admin/PolyMPR
1
0
Fork 0
Code Issues 14 Pull Requests 1 Actions Packages Projects 1 Releases Wiki Activity

test : changed test format + added playwright support
Check Deno code / Check Deno code (pull_request) Has been cancelled
Details
Tests / Unit tests (pull_request) Has been cancelled
Details
Tests / Integration tests (pull_request) Has been cancelled
Details
Check Deno code / Check Deno code (push) Has been cancelled
Details
Tests / Unit tests (push) Has been cancelled
Details
Tests / Integration tests (push) Has been cancelled
Details

Browse Source
This commit was merged in pull request #153.
This commit is contained in:
Djalim Simaila
2026-05-03 21:52:02 +02:00
parent ed2fe69f54
commit 951c9c1fea
52 changed files with 3576 additions and 5212 deletions
Download Patch File Download Diff File Expand all files Collapse all files
tests/e2e/.gitkeep
View File
tests/e2e/ajustements_test.ts
-349
View File
@@ -1,349 +0,0 @@
// E2E tests for /ajustements endpoints — handler + real DB
import { assertEquals, assertExists } from "@std/assert";
import {
makeContextWithAffiliation,
makeEmployeeContext,
makeGetRequest,
makeJsonRequest,
} from "../helpers/handler.ts";
import {
seedAjustements,
seedPromotions,
seedStudents,
seedUes,
truncateAll,
} from "../helpers/db_integration.ts";
import { handler as ajustementsHandler } from "$apps/notes/api/ajustements.ts";
import { handler as ajustementHandler } from "$apps/notes/api/ajustements/[numEtud]/[idUE].ts";
import { ajustements as ajustementsTable } from "$root/databases/schema.ts";
import { testDb } from "../helpers/db_integration.ts";
// --- GET /ajustements ---
Deno.test({
name: "e2e ajustements: GET /ajustements returns all",
async fn() {
await truncateAll();
await seedPromotions([{ id: "P1" }]);
const [s] = await seedStudents([{
nom: "Dupont",
prenom: "Jean",
idPromo: "P1",
}]);
const [ue] = await seedUes([{ nom: "UE Info" }]);
await seedAjustements([{ numEtud: s.numEtud, idUE: ue.id, valeur: 13.0 }]);
const res = await ajustementsHandler.GET!(
makeGetRequest("/ajustements"),
makeEmployeeContext(),
);
assertEquals(res.status, 200);
const body = await res.json();
assertEquals(body.length, 1);
},
sanitizeResources: false,
sanitizeOps: false,
});
Deno.test({
name: "e2e ajustements: GET /ajustements?numEtud filters by student",
async fn() {
await truncateAll();
await seedPromotions([{ id: "P1" }]);
const [s1] = await seedStudents([{
nom: "Dupont",
prenom: "Jean",
idPromo: "P1",
}]);
const [s2] = await seedStudents([{
nom: "Martin",
prenom: "Alice",
idPromo: "P1",
}]);
const [ue] = await seedUes([{ nom: "UE Info" }]);
await seedAjustements([
{ numEtud: s1.numEtud, idUE: ue.id, valeur: 13.0 },
{ numEtud: s2.numEtud, idUE: ue.id, valeur: 15.0 },
]);
const res = await ajustementsHandler.GET!(
makeGetRequest("/ajustements", { numEtud: String(s1.numEtud) }),
makeEmployeeContext(),
);
assertEquals(res.status, 200);
const body = await res.json();
assertEquals(body.length, 1);
assertEquals(body[0].numEtud, s1.numEtud);
},
sanitizeResources: false,
sanitizeOps: false,
});
Deno.test({
name: "e2e ajustements: GET /ajustements?numEtud=NaN returns 400",
async fn() {
await truncateAll();
const res = await ajustementsHandler.GET!(
makeGetRequest("/ajustements", { numEtud: "abc" }),
makeEmployeeContext(),
);
assertEquals(res.status, 400);
},
sanitizeResources: false,
sanitizeOps: false,
});
// --- POST /ajustements ---
Deno.test({
name:
"e2e ajustements: POST /ajustements creates ajustement (201) as employee",
async fn() {
await truncateAll();
await seedPromotions([{ id: "P1" }]);
const [s] = await seedStudents([{
nom: "Leroy",
prenom: "Paul",
idPromo: "P1",
}]);
const [ue] = await seedUes([{ nom: "UE Info" }]);
const res = await ajustementsHandler.POST!(
makeJsonRequest("/ajustements", "POST", {
numEtud: s.numEtud,
idUE: ue.id,
valeur: 14.5,
}),
makeEmployeeContext(),
);
assertEquals(res.status, 201);
const body = await res.json();
assertExists(body.numEtud);
assertEquals(body.valeur, 14.5);
},
sanitizeResources: false,
sanitizeOps: false,
});
Deno.test({
name: "e2e ajustements: POST /ajustements 403 for non-employee",
async fn() {
await truncateAll();
const res = await ajustementsHandler.POST!(
makeJsonRequest("/ajustements", "POST", {
numEtud: 1,
idUE: 1,
valeur: 10.0,
}),
makeContextWithAffiliation("student"),
);
assertEquals(res.status, 403);
},
sanitizeResources: false,
sanitizeOps: false,
});
Deno.test({
name: "e2e ajustements: POST /ajustements 400 on missing fields",
async fn() {
await truncateAll();
const res = await ajustementsHandler.POST!(
makeJsonRequest("/ajustements", "POST", { numEtud: 12345 }),
makeEmployeeContext(),
);
assertEquals(res.status, 400);
},
sanitizeResources: false,
sanitizeOps: false,
});
// --- GET /ajustements/:numEtud/:idUE ---
Deno.test({
name:
"e2e ajustements: GET /ajustements/:numEtud/:idUE returns correct ajustement (employee)",
async fn() {
await truncateAll();
await seedPromotions([{ id: "P1" }]);
const [s1, s2] = await seedStudents([
{ nom: "Bernard", prenom: "Lucie", idPromo: "P1" },
{ nom: "Dupont", prenom: "Jean", idPromo: "P1" },
]);
const [ue1, ue2] = await seedUes([{ nom: "UE Maths" }, { nom: "UE Info" }]);
// Plusieurs lignes partageant numEtud=s1 — le handler doit discriminer par idUE
await seedAjustements([
{ numEtud: s1.numEtud, idUE: ue1.id, valeur: 16.0 },
{ numEtud: s1.numEtud, idUE: ue2.id, valeur: 8.0 },
{ numEtud: s2.numEtud, idUE: ue1.id, valeur: 12.0 },
]);
const res = await ajustementHandler.GET!(
makeGetRequest(`/ajustements/${s1.numEtud}/${ue1.id}`),
makeEmployeeContext({
numEtud: String(s1.numEtud),
idUE: String(ue1.id),
}),
);
assertEquals(res.status, 200);
const body = await res.json();
assertEquals(body.valeur, 16.0);
assertEquals(body.numEtud, s1.numEtud);
},
sanitizeResources: false,
sanitizeOps: false,
});
Deno.test({
name: "e2e ajustements: GET /ajustements/:numEtud/:idUE 403 for non-employee",
async fn() {
await truncateAll();
const res = await ajustementHandler.GET!(
makeGetRequest("/ajustements/1/1"),
makeContextWithAffiliation("student", { numEtud: "1", idUE: "1" }),
);
assertEquals(res.status, 403);
},
sanitizeResources: false,
sanitizeOps: false,
});
Deno.test({
name: "e2e ajustements: GET /ajustements/:numEtud/:idUE 404 when not found",
async fn() {
await truncateAll();
const res = await ajustementHandler.GET!(
makeGetRequest("/ajustements/99999/99"),
makeEmployeeContext({ numEtud: "99999", idUE: "99" }),
);
assertEquals(res.status, 404);
},
sanitizeResources: false,
sanitizeOps: false,
});
// --- PUT /ajustements/:numEtud/:idUE ---
Deno.test({
name:
"e2e ajustements: PUT /ajustements/:numEtud/:idUE updates only targeted row (employee)",
async fn() {
await truncateAll();
await seedPromotions([{ id: "P1" }]);
const [s] = await seedStudents([{
nom: "Thomas",
prenom: "Eva",
idPromo: "P1",
}]);
const [ue1, ue2] = await seedUes([{ nom: "UE Physique" }, {
nom: "UE Chimie",
}]);
// Deux ajustements pour le même étudiant — seul ue1 doit être modifié
await seedAjustements([
{ numEtud: s.numEtud, idUE: ue1.id, valeur: 10.0 },
{ numEtud: s.numEtud, idUE: ue2.id, valeur: 7.0 },
]);
const res = await ajustementHandler.PUT!(
makeJsonRequest(`/ajustements/${s.numEtud}/${ue1.id}`, "PUT", {
valeur: 19.0,
}),
makeEmployeeContext({ numEtud: String(s.numEtud), idUE: String(ue1.id) }),
);
assertEquals(res.status, 200);
const body = await res.json();
assertEquals(body.valeur, 19.0);
// ue2 doit rester intact
const unchanged = await testDb.select().from(ajustementsTable);
const ue2Row = unchanged.find((a) => a.idUE === ue2.id);
assertEquals(ue2Row?.valeur, 7.0);
},
sanitizeResources: false,
sanitizeOps: false,
});
Deno.test({
name: "e2e ajustements: PUT /ajustements/:numEtud/:idUE 403 for non-employee",
async fn() {
await truncateAll();
const res = await ajustementHandler.PUT!(
makeJsonRequest("/ajustements/1/1", "PUT", { valeur: 10.0 }),
makeContextWithAffiliation("student", { numEtud: "1", idUE: "1" }),
);
assertEquals(res.status, 403);
},
sanitizeResources: false,
sanitizeOps: false,
});
Deno.test({
name: "e2e ajustements: PUT /ajustements/:numEtud/:idUE 404 when not found",
async fn() {
await truncateAll();
const res = await ajustementHandler.PUT!(
makeJsonRequest("/ajustements/99999/99", "PUT", { valeur: 10.0 }),
makeEmployeeContext({ numEtud: "99999", idUE: "99" }),
);
assertEquals(res.status, 404);
},
sanitizeResources: false,
sanitizeOps: false,
});
// --- DELETE /ajustements/:numEtud/:idUE ---
Deno.test({
name:
"e2e ajustements: DELETE /ajustements/:numEtud/:idUE deletes only targeted row (employee)",
async fn() {
await truncateAll();
await seedPromotions([{ id: "P1" }]);
const [s] = await seedStudents([{
nom: "Petit",
prenom: "Hugo",
idPromo: "P1",
}]);
const [ue1, ue2] = await seedUes([{ nom: "UE Chimie" }, { nom: "UE Bio" }]);
// Deux ajustements pour le même étudiant — seul ue1 doit être supprimé
await seedAjustements([
{ numEtud: s.numEtud, idUE: ue1.id, valeur: 11.0 },
{ numEtud: s.numEtud, idUE: ue2.id, valeur: 14.0 },
]);
const res = await ajustementHandler.DELETE!(
makeGetRequest(`/ajustements/${s.numEtud}/${ue1.id}`),
makeEmployeeContext({ numEtud: String(s.numEtud), idUE: String(ue1.id) }),
);
assertEquals(res.status, 204);
// ue2 doit toujours exister
const remaining = await testDb.select().from(ajustementsTable);
assertEquals(remaining.length, 1);
assertEquals(remaining[0].idUE, ue2.id);
},
sanitizeResources: false,
sanitizeOps: false,
});
Deno.test({
name:
"e2e ajustements: DELETE /ajustements/:numEtud/:idUE 403 for non-employee",
async fn() {
await truncateAll();
const res = await ajustementHandler.DELETE!(
makeGetRequest("/ajustements/1/1"),
makeContextWithAffiliation("student", { numEtud: "1", idUE: "1" }),
);
assertEquals(res.status, 403);
},
sanitizeResources: false,
sanitizeOps: false,
});
Deno.test({
name:
"e2e ajustements: DELETE /ajustements/:numEtud/:idUE 404 when not found",
async fn() {
await truncateAll();
const res = await ajustementHandler.DELETE!(
makeGetRequest("/ajustements/99999/99"),
makeEmployeeContext({ numEtud: "99999", idUE: "99" }),
);
assertEquals(res.status, 404);
},
sanitizeResources: false,
sanitizeOps: false,
});
tests/e2e/basic_test.ts
+75
View File
@@ -0,0 +1,75 @@
import { chromium, Browser, Page } from "npm:playwright";
import { assertEquals } from "@std/assert";
const BASE_URL = Deno.env.get("BASE_URL") || "http://localhost:8000";
Deno.test({
name: "E2E: Guest navigation flow",
