Merge pull request #15643 from Budibase/remove-worker-user-mock

Remove mocks from public variant of `users.spec.ts`
2025-03-03 16:09:13 +00:00 · 2025-03-03 16:09:13 +00:00 · e93d9889ce
parent da92870b6c 091998c214
commit e93d9889ce
15 changed files with 528 additions and 379 deletions
--- a/packages/server/package.json
+++ b/packages/server/package.json
@ -156,6 +156,7 @@
    "@types/pouchdb": "6.4.2",
    "@types/server-destroy": "1.0.1",
    "@types/supertest": "2.0.14",
+    "@types/swagger-jsdoc": "^6.0.4",
    "@types/tar": "6.1.5",
    "@types/tmp": "0.2.6",
    "@types/uuid": "8.3.4",
--- a/packages/server/specs/generate.ts
+++ b/packages/server/specs/generate.ts
@ -4,11 +4,11 @@ import { examples, schemas } from "./resources"
 import * as parameters from "./parameters"
 import * as security from "./security"

-const swaggerJsdoc = require("swagger-jsdoc")
+import swaggerJsdoc from "swagger-jsdoc"

 const VARIABLES = {}

-const options = {
+const opts: swaggerJsdoc.Options = {
  definition: {
    openapi: "3.0.0",
    info: {
@ -58,30 +58,27 @@ const options = {
 }

 function writeFile(output: any, filename: string) {
-  try {
-    const path = join(__dirname, filename)
-    let spec = output
-    if (filename.endsWith("json")) {
-      spec = JSON.stringify(output, null, 2)
-    }
-    // input the static variables
-    for (let [key, replacement] of Object.entries(VARIABLES)) {
-      spec = spec.replace(new RegExp(`{${key}}`, "g"), replacement)
-    }
-    writeFileSync(path, spec)
-    console.log(`Wrote spec to ${path}`)
-    return path
-  } catch (err) {
-    console.error("Error writing spec file", err)
+  const path = join(__dirname, filename)
+  let spec = output
+  if (filename.endsWith("json")) {
+    spec = JSON.stringify(output, null, 2)
  }
+  // input the static variables
+  for (let [key, replacement] of Object.entries(VARIABLES)) {
+    spec = spec.replace(new RegExp(`{${key}}`, "g"), replacement)
+  }
+  writeFileSync(path, spec)
+  console.log(`Wrote spec to ${path}`)
+  return path
+}
+
+export function spec() {
+  return swaggerJsdoc({ ...opts, format: ".json" })
 }

 export function run() {
-  const outputJSON = swaggerJsdoc(options)
-  options.format = ".yaml"
-  const outputYAML = swaggerJsdoc(options)
-  writeFile(outputJSON, "openapi.json")
-  return writeFile(outputYAML, "openapi.yaml")
+  writeFile(swaggerJsdoc({ ...opts, format: ".json" }), "openapi.json")
+  return writeFile(swaggerJsdoc({ ...opts, format: ".yaml" }), "openapi.yaml")
 }

