Merge branch 'dev' into dr_1500_quota_unit_tests

david-rocca · web-flow · commit 83ae111d50ed · 2025-09-15T11:13:26.000-04:00
diff --git a/test/unit-tests/org/orgGetSingleTest.js b/test/unit-tests/org/orgGetSingleTest.js
@@ -1,196 +1,179 @@
-const express = require('express')
-const app = express()
+const sinon = require('sinon')
 const chai = require('chai')
 const expect = chai.expect
-chai.use(require('chai-http'))
-
-// Body Parser Middleware
-app.use(express.json()) // Allows us to handle raw JSON data
-app.use(express.urlencoded({ extended: false })) // Allows us to handle url encoded data
-const middleware = require('../../../src/middleware/middleware')
-app.use(middleware.createCtxAndReqUUID)
-
-const errors = require('../../../src/controller/org.controller/error')
-const error = new errors.OrgControllerError()
-
-const orgFixtures = require('./mockObjects.org')
-const orgController = require('../../../src/controller/org.controller/org.controller')
-const orgParams = require('../../../src/controller/org.controller/org.middleware')
-
-class OrgGet {
-  async aggregate (aggregation) {
-    if (aggregation[0].$match.short_name === orgFixtures.existentOrg.short_name) {
-      return [orgFixtures.existentOrg]
-    } else if (aggregation[0].$match.short_name === orgFixtures.owningOrg.short_name) {
-      return [orgFixtures.owningOrg]
-    } else if (aggregation[0].$match.UUID === orgFixtures.owningOrg.UUID) {
-      return [orgFixtures.owningOrg]
-    }
-
-    return []
+const { faker } = require('@faker-js/faker')
+const mongoose = require('mongoose')
+
+const { ORG_SINGLE } = require('../../../src/controller/org.controller/org.controller')
+const BaseOrgRepository = require('../../../src/repositories/baseOrgRepository.js')
+const BaseOrg = require('../../../src/model/baseorg.js')
+
+const { OrgControllerError } = require('../../../src/controller/org.controller/error.js')
+const error = new OrgControllerError()
+
+// Test Fixtures
+const orgFixtures = {
+  secretariatOrg: {
+    UUID: '1633f81e-9202-4688-929a-6a549554a8e2',
+    short_name: 'mitre',
+    name: 'The MITRE Corporation',
+    authority: { active_roles: ['CNA', 'SECRETARIAT'] },
+    policies: { id_quota: 1000 }
+  },
+  regularOrg: {
+    UUID: '2744f81e-9202-4688-929a-6a549554a8e3',
+    short_name: 'cisco',
+    name: 'Cisco Systems',
+    authority: { active_roles: ['CNA'] },
+    policies: { id_quota: 500 }
+  },
+  targetOrg: {
+    UUID: '3855f81e-9202-4688-929a-6a549554a8e4',
+    short_name: 'targetorg',
+    name: 'Target Organization',
+    authority: { active_roles: ['CNA'] },
+    policies: { id_quota: 300 }
   }
+}
 
-  async isSecretariat (shortname) {
-    if (shortname === orgFixtures.secretariatHeader['CVE-API-ORG']) {
-      return true
-    } else {
-      return false
+const fakeSecretariatOrgDocument = new BaseOrg(orgFixtures.secretariatOrg)
+const fakeRegularOrgDocument = new BaseOrg(orgFixtures.regularOrg)
+const fakeTargetOrgDocument = new BaseOrg(orgFixtures.targetOrg)
+
+describe('Testing the GET /org/:identifier endpoint in Org Controller', () => {
+  let status, json, res, next, mockSession, baseOrgRepo, getBaseOrgRepository, req
+
+  beforeEach(() => {
+    status = sinon.stub()
+    json = sinon.spy()
+    res = { json, status }
+    next = sinon.spy()
+    status.returns(res)
+
+    // Stub Mongoose session methods
+    mockSession = {
+      startTransaction: sinon.stub(),
+      commitTransaction: sinon.stub().resolves(),
+      abortTransaction: sinon.stub().resolves(),
+      endSession: sinon.stub().resolves()
     }
-  }
+    sinon.stub(mongoose, 'startSession').resolves(mockSession)
+
+    baseOrgRepo = new BaseOrgRepository()
+    getBaseOrgRepository = sinon.stub().returns(baseOrgRepo)
+
+    req = {
+      ctx: {
+        org: orgFixtures.secretariatOrg.short_name,
+        uuid: faker.datatype.uuid(),
+        params: {
+          identifier: orgFixtures.targetOrg.short_name
+        },
+        repositories: {
+          getBaseOrgRepository
+        }
+      },
+      useRegistry: false
+    }
+  })
 
-  async findOneByShortName (shortname) {
-    return orgFixtures.owningOrg
-  }
-}
+  afterEach(() => {
+    sinon.restore()
+  })
 