async fn() {
const browser: Browser = await chromium.launch({
args: ["--no-sandbox", "--disable-setuid-sandbox"],
});
const context = await browser.newContext();
const page: Page = await context.newPage();
try {
// 1. Home page
console.log(`Navigating to ${BASE_URL}...`);
await page.goto(BASE_URL);
const title = await page.innerText("h2");
assertEquals(title, "PolyMPR");
const loginLink = await page.getAttribute("a[href='/login']", "href");
assertEquals(loginLink, "/login");
// 2. Click login
await page.click("text=Se connecter");
await page.waitForURL("**/login**");
console.log("Reached login page.");
} finally {
await browser.close();
}
},
// On ignore si le serveur n'est pas joignable (hors CI)
ignore: Deno.env.get("CI") === undefined && !(await isServerUp()),
});
Deno.test({
name: "E2E: App Dashboard accessibility (requires login)",
async fn() {
const browser: Browser = await chromium.launch({
args: ["--no-sandbox", "--disable-setuid-sandbox"],
});
const page: Page = await browser.newPage();
try {
// Tenter d'accéder à /apps sans être connecté
await page.goto(`${BASE_URL}/apps`);
// On devrait être redirigé vers /login ou voir un message d'erreur
const url = page.url();
if (url.includes("/login")) {
console.log("Correctly redirected to login.");
} else {
// Si ton middleware ne redirige pas mais affiche une erreur
const body = await page.innerText("body");
console.log("Landing page url:", url);
}
} finally {
await browser.close();
}
},
ignore: Deno.env.get("CI") === undefined && !(await isServerUp()),
});
async function isServerUp() {
try {
const res = await fetch(BASE_URL);
await res.body?.cancel();
return res.ok;
} catch {
return false;
}
}
tests/e2e/enseignements_test.ts
-240
View File
@@ -1,240 +0,0 @@
// E2E tests for /enseignements endpoints — handler + real DB
import { assertEquals, assertExists } from "@std/assert";
import {
makeContextWithAffiliation,
makeEmployeeContext,
makeGetRequest,
makeJsonRequest,
} from "../helpers/handler.ts";
import {
seedEnseignements,
seedModules,
seedPromotions,
seedUsers,
truncateAll,
} from "../helpers/db_integration.ts";
import { handler as enseignementsHandler } from "$apps/admin/api/enseignements.ts";
import { handler as enseignementHandler } from "$apps/admin/api/enseignements/[idProf]/[idModule]/[idPromo].ts";
// --- POST /enseignements ---
Deno.test({
name:
"e2e enseignements: POST /enseignements creates enseignement (201) as employee",
async fn() {
await truncateAll();
await seedUsers([{ id: "prof.dupont", nom: "Dupont", prenom: "Jean" }]);
await seedModules([{ id: "M1", nom: "Mod A" }]);
await seedPromotions([{ id: "P1" }]);
const res = await enseignementsHandler.POST!(
makeJsonRequest("/enseignements", "POST", {
idProf: "prof.dupont",
idModule: "M1",
idPromo: "P1",
}),
makeEmployeeContext(),
);
assertEquals(res.status, 201);
const body = await res.json();
assertExists(body.idProf);
assertEquals(body.idModule, "M1");
},
sanitizeResources: false,
sanitizeOps: false,
});
Deno.test({
name: "e2e enseignements: POST /enseignements 403 for non-employee",
async fn() {
await truncateAll();
const res = await enseignementsHandler.POST!(
makeJsonRequest("/enseignements", "POST", {
idProf: "p",
idModule: "M1",
idPromo: "P1",
}),
makeContextWithAffiliation("student"),
);
assertEquals(res.status, 403);
},
sanitizeResources: false,
sanitizeOps: false,
});
Deno.test({
name: "e2e enseignements: POST /enseignements 400 on missing fields",
async fn() {
await truncateAll();
const res = await enseignementsHandler.POST!(
makeJsonRequest("/enseignements", "POST", { idProf: "prof.dupont" }),
makeEmployeeContext(),
);
assertEquals(res.status, 400);
},
sanitizeResources: false,
sanitizeOps: false,
});
Deno.test({
name: "e2e enseignements: POST /enseignements 409 on duplicate",
async fn() {
await truncateAll();
await seedUsers([{ id: "prof.dupont", nom: "Dupont", prenom: "Jean" }]);
await seedModules([{ id: "M1", nom: "Mod A" }]);
await seedPromotions([{ id: "P1" }]);
await seedEnseignements([{
idProf: "prof.dupont",
idModule: "M1",
idPromo: "P1",
}]);
const res = await enseignementsHandler.POST!(
makeJsonRequest("/enseignements", "POST", {
idProf: "prof.dupont",
idModule: "M1",
idPromo: "P1",
}),
makeEmployeeContext(),
);
assertEquals(res.status, 409);
},
sanitizeResources: false,
sanitizeOps: false,
});
// --- GET /enseignements/:idProf/:idModule/:idPromo ---
Deno.test({
name:
"e2e enseignements: GET /enseignements/:idProf/:idModule/:idPromo returns enseignement (employee)",
async fn() {
await truncateAll();
await seedUsers([{ id: "prof.dupont", nom: "Dupont", prenom: "Jean" }]);
await seedModules([{ id: "M1", nom: "Mod A" }]);
await seedPromotions([{ id: "P1" }]);
await seedEnseignements([{
idProf: "prof.dupont",
idModule: "M1",
idPromo: "P1",
}]);
const res = await enseignementHandler.GET!(
makeGetRequest("/enseignements/prof.dupont/M1/P1"),
makeEmployeeContext({
idProf: "prof.dupont",
idModule: "M1",
idPromo: "P1",
}),
);
assertEquals(res.status, 200);
const body = await res.json();
assertEquals(body.idProf, "prof.dupont");
assertEquals(body.idModule, "M1");
},
sanitizeResources: false,
sanitizeOps: false,
});
Deno.test({
name:
"e2e enseignements: GET /enseignements/:idProf/:idModule/:idPromo 403 for non-employee",
async fn() {
await truncateAll();
const res = await enseignementHandler.GET!(
makeGetRequest("/enseignements/p/M1/P1"),
makeContextWithAffiliation("student", {
idProf: "p",
idModule: "M1",
idPromo: "P1",
}),
);
assertEquals(res.status, 403);
},
sanitizeResources: false,
sanitizeOps: false,
});
Deno.test({
name:
"e2e enseignements: GET /enseignements/:idProf/:idModule/:idPromo 404 when not found",
async fn() {
await truncateAll();
const res = await enseignementHandler.GET!(
makeGetRequest("/enseignements/ghost/GHOST/GHOST"),
makeEmployeeContext({
idProf: "ghost",
idModule: "GHOST",
idPromo: "GHOST",
}),
);
assertEquals(res.status, 404);
},
sanitizeResources: false,
sanitizeOps: false,
});
// --- DELETE /enseignements/:idProf/:idModule/:idPromo ---
Deno.test({
name:
"e2e enseignements: DELETE /enseignements/:idProf/:idModule/:idPromo returns 204 (employee)",
async fn() {
await truncateAll();
await seedUsers([{ id: "prof.dupont", nom: "Dupont", prenom: "Jean" }]);
await seedModules([{ id: "M1", nom: "Mod A" }]);
await seedPromotions([{ id: "P1" }]);
await seedEnseignements([{
idProf: "prof.dupont",
idModule: "M1",
idPromo: "P1",
}]);
const res = await enseignementHandler.DELETE!(
makeGetRequest("/enseignements/prof.dupont/M1/P1"),
makeEmployeeContext({
idProf: "prof.dupont",
idModule: "M1",
idPromo: "P1",
}),
);
assertEquals(res.status, 204);
},
sanitizeResources: false,
sanitizeOps: false,
});
Deno.test({
name:
"e2e enseignements: DELETE /enseignements/:idProf/:idModule/:idPromo 403 for non-employee",
async fn() {
await truncateAll();
const res = await enseignementHandler.DELETE!(
makeGetRequest("/enseignements/p/M1/P1"),
makeContextWithAffiliation("student", {
idProf: "p",
idModule: "M1",
idPromo: "P1",
}),
);
assertEquals(res.status, 403);
},
sanitizeResources: false,
sanitizeOps: false,
});
Deno.test({
name:
"e2e enseignements: DELETE /enseignements/:idProf/:idModule/:idPromo 404 when not found",
async fn() {
await truncateAll();
const res = await enseignementHandler.DELETE!(
makeGetRequest("/enseignements/ghost/GHOST/GHOST"),
makeEmployeeContext({
idProf: "ghost",
idModule: "GHOST",
idPromo: "GHOST",
}),
);
assertEquals(res.status, 404);
},
sanitizeResources: false,
sanitizeOps: false,
});
tests/e2e/modules_test.ts
-210
View File
@@ -1,210 +0,0 @@
// #113 - E2E tests for /modules endpoints
import { assertEquals } from "@std/assert";
import {
makeContextWithAffiliation,
makeEmployeeContext,
makeGetRequest,
makeJsonRequest,
} from "../helpers/handler.ts";
import { seedModules, truncateAll } from "../helpers/db_integration.ts";
import { handler as modulesHandler } from "$apps/admin/api/modules.ts";
import { handler as moduleHandler } from "$apps/admin/api/modules/[idModule].ts";
// --- GET /modules ---
Deno.test({
name: "e2e modules: GET /modules returns all as employee",
async fn() {
await truncateAll();
await seedModules([{ id: "MATH101", nom: "Mathématiques" }, {
id: "INFO101",
nom: "Informatique",
}]);
const res = await modulesHandler.GET!(
makeGetRequest("/modules"),
makeEmployeeContext(),
);
assertEquals(res.status, 200);
const body = await res.json();
assertEquals(body.length, 2);
},
sanitizeResources: false,
sanitizeOps: false,
});
Deno.test({
name: "e2e modules: GET /modules returns all for non-employee",
async fn() {
await truncateAll();
await seedModules([{ id: "MATH101", nom: "Mathématiques" }]);
const res = await modulesHandler.GET!(
makeGetRequest("/modules"),
makeContextWithAffiliation("student"),
);
assertEquals(res.status, 200);
const body = await res.json();
assertEquals(body.length, 1);
},
sanitizeResources: false,
sanitizeOps: false,
});
// --- POST /modules ---
Deno.test({
name: "e2e modules: POST /modules creates module (201)",
async fn() {
await truncateAll();
const res = await modulesHandler.POST!(
makeJsonRequest("/modules", "POST", { id: "PHYS101", nom: "Physique" }),
makeEmployeeContext(),
);
assertEquals(res.status, 201);
const body = await res.json();
assertEquals(body.id, "PHYS101");
assertEquals(body.nom, "Physique");
},
sanitizeResources: false,
sanitizeOps: false,
});
Deno.test({
name: "e2e modules: POST /modules 409 on duplicate id",
async fn() {
await truncateAll();
await seedModules([{ id: "MATH101", nom: "Mathématiques" }]);
const res = await modulesHandler.POST!(
makeJsonRequest("/modules", "POST", { id: "MATH101", nom: "Doublon" }),
makeEmployeeContext(),
);
assertEquals(res.status, 409);
},
sanitizeResources: false,
sanitizeOps: false,
});
Deno.test({
name: "e2e modules: POST /modules 400 on missing fields",
async fn() {
await truncateAll();
const res = await modulesHandler.POST!(
makeJsonRequest("/modules", "POST", { id: "X" }),
makeEmployeeContext(),
);
assertEquals(res.status, 400);
},
sanitizeResources: false,
sanitizeOps: false,
});
Deno.test({
name: "e2e modules: POST /modules 403 for non-employee",
async fn() {
await truncateAll();
const res = await modulesHandler.POST!(
makeJsonRequest("/modules", "POST", { id: "X", nom: "Y" }),
makeContextWithAffiliation("student"),
);
assertEquals(res.status, 403);
},
sanitizeResources: false,
sanitizeOps: false,
});
// --- GET /modules/:id ---
Deno.test({
