[IMPROVEMENT] Add more test cases for BE (#30)

* Refactor frontend

* Add more test cases

* Fix dashboard component test

Author: umutozdemir

backend/__tests__/adminController.test.js

@@ -0,0 +1,110 @@
+const request = require('supertest');
+const mongoose = require('mongoose');
+const { MongoMemoryServer } = require('mongodb-memory-server');
+const express = require('express');
+const bodyParser = require('body-parser');
+const jwt = require('jsonwebtoken');
+const { createUser, getAllUsers, updateUser, deleteUser } = require('../controllers/adminController');
+const { auth, adminOnly } = require('../middlewares/auth');
+const User = require('../models/User');
+
+const JWT_SECRET = 'test_secret';
+
+const app = express();
+app.use(bodyParser.json());
+
+// Mock environment variables
+process.env.JWT_SECRET = JWT_SECRET;
+process.env.ADMIN_EMAIL = '[email protected]';
+
+// Setup routes with middlewares
+app.post('/users', auth, adminOnly, createUser);
+app.get('/users', auth, adminOnly, getAllUsers);
+app.put('/users/:id', auth, adminOnly, updateUser);
+app.delete('/users/:id', auth, adminOnly, deleteUser);
+
+describe('User Controller with Auth Middleware', () => {
+    let mongoServer;
+    let userToken;
+    let adminToken;
+
+    beforeAll(async () => {
+        mongoServer = await MongoMemoryServer.create();
+        await mongoose.connect(mongoServer.getUri(), {});
+
+        // Create a regular user and an admin user
+        const user = new User({ email: '[email protected]', password: 'password123', isAdmin: false });
+        const admin = new User({ email: '[email protected]', password: 'password123', isAdmin: true });
+
+        await user.save();
+        await admin.save();
+
+        // Generate tokens
+        userToken = jwt.sign({ email: user.email, isAdmin: user.isAdmin }, process.env.JWT_SECRET);
+        adminToken = jwt.sign({ email: admin.email, isAdmin: admin.isAdmin }, process.env.JWT_SECRET);
+    });
+
+    afterAll(async () => {
+        await mongoose.disconnect();
+        await mongoServer.stop();
+    });
+
+    afterEach(async () => {
+        await User.deleteMany({});
+    });
+
+    describe('Protected Routes', () => {
+        it('should deny access if no token is provided', async () => {
+            const res = await request(app).get('/users');
+            expect(res.statusCode).toBe(401);
+            expect(res.body).toHaveProperty('message', 'Access denied. No token provided.');
+        });
+
+        it('should deny access if an invalid token is provided', async () => {
+            const res = await request(app)
+                .get('/users')
+                .set('Authorization', `Bearer invalidtoken`);
+
+            expect(res.statusCode).toBe(400);
+            expect(res.body).toHaveProperty('message');
+        });
+
+        it('should deny access to non-admin users', async () => {
+            const res = await request(app)
+                .get('/users')
+                .set('Authorization', `Bearer ${userToken}`);
+
+            expect(res.statusCode).toBe(403);
+            expect(res.body).toHaveProperty('message', 'Access denied. Admins only.');
+        });
+
+        it('should allow access to admin users', async () => {
+            const res = await request(app)
+                .get('/users')
+                .set('Authorization', `Bearer ${adminToken}`);
+
+            expect(res.statusCode).toBe(200);
+        });
+
+        it('should create a new user when an admin user is authenticated', async () => {
+            const res = await request(app)
+                .post('/users')
+                .set('Authorization', `Bearer ${adminToken}`)
+                .send({ email: '[email protected]', password: 'password123', isAdmin: false });
+
+            expect(res.statusCode).toBe(201);
+            expect(res.body).toHaveProperty('_id');
+            expect(res.body.email).toBe('[email protected]');
+        });
+
+        it('should not create a new user when a non-admin user is authenticated', async () => {
+            const res = await request(app)
+                .post('/users')
+                .set('Authorization', `Bearer ${userToken}`)
+                .send({ email: '[email protected]', password: 'password123', isAdmin: false });
+
+            expect(res.statusCode).toBe(403);
+            expect(res.body).toHaveProperty('message', 'Access denied. Admins only.');
+        });
+    });
+});

backend/__tests__/defectConfigsController.test.js

@@ -2,20 +2,31 @@ const request = require('supertest');
 const express = require('express');
 const mongoose = require('mongoose');
 const { MongoMemoryServer } = require('mongodb-memory-server');
+const jwt = require('jsonwebtoken');
 const DefectConfigModel = require('../models/DefectConfigModel');
-const defectConfigRoutes = require('../routes/defectConfigRoutes');
+const { getDefectConfig, updateDefectConfig } = require('../controllers/defectConfigsController');
+const { auth } = require('../middlewares/auth');
 
