diff --git a/.eslintrc.js b/.eslintrc.js index 85e96bd..ed7556c 100644 --- a/.eslintrc.js +++ b/.eslintrc.js @@ -35,9 +35,5 @@ module.exports = { } }], "max-len": ["error", { "code": 80 }], - "linebreak-style": [ - "error", - "windows" - ] } }; diff --git a/.gitignore b/.gitignore index bbd57d1..ef68d50 100644 --- a/.gitignore +++ b/.gitignore @@ -59,3 +59,6 @@ typings/ # next.js build output .next + +# vs code +.DS_Store \ No newline at end of file diff --git a/.travis.yml b/.travis.yml index 95f246e..50bf118 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,16 +1,21 @@ language: node_js node_js: - - "stable" -cache: -directories: - - "node_modules" + - "8" before_install: cd ./server install: - npm install -script: - - npm run test after_success: - npm run coverage +cache: + directories: + - "node_modules" env: global: - - CODECLIMATE_REPO_TOKEN=c14abfc89b0eb06fcb10f480f4b3e47142ac181c60c21f0131b570e72b1fbeb7 \ No newline at end of file + - CODECLIMATE_REPO_TOKEN=c14abfc89b0eb06fcb10f480f4b3e47142ac181c60c21f0131b570e72b1fbeb7 + - JWTSECRETKEY=5634 + - DB_CONFIG=postgres://xwrxubeu:u4wOQ6oxpvRCK6yWk5qK4rzaiisTPeoN@isilo.db.elephantsql.com:5432/xwrxubeu + - ADMIN_PWD=$2a$10$CmmIst1.D3QjaWuafKbBaOuAFu0r9o7xxQY.0SMKiAN.h9z52a2y2 +script: + - npm run test +services: + - postgresql \ No newline at end of file diff --git a/server/v1/config/database.js b/server/v1/config/database.js index a7a944a..2727722 100644 --- a/server/v1/config/database.js +++ b/server/v1/config/database.js @@ -1,10 +1,7 @@ import { Pool } from 'pg'; import debug from 'debug'; -import dotenv from 'dotenv'; import { parse } from 'pg-connection-string'; -dotenv.config(); - let conString; if (process.env.HEROKU_ACCESS === 'heroku_access') { diff --git a/server/v1/config/migration.js b/server/v1/config/migration.js index c8cff45..3e85a92 100644 --- a/server/v1/config/migration.js +++ b/server/v1/config/migration.js @@ -1,5 +1,8 @@ +import dotenv from 'dotenv'; import dbConnection from './database'; +dotenv.config(); + const Migration = { /** * Migration diff --git a/server/v1/services/users.js b/server/v1/services/users.js index 096426f..47858dd 100644 --- a/server/v1/services/users.js +++ b/server/v1/services/users.js @@ -1,130 +1,130 @@ -import dbConnection from '../config/database'; - -const UsersServices = { - /** - * Get all users - * @constructor - * @param {*} staff - get token details to check if staff or admin - * @param {*} queryLimit - Get query parameter - */ - async getAllUsers(staff, queryLimit) { - let returnStatus; let returnSuccess = ''; let returnError = ''; - // check the users table - const userDetails = await dbConnection - .dbConnect('SELECT id, type, isadmin FROM users WHERE email=$1', - [staff.email]); - const { type, isadmin } = userDetails.rows[0]; - - if (type === 'staff' || isadmin === true) { - if (typeof queryLimit !== 'undefined') { - const allAccounts = await dbConnection - .dbConnect('SELECT * from users LIMIT $1', [queryLimit]); - returnStatus = 200; - returnSuccess = allAccounts.rows; - } else { - const allAccounts = await dbConnection - .dbConnect('SELECT * from users LIMIT $1', [10]); - returnStatus = 200; - returnSuccess = allAccounts.rows; - } - } else { - returnStatus = 401; - returnError = 'You don\'t have permission to view this page'; - } - return { - returnStatus, - returnSuccess, - returnError, - }; - }, - - /** - * Get user's accounts by email - * @constructor - * @param {*} email - get user's email - */ - async getUsersAccounts(email) { - let returnStatus; let returnSuccess = ''; let returnError = ''; - const allAccounts = await dbConnection - .dbConnect('SELECT email from users WHERE email=$1', [email]); - if (allAccounts.rows.length > 0) { - const accountDbData = await dbConnection - .dbConnect('SELECT * from accounts WHERE email=$1', [email]); - if (accountDbData.rows.length > 0) { - returnStatus = 200; - returnSuccess = accountDbData.rows; - } else { - returnStatus = 404; - returnError = 'no account found for this user'; - } - } else { - returnStatus = 404; - returnError = 'email does not exist'; - } - return { - returnStatus, - returnSuccess, - returnError, - }; - }, - - /** - * Delete user - * @constructor - * @param {*} id - get user id - * @param {*} staff - get token details to check if staff or admin - */ - async deleteUser(id, staff) { - let returnStatus; let returnSuccess = ''; let returnError = ''; - // check the users table - const userDetails = await dbConnection - .dbConnect('SELECT id, type, isadmin FROM users WHERE email=$1', - [staff.email]); - const { type, isadmin } = userDetails.rows[0]; - - if (type === 'staff') { - const checkusers = await dbConnection - .dbConnect('SELECT type FROM users WHERE id=$1', [id]); - if (checkusers.rows.length > 0) { - if (checkusers.rows[0].type === 'client') { - const accountDbData = await dbConnection - .dbConnect('DELETE FROM users WHERE id=$1', [id]); - if (accountDbData.command === 'DELETE') { - returnStatus = 200; - returnSuccess = 'Account successfully deleted'; - } - } else { - returnStatus = 401; - returnError = 'you must be an admin to delete this staff'; - } - } else { - returnStatus = 404; - returnError = 'no account found'; - } - } else if (isadmin === true) { - const checkusers = await dbConnection - .dbConnect('SELECT type FROM users WHERE id=$1', [id]); - if (checkusers.rows.length > 0) { - const accountDbData = await dbConnection - .dbConnect('DELETE FROM users WHERE id=$1', [id]); - if (accountDbData.command === 'DELETE') { - returnStatus = 200; - returnSuccess = 'Account successfully deleted'; - } - } else { - returnStatus = 404; - returnError = 'no account found'; - } - } else { - returnStatus = 401; - returnError = 'You don\'t have permission to view this page'; - } - return { - returnStatus, - returnSuccess, - returnError, - }; - }, -}; - -export default UsersServices; +import dbConnection from '../config/database'; + +const UsersServices = { + /** + * Get all users + * @constructor + * @param {*} staff - get token details to check if staff or admin + * @param {*} queryLimit - Get query parameter + */ + async getAllUsers(staff, queryLimit) { + let returnStatus; let returnSuccess = ''; let returnError = ''; + // check the users table + const userDetails = await dbConnection + .dbConnect('SELECT id, type, isadmin FROM users WHERE email=$1', + [staff.email]); + const { type, isadmin } = userDetails.rows[0]; + + if (type === 'staff' || isadmin === true) { + if (typeof queryLimit !