 if (require.main === module) {
--- a/packages/server/specs/resources/error.ts
+++ b/packages/server/specs/resources/error.ts
@ -0,0 +1,21 @@
+import { object } from "./utils"
+import Resource from "./utils/Resource"
+
+const errorSchema = object({
+  status: {
+    type: "number",
+    description: "The HTTP status code of the error.",
+  },
+  message: {
+    type: "string",
+    description: "A descriptive message about the error.",
+  },
+})
+
+export default new Resource()
+  .setExamples({
+    error: {},
+  })
+  .setSchemas({
+    error: errorSchema,
+  })
--- a/packages/server/src/api/controllers/public/users.ts
+++ b/packages/server/src/api/controllers/public/users.ts
@ -48,7 +48,7 @@ function getUser(ctx: UserCtx, userId?: string) {
  if (userId) {
    ctx.params = { userId }
  } else if (!ctx.params?.userId) {
-    throw "No user ID provided for getting"
+    throw new Error("No user ID provided for getting")
  }
  return readGlobalUser(ctx)
 }
--- a/packages/server/src/api/routes/public/index.ts
+++ b/packages/server/src/api/routes/public/index.ts
@ -12,6 +12,7 @@ import { paramResource, paramSubResource } from "../../../middleware/resourceId"
 import { PermissionLevel, PermissionType } from "@budibase/types"
 import { CtxFn } from "./utils/Endpoint"
 import mapperMiddleware from "./middleware/mapper"
+import testErrorHandling from "./middleware/testErrorHandling"
 import env from "../../../environment"
 import { middleware, redis } from "@budibase/backend-core"
 import { SelectableDatabase } from "@budibase/backend-core/src/redis/utils"
@ -144,6 +145,10 @@ function applyRoutes(
  // add the output mapper middleware
  addMiddleware(endpoints.read, mapperMiddleware, { output: true })
  addMiddleware(endpoints.write, mapperMiddleware, { output: true })
+  if (env.isTest()) {
+    addMiddleware(endpoints.read, testErrorHandling())
+    addMiddleware(endpoints.write, testErrorHandling())
+  }
  addToRouter(endpoints.read)
  addToRouter(endpoints.write)
 }
--- a/packages/server/src/api/routes/public/middleware/testErrorHandling.ts
+++ b/packages/server/src/api/routes/public/middleware/testErrorHandling.ts
@ -0,0 +1,28 @@
+import { Ctx } from "@budibase/types"
+import environment from "../../../../environment"
+
+export default () => {
+  if (!environment.isTest()) {
+    throw new Error("This middleware is only for testing")
+  }
+
+  return async (ctx: Ctx, next: any) => {
+    try {
+      await next()
+    } catch (err: any) {
+      if (!ctx.headers["x-budibase-include-stacktrace"]) {
+        throw err
+      }
+
+      const status = err.status || err.statusCode || 500
+
+      let error = err
+      while (error.cause) {
+        error = error.cause
+      }
+
+      ctx.status = status
+      ctx.body = { status, message: error.message, stack: error.stack }
+    }
+  }
+}
--- a/packages/server/src/api/routes/public/tests/compare.spec.ts
+++ b/packages/server/src/api/routes/public/tests/compare.spec.ts
@ -2,184 +2,174 @@ import jestOpenAPI from "jest-openapi"
 import { run as generateSchema } from "../../../../../specs/generate"
 import * as setup from "../../tests/utilities"
 import { generateMakeRequest } from "./utils"
-import { Table, App, Row, User } from "@budibase/types"
+import { Table, App, Row } from "@budibase/types"
+import nock from "nock"
+import environment from "../../../../environment"

 const yamlPath = generateSchema()
 jestOpenAPI(yamlPath!)

-let config = setup.getConfig()
-let apiKey: string, table: Table, app: App, makeRequest: any
+describe("compare", () => {
+  let config = setup.getConfig()
+  let apiKey: string, table: Table, app: App, makeRequest: any

-beforeAll(async () => {
-  app = await config.init()
-  table = await config.upsertTable()
-  apiKey = await config.generateApiKey()
-  makeRequest = generateMakeRequest(apiKey)
-})
-
-afterAll(setup.afterAll)
-
-describe("check the applications endpoints", () => {
-  it("should allow retrieving applications through search", async () => {
-    const res = await makeRequest("post", "/applications/search")
-    expect(res).toSatisfyApiSpec()
-  })
-
-  it("should allow creating an application", async () => {
-    const res = await makeRequest(
-      "post",
-      "/applications",
-      {
-        name: "new App",
-      },
-      null
-    )
-    expect(res).toSatisfyApiSpec()
-  })
-
-  it("should allow updating an application", async () => {
-    const app = config.getApp()
-    const appId = config.getAppId()
-    const res = await makeRequest(
-      "put",
-      `/applications/${appId}`,
-      {
-        ...app,
-        name: "updated app name",
-      },
-      appId
-    )
-    expect(res).toSatisfyApiSpec()
-  })
-
-  it("should allow retrieving an application", async () => {
-    const res = await makeRequest("get", `/applications/${config.getAppId()}`)
-    expect(res).toSatisfyApiSpec()
-  })
-
-  it("should allow deleting an application", async () => {
-    const res = await makeRequest(
-      "delete",
-      `/applications/${config.getAppId()}`
-    )
-    expect(res).toSatisfyApiSpec()
-  })
-})
-
-describe("check the tables endpoints", () => {
-  it("should allow retrieving tables through search", async () => {
-    await config.createApp("new app 1")
+  beforeAll(async () => {
+    app = await config.init()
    table = await config.upsertTable()
-    const res = await makeRequest("post", "/tables/search")
-    expect(res).toSatisfyApiSpec()
+    apiKey = await config.generateApiKey()
+    makeRequest = generateMakeRequest(apiKey)
  })

