Ryan/documenso
1
0
Fork 1
mirror of https://github.com/documenso/documenso.git synced 2025-11-10 04:22:32 +10:00
Code Issues Packages Projects Releases Wiki Activity
Files
eff7d90f436012ee0f5ab0a88956f87e71415c91
documenso/packages/app-tests/e2e/api/v2/test-unauthorized-api-access.spec.ts
David Nguyen d05bfa9fed feat: add envelopes api (#2105)
2025-11-07 14:17:52 +11:00

4234 lines
132 KiB
TypeScript
Raw Blame History

import { expect, test } from '@playwright/test';
import type { Team, User } from '@prisma/client';
import fs from 'node:fs';
import path from 'node:path';
import { NEXT_PUBLIC_WEBAPP_URL } from '@documenso/lib/constants/app';
import { createApiToken } from '@documenso/lib/server-only/public-api/create-api-token';
import { nanoid } from '@documenso/lib/universal/id';
import {
mapSecondaryIdToDocumentId,
mapSecondaryIdToTemplateId,
} from '@documenso/lib/utils/envelope';
import { prisma } from '@documenso/prisma';
import {
DocumentVisibility,
EnvelopeType,
FieldType,
Prisma,
ReadStatus,
RecipientRole,
SendStatus,
SigningStatus,
} from '@documenso/prisma/client';
import {
seedBlankDocument,
seedCompletedDocument,
seedDraftDocument,
seedPendingDocument,
} from '@documenso/prisma/seed/documents';
import { seedBlankFolder } from '@documenso/prisma/seed/folders';
import { seedBlankTemplate } from '@documenso/prisma/seed/templates';
import { seedUser } from '@documenso/prisma/seed/users';
import type { TCreateEnvelopeItemsPayload } from '@documenso/trpc/server/envelope-router/create-envelope-items.types';
const WEBAPP_BASE_URL = NEXT_PUBLIC_WEBAPP_URL();
test.describe.configure({
mode: 'parallel',
});
test.describe('Document API V2', () => {
let userA: User, teamA: Team, userB: User, teamB: Team, tokenA: string, tokenB: string;
test.beforeEach(async () => {
({ user: userA, team: teamA } = await seedUser());
({ token: tokenA } = await createApiToken({
userId: userA.id,
teamId: teamA.id,
tokenName: 'userA',
expiresIn: null,
}));
({ user: userB, team: teamB } = await seedUser());
({ token: tokenB } = await createApiToken({
userId: userB.id,
teamId: teamB.id,
tokenName: 'userB',
expiresIn: null,
}));
});
test.describe('Document list endpoint', () => {
test('should block unauthorized access to document list endpoint', async ({ request }) => {
await seedCompletedDocument(userA, teamA.id, ['test@example.com']);
const res = await request.get(`${WEBAPP_BASE_URL}/api/v2-beta/document`, {
headers: { Authorization: `Bearer ${tokenB}` },
});
expect(res.ok()).toBeTruthy();
expect(res.status()).toBe(200);
const data = await res.json();
expect(data.data.every((doc: { userId: number }) => doc.userId !== userA.id)).toBe(true);
});
test('should allow authorized access to document list endpoint', async ({ request }) => {
await seedCompletedDocument(userA, teamA.id, ['test@example.com']);
const res = await request.get(`${WEBAPP_BASE_URL}/api/v2-beta/document`, {
headers: { Authorization: `Bearer ${tokenA}` },
});
expect(res.ok()).toBeTruthy();
expect(res.status()).toBe(200);
const data = await res.json();
expect(data.data.length).toBeGreaterThan(0);
expect(data.data.every((doc: { userId: number }) => doc.userId === userA.id)).toBe(true);
});
});
test.describe('Document detail endpoint', () => {
test('should block unauthorized access to document detail endpoint', async ({ request }) => {
const doc = await seedBlankDocument(userA, teamA.id);
const res = await request.get(
`${WEBAPP_BASE_URL}/api/v2-beta/document/${mapSecondaryIdToDocumentId(doc.secondaryId)}`,
{
headers: { Authorization: `Bearer ${tokenB}` },
},
);
expect(res.ok()).toBeFalsy();
expect(res.status()).toBe(404);
});
test('should allow authorized access to document detail endpoint', async ({ request }) => {
const doc = await seedBlankDocument(userA, teamA.id);
const res = await request.get(
`${WEBAPP_BASE_URL}/api/v2-beta/document/${mapSecondaryIdToDocumentId(doc.secondaryId)}`,
{
headers: { Authorization: `Bearer ${tokenA}` },
},
);
expect(res.ok()).toBeTruthy();
expect(res.status()).toBe(200);
});
});
test.describe('Document update endpoint', () => {
test('should block unauthorized access to document update endpoint', async ({ request }) => {
const doc = await seedDraftDocument(userA, teamA.id, ['test@example.com']);
const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/document/update`, {
headers: { Authorization: `Bearer ${tokenB}` },
data: {
documentId: mapSecondaryIdToDocumentId(doc.secondaryId),
data: { title: 'Updated Title' },
},
});
expect(res.ok()).toBeFalsy();
expect(res.status()).toBe(404);
});
test('should allow authorized access to document update endpoint', async ({ request }) => {
const doc = await seedDraftDocument(userA, teamA.id, ['test@example.com']);
const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/document/update`, {
headers: { Authorization: `Bearer ${tokenA}` },
data: {
documentId: mapSecondaryIdToDocumentId(doc.secondaryId),
data: { title: 'Updated Title' },
},
});
expect(res.ok()).toBeTruthy();
expect(res.status()).toBe(200);
});
});
test.describe('Document delete endpoint', () => {
test('should block unauthorized access to document delete endpoint', async ({ request }) => {
const doc = await seedDraftDocument(userA, teamA.id, []);
const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/document/delete`, {
headers: { Authorization: `Bearer ${tokenB}` },
data: { documentId: mapSecondaryIdToDocumentId(doc.secondaryId) },
});
expect(res.ok()).toBeFalsy();
expect(res.status()).toBe(401);
});
test('should allow authorized access to document delete endpoint', async ({ request }) => {
const doc = await seedDraftDocument(userA, teamA.id, []);
const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/document/delete`, {
headers: { Authorization: `Bearer ${tokenA}` },
data: { documentId: mapSecondaryIdToDocumentId(doc.secondaryId) },
});
expect(res.ok()).toBeTruthy();
expect(res.status()).toBe(200);
});
});
test.describe('Document distribute endpoint', () => {
test('should block unauthorized access to document distribute endpoint', async ({
request,
}) => {
const doc = await seedDraftDocument(userA, teamA.id, ['test@example.com']);
const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/document/distribute`, {
headers: { Authorization: `Bearer ${tokenB}` },
data: { documentId: mapSecondaryIdToDocumentId(doc.secondaryId) },
});
expect(res.ok()).toBeFalsy();
expect(res.status()).toBe(500);
});
test('should allow authorized access to document distribute endpoint', async ({ request }) => {
const doc = await seedDraftDocument(userA, teamA.id, ['test@example.com']);
const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/document/distribute`, {
headers: { Authorization: `Bearer ${tokenA}` },
data: { documentId: mapSecondaryIdToDocumentId(doc.secondaryId) },
});
expect(res.ok()).toBeTruthy();
expect(res.status()).toBe(200);
});
});
test.describe('Document redistribute endpoint', () => {
test('should block unauthorized access to document redistribute endpoint', async ({
request,
}) => {
const doc = await seedPendingDocument(userA, teamA.id, []);
const userRecipient = await prisma.recipient.create({
data: {
email: 'test@example.com',
name: 'Test',
token: nanoid(),
readStatus: ReadStatus.NOT_OPENED,
sendStatus: SendStatus.SENT,
signingStatus: SigningStatus.NOT_SIGNED,
signedAt: null,
envelopeId: doc.id,
fields: {
create: {
page: 1,
type: FieldType.NAME,
inserted: true,
customText: '',
positionX: new Prisma.Decimal(1),
positionY: new Prisma.Decimal(1),
width: new Prisma.Decimal(1),
height: new Prisma.Decimal(1),
envelopeId: doc.id,
envelopeItemId: doc.envelopeItems[0].id,
},
},
},
});
const recipient = await prisma.recipient.findFirst({
where: {
envelopeId: doc.id,
email: userRecipient.email,
},
});
const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/document/redistribute`, {
headers: { Authorization: `Bearer ${tokenB}` },
data: {
documentId: mapSecondaryIdToDocumentId(doc.secondaryId),
recipients: [recipient!.id],
},
});
expect(res.ok()).toBeFalsy();
expect(res.status()).toBe(500);
});
test('should allow authorized access to document redistribute endpoint', async ({
request,
}) => {
const doc = await seedPendingDocument(userA, teamA.id, []);
const userRecipient = await prisma.recipient.create({
data: {
email: 'test@example.com',
name: 'Test',
token: nanoid(),
readStatus: ReadStatus.NOT_OPENED,
sendStatus: SendStatus.SENT,
signingStatus: SigningStatus.NOT_SIGNED,
signedAt: null,
envelopeId: doc.id,
fields: {
create: {
page: 1,
type: FieldType.NAME,
inserted: true,
customText: '',
positionX: new Prisma.Decimal(1),
positionY: new Prisma.Decimal(1),
width: new Prisma.Decimal(1),
height: new Prisma.Decimal(1),
envelopeId: doc.id,
envelopeItemId: doc.envelopeItems[0].id,
},
},
},
});
const recipient = await prisma.recipient.findFirst({
where: {
envelopeId: doc.id,
email: userRecipient.email,
},
});
const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/document/redistribute`, {
headers: { Authorization: `Bearer ${tokenA}` },
data: {
documentId: mapSecondaryIdToDocumentId(doc.secondaryId),
recipients: [recipient!.id],
},
});
expect(res.ok()).toBeTruthy();
expect(res.status()).toBe(200);
});
});
test.describe('Document duplicate endpoint', () => {
test('should block unauthorized access to document duplicate endpoint', async ({ request }) => {
const doc = await seedDraftDocument(userA, teamA.id, ['test@example.com']);
const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/document/duplicate`, {
headers: { Authorization: `Bearer ${tokenB}` },
data: { documentId: mapSecondaryIdToDocumentId(doc.secondaryId) },
});
expect(res.ok()).toBeFalsy();
expect(res.status()).toBe(404);
});
test('should allow authorized access to document duplicate endpoint', async ({ request }) => {
const doc = await seedDraftDocument(userA, teamA.id, ['test@example.com']);
const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/document/duplicate`, {
headers: { Authorization: `Bearer ${tokenA}` },
data: { documentId: mapSecondaryIdToDocumentId(doc.secondaryId) },
});
expect(res.ok()).toBeTruthy();
expect(res.status()).toBe(200);
});
});
test.describe('Document field GET endpoint', () => {
test('should block unauthorized access to document field endpoint', async ({ request }) => {
const { user: userRecipient } = await seedUser();
const doc = await seedDraftDocument(userA, teamA.id, [userRecipient.email]);
const recipient = await prisma.recipient.findFirst({
where: {
envelopeId: doc.id,
email: userRecipient.email,
},
});
const field = await prisma.field.create({
data: {
envelopeId: doc.id,
envelopeItemId: doc.envelopeItems[0].id,
recipientId: recipient!.id,
type: 'TEXT',
page: 1,
positionX: 1,
positionY: 1,
width: 1,
height: 1,
customText: '',
inserted: false,
fieldMeta: { type: 'text', label: 'Test' },
},
});
const res = await request.get(`${WEBAPP_BASE_URL}/api/v2-beta/document/field/${field.id}`, {
headers: { Authorization: `Bearer ${tokenB}` },
});
expect(res.ok()).toBeFalsy();
expect(res.status()).toBe(404);
});
test('should allow authorized access to document field endpoint', async ({ request }) => {
const { user: userRecipient } = await seedUser();
const doc = await seedDraftDocument(userA, teamA.id, [userRecipient.email]);
const recipient = await prisma.recipient.findFirstOrThrow({
where: {
envelopeId: doc.id,
email: userRecipient.email,
},
});
const field = await prisma.field.create({
data: {
envelopeId: doc.id,
envelopeItemId: doc.envelopeItems[0].id,
recipientId: recipient.id,
type: 'TEXT',
page: 1,
positionX: 1,
positionY: 1,
width: 1,
height: 1,
customText: '',
inserted: false,
fieldMeta: { type: 'text', label: 'Test' },
},
});
const res = await request.get(`${WEBAPP_BASE_URL}/api/v2-beta/document/field/${field.id}`, {
headers: { Authorization: `Bearer ${tokenA}` },
});
expect(res.ok()).toBeTruthy();
expect(res.status()).toBe(200);
});
});
test.describe('Document field create endpoint', () => {
test('should block unauthorized access to document field create endpoint', async ({
request,
}) => {
const { user: userRecipient } = await seedUser();
const doc = await seedDraftDocument(userA, teamA.id, [userRecipient.email]);
const recipient = await prisma.recipient.findFirst({
where: { envelopeId: doc.id },
});
const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/document/field/create`, {
headers: { Authorization: `Bearer ${tokenB}` },
data: {
documentId: mapSecondaryIdToDocumentId(doc.secondaryId),
field: {
recipientId: recipient!.id,
type: 'TEXT',
pageNumber: 791.77,
pageX: 7845.22,
pageY: 6843.16,
width: 3932.15,
height: 8879.89,
fieldMeta: { type: 'text', label: 'Test Field' },
},
},
});
expect(res.ok()).toBeFalsy();
expect([404, 401, 500]).toContain(res.status());
});
test('should allow authorized access to document field create endpoint', async ({
request,
}) => {
const { user: userRecipient } = await seedUser();
const doc = await seedDraftDocument(userA, teamA.id, [userRecipient.email]);
const recipient = await prisma.recipient.findFirst({
where: { envelopeId: doc.id },
});
const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/document/field/create`, {
headers: { Authorization: `Bearer ${tokenA}` },
data: {
documentId: mapSecondaryIdToDocumentId(doc.secondaryId),
field: {
recipientId: recipient!.id,
type: 'TEXT',
pageNumber: 791.77,
pageX: 7845.22,
pageY: 6843.16,
width: 3932.15,
height: 8879.89,
fieldMeta: { type: 'text', label: 'Test Field' },
},
},
});
expect(res.ok()).toBeTruthy();
