chore: 2132 update deps & fix unit tests (#64)

* chore(package): update deps

* tests: fix false positive tests

* chore(vulnerabilities): postpone for a month

package.json

@@ -24,13 +24,13 @@
     "standard": "echo '\\033[1;33m  This project uses eslint instead of standard. Use `npm run lint` instead.'",
     "start": "ts-node -r tsconfig-paths/register -P ./tsconfig.build.json ./src/cli.ts",
     "dev": "nodemon --watch 'src/**/*.ts' --exec 'ts-node' src/cli.ts",
-    "test": "npm run test:unit test:integration",
+    "test": "npm run test:unit",
     "test:bdd": "jest --config './jest.bdd.config.js' --testMatch '**/test/step-definitions/**/*.step.ts'",
     "test:coverage": "jest --coverage --coverageThreshold='{}'",
     "test:coverage-check": "jest --config './jest.coverage.config.js' --coverage",
     "test:integration": "jest --config './jest.integration.config.js' --runInBand --testMatch '**/test/integration/**/*.(test|spec).ts'",
-    "test:junit": "jest --reporters=default --reporters=jest-junit",
-    "test:unit": "jest --testMatch '**/test/unit/**/*.(test|spec).ts'",
+    "test:junit": "jest --reporters=default --reporters=jest-junit --runInBand",
+    "test:unit": "jest --testMatch '**/test/unit/**/*.(test|spec).ts' --runInBand",
     "watch": "tsc -w",
     "migrate": "run-s migrate:latest seed:run",
     "migrate:latest": "knex $npm_package_config_knex migrate:latest",
@@ -69,71 +69,71 @@
   "homepage": "https://github.com/mojaloop/auth-service#readme",
   "devDependencies": {
     "@commitlint/cli": "^9.1.2",
-    "@commitlint/config-conventional": "^9.1.1",
-    "@redocly/openapi-cli": "^1.0.0-beta.32",
-    "@mojaloop/api-snippets": "^12.1.2",
-    "@types/hapi": "^18.0.3",
+    "@commitlint/config-conventional": "^9.1.2",
+    "@mojaloop/api-snippets": "^12.3.5",
+    "@redocly/openapi-cli": "^1.0.0-beta.45",
+    "@types/hapi": "^18.0.5",
     "@types/hapi__hapi": "^19.0.3",
-    "@types/hapi__inert": "^5.2.0",
-    "@types/hapi__vision": "^5.5.1",
+    "@types/hapi__inert": "^5.2.2",
+    "@types/hapi__vision": "^5.5.2",
     "@types/jest": "25.2.2",
-    "@types/node": "^14.0.20",
+    "@types/node": "^14.14.44",
     "@types/rc": "^1.1.0",
-    "@typescript-eslint/eslint-plugin": "^4.15.1",
-    "@typescript-eslint/parser": "^4.15.1",
+    "@typescript-eslint/eslint-plugin": "^4.23.0",
+    "@typescript-eslint/parser": "^4.23.0",
     "add": "^2.0.6",
     "axios": "^0.19.2",
     "eslint": "7.20.0",
+    "eslint-config-prettier": "7.1.0",
     "eslint-config-standard": "16.0.2",
     "eslint-import-resolver-typescript": "^2.4.0",
     "eslint-plugin-cucumber": "^1.4.0",
     "eslint-plugin-import": "2.22.1",
     "eslint-plugin-node": "11.1.0",
+    "eslint-plugin-prettier": "^3.4.0",
     "eslint-plugin-promise": "4.3.1",
     "eslint-plugin-standard": "4.1.0",
-    "eslint-config-prettier": "7.1.0",
-    "eslint-plugin-prettier": "^3.1.4",
-    "husky": "^4.2.5",
+    "husky": "^4.3.8",
     "jest": "26.0.1",
     "jest-cucumber": "^2.0.11",
     "jest-junit": "10.0.0",
-    "lint-staged": "^10.2.3",
+    "lint-staged": "^10.5.4",
     "multi-file-swagger": "^2.3.0",
-    "nodemon": "^2.0.4",
+    "nodemon": "^2.0.7",
     "npm-audit-resolver": "2.2.0",
     "npm-check-updates": "6.0.0",
     "source-map-support": "0.5.12",
     "standard-version": "^8.0.2",
     "swagger-cli": "^4.0.4",
-    "ts-jest": "^26.0.0",
+    "ts-jest": "^26.5.6",
     "tsconfig-paths": "^3.9.0",
     "typescript": "3.9.2"
   },
   "dependencies": {
-    "@hapi/boom": "^9.1.0",
-    "@hapi/good": "^9.0.0",
+    "@hapi/boom": "^9.1.2",
+    "@hapi/good": "^9.0.1",
     "@hapi/hapi": "^19.1.1",
-    "@hapi/inert": "^6.0.1",
+    "@hapi/inert": "^6.0.3",
     "@hapi/vision": "^6.0.0",
     "@mojaloop/central-services-error-handling": "^10.6.0",
     "@mojaloop/central-services-health": "^10.6.0",
-    "@mojaloop/central-services-shared": "^11.0.0",
-    "@mojaloop/sdk-standard-components": "^12.0.1",
-    "@types/convict": "^5.2.1",
-    "babel-jest": "^26.1.0",
-    "blipp": "^4.0.1",
+    "@mojaloop/central-services-shared": "^11.7.2",
+    "@mojaloop/sdk-standard-components": "^12.1.1",
+    "@types/convict": "^5.2.2",
+    "babel-jest": "^26.6.3",
+    "blipp": "^4.0.2",
     "commander": "^5.1.0",
-    "convict": "^6.0.0",
-    "dot-prop": "^5.2.0",
+    "convict": "^6.1.0",
+    "dot-prop": "^5.3.0",
     "hapi-openapi": "^2.0.2",
     "hapi-swagger": "^13.0.1",
-    "knex": "^0.21.1",
+    "knex": "^0.21.19",
     "mysql": "^2.18.1",
     "npm-run-all": "^4.1.5",
     "parse-strings-in-object": "^2.0.0",
     "path": "^0.12.7",
     "rc": "^1.2.8",
     "sqlite3": "^4.2.0",
-    "ts-node": "^8.3.0"
+    "ts-node": "^8.10.2"
   }
 }

