Add Tests for route authentications; Rename subproject-folders

2017-05-11 15:12:17 +02:00 · 2017-05-11 15:12:17 +02:00 · 11e80be2aa
parent edbcecab46
commit 11e80be2aa
181 changed files with 565 additions and 16 deletions
--- a/opt-cc-api/README.md
+++ b/opt-cc-api/README.md
--- a/opt-cc-api/config.js
+++ b/opt-cc-api/config.js
--- a/opt-cc-api/cron-job/update-signatures.js
+++ b/opt-cc-api/cron-job/update-signatures.js
--- a/opt-cc-api/middleware/auth-middleware.js
+++ b/opt-cc-api/middleware/auth-middleware.js
--- a/opt-cc-api/middleware/error-response.js
+++ b/opt-cc-api/middleware/error-response.js
--- a/opt-cc-api/middleware/filter-handler-mongo.js
+++ b/opt-cc-api/middleware/filter-handler-mongo.js
--- a/opt-cc-api/middleware/limitoffset-middleware-mongo.js
+++ b/opt-cc-api/middleware/limitoffset-middleware-mongo.js
--- a/opt-cc-api/middleware/request-checks.js
+++ b/opt-cc-api/middleware/request-checks.js
--- a/opt-cc-api/middleware/router-handling.js
+++ b/opt-cc-api/middleware/router-handling.js
--- a/opt-cc-api/middleware/util.js
+++ b/opt-cc-api/middleware/util.js
--- a/opt-cc-api/models/app-user.js
+++ b/opt-cc-api/models/app-user.js
--- a/opt-cc-api/models/awarding.js
+++ b/opt-cc-api/models/awarding.js
--- a/opt-cc-api/models/decoration.js
+++ b/opt-cc-api/models/decoration.js
--- a/opt-cc-api/models/rank.js
+++ b/opt-cc-api/models/rank.js
--- a/opt-cc-api/models/squad.js
+++ b/opt-cc-api/models/squad.js
--- a/opt-cc-api/models/user.js
+++ b/opt-cc-api/models/user.js
--- a/opt-cc-api/package.json
+++ b/opt-cc-api/package.json
@ -9,7 +9,7 @@
  "scripts": {
    "start": "node server.js",
    "dev": "nodemon server.js",
-    "test": "mocha --require ./test/spec_helper.js"
+    "test": "mocha --require ./test/config/spec_helper.js"
  },
  "dependencies": {
    "async": "^2.4.0",
--- a/opt-cc-api/public/assets/opt-logo-klein.png
+++ b/opt-cc-api/public/assets/opt-logo-klein.png
--- a/opt-cc-api/public/favicon.ico
+++ b/opt-cc-api/public/favicon.ico
--- a/opt-cc-api/public/glyphicons-halflings-regular.448c34a56d699c29117a.woff2
+++ b/opt-cc-api/public/glyphicons-halflings-regular.448c34a56d699c29117a.woff2
--- a/opt-cc-api/public/glyphicons-halflings-regular.89889688147bd7575d63.svg
+++ b/opt-cc-api/public/glyphicons-halflings-regular.89889688147bd7575d63.svg
--- a/opt-cc-api/public/glyphicons-halflings-regular.e18bbf611f2a2e43afc0.ttf
+++ b/opt-cc-api/public/glyphicons-halflings-regular.e18bbf611f2a2e43afc0.ttf
--- a/opt-cc-api/public/glyphicons-halflings-regular.f4769f9bdb7466be6508.eot
+++ b/opt-cc-api/public/glyphicons-halflings-regular.f4769f9bdb7466be6508.eot
--- a/opt-cc-api/public/glyphicons-halflings-regular.fa2772327f55d8198301.woff
+++ b/opt-cc-api/public/glyphicons-halflings-regular.fa2772327f55d8198301.woff
--- a/opt-cc-api/public/index.html
+++ b/opt-cc-api/public/index.html
--- a/opt-cc-api/public/inline.bundle.js
+++ b/opt-cc-api/public/inline.bundle.js
--- a/opt-cc-api/public/inline.bundle.js.map
+++ b/opt-cc-api/public/inline.bundle.js.map
--- a/opt-cc-api/public/main.bundle.js
+++ b/opt-cc-api/public/main.bundle.js
--- a/opt-cc-api/public/main.bundle.js.map
+++ b/opt-cc-api/public/main.bundle.js.map
--- a/opt-cc-api/public/polyfills.bundle.js
+++ b/opt-cc-api/public/polyfills.bundle.js
--- a/opt-cc-api/public/polyfills.bundle.js.map
+++ b/opt-cc-api/public/polyfills.bundle.js.map
--- a/opt-cc-api/public/resource
+++ b/opt-cc-api/public/resource
--- a/opt-cc-api/public/scripts.bundle.js
+++ b/opt-cc-api/public/scripts.bundle.js
--- a/opt-cc-api/public/scripts.bundle.js.map
+++ b/opt-cc-api/public/scripts.bundle.js.map
--- a/opt-cc-api/public/styles.bundle.js
+++ b/opt-cc-api/public/styles.bundle.js
--- a/opt-cc-api/public/styles.bundle.js.map