expect(res.status()).toBe(200);
});
});
test.describe('Document field create-many endpoint', () => {
test('should block unauthorized access to document field create-many endpoint', async ({
request,
}) => {
const { user: userRecipient } = await seedUser();
const doc = await seedDraftDocument(userA, teamA.id, [userRecipient.email]);
const recipient = await prisma.recipient.findFirst({
where: { envelopeId: doc.id },
});
const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/document/field/create-many`, {
headers: { Authorization: `Bearer ${tokenB}` },
data: {
documentId: mapSecondaryIdToDocumentId(doc.secondaryId),
fields: [
{
recipientId: recipient!.id,
type: 'TEXT',
pageNumber: 791.77,
pageX: 7845.22,
pageY: 6843.16,
width: 3932.15,
height: 8879.89,
fieldMeta: { type: 'text', label: 'First test field' },
},
{
recipientId: recipient!.id,
type: 'TEXT',
pageNumber: 791.77,
pageX: 845.22,
pageY: 843.16,
width: 932.15,
height: 879.89,
fieldMeta: { type: 'text', label: 'Second test field' },
},
],
},
});
expect(res.ok()).toBeFalsy();
expect(res.status()).toBe(404);
});
test('should allow authorized access to document field create-many endpoint', async ({
request,
}) => {
const { user: userRecipient } = await seedUser();
const doc = await seedDraftDocument(userA, teamA.id, [userRecipient.email]);
const recipient = await prisma.recipient.findFirst({
where: { envelopeId: doc.id },
});
const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/document/field/create-many`, {
headers: { Authorization: `Bearer ${tokenA}` },
data: {
documentId: mapSecondaryIdToDocumentId(doc.secondaryId),
fields: [
{
recipientId: recipient!.id,
type: 'TEXT',
pageNumber: 791.77,
pageX: 7845.22,
pageY: 6843.16,
width: 3932.15,
height: 8879.89,
fieldMeta: { type: 'text', label: 'First test field' },
},
{
recipientId: recipient!.id,
type: 'TEXT',
pageNumber: 791.77,
pageX: 845.22,
pageY: 843.16,
width: 932.15,
height: 879.89,
fieldMeta: { type: 'text', label: 'Second test field' },
},
],
},
});
expect(res.ok()).toBeTruthy();
expect(res.status()).toBe(200);
});
});
test.describe('Document field update endpoint', () => {
test('should block unauthorized access to document field update endpoint', async ({
request,
}) => {
const { user: userRecipient } = await seedUser();
const doc = await seedDraftDocument(userA, teamA.id, [userRecipient.email]);
const recipient = await prisma.recipient.findFirst({
where: { envelopeId: doc.id },
});
const field = await prisma.field.create({
data: {
envelopeId: doc.id,
envelopeItemId: doc.envelopeItems[0].id,
recipientId: recipient!.id,
type: 'TEXT',
page: 1,
positionX: 1,
positionY: 1,
width: 1,
height: 1,
customText: '',
inserted: false,
fieldMeta: { type: 'text', label: 'A text field' },
},
});
const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/document/field/update`, {
headers: { Authorization: `Bearer ${tokenB}` },
data: {
documentId: mapSecondaryIdToDocumentId(doc.secondaryId),
field: {
id: field.id,
type: FieldType.TEXT,
fieldMeta: { type: 'text', label: 'An updated text field' },
},
},
});
expect(res.ok()).toBeFalsy();
expect(res.status()).toBe(404);
});
test('should allow authorized access to document field update endpoint', async ({
request,
}) => {
const { user: userRecipient } = await seedUser();
const doc = await seedDraftDocument(userA, teamA.id, [userRecipient.email]);
const recipient = await prisma.recipient.findFirst({
where: { envelopeId: doc.id },
});
const field = await prisma.field.create({
data: {
envelopeId: doc.id,
envelopeItemId: doc.envelopeItems[0].id,
recipientId: recipient!.id,
type: 'TEXT',
page: 1,
positionX: 1,
positionY: 1,
width: 1,
height: 1,
customText: '',
inserted: false,
fieldMeta: { type: 'text', label: 'A text field' },
},
});
const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/document/field/update`, {
headers: { Authorization: `Bearer ${tokenA}` },
data: {
documentId: mapSecondaryIdToDocumentId(doc.secondaryId),
field: {
id: field.id,
type: FieldType.TEXT,
fieldMeta: { type: 'text', label: 'An updated text field' },
},
},
});
expect(res.ok()).toBeTruthy();
expect(res.status()).toBe(200);
});
});
test.describe('Document field update-many endpoint', () => {
test('should block unauthorized access to document field update-many endpoint', async ({
request,
}) => {
const { user: userRecipient } = await seedUser();
const doc = await seedDraftDocument(userA, teamA.id, [userRecipient.email]);
const recipient = await prisma.recipient.findFirst({
where: { envelopeId: doc.id },
});
const fields = await prisma.field.createManyAndReturn({
data: [
{
envelopeId: doc.id,
envelopeItemId: doc.envelopeItems[0].id,
recipientId: recipient!.id,
type: FieldType.TEXT,
page: 1,
positionX: 1,
positionY: 1,
width: 1,
height: 1,
customText: '',
inserted: false,
fieldMeta: { type: 'text', label: 'Test' },
},
{
envelopeId: doc.id,
envelopeItemId: doc.envelopeItems[0].id,
recipientId: recipient!.id,
type: FieldType.NUMBER,
page: 1,
positionX: 1,
positionY: 1,
width: 1,
height: 1,
customText: '',
inserted: false,
fieldMeta: { type: 'text', label: 'Test' },
},
],
});
const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/document/field/update-many`, {
headers: { Authorization: `Bearer ${tokenB}` },
data: {
documentId: mapSecondaryIdToDocumentId(doc.secondaryId),
fields: [
{
id: fields[0].id,
type: FieldType.TEXT,
fieldMeta: { type: 'text', label: 'Updated first test field' },
},
{
id: fields[1].id,
type: FieldType.NUMBER,
fieldMeta: { type: 'number', label: 'Updated second test field' },
},
],
},
});
expect(res.ok()).toBeFalsy();
expect(res.status()).toBe(404);
});
test('should allow authorized access to document field update-many endpoint', async ({
request,
}) => {
const { user: userRecipient } = await seedUser();
const doc = await seedDraftDocument(userA, teamA.id, [userRecipient.email]);
const recipient = await prisma.recipient.findFirst({
where: { envelopeId: doc.id },
});
const fields = await prisma.field.createManyAndReturn({
data: [
{
envelopeId: doc.id,
envelopeItemId: doc.envelopeItems[0].id,
recipientId: recipient!.id,
type: FieldType.TEXT,
page: 1,
positionX: 1,
positionY: 1,
width: 1,
height: 1,
customText: '',
inserted: false,
fieldMeta: { type: 'text', label: 'Test' },
},
{
envelopeId: doc.id,
envelopeItemId: doc.envelopeItems[0].id,
recipientId: recipient!.id,
type: FieldType.NUMBER,
page: 1,
positionX: 1,
positionY: 1,
width: 1,
height: 1,
customText: '',
inserted: false,
fieldMeta: { type: 'text', label: 'Test' },
},
],
});
const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/document/field/update-many`, {
headers: { Authorization: `Bearer ${tokenA}` },
data: {
documentId: mapSecondaryIdToDocumentId(doc.secondaryId),
fields: [
{
id: fields[0].id,
type: FieldType.TEXT,
fieldMeta: { type: 'text', label: 'Updated first test field' },
},
{
id: fields[1].id,
type: FieldType.NUMBER,
fieldMeta: { type: 'number', label: 'Updated second test field' },
},
],
},
});
expect(res.ok()).toBeTruthy();
expect(res.status()).toBe(200);
});
});
test.describe('Document field delete endpoint', () => {
test('should block unauthorized access to document field delete endpoint', async ({
request,
}) => {
const { user: userRecipient } = await seedUser();
const doc = await seedDraftDocument(userA, teamA.id, [userRecipient.email]);
const recipient = await prisma.recipient.findFirst({
where: { envelopeId: doc.id },
});
const field = await prisma.field.create({
data: {
envelopeId: doc.id,
envelopeItemId: doc.envelopeItems[0].id,
recipientId: recipient!.id,
type: FieldType.TEXT,
page: 1,
positionX: 1,
positionY: 1,
width: 1,
height: 1,
customText: '',
inserted: false,
fieldMeta: { type: 'text', label: 'Test' },
},
});
const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/document/field/delete`, {
headers: { Authorization: `Bearer ${tokenB}` },
data: { fieldId: field.id },
});
expect(res.ok()).toBeFalsy();
expect(res.status()).toBe(404);
});
test('should allow authorized access to document field delete endpoint', async ({
request,
}) => {
const { user: userRecipient } = await seedUser();
const doc = await seedDraftDocument(userA, teamA.id, [userRecipient.email]);
const recipient = await prisma.recipient.findFirst({
where: { envelopeId: doc.id },
});
const field = await prisma.field.create({
data: {
envelopeId: doc.id,
envelopeItemId: doc.envelopeItems[0].id,
recipientId: recipient!.id,
type: FieldType.TEXT,
page: 1,
positionX: 1,
positionY: 1,
width: 1,
height: 1,
customText: '',
inserted: false,
fieldMeta: { type: 'text', label: 'Test' },
},
});
const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/document/field/delete`, {
headers: { Authorization: `Bearer ${tokenA}` },
data: { fieldId: field.id },
});
expect(res.ok()).toBeTruthy();
expect(res.status()).toBe(200);
});
});
test.describe('Template field create endpoint', () => {
test('should block unauthorized access to template field create endpoint', async ({
request,
}) => {
const template = await seedBlankTemplate(userA, teamA.id);
const recipient = await prisma.recipient.create({
data: {
envelopeId: template.id,
email: 'test@example.com',
name: 'Test',
role: RecipientRole.SIGNER,
token: nanoid(12),
readStatus: ReadStatus.NOT_OPENED,
sendStatus: SendStatus.NOT_SENT,
signingStatus: SigningStatus.NOT_SIGNED,
},
});
const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/template/field/create`, {
headers: { Authorization: `Bearer ${tokenB}` },
data: {
templateId: mapSecondaryIdToTemplateId(template.secondaryId),
field: {
recipientId: recipient.id,
type: FieldType.TEXT,
pageNumber: 5735.12,
pageX: 936.28,
pageY: 594.41,
width: 589.39,
height: 122.23,
fieldMeta: { type: 'text', label: 'Test' },
},
},
});
expect(res.ok()).toBeFalsy();
expect(res.status()).toBe(404);
});
test('should allow authorized access to template field create endpoint', async ({
request,
}) => {
const template = await seedBlankTemplate(userA, teamA.id);
const recipient = await prisma.recipient.create({
data: {
envelopeId: template.id,
email: 'test@example.com',
name: 'Test',
role: RecipientRole.SIGNER,
token: nanoid(12),
readStatus: ReadStatus.NOT_OPENED,
sendStatus: SendStatus.NOT_SENT,
signingStatus: SigningStatus.NOT_SIGNED,
},
});
const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/template/field/create`, {
headers: { Authorization: `Bearer ${tokenA}` },
data: {
templateId: mapSecondaryIdToTemplateId(template.secondaryId),
field: {
recipientId: recipient.id,
type: FieldType.TEXT,
pageNumber: 5735.12,
pageX: 936.28,
pageY: 594.41,
width: 589.39,
height: 122.23,
fieldMeta: { type: 'text', label: 'Test' },
},
},
});
expect(res.ok()).toBeTruthy();
expect(res.status()).toBe(200);
});
});
test.describe('Template field GET endpoint', () => {
test('should block unauthorized access to template field get field endpoint', async ({
request,
}) => {
const template = await seedBlankTemplate(userA, teamA.id);
const recipient = await prisma.recipient.create({
data: {
envelopeId: template.id,
email: 'test@example.com',
name: 'Test',
role: RecipientRole.SIGNER,
token: nanoid(12),
readStatus: ReadStatus.NOT_OPENED,
sendStatus: SendStatus.NOT_SENT,
signingStatus: SigningStatus.NOT_SIGNED,
},
});
const field = await prisma.field.create({
data: {
envelopeId: template.id,
envelopeItemId: template.envelopeItems[0].id,
recipientId: recipient.id,
type: FieldType.TEXT,
page: 1,
positionX: 936.28,
positionY: 594.41,
width: 589.39,
height: 122.23,
customText: '',
inserted: false,
fieldMeta: { type: 'text', label: 'New test field' },
},
});
const res = await request.get(`${WEBAPP_BASE_URL}/api/v2-beta/template/field/${field.id}`, {
headers: { Authorization: `Bearer ${tokenB}` },
});
expect(res.ok()).toBeFalsy();
expect(res.status()).toBe(404);
});
test('should allow authorized access to template field get field endpoint', async ({
request,
}) => {
const template = await seedBlankTemplate(userA, teamA.id);
const recipient = await prisma.recipient.create({
data: {
envelopeId: template.id,
email: 'test@example.com',
name: 'Test',
role: RecipientRole.SIGNER,
token: nanoid(12),
readStatus: ReadStatus.NOT_OPENED,
sendStatus: SendStatus.NOT_SENT,
signingStatus: SigningStatus.NOT_SIGNED,
},
});
const field = await prisma.field.create({
data: {
envelopeId: template.id,
envelopeItemId: template.envelopeItems[0].id,
recipientId: recipient.id,
type: FieldType.TEXT,
page: 1,
positionX: 936.28,
positionY: 594.41,
width: 589.39,
height: 122.23,
customText: '',
inserted: false,
fieldMeta: { type: 'text', label: 'New test field' },
},
});
const res = await request.get(`${WEBAPP_BASE_URL}/api/v2-beta/template/field/${field.id}`, {
headers: { Authorization: `Bearer ${tokenA}` },
});
expect(res.ok()).toBeTruthy();
expect(res.status()).toBe(200);
});
});
test.describe('Template field create-many endpoint', () => {
test('should block unauthorized access to template field create-many endpoint', async ({
request,
}) => {
const template = await seedBlankTemplate(userA, teamA.id);
const recipient = await prisma.recipient.create({
data: {
envelopeId: template.id,
email: 'test@example.com',
name: 'Test',
role: RecipientRole.SIGNER,
token: nanoid(12),
readStatus: ReadStatus.NOT_OPENED,
sendStatus: SendStatus.NOT_SENT,
signingStatus: SigningStatus.NOT_SIGNED,
},
});
const secondRecipient = await prisma.recipient.create({
data: {
envelopeId: template.id,
email: 'test2@example.com',
name: 'Test 2',
role: RecipientRole.SIGNER,
token: nanoid(12),
readStatus: ReadStatus.NOT_OPENED,
