diff options
| author | MohamedBassem <me@mbassem.com> | 2024-03-05 13:11:06 +0000 |
|---|---|---|
| committer | MohamedBassem <me@mbassem.com> | 2024-03-05 13:11:06 +0000 |
| commit | 8a46ecb7373d6c5e7300861169ea51a7917cd2b4 (patch) | |
| tree | 4ad318c3b5fc8b7a74cba6d0e37b6ade24db829a /packages/trpc/routers/users.test.ts | |
| parent | 224aa38d5976523f213e2860b6addc7630d472ba (diff) | |
| download | karakeep-8a46ecb7373d6c5e7300861169ea51a7917cd2b4.tar.zst | |
refactor: Extract trpc logic into its package
Diffstat (limited to 'packages/trpc/routers/users.test.ts')
| -rw-r--r-- | packages/trpc/routers/users.test.ts | 99 |
1 files changed, 99 insertions, 0 deletions
diff --git a/packages/trpc/routers/users.test.ts b/packages/trpc/routers/users.test.ts new file mode 100644 index 00000000..87814407 --- /dev/null +++ b/packages/trpc/routers/users.test.ts @@ -0,0 +1,99 @@ +import { + CustomTestContext, + defaultBeforeEach, + getApiCaller, +} from "../testUtils"; +import { expect, describe, test, beforeEach, assert } from "vitest"; + +beforeEach<CustomTestContext>(defaultBeforeEach(false)); + +describe("User Routes", () => { + test<CustomTestContext>("create user", async ({ unauthedAPICaller }) => { + const user = await unauthedAPICaller.users.create({ + name: "Test User", + email: "test123@test.com", + password: "pass1234", + confirmPassword: "pass1234", + }); + + expect(user.name).toEqual("Test User"); + expect(user.email).toEqual("test123@test.com"); + }); + + test<CustomTestContext>("first user is admin", async ({ + unauthedAPICaller, + }) => { + const user1 = await unauthedAPICaller.users.create({ + name: "Test User", + email: "test123@test.com", + password: "pass1234", + confirmPassword: "pass1234", + }); + + const user2 = await unauthedAPICaller.users.create({ + name: "Test User", + email: "test124@test.com", + password: "pass1234", + confirmPassword: "pass1234", + }); + + expect(user1.role).toEqual("admin"); + expect(user2.role).toEqual("user"); + }); + + test<CustomTestContext>("unique emails", async ({ unauthedAPICaller }) => { + await unauthedAPICaller.users.create({ + name: "Test User", + email: "test123@test.com", + password: "pass1234", + confirmPassword: "pass1234", + }); + + await expect(() => + unauthedAPICaller.users.create({ + name: "Test User", + email: "test123@test.com", + password: "pass1234", + confirmPassword: "pass1234", + }), + ).rejects.toThrow(/Email is already taken/); + }); + + test<CustomTestContext>("privacy checks", async ({ + db, + unauthedAPICaller, + }) => { + const adminUser = await unauthedAPICaller.users.create({ + name: "Test User", + email: "test123@test.com", + password: "pass1234", + confirmPassword: "pass1234", + }); + const [user1, user2] = await Promise.all( + ["test1234@test.com", "test12345@test.com"].map((e) => + unauthedAPICaller.users.create({ + name: "Test User", + email: e, + password: "pass1234", + confirmPassword: "pass1234", + }), + ), + ); + + assert(adminUser.role == "admin"); + assert(user1.role == "user"); + assert(user2.role == "user"); + + const user2Caller = getApiCaller(db, user2.id); + + // A normal user can't delete other users + await expect(() => + user2Caller.users.delete({ + userId: user1.id, + }), + ).rejects.toThrow(/FORBIDDEN/); + + // A normal user can't list all users + await expect(() => user2Caller.users.list()).rejects.toThrow(/FORBIDDEN/); + }); +}); |