name: "e2e modules: GET /modules/:id returns module",
async fn() {
await truncateAll();
await seedModules([{ id: "ELEC201", nom: "Électronique" }]);
const res = await moduleHandler.GET!(
makeGetRequest("/modules/ELEC201"),
makeEmployeeContext({ idModule: "ELEC201" }),
);
assertEquals(res.status, 200);
const body = await res.json();
assertEquals(body.nom, "Électronique");
},
sanitizeResources: false,
sanitizeOps: false,
});
Deno.test({
name: "e2e modules: GET /modules/:id 404 when not found",
async fn() {
await truncateAll();
const res = await moduleHandler.GET!(
makeGetRequest("/modules/GHOST"),
makeEmployeeContext({ idModule: "GHOST" }),
);
assertEquals(res.status, 404);
},
sanitizeResources: false,
sanitizeOps: false,
});
// --- PUT /modules/:id ---
Deno.test({
name: "e2e modules: PUT /modules/:id updates nom",
async fn() {
await truncateAll();
await seedModules([{ id: "CHIM101", nom: "Chimie" }]);
const res = await moduleHandler.PUT!(
makeJsonRequest("/modules/CHIM101", "PUT", { nom: "Chimie organique" }),
makeEmployeeContext({ idModule: "CHIM101" }),
);
assertEquals(res.status, 200);
const body = await res.json();
assertEquals(body.nom, "Chimie organique");
},
sanitizeResources: false,
sanitizeOps: false,
});
Deno.test({
name: "e2e modules: PUT /modules/:id 404 when not found",
async fn() {
await truncateAll();
const res = await moduleHandler.PUT!(
makeJsonRequest("/modules/GHOST", "PUT", { nom: "X" }),
makeEmployeeContext({ idModule: "GHOST" }),
);
assertEquals(res.status, 404);
},
sanitizeResources: false,
sanitizeOps: false,
});
// --- DELETE /modules/:id ---
Deno.test({
name: "e2e modules: DELETE /modules/:id returns 204",
async fn() {
await truncateAll();
await seedModules([{ id: "BIO101", nom: "Biologie" }]);
const res = await moduleHandler.DELETE!(
makeGetRequest("/modules/BIO101"),
makeEmployeeContext({ idModule: "BIO101" }),
);
assertEquals(res.status, 204);
},
sanitizeResources: false,
sanitizeOps: false,
});
Deno.test({
name: "e2e modules: DELETE /modules/:id 404 when not found",
async fn() {
await truncateAll();
const res = await moduleHandler.DELETE!(
makeGetRequest("/modules/GHOST"),
makeEmployeeContext({ idModule: "GHOST" }),
);
assertEquals(res.status, 404);
},
sanitizeResources: false,
sanitizeOps: false,
});
tests/e2e/notes_test.ts
-283
View File
@@ -1,283 +0,0 @@
// E2E tests for /notes endpoints — handler + real DB
import { assertEquals, assertExists } from "@std/assert";
import {
makeEmployeeContext,
makeGetRequest,
makeJsonRequest,
} from "../helpers/handler.ts";
import {
seedModules,
seedNotes,
seedPromotions,
seedStudents,
truncateAll,
} from "../helpers/db_integration.ts";
import { handler as notesHandler } from "$apps/notes/api/notes.ts";
import { handler as noteHandler } from "$apps/notes/api/notes/[numEtud]/[idModule].ts";
// --- GET /notes ---
Deno.test({
name: "e2e notes: GET /notes returns all notes",
async fn() {
await truncateAll();
await seedPromotions([{ id: "P1" }]);
const [s] = await seedStudents([{
nom: "Dupont",
prenom: "Jean",
idPromo: "P1",
}]);
await seedModules([{ id: "M1", nom: "Mod A" }, { id: "M2", nom: "Mod B" }]);
await seedNotes([
{ numEtud: s.numEtud, idModule: "M1", note: 15.0 },
{ numEtud: s.numEtud, idModule: "M2", note: 12.0 },
]);
const res = await notesHandler.GET!(
makeGetRequest("/notes"),
makeEmployeeContext(),
);
assertEquals(res.status, 200);
const body = await res.json();
assertEquals(body.length, 2);
},
sanitizeResources: false,
sanitizeOps: false,
});
Deno.test({
name: "e2e notes: GET /notes?numEtud filters by student",
async fn() {
await truncateAll();
await seedPromotions([{ id: "P1" }]);
const [s1] = await seedStudents([{
nom: "Dupont",
prenom: "Jean",
idPromo: "P1",
}]);
const [s2] = await seedStudents([{
nom: "Martin",
prenom: "Alice",
idPromo: "P1",
}]);
await seedModules([{ id: "M1", nom: "Mod A" }]);
await seedNotes([
{ numEtud: s1.numEtud, idModule: "M1", note: 15.0 },
{ numEtud: s2.numEtud, idModule: "M1", note: 12.0 },
]);
const res = await notesHandler.GET!(
makeGetRequest("/notes", { numEtud: String(s1.numEtud) }),
makeEmployeeContext(),
);
assertEquals(res.status, 200);
const body = await res.json();
assertEquals(body.length, 1);
assertEquals(body[0].numEtud, s1.numEtud);
},
sanitizeResources: false,
sanitizeOps: false,
});
Deno.test({
name: "e2e notes: GET /notes?numEtud=NaN returns 400",
async fn() {
await truncateAll();
const res = await notesHandler.GET!(
makeGetRequest("/notes", { numEtud: "abc" }),
makeEmployeeContext(),
);
assertEquals(res.status, 400);
},
sanitizeResources: false,
sanitizeOps: false,
});
Deno.test({
name: "e2e notes: GET /notes?idModule filters by module",
async fn() {
await truncateAll();
await seedPromotions([{ id: "P1" }]);
const [s] = await seedStudents([{
nom: "Dupont",
prenom: "Jean",
idPromo: "P1",
}]);
await seedModules([{ id: "M1", nom: "Mod A" }, { id: "M2", nom: "Mod B" }]);
await seedNotes([
{ numEtud: s.numEtud, idModule: "M1", note: 15.0 },
{ numEtud: s.numEtud, idModule: "M2", note: 10.0 },
]);
const res = await notesHandler.GET!(
makeGetRequest("/notes", { idModule: "M1" }),
makeEmployeeContext(),
);
assertEquals(res.status, 200);
const body = await res.json();
assertEquals(body.length, 1);
assertEquals(body[0].idModule, "M1");
},
sanitizeResources: false,
sanitizeOps: false,
});
// --- POST /notes ---
Deno.test({
name: "e2e notes: POST /notes creates note (201)",
async fn() {
await truncateAll();
await seedPromotions([{ id: "P1" }]);
const [s] = await seedStudents([{
nom: "Leroy",
prenom: "Paul",
idPromo: "P1",
}]);
await seedModules([{ id: "M1", nom: "Mod A" }]);
const res = await notesHandler.POST!(
makeJsonRequest("/notes", "POST", {
numEtud: s.numEtud,
idModule: "M1",
note: 14.0,
}),
makeEmployeeContext(),
);
assertEquals(res.status, 201);
const body = await res.json();
assertExists(body.numEtud);
assertEquals(body.note, 14.0);
},
sanitizeResources: false,
sanitizeOps: false,
});
Deno.test({
name: "e2e notes: POST /notes 400 on missing fields",
async fn() {
await truncateAll();
const res = await notesHandler.POST!(
makeJsonRequest("/notes", "POST", { numEtud: 12345 }),
makeEmployeeContext(),
);
assertEquals(res.status, 400);
},
sanitizeResources: false,
sanitizeOps: false,
});
// --- GET /notes/:numEtud/:idModule ---
Deno.test({
name: "e2e notes: GET /notes/:numEtud/:idModule returns note",
async fn() {
await truncateAll();
await seedPromotions([{ id: "P1" }]);
const [s] = await seedStudents([{
nom: "Bernard",
prenom: "Lucie",
idPromo: "P1",
}]);
await seedModules([{ id: "M1", nom: "Mod A" }]);
await seedNotes([{ numEtud: s.numEtud, idModule: "M1", note: 18.0 }]);
const res = await noteHandler.GET!(
makeGetRequest(`/notes/${s.numEtud}/M1`),
makeEmployeeContext({ numEtud: String(s.numEtud), idModule: "M1" }),
);
assertEquals(res.status, 200);
const body = await res.json();
assertEquals(body.note, 18.0);
},
sanitizeResources: false,
sanitizeOps: false,
});
Deno.test({
name: "e2e notes: GET /notes/:numEtud/:idModule 404 when not found",
async fn() {
await truncateAll();
const res = await noteHandler.GET!(
makeGetRequest("/notes/99999/GHOST"),
makeEmployeeContext({ numEtud: "99999", idModule: "GHOST" }),
);
assertEquals(res.status, 404);
},
sanitizeResources: false,
sanitizeOps: false,
});
// --- PUT /notes/:numEtud/:idModule ---
Deno.test({
name: "e2e notes: PUT /notes/:numEtud/:idModule updates note",
async fn() {
await truncateAll();
await seedPromotions([{ id: "P1" }]);
const [s] = await seedStudents([{
nom: "Thomas",
prenom: "Eva",
idPromo: "P1",
}]);
await seedModules([{ id: "M1", nom: "Mod A" }]);
await seedNotes([{ numEtud: s.numEtud, idModule: "M1", note: 10.0 }]);
const res = await noteHandler.PUT!(
makeJsonRequest(`/notes/${s.numEtud}/M1`, "PUT", { note: 16.0 }),
makeEmployeeContext({ numEtud: String(s.numEtud), idModule: "M1" }),
);
assertEquals(res.status, 200);
const body = await res.json();
assertEquals(body.note, 16.0);
},
sanitizeResources: false,
sanitizeOps: false,
});
Deno.test({
name: "e2e notes: PUT /notes/:numEtud/:idModule 404 when not found",
async fn() {
await truncateAll();
const res = await noteHandler.PUT!(
makeJsonRequest("/notes/99999/GHOST", "PUT", { note: 10.0 }),
makeEmployeeContext({ numEtud: "99999", idModule: "GHOST" }),
);
assertEquals(res.status, 404);
},
sanitizeResources: false,
sanitizeOps: false,
});
// --- DELETE /notes/:numEtud/:idModule ---
Deno.test({
name: "e2e notes: DELETE /notes/:numEtud/:idModule returns 204",
async fn() {
await truncateAll();
await seedPromotions([{ id: "P1" }]);
const [s] = await seedStudents([{
nom: "Petit",
prenom: "Hugo",
idPromo: "P1",
}]);
await seedModules([{ id: "M1", nom: "Mod A" }]);
await seedNotes([{ numEtud: s.numEtud, idModule: "M1", note: 9.0 }]);
const res = await noteHandler.DELETE!(
makeGetRequest(`/notes/${s.numEtud}/M1`),
makeEmployeeContext({ numEtud: String(s.numEtud), idModule: "M1" }),
);
assertEquals(res.status, 204);
},
sanitizeResources: false,
sanitizeOps: false,
});
Deno.test({
name: "e2e notes: DELETE /notes/:numEtud/:idModule 404 when not found",
async fn() {
await truncateAll();
const res = await noteHandler.DELETE!(
makeGetRequest("/notes/99999/GHOST"),
makeEmployeeContext({ numEtud: "99999", idModule: "GHOST" }),
);
assertEquals(res.status, 404);
},
sanitizeResources: false,
sanitizeOps: false,
});
tests/e2e/permissions_test.ts
-60
View File
@@ -1,60 +0,0 @@
// #115 - E2E tests for GET /permissions
import { assertEquals, assertExists } from "@std/assert";
import { makeEmployeeContext, makeGetRequest } from "../helpers/handler.ts";
import { seedPermissions, truncateAll } from "../helpers/db_integration.ts";
import { handler as permissionsHandler } from "$apps/admin/api/permissions.ts";
const PERMISSIONS = [
{ id: "note_read", nom: "Consulter les notes des étudiants" },
{ id: "note_write", nom: "Saisir et modifier les notes" },
{ id: "student_read", nom: "Consulter la liste des étudiants" },
{
id: "student_write",
nom: "Gérer les étudiants (ajout, modification, suppression)",
},
{ id: "module_read", nom: "Consulter les modules et enseignements" },
{ id: "module_write", nom: "Gérer les modules et enseignements" },
{ id: "user_read", nom: "Consulter les utilisateurs et leurs rôles" },
{ id: "user_write", nom: "Gérer les utilisateurs et leurs rôles" },
{ id: "role_write", nom: "Gérer les rôles et leurs permissions" },
];
Deno.test({
name: "e2e permissions: GET /permissions returns all 9 permissions",
async fn() {
