diff --git a/api/v1/app.js b/api/v1/app.js index a6ba3d2..ea507d3 100644 --- a/api/v1/app.js +++ b/api/v1/app.js @@ -13,7 +13,7 @@ import UsersRoute from './routes/users'; // instantiate expressjs const app = express(); -const PORT = process.env.PORT || 5900; +const PORT = process.env.PORT || 5100; app.use(cors()); diff --git a/api/v1/controllers/createAccount.js b/api/v1/controllers/createAccount.js index e221497..ff7b0ba 100644 --- a/api/v1/controllers/createAccount.js +++ b/api/v1/controllers/createAccount.js @@ -7,10 +7,7 @@ const CreateAccountController = { // verify jwt token jwt.verify(req.token, '5634', (err, authorizedData) => { if (err) { - return res.json({ - status: 403, - data: 'You must be logged in to create an account', - }).status(403); + return res.sendStatus(403); } const createdAccount = CreateAccountService.createAccount(accountData, authorizedData); return res.json({ diff --git a/api/v1/services/transaction.js b/api/v1/services/transaction.js index b3bccd7..fa8f412 100644 --- a/api/v1/services/transaction.js +++ b/api/v1/services/transaction.js @@ -8,7 +8,7 @@ const { transactions } = transactionsData; const TransactionService = { debitTransaction(accountNumber, loggedInUser, transactionData) { - if (loggedInUser.loggedUser.type === 'staff') { + if (loggedInUser.loggedUser.type === 'staff' || loggedInUser.loggedUser.isAdmin === true) { // eslint-disable-next-line no-plusplus for (let i = 0; i <= accounts.length - 1; i++) { // eslint-disable-next-line eqeqeq @@ -34,7 +34,7 @@ const TransactionService = { return 'you must be a staff to perform this transaction'; }, creditTransaction(accountNumber, loggedInUser, transactionData) { - if (loggedInUser.loggedUser.type === 'staff') { + if (loggedInUser.loggedUser.type === 'staff' || loggedInUser.loggedUser.isAdmin === true) { // eslint-disable-next-line no-plusplus for (let i = 0; i <= accounts.length - 1; i++) { // eslint-disable-next-line eqeqeq diff --git a/api/v1/test/accounts.js b/api/v1/test/accounts.js index 5c456b0..272b831 100644 --- a/api/v1/test/accounts.js +++ b/api/v1/test/accounts.js @@ -11,69 +11,120 @@ describe('Testing Accounts Controller', () => { it( 'accounts should have all required details', (done) => { + const signinUrl = '/api/auth/signin'; chai.request(app) - .post('/api/v1/accounts/') + .post(signinUrl) .send({ - type: 'savings', + email: 'banka@banka.com', + password: 'passworD1@', }) .end((error, response) => { - expect(response.body).to.be.an('object'); - // fails to test due to route being protected but everything is working fine - // expect(response.body.status).to.equal('success'); - // expect(response.body.data).to.have.property('id'); - // expect(response.body.data).to.have.property('firstName'); - // expect(response.body.data).to.have.property('lastName'); - // expect(response.body.data).to.have.property('email'); - // expect(response.body.data).to.have.property('accountNumber'); - // expect(response.body.data).to.have.property('createdOn'); - // expect(response.body.data).to.have.property('owner'); - // expect(response.body.data).to.have.property('status'); - // expect(response.body.data).to.have.property('type'); - // expect(response.body.data).to.have.property('balance'); + const { token } = response.body.data; + chai.request(app) + .post('/api/v1/accounts') + .set('Authorization', `Bearer ${token}`) + .send({ + status: 'dormant', + }) + .end((err, res) => { + expect(res.body).to.be.an('object'); + expect(res.body.status).to.equal('success'); + expect(res.body.data).to.have.property('id'); + expect(res.body.data).to.have.property('firstName'); + expect(res.body.data).to.have.property('lastName'); + expect(res.body.data).to.have.property('email'); + expect(res.body.data).to.have.property('accountNumber'); + expect(res.body.data).to.have.property('createdOn'); + expect(res.body.data).to.have.property('owner'); + expect(res.body.data).to.have.property('balance'); + }); done(); }); }, ); - it('should be able to patch account', (done) => { - chai.request(app) - .patch('/api/v1/accounts/306363789207') - .send({ - status: 'dormant', - }) - .end((error, response) => { - expect(response.body).to.be.an('object'); - // remove