versia-pub/server
2
0
Fork 0
mirror of https://github.com/versia-pub/server.git synced 2026-03-13 05:49:16 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

test(api): Remove old tests and introduce new, better ones
Some checks failed
CodeQL Scan / Analyze (javascript-typescript) (push) Failing after 6s
Details
Build Docker Images / lint (push) Successful in 50s
Details
Build Docker Images / check (push) Successful in 1m24s
Details
Build Docker Images / tests (push) Failing after 8s
Details
Build Docker Images / build (server, Dockerfile, ${{ github.repository_owner }}/server) (push) Has been skipped
Details
Build Docker Images / build (worker, Worker.Dockerfile, ${{ github.repository_owner }}/worker) (push) Has been skipped
Details
Deploy Docs to GitHub Pages / build (push) Failing after 15s
Details
Mirror to Codeberg / Mirror (push) Failing after 0s
Details
Deploy Docs to GitHub Pages / Deploy (push) Has been skipped
Details
Nix Build / check (push) Failing after 33m5s
Details

Browse source
This commit is contained in:
Jesse Wierzbinski 2025-03-23 03:34:17 +01:00
parent f1ef85b314
commit ec506241f0
No known key found for this signature in database
23 changed files with 819 additions and 1001 deletions
Download patch file Download diff file Expand all files Collapse all files

55
tests/api.test.ts
View file

@ -1,55 +0,0 @@
import { afterAll, describe, expect, test } from "bun:test";
import { fakeRequest, getTestUsers } from "./utils.ts";
const { tokens, deleteUsers } = await getTestUsers(1);
describe("API Tests", () => {
afterAll(async () => {
await deleteUsers();
});
test("Try sending FormData without a boundary", async () => {
const formData = new FormData();
formData.append("test", "test");
const response = await fakeRequest("/api/v1/statuses", {
method: "POST",
headers: {
Authorization: `Bearer ${tokens[0].data.accessToken}`,
"Content-Type": "multipart/form-data",
},
body: formData,
});
expect(response.status).toBe(400);
const data = await response.json();
expect(data.error).toBeString();
expect(data.details).toContain("https://stackoverflow.com");
});
// Now automatically mitigated by the server
/* test("try sending a request with a different origin", async () => {
if (config.http.base_url.protocol === "http:") {
return;
}
const response = await fakeRequest(
"/api/v1/instance",
base_url.replace("https://", "http://"),
),
{
method: "GET",
headers: {
Authorization: `Bearer ${tokens[0].data.accessToken}`,
},
},
),
);
expect(response.status).toBe(400);
const data = await response.json();
expect(data.error).toContain("does not match base URL");
}); */
});

411
tests/api/accounts.test.ts
View file

@ -1,411 +0,0 @@
/**
* @deprecated
*/
import { afterAll, describe, expect, test } from "bun:test";
import type { z } from "@hono/zod-openapi";
import type { Account, Relationship } from "@versia/client/schemas";
import { config } from "~/config.ts";
import { fakeRequest, getTestUsers } from "~/tests/utils";
const { users, tokens, deleteUsers } = await getTestUsers(2);
const user = users[0];
const user2 = users[1];
const token = tokens[0];
afterAll(async () => {
await deleteUsers();
});
const getFormData = (
object: Record<string, string | number | boolean>,
): FormData =>
Object.keys(object).reduce((formData, key) => {
formData.append(key, String(object[key]));
return formData;
}, new FormData());
describe("API Tests", () => {
describe("PATCH /api/v1/accounts/update_credentials", () => {
test("should update the authenticated user's display name", async () => {
const response = await fakeRequest(
"/api/v1/accounts/update_credentials",
{
method: "PATCH",
headers: {
Authorization: `Bearer ${token.data.accessToken}`,
},
body: getFormData({
display_name: "New Display Name",
}),
},
);
expect(response.status).toBe(200);
expect(response.headers.get("content-type")).toContain(
"application/json",
);
const user = (await response.json()) as z.infer<typeof Account>;
expect(user.display_name).toBe("New Display Name");