-  it("should allow creating a table", async () => {
-    const res = await makeRequest("post", "/tables", {
-      name: "table name",
-      primaryDisplay: "column1",
-      schema: {
-        column1: {
-          type: "string",
-          constraints: {},
+  afterAll(setup.afterAll)
+
+  beforeEach(() => {
+    nock.cleanAll()
+  })
+
+  describe("check the applications endpoints", () => {
+    it("should allow retrieving applications through search", async () => {
+      const res = await makeRequest("post", "/applications/search")
+      expect(res).toSatisfyApiSpec()
+    })
+
+    it("should allow creating an application", async () => {
+      const res = await makeRequest(
+        "post",
+        "/applications",
+        {
+          name: "new App",
        },
-      },
+        null
+      )
+      expect(res).toSatisfyApiSpec()
    })
-    expect(res).toSatisfyApiSpec()
-  })

-  it("should allow updating a table", async () => {
-    const updated = { ...table, _rev: undefined, name: "new name" }
-    const res = await makeRequest("put", `/tables/${table._id}`, updated)
-    expect(res).toSatisfyApiSpec()
-  })
-
-  it("should allow retrieving a table", async () => {
-    const res = await makeRequest("get", `/tables/${table._id}`)
-    expect(res).toSatisfyApiSpec()
-  })
-
-  it("should allow deleting a table", async () => {
-    const res = await makeRequest("delete", `/tables/${table._id}`)
-    expect(res).toSatisfyApiSpec()
-  })
-})
-
-describe("check the rows endpoints", () => {
-  let row: Row
-  it("should allow retrieving rows through search", async () => {
-    table = await config.upsertTable()
-    const res = await makeRequest("post", `/tables/${table._id}/rows/search`, {
-      query: {},
+    it("should allow updating an application", async () => {
+      const app = config.getApp()
+      const appId = config.getAppId()
+      const res = await makeRequest(
+        "put",
+        `/applications/${appId}`,
+        {
+          ...app,
+          name: "updated app name",
+        },
+        appId
+      )
+      expect(res).toSatisfyApiSpec()
    })
-    expect(res).toSatisfyApiSpec()
-  })

-  it("should allow creating a row", async () => {
-    const res = await makeRequest("post", `/tables/${table._id}/rows`, {
-      name: "test row",
+    it("should allow retrieving an application", async () => {
+      const res = await makeRequest("get", `/applications/${config.getAppId()}`)
+      expect(res).toSatisfyApiSpec()
+    })
+
+    it("should allow deleting an application", async () => {
+      nock(environment.WORKER_URL!)
+        .delete(`/api/global/roles/${config.getProdAppId()}`)
+        .reply(200, {})
+
+      const res = await makeRequest(
+        "delete",
+        `/applications/${config.getAppId()}`
+      )
+      expect(res).toSatisfyApiSpec()
    })
-    expect(res).toSatisfyApiSpec()
-    row = res.body.data
  })

-  it("should allow updating a row", async () => {
-    const res = await makeRequest(
-      "put",
-      `/tables/${table._id}/rows/${row._id}`,
-      {
-        name: "test row updated",
-      }
-    )
-    expect(res).toSatisfyApiSpec()
+  describe("check the tables endpoints", () => {
+    it("should allow retrieving tables through search", async () => {
+      await config.createApp("new app 1")
+      table = await config.upsertTable()
+      const res = await makeRequest("post", "/tables/search")
+      expect(res).toSatisfyApiSpec()
+    })
+
+    it("should allow creating a table", async () => {
+      const res = await makeRequest("post", "/tables", {
+        name: "table name",
+        primaryDisplay: "column1",
+        schema: {
+          column1: {
+            type: "string",
+            constraints: {},
+          },
+        },
+      })
+      expect(res).toSatisfyApiSpec()
+    })
+
+    it("should allow updating a table", async () => {
+      const updated = { ...table, _rev: undefined, name: "new name" }
+      const res = await makeRequest("put", `/tables/${table._id}`, updated)
+      expect(res).toSatisfyApiSpec()
+    })
+
+    it("should allow retrieving a table", async () => {
+      const res = await makeRequest("get", `/tables/${table._id}`)
+      expect(res).toSatisfyApiSpec()
+    })
+
+    it("should allow deleting a table", async () => {
+      const res = await makeRequest("delete", `/tables/${table._id}`)
+      expect(res).toSatisfyApiSpec()
+    })
  })