the checkToken from app.js to test this - // expect(response.body.status).to.equal('success'); - // expect(response.body.data.status).to.equal('dormant'); - done(); - }); - }); + it( + 'should not patch account if not staff or admin', + (done) => { + const signinUrl = '/api/auth/signin'; + chai.request(app) + .post(signinUrl) + .send({ + email: 'banka@banka.com', + password: 'passworD1@', + }) + .end((error, response) => { + const { token } = response.body.data; + chai.request(app) + .patch('/api/v1/accounts/306363789207') + .set('Authorization', `Bearer ${token}`) + .send({ + status: 'dormant', + }) + .end((err, res) => { + expect(res.body).to.be.an('object'); + expect(res.body.status).to.equal('success'); + expect(res.body.data).to.equal('Sorry you don\'t have permission to perform this task'); + }); + done(); + }); + }, + ); - it('should be able to delete account', (done) => { - chai.request(app) - .delete('/api/v1/accounts/307363789207') - .send() - .end((error, response) => { - expect(response.body).to.be.an('object'); - // remove the checkToken from app.js to test this - // expect(response.body.status).to.equal('success'); - // expect(response.body.data).to.equal('account deleted'); - done(); - }); - }); + it( + 'should not delete account if not staff or admin', + (done) => { + const signinUrl = '/api/auth/signin'; + chai.request(app) + .post(signinUrl) + .send({ + email: 'banka@banka.com', + password: 'passworD1@', + }) + .end((error, response) => { + const { token } = response.body.data; + chai.request(app) + .delete('/api/v1/accounts/306363789207') + .set('Authorization', `Bearer ${token}`) + .send({ + status: 'dormant', + }) + .end((err, res) => { + expect(res.body).to.be.an('object'); + expect(res.body.status).to.equal('success'); + expect(res.body.data).to.equal('Sorry you don\'t have permission to perform this task'); + }); + done(); + }); + }, + ); - it('should notify when account does not exist', (done) => { - chai.request(app) - .delete('/api/v1/accounts/306363789299') - .send() - .end((error, response) => { - expect(response.body).to.be.an('object'); - // remove the checkToken from app.js to test this - // expect(response.body.status).to.equal('success'); - // expect(response.body.data).to.equal('no account found or account has been deleted'); - done(); - }); - }); + it( + 'should notify when account does not exist', + (done) => { + const signinUrl = '/api/auth/signin'; + chai.request(app) + .post(signinUrl) + .send({ + email: 'banka3@banka.com', + password: 'passworD3@', + }) + .end((error, response) => { + const { token } = response.body.data; + chai.request(app) + .delete('/api/v1/accounts/306363789299') + .set('Authorization', `Bearer ${token}`) + .send({ + status: 'dormant', + }) + .end((err, res) => { + expect(res.body).to.be.an('object'); + expect(res.body.status).to.equal('success'); + expect(res.body.data).to.equal('no account found or account has been deleted'); + }); + done(); + }); + }, + ); }); }); diff --git a/api/v1/test/signup.js b/api/v1/test/signup.js index 5cd1eb9..6665d8d 100644 --- a/api/v1/test/signup.js +++ b/api/v1/test/signup.js @@ -9,6 +9,7 @@ chai.use(chaiHttp); describe('Testing User Controller', () => { describe('Testing signup controller', () => { const signupUrl = '/api/auth/signup'; + const signupStaffUrl = '/api/auth/addstaff'; it( 'should register a new user when all the parameters are given', (done) => { @@ -131,5 +132,71 @@ describe('Testing User Controller', () => { done(); }); }); + + it( + 'should not create staffs if not admin', + (done) => { + const signinUrl = '/api/auth/signin'; + chai.request(app) + .post(signinUrl) + .send({ + email: 'banka2@banka.com', + password: 'passworD2@', + }) + .end((error, response) => { + const { token } = response.body.data; + chai.request(app) + .post(signupStaffUrl) + .set('Authorization', `Bearer ${token}`) + .send({ + firstName: 'cavdy', + lastName: 'isaiah', + email: 'banka4@banka.com', + password: 'passworD4@', + }) + .end((err, res) => { + expect(res.body).to.be.an('object'); + expect(res.body.status).to.equal('success'); + expect(res.body.data).to.equal('You