From 0907a73b80b062ab01814f225f2156356bc78ced Mon Sep 17 00:00:00 2001
From: Alexander Sadovsky <alino.sadovsky@gmail.com>
Date: Wed, 5 Sep 2018 16:08:27 +0200
Subject: [PATCH] fix tests

---
 api/policies/isResourceOwner.js               | 23 +++++++++++++++++++
 api/policies/isRootUser.js                    | 13 +++++++++++
 app.js                                        | 16 ++-----------
 functions.js                                  | 19 +++++++++++++++
 test/bootstrap.test.js                        |  1 +
 .../controllers/AssetController.test.js       |  5 +++-
 .../controllers/JobController.test.js         |  7 +++++-
 .../controllers/TaskController.test.js        |  5 +++-
 8 files changed, 72 insertions(+), 17 deletions(-)
 create mode 100644 api/policies/isResourceOwner.js
 create mode 100644 api/policies/isRootUser.js
 create mode 100644 functions.js

diff --git a/api/policies/isResourceOwner.js b/api/policies/isResourceOwner.js
new file mode 100644
index 0000000..226247a
--- /dev/null
+++ b/api/policies/isResourceOwner.js
@@ -0,0 +1,23 @@
+var constants = require('../../constants');
+
+module.exports = function(req, res, next) {
+
+  const root_api_key = constants.ROOT_USER_API_KEY;
+  
+  console.log('checking if is resource owner');
+  Account.findOne({ token: req.query.access_token || req.get('Authorization').replace('Bearer ', '') })
+  .then((account) => {
+    if (!account) { return res.serverError('Auth error: No account found with this token.') }
+    if (account.token == root_api_key) return next();
+    return Job.findOne({ ownerId: account.id, id: req.param('id') });
+  })
+  .then((job) => {
+    if (job) return next();
+  })
+  .catch((err) => {
+    return res.forbidden('You are not permitted to perform this action. Only localhost account can do this.');
+  })
+  
+  
+
+};
diff --git a/api/policies/isRootUser.js b/api/policies/isRootUser.js
new file mode 100644
index 0000000..bd50d87
--- /dev/null
+++ b/api/policies/isRootUser.js
@@ -0,0 +1,13 @@
+var constants = require('../../constants');
+
+module.exports = function(req, res, next) {
+
+  const root_api_key = constants.ROOT_USER_API_KEY;
+  
+  console.log('checking if is localhost account');
+  if (req.query.access_token == root_api_key || req.get('Authorization') == `Bearer ${root_api_key}`) {
+    return next();
+  }
+
+  return res.forbidden('You are not permitted to perform this action. Only localhost account can do this.');
+};
diff --git a/app.js b/app.js
index 8560418..ba6f707 100644
--- a/app.js
+++ b/app.js
@@ -19,9 +19,7 @@
  */
 
 require('ts-node/register');
-var constants = require('./constants');
-
-
+var createLocalHostAccount = require('./functions').createLocalHostAccount;
 
 // Ensure we're in the project directory, so cwd-relative paths work as expected
 // no matter where we actually lift from.
@@ -63,16 +61,6 @@ try {
 // Start server
 sails.lift(rc('sails'));
 
-// create default localhost account.
 sails.on('ready', () => {
-  const defaultLocalHostAcc = {
-    hostname: constants.ROOT_USER_HOSTNAME,
-    api_key: constants.ROOT_USER_API_KEY
-  }
-  Account.findOrCreate({ hostname: defaultLocalHostAcc.hostname }, defaultLocalHostAcc)
-  .exec((err, recordFound, newRecord) => {
-    if (err) console.error(err);
-    if (recordFound) console.log('default localhost account already exist.');
-    if (newRecord) console.log('created a default localhost account.');
-  });
+  createLocalHostAccount();
 });
\ No newline at end of file
diff --git a/functions.js b/functions.js
new file mode 100644
index 0000000..951046f
--- /dev/null
+++ b/functions.js
@@ -0,0 +1,19 @@
+var constants = require('./constants');
+
+function createLocalHostAccount(callback) {
+  const defaultLocalHostAcc = {
+    hostname: constants.ROOT_USER_HOSTNAME,
+    api_key: constants.ROOT_USER_API_KEY
+  }
+  Account.findOrCreate({ hostname: defaultLocalHostAcc.hostname }, defaultLocalHostAcc)
+    .exec((err, recordFound, newRecord) => {
+      if (err) console.error(err);
+      if (recordFound) console.log('default localhost account already exist.');
+      if (newRecord) console.log('created a default localhost account.');
+      if (callback) callback();
+    });
+}
+
+module.exports = {
+  createLocalHostAccount
+}
\ No newline at end of file
diff --git a/test/bootstrap.test.js b/test/bootstrap.test.js
index e6952e0..c3a64e7 100644
--- a/test/bootstrap.test.js
+++ b/test/bootstrap.test.js
@@ -1,4 +1,5 @@
 var sails = require('sails');
+var constants = require('../constants');
 
