Preparatory Work for Smaller user doc (WIP) (#10245)

* protect all paths in user.pre(save using this.isDirectSelected to see if a field is available * fix linting * authWithHeaders: specify user fields to exclude instead of the ones to include, add comments, doc and improve test * add more options to unit helper generateReq and add tests for excluding fields in authWithHeaders
2025-12-18 23:27:26 +01:00 · 2018-04-12 21:17:47 +02:00
parent ace02893e5
commit 1ea9be8aa2
6 changed files with 90 additions and 31 deletions
--- a/test/api/v3/unit/middlewares/auth.test.js
+++ b/test/api/v3/unit/middlewares/auth.test.js
@@ -0,0 +1,40 @@
+import {
+  generateRes,
+  generateReq,
+} from '../../../../helpers/api-unit.helper';
+import { authWithHeaders as authWithHeadersFactory } from '../../../../../website/server/middlewares/auth';
+
+describe('auth middleware', () => {
+  let res, req, user;
+
+  beforeEach(async () => {
+    res = generateRes();
+    req = generateReq();
+    user = await res.locals.user.save();
+  });
+
+  describe('auth with headers', () => {
+    it('allows to specify a list of user field that we do not want to load', (done) => {
+      const authWithHeaders = authWithHeadersFactory(false, {
+        userFieldsToExclude: ['items', 'flags', 'auth.timestamps'],
+      });
+
+      req.headers['x-api-user'] = user._id;
+      req.headers['x-api-key'] = user.apiToken;
+
+      authWithHeaders(req, res, (err) => {
+        if (err) return done(err);
+
+        const userToJSON = res.locals.user.toJSON();
+        expect(userToJSON.items).to.not.exist;
+        expect(userToJSON.flags).to.not.exist;
+        expect(userToJSON.auth.timestamps).to.not.exist;
+        expect(userToJSON.auth).to.exist;
+        expect(userToJSON.notifications).to.exist;
+        expect(userToJSON.preferences).to.exist;
+
+        done();
+      });
+    });
+  });
+});