== 'undefined') { + const allAccounts = await dbConnection + .dbConnect('SELECT * from users LIMIT $1', [queryLimit]); + returnStatus = 200; + returnSuccess = allAccounts.rows; + } else { + const allAccounts = await dbConnection + .dbConnect('SELECT * from users LIMIT $1', [10]); + returnStatus = 200; + returnSuccess = allAccounts.rows; + } + } else { + returnStatus = 401; + returnError = 'You don\'t have permission to view this page'; + } + return { + returnStatus, + returnSuccess, + returnError, + }; + }, + + /** + * Get user's accounts by email + * @constructor + * @param {*} email - get user's email + */ + async getUsersAccounts(email) { + let returnStatus; let returnSuccess = ''; let returnError = ''; + const allAccounts = await dbConnection + .dbConnect('SELECT email from users WHERE email=$1', [email]); + if (allAccounts.rows.length > 0) { + const accountDbData = await dbConnection + .dbConnect('SELECT * from accounts WHERE email=$1', [email]); + if (accountDbData.rows.length > 0) { + returnStatus = 200; + returnSuccess = accountDbData.rows; + } else { + returnStatus = 404; + returnError = 'no account found for this user'; + } + } else { + returnStatus = 404; + returnError = 'email does not exist'; + } + return { + returnStatus, + returnSuccess, + returnError, + }; + }, + + /** + * Delete user + * @constructor + * @param {*} id - get user id + * @param {*} staff - get token details to check if staff or admin + */ + async deleteUser(id, staff) { + let returnStatus; let returnSuccess = ''; let returnError = ''; + // check the users table + const userDetails = await dbConnection + .dbConnect('SELECT id, type, isadmin FROM users WHERE email=$1', + [staff.email]); + const { type, isadmin } = userDetails.rows[0]; + + if (type === 'staff') { + const checkusers = await dbConnection + .dbConnect('SELECT type FROM users WHERE id=$1', [id]); + if (checkusers.rows.length > 0) { + if (checkusers.rows[0].type === 'client') { + const accountDbData = await dbConnection + .dbConnect('DELETE FROM users WHERE id=$1', [id]); + if (accountDbData.command === 'DELETE') { + returnStatus = 200; + returnSuccess = 'Account successfully deleted'; + } + } else { + returnStatus = 401; + returnError = 'you must be an admin to delete this staff'; + } + } else { + returnStatus = 404; + returnError = 'no account found'; + } + } else if (isadmin === true) { + const checkusers = await dbConnection + .dbConnect('SELECT type FROM users WHERE id=$1', [id]); + if (checkusers.rows.length > 0) { + const accountDbData = await dbConnection + .dbConnect('DELETE FROM users WHERE id=$1', [id]); + if (accountDbData.command === 'DELETE') { + returnStatus = 200; + returnSuccess = 'Account successfully deleted'; + } + } else { + returnStatus = 404; + returnError = 'no account found'; + } + } else { + returnStatus = 401; + returnError = 'You don\'t have permission to view this page'; + } + return { + returnStatus, + returnSuccess, + returnError, + }; + }, +}; + +export default UsersServices; diff --git a/server/v1/test/signup.js b/server/v1/test/signup.js index ac7acb1..6f9ab52 100644 --- a/server/v1/test/signup.js +++ b/server/v1/test/signup.js @@ -1,280 +1,279 @@ -import '@babel/polyfill'; -import chaiHttp from 'chai-http'; -import chai, { expect } from 'chai'; -import dbConnection from '../config/database'; - -import app from '../app'; - -chai.use(chaiHttp); - -describe('Testing User Controller', () => { - before(async () => { - await dbConnection.dbTesting('DELETE FROM users'); - await dbConnection - .dbConnect('INSERT into users(email, firstName, lastName, password, type, isAdmin) values($1, $2, $3, $4, $5, $6)', - ['staff@banka.com', 'cavdy', 'ikenna', '$2a$10$CmmIst1.D3QjaWuafKbBaOuAFu0r9o7xxQY.0SMKiAN.h9z52a2y2', 'staff', false]); - await dbConnection - .dbConnect('INSERT into users(email, firstName, lastName, password, type, isAdmin) values($1, $2, $3, $4, $5, $6)', - ['admin@banka.com', 'cavdy', 'ikenna', '$2a$10$CmmIst1.D3QjaWuafKbBaOuAFu0r9o7xxQY.0SMKiAN.h9z52a2y2', 'client', true]); - await dbConnection - .dbConnect('INSERT into users(email, firstName, lastName, password, type, isAdmin) values($1, $2, $3, $4, $5, $6)', - ['deleteguy@banka.com', 'cavdy', 'ikenna', '$2a$10$CmmIst1.D3QjaWuafKbBaOuAFu0r9o7xxQY.0SMKiAN.h9z52a2y2', 'staff', true]); - await dbConnection - .dbConnect('INSERT into users(email, firstName, lastName, password, type, isAdmin) values($1, $2, $3, $4, $5, $6)', - ['deleteguy2@banka.com', 'cavdy', 'ikenna', '$2a$10$CmmIst1.D3QjaWuafKbBaOuAFu0r9o7xxQY.0SMKiAN.h9z52a2y2', 'client', true]); - }); - after(async () => { - await dbConnection - .dbConnect('DELETE FROM users WHERE email=$1', ['admin@banka.com']); - }); - describe('Testing signup controller', () => { - const signupUrl = '/api/v1/auth/signup'; - it( - 'should register a new user when all the parameters are given', - async () => { - const response = await chai.request(app) - .post(signupUrl) - .send({ - firstName: 'cavdy', - lastName: 'isaiah', - email: 'banka872@banka4.com', - password: 