository.js') +const expect = chai.expect + +const secretariat = { + short_name: 'mitre', + name: 'MITRE Corporation', + authority: { + active_roles: [ + 'SECRETARIAT', + 'CNA' + ] + }, + policies: { + id_quota: 1248 + } +} + +const nonSecretariat = { + short_name: 'win_5', + name: 'test_org', + authority: { + active_roles: [ + 'CNA' + ] + }, + policies: { + id_quota: 200 + } +} + +describe('Testing the updateOrg function', () => { + let status, json, res, next, getOrgRepository, orgRepo, getUserRepository, + userRepo, updateOrg + beforeEach(() => { + status = sinon.stub() + json = sinon.spy() + res = { json, status } + next = sinon.spy() + status.returns(res) + + orgRepo = new OrgRepository() + getOrgRepository = sinon.stub() + getOrgRepository.returns(orgRepo) + + userRepo = new UserRepository() + getUserRepository = sinon.stub() + getUserRepository.returns(userRepo) + + updateOrg = sinon.stub(orgRepo, 'updateByOrgUUID').returns(true) + sinon.stub(orgRepo, 'getOrgUUID').returns(true) + sinon.stub(userRepo, 'getUserUUID').returns(true) + }) + context('Positive Tests', () => { + it('Secretariat updates itself', async () => { + sinon.stub(orgRepo, 'isSecretariat').returns(true) + sinon.stub(orgRepo, 'findOneByShortName').returns(secretariat) + sinon.stub(orgRepo, 'aggregate').returns([secretariat]) + + const req = { + ctx: { + org: secretariat.short_name, + repositories: { + getOrgRepository, + getUserRepository + }, + params: { + shortname: secretariat.short_name + }, + query: { + id_quota: 111 + } + } + } + await ORG_UPDATE_SINGLE(req, res, next) + + expect(status.args[0][0]).to.equal(200) + expect(updateOrg.args[0][1].policies.id_quota).to.equal(req.ctx.query.id_quota) + }) + it('Secretariat updates a different org', async () => { + sinon.stub(orgRepo, 'isSecretariat').returns(true) + sinon.stub(orgRepo, 'findOneByShortName').returns(nonSecretariat) + sinon.stub(orgRepo, 'aggregate').returns([nonSecretariat]) + + const req = { + ctx: { + org: secretariat.short_name, + repositories: { + getOrgRepository, + getUserRepository + }, + params: { + shortname: nonSecretariat.short_name + }, + query: { + id_quota: 999 + } + } + } + await ORG_UPDATE_SINGLE(req, res, next) + + expect(status.args[0][0]).to.equal(200) + expect(updateOrg.args[0][1].policies.id_quota).to.equal(req.ctx.query.id_quota) + }) + it('Non-secretariat no params only updates last_active field', async () => { + sinon.stub(orgRepo, 'isSecretariat').returns(false) + sinon.stub(orgRepo, 'findOneByShortName').returns(nonSecretariat) + sinon.stub(orgRepo, 'aggregate').returns([nonSecretariat]) + + const req = { + ctx: { + org: nonSecretariat.short_name, + repositories: { + getOrgRepository, + getUserRepository + }, + params: { + shortname: nonSecretariat.short_name + } + } + } + await ORG_UPDATE_SINGLE(req, res, next) + + expect(status.args[0][0]).to.equal(200) + const now = Date.now() + const lastActive = updateOrg.args[0][1].last_active + const diff = Math.abs(now - lastActive) + const withinHalfASecond = diff < 500 + expect(withinHalfASecond).to.be.true + }) + }) +}) diff --git a/test/unit-tests/org/orgUpdateTest.js b/test/unit-tests/org/orgUpdateTest.js index 312cf0b9f..4e5f00b76 100644 --- a/test/unit-tests/org/orgUpdateTest.js +++ b/test/unit-tests/org/orgUpdateTest.js @@ -1,4 +1,3 @@ -/* eslint-disable no-unused-expressions */ const express = require('express') const app = express() const chai = require('chai') @@ -39,9 +38,7 @@ class OrgUpdatedAddingRole { } async aggregate () { - const org = orgFixtures.owningOrg - org.last_active = Date.now() - return [org] + return [orgFixtures.owningOrg] } async updateByOrgUUID () { @@ -63,9 +60,7 @@ class OrgUpdatedRemovingRole { } async aggregate () { - const org = orgFixtures.owningOrg - org.last_active = Date.now() - return [org] + return [orgFixtures.owningOrg] } async updateByOrgUUID () { @@ -120,6 +115,7 @@ describe('Testing the PUT /org/:shortname endpoint in Org Controller', () => { return true } } + app.route('/org-not-updated-shortname-exists/:shortname') .put((req, res, next) => { const factory = { @@ -128,6 +124,7 @@ describe('Testing the PUT /org/:shortname endpoint in Org Controller', () => { req.ctx.repositories = factory next() }, orgParams.parsePostParams, orgController.ORG_UPDATE_SINGLE) + chai.request(app) .put(`/org-not-updated-shortname-exists/${orgFixtures.existentOrg.short_name}?new_short_name=cisco`) .set(orgFixtures.secretariatHeader) @@ -135,6 +132,7 @@ describe('Testing the PUT /org/:shortname endpoint in Org Controller', () => { if (err) { done(err) } + expect(res).to.have.status(403) expect(res).to.have.property('body').and.to.be.a('object') const