search

hiyaryan / the-cdj

The Cognitive Distortion Journal (CDJ) is a smart journaling tool that helps remedy distorted thinking. It can feel impossible to follow the CBT technique of labeling distorted thinking and finding alternative modes of thought (i.e. reframing) while cognitive distortions are occurring. The CDJ does that work for you. -- The CDJ is in beta testing!!
https://thecdj.app
3 stars 0 forks source link

Backend authorization, Jest, and ESLint. #15

Closed hiyaryan closed 9 months ago

hiyaryan commented 9 months ago

This PR tests authorization on the backend. It is also introduces the first instance of Jest unit tests now that the code base has sufficiently grown and authentication/authorization is becoming increasingly important.

hiyaryan commented 9 months ago

This PR marks the start to attempt some TDD. There are some issues around testing the API and passport. Currently determining if the issue is due to a bug in the controller and middleware code or in the setup of the tests itself. It seemingly is due to the test setup. Working through this issue with ChatGPT in two conversations.

CDJ Troubleshoot Test Setup Issues CDJ TDD

Some things to look into is how passport is being used in the controllers and middleware. Incorrect usage may be causing these errors. Another thing is that passport may be trying to use the development test base which is not active in a testing environment (the test version of the database is) to authenticate/authorize a user so another passport strategy may be required to be setup.

Those issues can be resolved in another PR as it is seemingly going to cause a holdup in continuing development. In the meantime, the API was tested manually using curl commands verifying that only authenticated users may access the database and that all endpoints are in fact working as expected. The following commands were used for testing

Testing Entries API

  1. Attempt to Retrieve All Journal Entries
curl -X GET http://localhost:3000/journals/65619e89bba77f3e6cff9580/entries

Attempts to retrieve all entries from the specified journal without authentication.

  1. Attempt to Add a New Journal Entry
curl -X POST http://localhost:3000/journals/65619e89bba77f3e6cff9580/entries \
-H "Content-Type: application/json" \
-d '{"title": "Test Entry", "content": "This is a test entry."}'

Tries to add a new entry to the specified journal without authentication.

  1. Attempt to Retrieve a Specific Journal Entry
curl -X GET http://localhost:3000/journals/65619e89bba77f3e6cff9580/entries/65619e89bba77f3e6cff9582

Attempts to retrieve the specified journal entry without authentication.

  1. Attempt to Update a Journal Entry 
    curl -X PUT http://localhost:3000/journals/65619e89bba77f3e6cff9580/entries/65619e89bba77f3e6cff9582 \
-H "Content-Type: application/json" \
-d '{"title": "Updated Title", "content": "Updated content."}'

Tries to update the specified journal entry without authentication.

  1. Attempt to Delete a Journal Entry 
    curl -X DELETE http://localhost:3000/journals/65619e89bba77f3e6cff9580/entries/65619e89bba77f3e6cff9582

    Attempts to delete the specified journal entry without authentication.

Testing Access API

  1. Valid User Registration 
    curl -X POST http://192.168.50.157:3000/access/register \
-H "Content-Type: application/json" \
-d '{"fname": "Alice", "lname": "Johnson", "email": "alicej92@berkeley.edu", "password": "gobears!2014"}'

Registers a new user with valid credentials.

  1. Valid User Login 
    curl -X POST http://192.168.50.157:3000/access/login \
-H "Content-Type: application/json" \
-d '{"email": "alicej92@berkeley.edu", "password": "gobears!2014"}'

Attempts to log in with valid credentials.

  1. Invalid User Login (Incorrect Password)
curl -X POST http://192.168.50.157:3000/access/login \
-H "Content-Type: application/json" \
-d '{"email": "alicej92@berkeley.edu", "password": "wrongpassword"}'

Attempts to log in with a valid email but incorrect password.

  1. Invalid User Login (Incorrect Email)
curl -X POST http://192.168.50.157:3000/access/login \
-H "Content-Type: application/json" \
-d '{"email": "wrongemail@berkeley.edu", "password": "gobears!2014"}'

Attempts to log in with an incorrect email and valid password.

  1. Valid User Logout 
    curl -X GET http://192.168.50.157:3000/access/logout

Logs out the currently authenticated user.

  1. Invalid User Registration (Existing Email) 
    curl -X POST http://192.168.50.157:3000/access/register \
-H "Content-Type: application/json" \
-d '{"fname": "Alice", "lname": "Johnson", "email": "alicej92@berkeley.edu", "password": "gobears!2014"}'

Attempts to register a user with an already existing email.

  1. Attempt Logout When Not Logged In 
    curl -X GET http://192.168.50.157:3000/access/logout

    Attempts to log out when no user is logged in.

These curl commands are based on new API documentation also added in this PR in the backend docs directory.

Finally, this PR adds ESLint to the backend and lints the entire backend codebase.