msw/user: Implement PUT /api/v1/users/:id endpoint

Author: Turbo87

packages/crates-io-msw/handlers/index.js

@@ -1,4 +1,4 @@
 import { siteMetadata } from './metadata.js';
-import { findUser } from './users.js';
+import { findUser, updateUser } from './users.js';
 
-export const handlers = [siteMetadata, findUser];
+export const handlers = [siteMetadata, findUser, updateUser];

packages/crates-io-msw/handlers/users.js

@@ -1,6 +1,7 @@
 import { http, HttpResponse } from 'msw';
 
 import { db } from '../db.js';
+import { getSession } from '../utils/session.js';
 import { underscore } from '../utils/strings.js';
 import { notFound } from './-utils.js';
 
@@ -15,6 +16,48 @@ export const findUser = http.get('/api/v1/users/:login', ({ params }) => {
   return HttpResponse.json({ user: serializeUser(user) });
 });
 
+export const updateUser = http.put('/api/v1/users/:id', async ({ params, request }) => {
+  let { user } = getSession(db);
+  if (!user) {
+    // unfortunately, it's hard to tell from the Rust code if this is the correct response
+    // in this case, but since it's used elsewhere I will assume for now that it's correct.
+    return HttpResponse.json({ errors: [{ detail: 'must be logged in to perform that action' }] }, { status: 403 });
+  }
+
+  if (user.id.toString() !== params.id) {
+    return HttpResponse.json({ errors: [{ detail: 'current user does not match requested user' }] }, { status: 400 });
+  }
+
+  let json = await request.json();
+  if (!json || !json.user) {
+    return HttpResponse.json({ errors: [{ detail: 'invalid json request' }] }, { status: 400 });
+  }
+
+  if (json.user.publish_notifications !== undefined) {
+    db.user.update({
+      where: { id: { equals: user.id } },
+      data: { publishNotifications: json.user.publish_notifications },
+    });
+  }
+
+  if (json.user.email !== undefined) {
+    if (!json.user.email) {
+      return HttpResponse.json({ errors: [{ detail: 'empty email rejected' }] }, { status: 400 });
+    }
+
+    db.user.update({
+      where: { id: { equals: user.id } },
+      data: {
+        email: json.user.email,
+        emailVerified: false,
+        emailVerificationToken: 'secret123',
+      },
+    });
+  }
+
+  return HttpResponse.json({ ok: true });
+});
+
 function serializeUser(user) {
   user = serializeModel(user);
 

packages/crates-io-msw/handlers/users/update-by-id.test.ts

@@ -0,0 +1,85 @@
+import { describe, test } from 'vitest';
+
+import { db } from '../../db.js';
+
+describe('PUT /api/v1/users/:id', () => {
+  test('updates the user with a new email address', async ({ expect }) => {
+    let user = db.user.create({ email: '[email protected]' });
+    db.mswSession.create({ user });
+
+    let body = JSON.stringify({ user: { email: '[email protected]' } });
+    let response = await fetch(`/api/v1/users/${user.id}`, { method: 'PUT', body });
+    expect(response.status).toBe(200);
+    expect(await response.json()).toEqual({ ok: true });
+
+    user = db.user.findFirst({ where: { id: user.id } });
+    expect(user.email).toBe('[email protected]');
+    expect(user.emailVerified).toBe(false);
+    expect(user.emailVerificationToken).toBe('secret123');
+  });
+
+  test('updates the `publish_notifications` settings', async ({ expect }) => {
+    let user = db.user.create();
+    db.mswSession.create({ user });
+    expect(user.publishNotifications).toBe(true);
+
+    let body = JSON.stringify({ user: { publish_notifications: false } });
+    let response = await fetch(`/api/v1/users/${user.id}`, { method: 'PUT', body });
+    expect(response.status).toBe(200);
+    expect(await response.json()).toEqual({ ok: true });
+
+    user = db.user.findFirst({ where: { id: user.id } });
+    expect(user.publishNotifications).toBe(false);
+  });
+
+  test('returns 403 when not logged in', async ({ expect }) => {
+    let user = db.user.create({ email: '[email protected]' });
+
+    let body = JSON.stringify({ user: { email: '[email protected]' } });
+    let response = await fetch(`/api/v1/users/${user.id}`, { method: 'PUT', body });
+    expect(response.status).toBe(403);
+    expect(await response.json()).toEqual({ errors: [{ detail: 'must be logged in to perform that action' }] });
+
+    user = db.user.findFirst({ where: { id: user.id } });
+    expect(user.email).toBe('[email protected]');
+  });
+
+  test('returns 400 when requesting the wrong user id', async ({ expect }) => {
+    let user = db.user.create({ email: '[email protected]' });
+    db.mswSession.create({ user });
+
+    let body = JSON.stringify({ user: { email: '[email protected]' } });
+    let response = await fetch(`/api/v1/users/wrong-id`, { method: 'PUT', body });
+    expect(response.status).toBe(400);
+    expect(await response.json()).toEqual({ errors: [{ detail: 'current user does not match requested user' }] });
+
+    user = db.user.findFirst({ where: { id: user.id } });
+    expect(user.email).toBe('[email protected]');
+  });
+
+  test('returns 400 when sending an invalid payload', async ({ expect }) => {
+    let user = db.user.create({ email: '[email protected]' });
+    db.mswSession.create({ user });
+
+    let body = JSON.stringify({});
+    let response = await fetch(`/api/v1/users/${user.id}`, { method: 'PUT', body });
+    expect(response.status).toBe(400);
+    expect(await response.json()).toEqual({ errors: [{ detail: 'invalid json request' }] });
+
+    user = db.user.findFirst({ where: { id: user.id } });
+    expect(user.email).toBe('[email protected]');
+  });
+
+  test('returns 400 when sending an empty email address', async ({ expect }) => {
+    let user = db.user.create({ email: '[email protected]' });
+    db.mswSession.create({ user });
+
+    let body = JSON.stringify({ user: { email: '' } });
+    let response = await fetch(`/api/v1/users/${user.id}`, { method: 'PUT', body });
+    expect(response.status).toBe(400);
+    expect(await response.json()).toEqual({ errors: [{ detail: 'empty email rejected' }] });
+
+    user = db.user.findFirst({ where: { id: user.id } });
+    expect(user.email).toBe('[email protected]');
+  });
+});