 // Set up an Express app for testing
 const app = express();
 app.use(express.json());
-app.use('/defect-config', defectConfigRoutes);
+
+// Apply auth middleware
+app.get('/defect-config', auth, getDefectConfig);
+app.post('/defect-config', auth, updateDefectConfig);
+
+const JWT_SECRET = 'test_secret';
 
 let mongoServer;
+let userToken;
 
 beforeAll(async () => {
     mongoServer = await MongoMemoryServer.create();
     const uri = mongoServer.getUri();
-    await mongoose.connect(uri, { useNewUrlParser: true, useUnifiedTopology: true });
+    await mongoose.connect(uri, {});
+    process.env.JWT_SECRET = JWT_SECRET;
+    // Generate a mock token for a regular user
+    userToken = jwt.sign({ email: '[email protected]', isAdmin: false }, process.env.JWT_SECRET);
 });
 
 afterAll(async () => {
@@ -41,64 +52,86 @@ beforeEach(async () => {
 
 describe('Defect Config Endpoints', () => {
     describe('GET /defect-config', () => {
-        it('should return the defect configuration', async () => {
+        it('should return 401 if no token is provided', async () => {
             const res = await request(app).get('/defect-config');
+            expect(res.statusCode).toBe(401);
+            expect(res.body.message).toBe('Access denied. No token provided.');
+        });
+
+        it('should return 200 and the defect config if token is valid', async () => {
+            const res = await request(app)
+                .get('/defect-config')
+                .set('Authorization', `Bearer ${userToken}`);
 
             expect(res.statusCode).toBe(200);
-            expect(res.body).toHaveProperty('greening', 0.1);
-            expect(res.body).toHaveProperty('dryRot', 0.2);
-            expect(res.body).toHaveProperty('wetRot', 0.3);
-            expect(res.body).toHaveProperty('wireWorm', 0.4);
-            expect(res.body).toHaveProperty('malformed', 0.5);
-            expect(res.body).toHaveProperty('growthCrack', 0.6);
-            expect(res.body).toHaveProperty('mechanicalDamage', 0.7);
-            expect(res.body).toHaveProperty('dirtClod', 0.8);
-            expect(res.body).toHaveProperty('stone', 0.9);
+            expect(res.body).toEqual(expect.objectContaining({
+                greening: 0.1,
+                dryRot: 0.2,
+                wetRot: 0.3,
+                wireWorm: 0.4,
+                malformed: 0.5,
+                growthCrack: 0.6,
+                mechanicalDamage: 0.7,
+                dirtClod: 0.8,
+                stone: 0.9,
+            }));
         });
     });
 
     describe('POST /defect-config', () => {
-        it('should update the defect configuration successfully', async () => {
+        it('should return 401 if no token is provided', async () => {
+            const res = await request(app)
+                .post('/defect-config')
+                .send({ greening: 0.15 });
+
+            expect(res.statusCode).toBe(401);
+            expect(res.body.message).toBe('Access denied. No token provided.');
+        });
+
+        it('should update the defect config if token is valid', async () => {
             const updateData = {
                 greening: 0.15,
                 dryRot: 0.25,
-                wetRot: 0.35,
             };
 
             const res = await request(app)
                 .post('/defect-config')
+                .set('Authorization', `Bearer ${userToken}`)
                 .send(updateData);
 
             expect(res.statusCode).toBe(200);
             expect(res.body.message).toBe('Defect configuration updated successfully');
-            expect(res.body.data.greening).toBe(0.15);
-            expect(res.body.data.dryRot).toBe(0.25);
-            expect(res.body.data.wetRot).toBe(0.35);
+            expect(res.body.data).toEqual(expect.objectContaining(updateData));
+
+            const updatedConfig = await DefectConfigModel.findOne();
+            expect(updatedConfig.greening).toBe(0.15);
+            expect(updatedConfig.dryRot).toBe(0.25);
         });
 
-        it('should return 404 if no defect configuration exists', async () => {
+        it('should return 404 if defect config not found', async () => {
             await DefectConfigModel.deleteMany({});
 
             const res = await request(app)
                 .post('/defect-config')
+                .set('Authorization', `Bearer ${userToken}`)
                 .send({ greening: 0.15 });
 
             expect(res.statusCode).toBe(404);
             expect(res.body.message).toBe('Defect configuration not found');
         });
 
-        it('should return 500 if validation fails', async () => {
-            const invalidUpdateData = {
-                greening: 1.5, // Invalid: exceeds max value of 1
-            };
+        it('should handle errors during update', async () => {
+            jest.spyOn(DefectConfigModel.prototype, 'save').mockImplementationOnce(() => {
+                throw new Error('Database error');
+            });
 
             const res = await request(app)
                 .post('/defect-config')
-                .send(invalidUpdateData);
+                .set('Authorization', `Bearer ${userToken}`)
+                .send({ greening: 0.15 });
 
             expect(res.statusCode).toBe(500);
             expect(res.body.message).toBe('Error updating defect configuration');
-            expect(res.body.error).toContain('validation failed');
         });
     });
 });