errObj = error.duplicateShortname('cisco') @@ -177,11 +175,6 @@ describe('Testing the PUT /org/:shortname endpoint in Org Controller', () => { expect(res.body.updated.name).to.equal(orgFixtures.owningOrg.name) expect(res.body.updated.UUID).to.equal(orgFixtures.owningOrg.UUID) expect(res.body.updated.policies.id_quota).to.equal(orgFixtures.owningOrg.policies.id_quota) - const now = Date.now() - const lastActive = res.body.updated.last_active - const diff = Math.abs(now - lastActive) - const withinTwoSeconds = diff < 500 - expect(withinTwoSeconds).to.be.true done() }) }) @@ -217,11 +210,6 @@ describe('Testing the PUT /org/:shortname endpoint in Org Controller', () => { expect(res.body.updated.name).to.equal(orgFixtures.owningOrg.name) expect(res.body.updated.UUID).to.equal(orgFixtures.owningOrg.UUID) expect(res.body.updated.policies.id_quota).to.equal(orgFixtures.owningOrg.policies.id_quota) - const now = Date.now() - const lastActive = res.body.updated.last_active - const diff = Math.abs(now - lastActive) - const withinTwoSeconds = diff < 500 - expect(withinTwoSeconds).to.be.true done() }) }) @@ -256,11 +244,6 @@ describe('Testing the PUT /org/:shortname endpoint in Org Controller', () => { expect(res.body.updated.name).to.equal(orgFixtures.owningOrg.name) expect(res.body.updated.UUID).to.equal(orgFixtures.owningOrg.UUID) expect(res.body.updated.policies.id_quota).to.equal(orgFixtures.owningOrg.policies.id_quota) - const now = Date.now() - const lastActive = res.body.updated.last_active - const diff = Math.abs(now - lastActive) - const withinTwoSeconds = diff < 500 - expect(withinTwoSeconds).to.be.true done() }) }) @@ -295,11 +278,6 @@ describe('Testing the PUT /org/:shortname endpoint in Org Controller', () => { expect(res.body.updated.name).to.equal(orgFixtures.owningOrg.name) expect(res.body.updated.UUID).to.equal(orgFixtures.owningOrg.UUID) expect(res.body.updated.policies.id_quota).to.equal(orgFixtures.owningOrg.policies.id_quota) - const now = Date.now() - const lastActive = res.body.updated.last_active - const diff = Math.abs(now - lastActive) - const withinTwoSeconds = diff < 500 - expect(withinTwoSeconds).to.be.true done() }) }) @@ -320,9 +298,7 @@ describe('Testing the PUT /org/:shortname endpoint in Org Controller', () => { } async aggregate () { - const org = orgFixtures.existentOrg - org.last_active = Date.now() - return [org] + return [orgFixtures.existentOrg] } async isSecretariat () { @@ -355,70 +331,6 @@ describe('Testing the PUT /org/:shortname endpoint in Org Controller', () => { expect(res.body.updated.name).to.equal(orgFixtures.existentOrg.name) expect(res.body.updated.short_name).to.equal(orgFixtures.existentOrg.short_name) expect(res.body.updated.UUID).to.equal(orgFixtures.existentOrg.UUID) - const now = Date.now() - const lastActive = res.body.updated.last_active - const diff = Math.abs(now - lastActive) - const withinTwoSeconds = diff < 500 - expect(withinTwoSeconds).to.be.true - }) - - it('Non-secretariat only last_active field updated', (done) => { - class NonSecretariat { - async findOneByShortName () { - return orgFixtures.owningOrg - } - - async aggregate () { - const org = orgFixtures.owningOrg - org.last_active = Date.now() - return [org] - } - - async updateByOrgUUID () { - return { n: 1 } - } - - async getOrgUUID () { - return null - } - - async isSecretariat () { - return false - } - } - - app.route('/org-non-secretariat-updates-last-active-field/:shortname') - .put((req, res, next) => { - const factory = { - getOrgRepository: () => { return new NonSecretariat() }, - getUserRepository: () => { return new NullUserRepo() } - } - req.ctx.repositories = factory - next() - }, orgParams.parsePostParams, orgController.ORG_UPDATE_SINGLE) - - chai.request(app) - .put(`/org-non-secretariat-updates-last-active-field/${orgFixtures.owningOrg.short_name}?name=TestOrg`) - .set(orgFixtures.owningOrgHeader) - .end((err, res) => { - if (err) { - done(err) - } - expect(res).to.have.status(200) - expect(res).to.have.property('body').and.to.be.a('object') - expect(res.body).to.have.property('updated').and.to.be.a('object') - // Assert that that the last_active field was updated under 0.5 seconds ago - const now = Date.now() - const lastActive = res.body.updated.last_active - const diff = Math.abs(now - lastActive) - const withinTwoSeconds = diff < 500 - expect(withinTwoSeconds).to.be.true - // Assert no other fields were changed - expect(res.body.updated.active_roles).to.be.undefined - expect(res.body.updated.name).to.be.undefined - expect(res.body.updated.policies).to.be.undefined - done() - }) }) }) })