Skip to content

Commit

Permalink
Add tests for waitlist locking and unlocking (#666)
Browse files Browse the repository at this point in the history
  • Loading branch information
@goto-bus-stop
goto-bus-stop authored Nov 25, 2024
1 parent 4ec71f3 commit 4c25435
Showing 1 changed file with 176 additions and 0 deletions.
176 changes: 176 additions & 0 deletions test/waitlist.mjs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -150,6 +150,34 @@ describe('Waitlist', () => {
sinon.assert.match(res.body.errors[0], { code: 'already-in-waitlist' });
});

it('requires waitlist.join permission to join', async () => {
const token = await uw.test.createTestSessionToken(user);
await createTestPlaylistItem(user);

const ws = await uw.test.connectToWebSocketAs(user);

await uw.acl.createRole('waitlistJoiner', ['waitlist.join']);

const notAllowedRes = await supertest(uw.server)
.post('/api/waitlist')
.set('Cookie', `uwsession=${token}`)
.send({ userID: user.id })
.expect(403);
sinon.assert.match(notAllowedRes.body, {
errors: sinon.match.some(sinon.match.has('code', 'forbidden')),
});

await uw.acl.allow(user, ['waitlistJoiner']);

await supertest(uw.server)
.post('/api/waitlist')
.set('Cookie', `uwsession=${token}`)
.send({ userID: user.id })
.expect(200);

ws.close();
});

it('requires the waitlist.add role to add other users', async () => {
const token = await uw.test.createTestSessionToken(user);
await uw.acl.allow(user, ['user']);
Expand All @@ -176,5 +204,153 @@ describe('Waitlist', () => {
.send({ userID: testSubject.id })
.expect(200);
});

it('prevents joining when waitlist is locked', async () => {
const token = await uw.test.createTestSessionToken(user);
const joiner = await uw.test.createUser();
const joinerToken = await uw.test.createTestSessionToken(joiner);

await uw.acl.createRole('waitlistJoiner', ['waitlist.join']);
await uw.acl.createRole('waitlistLocker', ['waitlist.lock']);

await uw.acl.allow(joiner, ['waitlistJoiner']);
await uw.acl.allow(user, ['waitlistLocker']);

const ws = await uw.test.connectToWebSocketAs(joiner);
await createTestPlaylistItem(joiner);

await supertest(uw.server)
.put('/api/waitlist/lock')
.set('Cookie', `uwsession=${token}`)
.send({ lock: true })
.expect(200);

const lockedRes = await supertest(uw.server)
.post('/api/waitlist')
.set('Cookie', `uwsession=${joinerToken}`)
.send({ userID: joiner.id })
.expect(403);
sinon.assert.match(lockedRes.body, {
errors: sinon.match.some(sinon.match.has('code', 'waitlist-locked')),
});

// Unlock & try again
await supertest(uw.server)
.put('/api/waitlist/lock')
.set('Cookie', `uwsession=${token}`)
.send({ lock: false })
.expect(200);

await supertest(uw.server)
.post('/api/waitlist')
.set('Cookie', `uwsession=${joinerToken}`)
.send({ userID: joiner.id })
.expect(200);

ws.close();
});

it('requires waitlist.join.locked permission to join if locked', async () => {
const token = await uw.test.createTestSessionToken(user);
const joiner = await uw.test.createUser();
const joinerToken = await uw.test.createTestSessionToken(joiner);

await uw.acl.createRole('waitlistJoiner', ['waitlist.join']);
await uw.acl.createRole('waitlistSuperJoiner', ['waitlist.join.locked']);
await uw.acl.createRole('waitlistLocker', ['waitlist.lock']);

await uw.acl.allow(joiner, ['waitlistJoiner']);
await uw.acl.allow(user, ['waitlistLocker']);

const ws = await uw.test.connectToWebSocketAs(joiner);
await createTestPlaylistItem(joiner);

await supertest(uw.server)
.put('/api/waitlist/lock')
.set('Cookie', `uwsession=${token}`)
.send({ lock: true })
.expect(200);

const lockedRes = await supertest(uw.server)
.post('/api/waitlist')
.set('Cookie', `uwsession=${joinerToken}`)
.send({ userID: joiner.id })
.expect(403);
sinon.assert.match(lockedRes.body, {
errors: sinon.match.some(sinon.match.has('code', 'waitlist-locked')),
});

await uw.acl.allow(joiner, ['waitlistSuperJoiner']);

await supertest(uw.server)
.post('/api/waitlist')
.set('Cookie', `uwsession=${joinerToken}`)
.send({ userID: joiner.id })
.expect(200);

ws.close();
});
});

describe('PUT /waitlist/lock', () => {
it('requires authentication', async () => {
await supertest(uw.server)
.put('/api/waitlist/lock')
.expect(401);
});

it('requires the waitlist.lock role', async () => {
const token = await uw.test.createTestSessionToken(user);
await uw.acl.createRole('waitlistLocker', ['waitlist.lock']);

await supertest(uw.server)
.put('/api/waitlist/lock')
.set('Cookie', `uwsession=${token}`)
.send({ lock: true })
.expect(403);

await uw.acl.allow(user, ['waitlistLocker']);

await supertest(uw.server)
.put('/api/waitlist/lock')
.set('Cookie', `uwsession=${token}`)
.send({ lock: true })
.expect(200);
});

it('validates input', async () => {
const token = await uw.test.createTestSessionToken(user);
await uw.acl.createRole('waitlistLocker', ['waitlist.lock']);
await uw.acl.allow(user, ['waitlistLocker']);

await supertest(uw.server)
.put('/api/waitlist/lock')
.set('Cookie', `uwsession=${token}`)
.send({ lock: 'not a boolean' })
.expect(400);

await supertest(uw.server)
.put('/api/waitlist/lock')
.set('Cookie', `uwsession=${token}`)
.expect(400);

await supertest(uw.server)
.put('/api/waitlist/lock')
.set('Cookie', `uwsession=${token}`)
.send({ no: 'lock property' })
.expect(400);

await supertest(uw.server)
.put('/api/waitlist/lock')
.set('Cookie', `uwsession=${token}`)
.send({ lock: false })
.expect(200);

await supertest(uw.server)
.put('/api/waitlist/lock')
.set('Cookie', `uwsession=${token}`)
.send({ lock: true })
.expect(200);
});
});
});

0 comments on commit 4c25435

Please sign in to comment.