Project-Image-Uploader/backend/tests/api/consent.test.js

const { getRequest } = require('../testServer');

describe('Consent Management API', () => {
  const validToken = process.env.ADMIN_API_KEY || 'test-admin-key-12345';

  describe('GET /api/admin/social-media/platforms', () => {
    it('should return list of social media platforms', async () => {
      const response = await getRequest()
        .get('/api/admin/social-media/platforms')
        .set('Authorization', `Bearer ${validToken}`)
        .expect('Content-Type', /json/)
        .expect(200);

      expect(Array.isArray(response.body)).toBe(true);
    });

    it('should include platform metadata', async () => {
      const response = await getRequest()
        .get('/api/admin/social-media/platforms')
        .set('Authorization', `Bearer ${validToken}`);

      if (response.body.length > 0) {
        const platform = response.body[0];
        expect(platform).toHaveProperty('id');
        expect(platform).toHaveProperty('platform_name');
        expect(platform).toHaveProperty('display_name');
      }
    });
  });

  describe('GET /api/admin/groups/:groupId/consents', () => {
    it('should return 404 for non-existent group', async () => {
      await getRequest()
        .get('/api/admin/groups/non-existent-group/consents')
        .set('Authorization', `Bearer ${validToken}`)
        .expect(404);
    });

    it('should reject path traversal attempts', async () => {
      await getRequest()
        .get('/api/admin/groups/../../../etc/passwd/consents')
        .set('Authorization', `Bearer ${validToken}`)
        .expect(404);
    });
  });

  describe('POST /api/admin/groups/:groupId/consents', () => {
    it('should require admin authorization', async () => {
      await getRequest()
        .post('/api/admin/groups/test-group-id/consents')
        .send({ consents: {} })
        .expect(403); // No auth header
    });

    it('should require valid consent data with auth', async () => {
      const response = await getRequest()
        .post('/api/admin/groups/test-group-id/consents')
        .set('Authorization', `Bearer ${validToken}`)
        .send({})
        .expect(400);

      expect(response.body).toHaveProperty('error');
    });
  });

  describe('GET /api/admin/groups/by-consent', () => {
    it('should return filtered groups', async () => {
      const response = await getRequest()
        .get('/api/admin/groups/by-consent')
        .set('Authorization', `Bearer ${validToken}`)
        .expect('Content-Type', /json/)
        .expect(200);

      expect(response.body).toHaveProperty('groups');
      expect(response.body).toHaveProperty('count');
      expect(Array.isArray(response.body.groups)).toBe(true);
    });

    it('should accept platform filter', async () => {
      const response = await getRequest()
        .get('/api/admin/groups/by-consent?platformId=1')
        .set('Authorization', `Bearer ${validToken}`)
        .expect(200);

      expect(response.body).toHaveProperty('groups');
      expect(response.body).toHaveProperty('filters');
    });

    it('should accept consent filter', async () => {
      const response = await getRequest()
        .get('/api/admin/groups/by-consent?displayInWorkshop=true')
        .set('Authorization', `Bearer ${validToken}`)
        .expect(200);

      expect(response.body).toHaveProperty('groups');
      expect(response.body.filters).toHaveProperty('displayInWorkshop', true);
    });
  });

  describe('GET /api/admin/consents/export', () => {
    it('should require admin authorization', async () => {
      await getRequest()
        .get('/api/admin/consents/export')
        .expect(403);
    });

    it('should return CSV format with auth and format parameter', async () => {
      const response = await getRequest()
        .get('/api/admin/consents/export?format=csv')
        .set('Authorization', `Bearer ${validToken}`)
        .expect(200);

      expect(response.headers['content-type']).toMatch(/text\/csv/);
      expect(response.headers['content-disposition']).toMatch(/attachment/);
    });

    it('should include CSV header', async () => {
      const response = await getRequest()
        .get('/api/admin/consents/export?format=csv')
        .set('Authorization', `Bearer ${validToken}`);

      expect(response.text).toContain('group_id');
    });
  });
});