Testing Task: All API endpoints should be tested for invalid and malformed JSON

[pagan8]

Task:

Test all endpoints (see README for list) with incomplete, out of order and invalid JSON request data.

Example:

/report

expects:

{
"beer_id": 123,
"establishment_id": 345,
"device_guid": "6b981317-1c2d-4219-ad79-7235013ad597"
}

Testing should include:

incomplete - do not send all parameters, test leaving out each parameter in turn, and in pairs (eg. leaving out beer and establishments)

out of order - put establishment_id before beer_id and beer_id after device_guid

invalid - put invalid data such as very long strings, strings for integers (so beer_id = "Ricky likes to brew beer")

Also test by sending the wrong headers (eg. instead of application/json send text/html)

see the README file for curl syntax for testing.

For each test case you complete, put it in the comments:

(a) the curl command you ran
(b) the result you received
(c) any output from the brew.js (if you ran it locally for test)

[pagan8]

haha.. just noticed this was issue #13 :)

[benlachman]

Have at it @TGrannen. Create issues as you see them. Sooner the better but we'll be working at hack night before if not sooner.

[rickychilcott]

@TGrannen it would be awesome if you used a library like Chakram to write a test for each endpoint based on the docs. That way, any errors can be easily reproduced, and added to in the future.

[rickychilcott]

@TGrannen think you could do this work tonight?

[TGrannen]

Working on this now. Is there a running version of this somewhere or do I need to run this locally? My request using the README example URL is timing out.

[pagan8]

You can use http://173.230.142.215:3000

[TGrannen]

Thanks. Now I'm just receiving connection refused for everything I try.

curl -H "Content-Type: application/json" -X GET http://173.230.142.215:3000/beers        
curl: (7) Failed to connect to 173.230.142.215 port 3000: Connection refused

curl -H "Content-Type: application/json" -X GET http://173.230.142.215:3000/establishments
curl: (7) Failed to connect to 173.230.142.215 port 3000: Connection refused

curl -H "Content-Type: application/json" -X DELETE -d '{"establishment_id": "1", "beer_id": "1"}' http://173.230.142.215:3000/admin/statuses
curl: (7) Failed to connect to 173.230.142.215 port 3000: Connection refused

[rickychilcott]

@pagan8 do we need to whitelist @TGrannen's IP?

[pagan8]

Port 3000 isn't blocked.. I think he was hitting the /establishment/:estid/beerstatuses URL issue...

[TGrannen]

I've created two chakram scripts to test the API. I was able to get a successful response from all of the public API requests, but I couldn't verify anything on the Admin side without a token. Also, I wasn't sure if the Get Establishments call was supposed to vary based on location, because it seemed like I would get the same results no matter what coordinates I put in.

Feel free to run these tests on your own machine and add to them as needed. There are a some control variables at the top of each file if you only want to run certain tests or test a different ip address.

To run the tests locally:

Install Chakram
run the TestAPI.sh
or
run each file individually with the following to output to the screen

mocha PublicAPI.js  
mocha AdminAPI.js  

[rickychilcott]

Great work @TGrannen I made a few small changes in ba3c26b that cleans up the TestAPI.sh script just a bit. But overall, this is great. @pagan8 feel free to get that last test in PublicAPI.js passing

[pagan8]

@rickychilcott You are getting a 403 error because the device_guid already reported the establishment_id + beer_id being out.

The logic for the /report works like this:

• check if the device_guid already reported it out
• if yes, the return 403 (Forbidden) - can't report it out twice
• Next it checks for a beer_id + establishment_id in statuses
• Gives 400 if there is an error
• Gives 404 if not found
• Returns 200 OK after updating and inserts entry into reportstate table