139 lines
5.1 KiB
TypeScript
139 lines
5.1 KiB
TypeScript
import { beforeEach, describe, expect, it, vi } from 'vitest'
|
|
import { createEvent, mockSuccessReadBody } from './setup'
|
|
|
|
vi.mock('../server/utils/auth.js', () => ({
|
|
getUserFromToken: vi.fn(),
|
|
readUsers: vi.fn(),
|
|
writeUsers: vi.fn()
|
|
}))
|
|
|
|
vi.mock('nodemailer', () => {
|
|
const sendMail = vi.fn().mockResolvedValue(true)
|
|
const createTransport = vi.fn(() => ({ sendMail }))
|
|
return {
|
|
default: { createTransport },
|
|
createTransport
|
|
}
|
|
})
|
|
|
|
const authUtils = await import('../server/utils/auth.js')
|
|
const nodemailer = await import('nodemailer')
|
|
|
|
import usersListHandler from '../server/api/cms/users/list.get.js'
|
|
import usersApproveHandler from '../server/api/cms/users/approve.post.js'
|
|
import usersDeactivateHandler from '../server/api/cms/users/deactivate.post.js'
|
|
import usersRejectHandler from '../server/api/cms/users/reject.post.js'
|
|
import usersUpdateRoleHandler from '../server/api/cms/users/update-role.post.js'
|
|
|
|
describe('CMS User Management Endpoints', () => {
|
|
beforeEach(() => {
|
|
vi.clearAllMocks()
|
|
})
|
|
|
|
const adminEvent = () => {
|
|
const event = createEvent({ cookies: { auth_token: 'token' } })
|
|
authUtils.getUserFromToken.mockResolvedValue({ id: 'admin', role: 'admin' })
|
|
return event
|
|
}
|
|
|
|
describe('GET /api/cms/users/list', () => {
|
|
it('verweigert Zugriff für Nicht-Admins', async () => {
|
|
const event = createEvent({ cookies: { auth_token: 'token' } })
|
|
authUtils.getUserFromToken.mockResolvedValue({ id: 'user', role: 'mitglied' })
|
|
|
|
await expect(usersListHandler(event)).rejects.toMatchObject({ statusCode: 403 })
|
|
})
|
|
|
|
it('liefert Benutzerliste ohne Passwörter', async () => {
|
|
const event = adminEvent()
|
|
authUtils.readUsers.mockResolvedValue([{ id: '1', email: 'a@b.de', name: 'Anna', role: 'mitglied', phone: '1', active: true, created: 'now', lastLogin: null, password: 'secret' }])
|
|
|
|
const response = await usersListHandler(event)
|
|
expect(response.users[0]).not.toHaveProperty('password')
|
|
expect(response.users).toHaveLength(1)
|
|
})
|
|
})
|
|
|
|
describe('POST /api/cms/users/approve', () => {
|
|
it('erfordert administrative Rolle', async () => {
|
|
const event = createEvent({ cookies: { auth_token: 'token' } })
|
|
authUtils.getUserFromToken.mockResolvedValue({ id: 'user', role: 'mitglied' })
|
|
mockSuccessReadBody({ userId: '1' })
|
|
|
|
await expect(usersApproveHandler(event)).rejects.toMatchObject({ statusCode: 403 })
|
|
})
|
|
|
|
it('meldet 404 bei unbekanntem Benutzer', async () => {
|
|
const event = adminEvent()
|
|
mockSuccessReadBody({ userId: '1' })
|
|
authUtils.readUsers.mockResolvedValue([])
|
|
|
|
await expect(usersApproveHandler(event)).rejects.toMatchObject({ statusCode: 404 })
|
|
})
|
|
|
|
it('aktiviert Benutzer und sendet Mail', async () => {
|
|
const event = adminEvent()
|
|
mockSuccessReadBody({ userId: '1', role: 'vorstand' })
|
|
authUtils.readUsers.mockResolvedValue([{ id: '1', email: 'user@test.de', name: 'Udo', active: false }])
|
|
authUtils.writeUsers.mockResolvedValue(true)
|
|
|
|
const response = await usersApproveHandler(event)
|
|
expect(response.success).toBe(true)
|
|
expect(authUtils.writeUsers).toHaveBeenCalled()
|
|
expect(nodemailer.default.createTransport).toHaveBeenCalled()
|
|
})
|
|
})
|
|
|
|
describe('POST /api/cms/users/deactivate', () => {
|
|
it('verhindert Selbst-Deaktivierung', async () => {
|
|
const event = adminEvent()
|
|
mockSuccessReadBody({ userId: 'admin' })
|
|
await expect(usersDeactivateHandler(event)).rejects.toMatchObject({ statusCode: 400 })
|
|
})
|
|
|
|
it('deaktiviert Benutzer', async () => {
|
|
const event = adminEvent()
|
|
mockSuccessReadBody({ userId: '1' })
|
|
authUtils.readUsers.mockResolvedValue([{ id: '1', active: true }])
|
|
authUtils.writeUsers.mockResolvedValue(true)
|
|
|
|
const response = await usersDeactivateHandler(event)
|
|
expect(response.success).toBe(true)
|
|
expect(authUtils.writeUsers).toHaveBeenCalled()
|
|
})
|
|
})
|
|
|
|
describe('POST /api/cms/users/reject', () => {
|
|
it('löscht Benutzer aus der Liste', async () => {
|
|
const event = adminEvent()
|
|
mockSuccessReadBody({ userId: '2' })
|
|
authUtils.readUsers.mockResolvedValue([{ id: '1' }, { id: '2' }])
|
|
authUtils.writeUsers.mockResolvedValue(true)
|
|
|
|
const response = await usersRejectHandler(event)
|
|
expect(response.success).toBe(true)
|
|
expect(authUtils.writeUsers).toHaveBeenCalledWith([{ id: '1' }])
|
|
})
|
|
})
|
|
|
|
describe('POST /api/cms/users/update-role', () => {
|
|
it('validiert Rolle', async () => {
|
|
const event = adminEvent()
|
|
mockSuccessReadBody({ userId: '1', role: 'invalid' })
|
|
|
|
await expect(usersUpdateRoleHandler(event)).rejects.toMatchObject({ statusCode: 400 })
|
|
})
|
|
|
|
it('aktualisiert Rolle', async () => {
|
|
const event = adminEvent()
|
|
mockSuccessReadBody({ userId: '1', role: 'vorstand' })
|
|
authUtils.readUsers.mockResolvedValue([{ id: '1', role: 'mitglied' }])
|
|
authUtils.writeUsers.mockResolvedValue(true)
|
|
|
|
const response = await usersUpdateRoleHandler(event)
|
|
expect(response.success).toBe(true)
|
|
expect(authUtils.writeUsers).toHaveBeenCalled()
|
|
})
|
|
})
|
|
})
|