From 8750787ce1b3ba12b29a5b0fb0e081d3f652cc91 Mon Sep 17 00:00:00 2001 From: adarshm11 Date: Wed, 31 Dec 2025 17:43:55 -0800 Subject: [PATCH 01/12] does this work --- test/api/OfficeAccessCard.js | 7 ++++--- test/util/mocks/TokenValidFunctions.js | 24 +++++++++++++++++++----- 2 files changed, 23 insertions(+), 8 deletions(-) diff --git a/test/api/OfficeAccessCard.js b/test/api/OfficeAccessCard.js index 28ee669cb..5e0f03852 100644 --- a/test/api/OfficeAccessCard.js +++ b/test/api/OfficeAccessCard.js @@ -256,10 +256,11 @@ describe('OfficeAccessCard', () => { expect(result).to.have.status(UNAUTHORIZED); }); - it('Should return 401 when invalid token is sent', async () => { + it('Should return 403 when invalid token is sent', async () => { + setTokenStatus(null); const result = await test.sendPostRequestWithToken(token, - EDIT_API_PATH); - expect(result).to.have.status(UNAUTHORIZED); + EDIT_API_PATH, { _id: testCardId, alias: NEW_ALIAS }); + expect(result).to.have.status(FORBIDDEN); }); it('Should return 400 when _id is missing from request body', async () => { diff --git a/test/util/mocks/TokenValidFunctions.js b/test/util/mocks/TokenValidFunctions.js index 3854fa8c7..75791b67c 100644 --- a/test/util/mocks/TokenValidFunctions.js +++ b/test/util/mocks/TokenValidFunctions.js @@ -28,18 +28,32 @@ function resetTokenMock() { /** * - * @param {any} returnValue: value to be return back - * by the function 'checkIfTokenValid' + * @param {boolean|null} isSuccessful: + * if true, token is valid (status OK), + * if false, token is invalid (status UNAUTHORIZED), + * if null, token is FORBIDDEN + * * @param {Object} data: optional value that will be the result * of the decoded token value - * @returns return parameter (above) + * @returns configured mock response */ function setTokenStatus( isSuccessful, data = {}, ) { - const status = isSuccessful ? OK : UNAUTHORIZED; - const tokenPayload = isSuccessful ? data : null; + let status; + let tokenPayload; + + if (isSuccessful === true) { + status = OK; + tokenPayload = data; + } else if (isSuccessful === false) { + status = UNAUTHORIZED; + tokenPayload = null; + } else { + status = FORBIDDEN; + tokenPayload = data; + } decodeTokenValidMock.returns( Promise.resolve({ From c6ea3245a17fcd6ecaf339cbb418472f06d52931 Mon Sep 17 00:00:00 2001 From: adarshm11 Date: Wed, 31 Dec 2025 17:46:33 -0800 Subject: [PATCH 02/12] yes it worked --- test/util/mocks/TokenValidFunctions.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/util/mocks/TokenValidFunctions.js b/test/util/mocks/TokenValidFunctions.js index 75791b67c..93583a4c3 100644 --- a/test/util/mocks/TokenValidFunctions.js +++ b/test/util/mocks/TokenValidFunctions.js @@ -32,7 +32,7 @@ function resetTokenMock() { * if true, token is valid (status OK), * if false, token is invalid (status UNAUTHORIZED), * if null, token is FORBIDDEN - * + * * @param {Object} data: optional value that will be the result * of the decoded token value * @returns configured mock response @@ -43,7 +43,7 @@ function setTokenStatus( ) { let status; let tokenPayload; - + if (isSuccessful === true) { status = OK; tokenPayload = data; From 165092d879e4d4e326d69ff62ab9b91d4fa4a7b7 Mon Sep 17 00:00:00 2001 From: adarshm11 Date: Wed, 31 Dec 2025 17:50:03 -0800 Subject: [PATCH 03/12] OfficeAccessCard tests --- test/api/OfficeAccessCard.js | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/test/api/OfficeAccessCard.js b/test/api/OfficeAccessCard.js index 5e0f03852..0bd337635 100644 --- a/test/api/OfficeAccessCard.js +++ b/test/api/OfficeAccessCard.js @@ -185,10 +185,11 @@ describe('OfficeAccessCard', () => { expect(result).to.have.status(UNAUTHORIZED); }); - it('Should return 401 when invalid token is sent', async () => { + it('Should return 403 when invalid token is sent', async () => { + setTokenStatus(null); const result = await test.sendPostRequestWithToken(token, - DELETE_API_PATH); - expect(result).to.have.status(UNAUTHORIZED); + DELETE_API_PATH, { _id: VALID_ID }); + expect(result).to.have.status(FORBIDDEN); }); it('Should return 404 if the card attempted to be deleted was not found', async () => { @@ -221,19 +222,20 @@ describe('OfficeAccessCard', () => { describe('POST getAllCards', () => { it('Should return 401 when token is not sent', async () => { - const result = await test.sendPostRequest(GET_ALL_CARDS_API_PATH); + const result = await test.sendGetRequest(GET_ALL_CARDS_API_PATH); expect(result).to.have.status(UNAUTHORIZED); }); - it('Should return 401 when invalid token is sent', async () => { - const result = await test.sendPostRequestWithToken(token, + it('Should return 403 when invalid token is sent', async () => { + setTokenStatus(null); + const result = await test.sendGetRequestWithToken(token, GET_ALL_CARDS_API_PATH); - expect(result).to.have.status(UNAUTHORIZED); + expect(result).to.have.status(FORBIDDEN); }); it('Should return 200 with a successful fetch of all cards', async () => { setTokenStatus(true); - const result = await test.sendPostRequestWithToken(token, + const result = await test.sendGetRequestWithToken(token, GET_ALL_CARDS_API_PATH, ); expect(result).to.have.status(OK); @@ -242,7 +244,7 @@ describe('OfficeAccessCard', () => { it('Should return 500 if there was an error fetching all cards', async () => { setTokenStatus(true); const findStub = sinon.stub(OfficeAccessCard, 'find').rejects(new Error('Database error')); - const result = await test.sendPostRequestWithToken(token, + const result = await test.sendGetRequestWithToken(token, GET_ALL_CARDS_API_PATH, ); expect(result).to.have.status(SERVER_ERROR); From 3afa704f9fbd9f720b773d55c26b8c9a36941399 Mon Sep 17 00:00:00 2001 From: adarshm11 Date: Wed, 31 Dec 2025 17:52:36 -0800 Subject: [PATCH 04/12] oops this is post not get --- test/api/OfficeAccessCard.js | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/test/api/OfficeAccessCard.js b/test/api/OfficeAccessCard.js index 0bd337635..ad4f341b3 100644 --- a/test/api/OfficeAccessCard.js +++ b/test/api/OfficeAccessCard.js @@ -222,20 +222,20 @@ describe('OfficeAccessCard', () => { describe('POST getAllCards', () => { it('Should return 401 when token is not sent', async () => { - const result = await test.sendGetRequest(GET_ALL_CARDS_API_PATH); + const result = await test.sendPostRequest(GET_ALL_CARDS_API_PATH); expect(result).to.have.status(UNAUTHORIZED); }); it('Should return 403 when invalid token is sent', async () => { setTokenStatus(null); - const result = await test.sendGetRequestWithToken(token, + const result = await test.sendPostRequestWithToken(token, GET_ALL_CARDS_API_PATH); expect(result).to.have.status(FORBIDDEN); }); it('Should return 200 with a successful fetch of all cards', async () => { setTokenStatus(true); - const result = await test.sendGetRequestWithToken(token, + const result = await test.sendPostRequestWithToken(token, GET_ALL_CARDS_API_PATH, ); expect(result).to.have.status(OK); @@ -244,7 +244,7 @@ describe('OfficeAccessCard', () => { it('Should return 500 if there was an error