1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
|
import { assert, beforeEach, describe, expect, test } from "vitest";
import type { CustomTestContext } from "../testUtils";
import { defaultBeforeEach, getApiCaller } from "../testUtils";
beforeEach<CustomTestContext>(defaultBeforeEach(false));
describe("User Routes", () => {
test<CustomTestContext>("create user", async ({ unauthedAPICaller }) => {
const user = await unauthedAPICaller.users.create({
name: "Test User",
email: "test123@test.com",
password: "pass1234",
confirmPassword: "pass1234",
});
expect(user.name).toEqual("Test User");
expect(user.email).toEqual("test123@test.com");
});
test<CustomTestContext>("first user is admin", async ({
unauthedAPICaller,
}) => {
const user1 = await unauthedAPICaller.users.create({
name: "Test User",
email: "test123@test.com",
password: "pass1234",
confirmPassword: "pass1234",
});
const user2 = await unauthedAPICaller.users.create({
name: "Test User",
email: "test124@test.com",
password: "pass1234",
confirmPassword: "pass1234",
});
expect(user1.role).toEqual("admin");
expect(user2.role).toEqual("user");
});
test<CustomTestContext>("unique emails", async ({ unauthedAPICaller }) => {
await unauthedAPICaller.users.create({
name: "Test User",
email: "test123@test.com",
password: "pass1234",
confirmPassword: "pass1234",
});
await expect(() =>
unauthedAPICaller.users.create({
name: "Test User",
email: "test123@test.com",
password: "pass1234",
confirmPassword: "pass1234",
}),
).rejects.toThrow(/Email is already taken/);
});
test<CustomTestContext>("privacy checks", async ({
db,
unauthedAPICaller,
}) => {
const adminUser = await unauthedAPICaller.users.create({
name: "Test User",
email: "test123@test.com",
password: "pass1234",
confirmPassword: "pass1234",
});
const [user1, user2] = await Promise.all(
["test1234@test.com", "test12345@test.com"].map((e) =>
unauthedAPICaller.users.create({
name: "Test User",
email: e,
password: "pass1234",
confirmPassword: "pass1234",
}),
),
);
assert(adminUser.role == "admin");
assert(user1.role == "user");
assert(user2.role == "user");
const user2Caller = getApiCaller(db, user2.id);
// A normal user can't delete other users
await expect(() =>
user2Caller.users.delete({
userId: user1.id,
}),
).rejects.toThrow(/FORBIDDEN/);
// A normal user can't list all users
await expect(() => user2Caller.users.list()).rejects.toThrow(/FORBIDDEN/);
});
test<CustomTestContext>("get/update user settings", async ({
db,
unauthedAPICaller,
}) => {
const user = await unauthedAPICaller.users.create({
name: "Test User",
email: "testupdate@test.com",
password: "pass1234",
confirmPassword: "pass1234",
});
const caller = getApiCaller(db, user.id);
const settings = await caller.users.settings();
// The default settings
expect(settings).toEqual({
bookmarkClickAction: "open_original_link",
archiveDisplayBehaviour: "show",
});
// Update settings
await caller.users.updateSettings({
bookmarkClickAction: "expand_bookmark_preview",
});
// Verify updated settings
const updatedSettings = await caller.users.settings();
expect(updatedSettings).toEqual({
bookmarkClickAction: "expand_bookmark_preview",
archiveDisplayBehaviour: "show",
});
// Test invalid update (e.g., empty input, if schema enforces it)
await expect(() => caller.users.updateSettings({})).rejects.toThrow(
/No settings provided/,
);
});
});
|