});
});
describe("GET /api/v1/accounts/verify_credentials", () => {
test("should return the authenticated user's account information", async () => {
const response = await fakeRequest(
"/api/v1/accounts/verify_credentials",
{
headers: {
Authorization: `Bearer ${token.data.accessToken}`,
},
},
);
expect(response.status).toBe(200);
expect(response.headers.get("content-type")).toContain(
"application/json",
);
const account = (await response.json()) as z.infer<typeof Account>;
expect(account.username).toBe(user.data.username);
expect(account.bot).toBe(false);
expect(account.locked).toBe(false);
expect(account.created_at).toBeDefined();
expect(account.followers_count).toBe(0);
expect(account.following_count).toBe(0);
expect(account.statuses_count).toBe(0);
expect(account.note).toBe("");
expect(account.url).toBe(
new URL(
`/@${user.data.username}`,
config.http.base_url,
).toString(),
);
expect(account.avatar).toBeDefined();
expect(account.avatar_static).toBeDefined();
expect(account.header).toBeDefined();
expect(account.header_static).toBeDefined();
expect(account.emojis).toEqual([]);
expect(account.fields).toEqual([]);
expect(account.source?.fields).toEqual([]);
expect(account.source?.privacy).toBe("public");
expect(account.source?.language).toBe("en");
expect(account.source?.note).toBe("");
expect(account.source?.sensitive).toBe(false);
});
});
describe("POST /api/v1/accounts/:id/remove_from_followers", () => {
test("should remove the specified user from the authenticated user's followers and return an APIRelationship object", async () => {
const response = await fakeRequest(
`/api/v1/accounts/${user2.id}/remove_from_followers`,
{
method: "POST",
headers: {
Authorization: `Bearer ${token.data.accessToken}`,
"Content-Type": "application/json",
},
body: JSON.stringify({}),
},
);
expect(response.status).toBe(200);
expect(response.headers.get("content-type")).toContain(
"application/json",
);
const account = (await response.json()) as z.infer<
typeof Relationship
>;
expect(account.id).toBe(user2.id);
expect(account.followed_by).toBe(false);
});
});
describe("POST /api/v1/accounts/:id/block", () => {
test("should block the specified user and return an APIRelationship object", async () => {
const response = await fakeRequest(
`/api/v1/accounts/${user2.id}/block`,
{
method: "POST",
headers: {
Authorization: `Bearer ${token.data.accessToken}`,
"Content-Type": "application/json",
},
body: JSON.stringify({}),
},
);
expect(response.status).toBe(200);
expect(response.headers.get("content-type")).toContain(
"application/json",
);
const account = (await response.json()) as z.infer<
typeof Relationship
>;
expect(account.id).toBe(user2.id);
expect(account.blocking).toBe(true);
});
});
describe("GET /api/v1/blocks", () => {
test("should return an array of APIAccount objects for the user's blocked accounts", async () => {
const response = await fakeRequest("/api/v1/blocks", {
method: "GET",
headers: {
Authorization: `Bearer ${token.data.accessToken}`,
},
});
expect(response.status).toBe(200);
expect(response.headers.get("content-type")).toContain(
"application/json",
);
const body = (await response.json()) as z.infer<typeof Account>[];
expect(Array.isArray(body)).toBe(true);
expect(body.length).toBe(1);
expect(body[0].id).toBe(user2.id);
});
});
describe("POST /api/v1/accounts/:id/unblock", () => {
test("should unblock the specified user and return an APIRelationship object", async () => {
const response = await fakeRequest(
`/api/v1/accounts/${user2.id}/unblock`,
{
method: "POST",
headers: {
Authorization: `Bearer ${token.data.accessToken}`,
"Content-Type": "application/json",
},
body: JSON.stringify({}),
},
);
expect(response.status).toBe(200);
expect(response.headers.get("content-type")).toContain(
"application/json",
);
const account = (await response.json()) as z.infer<
typeof Relationship
>;
expect(account.id).toBe(user2.id);
expect(account.blocking).toBe(false);
});
});