fetching all cards', async () => { setTokenStatus(true); const findStub = sinon.stub(OfficeAccessCard, 'find').rejects(new Error('Database error')); - const result = await test.sendGetRequestWithToken(token, + const result = await test.sendPostRequestWithToken(token, GET_ALL_CARDS_API_PATH, ); expect(result).to.have.status(SERVER_ERROR); From bfa3a6d611381ba309d943377c7ea311a6de46bf Mon Sep 17 00:00:00 2001 From: adarshm11 Date: Wed, 31 Dec 2025 17:57:08 -0800 Subject: [PATCH 05/12] Advertisement tests --- test/api/Advertisement.js | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/test/api/Advertisement.js b/test/api/Advertisement.js index 47e8bb61d..a6e3d2709 100644 --- a/test/api/Advertisement.js +++ b/test/api/Advertisement.js @@ -66,9 +66,10 @@ describe('Advertisement', () => { expect(res).to.have.status(UNAUTHORIZED); }); - it('Should return 401 when invalid token is sent', async () => { + it('Should return 403 when invalid token is sent', async () => { + setTokenStatus(null); const res = await test.sendPostRequestWithToken(token, '/api/Advertisement/createAdvertisement', VALID_ADVERTISEMENT); - expect(res).to.have.status(UNAUTHORIZED); + expect(res).to.have.status(FORBIDDEN); }); describe('audit log tests for creating ads', () => { @@ -130,9 +131,10 @@ describe('Advertisement', () => { expect(res).to.have.status(UNAUTHORIZED); }); - it('Should return 401 if invalid token is sent', async () => { + it('Should return 403 if invalid token is sent', async () => { + setTokenStatus(null); const res = await test.sendPostRequestWithToken(token, '/api/Advertisement/deleteAdvertisement', { _id: VALID_ADVERTISEMENT._id }); - expect(res).to.have.status(UNAUTHORIZED); + expect(res).to.have.status(FORBIDDEN); }); it('Should return 404 if ad is not found', async () => { From 360af9ea8eaa60b60135690a5fcbd3472858de98 Mon Sep 17 00:00:00 2001 From: adarshm11 Date: Wed, 31 Dec 2025 18:02:34 -0800 Subject: [PATCH 06/12] Auth tests --- test/api/Auth.js | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/test/api/Auth.js b/test/api/Auth.js index 12ea2ea4d..dea23fb6c 100644 --- a/test/api/Auth.js +++ b/test/api/Auth.js @@ -562,11 +562,12 @@ describe('Auth', () => { expect(result).to.have.status(UNAUTHORIZED); }); - it('Should return statusCode 401 when a token is invalid', + it('Should return statusCode 403 when a token is invalid', async () => { + setTokenStatus(null); const result = await test.sendPostRequestWithToken( token, '/api/Auth/verify', {}); - expect(result).to.have.status(UNAUTHORIZED); + expect(result).to.have.status(FORBIDDEN); }); it('Should return statusCode 200 when a ' + From 8bcc495dda041e50648654f39e1fb5368e480b02 Mon Sep 17 00:00:00 2001 From: adarshm11 Date: Wed, 31 Dec 2025 18:03:49 -0800 Subject: [PATCH 07/12] import --- test/api/Auth.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/test/api/Auth.js b/test/api/Auth.js index dea23fb6c..124fa110c 100644 --- a/test/api/Auth.js +++ b/test/api/Auth.js @@ -13,7 +13,8 @@ const { OK, BAD_REQUEST, UNAUTHORIZED, - CONFLICT + CONFLICT, + FORBIDDEN } = require('../../api/util/constants').STATUS_CODES; const SceApiTester = require('../util/tools/SceApiTester'); From d2e2889b5e3e15d22edeafa857b32d4c58d07c22 Mon Sep 17 00:00:00 2001 From: adarshm11 Date: Wed, 31 Dec 2025 18:06:52 -0800 Subject: [PATCH 08/12] led sign tests --- test/api/LedSign.js | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/test/api/LedSign.js b/test/api/LedSign.js index 2ecd3c1a5..07697e8d2 100644 --- a/test/api/LedSign.js +++ b/test/api/LedSign.js @@ -9,6 +9,7 @@ const { OK, SERVER_ERROR, UNAUTHORIZED, + FORBIDDEN } = require('../../api/util/constants').STATUS_CODES; const { initializeTokenMock, @@ -67,15 +68,16 @@ describe('LED Sign', () => { }); describe('/POST updateSignText', () => { - it('Should return 400 when token is not sent', async () => { + it('Should return 401 when token is not sent', async () => { const result = await test.sendPostRequest('/api/LedSign/updateSignText'); expect(result).to.have.status(UNAUTHORIZED); }); - it('Should return 400 when invalid token is sent', async () => { + it('Should return 403 when invalid token is sent', async () => { + setTokenStatus(null); const result = await test.sendPostRequestWithToken(token, '/api/LedSign/updateSignText'); - expect(result).to.have.status(UNAUTHORIZED); + expect(result).to.have.status(FORBIDDEN); }); it('Should return 500 when the ssh tunnel is down', async () => { From cb6b3c7515c5f1d908c2a4d86e76a89b4595b5f8 Mon Sep 17 00:00:00 2001 From: adarshm11 Date: Wed, 31 Dec 2025 18:18:48 -0800 Subject: [PATCH 09/12] printer tests + some token handling --- api/main_endpoints/routes/Printer.js | 6 +++--- test/api/Printer.js | 8 +++++--- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/api/main_endpoints/routes/Printer.js b/api/main_endpoints/routes/Printer.js index 7c310cde6..baa9692ee 100644 --- a/api/main_endpoints/routes/Printer.js +++ b/api/main_endpoints/routes/Printer.js @@ -74,7 +74,7 @@ router.get('/healthCheck', async (req, res) => { router.post('/sendPrintRequest', upload.single('chunk'), async (req, res) => { const decoded = await decodeToken(req); - if (!decoded.token) { + if (decoded.status !== OK) { logger.warn('/sendPrintRequest was requested with an invalid token'); return res.sendStatus(decoded.status); } @@ -150,8 +150,8 @@ router.post('/sendPrintRequest', upload.single('chunk'), async (req, res) => { }); router.get('/status', async (req, res) => { - const decodedToken = await decodeToken(req); - if (!decodedToken || Object.keys(decodedToken) === 0) { + const decodeToken = await decodeToken(req); + if (decodeToken.status !== OK) { logger.warn('/status was requested with an invalid token'); return res.sendStatus(UNAUTHORIZED); } diff --git a/test/api/Printer.js b/test/api/Printer.js index 58135cc4a..639de8f9e 100644 --- a/test/api/Printer.js +++ b/test/api/Printer.js @@ -7,6 +7,7 @@ const fs = require('fs'); const { OK, UNAUTHORIZED, + FORBIDDEN, } = require('../../api/util/constants').STATUS_CODES; const { @@ -116,14 +117,15 @@ describe('Printer', () => { const DUMMY_CHUNK = new FormData(); - it('Should return 400 when token is not sent', async () => { + it('Should return 401 when token is not sent', async () => { const result = await test.sendPostRequest('/api/Printer/sendPrintRequest', { DUMMY_CHUNK }); expect(result).to.have.status(UNAUTHORIZED); }); - it('Should return 400 when invalid token is sent', async () => { + it('Should return 403 when invalid token is sent', async () => { + setTokenStatus(null); const result = await test.sendPostRequestWithToken(token, '/api/Printer/sendPrintRequest', { DUMMY_CHUNK }); - expect(result).to.have.status(UNAUTHORIZED); + expect(result).to.have.status(FORBIDDEN); }); it(`Should successfully process all ${TOTAL_CHUNKS} chunks sent (with valid token)`, async () => { From 79ff9f9be12246b6acef5f253e030ca7f34f31ca Mon Sep 17 00:00:00 2001 From: adarshm11 Date: Wed, 31 Dec 2025 18:20:03 -0800 Subject: [PATCH 10/12] smh --- api/main_endpoints/routes/Printer.