Skip to content

test: use fresh request(app) inside describe('Logout') blocks (#3472) #3490

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
PierreBrisorgueil merged 1 commit into from
Apr 23, 2026
+32 −20
Merged

test: use fresh request(app) inside describe('Logout') blocks (#3472) #3490

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 19 additions & 13 deletions modules/home/tests/home.integration.tests.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ import config from '../../../config/index.js';
* Unit tests
*/
describe('Home integration tests:', () => {
let app; // Express app instance for fresh (unauthenticated) requests (#3472)
let agent;
let HomeService;
let adminToken;
Expand All @@ -40,7 +41,8 @@ describe('Home integration tests:', () => {
config.organizations.enabled = false;
const init = await bootstrap();
HomeService = (await import(path.resolve('./modules/home/services/home.service.js'))).default;
agent = request.agent(init.app);
app = init.app;
agent = request.agent(app);

// Create admin user and sign JWT for health endpoint test
const User = mongoose.model('User');
Expand Down Expand Up @@ -72,24 +74,28 @@ describe('Home integration tests:', () => {
}
});

// Public ("logged out") route tests. Use a fresh `request(app)` per test
// instead of the shared `agent` so no cookie state from this block leaks
// into later describes (#3472). Auth-required cases still use explicit
// `set('Cookie', 'TOKEN=...')` headers derived from JWTs.
describe('Logout', () => {
test('should be able to get releases', async () => {
const result = await agent.get('/api/home/releases').expect(200);
const result = await request(app).get('/api/home/releases').expect(200);
expect(result.body.type).toBe('success');
expect(result.body.message).toBe('releases');
expect(result.body.data).toBeInstanceOf(Array);
});

test('should be able to get changelogs', async () => {
const result = await agent.get('/api/home/changelogs').expect(200);
const result = await request(app).get('/api/home/changelogs').expect(200);
expect(result.body.type).toBe('success');
expect(result.body.message).toBe('changelogs');
expect(result.body.data).toBeInstanceOf(Array);
});

test('should be able to get team members', async () => {
try {
const result = await agent.get('/api/home/team').expect(200);
const result = await request(app).get('/api/home/team').expect(200);
expect(result.body.type).toBe('success');
expect(result.body.message).toBe('team list');
expect(result.body.data).toBeInstanceOf(Array);
Expand All @@ -101,7 +107,7 @@ describe('Home integration tests:', () => {

test('should be able to get an existing page', async () => {
try {
const result = await agent.get('/api/home/pages/terms').expect(200);
const result = await request(app).get('/api/home/pages/terms').expect(200);
expect(result.body.type).toBe('success');
expect(result.body.message).toBe('page');
expect(result.body.data[0].title).toBe('Terms');
Expand All @@ -115,7 +121,7 @@ describe('Home integration tests:', () => {

test('should be able to catch error of unknown page', async () => {
try {
const result = await agent.get('/api/home/pages/test').expect(404);
const result = await request(app).get('/api/home/pages/test').expect(404);
expect(result.body.type).toBe('error');
expect(result.body.message).toBe('Not Found');
expect(result.body.description).toBe('No page with that name has been found');
Expand All @@ -127,15 +133,15 @@ describe('Home integration tests:', () => {

test('should return empty releases gracefully when GitHub API fails', async () => {
axios.get.mockRejectedValueOnce(new Error('GitHub API unavailable'));
const result = await agent.get('/api/home/releases').expect(200);
const result = await request(app).get('/api/home/releases').expect(200);
expect(result.body.type).toBe('success');
expect(result.body.message).toBe('releases');
expect(result.body.data).toEqual([]);
});

test('should return empty changelogs gracefully when GitHub API fails', async () => {
axios.get.mockRejectedValueOnce(new Error('GitHub API unavailable'));
const result = await agent.get('/api/home/changelogs').expect(200);
const result = await request(app).get('/api/home/changelogs').expect(200);
expect(result.body.type).toBe('success');
expect(result.body.message).toBe('changelogs');
expect(result.body.data).toEqual([]);
Expand All @@ -146,7 +152,7 @@ describe('Home integration tests:', () => {
axios.get.mockClear();
// Temporarily set a fake token to cover the token-truthy branch in home.service releases()
config.repos = originalRepos.map((repo) => ({ ...repo, token: 'fake-test-token' }));
const result = await agent.get('/api/home/releases').expect(200);
const result = await request(app).get('/api/home/releases').expect(200);
expect(result.body.type).toBe('success');
const releaseCalls = axios.get.mock.calls.filter(([url]) => url.includes('/releases'));
expect(releaseCalls.length).toBeGreaterThan(0);
Expand All @@ -160,7 +166,7 @@ describe('Home integration tests:', () => {
const originalRepos = config.repos;
axios.get.mockClear();
config.repos = originalRepos.map((repo) => ({ ...repo, token: 'fake-test-token' }));
const result = await agent.get('/api/home/changelogs').expect(200);
const result = await request(app).get('/api/home/changelogs').expect(200);
expect(result.body.type).toBe('success');
const changelogCalls = axios.get.mock.calls.filter(([url]) => url.includes('/contents/'));
expect(changelogCalls.length).toBeGreaterThan(0);
Expand All @@ -171,15 +177,15 @@ describe('Home integration tests:', () => {
});

