Feature/api tests

.travis.yml

@@ -14,7 +14,7 @@ env:
 script:
   - sudo ln -s $TRAVIS_BUILD_DIR /vagrant
   - cd /vagrant && sudo bash ./deployment/ansible.sh
-  - sudo ./script/run-tests.sh
+  - sudo ./script/run-tests.sh --verbose
 
 deploy:
   provider: script

api/.gitignore

@@ -35,3 +35,4 @@ config.json
 *.tmp
 
 dist
+jest

api/package.json

@@ -8,9 +8,11 @@
     "babel-cli": "^6.14.0",
     "babel-preset-es2015": "^6.14.0",
     "bcrypt": "0.8.5",
+    "bunyan": "^1.8.1",
     "client-sessions": "0.7.0",
     "ethereumjs-tx": "^1.1.1",
     "ethereumjs-util": "^4.0.1",
+    "express-bunyan-logger": "^1.3.1",
     "follow-redirects": "0.2.0",
     "html-entities": "1.2.0",
     "js-beautify": "1.6.2",
@@ -48,14 +50,35 @@
     "node": ">=0.10.22",
     "npm": ">=1.3.14"
   },
+  "babel": {
+    "presets": [
+      "es2015"
+    ],
+    "plugins": [
+      "transform-async-to-generator"
+    ]
+  },
   "scripts": {
-    "build": "rm -rf dist ; babel src --out-dir dist --source-maps inline --presets es2015",
+    "build": "rm -rf dist ; babel src --out-dir dist --source-maps inline",
     "start": "service cocorico-api-web stop ; nodemon dist/index.js -w src -d 5 --exec 'npm run build && nodejs'",
     "doc": "apidoc -i ./src/routes/ -o ../app/public/documentation -c .",
-    "test": "eslint src scripts"
+    "test": "eslint src scripts && jest test"
   },
   "devDependencies": {
     "babel-eslint": "^6.1.2",
-    "eslint": "^3.6.0"
+    "babel-jest": "^16.0.0",
+    "babel-plugin-transform-async-to-generator": "^6.16.0",
+    "babel-polyfill": "^6.16.0",
+    "eslint": "^3.6.0",
+    "eth-lightwallet": "^2.5.2",
+    "jest": "^16.0.0",
+    "promise": "^7.1.1",
+    "superagent": "^2.3.0",
+    "superagent-promise": "^1.1.0",
+    "timeout-as-promise": "^1.0.0"
+  },
+  "jest": {
+    "setupTestFrameworkScriptFile": "test/index.js",
+    "verbose": true
   }
 }

api/scripts/add-admin.js

@@ -1,3 +1,5 @@
+#!/usr/bin/env headstone
+
 var keystone = require('keystone');
 var Admin = keystone.list('Admin');
 

api/scripts/add-app.js

@@ -0,0 +1,30 @@
+#!/usr/bin/env headstone
+
+var keystone = require('keystone');
+var App = keystone.list('App');
+
+module.exports = function(title, secret, url, done) {
+  App.model.findOne({title: title})
+    .exec((err, app) => {
+      if (!app) {
+        var newApp = new App.model({
+          title: title,
+          secret: secret,
+          validURLs: [url],
+        });
+
+        return newApp.save((saveErr, savedApp) => {
+          if (saveErr) {
+            console.log(saveErr);
+            return done(saveErr);
+          }
+
+          console.log('App created with ID ' + savedApp.id + '.');
+          return done();
+        });
+      } else {
+        console.log('App already exists with ID ' + app.id + '.');
+        return done();
+      }
+    });
+};

api/scripts/import-pages.js

@@ -1,4 +1,5 @@
 #!/usr/bin/env headstone
+
 var async = require('async');
 var keystone = require('keystone');
 var fs = require('fs');

api/src/index.js

@@ -7,6 +7,8 @@ var config = require('/opt/cocorico/api-web/config.json');
 var keystone = require('keystone');
 var srs = require('secure-random-string');
 
+var log = require('bunyan').createLogger({name: 'api-web'});
+
 keystone.init({
 
   'name': 'cocorico',
@@ -27,6 +29,8 @@ keystone.init({
   'auth': true,
   'user model': 'Admin',
   'cookie secret': srs(64),
+
+  'logger': false,
 });
 
 keystone.import('models');
@@ -46,3 +50,4 @@ keystone.set('nav', {
 });
 
 keystone.start();
+log.info('started');

api/src/models/Vote.js

@@ -158,6 +158,11 @@ Vote.schema.pre('validate', function(next) {
           http: { timeout: 30000 },
         },
         (err, meta) => {
+          if (err) {
+            callback(new Error(err));
+            return;
+          }
+
           if (updateTitle) {
             self.title = meta.title;
           }

api/src/routes/api/auth.js

@@ -186,6 +186,7 @@ opts.jwtFromRequest = ExtractJwt.fromAuthHeader();
 // secretOrKey is not really important since we will set it dynamically according
 // to the "Cocorico-App-Id" HTTP header. But it still has to be != false.
 opts.secretOrKey = 'secret';
+opts.ignoreExpiration = false;
 