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/api/main_endpoints/routes/Printer.js b/api/main_endpoints/routes/Printer.js index baa9692ee..2b08c2528 100644 --- a/api/main_endpoints/routes/Printer.js +++ b/api/main_endpoints/routes/Printer.js @@ -150,8 +150,8 @@ router.post('/sendPrintRequest', upload.single('chunk'), async (req, res) => { }); router.get('/status', async (req, res) => { - const decodeToken = await decodeToken(req); - if (decodeToken.status !== OK) { + const decoded = await decodeToken(req); + if (decoded.status !== OK) { logger.warn('/status was requested with an invalid token'); return res.sendStatus(UNAUTHORIZED); } From 3eb92a15077c4171210c93b90964882cde4c3067 Mon Sep 17 00:00:00 2001 From: adarshm11 Date: Wed, 31 Dec 2025 18:27:15 -0800 Subject: [PATCH 11/12] shortcut search tests and tokens --- api/main_endpoints/routes/ShortcutSearch.js | 4 +--- test/api/ShortcutSearch.js | 7 ++++--- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/api/main_endpoints/routes/ShortcutSearch.js b/api/main_endpoints/routes/ShortcutSearch.js index 20e60503a..3276972d6 100644 --- a/api/main_endpoints/routes/ShortcutSearch.js +++ b/api/main_endpoints/routes/ShortcutSearch.js @@ -6,8 +6,6 @@ const User = require('../models/User.js'); const { decodeToken } = require('../util/token-functions'); const { OK, - UNAUTHORIZED, - FORBIDDEN, SERVER_ERROR, } = require('../../util/constants').STATUS_CODES; const membershipState = require('../../util/constants').MEMBERSHIP_STATE; @@ -21,7 +19,7 @@ const MAX_RESULT = 5; // Search for all cleezy urls using either alias or url router.post('/', async function(req, res) { const decoded = await decodeToken(req, membershipState.OFFICER); - if (!decoded.token) { + if (decoded.status !== OK) { return res.sendStatus(decoded.status); } diff --git a/test/api/ShortcutSearch.js b/test/api/ShortcutSearch.js index 19ed9087c..3a9cedac7 100644 --- a/test/api/ShortcutSearch.js +++ b/test/api/ShortcutSearch.js @@ -9,6 +9,7 @@ const chaiHttp = require('chai-http'); const { OK, UNAUTHORIZED, + FORBIDDEN, } = require('../../api/util/constants').STATUS_CODES; const SceApiTester = require('../util/tools/SceApiTester'); @@ -76,10 +77,10 @@ describe('ShortcutSearch', () => { expect(result).to.have.status(UNAUTHORIZED); }); - it('Should return status code 401 if access level is invalid', async () => { - setTokenStatus(false, { accessLevel: MEMBERSHIP_STATE.MEMBER }); + it('Should return status code 403 if access level is invalid', async () => { + setTokenStatus(null, { accessLevel: MEMBERSHIP_STATE.MEMBER }); const result = await test.sendPostRequestWithToken(token, url, queryUser); - expect(result).to.have.status(UNAUTHORIZED); + expect(result).to.have.status(FORBIDDEN); }); before(async () => { From 351495202e75c8d311e5ce835dddd4ef5b296c88 Mon Sep 17 00:00:00 2001 From: adarshm11 Date: Wed, 31 Dec 2025 18:32:17 -0800 Subject: [PATCH 12/12] User.js tests and tokens --- api/main_endpoints/routes/User.js | 21 +++++++++---------- test/api/User.js | 34 ++++++++++++++++++------------- 2 files changed, 30 insertions(+), 25 deletions(-) diff --git a/api/main_endpoints/routes/User.js b/api/main_endpoints/routes/User.js index e3fa030d4..da3dd8a82 100644 --- a/api/main_endpoints/routes/User.js +++ b/api/main_endpoints/routes/User.js @@ -33,7 +33,7 @@ const ROWS_PER_PAGE = 20; // Delete a member router.post('/delete', async (req, res) => { const decoded = await decodeToken(req); - if (!decoded.token) { + if (decoded.status !