test('should return minimal health status without auth', async () => {
const result = await agent.get('/api/health').expect(200);
const result = await request(app).get('/api/health').expect(200);
expect(result.body.type).toBe('success');
expect(result.body.data.status).toBe('ok');
expect(result.body.data.db).toBeUndefined();
expect(result.body.data.memory).toBeUndefined();
});

test('should return detailed health status for admin', async () => {
const result = await agent.get('/api/health').set('Cookie', `TOKEN=${adminToken}`).expect(200);
const result = await request(app).get('/api/health').set('Cookie', `TOKEN=${adminToken}`).expect(200);
expect(result.body.type).toBe('success');
expect(result.body.data.status).toBe('ok');
expect(result.body.data.db).toBe('connected');
Expand All @@ -196,7 +202,7 @@ describe('Home integration tests:', () => {
version: '0.0.0',
memory: process.memoryUsage(),
});
const result = await agent.get('/api/health').expect(503);
const result = await request(app).get('/api/health').expect(503);
expect(result.body.type).toBe('error');
expect(result.body.message).toBe('Service Unavailable');
});
Expand Down
20 changes: 13 additions & 7 deletions modules/users/tests/user.account.integration.tests.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ import mongooseService from '../../../lib/services/mongoose.js';
*/
describe('User integration tests:', () => {
let UserService = null;
let app; // Express app instance for fresh (unauthenticated) requests (#3472)
let agent;
let credentials;
let user;
Expand All @@ -27,7 +28,8 @@ describe('User integration tests:', () => {
try {
const init = await bootstrap();
UserService = (await import(path.resolve('./modules/users/services/users.service.js'))).default;
agent = request.agent(init.app);
app = init.app;
agent = request.agent(app);
} catch (err) {
console.log(err);
expect(err).toBeFalsy();
Expand Down Expand Up @@ -415,10 +417,14 @@ describe('User integration tests:', () => {
});
});

// Unauthenticated ("logged out") route tests. Use a fresh `request(app)` per
// test instead of the shared `agent` so a stale cookie from a previous
// describe block (user deleted in afterEach) can never invalidate subsequent
// authenticated tests in later describes. See #3472.
describe('Logout', () => {
test('should not be able to update Terms sign date if not logged in', async () => {
try {
await agent.get('/api/users/terms').expect(401);
await request(app).get('/api/users/terms').expect(401);
} catch (err) {
console.log(err);
expect(err).toBeFalsy();
Expand All @@ -427,7 +433,7 @@ describe('User integration tests:', () => {

test('should not be able to change user own password if not signed in', async () => {
try {
await agent
await request(app)
.post('/api/users/password')
.send({
newPassword: '1234567890Aa$',
Expand All @@ -445,7 +451,7 @@ describe('User integration tests:', () => {

test('should not be able to get any user details if not logged in', async () => {
try {
await agent.get('/api/users/me').expect(401);
await request(app).get('/api/users/me').expect(401);
// TODO error message
// result.body.message.should.equal('User is not signed in');
} catch (err) {
Expand All @@ -461,7 +467,7 @@ describe('User integration tests:', () => {
lastName: 'user_update_last',
};

await agent.put('/api/users').send(userUpdate).expect(401);
await request(app).put('/api/users').send(userUpdate).expect(401);
// TODO error message
// result.body.message.should.equal('User is not signed in');
} catch (err) {
Expand All @@ -472,7 +478,7 @@ describe('User integration tests:', () => {

test('should not be able to update own user profile avatar without being logged-in', async () => {
try {
await agent.post('/api/users/avatar').send({}).expect(401);
await request(app).post('/api/users/avatar').send({}).expect(401);
// TODO error message
// result.body.message.should.equal('User is not signed in');
} catch (err) {
Expand All @@ -483,7 +489,7 @@ describe('User integration tests:', () => {

test('should be able to get a users stats', async () => {
try {
const result = await agent.get('/api/users/stats').expect(200);
const result = await request(app).get('/api/users/stats').expect(200);
expect(result.body.type).toBe('success');
expect(result.body.message).toBe('users stats');
} catch (err) {
Expand Down
Loading