Skip to content

Commit

Permalink
Merge pull request #57 from tolulope-od/ch-extra-keys-check-165445416
Browse files Browse the repository at this point in the history 
#165445416 Implement LFA feedback on checking for extra keys in request body
  • Loading branch information
@tolulope-od
tolulope-od committed Apr 18, 2019
2 parents 4ca8219 + 09b1d74 commit dca2624
Show file tree
Hide file tree
Showing 6 changed files with 173 additions and 0 deletions.
12 changes: 12 additions & 0 deletions server/validation/accountValidation.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,12 @@ export default class AccountValidation {
* @access private
*/
static validateAccountCreation(req, res, next) {
if (Object.keys(req.body).length > 1) {
return res.status(400).json({
status: 400,
error: 'Only the account type is required'
});
}
const { type } = req.body;

if (isEmpty(type)) {
Expand Down Expand Up @@ -40,6 +46,12 @@ export default class AccountValidation {
* @access private
*/
static validateEditAccount(req, res, next) {
if (Object.keys(req.body).length > 1) {
return res.status(400).json({
status: 400,
error: 'Only the status field is required'
});
}
const { accountNumber } = req.params;
const { status } = req.body;
const isNum = /^\d+$/; // gotten from Scott Evernden on Stack Overflow
Expand Down
12 changes: 12 additions & 0 deletions server/validation/authValidation.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,12 @@ export default class AuthValidation {
* @access public
*/
static validateUserSignup(req, res, next) {
if (Object.keys(req.body).length > 4) {
return res.status(400).json({
status: 400,
error: 'Only first name, last name, email and password fields are required'
});
}
const { firstName, lastName, email, password } = req.body;
// Regular expression to check for valid email address - emailregex.com
const validEmail = /^(([^<>()\[\]\\.,;:\s@"]+(\.[^<>()\[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/;
Expand Down Expand Up @@ -89,6 +95,12 @@ export default class AuthValidation {
* @access public
*/
static validateUserLogIn(req, res, next) {
if (Object.keys(req.body).length > 2) {
return res.status(400).json({
status: 400,
error: 'Only email and password fields are required'
});
}
const { email, password } = req.body;

if (isEmpty(email) && isEmpty(password)) {
Expand Down
12 changes: 12 additions & 0 deletions server/validation/transactionValidation.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,12 @@ export default class TransactionValidation {
* @access private
*/
static validateCreditTransaction(req, res, next) {
if (Object.keys(req.body).length > 1) {
return res.status(400).json({
status: 400,
error: 'Only the credit amount is required'
});
}
const { creditAmount } = req.body;

if (isEmpty(creditAmount)) {
Expand Down Expand Up @@ -49,6 +55,12 @@ export default class TransactionValidation {
* @access private
*/
static validateDebitTransaction(req, res, next) {
if (Object.keys(req.body).length > 1) {
return res.status(400).json({
status: 400,
error: 'Only the debit amount is required'
});
}
const { debitAmount } = req.body;

if (isEmpty(debitAmount)) {
Expand Down
45 changes: 45 additions & 0 deletions test/account.test.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,28 @@ describe('Account Route', () => {
});
});

it('Should not create an account for a new user when an extra key exists in the request', done => {
const newAccount = {
type: 'savings',
something: 'irrelivant'
};
chai
.request(app)
.post(`${API_PREFIX}/accounts`)
.set('Authorization', authToken)
.send(newAccount)
.end((err, res) => {
expect(res.body)
.to.have.property('status')
.eql(400);
expect(res.body)
.to.have.property('error')
.eql('Only the account type is required');
expect(res.status).to.equal(400);
done();
});
});

it('Should not create an account for a staff', done => {
const newAccount = {
type: 'current'
Expand Down Expand Up @@ -230,6 +252,29 @@ describe('Account Route', () => {
});
});

it("Should not edit an account's status when an extra key exists in the request", done => {
const newStatus = {
status: 'draft',
something: 'irrelivant'
};
const accountNumber = 8897654324;
chai
.request(app)
.patch(`${API_PREFIX}/accounts/${accountNumber}`)
.set('Authorization', staffAuthToken)
.send(newStatus)
.end((err, res) => {
expect(res.body)
.to.have.property('status')
.eql(400);
expect(res.body)
.to.have.property('error')
.eql('Only the status field is required');
expect(res.status).to.equal(400);
done();
});
});

it("Should not edit an account's status if a non-staff user accesses the route", done => {
const newStatus = {
status: 'dormant'
Expand Down
46 changes: 46 additions & 0 deletions test/auth.test.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -85,6 +85,30 @@ describe('User Route', () => {
});
});

it('Should not register if an extra key exists in the request body', done => {
const newUser = {
firstName: '',
lastName: 'MarVell',
email: 'captain@marvel.com',
password: 'quantum',
something: 'notnecessary'
};
chai
.request(app)
.post(`${API_PREFIX}/signup`)
.send(newUser)
.end((err, res) => {
expect(res.body)
.to.have.property('status')
.eql(400);
expect(res.body)
.to.have.property('error')
.eql('Only first name, last name, email and password fields are required');
expect(res.status).to.equal(400);
done();
});
});

it('Should not register a user with an empty last name field', done => {
const newUser = {
firstName: 'Carol',
Expand Down Expand Up @@ -267,6 +291,28 @@ describe('User Route', () => {
});
});

it('Should not log in a user when an extra key exists in the request body', done => {
const user = {
email: 'darth@theempire.com',
password: 'password123',
something: 'notuseful'
};
chai
.request(app)
.post(`${API_PREFIX}/signin`)
.send(user)
.end((err, res) => {
expect(res.body)
.to.have.property('status')
.eql(400);
expect(res.body)
.to.have.property('error')
.eql('Only email and password fields are required');
expect(res.status).to.equal(400);
done();
});
});

it('Should not log in a user with an empty email field', done => {
const user = {
email: '',
Expand Down
46 changes: 46 additions & 0 deletions test/transaction.test.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -95,6 +95,29 @@ describe('Transaction Route', () => {
});
});

it('Should not credit an account if the request contains an extra value', done => {
const creditTransaction = {
creditAmount: 500900.05,
something: 'else'
};
const accountNumber = 8897654324;
chai
.request(app)
.post(`${API_PREFIX}/transactions/${accountNumber}/credit`)
.set('Authorization', authToken)
.send(creditTransaction)
.end((err, res) => {
expect(res.body)
.to.have.property('status')
.eql(400);
expect(res.body)
.to.have.property('error')
.eql('Only the credit amount is required');
expect(res.status).to.equal(400);
done();
});
});

it('Should not credit an account that does not exist', done => {
const creditTransaction = {
creditAmount: 500900.05
Expand Down Expand Up @@ -231,6 +254,29 @@ describe('Transaction Route', () => {
});
});

it('Should not debit an account if the request contains an extra value', done => {
const debitTransaction = {
debitAmount: 500900.05,
something: 'else'
};
const accountNumber = 8897654324;
chai
.request(app)
.post(`${API_PREFIX}/transactions/${accountNumber}/debit`)
.set('Authorization', authToken)
.send(debitTransaction)
.end((err, res) => {
expect(res.body)
.to.have.property('status')
.eql(400);
expect(res.body)
.to.have.property('error')
.eql('Only the debit amount is required');
expect(res.status).to.equal(400);
done();
});
});

it('Should not debit an account if an invalid amount is provided', done => {
const debitTransaction = {
debitAmount: '5sggy0d'
Expand Down

0 comments on commit dca2624

Please sign in to comment.