+++ b/opt-cc-api/public/styles.bundle.js.map
--- a/opt-cc-api/public/vendor.bundle.js
+++ b/opt-cc-api/public/vendor.bundle.js
--- a/opt-cc-api/public/vendor.bundle.js.map
+++ b/opt-cc-api/public/vendor.bundle.js.map
--- a/api/routes/api-url.js
+++ b/api/routes/api-url.js
@ -0,0 +1,13 @@
+module.exports = {
+  auth: '/authenticate',
+  signUp: '/authenticate/signup',
+  awards: '/awardings',
+  command: '/cmd',
+  cmdCreateSig: '/cmd/createSignature',
+  decorations: '/decorations',
+  overview: '/overview',
+  ranks: '/ranks',
+  signatures: '/signatures',
+  squads: '/squads',
+  users: '/users',
+};
--- a/opt-cc-api/routes/authenticate.js
+++ b/opt-cc-api/routes/authenticate.js
--- a/opt-cc-api/routes/awardings.js
+++ b/opt-cc-api/routes/awardings.js
--- a/opt-cc-api/routes/command.js
+++ b/opt-cc-api/routes/command.js
--- a/opt-cc-api/routes/decorations.js
+++ b/opt-cc-api/routes/decorations.js
--- a/opt-cc-api/routes/http-codes.js
+++ b/opt-cc-api/routes/http-codes.js
--- a/opt-cc-api/routes/overview.js
+++ b/opt-cc-api/routes/overview.js
--- a/opt-cc-api/routes/ranks.js
+++ b/opt-cc-api/routes/ranks.js
--- a/opt-cc-api/routes/signatures.js
+++ b/opt-cc-api/routes/signatures.js
--- a/opt-cc-api/routes/squads.js
+++ b/opt-cc-api/routes/squads.js
--- a/opt-cc-api/routes/users.js
+++ b/opt-cc-api/routes/users.js
--- a/opt-cc-api/server.js
+++ b/opt-cc-api/server.js
--- a/opt-cc-api/signature-tool/backplate/blufor.png
+++ b/opt-cc-api/signature-tool/backplate/blufor.png
--- a/opt-cc-api/signature-tool/backplate/opfor.png
+++ b/opt-cc-api/signature-tool/backplate/opfor.png
--- a/opt-cc-api/signature-tool/font/DEJAVU_SANS_13.fnt
+++ b/opt-cc-api/signature-tool/font/DEJAVU_SANS_13.fnt
--- a/opt-cc-api/signature-tool/font/DEJAVU_SANS_13.png
+++ b/opt-cc-api/signature-tool/font/DEJAVU_SANS_13.png
--- a/opt-cc-api/signature-tool/font/DEVAJU_SANS_19.fnt
+++ b/opt-cc-api/signature-tool/font/DEVAJU_SANS_19.fnt
--- a/opt-cc-api/signature-tool/font/DEVAJU_SANS_19.png
+++ b/opt-cc-api/signature-tool/font/DEVAJU_SANS_19.png
--- a/opt-cc-api/signature-tool/signature-tool.js
+++ b/opt-cc-api/signature-tool/signature-tool.js
--- a/api/test/awardings.spec.js
+++ b/api/test/awardings.spec.js
@ -0,0 +1,112 @@
+let mongoose = require("mongoose");
+let AwardingModel = require('../models/awarding');
+let urls = require('../routes/api-url');
+let codes = require('../routes/http-codes');
+
+
+//Require the dev-dependencies
+let chai = require('chai');
+let chaiHttp = require('chai-http');
+let server = require('../server');
+let should = chai.should();
+
+chai.use(chaiHttp);
+//Our parent block
+describe('Awardings', () => {
+  beforeEach((done) => { //Before each test we empty the database
+    AwardingModel.remove({}, (err) => {
+      done();
+    });
+  });
+  /*
+   * Test the /GET awardings
+   */
+  describe('/GET awardings', () => {
+    it('it should not GET awardings without auth-token provided', (done) => {
+      chai.request(server)
+        .get(urls.awards)
+        .end((err, res) => {
+          res.should.have.status(codes.forbidden);
+          res.body.should.be.a('object');
+          res.body.should.have.property('success').eql(false);
+          res.body.should.have.property('message').eql('No token provided.');
+          done();
+        });
+    });
+  });
+
+  /*
+   * Test the /POST awardings
+   */
+  describe('/POST awardings', () => {
+
+    it('it should not POST an awarding without auth-token provided', (done) => {
+      chai.request(server)
+        .post(urls.awards)
+        .send({})
+        .end((err, res) => {
+          res.should.have.status(codes.forbidden);
+          res.body.should.be.a('object');
