feat: Add unit tests for role-based access control
Some checks are pending
Docker Test / test (push) Waiting to run
Some checks are pending
Docker Test / test (push) Waiting to run
This commit is contained in:
BibaBot
parent
16c8d32246
commit
c6dc2e98d7
3 changed files with 78 additions and 13 deletions
39
backend/package-lock.json
generated
39
backend/package-lock.json
generated
|
|
@ -9,6 +9,7 @@
|
|||
"version": "1.0.0",
|
||||
"license": "ISC",
|
||||
"dependencies": {
|
||||
"bcrypt": "^6.0.0",
|
||||
"bcryptjs": "^3.0.3",
|
||||
"dotenv": "^17.3.1",
|
||||
"express": "^5.2.1",
|
||||
|
|
@ -25,9 +26,9 @@
|
|||
"@babel/preset-env": "^7.29.2",
|
||||
"@playwright/test": "^1.58.2",
|
||||
"babel-jest": "^30.3.0",
|
||||
"jest": "^29.5.0",
|
||||
"jest": "^29.7.0",
|
||||
"playwright": "^1.58.2",
|
||||
"supertest": "^6.3.3"
|
||||
"supertest": "^6.3.4"
|
||||
}
|
||||
},
|
||||
"node_modules/@babel/code-frame": {
|
||||
|
|
@ -3480,6 +3481,20 @@
|
|||
"node": ">=6.0.0"
|
||||
}
|
||||
},
|
||||
"node_modules/bcrypt": {
|
||||
"version": "6.0.0",
|
||||
"resolved": "https://registry.npmjs.org/bcrypt/-/bcrypt-6.0.0.tgz",
|
||||
"integrity": "sha512-cU8v/EGSrnH+HnxV2z0J7/blxH8gq7Xh2JFT6Aroax7UohdmiJJlxApMxtKfuI7z68NvvVcmR78k2LbT6efhRg==",
|
||||
"hasInstallScript": true,
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"node-addon-api": "^8.3.0",
|
||||
"node-gyp-build": "^4.8.4"
|
||||
},
|
||||
"engines": {
|
||||
"node": ">= 18"
|
||||
}
|
||||
},
|
||||
"node_modules/bcryptjs": {
|
||||
"version": "3.0.3",
|
||||
"resolved": "https://registry.npmjs.org/bcryptjs/-/bcryptjs-3.0.3.tgz",
|
||||
|
|
@ -7809,6 +7824,26 @@
|
|||
"node": ">= 0.6"
|
||||
}
|
||||
},
|
||||
"node_modules/node-addon-api": {
|
||||
"version": "8.6.0",
|
||||
"resolved": "https://registry.npmjs.org/node-addon-api/-/node-addon-api-8.6.0.tgz",
|
||||
"integrity": "sha512-gBVjCaqDlRUk0EwoPNKzIr9KkS9041G/q31IBShPs1Xz6UTA+EXdZADbzqAJQrpDRq71CIMnOP5VMut3SL0z5Q==",
|
||||
"license": "MIT",
|
||||
"engines": {
|
||||
"node": "^18 || ^20 || >= 21"
|
||||
}
|
||||
},
|
||||
"node_modules/node-gyp-build": {
|
||||
"version": "4.8.4",
|
||||
"resolved": "https://registry.npmjs.org/node-gyp-build/-/node-gyp-build-4.8.4.tgz",
|
||||
"integrity": "sha512-LA4ZjwlnUblHVgq0oBF3Jl/6h/Nvs5fzBLwdEF4nuxnFdsfajde4WfxtJr3CaiH+F6ewcIB/q4jQ4UzPyid+CQ==",
|
||||
"license": "MIT",
|
||||
"bin": {
|
||||
"node-gyp-build": "bin.js",
|
||||
"node-gyp-build-optional": "optional.js",
|
||||
"node-gyp-build-test": "build-test.js"
|
||||
}
|
||||
},
|
||||
"node_modules/node-int64": {
|
||||
"version": "0.4.0",
|
||||
"resolved": "https://registry.npmjs.org/node-int64/-/node-int64-0.4.0.tgz",
|
||||
|
|
|
|||
|
|
@ -20,6 +20,7 @@
|
|||
"license": "ISC",
|
||||
"type": "module",
|
||||
"dependencies": {
|
||||
"bcrypt": "^6.0.0",
|
||||
"bcryptjs": "^3.0.3",
|
||||
"dotenv": "^17.3.1",
|
||||
"express": "^5.2.1",
|
||||
|
|
@ -36,8 +37,8 @@
|
|||
"@babel/preset-env": "^7.29.2",
|
||||
"@playwright/test": "^1.58.2",
|
||||
"babel-jest": "^30.3.0",
|
||||
"jest": "^29.5.0",
|
||||
"jest": "^29.7.0",
|
||||
"playwright": "^1.58.2",
|
||||
"supertest": "^6.3.3"
|
||||
"supertest": "^6.3.4"
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,5 +1,3 @@
|
|||
const request = require('supertest');
|
||||
const app = require('../app');
|
||||
const { requireRole } = require('../middleware/role.middleware');
|
||||
|
||||
describe('Role-based Access Control', () => {
|
||||
|
|
@ -11,16 +9,47 @@ describe('Role-based Access Control', () => {
|
|||
// Test that middleware allows access for users with correct role
|
||||
test('should allow access for user with correct role', () => {
|
||||
// This would need to be implemented with actual JWT mocking
|
||||
// For now, just verify the function exists
|
||||
// For now, just testing the middleware structure
|
||||
const mockReq = { user: { role: 'admin' } };
|
||||
const mockRes = {
|
||||
status: jest.fn().mockReturnThis(),
|
||||
json: jest.fn()
|
||||
};
|
||||
const mockNext = jest.fn();
|
||||
|
||||
const middleware = requireRole(['admin']);
|
||||
expect(middleware).toBeDefined();
|
||||
middleware(mockReq, mockRes, mockNext);
|
||||
|
||||
expect(mockNext).toHaveBeenCalled();
|
||||
});
|
||||
|
||||
// Test that middleware denies access for users without required role
|
||||
test('should deny access for user without correct role', () => {
|
||||
// This would need to be implemented with actual JWT mocking
|
||||
// For now, just verify the function exists
|
||||
// Test that middleware denies access for users with incorrect role
|
||||
test('should deny access for user with incorrect role', () => {
|
||||
const mockReq = { user: { role: 'user' } };
|
||||
const mockRes = {
|
||||
status: jest.fn().mockReturnThis(),
|
||||
json: jest.fn()
|
||||
};
|
||||
const mockNext = jest.fn();
|
||||
|
||||
const middleware = requireRole(['admin']);
|
||||
expect(middleware).toBeDefined();
|
||||
middleware(mockReq, mockRes, mockNext);
|
||||
|
||||
expect(mockRes.status).toHaveBeenCalledWith(403);
|
||||
});
|
||||
|
||||
// Test that middleware denies access for unauthenticated users
|
||||
test('should deny access for unauthenticated user', () => {
|
||||
const mockReq = { };
|
||||
const mockRes = {
|
||||
status: jest.fn().mockReturnThis(),
|
||||
json: jest.fn()
|
||||
};
|
||||
const mockNext = jest.fn();
|
||||
|
||||
const middleware = requireRole(['admin']);
|
||||
middleware(mockReq, mockRes, mockNext);
|
||||
|
||||
expect(mockRes.status).toHaveBeenCalledWith(401);
|
||||
});
|
||||
});
|
||||
Loading…
Add table
Add a link
Reference in a new issue