krikkert/habitica
1
0
Fork 0
mirror of https://github.com/HabitRPG/habitica.git synced 2025-12-16 22:27:26 +01:00
Code Issues Packages Projects Releases Wiki Activity

starts writing tests for tasks, fix errors in auth middleware and tasks methods

Browse Source
This commit is contained in:
Matteo Pagliazzi
2015-12-03 17:48:32 +01:00
parent 62708d4365
commit 506609cc29
4 changed files with 67 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
test/api/v3/integration/tasks/POST-create_task.test.js Normal file
View File

@@ -0,0 +1,31 @@
import {
generateUser,
requester,
translate as t,
} from '../../../../helpers/api-integration.helper';
import { v4 as generateRandomUserName } from 'uuid';
import { each } from 'lodash';
describe('POST /tasks', () => {
let user;
let api;
before(() => {
return generateUser().then((generatedUser) => {
user = generatedUser;
api = requester(user);
});
});
context('checks "type" is present and a valid value', () => {
it('returns an error if req.body.type is absent', () => {
expect(api.post('/tasks', {
notType: 'habit',
})).to.eventually.be.rejected.and.eql({
code: 400,
error: 'BadRequest',
message: t('invalidReqParams'),
});
});
});
});

2
website/src/controllers/api-v3/auth.js
View File

@@ -44,7 +44,6 @@ api.registerLocal = {
}); });
let validationErrors = req.validationErrors(); let validationErrors = req.validationErrors();
if (validationErrors) return next(validationErrors); if (validationErrors) return next(validationErrors);
let { email, username, password } = req.body; let { email, username, password } = req.body;
@@ -152,7 +151,6 @@ api.loginLocal = {
}); });
let validationErrors = req.validationErrors(); let validationErrors = req.validationErrors();
if (validationErrors) return next(validationErrors); if (validationErrors) return next(validationErrors);
req.sanitizeBody('username').trim(); req.sanitizeBody('username').trim();