-  it("should allow retrieving a row", async () => {
-    const res = await makeRequest("get", `/tables/${table._id}/rows/${row._id}`)
-    expect(res).toSatisfyApiSpec()
+  describe("check the rows endpoints", () => {
+    let row: Row
+    it("should allow retrieving rows through search", async () => {
+      table = await config.upsertTable()
+      const res = await makeRequest(
+        "post",
+        `/tables/${table._id}/rows/search`,
+        {
+          query: {},
+        }
+      )
+      expect(res).toSatisfyApiSpec()
+    })
+
+    it("should allow creating a row", async () => {
+      const res = await makeRequest("post", `/tables/${table._id}/rows`, {
+        name: "test row",
+      })
+      expect(res).toSatisfyApiSpec()
+      row = res.body.data
+    })
+
+    it("should allow updating a row", async () => {
+      const res = await makeRequest(
+        "put",
+        `/tables/${table._id}/rows/${row._id}`,
+        {
+          name: "test row updated",
+        }
+      )
+      expect(res).toSatisfyApiSpec()
+    })
+
+    it("should allow retrieving a row", async () => {
+      const res = await makeRequest(
+        "get",
+        `/tables/${table._id}/rows/${row._id}`
+      )
+      expect(res).toSatisfyApiSpec()
+    })
+
+    it("should allow deleting a row", async () => {
+      const res = await makeRequest(
+        "delete",
+        `/tables/${table._id}/rows/${row._id}`
+      )
+      expect(res).toSatisfyApiSpec()
+    })
  })

-  it("should allow deleting a row", async () => {
-    const res = await makeRequest(
-      "delete",
-      `/tables/${table._id}/rows/${row._id}`
-    )
-    expect(res).toSatisfyApiSpec()
-  })
-})
-
-describe("check the users endpoints", () => {
-  let user: User
-  it("should allow retrieving users through search", async () => {
-    user = await config.createUser()
-    const res = await makeRequest("post", "/users/search")
-    expect(res).toSatisfyApiSpec()
-  })
-
-  it("should allow creating a user", async () => {
-    const res = await makeRequest("post", "/users")
-    expect(res).toSatisfyApiSpec()
-  })
-
-  it("should allow updating a user", async () => {
-    const res = await makeRequest("put", `/users/${user._id}`)
-    expect(res).toSatisfyApiSpec()
-  })
-
-  it("should allow retrieving a user", async () => {
-    const res = await makeRequest("get", `/users/${user._id}`)
-    expect(res).toSatisfyApiSpec()
-  })
-
-  it("should allow deleting a user", async () => {
-    const res = await makeRequest("delete", `/users/${user._id}`)
-    expect(res).toSatisfyApiSpec()
-  })
-})
-
-describe("check the queries endpoints", () => {
-  it("should allow retrieving queries through search", async () => {
-    const res = await makeRequest("post", "/queries/search")
-    expect(res).toSatisfyApiSpec()
+  describe("check the queries endpoints", () => {
+    it("should allow retrieving queries through search", async () => {
+      const res = await makeRequest("post", "/queries/search")
+      expect(res).toSatisfyApiSpec()
+    })
  })
 })
--- a/packages/server/src/api/routes/public/tests/users.spec.ts
+++ b/packages/server/src/api/routes/public/tests/users.spec.ts
@ -1,132 +1,143 @@
 import * as setup from "../../tests/utilities"
-import { generateMakeRequest, MakeRequestResponse } from "./utils"
 import { User } from "@budibase/types"
-import { mocks } from "@budibase/backend-core/tests"
+import { generator, mocks } from "@budibase/backend-core/tests"
+import nock from "nock"
+import TestConfiguration from "../../../../tests/utilities/TestConfiguration"
+import { mockWorkerUserAPI } from "./utils"

-import * as workerRequests from "../../../../utilities/workerRequests"
+describe("public users API", () => {
+  const config = new TestConfiguration()
+  let globalUser: User