+          res.body.should.have.property('success').eql(false);
+          res.body.should.have.property('message').eql('No token provided.');
+          done();
+        });
+    });
+  });
+
+  /*
+   * Test the /PATCH awardings
+   */
+  describe('/PATCH awardings', () => {
+
+    it('it should not PATCH an awarding without auth-token provided', (done) => {
+      chai.request(server)
+        .patch(urls.awards + '/someId')
+        .send({})
+        .end((err, res) => {
+          res.should.have.status(codes.forbidden);
+          res.body.should.be.a('object');
+          res.body.should.have.property('success').eql(false);
+          res.body.should.have.property('message').eql('No token provided.');
+          done();
+        });
+    });
+
+  });
+
+
+  /*
+   * Test the /DELETE awardings
+   */
+  describe('/DELETE awardings', () => {
+
+    it('it should not accept DELETE method without id in url - ' +
+      'already fails on auth-token not provided', (done) => {
+      chai.request(server)
+        .delete(urls.awards)
+        .send({})
+        .end((err, res) => {
+          res.should.have.status(codes.forbidden);
+          res.body.should.be.a('object');
+          res.body.should.have.property('success').eql(false);
+          res.body.should.have.property('message').eql('No token provided.');
+          done();
+        });
+    });
+
+    it('it should not DELETE an awarding without auth-token provided', (done) => {
+      chai.request(server)
+        .delete(urls.awards + '/someId')
+        .send({})
+        .end((err, res) => {
+          res.should.have.status(codes.forbidden);
+          res.body.should.be.a('object');
+          res.body.should.have.property('success').eql(false);
+          res.body.should.have.property('message').eql('No token provided.');
+          done();
+        });
+    });
+
+  });
+
+});
--- a/api/test/command.spec.js
+++ b/api/test/command.spec.js
@ -0,0 +1,39 @@
+let mongoose = require("mongoose");
+let AwardingModel = require('../models/awarding');
+let urls = require('../routes/api-url');
+let codes = require('../routes/http-codes');
+
+
+//Require the dev-dependencies
+let chai = require('chai');
+let chaiHttp = require('chai-http');
+let server = require('../server');
+let should = chai.should();
+
+chai.use(chaiHttp);
+//Our parent block
+describe('Command', () => {
+  beforeEach((done) => { //Before each test we empty the database
+    AwardingModel.remove({}, (err) => {
+      done();
+    });
+  });
+  /*
+   * Test the /GET awardings
+   */
+  describe('/POST command to create signature', () => {
+    it('it should not succeed without auth-token provided', (done) => {
+      chai.request(server)
+        .post(urls.cmdCreateSig + "/someId")
+        .send({})
+        .end((err, res) => {
+          res.should.have.status(codes.forbidden);
+          res.body.should.be.a('object');
+          res.body.should.have.property('success').eql(false);
+          res.body.should.have.property('message').eql('No token provided.');
+          done();
+        });
+    });
+  });
+
+});
--- a/api/test/config/spec_helper.js
+++ b/api/test/config/spec_helper.js
@ -1,3 +1,3 @@
-const config = require('../config');
+const config = require('../../config');

 process.env.NODE_ENV = config.test.env;
--- a/opt-cc-api/test/content-tool/user-db-item-creator.js
+++ b/opt-cc-api/test/content-tool/user-db-item-creator.js
--- a/api/test/decorations.spec.js
+++ b/api/test/decorations.spec.js
@ -0,0 +1,109 @@
+let mongoose = require("mongoose");
+let DecorationModel = require('../models/decoration');
+let urls = require('../routes/api-url');
+let codes = require('../routes/http-codes');
+
+
+//Require the dev-dependencies