 // JwtStrategy reads the JWT secret from the option object above. But
 // we need the secret to be the one set for the corresponding App.

api/src/routes/api/ballot.js

@@ -137,7 +137,7 @@ exports.vote = function(req, res) {
           res.status(err.code);
         }
         if (err.error) {
-          return res.apiError(err.error);
+          return res.apiResponse({error: err.error});
         }
         return res.apiError(err);
       }

api/src/routes/api/vote.js

@@ -48,13 +48,12 @@ exports.getBySlug = function(req, res) {
 }
 
 exports.create = function(req, res) {
-  var app = req.user;
-
-  var url = decodeURIComponent(req.body.url);
-  if (!url) {
+  if (!req.body.url) {
     return res.status(400).send({error: 'missing url'});
   }
 
+  var app = req.user;
+  var url = decodeURIComponent(req.body.url);
   var labels = [];
 
   if (req.body.labels) {
@@ -92,10 +91,7 @@ exports.create = function(req, res) {
         if (err.code) {
           res.status(err.code);
         }
-        if (err.error) {
-          return res.apiError(err.error);
-        }
-        return res.apiError(err);
+        return res.apiResponse({error : err});
       }
       return res.apiResponse({vote: vote});
     }

api/src/routes/index.js

@@ -1,14 +1,18 @@
+var config = require('/opt/cocorico/api-web/config.json');
+
 var keystone = require('keystone');
 var passport = require('passport');
 
-var config = require('/opt/cocorico/api-web/config.json');
+var log = require('bunyan').createLogger({name: 'api-web'});
 
 var importRoutes = keystone.importer(__dirname);
 
 var routes = {
   api: importRoutes('./api'),
 };
 
+log.info('imported routes');
+
 function isAuthenticated(req, res, next) {
   if (!req.isAuthenticated() || !req.user.sub)
     return res.status(401).apiResponse({error: 'not authenticated'});
@@ -18,22 +22,40 @@ function isAuthenticated(req, res, next) {
 // Setup Route Bindings
 exports = module.exports = function(app) {
 
+  log.info('initialize passport');
   app.use(passport.initialize());
   app.use(passport.session());
+  log.info('initialized passport');
 
+  var excludes = config.env !== 'development'
+    ? ['req', 'res', 'res-headers', 'req-headers']
+    : [];
+  app.use(require('express-bunyan-logger')({
+    name: 'api-web',
+    format: ':remote-address :incoming :method :url HTTP/:http-version :status-code :referer :user-agent[family] :user-agent[major].:user-agent[minor] :user-agent[os] :response-time ms',
+    excludes: excludes,
+  }));
+  app.use(require('express-bunyan-logger').errorLogger({
+    name: 'api-web',
+    format: ':remote-address :incoming :method :url HTTP/:http-version :status-code :referer :user-agent[family] :user-agent[major].:user-agent[minor] :user-agent[os] :response-time ms',
+    excludes: excludes,
+  }));
+
+  log.info('setup keystone middleware');
   app.use(keystone.middleware.api);
 
   // JWT authentication does not use sessions, so we have to check for a user
   // without throwing an error if there is none.
+  log.info('setup JWT authentication middleware');
   app.use((req, res, next) => passport.authenticate('jwt', (err, user, info) => {
     if (err) {
       return next(err);
     }
     if (!user) {
-      // if the JWT authentification failed
+      // if the JWT authentication failed
       if (info) {
         return res.status(401).apiResponse({
-          error: 'authentification failed',
+          error: 'authentication failed',
           message: info.message,
         });
       }
@@ -43,6 +65,8 @@ exports = module.exports = function(app) {
     return req.logIn(user, { session: false }, next);
   })(req, res, next));
 
+  log.info('setup routes');
+
   /**
    * @apiDefine user A user that has been properly logged in using any of the `/auth` endpoints.
    */
@@ -51,6 +75,8 @@ exports = module.exports = function(app) {
    * @apiDefine app A registered 3rd party app providing a valid OAuth token fetched using `/oauth/token`.
    */
 