-const mockedWorkerReq = jest.mocked(workerRequests)
-
-let config = setup.getConfig()
-let apiKey: string, globalUser: User, makeRequest: MakeRequestResponse
-
-beforeAll(async () => {
-  await config.init()
-  globalUser = await config.globalUser()
-  apiKey = await config.generateApiKey(globalUser._id)
-  makeRequest = generateMakeRequest(apiKey)
-  mockedWorkerReq.readGlobalUser.mockImplementation(() =>
-    Promise.resolve(globalUser)
-  )
-})
-
-afterAll(setup.afterAll)
-
-function base() {
-  return {
-    tenantId: config.getTenantId(),
-    firstName: "Test",
-    lastName: "Test",
-  }
-}
-
-function updateMock() {
-  mockedWorkerReq.readGlobalUser.mockImplementation(ctx => ctx.request.body)
-}
-
-describe("check user endpoints", () => {
-  it("should not allow a user to update their own roles", async () => {
-    const res = await makeRequest("put", `/users/${globalUser._id}`, {
-      ...globalUser,
-      roles: {
-        app_1: "ADMIN",
-      },
-    })
-    expect(
-      mockedWorkerReq.saveGlobalUser.mock.lastCall?.[0].body.data.roles["app_1"]
-    ).toBeUndefined()
-    expect(res.status).toBe(200)
-    expect(res.body.data.roles["app_1"]).toBeUndefined()
+  beforeAll(async () => {
+    await config.init()
  })