== OK) { return res.sendStatus(decoded.status); } @@ -76,8 +76,7 @@ router.post('/delete', async (req, res) => { // Search for a member router.post('/search', async function(req, res) { const decoded = await decodeToken(req, membershipState.OFFICER); - - if (!decoded.token) { + if (decoded.status !== OK) { return res.sendStatus(decoded.status); } @@ -119,7 +118,7 @@ router.post('/search', async function(req, res) { // Search for all members router.post('/users', async function(req, res) { const decoded = await decodeToken(req, membershipState.OFFICER); - if (!decoded.token) { + if (decoded.status !== OK) { return res.sendStatus(decoded.status); } @@ -162,7 +161,7 @@ router.post('/users', async function(req, res) { // Edit/Update a member record router.post('/edit', async (req, res) => { const decoded = await decodeToken(req); - if (!decoded.token) { + if (decoded.status !== OK) { return res.sendStatus(decoded.status); } @@ -291,7 +290,7 @@ router.post('/edit', async (req, res) => { router.post('/getPagesPrintedCount', async (req, res) => { const decoded = await decodeToken(req); - if (!decoded.token) { + if (decoded.status !== OK) { return res.sendStatus(decoded.status); } User.findOne({ email: req.body.email }, function(error, result) { @@ -317,7 +316,7 @@ router.post('/getPagesPrintedCount', async (req, res) => { router.post('/getUserById', async (req, res) => { const decoded = await decodeToken(req); - if (!decoded.token) { + if (decoded.status !== OK) { return res.sendStatus(decoded.status); } let targetUserId = req.body.userID; @@ -403,7 +402,7 @@ router.post('/getUserDataByEmail', (req, res) => { // Search for all members with verified emails and subscribed router.post('/usersSubscribedAndVerified', async function(req, res) { const decoded = await decodeToken(req, membershipState.OFFICER); - if (!decoded.token) { + if (decoded.status !== OK) { return res.sendStatus(decoded.status); } User.find({ emailVerified: true, emailOptIn: true }) @@ -428,7 +427,7 @@ router.post('/usersSubscribedAndVerified', async function(req, res) { // Search for all members with verified emails, subscribed, and not banned or pending router.post('/usersValidVerifiedAndSubscribed', async function(req, res) { const decoded = await decodeToken(req, membershipState.OFFICER); - if (!decoded.token) { + if (decoded.status !== OK) { return res.sendStatus(decoded.status); } User.find({ @@ -454,7 +453,7 @@ router.post('/usersValidVerifiedAndSubscribed', async function(req, res) { // Generate an API key for the Messages API if the user does not have an API key; otherwise, return the existing API key router.post('/apikey', async (req, res) => { const decoded = await decodeToken(req); - if (!decoded.token) { + if (decoded.status !== OK) { return res.sendStatus(decoded.status); } let { _id } = decoded.token; @@ -488,7 +487,7 @@ router.post('/apikey', async (req, res) => { // Assumes members who have paid have been assigned an expiration date router.get('/getNewPaidMembersThisSemester', async (req, res) => { const decoded = await decodeToken(req, membershipState.OFFICER); - if (!decoded.token) { + if (decoded.status !