sendStatus: SendStatus.NOT_SENT,
signingStatus: SigningStatus.NOT_SIGNED,
},
});
const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/template/field/create-many`, {
headers: { Authorization: `Bearer ${tokenB}` },
data: {
templateId: mapSecondaryIdToTemplateId(template.secondaryId),
fields: [
{
recipientId: recipient.id,
type: FieldType.TEXT,
pageNumber: 1,
pageX: 1,
pageY: 1,
width: 1,
height: 1,
fieldMeta: { type: 'text', label: 'Test' },
},
{
recipientId: secondRecipient.id,
type: FieldType.NUMBER,
pageNumber: 1,
pageX: 1,
pageY: 1,
width: 1,
height: 1,
fieldMeta: { type: 'number', label: 'Test 2' },
},
],
},
});
expect(res.ok()).toBeFalsy();
expect(res.status()).toBe(404);
});
test('should allow authorized access to template field create-many endpoint', async ({
request,
}) => {
const template = await seedBlankTemplate(userA, teamA.id);
const recipient = await prisma.recipient.create({
data: {
envelopeId: template.id,
email: 'test@example.com',
name: 'Test',
role: RecipientRole.SIGNER,
token: nanoid(12),
readStatus: ReadStatus.NOT_OPENED,
sendStatus: SendStatus.NOT_SENT,
signingStatus: SigningStatus.NOT_SIGNED,
},
});
const secondRecipient = await prisma.recipient.create({
data: {
envelopeId: template.id,
email: 'test2@example.com',
name: 'Test 2',
role: RecipientRole.SIGNER,
token: nanoid(12),
readStatus: ReadStatus.NOT_OPENED,
sendStatus: SendStatus.NOT_SENT,
signingStatus: SigningStatus.NOT_SIGNED,
},
});
const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/template/field/create-many`, {
headers: { Authorization: `Bearer ${tokenA}` },
data: {
templateId: mapSecondaryIdToTemplateId(template.secondaryId),
fields: [
{
recipientId: recipient.id,
type: FieldType.TEXT,
pageNumber: 1,
pageX: 1,
pageY: 1,
width: 1,
height: 1,
fieldMeta: { type: 'text', label: 'Test' },
},
{
recipientId: secondRecipient.id,
type: FieldType.NUMBER,
pageNumber: 1,
pageX: 1,
pageY: 1,
width: 1,
height: 1,
fieldMeta: { type: 'number', label: 'Test 2' },
},
],
},
});
expect(res.ok()).toBeTruthy();
expect(res.status()).toBe(200);
});
});
test.describe('Template field update endpoint', () => {
test('should block unauthorized access to template field update endpoint', async ({
request,
}) => {
const template = await seedBlankTemplate(userA, teamA.id);
const recipient = await prisma.recipient.create({
data: {
envelopeId: template.id,
email: 'test@example.com',
name: 'Test',
role: RecipientRole.SIGNER,
token: nanoid(12),
readStatus: ReadStatus.NOT_OPENED,
sendStatus: SendStatus.NOT_SENT,
signingStatus: SigningStatus.NOT_SIGNED,
},
});
const field = await prisma.field.create({
data: {
envelopeId: template.id,
envelopeItemId: template.envelopeItems[0].id,
recipientId: recipient.id,
type: FieldType.TEXT,
page: 1,
positionX: 1,
positionY: 1,
width: 1,
height: 1,
customText: '',
inserted: false,
fieldMeta: { type: 'text', label: 'Test field to update' },
},
});
const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/template/field/update`, {
headers: { Authorization: `Bearer ${tokenB}` },
data: {
templateId: mapSecondaryIdToTemplateId(template.secondaryId),
field: {
id: field.id,
type: FieldType.TEXT,
fieldMeta: { type: 'text', label: 'Updated field' },
},
},
});
expect(res.ok()).toBeFalsy();
expect(res.status()).toBe(404);
});
test('should allow authorized access to template field update endpoint', async ({
request,
}) => {
const template = await seedBlankTemplate(userA, teamA.id);
const recipient = await prisma.recipient.create({
data: {
envelopeId: template.id,
email: 'test@example.com',
name: 'Test',
role: RecipientRole.SIGNER,
token: nanoid(12),
readStatus: ReadStatus.NOT_OPENED,
sendStatus: SendStatus.NOT_SENT,
signingStatus: SigningStatus.NOT_SIGNED,
},
});
const field = await prisma.field.create({
data: {
envelopeId: template.id,
envelopeItemId: template.envelopeItems[0].id,
recipientId: recipient.id,
type: FieldType.TEXT,
page: 1,
positionX: 1,
positionY: 1,
width: 1,
height: 1,
customText: '',
inserted: false,
fieldMeta: { type: 'text', label: 'Test field to update' },
},
});
const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/template/field/update`, {
headers: { Authorization: `Bearer ${tokenA}` },
data: {
templateId: mapSecondaryIdToTemplateId(template.secondaryId),
field: {
id: field.id,
type: FieldType.TEXT,
fieldMeta: { type: 'text', label: 'Updated field' },
},
},
});
expect(res.ok()).toBeTruthy();
expect(res.status()).toBe(200);
});
});
test.describe('Template field update-many endpoint', () => {
test('should block unauthorized access to template field update-many endpoint', async ({
request,
}) => {
const template = await seedBlankTemplate(userA, teamA.id);
const recipient = await prisma.recipient.create({
data: {
envelopeId: template.id,
email: 'test@example.com',
name: 'Test',
role: RecipientRole.SIGNER,
token: nanoid(12),
readStatus: ReadStatus.NOT_OPENED,
sendStatus: SendStatus.NOT_SENT,
signingStatus: SigningStatus.NOT_SIGNED,
},
});
const field = await prisma.field.createManyAndReturn({
data: [
{
envelopeId: template.id,
envelopeItemId: template.envelopeItems[0].id,
recipientId: recipient.id,
type: 'TEXT',
page: 1,
positionX: 1,
positionY: 1,
width: 1,
height: 1,
customText: '',
inserted: false,
fieldMeta: { type: 'text', label: 'Test field to update' },
},
{
envelopeId: template.id,
envelopeItemId: template.envelopeItems[0].id,
recipientId: recipient.id,
type: FieldType.NUMBER,
page: 1,
positionX: 1,
positionY: 1,
width: 1,
height: 1,
customText: '',
inserted: false,
fieldMeta: { type: 'number', label: 'Test field to update' },
},
],
});
const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/template/field/update-many`, {
headers: { Authorization: `Bearer ${tokenB}` },
data: {
templateId: mapSecondaryIdToTemplateId(template.secondaryId),
fields: [
{
id: field[0].id,
type: FieldType.TEXT,
fieldMeta: { type: 'text', label: 'Updated first field - text' },
},
{
id: field[1].id,
type: FieldType.NUMBER,
fieldMeta: { type: 'number', label: 'Updated second field - number' },
},
],
},
});
expect(res.ok()).toBeFalsy();
expect(res.status()).toBe(404);
});
test('should allow authorized access to template field update-many endpoint', async ({
request,
}) => {
const template = await seedBlankTemplate(userA, teamA.id);
const recipient = await prisma.recipient.create({
data: {
envelopeId: template.id,
email: 'test@example.com',
name: 'Test',
role: RecipientRole.SIGNER,
token: nanoid(12),
readStatus: ReadStatus.NOT_OPENED,
sendStatus: SendStatus.NOT_SENT,
signingStatus: SigningStatus.NOT_SIGNED,
},
});
const field = await prisma.field.createManyAndReturn({
data: [
{
envelopeId: template.id,
envelopeItemId: template.envelopeItems[0].id,
recipientId: recipient.id,
type: 'TEXT',
page: 1,
positionX: 1,
positionY: 1,
width: 1,
height: 1,
customText: '',
inserted: false,
fieldMeta: { type: 'text', label: 'Test field to update' },
},
{
envelopeId: template.id,
envelopeItemId: template.envelopeItems[0].id,
recipientId: recipient.id,
type: FieldType.NUMBER,
page: 1,
positionX: 1,
positionY: 1,
width: 1,
height: 1,
customText: '',
inserted: false,
fieldMeta: { type: 'number', label: 'Test field to update' },
},
],
});
const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/template/field/update-many`, {
headers: { Authorization: `Bearer ${tokenA}` },
data: {
templateId: mapSecondaryIdToTemplateId(template.secondaryId),
fields: [
{
id: field[0].id,
type: FieldType.TEXT,
fieldMeta: { type: 'text', label: 'Updated first field - text' },
},
{
id: field[1].id,
type: FieldType.NUMBER,
fieldMeta: { type: 'number', label: 'Updated second field - number' },
},
],
},
});
expect(res.ok()).toBeTruthy();
expect(res.status()).toBe(200);
});
});
test.describe('Template field delete endpoint', () => {
test('should block unauthorized access to template field delete endpoint', async ({
request,
}) => {
const template = await seedBlankTemplate(userA, teamA.id);
const recipient = await prisma.recipient.create({
data: {
envelopeId: template.id,
email: 'test@example.com',
name: 'Test',
role: RecipientRole.SIGNER,
token: nanoid(12),
readStatus: ReadStatus.NOT_OPENED,
sendStatus: SendStatus.NOT_SENT,
signingStatus: SigningStatus.NOT_SIGNED,
},
});
const field = await prisma.field.create({
data: {
envelopeId: template.id,
envelopeItemId: template.envelopeItems[0].id,
recipientId: recipient.id,
type: 'TEXT',
page: 1,
positionX: 1,
positionY: 1,
width: 1,
height: 1,
customText: '',
inserted: false,
fieldMeta: { type: 'text', label: 'Test field to delete' },
},
});
const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/template/field/delete`, {
headers: { Authorization: `Bearer ${tokenB}` },
data: { fieldId: field.id },
});
expect(res.ok()).toBeFalsy();
expect(res.status()).toBe(404);
});
test('should allow authorized access to template field delete endpoint', async ({
request,
}) => {
const template = await seedBlankTemplate(userA, teamA.id);
const recipient = await prisma.recipient.create({
data: {
envelopeId: template.id,
email: 'test@example.com',
name: 'Test',
role: RecipientRole.SIGNER,
token: nanoid(12),
readStatus: ReadStatus.NOT_OPENED,
sendStatus: SendStatus.NOT_SENT,
signingStatus: SigningStatus.NOT_SIGNED,
},
});
const field = await prisma.field.create({
data: {
envelopeId: template.id,
envelopeItemId: template.envelopeItems[0].id,
recipientId: recipient.id,
type: 'TEXT',
page: 1,
positionX: 1,
positionY: 1,
width: 1,
height: 1,
customText: '',
inserted: false,
fieldMeta: { type: 'text', label: 'Test field to delete' },
},
});
const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/template/field/delete`, {
headers: { Authorization: `Bearer ${tokenA}` },
data: { fieldId: field.id },
});
expect(res.ok()).toBeTruthy();
expect(res.status()).toBe(200);
});
});
test.describe('Document recipient GET endpoint', () => {
test('should block unauthorized access to document recipient get endpoint', async ({
request,
}) => {
const { user: recipientUser } = await seedUser();
const doc = await seedDraftDocument(userA, teamA.id, [recipientUser]);
const recipient = await prisma.recipient.findFirst({
where: { envelopeId: doc.id },
});
const res = await request.get(
`${WEBAPP_BASE_URL}/api/v2-beta/document/recipient/${recipient!.id}`,
{
headers: { Authorization: `Bearer ${tokenB}` },
},
);
expect(res.ok()).toBeFalsy();
expect(res.status()).toBe(404);
});
test('should allow authorized access to document recipient get endpoint', async ({
request,
}) => {
const { user: recipientUser } = await seedUser();
const doc = await seedDraftDocument(userA, teamA.id, [recipientUser]);
const recipient = await prisma.recipient.findFirst({
where: { envelopeId: doc.id },
});
const res = await request.get(
`${WEBAPP_BASE_URL}/api/v2-beta/document/recipient/${recipient!.id}`,
{
headers: { Authorization: `Bearer ${tokenA}` },
},
);
expect(res.ok()).toBeTruthy();
expect(res.status()).toBe(200);
});
});
test.describe('Document recipient create endpoint', () => {
test('should block unauthorized access to document recipient create endpoint', async ({
request,
}) => {
const doc = await seedDraftDocument(userA, teamA.id, []);
const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/document/recipient/create`, {
headers: { Authorization: `Bearer ${tokenB}` },
data: {
documentId: mapSecondaryIdToDocumentId(doc.secondaryId),
recipient: {
name: 'Test',
email: 'test@example.com',
role: RecipientRole.SIGNER,
},
},
});
expect(res.ok()).toBeFalsy();
expect(res.status()).toBe(404);
});
test('should allow authorized access to document recipient create endpoint', async ({
request,
}) => {
const doc = await seedDraftDocument(userA, teamA.id, []);
const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/document/recipient/create`, {
headers: { Authorization: `Bearer ${tokenA}` },
data: {
documentId: mapSecondaryIdToDocumentId(doc.secondaryId),
recipient: {
name: 'Test',
email: 'test@example.com',
role: RecipientRole.SIGNER,
},
},
});
expect(res.ok()).toBeTruthy();
expect(res.status()).toBe(200);
});
});
test.describe('Document recipient create-many endpoint', () => {
test('should block unauthorized access to document recipient create-many endpoint', async ({
request,
}) => {
const doc = await seedDraftDocument(userA, teamA.id, []);
const res = await request.post(
`${WEBAPP_BASE_URL}/api/v2-beta/document/recipient/create-many`,
{
headers: { Authorization: `Bearer ${tokenB}` },
data: {
documentId: mapSecondaryIdToDocumentId(doc.secondaryId),
recipients: [
{
name: 'Test',
email: 'test@example.com',
role: RecipientRole.SIGNER,
},
{
name: 'Test 2',
email: 'test2@example.com',
role: RecipientRole.SIGNER,
},
],
},
},
);
expect(res.ok()).toBeFalsy();
expect(res.status()).toBe(404);
});
test('should allow authorized access to document recipient create-many endpoint', async ({
request,
}) => {
const doc = await seedDraftDocument(userA, teamA.id, []);
const res = await request.post(
`${WEBAPP_BASE_URL}/api/v2-beta/document/recipient/create-many`,
{
headers: { Authorization: `Bearer ${tokenA}` },
data: {
documentId: mapSecondaryIdToDocumentId(doc.secondaryId),
recipients: [
{
name: 'Test',
email: 'test@example.com',
role: RecipientRole.SIGNER,
},
{
name: 'Test 2',
email: 'test2@example.com',
role: RecipientRole.SIGNER,
},
],
},
},
);
expect(res.ok()).toBeTruthy();
expect(res.status()).toBe(200);
});
});
test.describe('Document recipient update endpoint', () => {
test('should block unauthorized access to document recipient update endpoint', async ({