'passworD4@', - }); - expect(response).to.be.an('object'); - expect(response).to.have.status(201); - expect(response.body.data).to.have.property('id'); - expect(response.body.data).to.have.property('firstName'); - expect(response.body.data).to.have.property('lastName'); - expect(response.body.data).to.have.property('email'); - expect(response.body.data).to.have.property('token'); - }, - ); - - it( - 'should not register a user when the email already exist', - async () => { - const response = await chai.request(app) - .post(signupUrl) - .send({ - firstName: 'cavdy', - lastName: 'isaiah', - email: 'banka872@banka4.com', - password: 'passworD4@', - }); - expect(response).to.be.an('object'); - expect(response).to.have.status(409); - expect(response.body.data).to.equal('email already exist'); - }, - ); - - it( - 'should not create a staff when the email already exist', - async () => { - const signinUrl = '/api/v1/auth/signin'; - const response = await chai.request(app) - .post(signinUrl) - .send({ - email: 'admin@banka.com', - password: 'passworD4@', - }); - const { token } = response.body.data; - const res = await chai.request(app) - .post('/api/v1/auth/signup/addstaff') - .set('Authorization', `Bearer ${token}`) - .send({ - firstName: 'cavdy', - lastName: 'isaiah', - email: 'banka872@banka4.com', - password: 'passworD4@', - type: 'staff', - isAdmin: false, - }); - expect(res).to.be.an('object'); - expect(res.body.status).to.equal(409); - expect(res.body.data).to.equal('email already exist'); - }, - ); - - it( - 'should not register when all fields are missing', - async () => { - const response = await chai.request(app) - .post(signupUrl) - .send(); - expect(response).to.be.an('object'); - expect(response).to.have.status(422); - expect(response.body.data[0]).to.equal('Email is required'); - expect(response.body.data[1]).to.equal('Firstname required'); - expect(response.body.data[2]).to.equal('Lastname required'); - expect(response.body.data[3]) - .to.equal('Password should contain atleast 8 characters, 1 uppercase letter, 1 lowercase letter, 1 number and 1 symbol or character'); - }, - ); - - it( - 'should not create staff when all fields are missing', - async () => { - const signinUrl = '/api/v1/auth/signin'; - const response = await chai.request(app) - .post(signinUrl) - .send({ - email: 'admin@banka.com', - password: 'passworD4@', - }); - const { token } = response.body.data; - const res = await chai.request(app) - .post('/api/v1/auth/signup/addstaff') - .set('Authorization', `Bearer ${token}`) - .send({ - type: 'staff', - isAdmin: false, - }); - expect(res).to.be.an('object'); - expect(res.body.status).to.equal(422); - expect(res.body.data[0]).to.equal('Email is required'); - expect(res.body.data[1]).to.equal('Firstname required'); - expect(res.body.data[2]).to.equal('Lastname required'); - expect(res.body.data[3]) - .to.equal('Password should contain atleast 8 characters, 1 uppercase letter, 1 lowercase letter, 1 number and 1 symbol or character'); - }, - ); - - it( - 'should not register a user when the email is missing', - async () => { - const response = await chai.request(app) - .post(signupUrl) - .send({ - firstName: 'cavdy', - lastName: 'isaiah', - password: 'passworD4@', - }); - expect(response).to.be.an('object'); - expect(response).to.have.status(422); - expect(response.body.data[0]).to.equal('Email is required'); - }, - ); - - it( - 'should not register a user when the first name is missing', - async () => { - const response = await chai.request(app) - .post(signupUrl) - .send({ - lastName: 'isaiah', - email: 'banka873@banka4.com', - password: 'passworD4@', - }); - expect(response).to.be.an('object'); - expect(response).to.have.status(422); - expect(response.body.data[0]).to.equal('Firstname required'); - }, - ); - - it( - 'should not register a user when the last name is missing', - async () => { - const response = await chai.request(app) - .post(signupUrl) - .send({ - firstName: 'cavdy', - email: 'banka873@banka4.com', - password: 'passworD4@', - }); - expect(response).to.be.an('object'); - expect(response).to.have.status(422); - expect(response.body.data[0]).to.equal('Lastname required'); - }, - ); - - it( - 'should not register a user when the password is missing', - async () => { - const response = await chai.request(app) - .post(signupUrl) - .send({ - firstName: 'cavdy', - lastName: 'isaiah', - email: 'banka873@banka4.com', - }); - expect(response).to.be.an('object'); - expect(response).to.have.status(422); - expect(response.body.data[0]) - .to.equal('Password should contain atleast 8 characters, 1 uppercase letter, 1 lowercase letter, 1 number and 1 symbol or character'); - }, - ); - it( - 'should not register a user when the password do not meet requirement', - async () => { - const response = await chai.request(app) - .post(signupUrl) - .send({ - firstName: 'cavdy', - lastName: 'isaiah', - email: 'banka873@banka4.com', - password: 'passworD4', - }); - expect(response).to.be.an('object'); - expect(response).to.have.status(422); - expect(response.body.data[0]) - .to.equal('Password should contain atleast 8 characters, 1 uppercase letter, 1 lowercase letter, 1 number and 1 symbol or character'); - }, - ); - - it( - 'only admin can create staffs', - async () => { - const signinUrl = '/api/v1/auth/signin'; - const response = await chai.request(app) - .post(signinUrl) - .send({ - email: 'admin@banka.com', - password: 'passworD4@', - }); - const { token } = response.body.data; - const res = await chai.request(app) - .post('/api/v1/auth/signup/addstaff') - .set('Authorization', `Bearer ${token}`) - .send({ - firstName: 'cavdy', - lastName: 'isaiah', - email: 'staff25@banka.com', - password: 'passworD4@', - }); - expect(res).to.be.an('object'); - expect(res).to.have.status(201); - expect(res.body.data).to.have.property('id'); - expect(res.body.data).to.have.property('firstName'); - expect(res.body.data).to.have.property('lastName'); - expect(res.body.data).to.have.property('email'); - expect(res.body.data).to.have.property('token'); - }, - ); - - it( - 