describe("POST /api/v1/accounts/:id/pin", () => {
test("should pin the specified user and return an APIRelationship object", async () => {
const response = await fakeRequest(
`/api/v1/accounts/${user2.id}/pin`,
{
method: "POST",
headers: {
Authorization: `Bearer ${token.data.accessToken}`,
"Content-Type": "application/json",
},
body: JSON.stringify({}),
},
);
expect(response.status).toBe(200);
expect(response.headers.get("content-type")).toContain(
"application/json",
);
const account = (await response.json()) as z.infer<
typeof Relationship
>;
expect(account.id).toBe(user2.id);
expect(account.endorsed).toBe(true);
});
});
describe("POST /api/v1/accounts/:id/unpin", () => {
test("should unpin the specified user and return an APIRelationship object", async () => {
const response = await fakeRequest(
`/api/v1/accounts/${user2.id}/unpin`,
{
method: "POST",
headers: {
Authorization: `Bearer ${token.data.accessToken}`,
"Content-Type": "application/json",
},
body: JSON.stringify({}),
},
);
expect(response.status).toBe(200);
expect(response.headers.get("content-type")).toContain(
"application/json",
);
const account = (await response.json()) as z.infer<
typeof Relationship
>;
expect(account.id).toBe(user2.id);
expect(account.endorsed).toBe(false);
});
});
describe("POST /api/v1/accounts/:id/note", () => {
test("should update the specified account's note and return the updated account object", async () => {
const response = await fakeRequest(
`/api/v1/accounts/${user2.id}/note`,
{
method: "POST",
headers: {
Authorization: `Bearer ${token.data.accessToken}`,
"Content-Type": "application/json",
},
body: JSON.stringify({ comment: "This is a new note" }),
},
);
expect(response.status).toBe(200);
expect(response.headers.get("content-type")).toContain(
"application/json",
);
const account = (await response.json()) as z.infer<typeof Account>;
expect(account.id).toBe(user2.id);
expect(account.note).toBe("This is a new note");
});
});
describe("GET /api/v1/accounts/relationships", () => {
test("should return an array of APIRelationship objects for the authenticated user's relationships", async () => {
const response = await fakeRequest(
`/api/v1/accounts/relationships?id[]=${user2.id}`,
{
method: "GET",
headers: {
Authorization: `Bearer ${token.data.accessToken}`,
},
},
);
expect(response.status).toBe(200);
expect(response.headers.get("content-type")).toContain(
"application/json",
);
const relationships = (await response.json()) as z.infer<
typeof Relationship
>[];
expect(Array.isArray(relationships)).toBe(true);
expect(relationships.length).toBeGreaterThan(0);
expect(relationships[0].id).toBeDefined();
expect(relationships[0].following).toBeDefined();
expect(relationships[0].followed_by).toBeDefined();
expect(relationships[0].blocking).toBeDefined();
expect(relationships[0].muting).toBeDefined();
expect(relationships[0].muting_notifications).toBeDefined();
expect(relationships[0].requested).toBeDefined();
expect(relationships[0].domain_blocking).toBeDefined();
expect(relationships[0].notifying).toBeDefined();
});
});
describe("DELETE /api/v1/profile/avatar", () => {
test("should delete the avatar of the authenticated user and return the updated account object", async () => {
const response = await fakeRequest("/api/v1/profile/avatar", {
method: "DELETE",
headers: {
Authorization: `Bearer ${token.data.accessToken}`,
},
});
expect(response.status).toBe(200);
expect(response.headers.get("content-type")).toContain(
"application/json",
);
const account = (await response.json()) as z.infer<typeof Account>;
expect(account.id).toBeDefined();
expect(account.avatar).toBeDefined();
});
});
describe("DELETE /api/v1/profile/header", () => {
test("should delete the header of the authenticated user and return the updated account object", async () => {
const response = await fakeRequest("/api/v1/profile/header", {
method: "DELETE",
headers: {
Authorization: `Bearer ${token.data.accessToken}`,
},
});
expect(response.status).toBe(200);
