Finish unit tests and make tweaks

Team4159 · Feb 5, 2024 · afe5d16 · afe5d16
1 parent 155bf0a
commit afe5d16
Show file tree

Hide file tree

Showing 12 changed files with 720 additions and 145 deletions.
diff --git a/src/api/routes/users.ts b/src/api/routes/users.ts
@@ -15,14 +15,14 @@ router.use(async (req, res, next) => {
         });
     }
 
-    let user;
+    let user: User;
 
     try {
         user = await getUserByPassword(req.body.password);
     } catch (err) {
         if (err instanceof RowNotFoundError) {
             return res.status(403).json({
-                description: err.message,
+                description: "Invalid password!",
             });
         }
 
@@ -124,9 +124,9 @@ router.post("/session", async (req, res) => {
 router.patch("/session", async (req, res) => {
     const user: User = res.locals.user;
 
-    if (!req.body.session_id || (!req.body.start_time && !req.body.end_time)) {
+    if (!req.body.session_id || !req.body.start_time || !req.body.end_time) {
         return res.status(400).json({
-            description: "Missing session ID and/or start times and/or end times!",
+            description: "Missing session ID and/or start time and/or end time!",
         });
     }
 
@@ -180,12 +180,18 @@ router.delete("/session", async (req, res) => {
         });
     }
 
-    if (!doesSessionExist(req.body.session_id)) {
+    if (!(await doesSessionExist(req.body.session_id))) {
         return res.status(400).json({
             description: "Session does not exist!",
         });
     }
 
+    if ((await getSessionBySessionId(req.body.session_id)).user_id !== res.locals.user.user_id) {
+        return res.status(403).json({
+            description: "Cannot delete session by other user!",
+        });
+    }
+
     const deleted = await deleteSessionBySessionId(req.body.session_id);
 
     if (!deleted) { // Should never happen

diff --git a/src/integration-tests/helpers/database.ts b/src/integration-tests/helpers/database.ts
@@ -7,7 +7,7 @@ import fakeUsers from "../data/fakeUsers";
 async function setupDatabase() {
     await db.query(`
                 CREATE TABLE users (
-                    user_id INT(11) PRIMARY KEY,
+                    user_id INT(11) PRIMARY KEY AUTO_INCREMENT,
                     first_name VARCHAR(200) NOT NULL,
                     last_name VARCHAR(200) NOT NULL,
                     password VARCHAR(200) UNIQUE NOT NULL,
@@ -19,7 +19,7 @@ async function setupDatabase() {
 
     await db.query(`
                 CREATE TABLE sessions (
-                    session_id INT(11) PRIMARY KEY,
+                    session_id INT(11) PRIMARY KEY AUTO_INCREMENT,
                     user_id INT(11),
                     CONSTRAINT fk_session_user FOREIGN KEY (user_id) REFERENCES users(user_id) ON DELETE CASCADE ON UPDATE CASCADE,
                     start_time BIGINT(20) NOT NULL,

diff --git a/src/integration-tests/info-routes.spec.ts b/src/integration-tests/info-routes.spec.ts
@@ -24,7 +24,7 @@ describe("Info Routes", () => {
 
     describe("/api/v1/info/users", () => {
         describe("GET request", () => {
-            it("should return all users", () => {
+            it("should return all users", (done) => {
                 request(app)
                     .get("/api/v1/info/users")
                     .set("Accept", "application/json")
@@ -39,17 +39,16 @@ describe("Info Routes", () => {
                         }),
                     })
                     .end((err) => {
-                        if (err) {
-                            throw err;
-                        }
+                        if (err) return done(err);
+                        done();
                     });
             });
         });
     });
 
     describe("/api/v1/info/users/:id", () => {
         describe("GET request", () => {
-            it("should return user data given valid user ID", () => {
+            it("should return user data given valid user ID", (done) => {
                 const user: Partial<User> = structuredClone(fakeUsers[16]); // Random user
                 delete user.password;
                 user.signed_in = (user.signed_in) ? 1 : 0 as any;
@@ -64,12 +63,11 @@ describe("Info Routes", () => {
                         user: user,
                     })
                     .end((err) => {
-                        if (err) {
-                            throw err;
-                        }
+                        if (err) return done(err);
+                        done();
                     });
             });
-            it("should return 400 given non-number user ID", () => {
+            it("should return 400 given non-number user ID", (done) => {
                 const userId = "foo";
 
                 request(app)
@@ -81,12 +79,11 @@ describe("Info Routes", () => {
                         description: "User ID is not a number!",
                     })
                     .end((err) => {
-                        if (err) {
-                            throw err;
-                        }
+                        if (err) return done(err);
+                        done();
                     });
             });
-            it("should return 404 given non-existent user ID", () => {
+            it("should return 404 given non-existent user ID", (done) => {
                 const userId = 0;
 
                 request(app)
@@ -98,9 +95,8 @@ describe("Info Routes", () => {
                         description: `User of ID: ${userId} not found in table: users`,
                     })
                     .end((err) => {
-                        if (err) {
-                            throw err;
-                        }
+                        if (err) return done(err);
+                        done();
                     });
             });
         });