Add Tests for route authentications; Rename subproject-folders

api/package.json

@@ -9,7 +9,7 @@
   "scripts": {
     "start": "node server.js",
     "dev": "nodemon server.js",
-    "test": "mocha --require ./test/spec_helper.js"
+    "test": "mocha --require ./test/config/spec_helper.js"
   },
   "dependencies": {
     "async": "^2.4.0",

api/routes/api-url.js

@@ -0,0 +1,13 @@
+module.exports = {
+  auth: '/authenticate',
+  signUp: '/authenticate/signup',
+  awards: '/awardings',
+  command: '/cmd',
+  cmdCreateSig: '/cmd/createSignature',
+  decorations: '/decorations',
+  overview: '/overview',
+  ranks: '/ranks',
+  signatures: '/signatures',
+  squads: '/squads',
+  users: '/users',
+};

api/test/awardings.spec.js

@@ -0,0 +1,112 @@
+let mongoose = require("mongoose");
+let AwardingModel = require('../models/awarding');
+let urls = require('../routes/api-url');
+let codes = require('../routes/http-codes');
+
+
+//Require the dev-dependencies
+let chai = require('chai');
+let chaiHttp = require('chai-http');
+let server = require('../server');
+let should = chai.should();
+
+chai.use(chaiHttp);
+//Our parent block
+describe('Awardings', () => {
+  beforeEach((done) => { //Before each test we empty the database
+    AwardingModel.remove({}, (err) => {
+      done();
+    });
+  });
+  /*
+   * Test the /GET awardings
+   */
+  describe('/GET awardings', () => {
+    it('it should not GET awardings without auth-token provided', (done) => {
+      chai.request(server)
+        .get(urls.awards)
+        .end((err, res) => {
+          res.should.have.status(codes.forbidden);
+          res.body.should.be.a('object');
+          res.body.should.have.property('success').eql(false);
+          res.body.should.have.property('message').eql('No token provided.');
+          done();
+        });
+    });
+  });
+
+  /*
+   * Test the /POST awardings
+   */
+  describe('/POST awardings', () => {
+
+    it('it should not POST an awarding without auth-token provided', (done) => {
+      chai.request(server)
+        .post(urls.awards)
+        .send({})
+        .end((err, res) => {
+          res.should.have.status(codes.forbidden);
+          res.body.should.be.a('object');
+          res.body.should.have.property('success').eql(false);
+          res.body.should.have.property('message').eql('No token provided.');
+          done();
+        });
+    });
+  });
+
+  /*
+   * Test the /PATCH awardings
+   */
+  describe('/PATCH awardings', () => {
+
+    it('it should not PATCH an awarding without auth-token provided', (done) => {
+      chai.request(server)
+        .patch(urls.awards + '/someId')
+        .send({})
+        .end((err, res) => {
+          res.should.have.status(codes.forbidden);
+          res.body.should.be.a('object');
+          res.body.should.have.property('success').eql(false);
+          res.body.should.have.property('message').eql('No token provided.');
+          done();
+        });
+    });
+
+  });
+
+
+  /*
+   * Test the /DELETE awardings
+   */
+  describe('/DELETE awardings', () => {
+
+    it('it should not accept DELETE method without id in url - ' +
+      'already fails on auth-token not provided', (done) => {
+      chai.request(server)
+        .delete(urls.awards)
+        .send({})
+        .end((err, res) => {
+          res.should.have.status(codes.forbidden);
+          res.body.should.be.a('object');
+          res.body.should.have.property('success').eql(false);
+          res.body.should.have.property('message').eql('No token provided.');
+          done();
+        });
+    });
+
+    it('it should not DELETE an awarding without auth-token provided', (done) => {
+      chai.request(server)
+        .delete(urls.awards + '/someId')
+        .send({})
+        .end((err, res) => {
+          res.should.have.status(codes.forbidden);
+          res.body.should.be.a('object');
+          res.body.should.have.property('success').eql(false);
+          res.body.should.have.property('message').eql('No token provided.');
+          done();
+        });
+    });
+
+  });
+
+});

