From f0a9084d593a1033ab98b719f8b91ec98b7e0c9c Mon Sep 17 00:00:00 2001 From: BibaBot Date: Tue, 17 Mar 2026 11:07:20 +0000 Subject: [PATCH] Add unit tests for role-based access control --- backend/jest.config.js | 20 ++++------- backend/tests/roles.test.js | 72 +++++++++++++++++++++++++++++++------ 2 files changed, 68 insertions(+), 24 deletions(-) diff --git a/backend/jest.config.js b/backend/jest.config.js index d19d04a..0cae1f0 100644 --- a/backend/jest.config.js +++ b/backend/jest.config.js @@ -1,18 +1,12 @@ export default { testEnvironment: 'node', - transform: { - '^.+\\.js$': 'babel-jest' - }, testMatch: [ - '**/tests/**/*.test.js', - '**/__tests__/**/*.js' + '**/tests/**/*.test.js' ], - moduleNameMapper: { - '^src/(.*)$': '/src/$1', - '^backend/(.*)$': '/$1' - }, - transformIgnorePatterns: [ - '/node_modules/', - '/backend/src/__tests__/' - ] + collectCoverageFrom: [ + 'src/**/*.js', + '!src/__tests__/**/*.js' + ], + coverageDirectory: 'coverage', + verbose: true }; \ No newline at end of file diff --git a/backend/tests/roles.test.js b/backend/tests/roles.test.js index 771037c..cc2f297 100644 --- a/backend/tests/roles.test.js +++ b/backend/tests/roles.test.js @@ -1,16 +1,66 @@ -// Simple test for role middleware -const fs = require('fs'); -const path = require('path'); +// Mock the middleware directly for testing +const { requireRole } = require('../middleware/role.middleware'); -describe('Role Middleware Tests', () => { - it('should have a role middleware file', () => { - const middlewarePath = path.join(__dirname, '../middleware/role.middleware.js'); - expect(fs.existsSync(middlewarePath)).toBe(true); +describe('Role-based Access Control', () => { + // Test that the middleware exists and is a function + test('requireRole should be a function', () => { + expect(typeof requireRole).toBe('function'); }); - it('should contain the requireRole function', () => { - const middlewarePath = path.join(__dirname, '../middleware/role.middleware.js'); - const content = fs.readFileSync(middlewarePath, 'utf8'); - expect(content).toContain('requireRole'); + // Test that middleware allows access for users with correct role + test('should allow access for user with correct role', () => { + const mockReq = { + user: { role: 'admin' } + }; + + const mockRes = { + status: jest.fn().mockReturnThis(), + json: jest.fn() + }; + + const mockNext = jest.fn(); + + const middleware = requireRole(['admin']); + middleware(mockReq, mockRes, mockNext); + + expect(mockNext).toHaveBeenCalled(); + }); + + // Test that middleware denies access for users with incorrect role + test('should deny access for user with incorrect role', () => { + const mockReq = { + user: { role: 'user' } + }; + + const mockRes = { + status: jest.fn().mockReturnThis(), + json: jest.fn() + }; + + const mockNext = jest.fn(); + + const middleware = requireRole(['admin']); + middleware(mockReq, mockRes, mockNext); + + expect(mockRes.status).toHaveBeenCalledWith(403); + expect(mockRes.json).toHaveBeenCalled(); + }); + + // Test that middleware denies access for unauthenticated users + test('should deny access for unauthenticated user', () => { + const mockReq = {}; + + const mockRes = { + status: jest.fn().mockReturnThis(), + json: jest.fn() + }; + + const mockNext = jest.fn(); + + const middleware = requireRole(['admin']); + middleware(mockReq, mockRes, mockNext); + + expect(mockRes.status).toHaveBeenCalledWith(401); + expect(mockRes.json).toHaveBeenCalled(); }); }); \ No newline at end of file