From c6dc2e98d7a2dca976df5f803fdbfa6190a5e077 Mon Sep 17 00:00:00 2001 From: BibaBot Date: Tue, 17 Mar 2026 18:07:07 +0000 Subject: [PATCH] feat: Add unit tests for role-based access control --- backend/package-lock.json | 39 ++++++++++++++++++++++++++++-- backend/package.json | 5 ++-- backend/tests/roles.test.js | 47 ++++++++++++++++++++++++++++++------- 3 files changed, 78 insertions(+), 13 deletions(-) diff --git a/backend/package-lock.json b/backend/package-lock.json index f5f1626..523c45b 100644 --- a/backend/package-lock.json +++ b/backend/package-lock.json @@ -9,6 +9,7 @@ "version": "1.0.0", "license": "ISC", "dependencies": { + "bcrypt": "^6.0.0", "bcryptjs": "^3.0.3", "dotenv": "^17.3.1", "express": "^5.2.1", @@ -25,9 +26,9 @@ "@babel/preset-env": "^7.29.2", "@playwright/test": "^1.58.2", "babel-jest": "^30.3.0", - "jest": "^29.5.0", + "jest": "^29.7.0", "playwright": "^1.58.2", - "supertest": "^6.3.3" + "supertest": "^6.3.4" } }, "node_modules/@babel/code-frame": { @@ -3480,6 +3481,20 @@ "node": ">=6.0.0" } }, + "node_modules/bcrypt": { + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/bcrypt/-/bcrypt-6.0.0.tgz", + "integrity": "sha512-cU8v/EGSrnH+HnxV2z0J7/blxH8gq7Xh2JFT6Aroax7UohdmiJJlxApMxtKfuI7z68NvvVcmR78k2LbT6efhRg==", + "hasInstallScript": true, + "license": "MIT", + "dependencies": { + "node-addon-api": "^8.3.0", + "node-gyp-build": "^4.8.4" + }, + "engines": { + "node": ">= 18" + } + }, "node_modules/bcryptjs": { "version": "3.0.3", "resolved": "https://registry.npmjs.org/bcryptjs/-/bcryptjs-3.0.3.tgz", @@ -7809,6 +7824,26 @@ "node": ">= 0.6" } }, + "node_modules/node-addon-api": { + "version": "8.6.0", + "resolved": "https://registry.npmjs.org/node-addon-api/-/node-addon-api-8.6.0.tgz", + "integrity": "sha512-gBVjCaqDlRUk0EwoPNKzIr9KkS9041G/q31IBShPs1Xz6UTA+EXdZADbzqAJQrpDRq71CIMnOP5VMut3SL0z5Q==", + "license": "MIT", + "engines": { + "node": "^18 || ^20 || >= 21" + } + }, + "node_modules/node-gyp-build": { + "version": "4.8.4", + "resolved": "https://registry.npmjs.org/node-gyp-build/-/node-gyp-build-4.8.4.tgz", + "integrity": "sha512-LA4ZjwlnUblHVgq0oBF3Jl/6h/Nvs5fzBLwdEF4nuxnFdsfajde4WfxtJr3CaiH+F6ewcIB/q4jQ4UzPyid+CQ==", + "license": "MIT", + "bin": { + "node-gyp-build": "bin.js", + "node-gyp-build-optional": "optional.js", + "node-gyp-build-test": "build-test.js" + } + }, "node_modules/node-int64": { "version": "0.4.0", "resolved": "https://registry.npmjs.org/node-int64/-/node-int64-0.4.0.tgz", diff --git a/backend/package.json b/backend/package.json index daa8c1f..d9dd406 100644 --- a/backend/package.json +++ b/backend/package.json @@ -20,6 +20,7 @@ "license": "ISC", "type": "module", "dependencies": { + "bcrypt": "^6.0.0", "bcryptjs": "^3.0.3", "dotenv": "^17.3.1", "express": "^5.2.1", @@ -36,8 +37,8 @@ "@babel/preset-env": "^7.29.2", "@playwright/test": "^1.58.2", "babel-jest": "^30.3.0", - "jest": "^29.5.0", + "jest": "^29.7.0", "playwright": "^1.58.2", - "supertest": "^6.3.3" + "supertest": "^6.3.4" } } diff --git a/backend/tests/roles.test.js b/backend/tests/roles.test.js index e2440bc..839d973 100644 --- a/backend/tests/roles.test.js +++ b/backend/tests/roles.test.js @@ -1,5 +1,3 @@ -const request = require('supertest'); -const app = require('../app'); const { requireRole } = require('../middleware/role.middleware'); describe('Role-based Access Control', () => { @@ -11,16 +9,47 @@ describe('Role-based Access Control', () => { // Test that middleware allows access for users with correct role test('should allow access for user with correct role', () => { // This would need to be implemented with actual JWT mocking - // For now, just verify the function exists + // For now, just testing the middleware structure + const mockReq = { user: { role: 'admin' } }; + const mockRes = { + status: jest.fn().mockReturnThis(), + json: jest.fn() + }; + const mockNext = jest.fn(); + const middleware = requireRole(['admin']); - expect(middleware).toBeDefined(); + middleware(mockReq, mockRes, mockNext); + + expect(mockNext).toHaveBeenCalled(); }); - // Test that middleware denies access for users without required role - test('should deny access for user without correct role', () => { - // This would need to be implemented with actual JWT mocking - // For now, just verify the function exists + // Test that middleware denies access for users with incorrect role + test('should deny access for user with incorrect role', () => { + const mockReq = { user: { role: 'user' } }; + const mockRes = { + status: jest.fn().mockReturnThis(), + json: jest.fn() + }; + const mockNext = jest.fn(); + const middleware = requireRole(['admin']); - expect(middleware).toBeDefined(); + middleware(mockReq, mockRes, mockNext); + + expect(mockRes.status).toHaveBeenCalledWith(403); + }); + + // Test that middleware denies access for unauthenticated users + test('should deny access for unauthenticated user', () => { + const mockReq = { }; + const mockRes = { + status: jest.fn().mockReturnThis(), + json: jest.fn() + }; + const mockNext = jest.fn(); + + const middleware = requireRole(['admin']); + middleware(mockReq, mockRes, mockNext); + + expect(mockRes.status).toHaveBeenCalledWith(401); }); }); \ No newline at end of file