expect(response.headers.get("content-type")).toContain(
"application/json",
);
const account = (await response.json()) as z.infer<typeof Account>;
expect(account.id).toBeDefined();
expect(account.header).toBe("");
});
});
describe("GET /api/v1/accounts/familiar_followers", () => {
test("should follow the user", async () => {
const response = await fakeRequest(
`/api/v1/accounts/${user2.id}/follow`,
{
method: "POST",
headers: {
Authorization: `Bearer ${token.data.accessToken}`,
"Content-Type": "application/json",
},
body: JSON.stringify({}),
},
);
expect(response.status).toBe(200);
expect(response.headers.get("content-type")).toContain(
"application/json",
);
});
test("should return no familiar followers", async () => {
const response = await fakeRequest(
`/api/v1/accounts/familiar_followers?id[]=${user2.id}`,
{
method: "GET",
headers: {
Authorization: `Bearer ${token.data.accessToken}`,
},
},
);
expect(response.status).toBe(200);
expect(response.headers.get("content-type")).toContain(
"application/json",
);
const familiarFollowers = (await response.json()) as {
id: string;
accounts: z.infer<typeof Account>[];
}[];
expect(Array.isArray(familiarFollowers)).toBe(true);
expect(familiarFollowers.length).toBe(1);
expect(familiarFollowers[0].id).toBe(user2.id);
expect(familiarFollowers[0].accounts).toBeArrayOfSize(0);
});
});
});

348
tests/api/statuses.test.ts
View file

@ -1,348 +0,0 @@
/**
* @deprecated
*/
import { afterAll, describe, expect, test } from "bun:test";
import type { z } from "@hono/zod-openapi";
import type { Attachment, Context, Status } from "@versia/client/schemas";
import { fakeRequest, getTestUsers } from "~/tests/utils";
const { users, tokens, deleteUsers } = await getTestUsers(1);
const user = users[0];
const token = tokens[0];
let status: z.infer<typeof Status> | null = null;
let status2: z.infer<typeof Status> | null = null;
let media1: z.infer<typeof Attachment> | null = null;
describe("API Tests", () => {
afterAll(async () => {
await deleteUsers();
});
describe("POST /api/v2/media", () => {
test("should upload a file and return a MediaAttachment object", async () => {
const formData = new FormData();
formData.append("file", new Blob(["test"], { type: "text/plain" }));
const response = await fakeRequest("/api/v2/media", {
method: "POST",
headers: {
Authorization: `Bearer ${token.data.accessToken}`,
},
body: formData,
});
expect(response.status).toBe(200);
expect(response.headers.get("content-type")).toContain(
"application/json",
);
media1 = (await response.json()) as z.infer<typeof Attachment>;
expect(media1.id).toBeDefined();
expect(media1.type).toBe("unknown");
expect(media1.url).toBeDefined();
});
});
describe("POST /api/v1/statuses", () => {
test("should create a new status and return an APIStatus object", async () => {
const response = await fakeRequest("/api/v1/statuses", {
method: "POST",
headers: {
Authorization: `Bearer ${token.data.accessToken}`,
},
body: new URLSearchParams({
status: "Hello, world!",
visibility: "public",
"media_ids[]": media1?.id ?? "",
local_only: "true",
}),
});
expect(response.status).toBe(200);
expect(response.headers.get("content-type")).toContain(
"application/json",
);
status = (await response.json()) as z.infer<typeof Status>;
expect(status.content).toContain("Hello, world!");
expect(status.visibility).toBe("public");
expect(status.account.id).toBe(user.id);
expect(status.replies_count).toBe(0);
expect(status.favourites_count).toBe(0);
expect(status.reblogged).toBe(false);
expect(status.favourited).toBe(false);
expect(status.media_attachments).toBeArrayOfSize(1);
expect(status.mentions).toEqual([]);
expect(status.tags).toEqual([]);
expect(status.sensitive).toBe(false);
expect(status.spoiler_text).toBe("");
expect(status.language).toBeNull();
expect(status.pinned).toBe(false);
expect(status.visibility).toBe("public");
expect(status.card).toBeNull();
expect(status.poll).toBeNull();
expect(status.emojis).toEqual([]);
expect(status.in_reply_to_id).toBeNull();