await truncateAll();
await seedPermissions(PERMISSIONS);
const res = await permissionsHandler.GET!(
makeGetRequest("/permissions"),
makeEmployeeContext(),
);
assertEquals(res.status, 200);
const text = await res.text();
const data = JSON.parse(text);
assertEquals(data.length, 9);
assertExists(data.find((p: { id: string }) => p.id === "student_read"));
assertExists(data.find((p: { id: string }) => p.id === "role_write"));
},
sanitizeResources: false,
sanitizeOps: false,
});
Deno.test({
name: "e2e permissions: GET /permissions - all entries have id and nom",
async fn() {
await truncateAll();
await seedPermissions(PERMISSIONS);
const res = await permissionsHandler.GET!(
makeGetRequest("/permissions"),
makeEmployeeContext(),
);
const data: { id: string; nom: string }[] = await res.json();
for (const p of data) {
assertEquals(typeof p.id, "string");
assertEquals(typeof p.nom, "string");
}
},
sanitizeResources: false,
sanitizeOps: false,
});
tests/e2e/promotions_test.ts
-212
View File
@@ -1,212 +0,0 @@
// #110 - E2E tests for /promotions endpoints
import { assertEquals } from "@std/assert";
import {
makeContextWithAffiliation,
makeEmployeeContext,
makeGetRequest,
makeJsonRequest,
} from "../helpers/handler.ts";
import { seedPromotions, truncateAll } from "../helpers/db_integration.ts";
import { handler as promotionsHandler } from "$apps/students/api/promotions.ts";
import { handler as promotionHandler } from "$apps/students/api/promotions/[idPromo].ts";
// --- GET /promotions ---
Deno.test({
name: "e2e promotions: GET /promotions returns all as employee",
async fn() {
await truncateAll();
await seedPromotions([
{ id: "PEIP1-2024", annee: "2024" },
{ id: "PEIP2-2024", annee: "2024" },
]);
const res = await promotionsHandler.GET!(
makeGetRequest("/promotions"),
makeEmployeeContext(),
);
assertEquals(res.status, 200);
const body = await res.json();
assertEquals(body.length, 2);
},
sanitizeResources: false,
sanitizeOps: false,
});
Deno.test({
name: "e2e promotions: GET /promotions returns empty for non-employee",
async fn() {
await truncateAll();
await seedPromotions([{ id: "PEIP1-2024", annee: "2024" }]);
const res = await promotionsHandler.GET!(
makeGetRequest("/promotions"),
makeContextWithAffiliation("student"),
);
assertEquals(res.status, 200);
const body = await res.json();
assertEquals(body.length, 0);
},
sanitizeResources: false,
sanitizeOps: false,
});
// --- POST /promotions ---
Deno.test({
name: "e2e promotions: POST /promotions creates promotion (201)",
async fn() {
await truncateAll();
const res = await promotionsHandler.POST!(
makeJsonRequest("/promotions", "POST", {
idPromo: "INFO3-2025",
annee: "2025",
}),
makeEmployeeContext(),
);
assertEquals(res.status, 201);
const body = await res.json();
assertEquals(body.id, "INFO3-2025");
assertEquals(body.annee, "2025");
},
sanitizeResources: false,
sanitizeOps: false,
});
Deno.test({
name: "e2e promotions: POST /promotions 403 for non-employee",
async fn() {
await truncateAll();
const res = await promotionsHandler.POST!(
makeJsonRequest("/promotions", "POST", { idPromo: "X", annee: "2025" }),
makeContextWithAffiliation("student"),
);
assertEquals(res.status, 403);
},
sanitizeResources: false,
sanitizeOps: false,
});
Deno.test({
name: "e2e promotions: POST /promotions 400 on missing fields",
async fn() {
await truncateAll();
const res = await promotionsHandler.POST!(
makeJsonRequest("/promotions", "POST", { idPromo: "X" }),
makeEmployeeContext(),
);
assertEquals(res.status, 400);
},
sanitizeResources: false,
sanitizeOps: false,
});
// --- GET /promotions/:idPromo ---
Deno.test({
name: "e2e promotions: GET /promotions/:id returns promotion",
async fn() {
await truncateAll();
await seedPromotions([{ id: "INFO3-2024", annee: "2024" }]);
const res = await promotionHandler.GET!(
makeGetRequest("/promotions/INFO3-2024"),
makeEmployeeContext({ idPromo: "INFO3-2024" }),
);
assertEquals(res.status, 200);
const body = await res.json();
assertEquals(body.id, "INFO3-2024");
},
sanitizeResources: false,
sanitizeOps: false,
});
Deno.test({
name: "e2e promotions: GET /promotions/:id 404 when not found",
async fn() {
await truncateAll();
const res = await promotionHandler.GET!(
makeGetRequest("/promotions/GHOST"),
makeEmployeeContext({ idPromo: "GHOST" }),
);
assertEquals(res.status, 404);
},
sanitizeResources: false,
sanitizeOps: false,
});
Deno.test({
name: "e2e promotions: GET /promotions/:id 403 for non-employee",
async fn() {
await truncateAll();
const res = await promotionHandler.GET!(
makeGetRequest("/promotions/INFO3-2024"),
makeContextWithAffiliation("student", { idPromo: "INFO3-2024" }),
);
assertEquals(res.status, 403);
},
sanitizeResources: false,
sanitizeOps: false,
});
// --- PUT /promotions/:idPromo ---
Deno.test({
name: "e2e promotions: PUT /promotions/:id updates annee",
async fn() {
await truncateAll();
await seedPromotions([{ id: "INFO3-2023", annee: "2023" }]);
const res = await promotionHandler.PUT!(
makeJsonRequest("/promotions/INFO3-2023", "PUT", { annee: "2024" }),
makeEmployeeContext({ idPromo: "INFO3-2023" }),
);
assertEquals(res.status, 200);
const body = await res.json();
assertEquals(body.annee, "2024");
},
sanitizeResources: false,
sanitizeOps: false,
});
Deno.test({
name: "e2e promotions: PUT /promotions/:id 404 when not found",
async fn() {
await truncateAll();
const res = await promotionHandler.PUT!(
makeJsonRequest("/promotions/GHOST", "PUT", { annee: "2025" }),
makeEmployeeContext({ idPromo: "GHOST" }),
);
assertEquals(res.status, 404);
},
sanitizeResources: false,
sanitizeOps: false,
});
// --- DELETE /promotions/:idPromo ---
Deno.test({
name: "e2e promotions: DELETE /promotions/:id returns 204",
async fn() {
await truncateAll();
await seedPromotions([{ id: "INFO3-2022", annee: "2022" }]);
const res = await promotionHandler.DELETE!(
makeGetRequest("/promotions/INFO3-2022"),
makeEmployeeContext({ idPromo: "INFO3-2022" }),
);
assertEquals(res.status, 204);
},
sanitizeResources: false,
sanitizeOps: false,
});
Deno.test({
name: "e2e promotions: DELETE /promotions/:id 404 when not found",
async fn() {
await truncateAll();
const res = await promotionHandler.DELETE!(
makeGetRequest("/promotions/GHOST"),
makeEmployeeContext({ idPromo: "GHOST" }),
);
assertEquals(res.status, 404);
},
sanitizeResources: false,
sanitizeOps: false,
});
tests/e2e/robustness_test.ts
-592
View File
@@ -1,592 +0,0 @@
// Robustness tests — input validation & side-effect isolation
//
// Chaque test documente le comportement réel du handler face à des entrées invalides.
// Les tests marqués [BUG] représentent le comportement ATTENDU — ils échouent
// intentionnellement pour exposer un bug dans le handler ciblé.
import { assertEquals } from "@std/assert";
import {
makeContextWithAffiliation,
makeEmployeeContext,
makeGetRequest,
makeJsonRequest,
} from "../helpers/handler.ts";
import {
seedModules,
seedPromotions,
seedStudents,
seedUes,
truncateAll,
} from "../helpers/db_integration.ts";
import { handler as modulesHandler } from "$apps/admin/api/modules.ts";
import { handler as moduleHandler } from "$apps/admin/api/modules/[idModule].ts";
import { handler as notesHandler } from "$apps/notes/api/notes.ts";
import { handler as uesHandler } from "$apps/admin/api/ues.ts";
import { handler as ueModulesHandler } from "$apps/admin/api/ue-modules.ts";
import { handler as ajustementsHandler } from "$apps/notes/api/ajustements.ts";
import { handler as enseignementsHandler } from "$apps/admin/api/enseignements.ts";
import { handler as usersHandler } from "$apps/admin/api/users.ts";
// Helper : request POST avec un body JSON invalide
function makeMalformedRequest(path: string): Request {
return new Request(`http://localhost${path}`, {
method: "POST",
headers: { "content-type": "application/json" },
body: "{ ceci n'est pas du json }",
});
}
// Helper : request POST sans body du tout
function makeEmptyBodyRequest(path: string, method = "POST"): Request {
return new Request(`http://localhost${path}`, { method });
}
// =============================================================================
// JSON MALFORMÉ
// =============================================================================
// Handlers AVEC try/catch → retournent 500
// Handlers SANS try/catch → throwent (assertRejects)
Deno.test({
name: "robustness: POST /notes malformed JSON → 500 (try/catch présent)",
async fn() {
await truncateAll();
const res = await notesHandler.POST!(
makeMalformedRequest("/notes"),
makeEmployeeContext(),
);
assertEquals(res.status, 500);
},
sanitizeResources: false,
sanitizeOps: false,
});
Deno.test({
name: "robustness: POST /ues malformed JSON → 500 (try/catch présent)",
async fn() {
await truncateAll();
const res = await uesHandler.POST!(
makeMalformedRequest("/ues"),
makeEmployeeContext(),
);
assertEquals(res.status, 500);
},
sanitizeResources: false,
sanitizeOps: false,
});
Deno.test({
name: "robustness: POST /ue-modules malformed JSON → 500 (try/catch présent)",
async fn() {
await truncateAll();
const res = await ueModulesHandler.POST!(
makeMalformedRequest("/ue-modules"),
makeEmployeeContext(),
);
assertEquals(res.status, 500);
},
sanitizeResources: false,
sanitizeOps: false,
});
Deno.test({
name:
"robustness: POST /ajustements malformed JSON → 500 (try/catch présent)",
async fn() {
await truncateAll();
const res = await ajustementsHandler.POST!(
makeMalformedRequest("/ajustements"),
makeEmployeeContext(),
);
assertEquals(res.status, 500);
},
sanitizeResources: false,
sanitizeOps: false,
});
Deno.test({
name: "robustness: POST /modules malformed JSON → 500",
async fn() {
await truncateAll();
const res = await modulesHandler.POST!(
makeMalformedRequest("/modules"),
makeEmployeeContext(),
);
assertEquals(res.status, 500);
},
sanitizeResources: false,
sanitizeOps: false,
});
Deno.test({
name: "robustness: POST /enseignements malformed JSON → 500",
async fn() {
await truncateAll();
const res = await enseignementsHandler.POST!(
makeMalformedRequest("/enseignements"),
makeEmployeeContext(),
);
assertEquals(res.status, 500);
},
sanitizeResources: false,
sanitizeOps: false,
});
Deno.test({
name: "robustness: POST /users malformed JSON → 500",
async fn() {
await truncateAll();
const res = await usersHandler.POST!(
makeMalformedRequest("/users"),
makeEmployeeContext(),
);
assertEquals(res.status, 500);
},
sanitizeResources: false,
sanitizeOps: false,
});
// =============================================================================
