From 94ff4c2335ace54b36b2bca96f63226ee8f575b1 Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Mon, 16 Apr 2018 10:48:17 +0200 Subject: [PATCH] Add auth documentation --- server/controllers/api/users.ts | 2 + server/tests/api/check-params/users.ts | 20 + support/doc/api/html/index.html | 676 ++++++++++++++++++ .../doc/api/html/stylesheets/foundation.css | 15 +- support/doc/api/openapi.yaml | 66 ++ 5 files changed, 775 insertions(+), 4 deletions(-) diff --git a/server/controllers/api/users.ts b/server/controllers/api/users.ts index 5e96d789e..abe6b3ff7 100644 --- a/server/controllers/api/users.ts +++ b/server/controllers/api/users.ts @@ -88,6 +88,8 @@ usersRouter.get('/', ) usersRouter.get('/:id', + authenticate, + ensureUserHasRight(UserRight.MANAGE_USERS), asyncMiddleware(usersGetValidator), getUser ) diff --git a/server/tests/api/check-params/users.ts b/server/tests/api/check-params/users.ts index ee591d620..a3e415b94 100644 --- a/server/tests/api/check-params/users.ts +++ b/server/tests/api/check-params/users.ts @@ -308,6 +308,26 @@ describe('Test users API validators', function () { }) }) + describe('When getting a user', function () { + before(async function () { + const res = await getUsersList(server.url, server.accessToken) + + userId = res.body.data[1].id + }) + + it('Should fail with an non authenticated user', async function () { + await makeGetRequest({ url: server.url, path: path + userId, token: 'super token', statusCodeExpected: 401 }) + }) + + it('Should fail with a non admin user', async function () { + await makeGetRequest({ url: server.url, path, token: userAccessToken, statusCodeExpected: 403 }) + }) + + it('Should succeed with the correct params', async function () { + await makeGetRequest({ url: server.url, path: path + userId, token: server.accessToken, statusCodeExpected: 200 }) + }) + }) + describe('When updating a user', function () { before(async function () { diff --git a/support/doc/api/html/index.html b/support/doc/api/html/index.html index 8b0990bf1..bf9430e79 100644 --- a/support/doc/api/html/index.html +++ b/support/doc/api/html/index.html @@ -19,6 +19,7 @@