'should not create staff if not admin', - async () => { - const signinUrl = '/api/v1/auth/signin'; - const response = await chai.request(app) - .post(signinUrl) - .send({ - email: 'banka872@banka4.com', - password: 'passworD4@', - }); - const { token } = response.body.data; - const res = await chai.request(app) - .post('/api/v1/auth/signup/addstaff') - .set('Authorization', `Bearer ${token}`) - .send({ - firstName: 'cavdy', - lastName: 'isaiah', - email: 'staff8@banka.com', - password: 'passworD4@', - }); - expect(res).to.be.an('object'); - expect(res).to.have.status(401); - expect(res.body.data).to.equal('you must be an admin to create staffs'); - }, - ); - }); -}); +import '@babel/polyfill'; +import chaiHttp from 'chai-http'; +import chai, { expect } from 'chai'; +import dotenv from 'dotenv'; +import dbConnection from '../config/database'; + +import app from '../app'; + +dotenv.config(); + +chai.use(chaiHttp); + +describe('Testing User Controller', () => { + before(async () => { + await dbConnection.dbTesting('DELETE FROM users'); + await dbConnection + .dbConnect('INSERT into users(email, firstName, lastName, password, type, isAdmin) values($1, $2, $3, $4, $5, $6)', + ['admin@banka.com', 'cavdy', 'ikenna', '$2a$10$CmmIst1.D3QjaWuafKbBaOuAFu0r9o7xxQY.0SMKiAN.h9z52a2y2', 'client', true]); + await dbConnection + .dbConnect('INSERT into users(email, firstName, lastName, password, type, isAdmin) values($1, $2, $3, $4, $5, $6)', + ['staff@banka.com', 'cavdy', 'ikenna', '$2a$10$CmmIst1.D3QjaWuafKbBaOuAFu0r9o7xxQY.0SMKiAN.h9z52a2y2', 'staff', false]); + await dbConnection + .dbConnect('INSERT into users(email, firstName, lastName, password, type, isAdmin) values($1, $2, $3, $4, $5, $6)', + ['deleteguy@banka.com', 'cavdy', 'ikenna', '$2a$10$CmmIst1.D3QjaWuafKbBaOuAFu0r9o7xxQY.0SMKiAN.h9z52a2y2', 'staff', true]); + await dbConnection + .dbConnect('INSERT into users(email, firstName, lastName, password, type, isAdmin) values($1, $2, $3, $4, $5, $6)', + ['deleteguy2@banka.com', 'cavdy', 'ikenna', '$2a$10$CmmIst1.D3QjaWuafKbBaOuAFu0r9o7xxQY.0SMKiAN.h9z52a2y2', 'client', true]); + }); + describe('Testing signup controller', () => { + const signupUrl = '/api/v1/auth/signup'; + it( + 'should register a new user when all the parameters are given', + async () => { + const response = await chai.request(app) + .post(signupUrl) + .send({ + firstName: 'cavdy', + lastName: 'isaiah', + email: 'banka872@banka4.com', + password: 'passworD4@', + }); + expect(response).to.be.an('object'); + expect(response).to.have.status(201); + expect(response.body.data).to.have.property('id'); + expect(response.body.data).to.have.property('firstName'); + expect(response.body.data).to.have.property('lastName'); + expect(response.body.data).to.have.property('email'); + expect(response.body.data).to.have.property('token'); + }, + ); + + it( + 'should not register a user when the email already exist', + async () => { + const response = await chai.request(app) + .post(signupUrl) + .send({ + firstName: 'cavdy', + lastName: 'isaiah', + email: 'banka872@banka4.com', + password: 'passworD4@', + }); + expect(response).to.be.an('object'); + expect(response).to.have.status(409); + expect(response.body.data).to.equal('email already exist'); + }, + ); + + it( + 'should not create a staff when the email already exist', + async () => { + const signinUrl = '/api/v1/auth/signin'; + const response = await chai.request(app) + .post(signinUrl) + .send({ + email: 'admin@banka.com', + password: 'passworD4@', + }); + const { token } = response.body.data; + const res = await chai.request(app) + .post('/api/v1/auth/signup/addstaff') + .set('Authorization', `Bearer ${token}`) + .send({ + firstName: 'cavdy', + lastName: 'isaiah', + email: 'banka872@banka4.com', + password: 'passworD4@', + type: 'staff', + isAdmin: false, + }); + expect(res).to.be.an('object'); + expect(res.body.status).to.equal(409); + expect(res.body.data).to.equal('email already exist'); + }, + ); + + it( + 'should not register when all fields are missing', + async () => { + const response = await chai.request(app) + .post(signupUrl) + .send(); + expect(response).to.be.an('object'); + expect(response).to.have.status(422); + expect(response.body.data[0]).to.equal('Email is required'); + expect(response.body.data[1]).to.equal('Firstname required'); + expect(response.body.data[2]).to.equal('Lastname required'); + expect(response.body.data[3]) + .to.equal('Password should contain atleast 8 characters, 1 uppercase letter, 1 lowercase letter, 1 number and 1 symbol or character'); + }, + ); + + it( + 'should not create staff when all fields are missing', + async () => { + const signinUrl = '/api/v1/auth/signin'; + const response = await chai.request(app) + .post(signinUrl) + .send({ + email: 'admin@banka.com', + password: 'passworD4@', + }); + const { token } = response.body.data; + const res = await chai.request(app) + .post('/api/v1/auth/signup/addstaff') + .set('Authorization', `Bearer ${token}`) + .send({ + type: 'staff', + isAdmin: false, + }); + expect(res).to.be.an('object'); + expect(res.body.status).to.equal(422); + expect(res.body.data[0]).to.equal('Email is required'); + expect(res.body.data[1]).to.equal('Firstname required'); + expect(res.body.data[2]).to.equal('Lastname required'); + expect(res.body.data[3]) + .to.equal('Password should contain atleast 8 characters, 1 uppercase letter, 1 lowercase letter, 1 number and 1 symbol or character'); + }, + ); + + it( + 'should not register a user when the email is missing', + async () => { + const response = await chai.request(app) + .post(signupUrl) + .send({ + firstName: 'cavdy', + lastName: 'isaiah', + password: 