-describe.skip('Testing the GET /org/:identifier endpoint in Org Controller', () => {
   context('Negative Tests', () => {
-    it('Org does not exists', async () => {
-      app.route('/org-cant-get-doesnt-exist/:identifier')
-        .get((req, res, next) => {
-          const factory = {
-            getOrgRepository: () => { return new OrgGet() }
-          }
-          req.ctx.repositories = factory
-          next()
-        }, orgParams.parseGetParams, orgController.ORG_SINGLE)
-
-      const res = await chai.request(app)
-        .get(`/org-cant-get-doesnt-exist/${orgFixtures.nonExistentOrg.short_name}`)
-        .set(orgFixtures.secretariatHeader)
-
-      expect(res).to.have.status(404)
-      expect(res).to.have.property('body').and.to.be.a('object')
-      const errObj = error.orgDne(orgFixtures.nonExistentOrg.short_name, 'identifier', 'path')
-      expect(res.body.error).to.equal(errObj.error)
-      expect(res.body.message).to.equal(errObj.message)
+    it('Org does not exist', async () => {
+      req.ctx.params.identifier = 'nonexistent-org'
+      sinon.stub(baseOrgRepo, 'findOneByShortName').resolves(fakeSecretariatOrgDocument)
+      sinon.stub(baseOrgRepo, 'isSecretariat').resolves(true)
+      sinon.stub(baseOrgRepo, 'getOrg').resolves(null)
+
+      await ORG_SINGLE(req, res, next)
+
+      const errObj = error.orgDne('nonexistent-org', 'identifier', 'path')
+      expect(status.args[0][0]).to.equal(404)
+      expect(res.json.args[0][0].error).to.equal(errObj.error)
+      expect(res.json.args[0][0].message).to.equal(errObj.message)
     })
 
-    it('Org exists and requester is not a user of the same org or is secretariat', (done) => {
-      app.route('/org-cant-get-user-not-secretariat-or-same-org/:identifier')
-        .get((req, res, next) => {
-          const factory = {
-            getOrgRepository: () => { return new OrgGet() }
-          }
-          req.ctx.repositories = factory
-          next()
-        }, orgParams.parseGetParams, orgController.ORG_SINGLE)
-
-      chai.request(app)
-        .get(`/org-cant-get-user-not-secretariat-or-same-org/${orgFixtures.owningOrg.short_name}`)
-        .set(orgFixtures.orgHeader)
-        .end((err, res) => {
-          if (err) {
-            done(err)
-          }
-
-          expect(res).to.have.status(403)
-          expect(res).to.have.property('body').and.to.be.a('object')
-          const errObj = error.notSameOrgOrSecretariat()
-          expect(res.body.error).to.equal(errObj.error)
-          expect(res.body.message).to.equal(errObj.message)
-          done()
-        })
+    it('Org exists but requester is not same org or secretariat', async () => {
+      req.ctx.org = orgFixtures.regularOrg.short_name // Regular org
+      req.ctx.params.identifier = orgFixtures.targetOrg.short_name
+      sinon.stub(baseOrgRepo, 'findOneByShortName').resolves(fakeRegularOrgDocument)
+      sinon.stub(baseOrgRepo, 'isSecretariat').resolves(false)
+
+      await ORG_SINGLE(req, res, next)
+
+      const errObj = error.notSameOrgOrSecretariat()
+      expect(status.args[0][0]).to.equal(403)
+      expect(res.json.args[0][0].error).to.equal(errObj.error)
+      expect(res.json.args[0][0].message).to.equal(errObj.message)
     })
 
-    it('Invalid UUID requesting an org', (done) => {
-      app.route('/org-get-org-by-invalid-uuid/:identifier')
-        .get((req, res, next) => {
-          const factory = {
-            getOrgRepository: () => { return new OrgGet() }
-          }
-          req.ctx.repositories = factory
-          next()
-        }, orgParams.parseGetParams, orgController.ORG_SINGLE)
-
-      chai.request(app)
-        .get(`/org-get-org-by-uuid/${'nonexistent123'}`)
-        .set(orgFixtures.owningOrgHeader)
-        .end((err, res) => {
-          if (err) {
-            done(err)
-          }
-          expect(res).to.have.status(404)
-          expect(res).to.have.property('body').and.to.be.a('object')
-          done()
-        })
+    it('Invalid UUID requesting an org', async () => {
+      // UUID format is invalid and will cause the controller to search by short name
+      req.ctx.params.identifier = 'invalid-uuid-123'
+      sinon.stub(baseOrgRepo, 'findOneByShortName').resolves(fakeSecretariatOrgDocument)
+      sinon.stub(baseOrgRepo, 'isSecretariat').resolves(true)
+      sinon.stub(baseOrgRepo, 'getOrg').resolves(null)
+
+      await ORG_SINGLE(req, res, next)
+
+      expect(status.args[0][0]).to.equal(404)
+      expect(res.json.args[0][0]).to.have.property('error')
     })
   })
 