// BODY ABSENT
// =============================================================================
Deno.test({
name: "robustness: POST /notes sans body → 500",
async fn() {
await truncateAll();
const res = await notesHandler.POST!(
makeEmptyBodyRequest("/notes"),
makeEmployeeContext(),
);
assertEquals(res.status, 500);
},
sanitizeResources: false,
sanitizeOps: false,
});
Deno.test({
name: "robustness: POST /modules sans body → 500",
async fn() {
await truncateAll();
const res = await modulesHandler.POST!(
makeEmptyBodyRequest("/modules"),
makeEmployeeContext(),
);
assertEquals(res.status, 500);
},
sanitizeResources: false,
sanitizeOps: false,
});
// =============================================================================
// CHAÎNES VIDES — comportement correct ✓
// =============================================================================
Deno.test({
name: "robustness: POST /modules id vide → 400",
async fn() {
await truncateAll();
const res = await modulesHandler.POST!(
makeJsonRequest("/modules", "POST", { id: "", nom: "Test" }),
makeEmployeeContext(),
);
assertEquals(res.status, 400);
},
sanitizeResources: false,
sanitizeOps: false,
});
Deno.test({
name: "robustness: POST /modules nom vide → 400",
async fn() {
await truncateAll();
const res = await modulesHandler.POST!(
makeJsonRequest("/modules", "POST", { id: "M1", nom: "" }),
makeEmployeeContext(),
);
assertEquals(res.status, 400);
},
sanitizeResources: false,
sanitizeOps: false,
});
Deno.test({
name: "robustness: POST /ues nom vide → 400",
async fn() {
await truncateAll();
const res = await uesHandler.POST!(
makeJsonRequest("/ues", "POST", { nom: "" }),
makeEmployeeContext(),
);
assertEquals(res.status, 400);
},
sanitizeResources: false,
sanitizeOps: false,
});
// =============================================================================
// CHAÎNES AVEC ESPACES SEULS — [BUG] passent !field et s'insèrent en DB
// =============================================================================
Deno.test({
name: "robustness: POST /modules id=espaces → 400",
async fn() {
await truncateAll();
const res = await modulesHandler.POST!(
makeJsonRequest("/modules", "POST", { id: " ", nom: "Test" }),
makeEmployeeContext(),
);
assertEquals(res.status, 400);
},
sanitizeResources: false,
sanitizeOps: false,
});
Deno.test({
name: "robustness: POST /ues nom=espaces → 400",
async fn() {
await truncateAll();
const res = await uesHandler.POST!(
makeJsonRequest("/ues", "POST", { nom: " " }),
makeEmployeeContext(),
);
assertEquals(res.status, 400);
},
sanitizeResources: false,
sanitizeOps: false,
});
Deno.test({
name: "robustness: POST /users id=espaces → 400",
async fn() {
await truncateAll();
const res = await usersHandler.POST!(
makeJsonRequest("/users", "POST", { id: " ", nom: "X", prenom: "Y" }),
makeEmployeeContext(),
);
assertEquals(res.status, 400);
},
sanitizeResources: false,
sanitizeOps: false,
});
// =============================================================================
// MAUVAIS TYPES
// =============================================================================
Deno.test({
name: "robustness: POST /notes note=string → 400",
async fn() {
await truncateAll();
await seedPromotions([{ id: "P1" }]);
const [s] = await seedStudents([{
nom: "Test",
prenom: "User",
idPromo: "P1",
}]);
await seedModules([{ id: "M1", nom: "Mod" }]);
const res = await notesHandler.POST!(
makeJsonRequest("/notes", "POST", {
note: "pas-un-nombre",
numEtud: s.numEtud,
idModule: "M1",
}),
makeEmployeeContext(),
);
assertEquals(res.status, 400);
},
sanitizeResources: false,
sanitizeOps: false,
});
Deno.test({
name: "robustness: PUT /modules/:id nom=number → 400",
async fn() {
await truncateAll();
await seedModules([{ id: "M1", nom: "Mod" }]);
const res = await moduleHandler.PUT!(
makeJsonRequest("/modules/M1", "PUT", { nom: 42 }),
makeEmployeeContext({ idModule: "M1" }),
);
assertEquals(res.status, 400);
},
sanitizeResources: false,
sanitizeOps: false,
});
// =============================================================================
// VALEUR ZÉRO — falsy bug sur numEtud/idUE
// =============================================================================
Deno.test({
name:
"robustness [BUG]: POST /ajustements numEtud=0 → 400 pour mauvaise raison",
async fn() {
await truncateAll();
const [ue] = await seedUes([{ nom: "UE Info" }]);
const res = await ajustementsHandler.POST!(
makeJsonRequest("/ajustements", "POST", {
numEtud: 0,
idUE: ue.id,
valeur: 10.0,
}),
makeEmployeeContext(),
);
// !0 === true → retourne 400 à cause du falsy check, pas d'une vraie validation
// Comportement attendu : 422 ou message d'erreur explicite sur numEtud invalide
// Comportement réel : 400 générique "champs requis"
assertEquals(res.status, 400); // passe, mais pour la mauvaise raison — le message est trompeur
},
sanitizeResources: false,
sanitizeOps: false,
});
Deno.test({
name: "robustness [BUG]: POST /ajustements idUE=0 → 400 pour mauvaise raison",
async fn() {
await truncateAll();
await seedPromotions([{ id: "P1" }]);
const [s] = await seedStudents([{
nom: "Test",
prenom: "User",
idPromo: "P1",
}]);
const res = await ajustementsHandler.POST!(
makeJsonRequest("/ajustements", "POST", {
numEtud: s.numEtud,
idUE: 0,
valeur: 10.0,
}),
makeEmployeeContext(),
);
assertEquals(res.status, 400); // !0 → 400, message trompeur
},
sanitizeResources: false,
sanitizeOps: false,
});
// =============================================================================
// VALEUR ZÉRO CORRECTEMENT GÉRÉE — coeff=0 est valide
// =============================================================================
Deno.test({
name:
"robustness: POST /ue-modules coeff=0 → 201 (zéro est une valeur valide)",
async fn() {
await truncateAll();
await seedPromotions([{ id: "P1" }]);
await seedModules([{ id: "M1", nom: "Mod" }]);
const [ue] = await seedUes([{ nom: "UE Info" }]);
const res = await ueModulesHandler.POST!(
makeJsonRequest("/ue-modules", "POST", {
idModule: "M1",
idUE: ue.id,
idPromo: "P1",
coeff: 0,
}),
makeEmployeeContext(),
);
// coeff === undefined → false pour 0 → passe ✓
assertEquals(res.status, 201);
},
sanitizeResources: false,
sanitizeOps: false,
});
// =============================================================================
// INJECTION SQL DANS LES PARAMÈTRES D'URL
// Drizzle utilise des requêtes paramétrées → les injections sont neutralisées
// =============================================================================
Deno.test({
name:
"robustness: GET /modules avec SQL injection dans id → 404 (Drizzle paramètre)",
async fn() {
await truncateAll();
const injectionId = "'; DROP TABLE modules; --";
const res = await moduleHandler.GET!(
makeGetRequest(`/modules/${encodeURIComponent(injectionId)}`),
makeEmployeeContext({ idModule: injectionId }),
);
// Drizzle génère WHERE id = $1 avec $1 = "'; DROP TABLE modules; --"
// Aucune injection possible → module non trouvé → 404
assertEquals(res.status, 404);
},
sanitizeResources: false,
sanitizeOps: false,
});
Deno.test({
name:
"robustness: POST /modules avec SQL injection dans id → s'insère littéralement (safe)",
async fn() {
await truncateAll();
const injectionId = "'; DROP TABLE modules; --";
const res = await modulesHandler.POST!(
makeJsonRequest("/modules", "POST", { id: injectionId, nom: "Test" }),
makeEmployeeContext(),
);
// Drizzle paramètre la valeur → s'insère comme une chaîne ordinaire → 201
assertEquals(res.status, 201);
},
sanitizeResources: false,
sanitizeOps: false,
});
// =============================================================================
// ABSENCE DE VALIDATION MÉTIER — valeurs hors limites acceptées
// =============================================================================
Deno.test({
name: "robustness: POST /notes note > 20 → 400",
async fn() {
await truncateAll();
await seedPromotions([{ id: "P1" }]);
const [s] = await seedStudents([{
nom: "Test",
prenom: "User",
idPromo: "P1",
}]);
await seedModules([{ id: "M1", nom: "Mod" }]);
const res = await notesHandler.POST!(
makeJsonRequest("/notes", "POST", {
note: 999,
numEtud: s.numEtud,
idModule: "M1",
}),
makeEmployeeContext(),
);
assertEquals(res.status, 400);
},
sanitizeResources: false,
sanitizeOps: false,
});
Deno.test({
name: "robustness: POST /notes note < 0 → 400",
async fn() {
await truncateAll();
await seedPromotions([{ id: "P1" }]);
const [s] = await seedStudents([{
nom: "Test",
prenom: "User",
idPromo: "P1",
}]);
await seedModules([{ id: "M1", nom: "Mod" }]);
const res = await notesHandler.POST!(
makeJsonRequest("/notes", "POST", {
note: -5,
numEtud: s.numEtud,
idModule: "M1",
}),
makeEmployeeContext(),
);
assertEquals(res.status, 400);
},
sanitizeResources: false,
sanitizeOps: false,
});
Deno.test({
name: "robustness: POST /ue-modules coeff négatif → 400",
async fn() {
await truncateAll();
await seedPromotions([{ id: "P1" }]);
await seedModules([{ id: "M1", nom: "Mod" }]);
const [ue] = await seedUes([{ nom: "UE Info" }]);
const res = await ueModulesHandler.POST!(
makeJsonRequest("/ue-modules", "POST", {
idModule: "M1",
idUE: ue.id,
idPromo: "P1",
coeff: -3,
}),
makeEmployeeContext(),
);
assertEquals(res.status, 400);
},
sanitizeResources: false,
sanitizeOps: false,
});
// =============================================================================
// ISOLATION DES EFFETS DE BORD
// Vérification que truncateAll() isole correctement chaque test
// =============================================================================
Deno.test({
name: "robustness: isolation — données du test précédent non visibles",
async fn() {
// Ce test crée un module
await truncateAll();
await modulesHandler.POST!(
makeJsonRequest("/modules", "POST", {
id: "ISOLATION-TEST",
nom: "Test",
}),
makeEmployeeContext(),
);
},
sanitizeResources: false,
sanitizeOps: false,
});
Deno.test({
name:
"robustness: isolation — truncateAll efface bien les données du test précédent",
async fn() {
await truncateAll();
// Le module créé dans le test précédent ne doit plus exister
const res = await moduleHandler.GET!(
makeGetRequest("/modules/ISOLATION-TEST"),
makeEmployeeContext({ idModule: "ISOLATION-TEST" }),
);
assertEquals(res.status, 404);
},
sanitizeResources: false,
sanitizeOps: false,
});
// =============================================================================
// CHAMPS SUPPLÉMENTAIRES INCONNUS — doivent être ignorés silencieusement
// =============================================================================