'passworD4@', + }); + expect(response).to.be.an('object'); + expect(response).to.have.status(422); + expect(response.body.data[0]).to.equal('Email is required'); + }, + ); + + it( + 'should not register a user when the first name is missing', + async () => { + const response = await chai.request(app) + .post(signupUrl) + .send({ + lastName: 'isaiah', + email: 'banka873@banka4.com', + password: 'passworD4@', + }); + expect(response).to.be.an('object'); + expect(response).to.have.status(422); + expect(response.body.data[0]).to.equal('Firstname required'); + }, + ); + + it( + 'should not register a user when the last name is missing', + async () => { + const response = await chai.request(app) + .post(signupUrl) + .send({ + firstName: 'cavdy', + email: 'banka873@banka4.com', + password: 'passworD4@', + }); + expect(response).to.be.an('object'); + expect(response).to.have.status(422); + expect(response.body.data[0]).to.equal('Lastname required'); + }, + ); + + it( + 'should not register a user when the password is missing', + async () => { + const response = await chai.request(app) + .post(signupUrl) + .send({ + firstName: 'cavdy', + lastName: 'isaiah', + email: 'banka873@banka4.com', + }); + expect(response).to.be.an('object'); + expect(response).to.have.status(422); + expect(response.body.data[0]) + .to.equal('Password should contain atleast 8 characters, 1 uppercase letter, 1 lowercase letter, 1 number and 1 symbol or character'); + }, + ); + it( + 'should not register a user when the password do not meet requirement', + async () => { + const response = await chai.request(app) + .post(signupUrl) + .send({ + firstName: 'cavdy', + lastName: 'isaiah', + email: 'banka873@banka4.com', + password: 'passworD4', + }); + expect(response).to.be.an('object'); + expect(response).to.have.status(422); + expect(response.body.data[0]) + .to.equal('Password should contain atleast 8 characters, 1 uppercase letter, 1 lowercase letter, 1 number and 1 symbol or character'); + }, + ); + + it( + 'only admin can create staffs', + async () => { + const signinUrl = '/api/v1/auth/signin'; + const response = await chai.request(app) + .post(signinUrl) + .send({ + email: 'admin@banka.com', + password: 'passworD4@', + }); + const { token } = response.body.data; + const res = await chai.request(app) + .post('/api/v1/auth/signup/addstaff') + .set('Authorization', `Bearer ${token}`) + .send({ + firstName: 'cavdy', + lastName: 'isaiah', + email: 'staff25@banka.com', + password: 'passworD4@', + }); + expect(res).to.be.an('object'); + expect(res).to.have.status(201); + expect(res.body.data).to.have.property('id'); + expect(res.body.data).to.have.property('firstName'); + expect(res.body.data).to.have.property('lastName'); + expect(res.body.data).to.have.property('email'); + expect(res.body.data).to.have.property('token'); + }, + ); + + it( + 'should not create staff if not admin', + async () => { + const signinUrl = '/api/v1/auth/signin'; + const response = await chai.request(app) + .post(signinUrl) + .send({ + email: 'banka872@banka4.com', + password: 'passworD4@', + }); + const { token } = response.body.data; + const res = await chai.request(app) + .post('/api/v1/auth/signup/addstaff') + .set('Authorization', `Bearer ${token}`) + .send({ + firstName: 'cavdy', + lastName: 'isaiah', + email: 'staff8@banka.com', + password: 'passworD4@', + }); + expect(res).to.be.an('object'); + expect(res).to.have.status(401); + expect(res.body.data).to.equal('you must be an admin to create staffs'); + }, + ); + }); +}); diff --git a/server/v1/test/users.js b/server/v1/test/users.js index 9a6cb6a..550def4 100644 --- a/server/v1/test/users.js +++ b/server/v1/test/users.js @@ -1,348 +1,348 @@ -import chaiHttp from 'chai-http'; -import chai, { expect } from 'chai'; - -import app from '../app'; - -chai.use(chaiHttp); - -describe('Testing All Users Controller', () => { - describe('Testing all accounts controller', () => { - it( - 'users should have all required details', - async () => { - const signinUrl = '/api/v1/auth/signin'; - const response = await chai.request(app) - .post(signinUrl) - .send({ - email: 'admin@banka.com', - password: 'passworD4@', - }); - const { token } = response.body.data; - const res = await chai.request(app) - .get('/api/v1/users') - .set('Authorization', `Bearer ${token}`) - .send(); - expect(res.body).to.be.an('object'); - expect(res).to.have.status(200); - expect(res.body.data[0]).to.have.property('id'); - expect(res.body.data[0]).to.have.property('firstname'); - expect(res.body.data[0]).to.have.property('lastname'); - expect(res.body.data[0]).to.have.property('email'); - expect(res.body.data[0]).to.have.property('password'); - expect(res.body.data[0]).to.have.property('type'); - expect(res.body.data[0]).to.have.property('isadmin'); - }, - ); - - it( - 'when limit query is passed', - async () => { - const signinUrl = '/api/v1/auth/signin'; - const response = await chai.request(app) - .post(signinUrl) - .send({ - email: 'admin@banka.com', - password: 'passworD4@', - }); - const { token } = response.body.data; - const res = await chai.request(app) - .get('/api/v1/users?limit=10') - .set('Authorization', `Bearer ${token}`) - .send(); - expect(res.body).to.be.an('object'); - expect(res).to.have.status(200); - expect(res.body.data[0]).to.have.property('id'); - expect(res.body.data[0]).to.have.property('firstname'); - expect(res.body.data[0]).to.have.property('lastname'); - expect(res.body.data[0]).to.have.property('email'); - expect(res.body.data[0]).to.have.property('password'); - expect(res.body.data[0]).to.have.property('type'); - expect(res.body.data[0]).to.have.property('isadmin'); - }, - ); - - it( - 'check if email does not exist', - async () => { - const signinUrl = '/api/v1/auth/signin'; - const response = await