 before(function(done) {
 
diff --git a/test/integration/controllers/AssetController.test.js b/test/integration/controllers/AssetController.test.js
index 2d89841..fd46a4e 100644
--- a/test/integration/controllers/AssetController.test.js
+++ b/test/integration/controllers/AssetController.test.js
@@ -1,6 +1,8 @@
 var request = require('supertest');
 var expect = require('expect');
 var _ = require('lodash');
+var constants = require('../../../constants');
+var createLocalHostAccount = require('../../../functions').createLocalHostAccount;
 
 describe('AssetController', function () {
 
@@ -12,7 +14,7 @@ describe('AssetController', function () {
         submitter: 'symfonie.com/123'
       }).exec((err, res) => {
         if (err) console.error(err);
-        done();
+        createLocalHostAccount(done);
       });
 
       sails.once('hook:orm:reloaded', cb);
@@ -22,6 +24,7 @@ describe('AssetController', function () {
     it('should handle file upload and asset creation', function (done) {
       request(sails.hooks.http.app)
         .post('/jobs/1/assets/uploadfile')
+        .set('Authorization', 'Bearer ' + constants.ROOT_USER_API_KEY)
         .field('sourceLanguage', 'en')
         .field('encoding', 'utf8')
         .attach('asset', 'test/fixtures/testAssetFile.txt')
diff --git a/test/integration/controllers/JobController.test.js b/test/integration/controllers/JobController.test.js
index 27a0733..c757988 100644
--- a/test/integration/controllers/JobController.test.js
+++ b/test/integration/controllers/JobController.test.js
@@ -1,9 +1,13 @@
 var request = require('supertest');
 var expect = require('expect');
+var constants = require('../../../constants');
+var createLocalHostAccount = require('../../../functions').createLocalHostAccount;
 
 describe('JobController', function() {
   beforeEach((done) => {
-    sails.once('hook:orm:reloaded', done);
+    sails.once('hook:orm:reloaded', () => {
+      createLocalHostAccount(done);
+    });
     sails.emit('hook:orm:reload');
   })
 
@@ -11,6 +15,7 @@ describe('JobController', function() {
     it('should return all Jobs', function (done) {
       request(sails.hooks.http.app)
         .get('/jobs')
+        .set('Authorization', 'Bearer ' + constants.ROOT_USER_API_KEY)
         .expect(200)
         .then((response) => {
           expect(response.body).toEqual([]);
diff --git a/test/integration/controllers/TaskController.test.js b/test/integration/controllers/TaskController.test.js
index 977f996..f6f9e67 100644
--- a/test/integration/controllers/TaskController.test.js
+++ b/test/integration/controllers/TaskController.test.js
@@ -1,6 +1,8 @@
 var request = require('supertest');
 var expect = require('expect');
 var _ = require('lodash');
+var constants = require('../../../constants');
+var createLocalHostAccount = require('../../../functions').createLocalHostAccount;
 
 describe('TaskController', function () {
   const fixtures = {
@@ -27,7 +29,7 @@ describe('TaskController', function () {
       }).then(() => {
         return Task.create(fixtures.tasks[0])
       }).then(() => {
-        done()
+        createLocalHostAccount(done);
       });
 
       sails.once('hook:orm:reloaded', cb);
@@ -39,6 +41,7 @@ describe('TaskController', function () {
 
       request(sails.hooks.http.app)
         .post('/assets/1/tasks/1/uploaddeliverable')
+        .set('Authorization', 'Bearer ' + constants.ROOT_USER_API_KEY)
         .attach('deliverable', 'test/fixtures/testDeliverableFile.txt')
         .expect(200)
         .then((response) => {