refactor: Move auth route tests to auth folder

test/api/v3/integration/user/auth/PUT-user_update_email.test.js

@@ -0,0 +1,77 @@
+import {
+  generateUser,
+  translate as t,
+} from '../../../../../helpers/api-v3-integration.helper';
+import { model as User } from '../../../../../../website/src/models/user';
+
+describe('PUT /user/auth/update-email', () => {
+  let user;
+  let fbUser;
+  let endpoint = '/user/auth/update-email';
+  let newEmail = 'some-new-email_2@example.net';
+  let thePassword = 'password'; // from habitrpg/test/helpers/api-integration/v3/object-generators.js
+
+  describe('local user', async () => {
+    beforeEach(async () => {
+      user = await generateUser();
+    });
+
+    it('does not change email if one is not provided', async () => {
+      await expect(user.put(endpoint)).to.eventually.be.rejected.and.eql({
+        code: 400,
+        error: 'BadRequest',
+        message: t('invalidReqParams'),
+      });
+    });
+
+    it('does not change email if password is not provided', async () => {
+      await expect(user.put(endpoint, {
+        newEmail,
+      })).to.eventually.be.rejected.and.eql({
+        code: 400,
+        error: 'BadRequest',
+        message: t('invalidReqParams'),
+      });
+    });
+
+    it('does not change email if wrong password is provided', async () => {
+      await expect(user.put(endpoint, {
+        newEmail,
+        password: 'wrong password',
+      })).to.eventually.be.rejected.and.eql({
+        code: 401,
+        error: 'NotAuthorized',
+        message: t('wrongPassword'),
+      });
+    });
+
+    it('changes email if new email and existing password are provided', async () => {
+      let response = await user.put(endpoint, {
+        newEmail,
+        password: thePassword,
+      });
+      expect(response).to.eql({ email: 'some-new-email_2@example.net' });
+      let id = user._id;
+      user = await User.findOne({ _id: id });
+      expect(user.auth.local.email).to.eql(newEmail);
+    });
+  });
+
+  describe('facebook user', async () => {
+    beforeEach(async () => {
+      fbUser = await generateUser();
+      await fbUser.update({ 'auth.local': { ok: true } });
+    });
+
+    it('does not change email if user.auth.local.email does not exist for this user', async () => {
+      await expect(fbUser.put(endpoint, {
+        newEmail,
+        password: thePassword,
+      })).to.eventually.be.rejected.and.eql({
+        code: 400,
+        error: 'BadRequest',
+        message: t('userHasNoLocalRegistration'),
+      });
+    });
+  });
+});

test/api/v3/integration/user/auth/PUT-user_update_password.test.js

@@ -0,0 +1,52 @@
+import {
+  generateUser,
+  translate as t,
+} from '../../../../../helpers/api-v3-integration.helper';
+
+describe('PUT /user/auth/update-password', async () => {
+  let endpoint = '/user/auth/update-password';
+  let user;
+  let password = 'password';
+  let wrongPassword = 'wrong-password';
+  let newPassword = 'new-password';
+
+  beforeEach(async () => {
+    user = await generateUser();
+  });
+
+  it('successfully changes the password', async () => {
+    let previousHashedPassword = user.auth.local.hashed_password;
+    let response = await user.put(endpoint, {
+      password,
+      newPassword,
+      confirmPassword: newPassword,
+    });
+    expect(response).to.eql({});
+    await user.sync();
+    expect(user.auth.local.hashed_password).to.not.eql(previousHashedPassword);
+  });
+
+  it('new passwords mismatch', async () => {
+    await expect(user.put(endpoint, {
+      password,
+      newPassword,
+      confirmPassword: `${newPassword}-wrong-confirmation`,
+    })).to.eventually.be.rejected.and.eql({
+      code: 401,
+      error: 'NotAuthorized',
+      message: t('passwordConfirmationMatch'),
+    });
+  });
+
+  it('existing password is wrong', async () => {
+    await expect(user.put(endpoint, {
+      password: wrongPassword,
+      newPassword,
+      confirmPassword: newPassword,
+    })).to.eventually.be.rejected.and.eql({
+      code: 401,
+      error: 'NotAuthorized',
+      message: t('wrongPassword'),
+    });
+  });
+});

test/api/v3/integration/user/auth/PUT-user_update_username.test.js

@@ -0,0 +1,87 @@
+import {
+  generateUser,
+  translate as t,
+} from '../../../../../helpers/api-v3-integration.helper';
+import { model as User } from '../../../../../../website/src/models/user';
+
+describe('PUT /user/auth/update-username', async () => {
+  let endpoint = '/user/auth/update-username';
+  let user;
+  let newUsername = 'new-username';
+  let existingUsername = 'existing-username';
+  let password = 'password'; // from habitrpg/test/helpers/api-integration/v3/object-generators.js
+  let wrongPassword = 'wrong-password';
+
+  beforeEach(async () => {
+    user = await generateUser();
+  });
+
+  it('successfully changes username', async () => {
+    let response = await user.put(endpoint, {
+      username: newUsername,
+      password,
+    });
+    expect(response).to.eql({ username: newUsername });
+    user = await User.findOne({ _id: user._id });
+    expect(user.auth.local.username).to.eql(newUsername);
+  });
+
+  context('errors', async () => {
+    describe('new username is unavailable', async () => {
+      beforeEach(async () => {
+        user = await generateUser();
+        await user.update({'auth.local.username': existingUsername, 'auth.local.lowerCaseUsername': existingUsername });
+      });
+
+      it('prevents username update', async () => {
+        await expect(user.put(endpoint, {
+          username: existingUsername,
+          password,
+        })).to.eventually.be.rejected.and.eql({
+          code: 400,
+          error: 'BadRequest',
+          message: t('usernameTaken'),
+        });
+      });
+    });
+
+    it('password is wrong', async () => {
+      await expect(user.put(endpoint, {
+        username: newUsername,
+        password: wrongPassword,
+      })).to.eventually.be.rejected.and.eql({
+        code: 401,
+        error: 'NotAuthorized',
+        message: t('wrongPassword'),
+      });
+    });
+
+    describe('social-only user', async () => {
+      beforeEach(async () => {
+        user = await generateUser();
+        await user.update({ 'auth.local': { ok: true } });
+      });
+
+      it('prevents username update', async () => {
+        await expect(user.put(endpoint, {
+          username: newUsername,
+          password,
+        })).to.eventually.be.rejected.and.eql({
+          code: 400,
+          error: 'BadRequest',
+          message: t('userHasNoLocalRegistration'),
+        });
+      });
+    });
+
+    it('new username is not provided', async () => {
+      await expect(user.put(endpoint, {
+        password,
+      })).to.eventually.be.rejected.and.eql({
+        code: 400,
+        error: 'BadRequest',
+        message: t('invalidReqParams'),
+      });
+    });
+  });
+});