tatort/tests/api/Users.test.ts

import { describe, test, expect, vi, beforeEach } from 'vitest';
import { GET, POST } from '$root/routes/api/users/+server';
import bcrypt from 'bcrypt';

import { addUser, getUsers } from '$lib/server/userService';

vi.mock('$lib/server/userService', () => ({
	addUser: vi.fn(),
	getUsers: vi.fn()
}));

vi.mock('bcrypt', () => ({
	default: {
		hashSync: vi.fn()
	}
}));

describe('API-Endpoint: Users', () => {
	test('Unerlaubter Zugriff', async () => {
		const event = {
			locals: {
				user: null
			}
		};

		const response = await GET(event);
		expect(response.status).toBe(401);

		const errorMessage = { error: 'Unauthorized' };
		const json = await response.json();
		expect(json).toEqual(errorMessage);
	});

	// [INFO] Test auf keine User nicht notwendig, da immer min. ein User vorhanden

	// Mock eingelogter User bzw. stelle locals.user zur Verfügung
	const fakeLoggedInUser = { id: 'admin', admin: true };
	const mockLocals = {
		user: fakeLoggedInUser
	};

	test('Rufe Liste aller User ab', async () => {
		const fakeLoggedInUser = { id: 'admin', admin: true };
		const event = {
			locals: {
				user: fakeLoggedInUser
			}
		};

		const fakeResult = [{ userId: 42, userName: 'admin' }];
		getUsers.mockReturnValueOnce(fakeResult);

		const response = await GET(event);
		expect(response.status).toBe(200);

		const json = await response.json();
		expect(json).toEqual(fakeResult);
	});

	test('Füge Benutzer hinzu: Erfolgreich', async () => {
		// Mocke Parameter und Funktionen von Drittparteien
		const fakeUsersAPIURL = `http://localhost:5173/api/users`;
		const fakeUserID = 42;
		const fakeUsername = 'admin';
		const fakeUserPassword = 'pass-123';

		const mockRequest = new Request(fakeUsersAPIURL, {
			method: 'POST',
			body: JSON.stringify({
				userName: fakeUsername,
				userPassword: fakeUserPassword
			})
		});

		const mockedHash = 'mocked-hash';
		bcrypt.hashSync.mockReturnValueOnce(mockedHash);

		const mockedRowInfo = {
			changes: 1,
			lastInsertRowid: fakeUserID
		};
		addUser.mockReturnValueOnce(mockedRowInfo);

		const response = await POST({
			request: mockRequest,
			locals: mockLocals
		});

		expect(response.status).toBe(201);

		const fakeResult = { userId: fakeUserID, userName: fakeUsername };
		const json = await response.json();
		expect(json).toEqual(fakeResult);

		expect(addUser).toHaveBeenCalledWith(fakeUsername, mockedHash);
	});

	test('Füge Benutzer hinzu: Fehlender Name oder Passwort', async () => {
		// Mocke Parameter und Funktionen von Drittparteien
		const fakeUsersAPIURL = `http://localhost:5173/api/users`;
		const fakeUserID = 42;
		const fakeUsername = '';
		const fakeUserPassword = '';

		const mockRequest = new Request(fakeUsersAPIURL, {
			method: 'POST',
			body: JSON.stringify({
				userName: fakeUsername,
				userPassword: fakeUserPassword
			})
		});

		const response = await POST({
			request: mockRequest,
			locals: mockLocals
		});

		expect(response.status).toBe(400);

		const errorMessage = { error: 'Missing input' };
		const json = await response.json();
		expect(json).toEqual(errorMessage);

		expect(addUser).not.toHaveBeenCalled();
	});

	test('Füge Benutzer hinzu: Nicht erfolgreich, keine Datenbankänderung', async () => {
		// Mocke Parameter und Funktionen von Drittparteien
		const fakeUsersAPIURL = `http://localhost:5173/api/users`;
		const fakeUserID = 42;
		const fakeUsername = 'admin';
		const fakeUserPassword = 'pass-123';

		const mockRequest = new Request(fakeUsersAPIURL, {
			method: 'POST',
			body: JSON.stringify({
				userName: fakeUsername,
				userPassword: fakeUserPassword
			})
		});

		const mockedHash = 'mocked-hash';
		bcrypt.hashSync.mockReturnValueOnce(mockedHash);

		const mockedRowInfo = {
			changes: 0,
			lastInsertRowid: fakeUserID
		};
		addUser.mockReturnValueOnce(mockedRowInfo);

		const response = await POST({
			request: mockRequest,
			locals: mockLocals
		});

		expect(response.status).toBe(400);

		const body = await response.text();
		expect(body).toEqual('');

		expect(addUser).toHaveBeenCalledWith(fakeUsername, mockedHash);
	});
});