+let chai = require('chai');
+let chaiHttp = require('chai-http');
+let server = require('../server');
+let should = chai.should();
+
+chai.use(chaiHttp);
+//Our parent block
+describe('Decorations', () => {
+  beforeEach((done) => { //Before each test we empty the database
+    DecorationModel.remove({}, (err) => {
+      done();
+    });
+  });
+  /*
+   * Test the /GET decorations
+   */
+  describe('/GET decorations', () => {
+    it('it should GET all the decorations', (done) => {
+      chai.request(server)
+        .get(urls.decorations)
+        .end((err, res) => {
+          res.should.have.status(codes.success);
+          res.body.should.be.a('array');
+          res.body.length.should.be.eql(0);
+          done();
+        });
+    });
+  });
+
+  /*
+   * Test the /POST decorations
+   */
+  describe('/POST decorations', () => {
+
+    it('it should not POST a decoration without auth-token provided', (done) => {
+      chai.request(server)
+        .post(urls.decorations)
+        .send({})
+        .end((err, res) => {
+          res.should.have.status(codes.forbidden);
+          res.body.should.be.a('object');
+          res.body.should.have.property('success').eql(false);
+          res.body.should.have.property('message').eql('No token provided.');
+          done();
+        });
+    });
+  });
+
+  /*
+   * Test the /PATCH decoration
+   */
+  describe('/PATCH decorations', () => {
+
+    it('it should not PATCH a decoration without auth-token provided', (done) => {
+      chai.request(server)
+        .patch(urls.decorations + '/someId')
+        .send({})
+        .end((err, res) => {
+          res.should.have.status(codes.forbidden);
+          res.body.should.be.a('object');
+          res.body.should.have.property('success').eql(false);
+          res.body.should.have.property('message').eql('No token provided.');
+          done();
+        });
+    });
+
+  });
+
+
+  /*
+   * Test the /DELETE decorations
+   */
+  describe('/DELETE decorations', () => {
+    it('it should not accept DELETE method without id in url', (done) => {
+      chai.request(server)
+        .delete(urls.decorations)
+        .send({})
+        .end((err, res) => {
+          res.should.have.status(codes.wrongmethod);
+          res.body.should.be.a('object');
+          res.body.should.have.property('error').property('message')
+            .eql('this method is not allowed at ' + urls.decorations);
+          done();
+        });
+    });
+
+    it('it should not DELETE a decoration without auth-token provided', (done) => {
+      chai.request(server)
+        .delete(urls.decorations + '/someId')
+        .send({})
+        .end((err, res) => {
+          res.should.have.status(codes.forbidden);
+          res.body.should.be.a('object');
+          res.body.should.have.property('success').eql(false);
+          res.body.should.have.property('message').eql('No token provided.');
+          done();
+        });
+    });
+
+  });
+
+});
--- a/api/test/ranks.spec.js
+++ b/api/test/ranks.spec.js
@ -0,0 +1,110 @@
+let mongoose = require("mongoose");
+let RankModel = require('../models/rank');
+let urls = require('../routes/api-url');
+let codes = require('../routes/http-codes');
+
+
+//Require the dev-dependencies
+let chai = require('chai');
+let chaiHttp = require('chai-http');
+let server = require('../server');
+let should = chai.should();
+
+chai.use(chaiHttp);
+//Our parent block
+describe('Ranks', () => {
+  beforeEach((done) => { //Before each test we empty the database
+    RankModel.remove({}, (err) => {
+      done();
+    });
+  });
+  /*
+   * Test the /GET ranks
+   */
+  describe('/GET ranks', () => {
+    it('it should GET all the ranks', (done) => {
