updated docs

2018-03-05 16:29:09 -08:00 · 2018-03-05 16:29:09 -08:00 · 18e1609cb3
commit 18e1609cb3
parent cfc94fd9af
26 changed files with 309 additions and 14 deletions
--- a/test/backend/owner-tests.js
+++ b/test/backend/owner-tests.js
@ -0,0 +1,81 @@
+const assert = require('assert');
+const sinon = require('sinon');
+const proxyquire = require('proxyquire').noCallThru();
+
+const storage = {
+  metadata: sinon.stub()
+};
+
+function request(id, owner_token) {
+  return {
+    params: { id },
+    body: { owner_token }
+  };
+}
+
+function response() {
+  return {
+    sendStatus: sinon.stub()
+  };
+}
+
+const ownerMiddleware = proxyquire('../../server/middleware/owner', {
+  '../storage': storage
+});
+
+describe('Owner Middleware', function() {
+  afterEach(function() {
+    storage.metadata.reset();
+  });
+
+  it('sends a 404 when the id is not found', async function() {
+    const next = sinon.stub();
+    storage.metadata.returns(Promise.resolve(null));
+    const res = response();
+    await ownerMiddleware(request('x', 'y'), res);
+    sinon.assert.notCalled(next);
+    sinon.assert.calledWith(res.sendStatus, 404);
+  });
+
+  it('sends a 401 when the owner_token is missing', async function() {
+    const next = sinon.stub();
+    const meta = { owner: 'y' };
+    storage.metadata.returns(Promise.resolve(meta));
+    const res = response();
+    await ownerMiddleware(request('x', null), res);
+    sinon.assert.notCalled(next);
+    sinon.assert.calledWith(res.sendStatus, 401);
+  });
+
+  it('sends a 401 when the owner_token does not match', async function() {
+    const next = sinon.stub();
+    const meta = { owner: 'y' };
+    storage.metadata.returns(Promise.resolve(meta));
+    const res = response();
+    await ownerMiddleware(request('x', 'z'), res);
+    sinon.assert.notCalled(next);
+    sinon.assert.calledWith(res.sendStatus, 401);
+  });
+
+  it('sends a 401 if the metadata call fails', async function() {
+    const next = sinon.stub();
+    storage.metadata.returns(Promise.reject(new Error()));
+    const res = response();
+    await ownerMiddleware(request('x', 'y'), res);
+    sinon.assert.notCalled(next);
+    sinon.assert.calledWith(res.sendStatus, 401);
+  });
+
+  it('sets req.meta and req.authorized on successful auth', async function() {
+    const next = sinon.stub();
+    const meta = { owner: 'y' };
+    storage.metadata.returns(Promise.resolve(meta));
+    const req = request('x', 'y');
+    const res = response();
+    await ownerMiddleware(req, res, next);
+    assert.equal(req.meta, meta);
+    assert.equal(req.authorized, true);
+    sinon.assert.notCalled(res.sendStatus);
+    sinon.assert.calledOnce(next);
+  });
+});