chai.request(app) - .post(signinUrl) - .send({ - email: 'admin@banka.com', - password: 'passworD4@', - }); - const { token } = response.body.data; - const res = await chai.request(app) - .get('/api/v1/users/banka872@ban.com/accounts') - .set('Authorization', `Bearer ${token}`) - .send(); - expect(res.body).to.be.an('object'); - expect(res.body.status).to.equal(404); - expect(res.body.data).to.equal('email does not exist'); - }, - ); - - it( - 'only admin or staff to see all users', - async () => { - const signinUrl = '/api/v1/auth/signin'; - const response = await chai.request(app) - .post(signinUrl) - .send({ - email: 'banka872@banka4.com', - password: 'passworD4@', - }); - const { token } = response.body.data; - const res = await chai.request(app) - .get('/api/v1/users') - .set('Authorization', `Bearer ${token}`) - .send(); - expect(res.body).to.be.an('object'); - expect(res.body.status).to.equal(401); - expect(res.body.data) - .to.equal('You don\'t have permission to view this page'); - }, - ); - - it( - 'check if email does not have a bank account', - async () => { - const signinUrl = '/api/v1/auth/signin'; - const response = await chai.request(app) - .post(signinUrl) - .send({ - email: 'admin@banka.com', - password: 'passworD4@', - }); - const { token } = response.body.data; - const res = await chai.request(app) - .get('/api/v1/users/deleteguy2@banka.com/accounts') - .set('Authorization', `Bearer ${token}`) - .send(); - expect(res.body).to.be.an('object'); - expect(res.body.status).to.equal(404); - expect(res.body.data).to.equal('no account found for this user'); - }, - ); - - it( - 'get users account by email', - async () => { - const signinUrl = '/api/v1/auth/signin'; - const response = await chai.request(app) - .post(signinUrl) - .send({ - email: 'admin@banka.com', - password: 'passworD4@', - }); - const { token } = response.body.data; - const res = await chai.request(app) - .get('/api/v1/users') - .set('Authorization', `Bearer ${token}`) - .send(); - expect(res.body).to.be.an('object'); - expect(res).to.have.status(200); - expect(res.body.data[0]).to.have.property('id'); - expect(res.body.data[0]).to.have.property('firstname'); - expect(res.body.data[0]).to.have.property('lastname'); - expect(res.body.data[0]).to.have.property('email'); - expect(res.body.data[0]).to.have.property('password'); - expect(res.body.data[0]).to.have.property('type'); - expect(res.body.data[0]).to.have.property('isadmin'); - }, - ); - - it( - 'if no token was passed', - async () => { - const res = await chai.request(app) - .get('/api/v1/users') - .send(); - expect(res).to.have.status(403); - }, - ); - - it( - 'if wrong token was passed', - async () => { - const res = await chai.request(app) - .get('/api/v1/users') - .set('Authorization', 'Bearer ujhhs88s88s8888') - .send(); - expect(res.status).to.equal(403); - }, - ); - - it( - 'should not see all users if not admin or staff', - async () => { - const signinUrl = '/api/v1/auth/signin'; - const response = await chai.request(app) - .post(signinUrl) - .send({ - email: 'banka872@banka4.com', - password: 'passworD4@', - }); - const { token } = response.body.data; - const res = await chai.request(app) - .get('/api/v1/users/banka872@banka4.com/accounts') - .set('Authorization', `Bearer ${token}`) - .send(); - expect(res.body).to.be.an('object'); - expect(res.body.status).to.equal(200); - expect(res.body.data[0]).to.have.property('id'); - expect(res.body.data[0]).to.have.property('email'); - expect(res.body.data[0]).to.have.property('firstname'); - expect(res.body.data[0]).to.have.property('lastname'); - expect(res.body.data[0]).to.have.property('accountnumber'); - expect(res.body.data[0]).to.have.property('createdon'); - expect(res.body.data[0]).to.have.property('owner'); - expect(res.body.data[0]).to.have.property('type'); - expect(res.body.data[0]).to.have.property('status'); - expect(res.body.data[0]).to.have.property('balance'); - }, - ); - - it( - 'only staffs and admin can delete users', - async () => { - const signinUrl = '/api/v1/auth/signin'; - const response = await chai.request(app) - .post(signinUrl) - .send({ - email: 'banka872@banka4.com', - password: 'passworD4@', - }); - const { id, token } = response.body.data; - const res = await chai.request(app) - .delete(`/api/v1/users/${id}`) - .set('Authorization', `Bearer ${token}`) - .send(); - expect(res.body).to.be.an('object'); - expect(res).to.have.status(401); - expect(res.body.data) - .to.equal('You don\'t have permission to view this page'); - }, - ); - - it( - 'only admin can delete any users', - async () => { - const signinUrl = '/api/v1/auth/signin'; - const response = await chai.request(app) - .post(signinUrl) - .send({ - email: 'staff@banka.com', - password: 'passworD4@', - }); - const { id, token } = response.body.data; - const res = await chai.request(app) - .delete(`/api/v1/users/${id}`) - .set('Authorization', `Bearer ${token}`) - .send(); - expect(res.body).to.be.an('object'); - expect(res).to.have.status(401); - expect(res.body.data) - .to.equal('you must be an admin to delete this staff'); - }, - ); - - it( - 'only admin can delete all users', - async () => { - const signinUrl = '/api/v1/auth/signin'; - const response = await chai.request(app) - .post(signinUrl) - .send({ - email: 'admin@banka.com', - password: 'passworD4@', - }); - const res = await chai.request(app) - .post(signinUrl) - .send({ - email: 'deleteguy@banka.com', - password: 'passworD4@', - }); - const { token } = response.body.data; - const { id } = res.body.data; - const res1 = await chai.request(app) - .delete(`/api/v1/users/${id}`) - .set('Authorization', `Bearer ${token}`) - .send(); - expect(res1.body).to.be.an('object'); - expect(res1.body.status).to.equal(200); - expect(res1.body.data).to.equal('Account successfully deleted'); - }, - ); - - it( - 'staffs