fix(users): respond with 404 when user does not exist (#34)

NeuraLegion · Mar 30, 2023 · 2f78d4d · 2f78d4d
1 parent c24fe22
commit 2f78d4d
Show file tree

Hide file tree

Showing 4 changed files with 30 additions and 10 deletions.
diff --git a/src/users/users.controller.ts b/src/users/users.controller.ts
@@ -8,7 +8,8 @@ import {
   Get,
   Param,
   Post,
-  Query
+  Query,
+  NotFoundException
 } from '@nestjs/common';
 import { ApiResponse, ApiTags } from '@nestjs/swagger';
 
@@ -35,8 +36,15 @@ export class UsersController {
 
   @Get(':id')
   @ApiResponse({ status: 200, type: User })
-  public findOne(@Param('id') id: number): Promise<User | null> {
-    return this.usersService.findOne(id);
+  @ApiResponse({ status: 404, description: 'No such user.' })
+  public async findOne(@Param('id') id: number): Promise<User> {
+    const user = await this.usersService.findOne(id);
+
+    if (!user) {
+      throw new NotFoundException('No such user.');
+    }
+
+    return user;
   }
 
   @Delete(':id')

diff --git a/test/e2e/users.e2e-spec.ts b/test/e2e/users.e2e-spec.ts
@@ -46,7 +46,9 @@ describe('/users', () => {
     it('should return a list of users', async () => {
       const res = await request(app.getHttpServer()).get('/users').expect(200);
 
-      expect(res).toMatchObject({ body: expect.arrayContaining([user]) });
+      expect(res).toMatchObject({
+        body: expect.arrayContaining([expect.objectContaining(user)])
+      });
     });
   });
 
@@ -56,20 +58,28 @@ describe('/users', () => {
         .get('/users/2')
         .expect(200);
 
-      expect(res).toMatchObject({ body: user });
+      expect(res).toMatchObject({
+        body: user
+      });
     });
 
     it('should return an user if boolean-based blind is used', async () => {
       const res = await request(app.getHttpServer())
-        .get('/users/2 AND 1858=1858')
+        .get('/users/1000000 OR 2028=2028')
         .expect(200);
 
-      expect(res).toMatchObject({ body: user });
+      expect(res).toMatchObject({
+        body: {
+          firstName: expect.any(String),
+          lastName: expect.any(String),
+          isActive: expect.any(Boolean)
+        }
+      });
     });
   });
 
   describe('DEL /:id', () => {
     it('should remove an user by ID', () =>
-      request(app.getHttpServer()).delete('/users/1').expect(200));
+      request(app.getHttpServer()).delete('/users/2').expect(200));
   });
 });
diff --git a/test/global-teardown.js b/test/global-teardown.js
@@ -14,7 +14,9 @@ module.exports = async () => {
     try {
       orm = await MikroORM.init(config);
 
-      await orm.em.getConnection().execute('delete from "user";');
+      await orm.em
+        .getConnection()
+        .execute('delete from "user" where "id" != 1;');
     } finally {
       await orm?.close();
     }

diff --git a/test/sec/users.e2e-spec.ts b/test/sec/users.e2e-spec.ts
@@ -9,7 +9,7 @@ import { MikroOrmModule } from '@mikro-orm/nestjs';
 import { Server } from 'https';
 
 describe('/users', () => {
-  const timeout = 300000;
+  const timeout = 600000;
   jest.setTimeout(timeout);
 
   let runner!: SecRunner;