request,
}) => {
const { user: recipientUser } = await seedUser();
const doc = await seedDraftDocument(userA, teamA.id, [recipientUser]);
const recipient = await prisma.recipient.findFirst({
where: { envelopeId: doc.id },
});
const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/document/recipient/update`, {
headers: { Authorization: `Bearer ${tokenB}` },
data: {
documentId: mapSecondaryIdToDocumentId(doc.secondaryId),
recipient: {
id: recipient!.id,
name: 'Updated recipient',
},
},
});
expect(res.ok()).toBeFalsy();
expect(res.status()).toBe(404);
});
test('should allow authorized access to document recipient update endpoint', async ({
request,
}) => {
const { user: recipientUser } = await seedUser();
const doc = await seedDraftDocument(userA, teamA.id, [recipientUser]);
const recipient = await prisma.recipient.findFirst({
where: { envelopeId: doc.id },
});
const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/document/recipient/update`, {
headers: { Authorization: `Bearer ${tokenA}` },
data: {
documentId: mapSecondaryIdToDocumentId(doc.secondaryId),
recipient: {
id: recipient!.id,
name: 'Updated recipient',
},
},
});
expect(res.ok()).toBeTruthy();
expect(res.status()).toBe(200);
});
});
test.describe('Document recipient update-many endpoint', () => {
test('should block unauthorized access to document recipient update-many endpoint', async ({
request,
}) => {
const { user: firstRecipient } = await seedUser();
const { user: secondRecipient } = await seedUser();
const doc = await seedDraftDocument(userA, teamA.id, [firstRecipient, secondRecipient]);
const firstDocumentRecipient = await prisma.recipient.findFirst({
where: {
envelopeId: doc.id,
email: firstRecipient.email,
},
});
const secondDocumentRecipient = await prisma.recipient.findFirst({
where: {
envelopeId: doc.id,
email: secondRecipient.email,
},
});
const res = await request.post(
`${WEBAPP_BASE_URL}/api/v2-beta/document/recipient/update-many`,
{
headers: { Authorization: `Bearer ${tokenB}` },
data: {
documentId: mapSecondaryIdToDocumentId(doc.secondaryId),
recipients: [
{
id: firstDocumentRecipient!.id,
name: 'Updated first recipient',
},
{
id: secondDocumentRecipient!.id,
name: 'Updated second recipient',
},
],
},
},
);
expect(res.ok()).toBeFalsy();
expect(res.status()).toBe(404);
});
test('should allow authorized access to document recipient update-many endpoint', async ({
request,
}) => {
const { user: firstRecipient } = await seedUser();
const { user: secondRecipient } = await seedUser();
const doc = await seedDraftDocument(userA, teamA.id, [firstRecipient, secondRecipient]);
const firstDocumentRecipient = await prisma.recipient.findFirst({
where: {
envelopeId: doc.id,
email: firstRecipient.email,
},
});
const secondDocumentRecipient = await prisma.recipient.findFirst({
where: {
envelopeId: doc.id,
email: secondRecipient.email,
},
});
const res = await request.post(
`${WEBAPP_BASE_URL}/api/v2-beta/document/recipient/update-many`,
{
headers: { Authorization: `Bearer ${tokenA}` },
data: {
documentId: mapSecondaryIdToDocumentId(doc.secondaryId),
recipients: [
{
id: firstDocumentRecipient!.id,
name: 'Updated first recipient',
},
{
id: secondDocumentRecipient!.id,
name: 'Updated second recipient',
},
],
},
},
);
expect(res.ok()).toBeTruthy();
expect(res.status()).toBe(200);
});
});
test.describe('Document recipient delete endpoint', () => {
test('should block unauthorized access to document recipient delete endpoint', async ({
request,
}) => {
const { user: recipientUser } = await seedUser();
const doc = await seedDraftDocument(userA, teamA.id, [recipientUser]);
const recipient = await prisma.recipient.findFirst({
where: { envelopeId: doc.id },
});
const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/document/recipient/delete`, {
headers: { Authorization: `Bearer ${tokenB}` },
data: { recipientId: recipient!.id },
});
expect(res.ok()).toBeFalsy();
expect(res.status()).toBe(404);
});
test('should allow authorized access to document recipient delete endpoint', async ({
request,
}) => {
const { user: recipientUser } = await seedUser();
const doc = await seedDraftDocument(userA, teamA.id, [recipientUser]);
const recipient = await prisma.recipient.findFirst({
where: { envelopeId: doc.id },
});
const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/document/recipient/delete`, {
headers: { Authorization: `Bearer ${tokenA}` },
data: { recipientId: recipient!.id },
});
expect(res.ok()).toBeTruthy();
expect(res.status()).toBe(200);
});
});
test.describe('Template recipient GET endpoint', () => {
test('should block unauthorized access to template recipient get endpoint', async ({
request,
}) => {
const template = await seedBlankTemplate(userA, teamA.id);
const templateRecipient = await prisma.recipient.create({
data: {
envelopeId: template.id,
email: 'test@example.com',
name: 'Test wuth',
role: RecipientRole.SIGNER,
token: nanoid(12),
readStatus: ReadStatus.NOT_OPENED,
sendStatus: SendStatus.NOT_SENT,
signingStatus: SigningStatus.NOT_SIGNED,
},
});
const res = await request.get(
`${WEBAPP_BASE_URL}/api/v2-beta/template/recipient/${templateRecipient.id}`,
{
headers: { Authorization: `Bearer ${tokenB}` },
},
);
expect(res.ok()).toBeFalsy();
expect(res.status()).toBe(404);
});
test('should allow authorized access to template recipient get endpoint', async ({
request,
}) => {
const template = await seedBlankTemplate(userA, teamA.id);
const templateRecipient = await prisma.recipient.create({
data: {
envelopeId: template.id,
email: 'test@example.com',
name: 'Test wuth',
role: RecipientRole.SIGNER,
token: nanoid(12),
readStatus: ReadStatus.NOT_OPENED,
sendStatus: SendStatus.NOT_SENT,
signingStatus: SigningStatus.NOT_SIGNED,
},
});
const res = await request.get(
`${WEBAPP_BASE_URL}/api/v2-beta/template/recipient/${templateRecipient.id}`,
{
headers: { Authorization: `Bearer ${tokenA}` },
},
);
expect(res.ok()).toBeTruthy();
expect(res.status()).toBe(200);
});
});
test.describe('Template recipient create endpoint', () => {
test('should block unauthorized access to template recipient create endpoint', async ({
request,
}) => {
const template = await seedBlankTemplate(userA, teamA.id);
const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/template/recipient/create`, {
headers: { Authorization: `Bearer ${tokenB}` },
data: {
templateId: mapSecondaryIdToTemplateId(template.secondaryId),
recipient: {
name: 'Test',
email: 'test@example.com',
role: RecipientRole.SIGNER,
},
},
});
expect(res.ok()).toBeFalsy();
expect(res.status()).toBe(404);
});
test('should allow authorized access to template recipient create endpoint', async ({
request,
}) => {
const template = await seedBlankTemplate(userA, teamA.id);
const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/template/recipient/create`, {
headers: { Authorization: `Bearer ${tokenA}` },
data: {
templateId: mapSecondaryIdToTemplateId(template.secondaryId),
recipient: {
name: 'Test',
email: 'test@example.com',
role: RecipientRole.SIGNER,
},
},
});
expect(res.ok()).toBeTruthy();
expect(res.status()).toBe(200);
});
});
test.describe('Template recipient create-many endpoint', () => {
test('should block unauthorized access to template recipient create-many endpoint', async ({
request,
}) => {
const template = await seedBlankTemplate(userA, teamA.id);
const res = await request.post(
`${WEBAPP_BASE_URL}/api/v2-beta/template/recipient/create-many`,
{
headers: { Authorization: `Bearer ${tokenB}` },
data: {
templateId: mapSecondaryIdToTemplateId(template.secondaryId),
recipients: [
{
name: 'Test first recipient',
email: 'test-first-recipient@example.com',
role: RecipientRole.SIGNER,
},
{
name: 'Test second recipient',
email: 'test-second-recipient@example.com',
role: RecipientRole.SIGNER,
},
],
},
},
);
expect(res.ok()).toBeFalsy();
expect(res.status()).toBe(404);
});
test('should allow authorized access to template recipient create-many endpoint', async ({
request,
}) => {
const template = await seedBlankTemplate(userA, teamA.id);
const res = await request.post(
`${WEBAPP_BASE_URL}/api/v2-beta/template/recipient/create-many`,
{
headers: { Authorization: `Bearer ${tokenA}` },
data: {
templateId: mapSecondaryIdToTemplateId(template.secondaryId),
recipients: [
{
name: 'Test first recipient',
email: 'test-first-recipient@example.com',
role: RecipientRole.SIGNER,
},
{
name: 'Test second recipient',
email: 'test-second-recipient@example.com',
role: RecipientRole.SIGNER,
},
],
},
},
);
expect(res.ok()).toBeTruthy();
expect(res.status()).toBe(200);
});
});
test.describe('Template recipient update endpoint', () => {
test('should block unauthorized access to template recipient update endpoint', async ({
request,
}) => {
const template = await seedBlankTemplate(userA, teamA.id);
const recipient = await prisma.recipient.create({
data: {
envelopeId: template.id,
email: 'test@example.com',
name: 'Test',
role: RecipientRole.SIGNER,
token: nanoid(12),
readStatus: ReadStatus.NOT_OPENED,
sendStatus: SendStatus.NOT_SENT,
signingStatus: SigningStatus.NOT_SIGNED,
},
});
const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/template/recipient/update`, {
headers: { Authorization: `Bearer ${tokenB}` },
data: {
templateId: mapSecondaryIdToTemplateId(template.secondaryId),
recipient: {
id: recipient.id,
name: 'Updated test name',
},
},
});
expect(res.ok()).toBeFalsy();
expect(res.status()).toBe(404);
});
test('should allow authorized access to template recipient update endpoint', async ({
request,
}) => {
const template = await seedBlankTemplate(userA, teamA.id);
const recipient = await prisma.recipient.create({
data: {
envelopeId: template.id,
email: 'test@example.com',
name: 'Test',
role: RecipientRole.SIGNER,
token: nanoid(12),
readStatus: ReadStatus.NOT_OPENED,
sendStatus: SendStatus.NOT_SENT,
signingStatus: SigningStatus.NOT_SIGNED,
},
});
const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/template/recipient/update`, {
headers: { Authorization: `Bearer ${tokenA}` },
data: {
templateId: mapSecondaryIdToTemplateId(template.secondaryId),
recipient: {
id: recipient.id,
name: 'Updated test name',
},
},
});
expect(res.ok()).toBeTruthy();
expect(res.status()).toBe(200);
});
});
test.describe('Template recipient update-many endpoint', () => {
test('should block unauthorized access to template recipient update-many endpoint', async ({
request,
}) => {
const template = await seedBlankTemplate(userA, teamA.id);
const recipients = await prisma.recipient.createManyAndReturn({
data: [
{
envelopeId: template.id,
email: 'test@example.com',
name: 'Test',
token: nanoid(12),
readStatus: ReadStatus.NOT_OPENED,
sendStatus: SendStatus.NOT_SENT,
signingStatus: SigningStatus.NOT_SIGNED,
},
{
envelopeId: template.id,
email: 'test2@example.com',
name: 'Test 2',
token: nanoid(12),
readStatus: ReadStatus.NOT_OPENED,
sendStatus: SendStatus.NOT_SENT,
signingStatus: SigningStatus.NOT_SIGNED,
},
],
});
const res = await request.post(
`${WEBAPP_BASE_URL}/api/v2-beta/template/recipient/update-many`,
{
headers: { Authorization: `Bearer ${tokenB}` },
data: {
templateId: mapSecondaryIdToTemplateId(template.secondaryId),
recipients: [
{
id: recipients[0].id,
name: 'Updated test first recipient name',
},
{
id: recipients[1].id,
name: 'Updated test second recipient name',
},
],
},
},
);
expect(res.ok()).toBeFalsy();
expect(res.status()).toBe(404);
});
test('should allow authorized access to template recipient update-many endpoint', async ({
request,
}) => {
const template = await seedBlankTemplate(userA, teamA.id);
const recipients = await prisma.recipient.createManyAndReturn({
data: [
{
envelopeId: template.id,
email: 'test@example.com',
name: 'Test',
token: nanoid(12),
readStatus: ReadStatus.NOT_OPENED,
sendStatus: SendStatus.NOT_SENT,
signingStatus: SigningStatus.NOT_SIGNED,
},
{
envelopeId: template.id,
email: 'test2@example.com',
name: 'Test 2',
token: nanoid(12),
readStatus: ReadStatus.NOT_OPENED,
sendStatus: SendStatus.NOT_SENT,
signingStatus: SigningStatus.NOT_SIGNED,
},
],
});
const res = await request.post(
`${WEBAPP_BASE_URL}/api/v2-beta/template/recipient/update-many`,
{
headers: { Authorization: `Bearer ${tokenA}` },
data: {
templateId: mapSecondaryIdToTemplateId(template.secondaryId),
recipients: [
{
id: recipients[0].id,
name: 'Updated test first recipient name',
},
{
id: recipients[1].id,
name: 'Updated test second recipient name',
},
],
},
},
);
expect(res.ok()).toBeTruthy();
expect(res.status()).toBe(200);
});
});
test.describe('Template recipient delete endpoint', () => {
test('should block unauthorized access to template recipient delete endpoint', async ({
request,
}) => {
const template = await seedBlankTemplate(userA, teamA.id);
const recipient = await prisma.recipient.create({
data: {
envelopeId: template.id,
email: 'test@example.com',
name: 'Test',
role: RecipientRole.SIGNER,
token: nanoid(12),
readStatus: ReadStatus.NOT_OPENED,
sendStatus: SendStatus.NOT_SENT,
signingStatus: SigningStatus.NOT_SIGNED,
},
});
const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/template/recipient/delete`, {
headers: { Authorization: `Bearer ${tokenB}` },
data: { recipientId: recipient.id },
});
expect(res.ok()).toBeFalsy();
expect(res.status()).toBe(404);
});
test('should allow authorized access to template recipient delete endpoint', async ({
request,
}) => {
const template = await seedBlankTemplate(userA, teamA.id);
const recipient = await prisma.recipient.create({
data: {
envelopeId: template.id,