can delete all users that is not a staff or admin', - async () => { - const signinUrl = '/api/v1/auth/signin'; - const response = await chai.request(app) - .post(signinUrl) - .send({ - email: 'staff@banka.com', - password: 'passworD4@', - }); - const res = await chai.request(app) - .post(signinUrl) - .send({ - email: 'deleteguy2@banka.com', - password: 'passworD4@', - }); - const { token } = response.body.data; - const { id } = res.body.data; - const res1 = await chai.request(app) - .delete(`/api/v1/users/${id}`) - .set('Authorization', `Bearer ${token}`) - .send(); - expect(res1.body).to.be.an('object'); - expect(res1.body.status).to.equal(200); - expect(res1.body.data).to.equal('Account successfully deleted'); - }, - ); - - it( - 'check if user does not exist as an admin', - async () => { - const signinUrl = '/api/v1/auth/signin'; - const response = await chai.request(app) - .post(signinUrl) - .send({ - email: 'admin@banka.com', - password: 'passworD4@', - }); - const { token } = response.body.data; - const res = await chai.request(app) - .delete('/api/v1/users/6000') - .set('Authorization', `Bearer ${token}`) - .send(); - expect(res.body).to.be.an('object'); - expect(res.body.status).to.equal(404); - expect(res.body.data).to.equal('no account found'); - }, - ); - - it( - 'check if user does not exist as a staff', - async () => { - const signinUrl = '/api/v1/auth/signin'; - const response = await chai.request(app) - .post(signinUrl) - .send({ - email: 'staff@banka.com', - password: 'passworD4@', - }); - const { token } = response.body.data; - const res = await chai.request(app) - .delete('/api/v1/users/6000') - .set('Authorization', `Bearer ${token}`) - .send(); - expect(res.body).to.be.an('object'); - expect(res.body.status).to.equal(404); - expect(res.body.data).to.equal('no account found'); - }, - ); - }); -}); +import chaiHttp from 'chai-http'; +import chai, { expect } from 'chai'; + +import app from '../app'; + +chai.use(chaiHttp); + +describe('Testing All Users Controller', () => { + describe('Testing all accounts controller', () => { + it( + 'users should have all required details', + async () => { + const signinUrl = '/api/v1/auth/signin'; + const response = await chai.request(app) + .post(signinUrl) + .send({ + email: 'admin@banka.com', + password: 'passworD4@', + }); + const { token } = response.body.data; + const res = await chai.request(app) + .get('/api/v1/users') + .set('Authorization', `Bearer ${token}`) + .send(); + expect(res.body).to.be.an('object'); + expect(res).to.have.status(200); + expect(res.body.data[0]).to.have.property('id'); + expect(res.body.data[0]).to.have.property('firstname'); + expect(res.body.data[0]).to.have.property('lastname'); + expect(res.body.data[0]).to.have.property('email'); + expect(res.body.data[0]).to.have.property('password'); + expect(res.body.data[0]).to.have.property('type'); + expect(res.body.data[0]).to.have.property('isadmin'); + }, + ); + + it( + 'when limit query is passed', + async () => { + const signinUrl = '/api/v1/auth/signin'; + const response = await chai.request(app) + .post(signinUrl) + .send({ + email: 'admin@banka.com', + password: 'passworD4@', + }); + const { token } = response.body.data; + const res = await chai.request(app) + .get('/api/v1/users?limit=10') + .set('Authorization', `Bearer ${token}`) + .send(); + expect(res.body).to.be.an('object'); + expect(res).to.have.status(200); + expect(res.body.data[0]).to.have.property('id'); + expect(res.body.data[0]).to.have.property('firstname'); + expect(res.body.data[0]).to.have.property('lastname'); + expect(res.body.data[0]).to.have.property('email'); + expect(res.body.data[0]).to.have.property('password'); + expect(res.body.data[0]).to.have.property('type'); + expect(res.body.data[0]).to.have.property('isadmin'); + }, + ); + + it( + 'check if email does not exist', + async () => { + const signinUrl = '/api/v1/auth/signin'; + const response = await chai.request(app) + .post(signinUrl) + .send({ + email: 'admin@banka.com', + password: 'passworD4@', + }); + const { token } = response.body.data; + const res = await chai.request(app) + .get('/api/v1/users/banka872@ban.com/accounts') + .set('Authorization', `Bearer ${token}`) + .send(); + expect(res.body).to.be.an('object'); + expect(res.body.status).to.equal(404); + expect(res.body.data).to.equal('email does not exist'); + }, + ); + + it( + 'only admin or staff to see all users', + async () => { + const signinUrl = '/api/v1/auth/signin'; + const response = await chai.request(app) + .post(signinUrl) + .send({ + email: 'banka872@banka4.com', + password: 'passworD4@', + }); + const { token } = response.body.data; + const res = await chai.request(app) + .get('/api/v1/users') + .set('Authorization', `Bearer ${token}`) + .send(); + expect(res.body).to.be.an('object'); + expect(res.body.status).to.equal(401); + expect(res.body.data) + .to.equal('You don\'t have permission to view this page'); + }, + ); + + it( + 'check if email does not have a bank account', + async () => { + const signinUrl = '/api/v1/auth/signin'; + const response = await chai.request(app) + .post(signinUrl) + .send({ + email: 'admin@banka.com', + password: 'passworD4@', + }); + const { token } = response.body.data; + const res = await chai.request(app) + .get('/api/v1/users/deleteguy2@banka.com/accounts') + .set('Authorization', `Bearer ${token}`) + .send(); + expect(res.body).to.be.an('object'); + expect(res.body.status).to.equal(404); + expect(res.body.data).to.equal('no account found for this user'); + }, + ); + + it( + 'get users account by email', + async () => { + const signinUrl = '/api/v1/auth/signin'; + const response = await chai.request(app) + .post(signinUrl) + .send({ + email: 'admin@banka.com', + password: 'passworD4@', + }); + const { token } = response.body.data; + const