src/cli.ts

@@ -30,13 +30,18 @@ import { Command } from 'commander'
 
 // handle script parameters
 const program = new Command(PACKAGE.name)
-program
-  .version(PACKAGE.version)
-  .description('auth-service cli')
-  .option('-p, --port <number>', 'listen on port', Config.PORT.toString())
-  .option('-H, --host <string>', 'listen on host', Config.HOST)
-  .parse(process.argv)
-
+// when unit tests are run commander runs process.exit on unknown option in jest's command line
+program.exitOverride()
+try {
+  program
+    .version(PACKAGE.version)
+    .description('auth-service cli')
+    .option('-p, --port <number>', 'listen on port', Config.PORT.toString())
+    .option('-H, --host <string>', 'listen on host', Config.HOST)
+    .parse(process.argv)
+} catch (err) {
+  console.error(err)
+}
 // overload Config with script parameters
 Config.PORT = program.port
 Config.HOST = program.host

src/server/handlers/consents.ts

@@ -33,12 +33,8 @@ import { Context } from '../plugins'
 import {
   thirdparty as tpAPI
 } from '@mojaloop/api-snippets'
-import {
-  createAndStoreConsent
-} from '~/domain/consents'
-import {
-  putConsentError
-} from '~/domain/errors'
+import { createAndStoreConsent } from '~/domain/consents'
+import { putConsentError } from '~/domain/errors'
 
