/
index.test.ts
76 lines (69 loc) · 2.74 KB
/
index.test.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
import request from 'supertest'
import { Express } from 'express'
import appWithAllRoutes, { AppSetupUserType } from './testutils/appSetup'
jest.mock('crypto', () => ({
randomBytes: () => 'mocked',
}))
afterEach(() => {
jest.resetAllMocks()
})
describe('GET /', () => {
describe('when logged in as a probation practitioner', () => {
it('redirects to the referral start page', () => {
const app = appWithAllRoutes({ userType: AppSetupUserType.probationPractitioner })
return request(app).get('/').expect(302).expect('Location', '/probation-practitioner/dashboard')
})
})
describe('when logged in as a service provider', () => {
it('redirects to the service provider dashboard', () => {
const app = appWithAllRoutes({ userType: AppSetupUserType.serviceProvider })
return request(app).get('/').expect(302).expect('Location', '/service-provider/dashboard')
})
})
})
describe('check response headers are set correctly', () => {
let app: Express
beforeEach(() => {
app = appWithAllRoutes({ userType: AppSetupUserType.probationPractitioner })
})
it('should have expected headers', async () => {
const response = await request(app).get('/')
expect(response.header).toMatchObject({
connection: 'close',
'content-length': '55',
'content-security-policy': expect.any(String),
'content-type': 'text/plain; charset=utf-8',
date: expect.any(String),
location: '/probation-practitioner/dashboard',
'referrer-policy': 'no-referrer',
'strict-transport-security': 'max-age=15552000; includeSubDomains',
vary: 'Accept',
'x-content-type-options': 'nosniff',
'x-dns-prefetch-control': 'off',
'x-download-options': 'noopen',
'x-frame-options': 'SAMEORIGIN',
'x-permitted-cross-domain-policies': 'none',
'x-xss-protection': '0',
})
})
it('should set content-security-policy correctly', async () => {
const { header } = await request(app).get('/')
const contentSecurityPolicy = header['content-security-policy'].split(';')
expect(contentSecurityPolicy).toMatchInlineSnapshot(`
Array [
"default-src 'self'",
"script-src 'self' code.jquery.com 'sha256-+6WnXIl4mbFTCARd8N3COQmT3bJJmo32N8q8ZSQAIcU=' https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com/ 'nonce-mocked'",
"style-src 'self' code.jquery.com",
"font-src 'self'",
"img-src 'self' https://www.google-analytics.com",
"connect-src 'self' https://www.google-analytics.com",
"base-uri 'self'",
"form-action 'self'",
"frame-ancestors 'self'",
"object-src 'none'",
"script-src-attr 'none'",
"upgrade-insecure-requests",
]
`)
})
})