-  it("should not allow a user to delete themselves", async () => {
-    const res = await makeRequest("delete", `/users/${globalUser._id}`)
-    expect(res.status).toBe(405)
-    expect(mockedWorkerReq.deleteGlobalUser.mock.lastCall).toBeUndefined()
-  })
-})
-
-describe("no user role update in free", () => {
-  beforeAll(() => {
-    updateMock()
-  })
-
-  it("should not allow 'roles' to be updated", async () => {
-    const res = await makeRequest("post", "/users", {
-      ...base(),
-      roles: { app_a: "BASIC" },
-    })
-    expect(res.status).toBe(200)
-    expect(res.body.data.roles["app_a"]).toBeUndefined()
-    expect(res.body.message).toBeDefined()
-  })
-
-  it("should not allow 'admin' to be updated", async () => {
-    const res = await makeRequest("post", "/users", {
-      ...base(),
-      admin: { global: true },
-    })
-    expect(res.status).toBe(200)
-    expect(res.body.data.admin).toBeUndefined()
-    expect(res.body.message).toBeDefined()
-  })
-
-  it("should not allow 'builder' to be updated", async () => {
-    const res = await makeRequest("post", "/users", {
-      ...base(),
-      builder: { global: true },
-    })
-    expect(res.status).toBe(200)
-    expect(res.body.data.builder).toBeUndefined()
-    expect(res.body.message).toBeDefined()
-  })
-})
-
-describe("no user role update in business", () => {
-  beforeAll(() => {
-    updateMock()
-    mocks.licenses.useExpandedPublicApi()
-  })
-
-  it("should allow 'roles' to be updated", async () => {
-    const res = await makeRequest("post", "/users", {
-      ...base(),
-      roles: { app_a: "BASIC" },
-    })
-    expect(res.status).toBe(200)
-    expect(res.body.data.roles["app_a"]).toBe("BASIC")
-    expect(res.body.message).toBeUndefined()
-  })
-
-  it("should allow 'admin' to be updated", async () => {
-    mocks.licenses.useExpandedPublicApi()
-    const res = await makeRequest("post", "/users", {
-      ...base(),
-      admin: { global: true },
-    })
-    expect(res.status).toBe(200)
-    expect(res.body.data.admin.global).toBe(true)
-    expect(res.body.message).toBeUndefined()
-  })
-
-  it("should allow 'builder' to be updated", async () => {
-    mocks.licenses.useExpandedPublicApi()
-    const res = await makeRequest("post", "/users", {
-      ...base(),
-      builder: { global: true },
-    })
-    expect(res.status).toBe(200)
-    expect(res.body.data.builder.global).toBe(true)
-    expect(res.body.message).toBeUndefined()
+  afterAll(setup.afterAll)
+
+  beforeEach(async () => {
+    globalUser = await config.globalUser()
+
+    nock.cleanAll()
+    mockWorkerUserAPI(globalUser)
+  })
+
+  describe("read", () => {
+    it("should allow a user to read themselves", async () => {
+      const user = await config.api.user.find(globalUser._id!)
+      expect(user._id).toBe(globalUser._id)
+    })
+
+    it("should allow a user to read another user", async () => {
+      const otherUser = await config.api.public.user.create({
+        email: generator.email({ domain: "example.com" }),
+        roles: {},
+      })
+      const user = await config.withUser(globalUser, () =>
+        config.api.public.user.find(otherUser._id!)
+      )
+      expect(user._id).toBe(otherUser._id)
+    })
+  })
+
+  describe("create", () => {
+    it("can successfully create a new user", async () => {
+      const email = generator.email({ domain: "example.com" })
+      const newUser = await config.api.public.user.create({
+        email,
+        roles: {},
+      })
+      expect(newUser.email).toBe(email)
+      expect(newUser._id).toBeDefined()
+    })
+
+    describe("role creation on free tier", () => {
+      it("should not allow 'roles' to be updated", async () => {
+        const newUser = await config.api.public.user.create({
+          email: generator.email({ domain: "example.com" }),
+          roles: { app_a: "BASIC" },
+        })
+        expect(newUser.roles["app_a"]).toBeUndefined()
+      })
+
+      it("should not allow 'admin' to be updated", async () => {
+        const newUser = await config.api.public.user.create({
+          email: generator.email({ domain: "example.com" }),
+          roles: {},
+          admin: { global: true },
+        })
+        expect(newUser.admin).toBeUndefined()
+      })
+
+      it("should not allow 'builder' to be updated", async () => {
+        const newUser = await config.api.public.user.create({
+          email: generator.email({ domain: "example.com" }),
+          roles: {},
+          builder: { global: true },
+        })
+        expect(newUser.builder).toBeUndefined()
+      })
+    })
+
+    describe("role creation on business tier", () => {
+      beforeAll(() => {
+        mocks.licenses.useExpandedPublicApi()
+      })
+
+      it("should allow 'roles' to be updated", async () => {
+        const newUser = await config.api.public.user.create({
+          email: generator.email({ domain: "example.com" }),
+          roles: { app_a: "BASIC" },
+        })
+        expect(newUser.roles["app_a"]).toBe("BASIC")
+      })
+
+      it("should allow 'admin' to be updated", async () => {
+        const newUser = await config.api.public.user.create({
+          email: generator.email({ domain: "example.com" }),
+          roles: {},
+          admin: { global: true },
+        })
+        expect(newUser.admin?.global).toBe(true)
+      })
+
+      it("should allow 'builder' to be updated", async () => {
+        const newUser = await config.api.public.user.create({
+          email: generator.email({ domain: "example.com" }),
+          roles: {},
+          builder: { global: true },
+        })
+        expect(newUser.builder?.global).toBe(true)
+      })
+    })
+  })
+
+  describe("update", () => {
+    it("can update a user", async () => {
+      const updatedUser = await config.api.public.user.update({
+        ...globalUser,
+        email: `updated-${globalUser.email}`,
+      })
+      expect(updatedUser.email).toBe(`updated-${globalUser.email}`)
+    })
+
+    it("should not allow a user to update their own roles", async () => {
+      await config.withUser(globalUser, () =>
+        config.api.public.user.update({
+          ...globalUser,
+          roles: { app_1: "ADMIN" },
+        })
+      )
+      const updatedUser = await config.api.user.find(globalUser._id!)
+      expect(updatedUser.roles?.app_1).toBeUndefined()
+    })
+  })
+
+  describe("delete", () => {
+    it("should not allow a user to delete themselves", async () => {
+      await config.withUser(globalUser, () =>
+        config.api.public.user.destroy(globalUser._id!, { status: 405 })
+      )
+    })
  })
 })
--- a/packages/server/src/api/routes/public/tests/utils.ts
+++ b/packages/server/src/api/routes/public/tests/utils.ts
@ -1,6 +1,10 @@
 import * as setup from "../../tests/utilities"
 import { checkSlashesInUrl } from "../../../../utilities"
 import supertest from "supertest"
+import { User } from "@budibase/types"
+import environment from "../../../../environment"
+import nock from "nock"
+import { generator } from "@budibase/backend-core/tests"

 export type HttpMethod = "post" | "get" | "put" | "delete" | "patch"