Deno.test({
name: "robustness: POST /modules avec champs inconnus → 201 (champs ignorés)",
async fn() {
await truncateAll();
const res = await modulesHandler.POST!(
makeJsonRequest("/modules", "POST", {
id: "M-EXTRA",
nom: "Test",
champInconnu: "valeur",
_admin: true,
__proto__: { polluted: true },
}),
makeEmployeeContext(),
);
assertEquals(res.status, 201);
},
sanitizeResources: false,
sanitizeOps: false,
});
// =============================================================================
// ACCÈS NON AUTHENTIFIÉ — vérification que l'état auth est bien contrôlé
// =============================================================================
Deno.test({
name: "robustness: POST /modules sans affiliation employee → 403",
async fn() {
await truncateAll();
for (const role of ["student", "alumni", "", "EMPLOYEE", "admin"]) {
const res = await modulesHandler.POST!(
makeJsonRequest("/modules", "POST", { id: `M-${role}`, nom: "Test" }),
makeContextWithAffiliation(role),
);
assertEquals(res.status, 403, `role "${role}" devrait être 403`);
}
},
sanitizeResources: false,
sanitizeOps: false,
});
tests/e2e/roles_test.ts
-175
View File
@@ -1,175 +0,0 @@
// #112 - E2E tests for /roles endpoints
import { assertEquals, assertExists } from "@std/assert";
import {
makeEmployeeContext,
makeGetRequest,
makeJsonRequest,
} from "../helpers/handler.ts";
import { seedRoles, testDb, truncateAll } from "../helpers/db_integration.ts";
import { permissions } from "$root/databases/schema.ts";
import { handler as rolesHandler } from "$apps/admin/api/roles.ts";
import { handler as roleHandler } from "$apps/admin/api/roles/[idRole].ts";
// --- GET /roles ---
Deno.test({
name: "e2e roles: GET /roles returns all with permissions",
async fn() {
await truncateAll();
await seedRoles([{ nom: "admin" }, { nom: "employee" }]);
const res = await rolesHandler.GET!(
makeGetRequest("/roles"),
makeEmployeeContext(),
);
assertEquals(res.status, 200);
const body = await res.json();
assertEquals(body.length, 2);
assertExists(body[0].permissions);
assertEquals(Array.isArray(body[0].permissions), true);
},
sanitizeResources: false,
sanitizeOps: false,
});
// --- POST /roles ---
Deno.test({
name: "e2e roles: POST /roles creates role (201)",
async fn() {
await truncateAll();
const res = await rolesHandler.POST!(
makeJsonRequest("/roles", "POST", { nom: "viewer" }),
makeEmployeeContext(),
);
assertEquals(res.status, 201);
const body = await res.json();
assertExists(body.id);
assertEquals(body.nom, "viewer");
assertEquals(body.permissions, []);
},
sanitizeResources: false,
sanitizeOps: false,
});
Deno.test({
name: "e2e roles: POST /roles 400 on missing nom",
async fn() {
await truncateAll();
const res = await rolesHandler.POST!(
makeJsonRequest("/roles", "POST", {}),
makeEmployeeContext(),
);
assertEquals(res.status, 400);
},
sanitizeResources: false,
sanitizeOps: false,
});
// --- GET /roles/:id ---
Deno.test({
name: "e2e roles: GET /roles/:id returns role with permissions",
async fn() {
await truncateAll();
const [role] = await seedRoles([{ nom: "admin" }]);
await testDb.insert(permissions).values([
{ id: "student_read", nom: "Consulter les élèves" },
]);
const res = await roleHandler.GET!(
makeGetRequest(`/roles/${role.id}`),
makeEmployeeContext({ idRole: String(role.id) }),
);
assertEquals(res.status, 200);
const body = await res.json();
assertEquals(body.nom, "admin");
assertEquals(Array.isArray(body.permissions), true);
},
sanitizeResources: false,
sanitizeOps: false,
});
Deno.test({
name: "e2e roles: GET /roles/:id 404 when not found",
async fn() {
await truncateAll();
const res = await roleHandler.GET!(
makeGetRequest("/roles/9999"),
makeEmployeeContext({ idRole: "9999" }),
);
assertEquals(res.status, 404);
},
sanitizeResources: false,
sanitizeOps: false,
});
// --- PUT /roles/:id ---
Deno.test({
name: "e2e roles: PUT /roles/:id updates nom and permissions",
async fn() {
await truncateAll();
const [role] = await seedRoles([{ nom: "employee" }]);
await testDb.insert(permissions).values([
{ id: "note_read", nom: "Consulter les notes" },
]);
const res = await roleHandler.PUT!(
makeJsonRequest(`/roles/${role.id}`, "PUT", {
nom: "teacher",
permissions: ["note_read"],
}),
makeEmployeeContext({ idRole: String(role.id) }),
);
assertEquals(res.status, 200);
const body = await res.json();
assertEquals(body.nom, "teacher");
assertEquals(body.permissions, ["note_read"]);
},
sanitizeResources: false,
sanitizeOps: false,
});
Deno.test({
name: "e2e roles: PUT /roles/:id 404 when not found",
async fn() {
await truncateAll();
const res = await roleHandler.PUT!(
makeJsonRequest("/roles/9999", "PUT", { nom: "ghost", permissions: [] }),
makeEmployeeContext({ idRole: "9999" }),
);
assertEquals(res.status, 404);
},
sanitizeResources: false,
sanitizeOps: false,
});
// --- DELETE /roles/:id ---
Deno.test({
name: "e2e roles: DELETE /roles/:id returns 204",
async fn() {
await truncateAll();
const [role] = await seedRoles([{ nom: "moderator" }]);
const res = await roleHandler.DELETE!(
makeGetRequest(`/roles/${role.id}`),
makeEmployeeContext({ idRole: String(role.id) }),
);
assertEquals(res.status, 204);
},
sanitizeResources: false,
sanitizeOps: false,
});
Deno.test({
name: "e2e roles: DELETE /roles/:id 404 when not found",
async fn() {
await truncateAll();
const res = await roleHandler.DELETE!(
makeGetRequest("/roles/9999"),
makeEmployeeContext({ idRole: "9999" }),
);
assertEquals(res.status, 404);
},
sanitizeResources: false,
sanitizeOps: false,
});
tests/e2e/students_test.ts
-288
View File
@@ -1,288 +0,0 @@
// #109 - E2E tests for /students endpoints
// Appelle les handlers Fresh directement avec un vrai contexte + vraie DB
import { assertEquals, assertExists } from "@std/assert";
import {
makeContextWithAffiliation,
makeEmployeeContext,
makeGetRequest,
makeJsonRequest,
} from "../helpers/handler.ts";
import {
seedPromotions,
seedStudents,
truncateAll,
} from "../helpers/db_integration.ts";
import { handler as studentsHandler } from "$apps/students/api/students.ts";
import { handler as studentHandler } from "$apps/students/api/students/[numEtud].ts";
// --- GET /students ---
Deno.test({
name: "e2e students: GET /students returns all students as employee",
async fn() {
await truncateAll();
await seedPromotions([{ id: "PEIP1-2024" }]);
await seedStudents([
{ nom: "Dupont", prenom: "Jean", idPromo: "PEIP1-2024" },
{ nom: "Martin", prenom: "Alice", idPromo: "PEIP1-2024" },
]);
const req = makeGetRequest("/students");
const ctx = makeEmployeeContext();
const res = await studentsHandler.GET!(req, ctx);
assertEquals(res.status, 200);
const body = await res.json();
assertEquals(body.length, 2);
assertExists(body.find((s: { nom: string }) => s.nom === "Dupont"));
},
sanitizeResources: false,
sanitizeOps: false,
});
Deno.test({
name: "e2e students: GET /students returns empty array for non-employee",
async fn() {
await truncateAll();
await seedPromotions([{ id: "PEIP1-2024" }]);
await seedStudents([
{ nom: "Dupont", prenom: "Jean", idPromo: "PEIP1-2024" },
]);
const req = makeGetRequest("/students");
const ctx = makeContextWithAffiliation("student");
const res = await studentsHandler.GET!(req, ctx);
assertEquals(res.status, 200);
const body = await res.json();
assertEquals(body.length, 0);
},
sanitizeResources: false,
sanitizeOps: false,
});
Deno.test({
name: "e2e students: GET /students?idPromo filters by promotion",
async fn() {
await truncateAll();
await seedPromotions([{ id: "PEIP1-2024" }, { id: "PEIP2-2024" }]);
await seedStudents([
{ nom: "Dupont", prenom: "Jean", idPromo: "PEIP1-2024" },
{ nom: "Martin", prenom: "Alice", idPromo: "PEIP1-2024" },
{ nom: "Durand", prenom: "Claire", idPromo: "PEIP2-2024" },
]);
const req = makeGetRequest("/students", { idPromo: "PEIP1-2024" });
const ctx = makeEmployeeContext();
const res = await studentsHandler.GET!(req, ctx);
assertEquals(res.status, 200);
const body = await res.json();
assertEquals(body.length, 2);
assertEquals(
body.every((s: { idPromo: string }) => s.idPromo === "PEIP1-2024"),
true,
);
},
sanitizeResources: false,
sanitizeOps: false,
});
// --- POST /students ---
Deno.test({
name: "e2e students: POST /students creates a student (201)",
async fn() {
await truncateAll();
await seedPromotions([{ id: "INFO3-2024" }]);
const req = makeJsonRequest("/students", "POST", {
nom: "Leroy",
prenom: "Paul",
idPromo: "INFO3-2024",
});
const ctx = makeEmployeeContext();
const res = await studentsHandler.POST!(req, ctx);
assertEquals(res.status, 201);
const body = await res.json();
assertExists(body.numEtud);
assertEquals(body.nom, "Leroy");
assertEquals(body.idPromo, "INFO3-2024");
},
sanitizeResources: false,
sanitizeOps: false,
});
Deno.test({
name: "e2e students: POST /students 403 for non-employee",
async fn() {
await truncateAll();
const req = makeJsonRequest("/students", "POST", {
nom: "Test",
prenom: "User",
idPromo: "PEIP1-2024",
});
const ctx = makeContextWithAffiliation("student");
const res = await studentsHandler.POST!(req, ctx);
assertEquals(res.status, 403);
},
sanitizeResources: false,
sanitizeOps: false,
});
Deno.test({
name: "e2e students: POST /students 400 when missing required fields",
async fn() {
await truncateAll();
const req = makeJsonRequest("/students", "POST", { nom: "Leroy" });
const ctx = makeEmployeeContext();
const res = await studentsHandler.POST!(req, ctx);
assertEquals(res.status, 400);
},
sanitizeResources: false,
sanitizeOps: false,
});
// --- GET /students/:numEtud ---
Deno.test({
name: "e2e students: GET /students/:numEtud returns student",
async fn() {
await truncateAll();
await seedPromotions([{ id: "INFO3-2024" }]);
const [s] = await seedStudents([
{ nom: "Bernard", prenom: "Lucie", idPromo: "INFO3-2024" },
]);
const req = makeGetRequest(`/students/${s.numEtud}`);
const ctx = makeEmployeeContext({ numEtud: String(s.numEtud) });
const res = await studentHandler.GET!(req, ctx);
assertEquals(res.status, 200);
const body = await res.json();
assertEquals(body.numEtud, s.numEtud);
assertEquals(body.nom, "Bernard");
},
sanitizeResources: false,
sanitizeOps: false,
});
Deno.test({
name: "e2e students: GET /students/:numEtud 404 when not found",
async fn() {
await truncateAll();
const req = makeGetRequest("/students/999999");
const ctx = makeEmployeeContext({ numEtud: "999999" });
const res = await studentHandler.GET!(req, ctx);
assertEquals(res.status, 404);
},
sanitizeResources: false,