res = await chai.request(app) + .get('/api/v1/users') + .set('Authorization', `Bearer ${token}`) + .send(); + expect(res.body).to.be.an('object'); + expect(res).to.have.status(200); + expect(res.body.data[0]).to.have.property('id'); + expect(res.body.data[0]).to.have.property('firstname'); + expect(res.body.data[0]).to.have.property('lastname'); + expect(res.body.data[0]).to.have.property('email'); + expect(res.body.data[0]).to.have.property('password'); + expect(res.body.data[0]).to.have.property('type'); + expect(res.body.data[0]).to.have.property('isadmin'); + }, + ); + + it( + 'if no token was passed', + async () => { + const res = await chai.request(app) + .get('/api/v1/users') + .send(); + expect(res).to.have.status(403); + }, + ); + + it( + 'if wrong token was passed', + async () => { + const res = await chai.request(app) + .get('/api/v1/users') + .set('Authorization', 'Bearer ujhhs88s88s8888') + .send(); + expect(res.status).to.equal(403); + }, + ); + + it( + 'should not see all users if not admin or staff', + async () => { + const signinUrl = '/api/v1/auth/signin'; + const response = await chai.request(app) + .post(signinUrl) + .send({ + email: 'banka872@banka4.com', + password: 'passworD4@', + }); + const { token } = response.body.data; + const res = await chai.request(app) + .get('/api/v1/users/banka872@banka4.com/accounts') + .set('Authorization', `Bearer ${token}`) + .send(); + expect(res.body).to.be.an('object'); + expect(res.body.status).to.equal(200); + expect(res.body.data[0]).to.have.property('id'); + expect(res.body.data[0]).to.have.property('email'); + expect(res.body.data[0]).to.have.property('firstname'); + expect(res.body.data[0]).to.have.property('lastname'); + expect(res.body.data[0]).to.have.property('accountnumber'); + expect(res.body.data[0]).to.have.property('createdon'); + expect(res.body.data[0]).to.have.property('owner'); + expect(res.body.data[0]).to.have.property('type'); + expect(res.body.data[0]).to.have.property('status'); + expect(res.body.data[0]).to.have.property('balance'); + }, + ); + + it( + 'only staffs and admin can delete users', + async () => { + const signinUrl = '/api/v1/auth/signin'; + const response = await chai.request(app) + .post(signinUrl) + .send({ + email: 'banka872@banka4.com', + password: 'passworD4@', + }); + const { id, token } = response.body.data; + const res = await chai.request(app) + .delete(`/api/v1/users/${id}`) + .set('Authorization', `Bearer ${token}`) + .send(); + expect(res.body).to.be.an('object'); + expect(res).to.have.status(401); + expect(res.body.data) + .to.equal('You don\'t have permission to view this page'); + }, + ); + + it( + 'only admin can delete any users', + async () => { + const signinUrl = '/api/v1/auth/signin'; + const response = await chai.request(app) + .post(signinUrl) + .send({ + email: 'staff@banka.com', + password: 'passworD4@', + }); + const { id, token } = response.body.data; + const res = await chai.request(app) + .delete(`/api/v1/users/${id}`) + .set('Authorization', `Bearer ${token}`) + .send(); + expect(res.body).to.be.an('object'); + expect(res).to.have.status(401); + expect(res.body.data) + .to.equal('you must be an admin to delete this staff'); + }, + ); + + it( + 'only admin can delete all users', + async () => { + const signinUrl = '/api/v1/auth/signin'; + const response = await chai.request(app) + .post(signinUrl) + .send({ + email: 'admin@banka.com', + password: 'passworD4@', + }); + const res = await chai.request(app) + .post(signinUrl) + .send({ + email: 'deleteguy@banka.com', + password: 'passworD4@', + }); + const { token } = response.body.data; + const { id } = res.body.data; + const res1 = await chai.request(app) + .delete(`/api/v1/users/${id}`) + .set('Authorization', `Bearer ${token}`) + .send(); + expect(res1.body).to.be.an('object'); + expect(res1.body.status).to.equal(200); + expect(res1.body.data).to.equal('Account successfully deleted'); + }, + ); + + it( + 'staffs can delete all users that is not a staff or admin', + async () => { + const signinUrl = '/api/v1/auth/signin'; + const response = await chai.request(app) + .post(signinUrl) + .send({ + email: 'staff@banka.com', + password: 'passworD4@', + }); + const res = await chai.request(app) + .post(signinUrl) + .send({ + email: 'deleteguy2@banka.com', + password: 'passworD4@', + }); + const { token } = response.body.data; + const { id } = res.body.data; + const res1 = await chai.request(app) + .delete(`/api/v1/users/${id}`) + .set('Authorization', `Bearer ${token}`) + .send(); + expect(res1.body).to.be.an('object'); + expect(res1.body.status).to.equal(200); + expect(res1.body.data).to.equal('Account successfully deleted'); + }, + ); + + it( + 'check if user does not exist as an admin', + async () => { + const signinUrl = '/api/v1/auth/signin'; + const response = await chai.request(app) + .post(signinUrl) + .send({ + email: 'admin@banka.com', + password: 'passworD4@', + }); + const { token } = response.body.data; + const res = await chai.request(app) + .delete('/api/v1/users/6000') + .set('Authorization', `Bearer ${token}`) + .send(); + expect(res.body).to.be.an('object'); + expect(res.body.status).to.equal(404); + expect(res.body.data).to.equal('no account found'); + }, + ); + + it( + 'check if user does not exist as a staff', + async () => { + const signinUrl = '/api/v1/auth/signin'; + const response = await chai.request(app) + .post(signinUrl) + .send({ + email: 'staff@banka.com', + password: 'passworD4@', + }); + const { token } = response.body.data; + const res = await chai.request(app) + .delete('/api/v1/users/6000') + .set('Authorization', `Bearer ${token}`) + .send(); + expect(res.body).to.be.an('object'); + expect(res.body.status).to.equal(404); + expect(res.body.data).to.equal('no account found'); + }, + ); + }); +});