   context('Positive Tests', () => {
-    it('Org exists and requester is secretariat', (done) => {
-      app.route('/org-get-does-exist/:identifier')
-        .get((req, res, next) => {
-          const factory = {
-            getOrgRepository: () => { return new OrgGet() }
-          }
-          req.ctx.repositories = factory
-          next()
-        }, orgParams.parseGetParams, orgController.ORG_SINGLE)
-
-      chai.request(app)
-        .get(`/org-get-does-exist/${orgFixtures.existentOrg.short_name}`)
-        .set(orgFixtures.secretariatHeader)
-        .end((err, res) => {
-          if (err) {
-            done(err)
-          }
-
-          expect(res).to.have.status(200)
-          expect(res).to.have.property('body').and.to.be.a('object')
-          expect(res.body).to.have.property('short_name').and.to.equal(orgFixtures.existentOrg.short_name)
-          done()
-        })
+    it('Secretariat can access any org by shortname', async () => {
+      // Org exists and requester is secretariat
+      sinon.stub(baseOrgRepo, 'findOneByShortName').resolves(fakeSecretariatOrgDocument)
+      sinon.stub(baseOrgRepo, 'isSecretariat').resolves(true)
+      sinon.stub(baseOrgRepo, 'getOrg').resolves(orgFixtures.targetOrg)
+
+      await ORG_SINGLE(req, res, next)
+
+      expect(status.args[0][0]).to.equal(200)
+      expect(res.json.args[0][0]).to.deep.equal(orgFixtures.targetOrg)
     })
 
-    it('Org exists and requester is a user of the same org', (done) => {
-      app.route('/org-get-does-exist-user-same-org/:identifier')
-        .get((req, res, next) => {
-          const factory = {
-            getOrgRepository: () => { return new OrgGet() }
-          }
-          req.ctx.repositories = factory
-          next()
-        }, orgParams.parseGetParams, orgController.ORG_SINGLE)
-
-      chai.request(app)
-        .get(`/org-get-does-exist-user-same-org/${orgFixtures.owningOrg.short_name}`)
-        .set(orgFixtures.owningOrgHeader)
-        .end((err, res) => {
-          if (err) {
-            done(err)
-          }
-
-          expect(res).to.have.status(200)
-          expect(res).to.have.property('body').and.to.be.a('object')
-          expect(res.body).to.have.property('short_name').and.to.equal(orgFixtures.owningOrg.short_name)
-          done()
-        })
+    it('Non-secretariat can access same org by shortname', async () => {
+      // Org exists and requester is a user of the same org
+      req.ctx.org = orgFixtures.targetOrg.short_name
+      req.ctx.params.identifier = orgFixtures.targetOrg.short_name
+      sinon.stub(baseOrgRepo, 'findOneByShortName').resolves(fakeTargetOrgDocument)
+      sinon.stub(baseOrgRepo, 'isSecretariat').resolves(false)
+      sinon.stub(baseOrgRepo, 'getOrg').resolves(orgFixtures.targetOrg)
+
+      await ORG_SINGLE(req, res, next)
+
+      expect(status.args[0][0]).to.equal(200)
+      expect(res.json.args[0][0]).to.deep.equal(orgFixtures.targetOrg)
     })
 
-    it('Valid UUID requesting an org', (done) => {
-      app.route('/org-get-org-by-uuid/:identifier')
-        .get((req, res, next) => {
-          const factory = {
-            getOrgRepository: () => { return new OrgGet() }
-          }
-          req.ctx.repositories = factory
-          next()
-        }, orgParams.parseGetParams, orgController.ORG_SINGLE)
-
-      chai.request(app)
-        .get(`/org-get-org-by-uuid/${orgFixtures.owningOrg.UUID}`)
-        .set(orgFixtures.owningOrgHeader)
-        .end((err, res) => {
-          if (err) {
-            done(err)
-          }
-
-          expect(res).to.have.status(200)
-          expect(res).to.have.property('body').and.to.be.a('object')
-          expect(res.body).to.have.property('UUID').and.to.equal(orgFixtures.owningOrg.UUID)
-          done()
-        })
+    it('Non-secretariat can access same org by UUID', async () => {
+      req.ctx.org = orgFixtures.targetOrg.short_name
+      req.ctx.params.identifier = orgFixtures.targetOrg.UUID
+      sinon.stub(baseOrgRepo, 'findOneByShortName').resolves(fakeTargetOrgDocument)
+      sinon.stub(baseOrgRepo, 'isSecretariat').resolves(false)
+      sinon.stub(baseOrgRepo, 'getOrg').resolves(orgFixtures.targetOrg)
+
+      await ORG_SINGLE(req, res, next)
+
+      expect(status.args[0][0]).to.equal(200)
+      expect(res.json.args[0][0]).to.deep.equal(orgFixtures.targetOrg)
+    })
+
+    it('Secretariat can access an org by UUID', async () => {
+      req.ctx.params.identifier = orgFixtures.targetOrg.UUID
+      sinon.stub(baseOrgRepo, 'findOneByShortName').resolves(fakeSecretariatOrgDocument)
+      sinon.stub(baseOrgRepo, 'isSecretariat').resolves(true)
+      sinon.stub(baseOrgRepo, 'getOrg').resolves(orgFixtures.targetOrg)
+
+      await ORG_SINGLE(req, res, next)
+
+      expect(status.args[0][0]).to.equal(200)
+      expect(res.json.args[0][0]).to.deep.equal(orgFixtures.targetOrg)
     })
   })
 })
