Dev merge

.gitignore

@@ -1,9 +1,13 @@
 node_modules
 config/dev.js
+config/educado-*.json
 config/gcp_service.json
+
 *.DS_Store
-package-lock.json
 dev.js
+config/.env
+*.idea
+.idea
 
 # enviroment
 .env

__tests__/fixtures/db.js

@@ -3,18 +3,19 @@ const mongoose = require('mongoose');
 let connection, db;
 
 module.exports = async function connectDb() {
-
-	connection =
-    connection ||
-    await mongoose.connect(
-    	global.__MONGO_URI__,
-    	{
-    		useNewUrlParser: true,
-    		useFindAndModify: false
-    	}
-    );
-	//db = db || connection.db(global.MONGO_DB_NAME)
-	db = db || connection.connection.db; // Assign the database object
+    connection =
+        connection ||
+        await mongoose.connect(
+            global.__MONGO_URI__,
+            {
+                useNewUrlParser: true,
+                useUnifiedTopology: true,
+                useFindAndModify: false,
+                useCreateIndex: true,
+            }
+        )
+    //db = db || connection.db(global.__MONGO_DB_NAME__)
+    db = db || connection.connection.db; // Assign the database object
 
-	return db; // Return the database object
-};
+    return db; // Return the database object
+}

__tests__/fixtures/fakeCourse.js

@@ -0,0 +1,13 @@
+module.exports = function makeFakeCourse() {
+
+	return {
+		sections: [],
+		title: 'test course',
+		category: 'test',
+		difficulty: 1,
+		hours: 10,
+		description: "This course is a test course",
+		dateCreated: new Date(),
+		dateUpdated: new Date()
+	};
+};

__tests__/fixtures/fakeCourses.js

@@ -0,0 +1,72 @@
+const courses = [
+  {
+    "title": 'fakeCourse1',
+    "description": 'fakeCourse1 description',
+    "dateCreated": new Date().toJSON(),
+    "dateUpdated": new Date().toJSON(),
+    "category": 'mathematics',
+    "published": false,
+    "sections": [],
+    "creator": [],
+    "difficulty": 1,
+    "time": 1,
+    "rating": 5,
+  },
+  {
+    "title": 'fakeCourse2',
+    "description": 'fakeCourse2 description',
+    "dateCreated": new Date().toJSON(),
+    "dateUpdated": new Date().toJSON(),
+    "category": 'language',
+    "published": false,
+    "sections": [],
+    "creator": ['1234567891011'],
+    "difficulty": 1,
+    "time": 1,
+    "rating": 5,
+  },
+  {
+    "title": 'fakeCourse3',
+    "description": 'fakeCourse3 description',
+    "dateCreated": new Date().toJSON(),
+    "dateUpdated": new Date().toJSON(),
+    "category": 'programming',
+    "published": true,
+    "sections": [],
+    "creator": [],
+    "difficulty": 2,
+    "time": 3,
+    "rating": 5,
+  },
+  {
+    "title": 'fakeCourse4',
+    "description": 'fakeCourse4 description',
+    "dateCreated": new Date().toJSON(),
+    "dateUpdated": new Date().toJSON(),
+    "category": 'music',
+    "published": true,
+    "sections": [],
+    "creator": ['1234567891011'],
+    "difficulty": 6,
+    "time": 2,
+    "rating": 3,
+  }
+];
+
+/**
+ * @returns {Array} Array of fake courses
+ */
+function getFakeCourses() {
+  return courses;
+}
+
+/**
+ * @param {Number} creatorId 
+ * @returns {Array} Array of fake courses created by the creator with the given id
+ */
+function getFakeCoursesByCreator(creatorId) {
+  const res = courses.filter(course => course.creator.includes(creatorId));
+  return res;
+}
+
+module.exports = { getFakeCourses, getFakeCoursesByCreator };

__tests__/fixtures/fakeResetPasswordToken.js

@@ -0,0 +1,8 @@
+const mongoose = require('mongoose');
+
+module.exports = function makeFakeResetPasswordToken(token='1234') {
+    return {
+      token: token,
+      expiresAt: new Date() + 1000 * 60 * 60 * 24 * 7,
+    }
+}

__tests__/fixtures/fakeSection.js

@@ -0,0 +1,14 @@
+module.exports = function makeFakeSection() {
+
+    return {
+        exercises: [],
+        title: 'test section',
+        description: 'this is a test section',
+        sectionNumber: 1,
+        createdAt: Date,
+        modifiedAt: Date,
+        totalPoints: 100,
+        components: [],
+        parentCourse: '',
+    };
+};

__tests__/fixtures/fakeUser.js

@@ -1,12 +1,16 @@
 const { encrypt } = require('../../helpers/password');
+const mongoose = require('mongoose');
 
-module.exports = function makeFakeUser() {
-
-	return {
-		email: 'fake@gmail.com',
-		password: encrypt('ABC123456!'),
-		googleID: '1234567891011',
-		joinedAt: new Date(),
-		modifiedAt: new Date()
-	};
-};
+module.exports = function makeFakeUser(email = 'fake@gmail.com', attempts = []) {
+    return {
+        email: email,
+        password: encrypt('ABC123456!'),
+        googleID: '1234567891011',
+        joinedAt: new Date(),
+        modifiedAt: new Date(),
+        firstName: 'Fake first name',
+        lastName: 'Fake last name',
+        resetAttempts: attempts,
+        subscriptions: []
+    }
+}