sanitizeOps: false,
});
Deno.test({
name: "e2e students: GET /students/:numEtud 403 for non-employee",
async fn() {
await truncateAll();
const req = makeGetRequest("/students/12345");
const ctx = makeContextWithAffiliation("student", { numEtud: "12345" });
const res = await studentHandler.GET!(req, ctx);
assertEquals(res.status, 403);
},
sanitizeResources: false,
sanitizeOps: false,
});
// --- PUT /students/:numEtud ---
Deno.test({
name: "e2e students: PUT /students/:numEtud updates student",
async fn() {
await truncateAll();
await seedPromotions([{ id: "INFO3-2024" }, { id: "INFO4-2024" }]);
const [s] = await seedStudents([
{ nom: "Petit", prenom: "Hugo", idPromo: "INFO3-2024" },
]);
const req = makeJsonRequest(`/students/${s.numEtud}`, "PUT", {
nom: "Grand",
prenom: "Hugo",
idPromo: "INFO4-2024",
});
const ctx = makeEmployeeContext({ numEtud: String(s.numEtud) });
const res = await studentHandler.PUT!(req, ctx);
assertEquals(res.status, 200);
const body = await res.json();
assertEquals(body.nom, "Grand");
assertEquals(body.idPromo, "INFO4-2024");
},
sanitizeResources: false,
sanitizeOps: false,
});
Deno.test({
name: "e2e students: PUT /students/:numEtud 404 when not found",
async fn() {
await truncateAll();
await seedPromotions([{ id: "INFO3-2024" }]);
const req = makeJsonRequest("/students/999999", "PUT", {
nom: "Ghost",
prenom: "Ghost",
idPromo: "INFO3-2024",
});
const ctx = makeEmployeeContext({ numEtud: "999999" });
const res = await studentHandler.PUT!(req, ctx);
assertEquals(res.status, 404);
},
sanitizeResources: false,
sanitizeOps: false,
});
// --- DELETE /students/:numEtud ---
Deno.test({
name: "e2e students: DELETE /students/:numEtud returns 204",
async fn() {
await truncateAll();
await seedPromotions([{ id: "INFO3-2024" }]);
const [s] = await seedStudents([
{ nom: "Thomas", prenom: "Eva", idPromo: "INFO3-2024" },
]);
const req = makeGetRequest(`/students/${s.numEtud}`);
const ctx = makeEmployeeContext({ numEtud: String(s.numEtud) });
const res = await studentHandler.DELETE!(req, ctx);
assertEquals(res.status, 204);
},
sanitizeResources: false,
sanitizeOps: false,
});
Deno.test({
name: "e2e students: DELETE /students/:numEtud 404 when not found",
async fn() {
await truncateAll();
const req = makeGetRequest("/students/999999");
const ctx = makeEmployeeContext({ numEtud: "999999" });
const res = await studentHandler.DELETE!(req, ctx);
assertEquals(res.status, 404);
},
sanitizeResources: false,
sanitizeOps: false,
});
tests/e2e/ue_modules_test.ts
-312
View File
@@ -1,312 +0,0 @@
// E2E tests for /ue-modules endpoints — handler + real DB
import { assertEquals, assertExists } from "@std/assert";
import {
makeContextWithAffiliation,
makeEmployeeContext,
makeGetRequest,
makeJsonRequest,
} from "../helpers/handler.ts";
import {
seedModules,
seedPromotions,
seedUeModules,
seedUes,
truncateAll,
} from "../helpers/db_integration.ts";
import { handler as ueModulesHandler } from "$apps/admin/api/ue-modules.ts";
import { handler as ueModuleHandler } from "$apps/admin/api/ue-modules/[idModule]/[idUE]/[idPromo].ts";
import { ueModules as ueModulesTable } from "$root/databases/schema.ts";
import { testDb } from "../helpers/db_integration.ts";
// --- GET /ue-modules ---
Deno.test({
name: "e2e ue_modules: GET /ue-modules returns all associations",
async fn() {
await truncateAll();
await seedPromotions([{ id: "P1" }]);
await seedModules([{ id: "M1", nom: "Mod A" }, { id: "M2", nom: "Mod B" }]);
const [ue] = await seedUes([{ nom: "UE Info" }]);
await seedUeModules([
{ idModule: "M1", idUE: ue.id, idPromo: "P1", coeff: 2.0 },
{ idModule: "M2", idUE: ue.id, idPromo: "P1", coeff: 3.0 },
]);
const res = await ueModulesHandler.GET!(
makeGetRequest("/ue-modules"),
makeEmployeeContext(),
);
assertEquals(res.status, 200);
const body = await res.json();
assertEquals(body.length, 2);
},
sanitizeResources: false,
sanitizeOps: false,
});
Deno.test({
name: "e2e ue_modules: GET /ue-modules?idPromo filters by promo",
async fn() {
await truncateAll();
await seedPromotions([{ id: "P1" }, { id: "P2" }]);
await seedModules([{ id: "M1", nom: "Mod A" }]);
const [ue] = await seedUes([{ nom: "UE Info" }]);
await seedUeModules([
{ idModule: "M1", idUE: ue.id, idPromo: "P1", coeff: 2.0 },
{ idModule: "M1", idUE: ue.id, idPromo: "P2", coeff: 3.0 },
]);
const res = await ueModulesHandler.GET!(
makeGetRequest("/ue-modules", { idPromo: "P1" }),
makeEmployeeContext(),
);
assertEquals(res.status, 200);
const body = await res.json();
assertEquals(body.length, 1);
assertEquals(body[0].idPromo, "P1");
},
sanitizeResources: false,
sanitizeOps: false,
});
// --- POST /ue-modules ---
Deno.test({
name: "e2e ue_modules: POST /ue-modules creates association (201)",
async fn() {
await truncateAll();
await seedPromotions([{ id: "P1" }]);
await seedModules([{ id: "M1", nom: "Mod A" }]);
const [ue] = await seedUes([{ nom: "UE Info" }]);
const res = await ueModulesHandler.POST!(
makeJsonRequest("/ue-modules", "POST", {
idModule: "M1",
idUE: ue.id,
idPromo: "P1",
coeff: 4.0,
}),
makeEmployeeContext(),
);
assertEquals(res.status, 201);
const body = await res.json();
assertExists(body.idModule);
assertEquals(body.coeff, 4.0);
},
sanitizeResources: false,
sanitizeOps: false,
});
Deno.test({
name: "e2e ue_modules: POST /ue-modules 400 on missing fields",
async fn() {
await truncateAll();
const res = await ueModulesHandler.POST!(
makeJsonRequest("/ue-modules", "POST", { idModule: "M1" }),
makeEmployeeContext(),
);
assertEquals(res.status, 400);
},
sanitizeResources: false,
sanitizeOps: false,
});
// --- GET /ue-modules/:idModule/:idUE/:idPromo ---
Deno.test({
name:
"e2e ue_modules: GET /ue-modules/:idModule/:idUE/:idPromo returns correct association (employee)",
async fn() {
await truncateAll();
await seedPromotions([{ id: "P1" }, { id: "P2" }]);
await seedModules([{ id: "M1", nom: "Mod A" }, { id: "M2", nom: "Mod B" }]);
const [ue1, ue2] = await seedUes([{ nom: "UE Info" }, { nom: "UE Maths" }]);
// Plusieurs lignes qui partagent idModule="M1" — le handler doit discriminer par idUE ET idPromo
await seedUeModules([
{ idModule: "M1", idUE: ue1.id, idPromo: "P1", coeff: 3.5 },
{ idModule: "M1", idUE: ue2.id, idPromo: "P1", coeff: 1.0 },
{ idModule: "M1", idUE: ue1.id, idPromo: "P2", coeff: 2.0 },
{ idModule: "M2", idUE: ue1.id, idPromo: "P1", coeff: 4.0 },
]);
const res = await ueModuleHandler.GET!(
makeGetRequest(`/ue-modules/M1/${ue1.id}/P1`),
makeEmployeeContext({
idModule: "M1",
idUE: String(ue1.id),
idPromo: "P1",
}),
);
assertEquals(res.status, 200);
const body = await res.json();
// Doit retourner exactement M1/ue1/P1 avec coeff 3.5, pas une autre ligne
assertEquals(body.coeff, 3.5);
assertEquals(body.idPromo, "P1");
},
sanitizeResources: false,
sanitizeOps: false,
});
Deno.test({
name:
"e2e ue_modules: GET /ue-modules/:idModule/:idUE/:idPromo 403 for non-employee",
async fn() {
await truncateAll();
const res = await ueModuleHandler.GET!(
makeGetRequest("/ue-modules/M1/1/P1"),
makeContextWithAffiliation("student", {
idModule: "M1",
idUE: "1",
idPromo: "P1",
}),
);
assertEquals(res.status, 403);
},
sanitizeResources: false,
sanitizeOps: false,
});
Deno.test({
name:
"e2e ue_modules: GET /ue-modules/:idModule/:idUE/:idPromo 404 when not found",
async fn() {
await truncateAll();
const res = await ueModuleHandler.GET!(
makeGetRequest("/ue-modules/GHOST/1/GHOST"),
makeEmployeeContext({ idModule: "GHOST", idUE: "1", idPromo: "GHOST" }),
);
assertEquals(res.status, 404);
},
sanitizeResources: false,
sanitizeOps: false,
});
// --- PUT /ue-modules/:idModule/:idUE/:idPromo ---
Deno.test({
name:
"e2e ue_modules: PUT /ue-modules/:idModule/:idUE/:idPromo updates only the targeted row (employee)",
async fn() {
await truncateAll();
await seedPromotions([{ id: "P1" }, { id: "P2" }]);
await seedModules([{ id: "M1", nom: "Mod A" }]);
const [ue1, ue2] = await seedUes([{ nom: "UE Info" }, { nom: "UE Maths" }]);
// Deux lignes avec même idModule — le PUT ne doit modifier que celle ciblée
await seedUeModules([
{ idModule: "M1", idUE: ue1.id, idPromo: "P1", coeff: 2.0 },
{ idModule: "M1", idUE: ue2.id, idPromo: "P2", coeff: 9.0 },
]);
const res = await ueModuleHandler.PUT!(
makeJsonRequest(`/ue-modules/M1/${ue1.id}/P1`, "PUT", { coeff: 5.0 }),
makeEmployeeContext({
idModule: "M1",
idUE: String(ue1.id),
idPromo: "P1",
}),
);
assertEquals(res.status, 200);
const body = await res.json();
assertEquals(body.coeff, 5.0);
assertEquals(body.idPromo, "P1");
},
sanitizeResources: false,
sanitizeOps: false,
});
Deno.test({
name:
"e2e ue_modules: PUT /ue-modules/:idModule/:idUE/:idPromo 403 for non-employee",
async fn() {
await truncateAll();
const res = await ueModuleHandler.PUT!(
makeJsonRequest("/ue-modules/M1/1/P1", "PUT", { coeff: 5.0 }),
makeContextWithAffiliation("student", {
idModule: "M1",
idUE: "1",
idPromo: "P1",
}),
);
assertEquals(res.status, 403);
},
sanitizeResources: false,
sanitizeOps: false,
});
Deno.test({
name:
"e2e ue_modules: PUT /ue-modules/:idModule/:idUE/:idPromo 404 when not found",
async fn() {
await truncateAll();
const res = await ueModuleHandler.PUT!(
makeJsonRequest("/ue-modules/GHOST/1/GHOST", "PUT", { coeff: 5.0 }),
makeEmployeeContext({ idModule: "GHOST", idUE: "1", idPromo: "GHOST" }),
);
assertEquals(res.status, 404);
},
sanitizeResources: false,
sanitizeOps: false,
});
// --- DELETE /ue-modules/:idModule/:idUE/:idPromo ---
Deno.test({
name:
"e2e ue_modules: DELETE /ue-modules/:idModule/:idUE/:idPromo deletes only targeted row (employee)",
async fn() {
await truncateAll();
await seedPromotions([{ id: "P1" }, { id: "P2" }]);
await seedModules([{ id: "M1", nom: "Mod A" }]);
const [ue1, ue2] = await seedUes([{ nom: "UE Info" }, { nom: "UE Maths" }]);
// Deux lignes avec même idModule — seule celle ciblée doit être supprimée
await seedUeModules([
{ idModule: "M1", idUE: ue1.id, idPromo: "P1", coeff: 2.0 },
{ idModule: "M1", idUE: ue2.id, idPromo: "P2", coeff: 4.0 },
]);
const res = await ueModuleHandler.DELETE!(
makeGetRequest(`/ue-modules/M1/${ue1.id}/P1`),
makeEmployeeContext({
idModule: "M1",
idUE: String(ue1.id),
idPromo: "P1",
}),
);
assertEquals(res.status, 204);
// L'autre ligne doit toujours exister
const remaining = await testDb.select().from(ueModulesTable);
assertEquals(remaining.length, 1);
assertEquals(remaining[0].idUE, ue2.id);
},
sanitizeResources: false,
sanitizeOps: false,
});
Deno.test({
name:
"e2e ue_modules: DELETE /ue-modules/:idModule/:idUE/:idPromo 403 for non-employee",