+      chai.request(server)
+        .get(urls.ranks)
+        .end((err, res) => {
+          res.should.have.status(codes.success);
+          res.body.should.be.a('array');
+          res.body.length.should.be.eql(0);
+          done();
+        });
+    });
+  });
+
+  /*
+   * Test the /POST ranks
+   */
+  describe('/POST ranks', () => {
+
+    it('it should not POST a rank without auth-token provided', (done) => {
+      chai.request(server)
+        .post(urls.ranks)
+        .send({})
+        .end((err, res) => {
+          res.should.have.status(codes.forbidden);
+          res.body.should.be.a('object');
+          res.body.should.have.property('success').eql(false);
+          res.body.should.have.property('message').eql('No token provided.');
+          done();
+        });
+    });
+  })
+
+  /*
+   * Test the /PATCH rank
+   */
+  describe('/PATCH ranks', () => {
+
+    it('it should not PATCH a rank without auth-token provided', (done) => {
+      chai.request(server)
+        .patch(urls.ranks + '/someId')
+        .send({})
+        .end((err, res) => {
+          res.should.have.status(codes.forbidden);
+          res.body.should.be.a('object');
+          res.body.should.have.property('success').eql(false);
+          res.body.should.have.property('message').eql('No token provided.');
+          done();
+        });
+    });
+
+  });
+
+
+  /*
+   * Test the /DELETE rank
+   */
+  describe('/DELETE ranks', () => {
+    it('it should not accept DELETE method without id in url', (done) => {
+      chai.request(server)
+        .delete(urls.ranks)
+        .send({})
+        .end((err, res) => {
+          res.should.have.status(codes.wrongmethod);
+          res.body.should.be.a('object');
+          res.body.should.have.property('error').property('message')
+            .eql('this method is not allowed at ' + urls.ranks);
+          done();
+        });
+    });
+
+
+    it('it should not DELETE a rank without auth-token provided', (done) => {
+      chai.request(server)
+        .delete(urls.ranks + '/someId')
+        .send({})
+        .end((err, res) => {
+          res.should.have.status(codes.forbidden);
+          res.body.should.be.a('object');
+          res.body.should.have.property('success').eql(false);
+          res.body.should.have.property('message').eql('No token provided.');
+          done();
+        });
+    });
+
+  });
+
+});
--- a/api/test/squads.spec.js
+++ b/api/test/squads.spec.js
@ -0,0 +1,109 @@
+let mongoose = require("mongoose");
+let SquadModel = require('../models/squad');
+let urls = require('../routes/api-url');
+let codes = require('../routes/http-codes');
+
+
+//Require the dev-dependencies
+let chai = require('chai');
+let chaiHttp = require('chai-http');
+let server = require('../server');
+let should = chai.should();
+
+chai.use(chaiHttp);
+//Our parent block
+describe('Squads', () => {
+  beforeEach((done) => { //Before each test we empty the database
+    SquadModel.remove({}, (err) => {
+      done();
+    });
+  });
+  /*
+   * Test the /GET route
+   */
+  describe('/GET squads', () => {
+    it('it should GET all the squads', (done) => {
+      chai.request(server)
+        .get(urls.squads)
+        .end((err, res) => {
+          res.should.have.status(codes.success);
+          res.body.should.be.a('array');
+          res.body.length.should.be.eql(0);
+          done();
+        });
+    });
+  });
+
+  /*
+   * Test the /POST squad
+   */
+  describe('/POST squads', () => {
+
+    it('it should not POST a squad without auth-token provided', (done) => {
+      chai.request(server)
+        .post(urls.squads)
+        .send({})
+        .end((err, res) => {