api/test/command.spec.js

@@ -0,0 +1,39 @@
+let mongoose = require("mongoose");
+let AwardingModel = require('../models/awarding');
+let urls = require('../routes/api-url');
+let codes = require('../routes/http-codes');
+
+
+//Require the dev-dependencies
+let chai = require('chai');
+let chaiHttp = require('chai-http');
+let server = require('../server');
+let should = chai.should();
+
+chai.use(chaiHttp);
+//Our parent block
+describe('Command', () => {
+  beforeEach((done) => { //Before each test we empty the database
+    AwardingModel.remove({}, (err) => {
+      done();
+    });
+  });
+  /*
+   * Test the /GET awardings
+   */
+  describe('/POST command to create signature', () => {
+    it('it should not succeed without auth-token provided', (done) => {
+      chai.request(server)
+        .post(urls.cmdCreateSig + "/someId")
+        .send({})
+        .end((err, res) => {
+          res.should.have.status(codes.forbidden);
+          res.body.should.be.a('object');
+          res.body.should.have.property('success').eql(false);
+          res.body.should.have.property('message').eql('No token provided.');
+          done();
+        });
+    });
+  });
+
+});

api/test/config/spec_helper.js

@@ -1,3 +1,3 @@
-const config = require('../config');
+const config = require('../../config');
 
 process.env.NODE_ENV = config.test.env;

api/test/content-tool/user-db-item-creator.js

@@ -22,7 +22,7 @@ mongoose.connection.on('connected', () => {
 const createString = (possible, length) => {
   let text = "";
 
-  for( let i=0; i < length; i++ )
+  for (let i = 0; i < length; i++)
     text += possible.charAt(Math.floor(Math.random() * possible.length));
 
   return text;

api/test/decorations.spec.js

@@ -0,0 +1,109 @@
+let mongoose = require("mongoose");
+let DecorationModel = require('../models/decoration');
+let urls = require('../routes/api-url');
+let codes = require('../routes/http-codes');
+
+
+//Require the dev-dependencies
+let chai = require('chai');
+let chaiHttp = require('chai-http');
+let server = require('../server');
+let should = chai.should();
+
+chai.use(chaiHttp);
+//Our parent block
+describe('Decorations', () => {
+  beforeEach((done) => { //Before each test we empty the database
+    DecorationModel.remove({}, (err) => {
+      done();
+    });
+  });
+  /*
+   * Test the /GET decorations
+   */
+  describe('/GET decorations', () => {
+    it('it should GET all the decorations', (done) => {
+      chai.request(server)
+        .get(urls.decorations)
+        .end((err, res) => {
+          res.should.have.status(codes.success);
+          res.body.should.be.a('array');
+          res.body.length.should.be.eql(0);
+          done();
+        });
+    });
+  });
+
+  /*
+   * Test the /POST decorations
+   */
+  describe('/POST decorations', () => {
+
+    it('it should not POST a decoration without auth-token provided', (done) => {
+      chai.request(server)
+        .post(urls.decorations)
+        .send({})
+        .end((err, res) => {
+          res.should.have.status(codes.forbidden);
+          res.body.should.be.a('object');
+          res.body.should.have.property('success').eql(false);
+          res.body.should.have.property('message').eql('No token provided.');
+          done();
+        });
+    });
+  });
+
+  /*
+   * Test the /PATCH decoration
+   */
+  describe('/PATCH decorations', () => {
+
+    it('it should not PATCH a decoration without auth-token provided', (done) => {
+      chai.request(server)
+        .patch(urls.decorations + '/someId')
+        .send({})
+        .end((err, res) => {
+          res.should.have.status(codes.forbidden);
+          res.body.should.be.a('object');
+          res.body.should.have.property('success').eql(false);
+          res.body.should.have.property('message').eql('No token provided.');
+          done();
+        });
+    });
+
+  });
+
+
+  /*
+   * Test the /DELETE decorations
+   */
+  describe('/DELETE decorations', () => {
+    it('it should not accept DELETE method without id in url', (done) => {
+      chai.request(server)
+        .delete(urls.decorations)
+        .send({})
+        .end((err, res) => {
+          res.should.have.status(codes.wrongmethod);
+          res.body.should.be.a('object');
+          res.body.should.have.property('error').property('message')
+            .eql('this method is not allowed at ' + urls.decorations);
+          done();
+        });
+    });
+
+    it('it should not DELETE a decoration without auth-token provided', (done) => {
+      chai.request(server)
+        .delete(urls.decorations + '/someId')
+        .send({})
+        .end((err, res) => {
+          res.should.have.status(codes.forbidden);
+          res.body.should.be.a('object');
+          res.body.should.have.property('success').eql(false);
+          res.body.should.have.property('message').eql('No token provided.');
+          done();
+        });
+    });
+
+  });
+
+});