@ -91,3 +95,43 @@ export function generateMakeRequestWithFormData(
    return res
  }
 }
+
+export function mockWorkerUserAPI(...seedUsers: User[]) {
+  const users: Record<string, User> = {
+    ...seedUsers.reduce((acc, user) => {
+      acc[user._id!] = user
+      return acc
+    }, {} as Record<string, User>),
+  }
+
+  nock(environment.WORKER_URL!)
+    .get(new RegExp(`/api/global/users/.*`))
+    .reply(200, (uri, body) => {
+      const id = uri.split("/").pop()
+      return users[id!]
+    })
+    .persist()
+
+  nock(environment.WORKER_URL!)
+    .post(`/api/global/users`)
+    .reply(200, (uri, body) => {
+      const newUser = body as User
+      if (!newUser._id) {
+        newUser._id = `us_${generator.guid()}`
+      }
+      users[newUser._id!] = newUser
+      return newUser
+    })
+    .persist()
+
+  nock(environment.WORKER_URL!)
+    .put(new RegExp(`/api/global/users/.*`))
+    .reply(200, (uri, body) => {
+      const id = uri.split("/").pop()!
+      const updatedUser = body as User
+      const existingUser = users[id] || {}
+      users[id] = { ...existingUser, ...updatedUser }
+      return users[id]
+    })
+    .persist()
+}
--- a/packages/server/src/api/routes/tests/utilities/index.ts
+++ b/packages/server/src/api/routes/tests/utilities/index.ts
@ -3,44 +3,6 @@ import supertest from "supertest"

 export * as structures from "../../../../tests/utilities/structures"

-function user() {
-  return {
-    _id: "user",
-    _rev: "rev",
-    createdAt: Date.now(),
-    email: "test@example.com",
-    roles: {},
-    tenantId: "default",
-    status: "active",
-  }
-}
-
-jest.mock("../../../../utilities/workerRequests", () => ({
-  getGlobalUsers: jest.fn(() => {
-    return {
-      _id: "us_uuid1",
-    }
-  }),
-  getGlobalSelf: jest.fn(() => {
-    return {
-      _id: "us_uuid1",
-    }
-  }),
-  allGlobalUsers: jest.fn(() => {
-    return [user()]
-  }),
-  readGlobalUser: jest.fn(() => {
-    return user()
-  }),
-  saveGlobalUser: jest.fn(() => {
-    return { _id: "user", _rev: "rev" }
-  }),
-  deleteGlobalUser: jest.fn(() => {
-    return { message: "deleted user" }
-  }),
-  removeAppFromUserRoles: jest.fn(),
-}))
-
 export function delay(ms: number) {
  return new Promise(resolve => setTimeout(resolve, ms))
 }
--- a/packages/server/src/tests/utilities/TestConfiguration.ts
+++ b/packages/server/src/tests/utilities/TestConfiguration.ts
@ -67,6 +67,7 @@ import {
  View,
  Webhook,
  WithRequired,
+  DevInfo,
 } from "@budibase/types"

 import API from "./api"
@ -248,7 +249,7 @@ export default class TestConfiguration {
    }
  }

-  async withUser(user: User, f: () => Promise<void>) {
+  async withUser<T>(user: User, f: () => Promise<T>): Promise<T> {
    const oldUser = this.user
    this.user = user
    try {
@ -469,7 +470,10 @@ export default class TestConfiguration {
    }
  }

-  defaultHeaders(extras = {}, prodApp = false) {
+  defaultHeaders(
+    extras: Record<string, string | string[]> = {},
+    prodApp = false
+  ) {
    const tenantId = this.getTenantId()
    const user = this.getUser()
    const authObj: AuthToken = {
@ -498,10 +502,13 @@ export default class TestConfiguration {
    }
  }

-  publicHeaders({ prodApp = true } = {}) {
+  publicHeaders({
+    prodApp = true,
+    extras = {},
+  }: { prodApp?: boolean; extras?: Record<string, string | string[]> } = {}) {
    const appId = prodApp ? this.prodAppId : this.appId

-    const headers: any = {
+    const headers: Record<string, string> = {
      Accept: "application/json",
      Cookie: "",
    }
@ -514,6 +521,7 @@ export default class TestConfiguration {
    return {
      ...headers,
      ...this.temporaryHeaders,
+      ...extras,
    }
  }