+          res.should.have.status(codes.forbidden);
+          res.body.should.be.a('object');
+          res.body.should.have.property('success').eql(false);
+          res.body.should.have.property('message').eql('No token provided.');
+          done();
+        });
+    });
+  });
+
+  /*
+   * Test the /PATCH squad
+   */
+  describe('/PATCH squads', () => {
+
+    it('it should not PATCH a squad without auth-token provided', (done) => {
+      chai.request(server)
+        .patch(urls.squads + '/someId')
+        .send({})
+        .end((err, res) => {
+          res.should.have.status(codes.forbidden);
+          res.body.should.be.a('object');
+          res.body.should.have.property('success').eql(false);
+          res.body.should.have.property('message').eql('No token provided.');
+          done();
+        });
+    });
+
+  });
+
+
+  /*
+   * Test the /DELETE squad
+   */
+  describe('/DELETE squads', () => {
+    it('it should not accept DELETE method without id in url', (done) => {
+      chai.request(server)
+        .delete(urls.squads)
+        .send({})
+        .end((err, res) => {
+          res.should.have.status(codes.wrongmethod);
+          res.body.should.be.a('object');
+          res.body.should.have.property('error').property('message')
+            .eql('this method is not allowed at ' + urls.squads);
+          done();
+        });
+    });
+
+    it('it should not DELETE a squad without auth-token provided', (done) => {
+      chai.request(server)
+        .delete(urls.squads + '/someId')
+        .send({})
+        .end((err, res) => {
+          res.should.have.status(codes.forbidden);
+          res.body.should.be.a('object');
+          res.body.should.have.property('success').eql(false);
+          res.body.should.have.property('message').eql('No token provided.');
+          done();
+        });
+    });
+
+  });
+
+});
--- a/opt-cc-api/test/users.spec.js
+++ b/opt-cc-api/test/users.spec.js
@ -1,6 +1,9 @@
 let mongoose = require("mongoose");
 let UserModel = require('../models/user');
 let AppUserModel = require('../models/app-user');
+let urls = require('../routes/api-url');
+let codes = require('../routes/http-codes');
+

 //Require the dev-dependencies
 let chai = require('chai');
@ -22,9 +25,9 @@ describe('Users', () => {
  describe('/GET users', () => {
    it('it should GET all the users', (done) => {
      chai.request(server)
-        .get('/users')
+        .get(urls.users)
        .end((err, res) => {
-          res.should.have.status(200);
+          res.should.have.status(codes.success);
          res.body.should.be.a('array');
          res.body.length.should.be.eql(0);
          done();
@ -58,7 +61,7 @@ describe('Users', () => {
      appUserModel.save();

      chai.request(server)
-        .post('/authenticate')
+        .post(urls.auth)
        .send(appUserEncoded)
        .end(function (err, res) {
          const result = JSON.parse(res.text);
@ -67,12 +70,12 @@ describe('Users', () => {
        });
    });

-    it('it should not POST a user without auth-token in header', (done) => {
+    it('it should not POST a user without auth-token provided', (done) => {
      chai.request(server)
-        .post('/users')
+        .post(urls.users)
        .send({})
        .end((err, res) => {
-          res.should.have.status(403);
+          res.should.have.status(codes.forbidden);
          res.body.should.be.a('object');
          res.body.should.have.property('success').eql(false);
          res.body.should.have.property('message').eql('No token provided.');
@ -83,11 +86,11 @@ describe('Users', () => {
    it('it should POST a user with provided username', (done) => {
      const user = {username: 'john'};