33
website/src/controllers/api-v3/tasks.js
View File

@@ -25,6 +25,9 @@ api.createTask = {
handler (req, res, next) { handler (req, res, next) {
req.checkBody('type', res.t('invalidTaskType')).notEmpty().isIn(Tasks.tasksTypes); req.checkBody('type', res.t('invalidTaskType')).notEmpty().isIn(Tasks.tasksTypes);
let validationErrors = req.validationErrors();
if (validationErrors) return next(validationErrors);
let user = res.locals.user; let user = res.locals.user;
let taskType = req.body.type; let taskType = req.body.type;
@@ -60,6 +63,9 @@ api.getTasks = {
handler (req, res, next) { handler (req, res, next) {
req.checkQuery('type', res.t('invalidTaskType')).isIn(Tasks.tasksTypes); req.checkQuery('type', res.t('invalidTaskType')).isIn(Tasks.tasksTypes);
let validationErrors = req.validationErrors();
if (validationErrors) return next(validationErrors);
let user = res.locals.user; let user = res.locals.user;
let query = {userId: user._id}; let query = {userId: user._id};
let type = req.query.type; let type = req.query.type;
@@ -115,6 +121,9 @@ api.getTask = {
req.checkParams('taskId', res.t('taskIdRequired')).notEmpty().isUUID(); req.checkParams('taskId', res.t('taskIdRequired')).notEmpty().isUUID();
let validationErrors = req.validationErrors();
if (validationErrors) return next(validationErrors);
Tasks.Task.findOne({ Tasks.Task.findOne({
_id: req.params.taskId, _id: req.params.taskId,
userId: user._id, userId: user._id,
@@ -147,6 +156,9 @@ api.updateTask = {
req.checkParams('taskId', res.t('taskIdRequired')).notEmpty().isUUID(); req.checkParams('taskId', res.t('taskIdRequired')).notEmpty().isUUID();
// TODO check that req.body isn't empty // TODO check that req.body isn't empty
let validationErrors = req.validationErrors();
if (validationErrors) return next(validationErrors);
Tasks.Task.findOne({ Tasks.Task.findOne({
_id: req.params.taskId, _id: req.params.taskId,
userId: user._id, userId: user._id,
@@ -188,6 +200,9 @@ api.scoreTask = {
req.checkParams('taskId', res.t('taskIdRequired')).notEmpty().isUUID(); req.checkParams('taskId', res.t('taskIdRequired')).notEmpty().isUUID();
req.checkParams('direction', res.t('directionUpDown')).notEmpty().isIn(['up', 'down']); req.checkParams('direction', res.t('directionUpDown')).notEmpty().isIn(['up', 'down']);
let validationErrors = req.validationErrors();
if (validationErrors) return next(validationErrors);
let user = res.locals.user; let user = res.locals.user;
Tasks.Task.findOne({ Tasks.Task.findOne({
@@ -223,6 +238,9 @@ api.moveTask = {
req.checkParams('taskId', res.t('taskIdRequired')).notEmpty().isUUID(); req.checkParams('taskId', res.t('taskIdRequired')).notEmpty().isUUID();
req.checkParams('position', res.t('positionRequired')).notEmpty().isNumeric(); req.checkParams('position', res.t('positionRequired')).notEmpty().isNumeric();
let validationErrors = req.validationErrors();
if (validationErrors) return next(validationErrors);
let user = res.locals.user; let user = res.locals.user;
let to = Number(req.params.position); let to = Number(req.params.position);
@@ -274,6 +292,9 @@ api.addChecklistItem = {
req.checkParams('taskId', res.t('taskIdRequired')).notEmpty().isUUID(); req.checkParams('taskId', res.t('taskIdRequired')).notEmpty().isUUID();
// TODO check that req.body isn't empty and is an array // TODO check that req.body isn't empty and is an array
let validationErrors = req.validationErrors();
if (validationErrors) return next(validationErrors);
Tasks.Task.findOne({ Tasks.Task.findOne({
_id: req.params.taskId, _id: req.params.taskId,
userId: user._id, userId: user._id,
@@ -311,6 +332,9 @@ api.scoreCheckListItem = {
req.checkParams('taskId', res.t('taskIdRequired')).notEmpty().isUUID(); req.checkParams('taskId', res.t('taskIdRequired')).notEmpty().isUUID();
req.checkParams('itemId', res.t('itemIdRequired')).notEmpty().isUUID(); req.checkParams('itemId', res.t('itemIdRequired')).notEmpty().isUUID();
let validationErrors = req.validationErrors();
if (validationErrors) return next(validationErrors);
Tasks.Task.findOne({ Tasks.Task.findOne({
_id: req.params.taskId, _id: req.params.taskId,
userId: user._id, userId: user._id,
@@ -351,6 +375,9 @@ api.updateChecklistItem = {
req.checkParams('taskId', res.t('taskIdRequired')).notEmpty().isUUID(); req.checkParams('taskId', res.t('taskIdRequired')).notEmpty().isUUID();
req.checkParams('itemId', res.t('itemIdRequired')).notEmpty().isUUID(); req.checkParams('itemId', res.t('itemIdRequired')).notEmpty().isUUID();
let validationErrors = req.validationErrors();
if (validationErrors) return next(validationErrors);
Tasks.Task.findOne({ Tasks.Task.findOne({
_id: req.params.taskId, _id: req.params.taskId,
userId: user._id, userId: user._id,
@@ -392,6 +419,9 @@ api.removeChecklistItem = {
req.checkParams('taskId', res.t('taskIdRequired')).notEmpty().isUUID(); req.checkParams('taskId', res.t('taskIdRequired')).notEmpty().isUUID();
req.checkParams('itemId', res.t('itemIdRequired')).notEmpty().isUUID(); req.checkParams('itemId', res.t('itemIdRequired')).notEmpty().isUUID();
let validationErrors = req.validationErrors();
if (validationErrors) return next(validationErrors);
Tasks.Task.findOne({ Tasks.Task.findOne({
_id: req.params.taskId, _id: req.params.taskId,
userId: user._id, userId: user._id,
@@ -446,6 +476,9 @@ api.deleteTask = {
req.checkParams('taskId', res.t('taskIdRequired')).notEmpty().isUUID(); req.checkParams('taskId', res.t('taskIdRequired')).notEmpty().isUUID();
let validationErrors = req.validationErrors();
if (validationErrors) return next(validationErrors);
Tasks.Task.findOne({ Tasks.Task.findOne({
_id: req.params.taskId, _id: req.params.taskId,
userId: user._id, userId: user._id,

5
website/src/middlewares/api-v3/auth.js
View File

@@ -11,8 +11,8 @@ import {
// If optional is true, don't error on missing authentication // If optional is true, don't error on missing authentication
export function authWithHeaders (optional = false) { export function authWithHeaders (optional = false) {
return function authWithHeadersHandler (req, res, next) { return function authWithHeadersHandler (req, res, next) {
let userId = req.header['x-api-user']; let userId = req.header('x-api-user');
let apiToken = req.header['x-api-key']; let apiToken = req.header('x-api-key');
if (!userId || !apiToken) { if (!userId || !apiToken) {
if (optional) return next(); if (optional) return next();
@@ -30,6 +30,7 @@ export function authWithHeaders (optional = false) {
res.locals.user = user; res.locals.user = user;
// TODO use either session/cookie or headers, not both // TODO use either session/cookie or headers, not both
req.session = req.session || {};
req.session.userId = user._id; req.session.userId = user._id;
next(); next();
}) })