email: 'test@example.com',
name: 'Test',
role: RecipientRole.SIGNER,
token: nanoid(12),
readStatus: ReadStatus.NOT_OPENED,
sendStatus: SendStatus.NOT_SENT,
signingStatus: SigningStatus.NOT_SIGNED,
},
});
const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/template/recipient/delete`, {
headers: { Authorization: `Bearer ${tokenA}` },
data: { recipientId: recipient.id },
});
expect(res.ok()).toBeTruthy();
expect(res.status()).toBe(200);
});
});
test.describe('Template list endpoint', () => {
test('should block unauthorized access to template list endpoint', async ({ request }) => {
await seedBlankTemplate(userA, teamA.id);
const res = await request.get(`${WEBAPP_BASE_URL}/api/v2-beta/template`, {
headers: { Authorization: `Bearer ${tokenB}` },
});
expect(res.ok()).toBeTruthy();
expect(res.status()).toBe(200);
const data = await res.json();
expect(data.data.every((doc: { userId: number }) => doc.userId !== userA.id)).toBe(true);
});
test('should allow authorized access to template list endpoint', async ({ request }) => {
await seedBlankTemplate(userA, teamA.id);
const res = await request.get(`${WEBAPP_BASE_URL}/api/v2-beta/template`, {
headers: { Authorization: `Bearer ${tokenA}` },
});
expect(res.ok()).toBeTruthy();
expect(res.status()).toBe(200);
const data = await res.json();
expect(data.data.length).toBeGreaterThan(0);
expect(data.data.every((doc: { userId: number }) => doc.userId === userA.id)).toBe(true);
});
});
test.describe('Template GET endpoint', () => {
test('should block unauthorized access to template get endpoint', async ({ request }) => {
const template = await seedBlankTemplate(userA, teamA.id);
const res = await request.get(
`${WEBAPP_BASE_URL}/api/v2-beta/template/${mapSecondaryIdToTemplateId(template.secondaryId)}`,
{
headers: { Authorization: `Bearer ${tokenB}` },
},
);
expect(res.ok()).toBeFalsy();
expect(res.status()).toBe(404);
});
test('should allow authorized access to template get endpoint', async ({ request }) => {
const template = await seedBlankTemplate(userA, teamA.id);
const res = await request.get(
`${WEBAPP_BASE_URL}/api/v2-beta/template/${mapSecondaryIdToTemplateId(template.secondaryId)}`,
{
headers: { Authorization: `Bearer ${tokenA}` },
},
);
expect(res.ok()).toBeTruthy();
expect(res.status()).toBe(200);
});
});
test.describe('Template update endpoint', () => {
test('should block unauthorized access to template update endpoint', async ({ request }) => {
const template = await seedBlankTemplate(userA, teamA.id);
const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/template/update`, {
headers: { Authorization: `Bearer ${tokenB}` },
data: {
templateId: mapSecondaryIdToTemplateId(template.secondaryId),
data: {
title: 'Updated template title',
visibility: DocumentVisibility.MANAGER_AND_ABOVE,
},
},
});
expect(res.ok()).toBeFalsy();
expect(res.status()).toBe(404);
});
test('should allow authorized access to template update endpoint', async ({ request }) => {
const template = await seedBlankTemplate(userA, teamA.id);
const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/template/update`, {
headers: { Authorization: `Bearer ${tokenA}` },
data: {
templateId: mapSecondaryIdToTemplateId(template.secondaryId),
data: {
title: 'Updated template title',
visibility: DocumentVisibility.MANAGER_AND_ABOVE,
},
},
});
expect(res.ok()).toBeTruthy();
expect(res.status()).toBe(200);
});
});
test.describe('Template duplicate endpoint', () => {
test('should block unauthorized access to template duplicate endpoint', async ({ request }) => {
const template = await seedBlankTemplate(userA, teamA.id);
const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/template/duplicate`, {
headers: { Authorization: `Bearer ${tokenB}` },
data: { templateId: mapSecondaryIdToTemplateId(template.secondaryId) },
});
expect(res.ok()).toBeFalsy();
expect(res.status()).toBe(404);
});
test('should allow authorized access to template duplicate endpoint', async ({ request }) => {
const template = await seedBlankTemplate(userA, teamA.id);
const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/template/duplicate`, {
headers: { Authorization: `Bearer ${tokenA}` },
data: { templateId: mapSecondaryIdToTemplateId(template.secondaryId) },
});
expect(res.ok()).toBeTruthy();
expect(res.status()).toBe(200);
});
});
test.describe('Template delete endpoint', () => {
test('should block unauthorized access to template delete endpoint', async ({ request }) => {
const template = await seedBlankTemplate(userA, teamA.id);
const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/template/delete`, {
headers: { Authorization: `Bearer ${tokenB}` },
data: { templateId: mapSecondaryIdToTemplateId(template.secondaryId) },
});
expect(res.ok()).toBeFalsy();
expect(res.status()).toBe(500);
});
test('should allow authorized access to template delete endpoint', async ({ request }) => {
const template = await seedBlankTemplate(userA, teamA.id);
const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/template/delete`, {
headers: { Authorization: `Bearer ${tokenA}` },
data: { templateId: mapSecondaryIdToTemplateId(template.secondaryId) },
});
expect(res.ok()).toBeTruthy();
expect(res.status()).toBe(200);
});
});
test.describe('Template use endpoint', () => {
test('should block unauthorized access to template use endpoint', async ({ request }) => {
const template = await seedBlankTemplate(userA, teamA.id);
const { user: firstRecipientUser } = await seedUser();
const { user: secondRecipientUser } = await seedUser();
const updatedTemplate = await prisma.envelope.update({
where: { id: template.id },
data: {
recipients: {
create: [
{
name: firstRecipientUser.name || '',
email: firstRecipientUser.email,
token: nanoid(12),
readStatus: ReadStatus.NOT_OPENED,
sendStatus: SendStatus.NOT_SENT,
signingStatus: SigningStatus.NOT_SIGNED,
},
{
name: secondRecipientUser.name || '',
email: secondRecipientUser.email,
token: nanoid(12),
readStatus: ReadStatus.NOT_OPENED,
sendStatus: SendStatus.NOT_SENT,
signingStatus: SigningStatus.NOT_SIGNED,
},
],
},
},
include: {
recipients: true,
},
});
const recipientAId = updatedTemplate.recipients.find(
(recipient) => recipient.email === firstRecipientUser.email,
)?.id;
const recipientBId = updatedTemplate.recipients.find(
(recipient) => recipient.email === secondRecipientUser.email,
)?.id;
if (!recipientAId || !recipientBId) {
throw new Error('Recipient IDs not found');
}
const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/template/use`, {
headers: { Authorization: `Bearer ${tokenB}` },
data: {
templateId: mapSecondaryIdToTemplateId(template.secondaryId),
recipients: [
{
id: recipientAId,
name: firstRecipientUser.name,
email: firstRecipientUser.email,
role: RecipientRole.SIGNER,
},
{
id: recipientBId,
name: secondRecipientUser.name,
email: secondRecipientUser.email,
role: RecipientRole.SIGNER,
},
],
},
});
expect(res.ok()).toBeFalsy();
expect(res.status()).toBe(404);
});
test('should allow authorized access to template use endpoint', async ({ request }) => {
const template = await seedBlankTemplate(userA, teamA.id);
const { user: firstRecipientUser } = await seedUser();
const { user: secondRecipientUser } = await seedUser();
const updatedTemplate = await prisma.envelope.update({
where: { id: template.id },
data: {
recipients: {
create: [
{
name: firstRecipientUser.name || '',
email: firstRecipientUser.email,
token: nanoid(12),
readStatus: ReadStatus.NOT_OPENED,
sendStatus: SendStatus.NOT_SENT,
signingStatus: SigningStatus.NOT_SIGNED,
},
{
name: secondRecipientUser.name || '',
email: secondRecipientUser.email,
token: nanoid(12),
readStatus: ReadStatus.NOT_OPENED,
sendStatus: SendStatus.NOT_SENT,
signingStatus: SigningStatus.NOT_SIGNED,
},
],
},
},
include: {
recipients: true,
},
});
const recipientAId = updatedTemplate.recipients.find(
(recipient) => recipient.email === firstRecipientUser.email,
)?.id;
const recipientBId = updatedTemplate.recipients.find(
(recipient) => recipient.email === secondRecipientUser.email,
)?.id;
if (!recipientAId || !recipientBId) {
throw new Error('Recipient IDs not found');
}
const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/template/use`, {
headers: { Authorization: `Bearer ${tokenA}` },
data: {
templateId: mapSecondaryIdToTemplateId(template.secondaryId),
recipients: [
{
id: recipientAId,
name: firstRecipientUser.name,
email: firstRecipientUser.email,
role: RecipientRole.SIGNER,
},
{
id: recipientBId,
name: secondRecipientUser.name,
email: secondRecipientUser.email,
role: RecipientRole.SIGNER,
},
],
},
});
expect(res.ok()).toBeTruthy();
expect(res.status()).toBe(200);
});
});
test.describe('Template direct create endpoint', () => {
test('should block unauthorized access to template direct create endpoint', async ({
request,
}) => {
const template = await seedBlankTemplate(userA, teamA.id);
const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/template/direct/create`, {
headers: { Authorization: `Bearer ${tokenB}` },
data: { templateId: mapSecondaryIdToTemplateId(template.secondaryId) },
});
expect(res.ok()).toBeFalsy();
expect(res.status()).toBe(404);
});
test('should allow authorized access to template direct create endpoint', async ({
request,
}) => {
const template = await seedBlankTemplate(userA, teamA.id);
const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/template/direct/create`, {
headers: { Authorization: `Bearer ${tokenA}` },
data: { templateId: mapSecondaryIdToTemplateId(template.secondaryId) },
});
expect(res.ok()).toBeTruthy();
expect(res.status()).toBe(200);
});
});
test.describe('Template direct delete endpoint', () => {
test('should block unauthorized access to template direct delete endpoint', async ({
request,
}) => {
const template = await seedBlankTemplate(userA, teamA.id);
const recipient = await prisma.recipient.create({
data: {
envelopeId: template.id,
name: 'Test',
email: 'test@example.com',
token: nanoid(12),
},
});
await prisma.templateDirectLink.create({
data: {
envelopeId: template.id,
enabled: true,
token: nanoid(12),
directTemplateRecipientId: recipient.id,
},
});
const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/template/direct/delete`, {
headers: { Authorization: `Bearer ${tokenB}` },
data: { templateId: mapSecondaryIdToTemplateId(template.secondaryId) },
});
expect(res.ok()).toBeFalsy();
expect(res.status()).toBe(404);
});
test('should allow authorized access to template direct delete endpoint', async ({
request,
}) => {
const template = await seedBlankTemplate(userA, teamA.id);
const recipient = await prisma.recipient.create({
data: {
envelopeId: template.id,
name: 'Test',
email: 'test@example.com',
token: nanoid(12),
},
});
await prisma.templateDirectLink.create({
data: {
envelopeId: template.id,
enabled: true,
token: nanoid(12),
directTemplateRecipientId: recipient.id,
},
});
const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/template/direct/delete`, {
headers: { Authorization: `Bearer ${tokenA}` },
data: { templateId: mapSecondaryIdToTemplateId(template.secondaryId) },
});
expect(res.ok()).toBeTruthy();
expect(res.status()).toBe(200);
});
});
test.describe('Template direct toggle endpoint', () => {
test('should block unauthorized access to template direct toggle endpoint', async ({
request,
}) => {
const template = await seedBlankTemplate(userA, teamA.id);
const recipient = await prisma.recipient.create({
data: {
envelopeId: template.id,
name: 'Test',
email: 'test@example.com',
token: nanoid(12),
},
});
await prisma.templateDirectLink.create({
data: {
envelopeId: template.id,
enabled: true,
token: nanoid(12),
directTemplateRecipientId: recipient.id,
},
});
const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/template/direct/toggle`, {
headers: { Authorization: `Bearer ${tokenB}` },
data: { templateId: mapSecondaryIdToTemplateId(template.secondaryId), enabled: false },
});
expect(res.ok()).toBeFalsy();
expect(res.status()).toBe(404);
});
test('should allow authorized access to template direct toggle endpoint', async ({
request,
}) => {
const template = await seedBlankTemplate(userA, teamA.id);
const recipient = await prisma.recipient.create({
data: {
envelopeId: template.id,
name: 'Test',
email: 'test@example.com',
token: nanoid(12),
},
});
await prisma.templateDirectLink.create({
data: {
envelopeId: template.id,
enabled: true,
token: nanoid(12),
directTemplateRecipientId: recipient.id,
},
});
const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/template/direct/toggle`, {
headers: { Authorization: `Bearer ${tokenA}` },
data: { templateId: mapSecondaryIdToTemplateId(template.secondaryId), enabled: false },
});
expect(res.ok()).toBeTruthy();
expect(res.status()).toBe(200);
});
});
test.describe('Folder list endpoint', () => {
test('should block unauthorized access to folder list endpoint', async ({ request }) => {
await seedBlankFolder(userA, teamA.id);
await seedBlankFolder(userA, teamA.id);
const res = await request.get(`${WEBAPP_BASE_URL}/api/v2-beta/folder`, {
headers: { Authorization: `Bearer ${tokenB}` },
});
expect(res.ok()).toBeTruthy();
expect(res.status()).toBe(200);
const { data } = await res.json();
expect(data.every((folder: { userId: number }) => folder.userId !== userA.id)).toBe(true);
expect(data.length).toBe(0);
});
test('should allow authorized access to folder list endpoint', async ({ request }) => {
await seedBlankFolder(userA, teamA.id);
await seedBlankFolder(userA, teamA.id);
// Other team folders should not be visible.