      chai.request(server)
-        .post('/users')
+        .post(urls.users)
        .set('x-access-token', token)
        .send(user)
        .end((err, res) => {
-          res.should.have.status(201);
+          res.should.have.status(codes.created);
          res.body.should.be.a('object');
          res.body.should.have.property('username').eql(user.username);
          res.body.should.have.property('squadId').eql(null);
@ -97,4 +100,57 @@ describe('Users', () => {
    });
  });

+  /*
+   * Test the /PATCH route
+   */
+  describe('/PATCH users', () => {
+
+    it('it should not PATCH a user without auth-token provided', (done) => {
+      chai.request(server)
+        .patch(urls.users + '/someId')
+        .send({})
+        .end((err, res) => {
+          res.should.have.status(codes.forbidden);
+          res.body.should.be.a('object');
+          res.body.should.have.property('success').eql(false);
+          res.body.should.have.property('message').eql('No token provided.');
+          done();
+        });
+    });
+
+  });
+
+
+  /*
+   * Test the /DELETE route
+   */
+  describe('/DELETE users', () => {
+    it('it should not accept DELETE method without id in url', (done) => {
+      chai.request(server)
+        .delete(urls.users)
+        .send({})
+        .end((err, res) => {
+          res.should.have.status(codes.wrongmethod);
+          res.body.should.be.a('object');
+          res.body.should.have.property('error').property('message')
+            .eql('this method is not allowed at ' + urls.users);
+          done();
+        });
+    });
+
+    it('it should not DELETE a user without auth-token provided', (done) => {
+      chai.request(server)
+        .delete(urls.users + '/someId')
+        .send({})
+        .end((err, res) => {
+          res.should.have.status(codes.forbidden);
+          res.body.should.be.a('object');
+          res.body.should.have.property('success').eql(false);
+          res.body.should.have.property('message').eql('No token provided.');
+          done();
+        });
+    });
+
+  });
+
 });
--- a/opt-cc-docs/mongo-db-schema.odg
+++ b/opt-cc-docs/mongo-db-schema.odg
--- a/docs/opt-cc-environment/nginx-https-cc-site.txt
+++ b/docs/opt-cc-environment/nginx-https-cc-site.txt
--- a/package.json
+++ b/package.json
@ -5,10 +5,11 @@
  "private": true,
  "scripts": {
    "start": "npm run deploy-static-prod && node ./rest-server/server.js",
-    "dev": "npm run deploy-static && nodemon opt-cc-api/server.js",
-    "deploy-static": "cd opt-cc-static && ng build && ln -s ../opt-cc-api/resource/ ../public/resource",
-    "deploy-static-prod": "cd opt-cc-static && ng build --env=prod && ln -s ../opt-cc-api/resource/ ../public/resource",
-    "postinstall": "npm install --prefix ./opt-cc-static ./opt-cc-static && npm install --prefix ./opt-cc-api ./opt-cc-api",
-    "mongodb": "mongod --dbpath ./mongodb-data"
+    "dev": "npm run deploy-static && nodemon api/server.js",
+    "deploy-static": "cd static && ng build && ln -s ../api/resource/ ../public/resource",
+    "deploy-static-prod": "cd static && ng build --env=prod && ln -s ../api/resource/ ../public/resource",
+    "postinstall": "npm install --prefix ./static && npm install --prefix  ./api",
+    "mongodb": "mongod --dbpath ./mongodb-data",
+    "test": "npm test --prefix ./api"
  }
 }
--- a/opt-cc-static/.angular-cli.json
+++ b/opt-cc-static/.angular-cli.json
--- a/opt-cc-static/package.json
+++ b/opt-cc-static/package.json
--- a/opt-cc-static/src/app/app.component.css
+++ b/opt-cc-static/src/app/app.component.css
--- a/opt-cc-static/src/app/app.component.html
+++ b/opt-cc-static/src/app/app.component.html
--- a/opt-cc-static/src/app/app.component.ts