api/test/ranks.spec.js

@@ -0,0 +1,110 @@
+let mongoose = require("mongoose");
+let RankModel = require('../models/rank');
+let urls = require('../routes/api-url');
+let codes = require('../routes/http-codes');
+
+
+//Require the dev-dependencies
+let chai = require('chai');
+let chaiHttp = require('chai-http');
+let server = require('../server');
+let should = chai.should();
+
+chai.use(chaiHttp);
+//Our parent block
+describe('Ranks', () => {
+  beforeEach((done) => { //Before each test we empty the database
+    RankModel.remove({}, (err) => {
+      done();
+    });
+  });
+  /*
+   * Test the /GET ranks
+   */
+  describe('/GET ranks', () => {
+    it('it should GET all the ranks', (done) => {
+      chai.request(server)
+        .get(urls.ranks)
+        .end((err, res) => {
+          res.should.have.status(codes.success);
+          res.body.should.be.a('array');
+          res.body.length.should.be.eql(0);
+          done();
+        });
+    });
+  });
+
+  /*
+   * Test the /POST ranks
+   */
+  describe('/POST ranks', () => {
+
+    it('it should not POST a rank without auth-token provided', (done) => {
+      chai.request(server)
+        .post(urls.ranks)
+        .send({})
+        .end((err, res) => {
+          res.should.have.status(codes.forbidden);
+          res.body.should.be.a('object');
+          res.body.should.have.property('success').eql(false);
+          res.body.should.have.property('message').eql('No token provided.');
+          done();
+        });
+    });
+  })
+
+  /*
+   * Test the /PATCH rank
+   */
+  describe('/PATCH ranks', () => {
+
+    it('it should not PATCH a rank without auth-token provided', (done) => {
+      chai.request(server)
+        .patch(urls.ranks + '/someId')
+        .send({})
+        .end((err, res) => {
+          res.should.have.status(codes.forbidden);
+          res.body.should.be.a('object');
+          res.body.should.have.property('success').eql(false);
+          res.body.should.have.property('message').eql('No token provided.');
+          done();
+        });
+    });
+
+  });
+
+
+  /*
+   * Test the /DELETE rank
+   */
+  describe('/DELETE ranks', () => {
+    it('it should not accept DELETE method without id in url', (done) => {
+      chai.request(server)
+        .delete(urls.ranks)
+        .send({})
+        .end((err, res) => {
+          res.should.have.status(codes.wrongmethod);
+          res.body.should.be.a('object');
+          res.body.should.have.property('error').property('message')
+            .eql('this method is not allowed at ' + urls.ranks);
+          done();
+        });
+    });
+
+
+    it('it should not DELETE a rank without auth-token provided', (done) => {
+      chai.request(server)
+        .delete(urls.ranks + '/someId')
+        .send({})
+        .end((err, res) => {
+          res.should.have.status(codes.forbidden);
+          res.body.should.be.a('object');
+          res.body.should.have.property('success').eql(false);
+          res.body.should.have.property('message').eql('No token provided.');
+          done();
+        });
+    });
+
+  });
+
+});

