Added API integration tests for console_extensions server side

jloleysens · Feb 7, 2020 · 865601d · 865601d
1 parent a522cdd
commit 865601d
Show file tree

Hide file tree

Showing 4 changed files with 116 additions and 6 deletions.
diff --git a/x-pack/plugins/console_extensions/common/constants.ts b/x-pack/plugins/console_extensions/common/constants.ts
@@ -8,5 +8,5 @@ import { i18n } from '@kbn/i18n';
 export const APP = {
   id: 'console_extensions',
   name: i18n.translate('console_extensions.name', { defaultMessage: 'Console Extensions' }),
-  apiPathBase: '/console_extensions/api',
+  apiPathBase: '/api/console_extensions',
 };
diff --git a/x-pack/plugins/console_extensions/server/routes/api/text_object/update.ts b/x-pack/plugins/console_extensions/server/routes/api/text_object/update.ts
@@ -21,11 +21,18 @@ export const createHandler = ({ getInternalSavedObjectsClient }: HandlerDependen
 ): RequestHandler<unknown, unknown, TextObjectSchemaWithId> => async (ctx, request, response) => {
   const client = getInternalSavedObjectsClient();
   const { id, ...rest } = request.body;
-  await client.update(TEXT_OBJECT.type, id, {
-    userId: username,
-    ...rest,
-  });
-  return response.noContent();
+  try {
+    await client.update(TEXT_OBJECT.type, id, {
+      userId: username,
+      ...rest,
+    });
+    return response.noContent();
+  } catch (e) {
+    if (e.output?.statusCode === 404) {
+      return response.notFound(e.message);
+    }
+    return response.internalError(e);
+  }
 };
 
 export const registerUpdateRoute = ({

diff --git a/x-pack/test/api_integration/apis/console/console_extensions.ts b/x-pack/test/api_integration/apis/console/console_extensions.ts
@@ -0,0 +1,102 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import { FtrProviderContext } from '../../ftr_provider_context';
+
+export default function securityTests({ getService }: FtrProviderContext) {
+  const supertest = getService('supertestWithoutAuth');
+  const security = getService('security');
+  const spaces = getService('spaces');
+
+  describe('/api/console_extensions/text_object/*', () => {
+    const username = 'kibana_user';
+    const roleName = 'kibana_user';
+    const password = `${username}-password`;
+
+    beforeEach(async () => {
+      await security.user.create(username, {
+        password,
+        roles: [roleName],
+        full_name: 'a kibana user',
+      });
+    });
+
+    afterEach(async () => {
+      try {
+        await security.user.delete(username);
+      } catch (e) {
+        // ignore
+      }
+    });
+
+    it('get_all cannot be accessed by an anonymous user', async () => {
+      await supertest
+        .get('/api/console_extensions/text_objects/get_all')
+        .set('kbn-xsrf', 'xxx')
+        .send()
+        .expect(401);
+    });
+
+    it('create cannot be accessed by an anonymous user', async () => {
+      await supertest
+        .post('/api/console_extensions/text_objects/create')
+        .set('kbn-xsrf', 'xxx')
+        .send()
+        .expect(401);
+    });
+
+    it('update cannot be accessed by an anonymous user', async () => {
+      await supertest
+        .put('/api/console_extensions/text_objects/update')
+        .set('kbn-xsrf', 'xxx')
+        .send()
+        .expect(401);
+    });
+
+    it('can create and update a saved object', async () => {
+      const {
+        body: { id },
+      } = await supertest
+        .post('/api/console_extensions/text_objects/create')
+        .set('kbn-xsrf', 'xxx')
+        .auth(username, password)
+        .send({ createdAt: 123, updatedAt: 123, text: 'test' })
+        .expect(200);
+
+      await supertest
+        .put('/api/console_extensions/text_objects/update')
+        .set('kbn-xsrf', 'xxx')
+        .auth(username, password)
+        .send({ id, createdAt: 123, updatedAt: 123, text: 'test' })
+        .expect(204);
+    });
+
+    it('rejects malformed data', async () => {
+      await supertest
+        .post('/api/console_extensions/text_objects/create')
+        .set('kbn-xsrf', 'xxx')
+        .auth(username, password)
+        .send({ BAD: 123, updatedAt: 123, text: 'test' })
+        .expect(400);
+
+      await supertest
+        .put('/api/console_extensions/text_objects/update')
+        .set('kbn-xsrf', 'xxx')
+        .auth(username, password)
+        .send({ id: 'not a real id', BAD: 123, updatedAt: 123, text: 'test' })
+        .expect(400);
+    });
+
+    it('rejects updates to non-existent objects', async () => {
+      await supertest
+        .put('/api/console_extensions/text_objects/update')
+        .set('kbn-xsrf', 'xxx')
+        .auth(username, password)
+        .send({ id: 'not a real id', createdAt: 123, updatedAt: 123, text: 'test' })
+        .expect(404);
+    });
+  });
+}
diff --git a/x-pack/test/api_integration/apis/console/index.ts b/x-pack/test/api_integration/apis/console/index.ts
@@ -8,6 +8,7 @@ import { FtrProviderContext } from '../../ftr_provider_context';
 
 export default function consoleApiIntegrationTests({ loadTestFile }: FtrProviderContext) {
   describe('console', () => {
+    loadTestFile(require.resolve('./console_extensions'));
     loadTestFile(require.resolve('./feature_controls'));
   });
 }