+  app.get('/ping', (req, res) => res.apiResponse('pong'));
+
   /**
    * @api {post} /oauth/token Get an OAuth access token
    * @apiName GetOAuthToken

api/test/ballot.test.js

@@ -0,0 +1,92 @@
+var config = require('/opt/cocorico/api-web/config.json');
+
+import request from './getRequest';
+import getAPIURL from './getAPIURL';
+import getVote from './getVote';
+import getUserJWT from './getUserJWT';
+import getBallotTransaction from './getBallotTransaction';
+
+describe('POST /ballot/:voteId', () => {
+  it('returns 200 and a valid ballot', async () => {
+    const vote = await getVote(true);
+    const tx = await getBallotTransaction(vote, 0)
+    const res = await request
+      .post(getAPIURL('/ballot/' + vote.id))
+      .set('Authorization', 'JWT ' + getUserJWT())
+      .set('Cocorico-App-Id', config.testApp.id)
+      .send({'transaction': tx});
+
+    expect(res.status).toBe(200);
+    expect(res.body.ballot).not.toBeFalsy();
+    expect(res.body.ballot.id).not.toBeFalsy();
+    expect(res.body.ballot.hash).not.toBeFalsy();
+    expect(res.body.ballot.updatedAt).not.toBeFalsy();
+    expect(res.body.ballot.createdAt).not.toBeFalsy();
+    expect(res.body.ballot.status).toBe('queued');
+    expect(res.body.proof).not.toBeFalsy();
+  });
+
+  it('returns 403 and an error message when the user already voted', async () => {
+    const vote = await getVote(true);
+    const tx = await getBallotTransaction(vote, 0)
+
+    try {
+      const res = await request
+        .post(getAPIURL('/ballot/' + vote.id))
+        .set('Authorization', 'JWT ' + getUserJWT())
+        .set('Cocorico-App-Id', config.testApp.id)
+        .send({'transaction': tx});
+
+      expect(res).toBeFalsy();
+    } catch (err) {
+      expect(err.status).toBe(403);
+      expect(err.response.body.error).toBe('user already voted');
+    }
+  });
+
+  // it('returns 200 and a complete ballot', async () => {
+  //   try {
+  //     const vote = await getVote(true);
+  //     const tx = await getBallotTransaction(vote, 0)
+  //     const user = getUserJWT();
+  //
+  //     await request
+  //       .post(getAPIURL('/ballot/' + vote.id))
+  //       .set('Authorization', 'JWT ' + user)
+  //       .set('Cocorico-App-Id', config.testApp.id)
+  //       .send({'transaction': tx});
+  //     await delay(10000);
+  //
+  //     const res = await request
+  //       .get(getAPIURL('/ballot/' + vote.id))
+  //       .set('Authorization', 'JWT ' + user)
+  //       .set('Cocorico-App-Id', config.testApp.id);
+  //
+  //   } catch (e) {
+  //
+  //     console.log(e.response.body);
+  //   }
+  // });
+});
+
+describe('GET /ballot/:voteId', () => {
+  it('returns 401 and an error message when not authenticated', async () => {
+    try {
+      await request.get(getAPIURL('/ballot/424242424242424242424242'))
+    } catch (err) {
+      expect(err.response.body).toEqual({error: 'not authenticated'});
+      expect(err.status).toBe(401);
+    }
+  });
+
+  it('returns 404 when :voteId is invalid', async () => {
+    try {
+      await request
+        .get(getAPIURL('/ballot/424242424242424242424242'))
+        .set('Authorization', 'JWT ' + getUserJWT())
+        .set('Cocorico-App-Id', config.testApp.id);
+    } catch (err) {
+      expect(err.status).toBe(404);
+    }
+  });
+});

api/test/getAPIURL.js

@@ -0,0 +1,6 @@
+var config = require('/opt/cocorico/api-web/config.json');
+
+module.exports = function(route) {
+  // FIXME: protocole should be read from the config
+  return 'https://' + config.hostname + '/api' + route;
+}

api/test/getAccessToken.js

@@ -0,0 +1,14 @@
+var config = require('/opt/cocorico/api-web/config.json');
+
+var request = require('superagent-promise')(require('superagent'), Promise);
+
+module.exports = async () => {
+  var appId = config.testApp.id;
+  var appSecret = config.testApp.secret;
+
+  return request
+    .post('https://127.0.0.1/api/oauth/token')
+    .send({'grant_type': 'client_credentials'})
+    .set('Authorization', 'Basic ' + new Buffer(appId + ':' + appSecret).toString('base64'))
+    .then((res) => res.body.access_token);
+}