 /** The HTTP request `POST /consents` is used to create a consent object.
  * Called by `DFSP` after the successful creation and

src/server/plugins/openAPI.ts

@@ -37,7 +37,7 @@ async function initialize (): Promise<ServerRegisterPluginObject<any>> {
       name: 'openapi',
       version: '1.0.0',
       multiple: true,
-      register: function (server: Server, options: {[index: string]: string | object}): void {
+      register: function (server: Server, options: {[index: string]: string | Record<string, unknown>}): void {
         server.expose('openapi', options.openapi)
       }
     },

src/shared/__mocks__/logger.ts

@@ -27,14 +27,10 @@
 
 import { Logger as SDKLogger } from '@mojaloop/sdk-standard-components'
 
-const mockLog = jest.fn()
-const mockError = jest.fn()
-const mockInfo = jest.fn()
-
 export const logger: SDKLogger.Logger = {
-  log: mockLog,
-  error: mockError,
-  info: mockInfo,
+  log: jest.fn((): SDKLogger.Logger => logger),
+  error: jest.fn((): SDKLogger.Logger => logger),
+  info: jest.fn((): SDKLogger.Logger => logger),
   push: jest.fn((): SDKLogger.Logger => logger)
 } as unknown as SDKLogger.Logger
 

test/unit/index-validation.test.ts

@@ -0,0 +1,176 @@
+/*****
+ License
+ --------------
+ Copyright © 2020 Mojaloop Foundation
+ The Mojaloop files are made available by the Mojaloop Foundation under the Apache License, Version 2.0 (the "License") and you may not use these files except in compliance with the License. You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, the Mojaloop files are distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
+ Contributors
+ --------------
+ This is the official list of the Mojaloop project contributors for this file.
+ Names of the original copyright holders (individuals or organizations)
+ should be listed with a '*' in the first column. People who have
+ contributed from an organization can be listed under the organization
+ that actually holds the copyright for their contributions (see the
+ Gates Foundation organization for an example). Those individuals should have
+ their names indented and be marked with a '-'. Email address can be added
+ optionally within square brackets <email>.
+
+ * Lewis Daly <[email protected]>
+ * Paweł Marzec <[email protected]>
+ --------------
+ ******/
+
+import index from '~/index'
+import Config from '~/shared/config'
+import { Server, Request, ResponseToolkit } from '@hapi/hapi'
+import { Context } from '~/server/plugins'
+
+// Import handlers for mocking
+import Handlers from '~/server/handlers'
+
+// Mock data
+import MockConsentData from '../data/mockConsent.json'
+import MockUpdateConsentReq from '../data/mockUpdatedConsent.json'
+import MockThirdPartyAuthorizationReq from '../data/mockThirdPartyReqAuth.json'
+import Headers from '../data/headers.json'
+
+jest.mock('~/shared/logger')
+
+describe('index', (): void => {
+  it('should have proper layout', (): void => {
+    expect(typeof index.server).toBeDefined()
+    expect(typeof index.server.run).toEqual('function')
+  })
+})
+
+describe('api routes', (): void => {
+  let server: Server
+
+  beforeAll(async (): Promise<void> => {
+    server = await index.server.run(Config)
+  })
+
+  afterAll(async (done): Promise<void> => {
+    server.events.on('stop', done)
+    await server.stop({ timeout: 0 })
+  })
+
+  describe('Endpoint: /consents', (): void => {
+    it('schema validation - missing fields', async (): Promise<void> => {
+      const mockPostConsents = jest.spyOn(Handlers, 'PostConsents')
+      mockPostConsents.mockImplementationOnce(
+        (_context: Context, _req: Request, h: ResponseToolkit) => Promise.resolve(h.response().code(202))
+      )
+
+      const payloadMissingId = Object.assign({}, MockConsentData.payload)
+      delete (payloadMissingId as Record<string, unknown>).consentId
+
+      const request = {
+        method: 'POST',