await seedBlankFolder(userA, teamB.id);
await seedBlankFolder(userA, teamB.id);
// Other team and user folders should not be visible.
await seedBlankFolder(userB, teamB.id);
await seedBlankFolder(userB, teamB.id);
const res = await request.get(`${WEBAPP_BASE_URL}/api/v2-beta/folder`, {
headers: { Authorization: `Bearer ${tokenA}` },
});
expect(res.ok()).toBeTruthy();
expect(res.status()).toBe(200);
const { data } = await res.json();
expect(data.length).toBe(2);
expect(data.every((folder: { userId: number }) => folder.userId === userA.id)).toBe(true);
});
});
test.describe('Folder create endpoint', () => {
test('should block unauthorized access to folder create endpoint', async ({ request }) => {
const unauthorizedFolder = await seedBlankFolder(userB, teamB.id);
const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/folder/create`, {
headers: { Authorization: `Bearer ${tokenA}` },
data: {
parentId: unauthorizedFolder.id,
name: 'Test Folder',
type: 'DOCUMENT',
},
});
expect(res.ok()).toBeFalsy();
expect(res.status()).toBe(404);
});
test('should allow authorized access to folder create endpoint', async ({ request }) => {
const authorizedFolder = await seedBlankFolder(userA, teamA.id);
const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/folder/create`, {
headers: { Authorization: `Bearer ${tokenA}` },
data: {
parentId: authorizedFolder.id,
name: 'Test Folder',
type: 'DOCUMENT',
},
});
expect(res.ok()).toBeTruthy();
expect(res.status()).toBe(200);
const noParentRes = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/folder/create`, {
headers: { Authorization: `Bearer ${tokenA}` },
data: {
name: 'Test Folder',
type: 'DOCUMENT',
},
});
expect(noParentRes.ok()).toBeTruthy();
expect(noParentRes.status()).toBe(200);
});
});
test.describe('Folder update endpoint', () => {
test('should block unauthorized access to folder update endpoint', async ({ request }) => {
const folder = await seedBlankFolder(userA, teamA.id);
const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/folder/update`, {
headers: { Authorization: `Bearer ${tokenB}` },
data: {
folderId: folder.id,
data: {
name: 'Updated Folder Name',
},
},
});
expect(res.ok()).toBeFalsy();
expect(res.status()).toBe(404);
});
test('should allow authorized access to folder update endpoint', async ({ request }) => {
const folder = await seedBlankFolder(userA, teamA.id);
const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/folder/update`, {
headers: { Authorization: `Bearer ${tokenA}` },
data: {
folderId: folder.id,
data: {
name: 'Updated Folder Name',
},
},
});
expect(res.ok()).toBeTruthy();
expect(res.status()).toBe(200);
});
});
test.describe('Folder delete endpoint', () => {
test('should block unauthorized access to folder delete endpoint', async ({ request }) => {
const folder = await seedBlankFolder(userA, teamA.id);
const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/folder/delete`, {
headers: { Authorization: `Bearer ${tokenB}` },
data: { folderId: folder.id },
});
expect(res.ok()).toBeFalsy();
expect(res.status()).toBe(404);
});
test('should allow authorized access to folder delete endpoint', async ({ request }) => {
const folder = await seedBlankFolder(userA, teamA.id);
const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/folder/delete`, {
headers: { Authorization: `Bearer ${tokenA}` },
data: { folderId: folder.id },
});
expect(res.ok()).toBeTruthy();
expect(res.status()).toBe(200);
});
});
test.describe('Document create endpoint', () => {
test('should allow authorized access to document create endpoint', async ({ request }) => {
const payload = {
title: 'Test Document',
};
const formData = new FormData();
formData.append('payload', JSON.stringify(payload));
const pdfPath = path.join(__dirname, '../../../../../assets/example.pdf');
const pdfData = fs.existsSync(pdfPath) ? fs.readFileSync(pdfPath) : Buffer.from('%PDF-1.4\n');
formData.append('file', new File([pdfData], 'test.pdf', { type: 'application/pdf' }));
const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/document/create`, {
headers: { Authorization: `Bearer ${tokenA}` },
multipart: formData,
});
expect(res.ok()).toBeTruthy();
expect(res.status()).toBe(200);
const data = await res.json();
expect(data.envelopeId).toBeDefined();
expect(data.id).toBeDefined();
const envelope = await prisma.envelope.findFirstOrThrow({
where: {
id: data.envelopeId,
},
include: {
envelopeItems: true,
},
});
expect(envelope?.title).toBe(payload.title);
expect(envelope.envelopeItems.length).toBe(1);
});
});
test.describe('Template create endpoint', () => {
test('should allow authorized access to template create endpoint', async ({ request }) => {
const payload = {
title: 'Test Template',
};
const formData = new FormData();
formData.append('payload', JSON.stringify(payload));
const pdfPath = path.join(__dirname, '../../../../../assets/example.pdf');
const pdfData = fs.existsSync(pdfPath) ? fs.readFileSync(pdfPath) : Buffer.from('%PDF-1.4\n');
formData.append('file', new File([pdfData], 'test.pdf', { type: 'application/pdf' }));
const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/template/create`, {
headers: { Authorization: `Bearer ${tokenA}` },
multipart: formData,
});
expect(res.ok()).toBeTruthy();
expect(res.status()).toBe(200);
const data = await res.json();
expect(data.envelopeId).toBeDefined();
expect(data.id).toBeDefined();
const envelope = await prisma.envelope.findFirstOrThrow({
where: {
id: data.envelopeId,
},
include: {
envelopeItems: true,
},
});
expect(envelope.title).toBe(payload.title);
expect(envelope.envelopeItems.length).toBe(1);
});
});
test.describe('Envelope API V2', () => {
let userA: User, teamA: Team, userB: User, teamB: Team, tokenA: string, tokenB: string;
test.beforeEach(async () => {
({ user: userA, team: teamA } = await seedUser());
({ token: tokenA } = await createApiToken({
userId: userA.id,
teamId: teamA.id,
tokenName: 'userA',
expiresIn: null,
}));
({ user: userB, team: teamB } = await seedUser());
({ token: tokenB } = await createApiToken({
userId: userB.id,
teamId: teamB.id,
tokenName: 'userB',
expiresIn: null,
}));
});
test.describe('Envelope get endpoint', () => {
test('should block unauthorized access to envelope get endpoint', async ({ request }) => {
const doc = await seedBlankDocument(userA, teamA.id);
const res = await request.get(`${WEBAPP_BASE_URL}/api/v2-beta/envelope/${doc.id}`, {
headers: { Authorization: `Bearer ${tokenB}` },
});
expect(res.ok()).toBeFalsy();
expect(res.status()).toBe(404);
});
test('should allow authorized access to envelope get endpoint', async ({ request }) => {
const doc = await seedBlankDocument(userA, teamA.id);
const res = await request.get(`${WEBAPP_BASE_URL}/api/v2-beta/envelope/${doc.id}`, {
headers: { Authorization: `Bearer ${tokenA}` },
});
expect(res.ok()).toBeTruthy();
expect(res.status()).toBe(200);
});
});
test.describe('Envelope update endpoint', () => {
test('should block unauthorized access to envelope update endpoint', async ({ request }) => {
const doc = await seedBlankDocument(userA, teamA.id);
const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/envelope/update`, {
headers: { Authorization: `Bearer ${tokenB}` },
data: {
envelopeId: doc.id,
envelopeType: EnvelopeType.DOCUMENT,
data: { title: 'Updated Title' },
},
});
expect(res.ok()).toBeFalsy();
expect(res.status()).toBe(404);
});
test('should allow authorized access to envelope update endpoint', async ({ request }) => {
const doc = await seedBlankDocument(userA, teamA.id);
const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/envelope/update`, {
headers: { Authorization: `Bearer ${tokenA}` },
data: {
envelopeId: doc.id,
envelopeType: EnvelopeType.DOCUMENT,
data: { title: 'Updated Title' },
},
});
expect(res.ok()).toBeTruthy();
expect(res.status()).toBe(200);
});
});
test.describe('Envelope delete endpoint', () => {
test('should block unauthorized access to envelope delete endpoint', async ({ request }) => {
const doc = await seedBlankDocument(userA, teamA.id);
const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/envelope/delete`, {
headers: { Authorization: `Bearer ${tokenB}` },
data: { envelopeId: doc.id },
});
expect(res.ok()).toBeFalsy();
expect(res.status()).toBe(401);
});
test('should allow authorized access to envelope delete endpoint', async ({ request }) => {
const doc = await seedBlankDocument(userA, teamA.id);
const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/envelope/delete`, {
headers: { Authorization: `Bearer ${tokenA}` },
data: { envelopeId: doc.id },
});
expect(res.ok()).toBeTruthy();
expect(res.status()).toBe(200);
});
});
test.describe('Envelope duplicate endpoint', () => {
test('should block unauthorized access to envelope duplicate endpoint', async ({
request,
}) => {
const doc = await seedBlankDocument(userA, teamA.id);
const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/envelope/duplicate`, {
headers: { Authorization: `Bearer ${tokenB}` },
data: { envelopeId: doc.id },
});
expect(res.ok()).toBeFalsy();
expect(res.status()).toBe(404);
});
test('should allow authorized access to envelope duplicate endpoint', async ({ request }) => {
const doc = await seedBlankDocument(userA, teamA.id);
const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/envelope/duplicate`, {
headers: { Authorization: `Bearer ${tokenA}` },
data: { envelopeId: doc.id },
});
expect(res.ok()).toBeTruthy();
expect(res.status()).toBe(200);
});
});
test.describe('Envelope distribute endpoint', () => {
test('should block unauthorized access to envelope distribute endpoint', async ({
request,
}) => {
const doc = await seedDraftDocument(userA, teamA.id, ['test@example.com']);
const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/envelope/distribute`, {
headers: { Authorization: `Bearer ${tokenB}` },
data: { envelopeId: doc.id },
});
expect(res.ok()).toBeFalsy();
expect(res.status()).toBe(500);
});
test('should allow authorized access to envelope distribute endpoint', async ({
request,
}) => {
const doc = await seedDraftDocument(userA, teamA.id, ['test@example.com']);
const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/envelope/distribute`, {
headers: { Authorization: `Bearer ${tokenA}` },
data: { envelopeId: doc.id },
});
expect(res.ok()).toBeTruthy();
expect(res.status()).toBe(200);
});
});
test.describe('Envelope redistribute endpoint', () => {
test('should block unauthorized access to envelope redistribute endpoint', async ({
request,
}) => {
const doc = await seedPendingDocument(userA, teamA.id, []);
const userRecipient = await prisma.recipient.create({
data: {
email: 'test@example.com',
name: 'Test',
token: nanoid(),
readStatus: ReadStatus.NOT_OPENED,
sendStatus: SendStatus.SENT,
signingStatus: SigningStatus.NOT_SIGNED,
signedAt: null,
envelopeId: doc.id,
fields: {
create: {
page: 1,
type: FieldType.NAME,
inserted: true,
customText: '',
positionX: new Prisma.Decimal(1),
positionY: new Prisma.Decimal(1),
width: new Prisma.Decimal(1),
height: new Prisma.Decimal(1),
envelopeId: doc.id,
envelopeItemId: doc.envelopeItems[0].id,
},
},
},
});
const recipient = await prisma.recipient.findFirst({
where: {
envelopeId: doc.id,
email: userRecipient.email,
},
});
const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/envelope/redistribute`, {
headers: { Authorization: `Bearer ${tokenB}` },
data: {
envelopeId: doc.id,
recipients: [recipient!.id],
},
});
expect(res.ok()).toBeFalsy();
expect(res.status()).toBe(500);
});
test('should allow authorized access to envelope redistribute endpoint', async ({
request,
}) => {
const doc = await seedPendingDocument(userA, teamA.id, []);
const userRecipient = await prisma.recipient.create({
data: {
email: 'test@example.com',
name: 'Test',
token: nanoid(),
readStatus: ReadStatus.NOT_OPENED,
sendStatus: SendStatus.SENT,
signingStatus: SigningStatus.NOT_SIGNED,