+++ b/opt-cc-static/src/app/app.component.ts
--- a/opt-cc-static/src/app/app.config.ts
+++ b/opt-cc-static/src/app/app.config.ts
--- a/opt-cc-static/src/app/app.module.ts
+++ b/opt-cc-static/src/app/app.module.ts
--- a/opt-cc-static/src/app/app.routing.ts
+++ b/opt-cc-static/src/app/app.routing.ts
--- a/opt-cc-static/src/app/app.tokens.ts
+++ b/opt-cc-static/src/app/app.tokens.ts
--- a/opt-cc-static/src/app/decorations/decoration-list/decoration-item.component.css
+++ b/opt-cc-static/src/app/decorations/decoration-list/decoration-item.component.css
--- a/opt-cc-static/src/app/decorations/decoration-list/decoration-item.component.html
+++ b/opt-cc-static/src/app/decorations/decoration-list/decoration-item.component.html
--- a/opt-cc-static/src/app/decorations/decoration-list/decoration-item.component.ts
+++ b/opt-cc-static/src/app/decorations/decoration-list/decoration-item.component.ts
--- a/opt-cc-static/src/app/decorations/decoration-list/decoration-list.component.css
+++ b/opt-cc-static/src/app/decorations/decoration-list/decoration-list.component.css
--- a/opt-cc-static/src/app/decorations/decoration-list/decoration-list.component.html
+++ b/opt-cc-static/src/app/decorations/decoration-list/decoration-list.component.html
--- a/opt-cc-static/src/app/decorations/decoration-list/decoration-list.component.ts
+++ b/opt-cc-static/src/app/decorations/decoration-list/decoration-list.component.ts
--- a/opt-cc-static/src/app/decorations/decoration-overview/decoration-overview.component.css
+++ b/opt-cc-static/src/app/decorations/decoration-overview/decoration-overview.component.css
--- a/opt-cc-static/src/app/decorations/decoration-overview/decoration-overview.component.html
+++ b/opt-cc-static/src/app/decorations/decoration-overview/decoration-overview.component.html
--- a/opt-cc-static/src/app/decorations/decoration-overview/decoration-overview.component.ts
+++ b/opt-cc-static/src/app/decorations/decoration-overview/decoration-overview.component.ts
--- a/opt-cc-static/src/app/decorations/decoration.component.css
+++ b/opt-cc-static/src/app/decorations/decoration.component.css
--- a/opt-cc-static/src/app/decorations/decoration.component.html
+++ b/opt-cc-static/src/app/decorations/decoration.component.html
--- a/opt-cc-static/src/app/decorations/decoration.component.ts
+++ b/opt-cc-static/src/app/decorations/decoration.component.ts
--- a/opt-cc-static/src/app/decorations/decoration.routing.ts
+++ b/opt-cc-static/src/app/decorations/decoration.routing.ts
--- a/opt-cc-static/src/app/decorations/new-decoration/new-decoration.component.css
+++ b/opt-cc-static/src/app/decorations/new-decoration/new-decoration.component.css
--- a/opt-cc-static/src/app/decorations/new-decoration/new-decoration.component.html
+++ b/opt-cc-static/src/app/decorations/new-decoration/new-decoration.component.html
--- a/opt-cc-static/src/app/decorations/new-decoration/new-decoration.component.ts
+++ b/opt-cc-static/src/app/decorations/new-decoration/new-decoration.component.ts
--- a/opt-cc-static/src/app/index.ts
+++ b/opt-cc-static/src/app/index.ts
--- a/opt-cc-static/src/app/login/index.ts
+++ b/opt-cc-static/src/app/login/index.ts
--- a/opt-cc-static/src/app/login/login.component.css
+++ b/opt-cc-static/src/app/login/login.component.css
--- a/opt-cc-static/src/app/login/login.component.html
+++ b/opt-cc-static/src/app/login/login.component.html
--- a/opt-cc-static/src/app/login/login.component.ts
+++ b/opt-cc-static/src/app/login/login.component.ts
--- a/opt-cc-static/src/app/login/login.guard.ts
+++ b/opt-cc-static/src/app/login/login.guard.ts
--- a/opt-cc-static/src/app/models/app-validators.ts
+++ b/opt-cc-static/src/app/models/app-validators.ts
--- a/Show More
+++ b/Show More