expect(status.in_reply_to_account_id).toBeNull();
});
test("should create a new status in reply to the previous one", async () => {
const response = await fakeRequest("/api/v1/statuses", {
method: "POST",
headers: {
Authorization: `Bearer ${token.data.accessToken}`,
},
body: new URLSearchParams({
status: "This is a reply!",
visibility: "public",
in_reply_to_id: status?.id ?? "",
local_only: "true",
}),
});
expect(response.status).toBe(200);
expect(response.headers.get("content-type")).toContain(
"application/json",
);
status2 = (await response.json()) as z.infer<typeof Status>;
expect(status2.content).toContain("This is a reply!");
expect(status2.visibility).toBe("public");
expect(status2.account.id).toBe(user.id);
expect(status2.replies_count).toBe(0);
expect(status2.favourites_count).toBe(0);
expect(status2.reblogged).toBe(false);
expect(status2.favourited).toBe(false);
expect(status2.media_attachments).toEqual([]);
expect(status2.mentions).toEqual([]);
expect(status2.tags).toEqual([]);
expect(status2.sensitive).toBe(false);
expect(status2.spoiler_text).toBe("");
expect(status2.language).toBeNull();
expect(status2.pinned).toBe(false);
expect(status2.visibility).toBe("public");
expect(status2.card).toBeNull();
expect(status2.poll).toBeNull();
expect(status2.emojis).toEqual([]);
expect(status2.in_reply_to_id).toEqual(status?.id || null);
expect(status2.in_reply_to_account_id).toEqual(user.id);
});
});
describe("GET /api/v1/statuses/:id", () => {
test("should return the specified status object", async () => {
const response = await fakeRequest(
`/api/v1/statuses/${status?.id}`,
{
headers: {
Authorization: `Bearer ${token.data.accessToken}`,
},
},
);
expect(response.status).toBe(200);
expect(response.headers.get("content-type")).toContain(
"application/json",
);
const statusJson = (await response.json()) as z.infer<
typeof Status
>;
expect(statusJson.id).toBe(status?.id || "");
expect(statusJson.content).toBeDefined();
expect(statusJson.created_at).toBeDefined();
expect(statusJson.account).toBeDefined();
expect(statusJson.reblog).toBeDefined();
expect(statusJson.application).toBeUndefined();
expect(statusJson.emojis).toBeDefined();
expect(statusJson.media_attachments).toBeDefined();
expect(statusJson.poll).toBeDefined();
expect(statusJson.card).toBeDefined();
expect(statusJson.visibility).toBeDefined();
expect(statusJson.sensitive).toBeDefined();
expect(statusJson.spoiler_text).toBeDefined();
expect(statusJson.uri).toBeDefined();
expect(statusJson.url).toBeDefined();
expect(statusJson.replies_count).toBeDefined();
expect(statusJson.reblogs_count).toBeDefined();
expect(statusJson.favourites_count).toBeDefined();
expect(statusJson.favourited).toBeDefined();
expect(statusJson.reblogged).toBeDefined();
expect(statusJson.muted).toBeDefined();
expect(statusJson.bookmarked).toBeDefined();
expect(statusJson.pinned).toBeDefined();
});
});
describe("POST /api/v1/statuses/:id/reblog", () => {
test("should reblog the specified status and return the reblogged status object", async () => {
const response = await fakeRequest(
`/api/v1/statuses/${status?.id}/reblog`,
{
method: "POST",
headers: {
Authorization: `Bearer ${token.data.accessToken}`,
},
},
);
expect(response.status).toBe(200);
expect(response.headers.get("content-type")).toContain(
"application/json",
);
const rebloggedStatus = (await response.json()) as z.infer<
typeof Status
>;
expect(rebloggedStatus.id).toBeDefined();
expect(rebloggedStatus.reblog?.id).toEqual(status?.id ?? "");
expect(rebloggedStatus.reblog?.reblogged).toBe(true);
});
});
describe("POST /api/v1/statuses/:id/unreblog", () => {
test("should unreblog the specified status and return the original status object", async () => {
const response = await fakeRequest(
`/api/v1/statuses/${status?.id}/unreblog`,
{
method: "POST",
headers: {
Authorization: `Bearer ${token.data.accessToken}`,
},
},
);
expect(response.status).toBe(200);
expect(response.headers.get("content-type")).toContain(
