Skip to content

Commit

Permalink
Merge 2a98790 into 27e74bc
Browse files Browse the repository at this point in the history
  • Loading branch information
@kodek-sleuth
kodek-sleuth authored Jul 16, 2019
2 parents 27e74bc + 2a98790 commit 02ae97d
Show file tree
Hide file tree
Showing 10 changed files with 127 additions and 45 deletions.
9 changes: 9 additions & 0 deletions .env.example
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,12 @@
DATABASE_URL=postgres://wmqxaqjr:tTHUvMlywe2owxdrqEaofzdC2RKF4XYp@raja.db.elephantsql.com:5432/wmqxaqjr
DATABASE_TEST=postgres://wmqxaqjr:tTHUvMlywe2owxdrqEaofzdC2RKF4XYp@raja.db.elephantsql.com:5432/wmqxaqjr
SECRET=qwertyuiop[]\';lkjhgfdsa`zxcvbnm,./+_)(*&^%$#@!)

FACEBOOK_CLIENT_ID =
FACEBOOK_CLIENT_SECRET =
GOOGLE_CLIENT_ID =
GOOGLE_CLIENT_SECRET =
TWITTER_CLIENT_ID =
TWITTER_CLIENT_SECRET = '
APP_URL_BACKEND = 'http://localhost:3000'

6 changes: 0 additions & 6 deletions .env.sample
View file

This file was deleted.

1 change: 1 addition & 0 deletions .gitignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,7 @@ node_modules

# dotenv file
.env
.env.sample

# nyc output
.nyc_output
Expand Down
32 changes: 32 additions & 0 deletions middlewares/checkDb.js
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
import jwt from 'jsonwebtoken';
import dotenv from 'dotenv';
import models from '../models';

dotenv.config();

const { users } = models;

export const checkAdmin = async (req, res, next) => {
const authHeader = req.headers.authorization;
const token = authHeader.split(' ')[1];
const decode = jwt.decode(token, process.env.SECRET);
const { email } = decode;
const foundUser = await users.findOne({
where: {
email
},
attributes: ['accessLevel']
});

switch (true) {
case foundUser === null:
return res.status(404).json({
error: 'failed to access resource'
});
case foundUser.accessLevel < 1:
return res.status(403).json({
error: 'admin/super-user authorisation required to access this resource'
});
}
next();
};
1 change: 1 addition & 0 deletions middlewares/index.js
View file
Original file line number Diff line number Diff line change
@@ -1 +1,2 @@
export * from './checkToken';
export * from './checkDb';
10 changes: 10 additions & 0 deletions package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -81,5 +81,15 @@
"mocha-lcov-reporter": "^1.3.0",
"nyc": "^14.1.1",
"sinon": "^7.3.2"
},
"nyc": {
"exclude": [
"test/*",
"models/*",
"migrations/*",
"seeders/*",
"config/*",
"index.js"
]
}
}
9 changes: 5 additions & 4 deletions routes/api/admin.js
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,12 @@
import express from 'express';
import { checkToken, checkAdmin } from '../../middlewares';
import userController from '../../controllers/admin';
import validators from '../../middlewares/validations/validations';

const router = express.Router();
router.post('/admin/users', validators.validateCreateUser, userController.createUser);
router.get('/admin/users', userController.getUsers);
router.patch('/admin/users/:userId', userController.updateUser);
router.delete('/admin/users/:userId', userController.deleteUser);
router.post('/admin/users', validators.validateCreateUser, checkToken, checkAdmin, userController.createUser);
router.get('/admin/users', checkToken, checkAdmin, userController.getUsers);
router.patch('/admin/users/:userId', checkToken, checkAdmin, userController.updateUser);
router.delete('/admin/users/:userId', checkToken, checkAdmin, userController.deleteUser);

export default router;
44 changes: 24 additions & 20 deletions seeders/20190707095336-users.js
View file
Original file line number Diff line number Diff line change
@@ -1,24 +1,28 @@
import uuid from 'uuidv4';
import auth from '../helpers/auth';

export const up = (queryInterface, Sequelize) => queryInterface.bulkInsert(
'users',
[
{
id: uuid(),
email: 'johnnie@gmail.com',
username: 'jhonnie',
password: 'Password12$',
accessLevel: 2
},
{
id: uuid(),
email: 'peter@gmail.com',
username: 'peterJ',
password: 'Password12$',
accessLevel: 1
}
],
{}
);
export const up = (queryInterface, Sequelize) => queryInterface.bulkInsert('users', [
{
id: uuid(),
email: 'johnnie@gmail.com',
username: 'jhonnie',
password: auth.hashPassword('Alphamugerwa12$'),
accessLevel: 2,
},
{
id: uuid(),
email: 'peter@gmail.com',
username: 'peterJ',
password: auth.hashPassword('Alphamugerwa12$'),
accessLevel: 1,
},
{
id: uuid(),
email: 'ackram@gmail.com',
username: 'akramTinny',
password: auth.hashPassword('Alphamugerwa12$'),
accessLevel: 2,
}
], {})

