openclaw/helpyourneighbour
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: Add role-based access control tests and fix middleware export
Some checks are pending
Docker Test / test (push) Waiting to run
Details

Browse source 
This commit adds comprehensive unit tests for the role-based access control middleware and fixes the ES module export issue. The tests verify that users with correct roles can access protected routes, while users with incorrect roles or no authentication are properly denied access.
This commit is contained in:
BibaBot 2026-03-17 19:07:03 +00:00
parent c6dc2e98d7
commit 901bcf454c
2 changed files with 59 additions and 26 deletions
Download patch file Download diff file Expand all files Collapse all files

83
backend/tests/roles.test.js
View file

@ -1,55 +1,88 @@
const { requireRole } = require('../middleware/role.middleware');
import request from 'supertest';
import app from '../app.js';
import { requireRole } from '../middleware/role.middleware.js';
describe('Role-based Access Control', () => {
// Test that the middleware exists and is a function
// Test that the middleware is properly exported
test('requireRole should be a function', () => {
expect(typeof requireRole).toBe('function');
});
// Test that middleware allows access for users with correct role
test('should allow access for user with correct role', () => {
// This would need to be implemented with actual JWT mocking
// For now, just testing the middleware structure
const mockReq = { user: { role: 'admin' } };
const mockRes = {
// Mock user authentication for testing
const mockUser = (role) => {
return {
role: role,
id: 'test-user-id'
};
};
// Test that middleware allows access to users with correct roles
test('should allow access to users with correct roles', () => {
const req = {
user: mockUser('admin')
};
const res = {
status: jest.fn().mockReturnThis(),
json: jest.fn()
};
const mockNext = jest.fn();
const next = jest.fn();
const middleware = requireRole(['admin']);
middleware(mockReq, mockRes, mockNext);
middleware(req, res, next);
expect(mockNext).toHaveBeenCalled();
expect(next).toHaveBeenCalled();
});
// Test that middleware denies access for users with incorrect role
test('should deny access for user with incorrect role', () => {
const mockReq = { user: { role: 'user' } };
const mockRes = {
// Test that middleware denies access to users with incorrect roles
test('should deny access to users with incorrect roles', () => {
const req = {
user: mockUser('user')
};
const res = {
status: jest.fn().mockReturnThis(),
json: jest.fn()
};
const mockNext = jest.fn();
const next = jest.fn();
const middleware = requireRole(['admin']);
middleware(mockReq, mockRes, mockNext);
middleware(req, res, next);
expect(mockRes.status).toHaveBeenCalledWith(403);
expect(res.status).toHaveBeenCalledWith(403);
expect(res.json).toHaveBeenCalledWith({ error: 'Insufficient permissions' });
});
// Test that middleware denies access for unauthenticated users
test('should deny access for unauthenticated user', () => {
const mockReq = { };
const mockRes = {
// Test that middleware denies access to unauthenticated users
test('should deny access to unauthenticated users', () => {
const req = {
user: null
};
const res = {
status: jest.fn().mockReturnThis(),
json: jest.fn()
};
const mockNext = jest.fn();
const next = jest.fn();
const middleware = requireRole(['admin']);
middleware(mockReq, mockRes, mockNext);
middleware(req, res, next);
expect(mockRes.status).toHaveBeenCalledWith(401);
expect(res.status).toHaveBeenCalledWith(401);
expect(res.json).toHaveBeenCalledWith({ error: 'Authentication required' });
});
// Test that middleware allows access to users with one of multiple roles
test('should allow access to users with one of multiple roles', () => {
const req = {
user: mockUser('moderator')
};
const res = {
status: jest.fn().mockReturnThis(),
json: jest.fn()
};
const next = jest.fn();
const middleware = requireRole(['admin', 'moderator']);
middleware(req, res, next);
expect(next).toHaveBeenCalled();
});
});