"application/json",
);
const unrebloggedStatus = (await response.json()) as z.infer<
typeof Status
>;
expect(unrebloggedStatus.id).toBeDefined();
expect(unrebloggedStatus.reblogged).toBe(false);
});
});
describe("GET /api/v1/statuses/:id/context", () => {
test("should return the context of the specified status", async () => {
const response = await fakeRequest(
`/api/v1/statuses/${status?.id}/context`,
{
headers: {
Authorization: `Bearer ${token.data.accessToken}`,
},
},
);
expect(response.status).toBe(200);
expect(response.headers.get("content-type")).toContain(
"application/json",
);
const context = (await response.json()) as z.infer<typeof Context>;
expect(context.ancestors.length).toBe(0);
expect(context.descendants.length).toBe(1);
// First descendant should be status2
expect(context.descendants[0].id).toBe(status2?.id || "");
});
});
describe("GET /api/v1/accounts/:id/statuses", () => {
test("should return the statuses of the specified user", async () => {
const response = await fakeRequest(
`/api/v1/accounts/${user.id}/statuses`,
{
method: "GET",
headers: {
Authorization: `Bearer ${token.data.accessToken}`,
},
},
);
expect(response.status).toBe(200);
expect(response.headers.get("content-type")).toContain(
"application/json",
);
const statuses = (await response.json()) as z.infer<
typeof Status
>[];
expect(statuses.length).toBe(2);
const status1 = statuses[0];
// Basic validation
expect(status1.content).toContain("This is a reply!");
expect(status1.visibility).toBe("public");
expect(status1.account.id).toBe(user.id);
});
});
describe("POST /api/v1/statuses/:id/favourite", () => {
test("should favourite the specified status object", async () => {
const response = await fakeRequest(
`/api/v1/statuses/${status?.id}/favourite`,
{
method: "POST",
headers: {
Authorization: `Bearer ${token.data.accessToken}`,
},
},
);
expect(response.status).toBe(200);
});
});
describe("POST /api/v1/statuses/:id/unfavourite", () => {
test("should unfavourite the specified status object", async () => {
// Unfavourite the status
const response = await fakeRequest(
`/api/v1/statuses/${status?.id}/unfavourite`,
{
method: "POST",
headers: {
Authorization: `Bearer ${token.data.accessToken}`,
},
},
);
expect(response.status).toBe(200);
expect(response.headers.get("content-type")).toContain(
"application/json",
);
const updatedStatus = (await response.json()) as z.infer<
typeof Status
>;
expect(updatedStatus.favourited).toBe(false);
expect(updatedStatus.favourites_count).toBe(0);
});
});
describe("DELETE /api/v1/statuses/:id", () => {
test("should delete the specified status object", async () => {
const response = await fakeRequest(
`/api/v1/statuses/${status?.id}`,
{
method: "DELETE",
headers: {
Authorization: `Bearer ${token.data.accessToken}`,
},
},
);
expect(response.status).toBe(200);
});
});
});

121
tests/oauth-scopes.test.ts
View file

@ -1,121 +0,0 @@
import { describe, expect, it } from "bun:test";
import { checkIfOauthIsValid } from "@/oauth";
import { Application } from "@versia/kit/db";
describe("checkIfOauthIsValid", () => {
it("should return true when routeScopes and application.scopes are empty", () => {
const application = new Application({
scopes: "",
} as typeof Application.$type);
const routeScopes: string[] = [];
const result = checkIfOauthIsValid(application, routeScopes);
expect(result).toBe(true);
});
it("should return true when routeScopes is empty and application.scopes contains write:* or write", () => {
const application = new Application({
scopes: "write:*",
} as typeof Application.$type);
const routeScopes: string[] = [];
const result = checkIfOauthIsValid(application, routeScopes);
expect(result).toBe(true);
});
it("should return true when routeScopes is empty and application.scopes contains read:* or read", () => {
const application = new Application({
scopes: "read:*",
} as typeof Application.$type);
const routeScopes: string[] = [];
const result = checkIfOauthIsValid(application, routeScopes);