async fn() {
await truncateAll();
const res = await ueModuleHandler.DELETE!(
makeGetRequest("/ue-modules/M1/1/P1"),
makeContextWithAffiliation("student", {
idModule: "M1",
idUE: "1",
idPromo: "P1",
}),
);
assertEquals(res.status, 403);
},
sanitizeResources: false,
sanitizeOps: false,
});
Deno.test({
name:
"e2e ue_modules: DELETE /ue-modules/:idModule/:idUE/:idPromo 404 when not found",
async fn() {
await truncateAll();
const res = await ueModuleHandler.DELETE!(
makeGetRequest("/ue-modules/GHOST/1/GHOST"),
makeEmployeeContext({ idModule: "GHOST", idUE: "1", idPromo: "GHOST" }),
);
assertEquals(res.status, 404);
},
sanitizeResources: false,
sanitizeOps: false,
});
tests/e2e/ues_test.ts
-178
View File
@@ -1,178 +0,0 @@
// E2E tests for /ues endpoints — handler + real DB
import { assertEquals, assertExists } from "@std/assert";
import {
makeEmployeeContext,
makeGetRequest,
makeJsonRequest,
} from "../helpers/handler.ts";
import { seedUes, truncateAll } from "../helpers/db_integration.ts";
import { handler as uesHandler } from "$apps/admin/api/ues.ts";
import { handler as ueHandler } from "$apps/admin/api/ues/[idUE].ts";
// --- GET /ues ---
Deno.test({
name: "e2e ues: GET /ues returns all UEs",
async fn() {
await truncateAll();
await seedUes([{ nom: "UE Informatique" }, { nom: "UE Mathématiques" }]);
const res = await uesHandler.GET!(
makeGetRequest("/ues"),
makeEmployeeContext(),
);
assertEquals(res.status, 200);
const body = await res.json();
assertEquals(body.length, 2);
},
sanitizeResources: false,
sanitizeOps: false,
});
Deno.test({
name: "e2e ues: GET /ues returns empty when no UEs",
async fn() {
await truncateAll();
const res = await uesHandler.GET!(
makeGetRequest("/ues"),
makeEmployeeContext(),
);
assertEquals(res.status, 200);
const body = await res.json();
assertEquals(body.length, 0);
},
sanitizeResources: false,
sanitizeOps: false,
});
// --- POST /ues ---
Deno.test({
name: "e2e ues: POST /ues creates UE (201)",
async fn() {
await truncateAll();
const res = await uesHandler.POST!(
makeJsonRequest("/ues", "POST", { nom: "UE Physique" }),
makeEmployeeContext(),
);
assertEquals(res.status, 201);
const body = await res.json();
assertExists(body.id);
assertEquals(body.nom, "UE Physique");
},
sanitizeResources: false,
sanitizeOps: false,
});
Deno.test({
name: "e2e ues: POST /ues 400 on missing nom",
async fn() {
await truncateAll();
const res = await uesHandler.POST!(
makeJsonRequest("/ues", "POST", {}),
makeEmployeeContext(),
);
assertEquals(res.status, 400);
},
sanitizeResources: false,
sanitizeOps: false,
});
// --- GET /ues/:id ---
Deno.test({
name: "e2e ues: GET /ues/:id returns UE",
async fn() {
await truncateAll();
const [ue] = await seedUes([{ nom: "UE Chimie" }]);
const res = await ueHandler.GET!(
makeGetRequest(`/ues/${ue.id}`),
makeEmployeeContext({ idUE: String(ue.id) }),
);
assertEquals(res.status, 200);
const body = await res.json();
assertEquals(body.nom, "UE Chimie");
},
sanitizeResources: false,
sanitizeOps: false,
});
Deno.test({
name: "e2e ues: GET /ues/:id 404 when not found",
async fn() {
await truncateAll();
const res = await ueHandler.GET!(
makeGetRequest("/ues/99999"),
makeEmployeeContext({ idUE: "99999" }),
);
assertEquals(res.status, 404);
},
sanitizeResources: false,
sanitizeOps: false,
});
// --- PUT /ues/:id ---
Deno.test({
name: "e2e ues: PUT /ues/:id updates nom",
async fn() {
await truncateAll();
const [ue] = await seedUes([{ nom: "UE Biologie" }]);
const res = await ueHandler.PUT!(
makeJsonRequest(`/ues/${ue.id}`, "PUT", {
nom: "UE Biologie moléculaire",
}),
makeEmployeeContext({ idUE: String(ue.id) }),
);
assertEquals(res.status, 200);
const body = await res.json();
assertEquals(body.nom, "UE Biologie moléculaire");
},
sanitizeResources: false,
sanitizeOps: false,
});
Deno.test({
name: "e2e ues: PUT /ues/:id 404 when not found",
async fn() {
await truncateAll();
const res = await ueHandler.PUT!(
makeJsonRequest("/ues/99999", "PUT", { nom: "X" }),
makeEmployeeContext({ idUE: "99999" }),
);
assertEquals(res.status, 404);
},
sanitizeResources: false,
sanitizeOps: false,
});
// --- DELETE /ues/:id ---
Deno.test({
name: "e2e ues: DELETE /ues/:id returns 204",
async fn() {
await truncateAll();
const [ue] = await seedUes([{ nom: "UE à supprimer" }]);
const res = await ueHandler.DELETE!(
makeGetRequest(`/ues/${ue.id}`),
makeEmployeeContext({ idUE: String(ue.id) }),
);
assertEquals(res.status, 204);
},
sanitizeResources: false,
sanitizeOps: false,
});
Deno.test({
name: "e2e ues: DELETE /ues/:id 404 when not found",
async fn() {
await truncateAll();
const res = await ueHandler.DELETE!(
makeGetRequest("/ues/99999"),
makeEmployeeContext({ idUE: "99999" }),
);
assertEquals(res.status, 404);
},
sanitizeResources: false,
sanitizeOps: false,
});
tests/e2e/users_test.ts
-239
View File
@@ -1,239 +0,0 @@
// E2E tests for /users endpoints — handler + real DB
import { assertEquals, assertExists } from "@std/assert";
import {
makeEmployeeContext,
makeGetRequest,
makeJsonRequest,
} from "../helpers/handler.ts";
import {
seedRoles,
seedUsers,
truncateAll,
} from "../helpers/db_integration.ts";
import { handler as usersHandler } from "$apps/admin/api/users.ts";
import { handler as userHandler } from "$apps/admin/api/users/[id].ts";
// --- GET /users ---
Deno.test({
name: "e2e users: GET /users returns all users",
async fn() {
await truncateAll();
await seedUsers([
{ id: "dupont.jean", nom: "Dupont", prenom: "Jean" },
{ id: "martin.alice", nom: "Martin", prenom: "Alice" },
]);
const res = await usersHandler.GET!(
makeGetRequest("/users"),
makeEmployeeContext(),
);
assertEquals(res.status, 200);
const body = await res.json();
assertEquals(body.length, 2);
assertExists(body.find((u: { id: string }) => u.id === "dupont.jean"));
},
sanitizeResources: false,
sanitizeOps: false,
});
Deno.test({
name: "e2e users: GET /users returns empty when no users",
async fn() {
await truncateAll();
const res = await usersHandler.GET!(
makeGetRequest("/users"),
makeEmployeeContext(),
);
assertEquals(res.status, 200);
const body = await res.json();
assertEquals(body.length, 0);
},
sanitizeResources: false,
sanitizeOps: false,
});
Deno.test({
name: "e2e users: GET /users?idRole filters by role",
async fn() {
await truncateAll();
const [role1] = await seedRoles([{ nom: "admin" }]);
const [role2] = await seedRoles([{ nom: "employee" }]);
await seedUsers([
{ id: "admin.user", nom: "Admin", prenom: "User", idRole: role1.id },
{ id: "emp.user", nom: "Emp", prenom: "User", idRole: role2.id },
]);
const res = await usersHandler.GET!(
makeGetRequest("/users", { idRole: String(role1.id) }),
makeEmployeeContext(),
);
assertEquals(res.status, 200);
const body = await res.json();
assertEquals(body.length, 1);
assertEquals(body[0].id, "admin.user");
},
sanitizeResources: false,
sanitizeOps: false,
});
// --- POST /users ---
Deno.test({
name: "e2e users: POST /users creates user (201)",
async fn() {
await truncateAll();
const res = await usersHandler.POST!(
makeJsonRequest("/users", "POST", {
id: "new.user",
nom: "New",
prenom: "User",
}),
makeEmployeeContext(),
);
assertEquals(res.status, 201);
const body = await res.json();
assertEquals(body.id, "new.user");
assertEquals(body.nom, "New");
},
sanitizeResources: false,
sanitizeOps: false,
});
Deno.test({
name: "e2e users: POST /users 400 on missing fields",
async fn() {
await truncateAll();
const res = await usersHandler.POST!(
makeJsonRequest("/users", "POST", { id: "x" }),
makeEmployeeContext(),
);
assertEquals(res.status, 400);
},
sanitizeResources: false,
sanitizeOps: false,
});
Deno.test({
name: "e2e users: POST /users 409 on duplicate id",
async fn() {
await truncateAll();
await seedUsers([{ id: "dupont.jean", nom: "Dupont", prenom: "Jean" }]);
const res = await usersHandler.POST!(
makeJsonRequest("/users", "POST", {
id: "dupont.jean",
nom: "Doublon",
prenom: "X",
}),
makeEmployeeContext(),
);
assertEquals(res.status, 409);
},
sanitizeResources: false,
sanitizeOps: false,
});
// --- GET /users/:id ---
Deno.test({
name: "e2e users: GET /users/:id returns user",
async fn() {
await truncateAll();
await seedUsers([{ id: "bernard.lucie", nom: "Bernard", prenom: "Lucie" }]);
const res = await userHandler.GET!(
makeGetRequest("/users/bernard.lucie"),
makeEmployeeContext({ id: "bernard.lucie" }),
);
assertEquals(res.status, 200);
const body = await res.json();
assertEquals(body.id, "bernard.lucie");
assertEquals(body.nom, "Bernard");
},
sanitizeResources: false,
sanitizeOps: false,
});
Deno.test({
name: "e2e users: GET /users/:id 404 when not found",
async fn() {
await truncateAll();
const res = await userHandler.GET!(
makeGetRequest("/users/ghost.user"),
makeEmployeeContext({ id: "ghost.user" }),
);
assertEquals(res.status, 404);
},
sanitizeResources: false,
sanitizeOps: false,
});
// --- PUT /users/:id ---
Deno.test({
name: "e2e users: PUT /users/:id updates user",
async fn() {
await truncateAll();
await seedUsers([{ id: "thomas.eva", nom: "Thomas", prenom: "Eva" }]);
const res = await userHandler.PUT!(
makeJsonRequest("/users/thomas.eva", "PUT", {
nom: "Thomas-Modifié",
prenom: "Eva",
idRole: null,
}),
makeEmployeeContext({ id: "thomas.eva" }),
);
assertEquals(res.status, 200);
const body = await res.json();
assertEquals(body.nom, "Thomas-Modifié");
},
sanitizeResources: false,
sanitizeOps: false,
});
Deno.test({
name: "e2e users: PUT /users/:id 404 when not found",
async fn() {
await truncateAll();
const res = await userHandler.PUT!(
makeJsonRequest("/users/ghost.user", "PUT", {
nom: "X",
prenom: "Y",
idRole: null,
}),
makeEmployeeContext({ id: "ghost.user" }),
);
assertEquals(res.status, 404);
},
sanitizeResources: false,
sanitizeOps: false,
});
// --- DELETE /users/:id ---
Deno.test({
name: "e2e users: DELETE /users/:id returns 204",
async fn() {
await truncateAll();
await seedUsers([{ id: "petit.hugo", nom: "Petit", prenom: "Hugo" }]);
const res = await userHandler.DELETE!(
makeGetRequest("/users/petit.hugo"),
makeEmployeeContext({ id: "petit.hugo" }),
);
assertEquals(res.status, 204);
},
sanitizeResources: false,
sanitizeOps: false,
});
Deno.test({
name: "e2e users: DELETE /users/:id 404 when not found",
async fn() {
await truncateAll();
const res = await userHandler.DELETE!(
makeGetRequest("/users/ghost.user"),
makeEmployeeContext({ id: "ghost.user" }),
);
assertEquals(res.status, 404);
},
sanitizeResources: false,
sanitizeOps: false,
});