api/test/squads.spec.js

@@ -0,0 +1,109 @@
+let mongoose = require("mongoose");
+let SquadModel = require('../models/squad');
+let urls = require('../routes/api-url');
+let codes = require('../routes/http-codes');
+
+
+//Require the dev-dependencies
+let chai = require('chai');
+let chaiHttp = require('chai-http');
+let server = require('../server');
+let should = chai.should();
+
+chai.use(chaiHttp);
+//Our parent block
+describe('Squads', () => {
+  beforeEach((done) => { //Before each test we empty the database
+    SquadModel.remove({}, (err) => {
+      done();
+    });
+  });
+  /*
+   * Test the /GET route
+   */
+  describe('/GET squads', () => {
+    it('it should GET all the squads', (done) => {
+      chai.request(server)
+        .get(urls.squads)
+        .end((err, res) => {
+          res.should.have.status(codes.success);
+          res.body.should.be.a('array');
+          res.body.length.should.be.eql(0);
+          done();
+        });
+    });
+  });
+
+  /*
+   * Test the /POST squad
+   */
+  describe('/POST squads', () => {
+
+    it('it should not POST a squad without auth-token provided', (done) => {
+      chai.request(server)
+        .post(urls.squads)
+        .send({})
+        .end((err, res) => {
+          res.should.have.status(codes.forbidden);
+          res.body.should.be.a('object');
+          res.body.should.have.property('success').eql(false);
+          res.body.should.have.property('message').eql('No token provided.');
+          done();
+        });
+    });
+  });
+
+  /*
+   * Test the /PATCH squad
+   */
+  describe('/PATCH squads', () => {
+
+    it('it should not PATCH a squad without auth-token provided', (done) => {
+      chai.request(server)
+        .patch(urls.squads + '/someId')
+        .send({})
+        .end((err, res) => {
+          res.should.have.status(codes.forbidden);
+          res.body.should.be.a('object');
+          res.body.should.have.property('success').eql(false);
+          res.body.should.have.property('message').eql('No token provided.');
+          done();
+        });
+    });
+
+  });
+
+
+  /*
+   * Test the /DELETE squad
+   */
+  describe('/DELETE squads', () => {
+    it('it should not accept DELETE method without id in url', (done) => {
+      chai.request(server)
+        .delete(urls.squads)
+        .send({})
+        .end((err, res) => {
+          res.should.have.status(codes.wrongmethod);
+          res.body.should.be.a('object');
+          res.body.should.have.property('error').property('message')
+            .eql('this method is not allowed at ' + urls.squads);
+          done();
+        });
+    });
+
+    it('it should not DELETE a squad without auth-token provided', (done) => {
+      chai.request(server)
+        .delete(urls.squads + '/someId')
+        .send({})
+        .end((err, res) => {
+          res.should.have.status(codes.forbidden);
+          res.body.should.be.a('object');
+          res.body.should.have.property('success').eql(false);
+          res.body.should.have.property('message').eql('No token provided.');
+          done();
+        });
+    });
+
+  });
+
+});

api/test/users.spec.js

@@ -1,6 +1,9 @@
 let mongoose = require("mongoose");
 let UserModel = require('../models/user');
 let AppUserModel = require('../models/app-user');
+let urls = require('../routes/api-url');
+let codes = require('../routes/http-codes');
+
 
 //Require the dev-dependencies
 let chai = require('chai');
@@ -22,9 +25,9 @@ describe('Users', () => {
   describe('/GET users', () => {
     it('it should GET all the users', (done) => {
       chai.request(server)
-        .get('/users')
+        .get(urls.users)
         .end((err, res) => {
-          res.should.have.status(200);
+          res.should.have.status(codes.success);
           res.body.should.be.a('array');
           res.body.length.should.be.eql(0);
           done();
@@ -58,7 +61,7 @@ describe('Users', () => {
       appUserModel.save();
 
       chai.request(server)
-        .post('/authenticate')
+        .post(urls.auth)
         .send(appUserEncoded)
         .end(function (err, res) {
           const result = JSON.parse(res.text);
@@ -67,12 +70,12 @@ describe('Users', () => {
         });
     });
 