signedAt: null,
envelopeId: doc.id,
fields: {
create: {
page: 1,
type: FieldType.NAME,
inserted: true,
customText: '',
positionX: new Prisma.Decimal(1),
positionY: new Prisma.Decimal(1),
width: new Prisma.Decimal(1),
height: new Prisma.Decimal(1),
envelopeId: doc.id,
envelopeItemId: doc.envelopeItems[0].id,
},
},
},
});
const recipient = await prisma.recipient.findFirst({
where: {
envelopeId: doc.id,
email: userRecipient.email,
},
});
const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/envelope/redistribute`, {
headers: { Authorization: `Bearer ${tokenA}` },
data: {
envelopeId: doc.id,
recipients: [recipient!.id],
},
});
expect(res.ok()).toBeTruthy();
expect(res.status()).toBe(200);
});
});
test.describe('Envelope field get endpoint', () => {
test('should block unauthorized access to envelope field get endpoint', async ({
request,
}) => {
const { user: userRecipient } = await seedUser();
const doc = await seedDraftDocument(userA, teamA.id, [userRecipient.email]);
const recipient = await prisma.recipient.findFirst({
where: {
envelopeId: doc.id,
email: userRecipient.email,
},
});
const field = await prisma.field.create({
data: {
envelopeId: doc.id,
envelopeItemId: doc.envelopeItems[0].id,
recipientId: recipient!.id,
type: 'TEXT',
page: 1,
positionX: 1,
positionY: 1,
width: 1,
height: 1,
customText: '',
inserted: false,
fieldMeta: { type: 'text', label: 'Test' },
},
});
const res = await request.get(`${WEBAPP_BASE_URL}/api/v2-beta/envelope/field/${field.id}`, {
headers: { Authorization: `Bearer ${tokenB}` },
});
expect(res.ok()).toBeFalsy();
expect(res.status()).toBe(404);
});
test('should allow authorized access to envelope field get endpoint', async ({ request }) => {
const { user: userRecipient } = await seedUser();
const doc = await seedDraftDocument(userA, teamA.id, [userRecipient.email]);
const recipient = await prisma.recipient.findFirstOrThrow({
where: {
envelopeId: doc.id,
email: userRecipient.email,
},
});
const field = await prisma.field.create({
data: {
envelopeId: doc.id,
envelopeItemId: doc.envelopeItems[0].id,
recipientId: recipient.id,
type: 'TEXT',
page: 1,
positionX: 1,
positionY: 1,
width: 1,
height: 1,
customText: '',
inserted: false,
fieldMeta: { type: 'text', label: 'Test' },
},
});
const res = await request.get(`${WEBAPP_BASE_URL}/api/v2-beta/envelope/field/${field.id}`, {
headers: { Authorization: `Bearer ${tokenA}` },
});
expect(res.ok()).toBeTruthy();
expect(res.status()).toBe(200);
});
});
test.describe('Envelope field create-many endpoint', () => {
test('should block unauthorized access to envelope field create-many endpoint', async ({
request,
}) => {
const { user: userRecipient } = await seedUser();
const doc = await seedDraftDocument(userA, teamA.id, [userRecipient.email]);
const recipient = await prisma.recipient.findFirst({
where: { envelopeId: doc.id },
});
const res = await request.post(
`${WEBAPP_BASE_URL}/api/v2-beta/envelope/field/create-many`,
{
headers: { Authorization: `Bearer ${tokenB}` },
data: {
envelopeId: doc.id,
data: [
{
recipientId: recipient!.id,
envelopeItemId: doc.envelopeItems[0].id,
type: 'TEXT',
page: 791.77,
positionX: 0,
positionY: 0,
width: 5,
height: 5,
fieldMeta: { type: 'text', label: 'First test field' },
},
{
recipientId: recipient!.id,
envelopeItemId: doc.envelopeItems[0].id,
type: 'TEXT',
page: 791.77,
positionX: 0,
positionY: 0,
width: 5,
height: 5,
fieldMeta: { type: 'text', label: 'Second test field' },
},
],
},
},
);
expect(res.ok()).toBeFalsy();
expect(res.status()).toBe(404);
});
test('should allow authorized access to envelope field create-many endpoint', async ({
request,
}) => {
const { user: userRecipient } = await seedUser();
const doc = await seedDraftDocument(userA, teamA.id, [userRecipient.email]);
const recipient = await prisma.recipient.findFirst({
where: { envelopeId: doc.id },
});
const res = await request.post(
`${WEBAPP_BASE_URL}/api/v2-beta/envelope/field/create-many`,
{
headers: { Authorization: `Bearer ${tokenA}` },
data: {
envelopeId: doc.id,
data: [
{
recipientId: recipient!.id,
envelopeItemId: doc.envelopeItems[0].id,
type: 'TEXT',
page: 791.77,
positionX: 0,
positionY: 0,
width: 5,
height: 5,
fieldMeta: { type: 'text', label: 'First test field' },
},
{
recipientId: recipient!.id,
envelopeItemId: doc.envelopeItems[0].id,
type: 'TEXT',
page: 791.77,
positionX: 0,
positionY: 0,
width: 5,
height: 5,
fieldMeta: { type: 'text', label: 'Second test field' },
},
],
},
},
);
expect(res.ok()).toBeTruthy();
expect(res.status()).toBe(200);
});
});
test.describe('Envelope field update-many endpoint', () => {
test('should block unauthorized access to envelope field update-many endpoint', async ({
request,
}) => {
const { user: userRecipient } = await seedUser();
const doc = await seedDraftDocument(userA, teamA.id, [userRecipient.email]);
const recipient = await prisma.recipient.findFirst({
where: { envelopeId: doc.id },
});
const fields = await prisma.field.createManyAndReturn({
data: [
{
envelopeId: doc.id,
envelopeItemId: doc.envelopeItems[0].id,
recipientId: recipient!.id,
type: FieldType.TEXT,
page: 1,
positionX: 1,
positionY: 1,
width: 1,
height: 1,
customText: '',
inserted: false,
fieldMeta: { type: 'text', label: 'Test' },
},
{
envelopeId: doc.id,
envelopeItemId: doc.envelopeItems[0].id,
recipientId: recipient!.id,
type: FieldType.NUMBER,
page: 1,
positionX: 1,
positionY: 1,
width: 1,
height: 1,
customText: '',
inserted: false,
fieldMeta: { type: 'text', label: 'Test' },
},
],
});
const res = await request.post(
`${WEBAPP_BASE_URL}/api/v2-beta/envelope/field/update-many`,
{
headers: { Authorization: `Bearer ${tokenB}` },
data: {
envelopeId: doc.id,
data: [
{
id: fields[0].id,
type: FieldType.TEXT,
fieldMeta: { type: 'text', label: 'Updated first test field' },
},
{
id: fields[1].id,
type: FieldType.NUMBER,
fieldMeta: { type: 'number', label: 'Updated second test field' },
},
],
},
},
);
expect(res.ok()).toBeFalsy();
expect(res.status()).toBe(404);
});
test('should allow authorized access to envelope field update-many endpoint', async ({
request,
}) => {
const { user: userRecipient } = await seedUser();
const doc = await seedDraftDocument(userA, teamA.id, [userRecipient.email]);
const recipient = await prisma.recipient.findFirst({
where: { envelopeId: doc.id },
});
const fields = await prisma.field.createManyAndReturn({
data: [
{
envelopeId: doc.id,
envelopeItemId: doc.envelopeItems[0].id,
recipientId: recipient!.id,
type: FieldType.TEXT,
page: 1,
positionX: 1,
positionY: 1,
width: 1,
height: 1,
customText: '',
inserted: false,
fieldMeta: { type: 'text', label: 'Test' },
},
{
envelopeId: doc.id,
envelopeItemId: doc.envelopeItems[0].id,
recipientId: recipient!.id,
type: FieldType.NUMBER,
page: 1,
positionX: 1,
positionY: 1,
width: 1,
height: 1,
customText: '',
inserted: false,
fieldMeta: { type: 'text', label: 'Test' },
},
],
});
const res = await request.post(
`${WEBAPP_BASE_URL}/api/v2-beta/envelope/field/update-many`,
{
headers: { Authorization: `Bearer ${tokenA}` },
data: {
envelopeId: doc.id,
data: [
{
id: fields[0].id,
type: FieldType.TEXT,
fieldMeta: { type: 'text', label: 'Updated first test field' },
},
{
id: fields[1].id,
type: FieldType.NUMBER,
fieldMeta: { type: 'number', label: 'Updated second test field' },
},
],
},
},
);
expect(res.ok()).toBeTruthy();
expect(res.status()).toBe(200);
});
});
test.describe('Envelope field delete endpoint', () => {
test('should block unauthorized access to envelope field delete endpoint', async ({
request,
}) => {
const { user: userRecipient } = await seedUser();
const doc = await seedDraftDocument(userA, teamA.id, [userRecipient.email]);
const recipient = await prisma.recipient.findFirst({
where: { envelopeId: doc.id },
});
const field = await prisma.field.create({
data: {
envelopeId: doc.id,
envelopeItemId: doc.envelopeItems[0].id,
recipientId: recipient!.id,
type: FieldType.TEXT,
page: 1,
positionX: 1,
positionY: 1,
width: 1,
height: 1,
customText: '',
inserted: false,
fieldMeta: { type: 'text', label: 'Test' },
},
});
const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/envelope/field/delete`, {
headers: { Authorization: `Bearer ${tokenB}` },
data: { fieldId: field.id },
});
expect(res.ok()).toBeFalsy();
expect(res.status()).toBe(404);
});
test('should allow authorized access to envelope field delete endpoint', async ({
request,
}) => {
const { user: userRecipient } = await seedUser();
const doc = await seedDraftDocument(userA, teamA.id, [userRecipient.email]);
const recipient = await prisma.recipient.findFirst({
where: { envelopeId: doc.id },
});
const field = await prisma.field.create({
data: {
envelopeId: doc.id,
envelopeItemId: doc.envelopeItems[0].id,
recipientId: recipient!.id,
type: FieldType.TEXT,
page: 1,
positionX: 1,
positionY: 1,
width: 1,
height: 1,
customText: '',
inserted: false,
fieldMeta: { type: 'text', label: 'Test' },
},
});
const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/envelope/field/delete`, {
headers: { Authorization: `Bearer ${tokenA}` },
data: { fieldId: field.id },
});
expect(res.ok()).toBeTruthy();
expect(res.status()).toBe(200);
});
});
test.describe('Envelope recipient get endpoint', () => {
test('should block unauthorized access to envelope recipient get endpoint', async ({
request,
}) => {
const { user: recipientUser } = await seedUser();
const doc = await seedDraftDocument(userA, teamA.id, [recipientUser]);
const recipient = await prisma.recipient.findFirst({
where: { envelopeId: doc.id },
});
const res = await request.get(
`${WEBAPP_BASE_URL}/api/v2-beta/envelope/recipient/${recipient!.id}`,
{
headers: { Authorization: `Bearer ${tokenB}` },
},
);
expect(res.ok()).toBeFalsy();
expect(res.status()).toBe(404);
});
test('should allow authorized access to envelope recipient get endpoint', async ({
request,
}) => {
const { user: recipientUser } = await seedUser();
const doc = await seedDraftDocument(userA, teamA.id, [recipientUser]);
const recipient = await prisma.recipient.findFirst({
where: { envelopeId: doc.id },
});
const res = await request.get(
`${WEBAPP_BASE_URL}/api/v2-beta/envelope/recipient/${recipient!.id}`,
{
headers: { Authorization: `Bearer ${tokenA}` },
},
);
expect(res.ok()).toBeTruthy();
expect(res.status()).toBe(200);
});
});
test.describe('Envelope recipient create-many endpoint', () => {
test('should block unauthorized access to envelope recipient create-many endpoint', async ({
request,
}) => {
const doc = await seedDraftDocument(userA, teamA.id, []);
const res = await request.post(
`${WEBAPP_BASE_URL}/api/v2-beta/envelope/recipient/create-many`,
{
headers: { Authorization: `Bearer ${tokenB}` },
data: {
envelopeId: doc.id,
data: [
{
name: 'Test',
email: 'test@example.com',
role: RecipientRole.SIGNER,
},
{
name: 'Test 2',
email: 'test2@example.com',
role: RecipientRole.SIGNER,
},
],
},
},
);
expect(res.ok()).toBeFalsy();
expect(res.status()).toBe(404);
});
test('should allow authorized access to envelope recipient create-many endpoint', async ({
request,
}) => {
const doc = await seedDraftDocument(userA, teamA.id, []);
const res = await request.post(
`${WEBAPP_BASE_URL}/api/v2-beta/envelope/recipient/create-many`,
{
headers: { Authorization: `Bearer ${tokenA}` },
data: {
envelopeId: doc.id,
data: [
{
name: 'Test',
email: 'test@example.com',
role: RecipientRole.SIGNER,
},
{
name: 'Test 2',
email: 'test2@example.com',
role: RecipientRole.SIGNER,
},
],
},
},
);
expect(res.ok()).toBeTruthy();
expect(res.status()).toBe(200);
});
});
test.describe('Envelope recipient update-many endpoint', () => {
test('should block unauthorized access to envelope recipient update-many endpoint', async ({
request,
}) => {
const { user: firstRecipient } = await seedUser();
const { user: secondRecipient } = await seedUser();
const doc = await seedDraftDocument(userA, teamA.id, [firstRecipient, secondRecipient]);