+        url: '/consents',
+        headers: Headers,
+        payload: payloadMissingId
+      }
+
+      const expected = {
+        errorInformation: {
+          errorCode: '3102',
+          errorDescription: 'Missing mandatory element - /requestBody must have required property \'consentId\''
+        }
+      }
+
+      const response = await server.inject(request)
+      expect(response.statusCode).toBe(400)
+      expect(response.result).toStrictEqual(expected)
+    })
+  })
+
+  describe('Endpoint: /consents/{ID}', (): void => {
+    it('schema validation - missing fields', async (): Promise<void> => {
+      const mockUpdateConsent = jest.spyOn(Handlers, 'UpdateConsent')
+      mockUpdateConsent.mockImplementationOnce(
+        (_context: Context, _req: Request, h: ResponseToolkit) => Promise.resolve(h.response().code(202))
+      )
+
+      const payloadMissingCredential = Object.assign({}, MockUpdateConsentReq.payload)
+      delete (payloadMissingCredential as Record<string, unknown>).credential
+
+      const request = {
+        method: 'PUT',
+        url: '/consents/b51ec534-ee48-4575-b6a9-ead2955b8069',
+        headers: Headers,
+        payload: payloadMissingCredential
+      }
+
+      const expected = {
+        errorInformation: {
+          errorCode: '3102',
+          errorDescription: 'Missing mandatory element - /requestBody must have required property \'credential\''
+        }
+      }
+
+      const response = await server.inject(request)
+      expect(response.statusCode).toBe(400)
+      expect(response.result).toStrictEqual(expected)
+    })
+  })
+
+  describe('Endpoint: /thirdpartyRequests/transactions/{ID}/authorizations', (): void => {
+    it('schema validation - missing fields', async (): Promise<void> => {
+      const mockThirdPartyAuthorizations = jest.spyOn(Handlers, 'VerifyThirdPartyAuthorization')
+      mockThirdPartyAuthorizations.mockImplementationOnce(
+        (_context: Context, _req: Request, h: ResponseToolkit) => h.response().code(202)
+      )
+
+      const payloadMissingChallenge = Object.assign({}, MockThirdPartyAuthorizationReq.payload)
+      delete (payloadMissingChallenge as Record<string, unknown>).challenge
+
+      const request = {
+        method: 'POST',
+        url: '/thirdpartyRequests/transactions/123/authorizations',
+        headers: Headers,
+        payload: payloadMissingChallenge
+      }
+
+      const expected = {
+        errorInformation: {
+          errorCode: '3102',
+          errorDescription: 'Missing mandatory element - /requestBody must have required property \'challenge\''
+        }
+      }
+
+      const response = await server.inject(request)
+      expect(response.result).toStrictEqual(expected)
+      expect(response.statusCode).toBe(400)
+    })
+
+    it('schema validation - status !== PENDING results in 400', async (): Promise<void> => {
+      const mockThirdPartyAuthorizations = jest.spyOn(Handlers, 'VerifyThirdPartyAuthorization')
+      mockThirdPartyAuthorizations.mockImplementationOnce(
+        (_context: Context, _req: Request, h: ResponseToolkit) => h.response().code(202)
+      )
+
+      const payloadWithActiveStatus = Object.assign({}, MockThirdPartyAuthorizationReq.payload)
+      payloadWithActiveStatus.status = 'ACTIVE'
+
+      const request = {
+        method: 'POST',
+        url: '/thirdpartyRequests/transactions/123/authorizations',
+        headers: Headers,
+        payload: payloadWithActiveStatus
+      }
+
+      const expected = {
+        errorInformation: {
+          errorCode: '3100',
+          errorDescription: 'Generic validation error - /requestBody/status must be equal to one of the allowed values'
+        }
+      }
+
+      const response = await server.inject(request)
+      expect(response.result).toStrictEqual(expected)
+      expect(response.statusCode).toBe(400)
+    })
+  })
+})