expect(result).toBe(true);
});
it("should return true when routeScopes contains only write: permissions and application.scopes contains write:* or write", () => {
const application = new Application({
scopes: "write:*",
} as typeof Application.$type);
const routeScopes = ["write:users", "write:posts"];
const result = checkIfOauthIsValid(application, routeScopes);
expect(result).toBe(true);
});
it("should return true when routeScopes contains only read: permissions and application.scopes contains read:* or read", () => {
const application = new Application({
scopes: "read:*",
} as typeof Application.$type);
const routeScopes = ["read:users", "read:posts"];
const result = checkIfOauthIsValid(application, routeScopes);
expect(result).toBe(true);
});
it("should return true when routeScopes contains both write: and read: permissions and application.scopes contains write:* or write and read:* or read", () => {
const application = new Application({
scopes: "write:* read:*",
} as typeof Application.$type);
const routeScopes = ["write:users", "read:posts"];
const result = checkIfOauthIsValid(application, routeScopes);
expect(result).toBe(true);
});
it("should return false when routeScopes contains write: permissions but application.scopes does not contain write:* or write", () => {
const application = new Application({
scopes: "read:*",
} as typeof Application.$type);
const routeScopes = ["write:users", "write:posts"];
const result = checkIfOauthIsValid(application, routeScopes);
expect(result).toBe(false);
});
it("should return false when routeScopes contains read: permissions but application.scopes does not contain read:* or read", () => {
const application = new Application({
scopes: "write:*",
} as typeof Application.$type);
const routeScopes = ["read:users", "read:posts"];
const result = checkIfOauthIsValid(application, routeScopes);
expect(result).toBe(false);
});
it("should return false when routeScopes contains both write: and read: permissions but application.scopes does not contain write:* or write and read:* or read", () => {
const application = new Application({
scopes: "",
} as typeof Application.$type);
const routeScopes = ["write:users", "read:posts"];
const result = checkIfOauthIsValid(application, routeScopes);
expect(result).toBe(false);
});
it("should return true when routeScopes contains a mix of valid and invalid permissions and application.scopes contains all the required permissions", () => {
const application = new Application({
scopes: "write:* read:*",
} as typeof Application.$type);
const routeScopes = ["write:users", "invalid:permission", "read:posts"];
const result = checkIfOauthIsValid(application, routeScopes);
expect(result).toBe(true);
});
it("should return false when routeScopes contains a mix of valid and invalid permissions but application.scopes does not contain all the required permissions", () => {
const application = new Application({
scopes: "write:*",
} as typeof Application.$type);
const routeScopes = ["write:users", "invalid:permission", "read:posts"];
const result = checkIfOauthIsValid(application, routeScopes);
expect(result).toBe(false);
});
it("should return true when routeScopes contains a mix of valid write and read permissions and application.scopes contains all the required permissions", () => {
const application = new Application({
scopes: "write:* read:posts",
} as typeof Application.$type);
const routeScopes = ["write:users", "read:posts"];
const result = checkIfOauthIsValid(application, routeScopes);
expect(result).toBe(true);
});
it("should return false when routeScopes contains a mix of valid write and read permissions but application.scopes does not contain all the required permissions", () => {
const application = new Application({
scopes: "write:*",
} as typeof Application.$type);
const routeScopes = ["write:users", "read:posts"];
const result = checkIfOauthIsValid(application, routeScopes);
expect(result).toBe(false);
});
});