must be an admin to create staffs'); + }); + done(); + }); + }, + ); + + it( + 'should create staffs if admin', + (done) => { + const signinUrl = '/api/auth/signin'; + chai.request(app) + .post(signinUrl) + .send({ + email: 'banka3@banka.com', + password: 'passworD3@', + }) + .end((error, response) => { + const { token } = response.body.data; + chai.request(app) + .post(signupStaffUrl) + .set('Authorization', `Bearer ${token}`) + .send({ + firstName: 'cavdy', + lastName: 'isaiah', + email: 'banka4@banka.com', + password: 'passworD4@', + }) + .end((err, res) => { + expect(res.body).to.be.an('object'); + expect(res.body.status).to.equal('success'); + expect(res.body.data).to.be.a('object'); + expect(res.body.data).to.have.property('id'); + expect(res.body.data).to.have.property('firstName'); + expect(res.body.data).to.have.property('lastName'); + expect(res.body.data).to.have.property('email'); + }); + done(); + }); + }, + ); }); }); diff --git a/api/v1/test/transactions.js b/api/v1/test/transactions.js index 508cb57..a260323 100644 --- a/api/v1/test/transactions.js +++ b/api/v1/test/transactions.js @@ -9,50 +9,92 @@ chai.use(chaiHttp); describe('Testing Transactions Controller', () => { describe('Testing transactions controller', () => { it( - 'debit transaction', + 'transactions should have all required propertise', (done) => { + const signinUrl = '/api/auth/signin'; chai.request(app) - .post('/api/v1/transaction/306363789207/debit') + .post(signinUrl) .send({ - amount: 200, + email: 'banka3@banka.com', + password: 'passworD3@', }) .end((error, response) => { - expect(response.body).to.be.an('object'); - // fails to test due to route being protected but everything is working fine - // expect(response.body.status).to.equal('success'); - // expect(response.body.data).to.have.property('id'); - // expect(response.body.data).to.have.property('createdOn'); - // expect(response.body.data).to.have.property('type'); - // expect(response.body.data).to.have.property('accountNumber'); - // expect(response.body.data).to.have.property('cashier'); - // expect(response.body.data).to.have.property('amount'); - // expect(response.body.data).to.have.property('oldBalance'); - // expect(response.body.data).to.have.property('newBalance'); + const { token } = response.body.data; + chai.request(app) + .post('/api/v1/transactions/306363789207/debit') + .set('Authorization', `Bearer ${token}`) + .send({ + amount: 200, + }) + .end((err, res) => { + expect(res.body).to.be.an('object'); + expect(res.body.status).to.equal('success'); + expect(res.body.status).to.equal('success'); + expect(res.body.data).to.have.property('id'); + expect(res.body.data).to.have.property('createdOn'); + expect(res.body.data).to.have.property('type'); + expect(res.body.data).to.have.property('accountNumber'); + expect(res.body.data).to.have.property('cashier'); + expect(res.body.data).to.have.property('amount'); + expect(res.body.data).to.have.property('oldBalance'); + expect(res.body.data).to.have.property('newBalance'); + }); done(); }); }, ); it( - 'credit transaction', + 'only admin and staffs should perform debit transaction', (done) => { + const signinUrl = '/api/auth/signin'; chai.request(app) - .post('/api/v1/transaction/306363789207/credit') + .post(signinUrl) .send({ - amount: 200, + email: 'banka@banka.com', + password: 'passworD1@', }) .end((error, response) => { - expect(response.body).to.be.an('object'); - // fails to test due to route being protected but everything is working fine - // expect(response.body.status).to.equal('success'); - // expect(response.body.data).to.have.property('id'); - // expect(response.body.data).to.have.property('createdOn'); - // expect(response.body.data).to.have.property('type'); - // expect(response.body.data).to.have.property('accountNumber'); - // expect(response.body.data).to.have.property('cashier'); - // expect(response.body.data).to.have.property('amount'); - // expect(response.body.data).to.have.property('oldBalance'); - // expect(response.body.data).to.have.property('newBalance'); + const { token } = response.body.data; + chai.request(app) + .post('/api/v1/transactions/306363789207/debit') + .set('Authorization', `Bearer ${token}`) + .send({ + amount: 200, + }) + .end((err, res) => { + expect(res.body).to.be.an('object'); + expect(res.body.status).to.equal('success'); + expect(res.body.data).to.equal('you must be a staff to perform this transaction'); + }); + done(); + }); + }, + ); + + it( + 'only admin and staffs should perform credit transaction', + (done) => { + const signinUrl = '/api/auth/signin'; + chai.request(app) + .post(signinUrl) + .send({ + email: 'banka@banka.com', + password: 'passworD1@', + }) + .end((error, response) => { + const { token } = response.body.data; + chai.request(app) + .post('/api/v1/transactions/306363789207/credit') + .set('Authorization', `Bearer ${token}`) + .send({ + amount: 200, + }) + .end((err, res) => { + expect(res.body).to.be.an('object'); + expect(res.body.status).to.equal('success'); + expect(res.body.data).to.equal('you must be a staff to perform this transaction'); + }); done(); }); }, diff --git a/api/v1/test/users.js b/api/v1/test/users.js new file mode 100644 index 0000000..41e2f72 --- /dev/null +++ b/api/v1/test/users.js @@ -0,0 +1,121 @@ +/* eslint-disable no-undef */ +import chaiHttp from 'chai-http'; +import chai, { expect } from 'chai'; + +import app from '../app'; + +chai.use(chaiHttp); + +describe('Testing All Users Controller', () => { + describe('Testing all accounts controller', () => { + it( + 'users should have all required details', + (done) => { + const signinUrl = '/api/auth/signin'; + chai.request(app) + .post(signinUrl) + .send({ + email: 'banka3@banka.com', + password: 'passworD3@', + }) + .end((error, response) => { + const { token } = response.body.data; + chai.request(app) + .get('/api/v1/users') + .set('Authorization', `Bearer ${token}`) + .send() + .end((err, res) => { + expect(res.body).to.be.an('object'); + expect(res.body.status).to.equal('success'); + expect(res.body.data[0]).to.have.property('id'); + expect(res.body.data[0]).to.have.property('firstName'); + expect(res.body.data[0]).to.have.property('lastName'); + expect(res.body.data[0]).to.have.property('email'); + expect(res.body.data[0]).to.have.property('password'); + expect(res.body.data[0]).to.have.property('type'); + expect(res.body.data[0]).to.have.property('isAdmin'); + }); + done(); + }); + }, + ); + + it( + 'only staffs and admin can view all users', + (done) => { + const signinUrl = '/api/auth/signin'; + chai.request(app) + .post(signinUrl) + .send({ + email: 'banka@banka.com', + password: 'passworD1@', + }) + .end((error, response) => { + const { token } = response.body.data; + chai.request(app) + .get('/api/v1/users') + .set('Authorization', `Bearer ${token}`) + .send() + .end((err, res) => { + expect(res.body).to.be.an('object'); + expect(res.body.status).to.equal('success'); + expect(res.body.data).to.equal('You don\'t have permission to view this page'); + }); + done(); + }); + }, + ); + + it( + 'only staffs and admin can delete users', + (done) => { + const signinUrl = '/api/auth/signin'; + chai.request(app) + .post(signinUrl) + .send({ + email: 'banka@banka.com', + password: 'passworD1@', + }) + .end((error, response) => { + const { token } = response.body.data; + chai.request(app) + .delete('/api/v1/users/1') + .set('Authorization', `Bearer ${token}`) + .send() + .end((err, res) => { + expect(res.body).to.be.an('object'); + expect(res.body.status).to.equal('success'); + expect(res.body.data).to.equal('You don\'t have permission to do this task'); + }); + done(); + }); + }, + ); + + it( + 'only admin can delete staffs', + (done) => { + const signinUrl = '/api/auth/signin'; + chai.request(app) + .post(signinUrl) + .send({ + email: 'banka2@banka.com', + password: 'passworD2@', + }) + .end((error, response) => { + const { token } = response.body.data; + chai.request(app) + .delete('/api/v1/users/2') + .set('Authorization', `Bearer ${token}`) + .send() + .end((err, res) => { + expect(res.body).to.be.an('object'); + expect(res.body.status).to.equal('success'); + expect(res.body.data).to.equal('Sorry you can not delete a staff'); + }); + done(); + }); + }, + ); + }); +});