== OK) { return res.sendStatus(decoded.status); } diff --git a/test/api/User.js b/test/api/User.js index 135c04041..10b2954f6 100644 --- a/test/api/User.js +++ b/test/api/User.js @@ -89,14 +89,15 @@ describe('User', () => { expect(result).to.have.status(UNAUTHORIZED); }); - it('Should return statusCode 401 if an invalid ' + + it('Should return statusCode 403 if an invalid ' + 'token was passed in', async () => { const user = { token: 'Invalid token' }; + setTokenStatus(null); const result = await test.sendPostRequestWithToken( token, '/api/User/users', user); - expect(result).to.have.status(UNAUTHORIZED); + expect(result).to.have.status(FORBIDDEN); }); it('Should return statusCode 200 and return an array ' + @@ -122,15 +123,16 @@ describe('User', () => { expect(result).to.have.status(UNAUTHORIZED); }); - it('Should return statusCode 401 if an invalid ' + + it('Should return statusCode 403 if an invalid ' + 'token was passed in', async () => { const user = { email: 'a@b.c', token: 'Invalid token' }; + setTokenStatus(null); const result = await test.sendPostRequestWithToken( token, '/api/User/search', user); - expect(result).to.have.status(UNAUTHORIZED); + expect(result).to.have.status(FORBIDDEN); }); it('Should return statusCode 404 if no user was found', async () => { @@ -178,15 +180,16 @@ describe('User', () => { expect(result).to.have.status(UNAUTHORIZED); }); - it('Should return statusCode 401 if an invalid ' + + it('Should return statusCode 403 if an invalid ' + 'token was passed in', async () => { const user = { email: 'a@b.c', token: 'Invalid token' }; + setTokenStatus(null); const result = await test.sendPostRequestWithToken( token, '/api/User/edit', user); - expect(result).to.have.status(UNAUTHORIZED); + expect(result).to.have.status(FORBIDDEN); }); it('Should return statusCode 404 if no user was found', async () => { @@ -366,14 +369,15 @@ describe('User', () => { const result = await test.sendPostRequest('/api/user/getUserById', user); expect(result).to.have.status(UNAUTHORIZED); }); - it('Should return status code 401 if' + + it('Should return status code 403 if' + ' an invalid token was passed in', async () => { const user = { userID: id, token: 'Invalid Token' }; + setTokenStatus(null); const result = await test.sendPostRequestWithToken(token, '/api/user/getUserById', user); - expect(result).to.have.status(UNAUTHORIZED); + expect(result).to.have.status(FORBIDDEN); }); it('Should return status code 404 if user is not found', async () => { const user = { @@ -444,9 +448,10 @@ describe('User', () => { _id: id, token: 'Invalid token' }; + setTokenStatus(null); const result = await test.sendPostRequestWithToken( token, '/api/User/delete', user); - expect(result).to.have.status(UNAUTHORIZED); + expect(result).to.have.status(FORBIDDEN); }); it('Should return statusCode 404 if no user was found', async () => { @@ -618,15 +623,16 @@ describe('User', () => { }); // invalid token - it('Should return statusCode 401 if an invalid ' + + it('Should return statusCode 403 if an invalid ' + 'token was passed in', async () => { const user = { _id: id, token: 'Invalid token' }; + setTokenStatus(null); const result = await test.sendPostRequestWithToken( token, '/api/User/apikey', user); - expect(result).to.have.status(UNAUTHORIZED); + expect(result).to.have.status(FORBIDDEN); }); }); @@ -642,11 +648,11 @@ describe('User', () => { expect(result).to.have.status(UNAUTHORIZED); }); - it('Should return statusCode 401 if an invalid' + + it('Should return statusCode 403 if an invalid' + 'token was passed in', async () => { - setTokenStatus(false); + setTokenStatus(null); const result = await test.sendGetRequestWithToken(token, '/api/user/getNewPaidMembersThisSemester'); - expect(result).to.have.status(UNAUTHORIZED); + expect(result).to.have.status(FORBIDDEN); }); describe('1st Semester Mock Test', () => {