-    it('it should not POST a user without auth-token in header', (done) => {
+    it('it should not POST a user without auth-token provided', (done) => {
       chai.request(server)
-        .post('/users')
+        .post(urls.users)
         .send({})
         .end((err, res) => {
-          res.should.have.status(403);
+          res.should.have.status(codes.forbidden);
           res.body.should.be.a('object');
           res.body.should.have.property('success').eql(false);
           res.body.should.have.property('message').eql('No token provided.');
@@ -83,11 +86,11 @@ describe('Users', () => {
     it('it should POST a user with provided username', (done) => {
       const user = {username: 'john'};
       chai.request(server)
-        .post('/users')
+        .post(urls.users)
         .set('x-access-token', token)
         .send(user)
         .end((err, res) => {
-          res.should.have.status(201);
+          res.should.have.status(codes.created);
           res.body.should.be.a('object');
           res.body.should.have.property('username').eql(user.username);
           res.body.should.have.property('squadId').eql(null);
@@ -97,4 +100,57 @@ describe('Users', () => {
     });
   });
 
+  /*
+   * Test the /PATCH route
+   */
+  describe('/PATCH users', () => {
+
+    it('it should not PATCH a user without auth-token provided', (done) => {
+      chai.request(server)
+        .patch(urls.users + '/someId')
+        .send({})
+        .end((err, res) => {
+          res.should.have.status(codes.forbidden);
+          res.body.should.be.a('object');
+          res.body.should.have.property('success').eql(false);
+          res.body.should.have.property('message').eql('No token provided.');
+          done();
+        });
+    });
+
+  });
+
+
+  /*
+   * Test the /DELETE route
+   */
+  describe('/DELETE users', () => {
+    it('it should not accept DELETE method without id in url', (done) => {
+      chai.request(server)
+        .delete(urls.users)
+        .send({})
+        .end((err, res) => {
+          res.should.have.status(codes.wrongmethod);
+          res.body.should.be.a('object');
+          res.body.should.have.property('error').property('message')
+            .eql('this method is not allowed at ' + urls.users);
+          done();
+        });
+    });
+
+    it('it should not DELETE a user without auth-token provided', (done) => {
+      chai.request(server)
+        .delete(urls.users + '/someId')
+        .send({})
+        .end((err, res) => {
+          res.should.have.status(codes.forbidden);
+          res.body.should.be.a('object');
+          res.body.should.have.property('success').eql(false);
+          res.body.should.have.property('message').eql('No token provided.');
+          done();
+        });
+    });
+
+  });
+
 });

package.json

@@ -5,10 +5,11 @@
   "private": true,
   "scripts": {
     "start": "npm run deploy-static-prod && node ./rest-server/server.js",
-    "dev": "npm run deploy-static && nodemon opt-cc-api/server.js",
-    "deploy-static": "cd opt-cc-static && ng build && ln -s ../opt-cc-api/resource/ ../public/resource",
-    "deploy-static-prod": "cd opt-cc-static && ng build --env=prod && ln -s ../opt-cc-api/resource/ ../public/resource",
-    "postinstall": "npm install --prefix ./opt-cc-static ./opt-cc-static && npm install --prefix ./opt-cc-api ./opt-cc-api",
-    "mongodb": "mongod --dbpath ./mongodb-data"
+    "dev": "npm run deploy-static && nodemon api/server.js",
+    "deploy-static": "cd static && ng build && ln -s ../api/resource/ ../public/resource",
+    "deploy-static-prod": "cd static && ng build --env=prod && ln -s ../api/resource/ ../public/resource",
+    "postinstall": "npm install --prefix ./static && npm install --prefix  ./api",
+    "mongodb": "mongod --dbpath ./mongodb-data",
+    "test": "npm test --prefix ./api"
   }
 }