const firstDocumentRecipient = await prisma.recipient.findFirst({
where: {
envelopeId: doc.id,
email: firstRecipient.email,
},
});
const secondDocumentRecipient = await prisma.recipient.findFirst({
where: {
envelopeId: doc.id,
email: secondRecipient.email,
},
});
const res = await request.post(
`${WEBAPP_BASE_URL}/api/v2-beta/envelope/recipient/update-many`,
{
headers: { Authorization: `Bearer ${tokenB}` },
data: {
envelopeId: doc.id,
data: [
{
id: firstDocumentRecipient!.id,
name: 'Updated first recipient',
},
{
id: secondDocumentRecipient!.id,
name: 'Updated second recipient',
},
],
},
},
);
expect(res.ok()).toBeFalsy();
expect(res.status()).toBe(404);
});
test('should allow authorized access to envelope recipient update-many endpoint', async ({
request,
}) => {
const { user: firstRecipient } = await seedUser();
const { user: secondRecipient } = await seedUser();
const doc = await seedDraftDocument(userA, teamA.id, [firstRecipient, secondRecipient]);
const firstDocumentRecipient = await prisma.recipient.findFirst({
where: {
envelopeId: doc.id,
email: firstRecipient.email,
},
});
const secondDocumentRecipient = await prisma.recipient.findFirst({
where: {
envelopeId: doc.id,
email: secondRecipient.email,
},
});
const res = await request.post(
`${WEBAPP_BASE_URL}/api/v2-beta/envelope/recipient/update-many`,
{
headers: { Authorization: `Bearer ${tokenA}` },
data: {
envelopeId: doc.id,
data: [
{
id: firstDocumentRecipient!.id,
name: 'Updated first recipient',
},
{
id: secondDocumentRecipient!.id,
name: 'Updated second recipient',
},
],
},
},
);
expect(res.ok()).toBeTruthy();
expect(res.status()).toBe(200);
});
});
test.describe('Envelope recipient delete endpoint', () => {
test('should block unauthorized access to envelope recipient delete endpoint', async ({
request,
}) => {
const { user: recipientUser } = await seedUser();
const doc = await seedDraftDocument(userA, teamA.id, [recipientUser]);
const recipient = await prisma.recipient.findFirst({
where: { envelopeId: doc.id },
});
const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/envelope/recipient/delete`, {
headers: { Authorization: `Bearer ${tokenB}` },
data: { recipientId: recipient!.id },
});
expect(res.ok()).toBeFalsy();
expect(res.status()).toBe(404);
});
test('should allow authorized access to envelope recipient delete endpoint', async ({
request,
}) => {
const { user: recipientUser } = await seedUser();
const doc = await seedDraftDocument(userA, teamA.id, [recipientUser]);
const recipient = await prisma.recipient.findFirst({
where: { envelopeId: doc.id },
});
const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/envelope/recipient/delete`, {
headers: { Authorization: `Bearer ${tokenA}` },
data: { recipientId: recipient!.id },
});
expect(res.ok()).toBeTruthy();
expect(res.status()).toBe(200);
});
});
test.describe('Envelope item create-many endpoint', () => {
test('should block unauthorized access to envelope item create-many endpoint', async ({
request,
}) => {
const doc = await seedBlankDocument(userA, teamA.id);
const fieldMetaPdf = fs.readFileSync(
path.join(__dirname, '../../../../../assets/field-meta.pdf'),
);
const createEnvelopeItemsPayload: TCreateEnvelopeItemsPayload = {
envelopeId: doc.id,
};
const formData = new FormData();
formData.append('payload', JSON.stringify(createEnvelopeItemsPayload));
formData.append(
'files',
new File([fieldMetaPdf], 'field-meta.pdf', { type: 'application/pdf' }),
);
const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/envelope/item/create-many`, {
headers: { Authorization: `Bearer ${tokenB}` },
multipart: formData,
});
expect(res.ok()).toBeFalsy();
expect(res.status()).toBe(404);
});
test('should allow authorized access to envelope item create-many endpoint', async ({
request,
}) => {
const doc = await seedBlankDocument(userA, teamA.id);
const fieldMetaPdf = fs.readFileSync(
path.join(__dirname, '../../../../../assets/field-meta.pdf'),
);
const createEnvelopeItemsPayload: TCreateEnvelopeItemsPayload = {
envelopeId: doc.id,
};
const formData = new FormData();
formData.append('payload', JSON.stringify(createEnvelopeItemsPayload));
formData.append(
'files',
new File([fieldMetaPdf], 'field-meta-1.pdf', { type: 'application/pdf' }),
);
formData.append(
'files',
new File([fieldMetaPdf], 'field-meta-2.pdf', { type: 'application/pdf' }),
);
const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/envelope/item/create-many`, {
headers: { Authorization: `Bearer ${tokenA}` },
multipart: formData,
});
const envelope = await prisma.envelope.findFirstOrThrow({
where: {
id: doc.id,
},
include: {
envelopeItems: true,
},
});
expect(res.ok()).toBeTruthy();
expect(res.status()).toBe(200);
const envelopeItems = envelope.envelopeItems;
// 3 Files because seed creates one automatically.
expect(envelopeItems.length).toBe(3);
expect(envelopeItems[1].title).toBe('field-meta-1.pdf');
expect(envelopeItems[2].title).toBe('field-meta-2.pdf');
});
});
test.describe('Envelope item update-many endpoint', () => {
test('should block unauthorized access to envelope item update-many endpoint', async ({
request,
}) => {
const doc = await seedBlankDocument(userA, teamA.id);
const envelopeItem = await prisma.envelopeItem.findFirstOrThrow({
where: { envelopeId: doc.id },
});
const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/envelope/item/update-many`, {
headers: { Authorization: `Bearer ${tokenB}` },
data: {
envelopeId: doc.id,
data: [
{
envelopeItemId: envelopeItem.id,
title: 'Updated Item Title',
},
],
},
});
expect(res.ok()).toBeFalsy();
expect(res.status()).toBe(404);
});
test('should allow authorized access to envelope item update-many endpoint', async ({
request,
}) => {
const doc = await seedBlankDocument(userA, teamA.id);
const envelopeItem = await prisma.envelopeItem.findFirstOrThrow({
where: { envelopeId: doc.id },
});
const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/envelope/item/update-many`, {
headers: { Authorization: `Bearer ${tokenA}` },
data: {
envelopeId: doc.id,
data: [
{
envelopeItemId: envelopeItem.id,
title: 'Updated Item Title',
},
],
},
});
expect(res.ok()).toBeTruthy();
expect(res.status()).toBe(200);
});
});
test.describe('Envelope item delete endpoint', () => {
test('should block unauthorized access to envelope item delete endpoint', async ({
request,
}) => {
const doc = await seedBlankDocument(userA, teamA.id);
const envelopeItem = await prisma.envelopeItem.findFirstOrThrow({
where: { envelopeId: doc.id },
});
const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/envelope/item/delete`, {
headers: { Authorization: `Bearer ${tokenB}` },
data: {
envelopeId: doc.id,
envelopeItemId: envelopeItem.id,
},
});
expect(res.ok()).toBeFalsy();
expect(res.status()).toBe(404);
});
test('should allow authorized access to envelope item delete endpoint', async ({
request,
}) => {
const doc = await seedBlankDocument(userA, teamA.id);
const envelopeItem = await prisma.envelopeItem.findFirstOrThrow({
where: { envelopeId: doc.id },
});
const res = await request.post(`${WEBAPP_BASE_URL}/api/v2-beta/envelope/item/delete`, {
headers: { Authorization: `Bearer ${tokenA}` },
data: {
envelopeId: doc.id,
envelopeItemId: envelopeItem.id,
},
});
expect(res.ok()).toBeTruthy();
expect(res.status()).toBe(200);
});
});
test.describe('Envelope attachment find endpoint', () => {
test('should block unauthorized access to envelope attachment find endpoint', async ({
request,
}) => {
const doc = await seedBlankDocument(userA, teamA.id);
const res = await request.get(
`${WEBAPP_BASE_URL}/api/v2-beta/envelope/attachment?envelopeId=${doc.id}`,
{
headers: { Authorization: `Bearer ${tokenB}` },
},
);
expect(res.ok()).toBeFalsy();
expect(res.status()).toBe(404);
});
test('should allow authorized access to envelope attachment find endpoint', async ({
request,
}) => {
const doc = await seedBlankDocument(userA, teamA.id);
const res = await request.get(
`${WEBAPP_BASE_URL}/api/v2-beta/envelope/attachment?envelopeId=${doc.id}`,
{
headers: { Authorization: `Bearer ${tokenA}` },
},
);
expect(res.ok()).toBeTruthy();
expect(res.status()).toBe(200);
});
});
test.describe('Envelope attachment create endpoint', () => {
test('should block unauthorized access to envelope attachment create endpoint', async ({
request,
}) => {
const doc = await seedBlankDocument(userA, teamA.id);
const res = await request.post(
`${WEBAPP_BASE_URL}/api/v2-beta/envelope/attachment/create`,
{
headers: { Authorization: `Bearer ${tokenB}` },
data: {
envelopeId: doc.id,
data: {
label: 'Test Attachment',
data: 'https://example.com/file.pdf',
},
},
},
);
expect(res.ok()).toBeFalsy();
expect(res.status()).toBe(404);
});
test('should allow authorized access to envelope attachment create endpoint', async ({
request,
}) => {
const doc = await seedBlankDocument(userA, teamA.id);
const res = await request.post(
`${WEBAPP_BASE_URL}/api/v2-beta/envelope/attachment/create`,
{
headers: { Authorization: `Bearer ${tokenA}` },
data: {
envelopeId: doc.id,
data: {
label: 'Test Attachment',
data: 'https://example.com/file.pdf',
},
},
},
);
expect(res.ok()).toBeTruthy();
expect(res.status()).toBe(200);
});
});
test.describe('Envelope attachment update endpoint', () => {
test('should block unauthorized access to envelope attachment update endpoint', async ({
request,
}) => {
const doc = await seedBlankDocument(userA, teamA.id);
const attachment = await prisma.envelopeAttachment.create({
data: {
envelopeId: doc.id,
type: 'link',
label: 'Original Label',
data: 'https://example.com/original.pdf',
},
});
const res = await request.post(
`${WEBAPP_BASE_URL}/api/v2-beta/envelope/attachment/update`,
{
headers: { Authorization: `Bearer ${tokenB}` },
data: {
id: attachment.id,
data: {
label: 'Updated Label',
data: 'https://example.com/updated.pdf',
},
},
},
);
expect(res.ok()).toBeFalsy();
expect(res.status()).toBe(404);
});
test('should allow authorized access to envelope attachment update endpoint', async ({
request,
}) => {
const doc = await seedBlankDocument(userA, teamA.id);
const attachment = await prisma.envelopeAttachment.create({
data: {
envelopeId: doc.id,
type: 'link',
label: 'Original Label',
data: 'https://example.com/original.pdf',
},
});
const res = await request.post(
`${WEBAPP_BASE_URL}/api/v2-beta/envelope/attachment/update`,
{
headers: { Authorization: `Bearer ${tokenA}` },
data: {
id: attachment.id,
data: {
label: 'Updated Label',
data: 'https://example.com/updated.pdf',
},
},
},
);
expect(res.ok()).toBeTruthy();
expect(res.status()).toBe(200);
});
});
test.describe('Envelope attachment delete endpoint', () => {
test('should block unauthorized access to envelope attachment delete endpoint', async ({
request,
}) => {
const doc = await seedBlankDocument(userA, teamA.id);
const attachment = await prisma.envelopeAttachment.create({
data: {
envelopeId: doc.id,
type: 'link',
label: 'Test Attachment',
data: 'https://example.com/file.pdf',
},
});
const res = await request.post(
`${WEBAPP_BASE_URL}/api/v2-beta/envelope/attachment/delete`,
{
headers: { Authorization: `Bearer ${tokenB}` },
data: { id: attachment.id },
},
);
expect(res.ok()).toBeFalsy();
expect(res.status()).toBe(404);
});
test('should allow authorized access to envelope attachment delete endpoint', async ({
request,
}) => {
const doc = await seedBlankDocument(userA, teamA.id);
const attachment = await prisma.envelopeAttachment.create({
data: {
envelopeId: doc.id,
type: 'link',
label: 'Test Attachment',
data: 'https://example.com/file.pdf',
},
});
const res = await request.post(
`${WEBAPP_BASE_URL}/api/v2-beta/envelope/attachment/delete`,
{
headers: { Authorization: `Bearer ${tokenA}` },
data: { id: attachment.id },
},
);
expect(res.ok()).toBeTruthy();
expect(res.status()).toBe(200);
});
});
});
});
Reference in New Issue View Git Blame Copy Permalink