joachim/location-mqtt-tracker-app
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e78d961f119f147ce3801f0e7f4cc2721822b31d
location-mqtt-tracker-app/scripts/test-user-visibility.js
Joachim Hummel 843e93a274 first commit
2025-11-24 16:30:37 +00:00

102 lines
2.7 KiB
JavaScript
Raw Blame History

#!/usr/bin/env node
/**
* Test script to verify user visibility restrictions
* - Admin can see all users including "admin"
* - Non-admin users (like "joachim") cannot see the "admin" user
*/
const baseUrl = 'http://localhost:3001';
async function login(username, password) {
const response = await fetch(`${baseUrl}/api/auth/signin`, {
method: 'POST',
headers: {
'Content-Type': 'application/json',
},
body: JSON.stringify({ username, password }),
});
const cookies = response.headers.get('set-cookie');
return cookies;
}
async function getUsers(cookies) {
const response = await fetch(`${baseUrl}/api/users`, {
headers: {
'Cookie': cookies,
},
});
if (!response.ok) {
const error = await response.json();
throw new Error(`Failed to get users: ${error.error}`);
}
const data = await response.json();
return data.users;
}
async function testAdminUser() {
console.log('\n🔍 Testing with "admin" user:');
console.log('================================');
try {
const cookies = await login('admin', 'admin123');
const users = await getUsers(cookies);
console.log(`✓ Admin can see ${users.length} user(s):`);
users.forEach(user => {
console.log(` - ${user.username} (${user.role})`);
});
const hasAdminUser = users.some(u => u.username === 'admin');
if (hasAdminUser) {
console.log('✓ Admin can see the "admin" user ✓');
} else {
console.log('✗ FAIL: Admin cannot see the "admin" user');
}
} catch (error) {
console.log(`✗ FAIL: ${error.message}`);
}
}
async function testJoachimUser() {
console.log('\n🔍 Testing with "joachim" user:');
console.log('================================');
try {
const cookies = await login('joachim', 'joachim123');
const users = await getUsers(cookies);
console.log(`✓ Joachim can see ${users.length} user(s):`);
users.forEach(user => {
console.log(` - ${user.username} (${user.role})`);
});
const hasAdminUser = users.some(u => u.username === 'admin');
if (!hasAdminUser) {
console.log('✓ Joachim cannot see the "admin" user ✓');
} else {
console.log('✗ FAIL: Joachim can see the "admin" user (should be hidden)');
}
} catch (error) {
console.log(`✗ FAIL: ${error.message}`);
}
}
async function main() {
console.log('Testing User Visibility Restrictions');
console.log('=====================================\n');
console.log('Expected behavior:');
console.log(' - Admin user can see all users including "admin"');
console.log(' - Non-admin users (joachim) cannot see "admin" user\n');
await testAdminUser();
await testJoachimUser();
console.log('\n✓ Test completed!');
}
main().catch(console.error);
Reference in New Issue View Git Blame Copy Permalink