const down = (queryInterface, Sequelize) => queryInterface.bulkDelete('users', null, {});
51 changes: 37 additions & 14 deletions tests/admin.test.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,13 +6,33 @@ import user from './index.test';
chai.use(chaiHttp);

const { expect } = chai;
const id = [];
const data = [];

describe('Testing if an admin can login', () => {
it('should login an admin', (done) => {
chai.request(app)
.post('/api/users/login')
.send(user.adminLogin)
.end((err, res) => {
const { status, body } = res;
expect(status).to.equal(200);
expect(body).to.have.property('message');
expect(body).to.have.property('user');
expect(body.user).to.have.property('email');
expect(body.user).to.have.property('username');
expect(body.message).to.equals('logged in');
data.push(body.user.token);
done();
});
});
});

describe('Testing creation of users', () => {
it('should create users', (done) => {
chai
.request(app)
.post('/api/admin/users')
.set('Authorization', `Bearer ${data[0]}`)
.send(user.userTrue)
.end((err, res) => {
const { status, body } = res;
Expand All @@ -30,6 +50,7 @@ describe('Testing creation of users', () => {
chai
.request(app)
.post('/api/admin/users')
.set('Authorization', `Bearer ${data[0]}`)
.send(user.userTrue)
.end((err, res) => {
const { status, body } = res;
Expand All @@ -46,6 +67,7 @@ describe('Testing if app returns all users', () => {
chai
.request(app)
.get('/api/admin/users')
.set('Authorization', `Bearer ${data[0]}`)
.end((err, res) => {
const { status, body } = res;
expect(status).to.equal(200);
Expand All @@ -57,17 +79,17 @@ describe('Testing if app returns all users', () => {
expect(body.users[0]).to.have.property('createdAt');
expect(body.users[0]).to.have.property('accessLevel');
expect(body.message).to.equals('successfully returned all users in the database');
id.push(body.users[0].id);
data.push(body.users[0].id);
done();
});
});
});

describe('Testing admin feature to update user accessLevel', () => {
it('should update a user accessLevel', (done) => {
chai
.request(app)
.patch(`/api/admin/users/${id[0]}`)
chai.request(app)
.patch(`/api/admin/users/${data[1]}`)
.set('Authorization', `Bearer ${data[0]}`)
.send(user.roleLevel)
.end((err, res) => {
const { status, body } = res;
Expand All @@ -83,9 +105,9 @@ describe('Testing admin feature to update user accessLevel', () => {
});

it('should not update user accessLevel given a wrong userId/accessLevel', (done) => {
chai
.request(app)
.patch(`/api/admin/users/${id[0]}`)
chai.request(app)
.patch('/api/admin/users/1')
.set('Authorization', `Bearer ${data[0]}`)
.send(user.fakeRoleLevel)
.end((err, res) => {
const { status, body } = res;
Expand All @@ -97,9 +119,9 @@ describe('Testing admin feature to update user accessLevel', () => {
});

it('should not update user accessLevel given a wrong an accessLevel greater than tw0/less than 0', (done) => {
chai
.request(app)
.patch(`/api/admin/users/${id[0]}`)
chai.request(app)
.patch(`/api/admin/users/${data[1]}`)
.set('Authorization', `Bearer ${data[0]}`)
.send(user.fakeRoleLevelInteger)
.end((err, res) => {
const { status, body } = res;
Expand All @@ -113,9 +135,9 @@ describe('Testing admin feature to update user accessLevel', () => {

describe('Testing admin feature to delete a user', () => {
it('should delete a user given right id', (done) => {
chai
.request(app)
.delete(`/api/admin/users/${id[0]}`)
chai.request(app)
.delete(`/api/admin/users/${data[1]}`)
.set('Authorization', `Bearer ${data[0]}`)
.end((err, res) => {
const { status } = res;
expect(status).to.equal(204);
Expand All @@ -127,6 +149,7 @@ describe('Testing admin feature to delete a user', () => {
chai
.request(app)
.delete('/api/admin/users/1')
.set('Authorization', `Bearer ${data[0]}`)
.end((err, res) => {
const { status, body } = res;
expect(status).to.equal(500);
Expand Down
9 changes: 8 additions & 1 deletion tests/index.test.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,12 @@ const userTrue = {
password: 'Alpha123$'
};

const adminLogin = {
email: 'ackram@gmail.com',
username: 'jhonnie',
password: 'Alphamugerwa12$',
};

const login = {
email: 'love123@gmail.com',
password: 'Alpha123$'
Expand Down Expand Up @@ -106,5 +112,6 @@ export default {
login,
emailVerification,
invalidDummy,
invalidDummy1
invalidDummy1,
adminLogin
};

0 comments on commit 02ae97d

Please sign in to comment.