__tests__/helpers/email.test.js

@@ -0,0 +1,78 @@
+const exp = require('constants');
+const emailHelper = require('../../helpers/email');
+const nodemailer = require('nodemailer');
+
+jest.mock('nodemailer', () => {
+  return {
+    createTransport: jest.fn(() => {
+      return {
+        sendMail: jest.fn(),
+      };
+    }),
+  };
+});
+
+jest.mock('../../config/keys', () => {
+  return {
+    GMAIL_USER: 'educadotest4@gmail.com',
+    GMAIL_APP_PASSWORD: 'test',
+  };
+});
+
+describe('sendResetPasswordEmail', () => {
+
+  it('should return email if email is sent', async () => {
+    const user = {
+      firstName: 'John',
+      email: 'test@email.com',
+    }
+    const token = '1234';
+
+    const expectedMailOptions = {
+      subject: 'Reset password request for Educado',
+      from: 'educadotest4@gmail.com',
+      to: user.email,
+      text: `Hi ${user.firstName},\n\nYou have requested to reset your password. Please enter the following code in the app to reset your password:\n\n${token}` +
+        `\n\nThis code will expire in 5 minutes.\n\nIf you did not request to reset your password, please ignore this email. Your password will remain unchanged.` +
+        `\n\nBest regards,\nThe Educado team`,
+      html: `<p>Hi ${user.firstName},</p>\n` +
+        `<p>You have requested to reset your password. Please enter the following code in the app to reset your password:</p>\n` +
+        `<p><strong>${token}</strong></p>\n` +
+        `<p>This code will expire in 5 minutes.</p>\n` +
+        `<p>If you did not request this, please ignore this email and your password will remain unchanged.</p>\n` +
+        `<p>Best regards,</p>\n` +
+        `<p>The Educado team</p>`
+    };
+
+    const result = await emailHelper.sendResetPasswordEmail(user, token);
+    expect(result).toMatchObject(expectedMailOptions);
+  });
+});
+
+describe('sendMail', () => {
+
+  it('should return email if email is sent', async () => {
+    const mailOptions = {
+      subject: 'Test email',
+      from: 'educadotest4@gmail.com',
+      to: 'test@user.com',
+      text: 'This is a test email',
+      html: '<p>This is a test email</p>'
+    };
+
+    const result = await emailHelper.sendMail(mailOptions);
+    expect(result).toMatchObject(mailOptions);
+  });
+
+  it('should throw error if email is invalid', async () => {
+    const mailOptions = {
+      subject: 'Test email',
+      from: 'invalid',
+      to: '',
+      text: 'This is a test email',
+      html: '<p>This is a test email</p>'
+    };
+
+    await expect(emailHelper.sendMail(mailOptions)).rejects.toThrow('Invalid email');
+  });
+});

__tests__/middleware/adminOnly.test.js

@@ -0,0 +1,67 @@
+const request = require('supertest');
+const express = require('express');
+const router = require('../../routes/testRoutes'); // Import your router file here
+const connectDb = require('../fixtures/db');
+const { signAccessToken } = require('../../helpers/token');
+const mongoose = require('mongoose');
+
+const app = express();
+app.use(express.json());
+app.use('/api/test', router); // Mount the router under '/api' path
+
+// Start the Express app on a specific port for testing
+const PORT = 5022; // Choose a port for testing
+const server = app.listen(PORT);
+
+// Mocked token secret
+const TOKEN_SECRET = 'test';
+
+// Mock token secret
+jest.mock('../../config/keys', () => {
+	return {
+		TOKEN_SECRET
+	};
+});
+
+describe('Admin token verify', () => {
+	let db;
+
+	beforeAll(done => {
+		done();
+		db = connectDb(); // Connect to the database
+	});
+
+	it('Return an error if no valid admin token is present on private route', async () => {
+		const token = 'ImAnInvalidToken';
+		const response = await request(`http://localhost:${PORT}`)
+			.get('/api/test/adminOnly')
+			.set('token', token)
+
+    console.log(response.body.error)
+
+		expect(response.body.error).toBeDefined();
+	});
+
+	it('Return success if an admin token is valid on a private route', async () => {
+		const token = signAccessToken({ id: 'srdfet784y2uioejqr' });
+
+		// mock that token is valid
+		const response = await request(`http://localhost:${PORT}`)
+			.get('/api/test/adminOnly')
+			.set('token', token)
+			.expect(200);
+	});
+
+	it('Test for non-algorithm attack', async () => {
+		const token = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJub25lIn0.' + btoa(`{"id":1,"iat":${'' + Date.now()},"exp":999999999999}`) + '.';
+		const response = await request(`http://localhost:${PORT}`)
+			.get('/api/test/adminOnly')
+			.set('token', token)
+			.expect(401);
+	});
+
+	afterAll(async () => {
+		server.close();
+		await mongoose.connection.close();
+	});
+});

__tests__/middleware/requireLogin.spec.js

@@ -11,9 +11,7 @@ app.use('/api/test', router); // Mount the router under '/api' path
 
 // Start the Express app on a specific port for testing
 const PORT = 5022; // Choose a port for testing
-const server = app.listen(PORT, () => {
-	console.log(`Express server is running on port ${PORT}`);
-});
+const server = app.listen(PORT);
 
 // Mocked token secret
 const TOKEN_SECRET = 'test';
@@ -62,7 +60,7 @@ describe('JWT verify', () => {
 	});
 
 	afterAll(async () => {
-		server.close();
+		await server.close();
 		await mongoose.connection.close();
 	});
 });