@ -577,17 +585,17 @@ export default class TestConfiguration {
    }
    const db = tenancy.getTenantDB(this.getTenantId())
    const id = dbCore.generateDevInfoID(userId)
-    let devInfo: any
-    try {
-      devInfo = await db.get(id)
-    } catch (err) {
-      devInfo = { _id: id, userId }
+    const devInfo = await db.tryGet<DevInfo>(id)
+    if (devInfo && devInfo.apiKey) {
+      return devInfo.apiKey
    }
-    devInfo.apiKey = encryption.encrypt(
+
+    const apiKey = encryption.encrypt(
      `${this.getTenantId()}${dbCore.SEPARATOR}${newid()}`
    )
-    await db.put(devInfo)
-    return devInfo.apiKey
+    const newDevInfo: DevInfo = { _id: id, userId, apiKey }
+    await db.put(newDevInfo)
+    return apiKey
  }

  // APP
--- a/packages/server/src/tests/utilities/api/base.ts
+++ b/packages/server/src/tests/utilities/api/base.ts
@ -1,8 +1,12 @@
+import jestOpenAPI from "jest-openapi"
+import { spec } from "../../../../specs/generate"
 import TestConfiguration from "../TestConfiguration"
 import request, { SuperTest, Test, Response } from "supertest"
 import { ReadStream } from "fs"
 import { getServer } from "../../../app"

+jestOpenAPI(spec() as any)
+
 type Headers = Record<string, string | string[] | undefined>
 type Method = "get" | "post" | "put" | "patch" | "delete"

@ -46,6 +50,7 @@ export interface RequestOpts {
 export abstract class TestAPI {
  config: TestConfiguration
  request: SuperTest<Test>
+  prefix = ""

  constructor(config: TestConfiguration) {
    this.config = config
@ -53,26 +58,26 @@ export abstract class TestAPI {
  }

  protected _get = async <T>(url: string, opts?: RequestOpts): Promise<T> => {
-    return await this._request<T>("get", url, opts)
+    return await this._request<T>("get", `${this.prefix}${url}`, opts)
  }

  protected _post = async <T>(url: string, opts?: RequestOpts): Promise<T> => {
-    return await this._request<T>("post", url, opts)
+    return await this._request<T>("post", `${this.prefix}${url}`, opts)
  }

  protected _put = async <T>(url: string, opts?: RequestOpts): Promise<T> => {
-    return await this._request<T>("put", url, opts)
+    return await this._request<T>("put", `${this.prefix}${url}`, opts)
  }

  protected _patch = async <T>(url: string, opts?: RequestOpts): Promise<T> => {
-    return await this._request<T>("patch", url, opts)
+    return await this._request<T>("patch", `${this.prefix}${url}`, opts)
  }

  protected _delete = async <T>(
    url: string,
    opts?: RequestOpts
  ): Promise<T> => {
-    return await this._request<T>("delete", url, opts)
+    return await this._request<T>("delete", `${this.prefix}${url}`, opts)
  }

  protected _requestRaw = async (
@ -88,7 +93,6 @@ export abstract class TestAPI {
      fields = {},
      files = {},
      expectations,
-      publicUser = false,
    } = opts || {}
    const { status = 200 } = expectations || {}
    const expectHeaders = expectations?.headers || {}
@ -97,7 +101,7 @@ export abstract class TestAPI {
      expectHeaders["Content-Type"] = /^application\/json/
    }

-    let queryParams = []
+    let queryParams: string[] = []
    for (const [key, value] of Object.entries(query)) {
      if (value) {
        queryParams.push(`${key}=${value}`)
@ -107,18 +111,10 @@ export abstract class TestAPI {
      url += `?${queryParams.join("&")}`
    }

-    const headersFn = publicUser
-      ? (_extras = {}) =>
-          this.config.publicHeaders.bind(this.config)({
-            prodApp: opts?.useProdApp,
-          })
-      : (extras = {}) =>
-          this.config.defaultHeaders.bind(this.config)(extras, opts?.useProdApp)
-
    const app = getServer()
    let req = request(app)[method](url)
    req = req.set(
-      headersFn({
+      await this.getHeaders(opts, {
        "x-budibase-include-stacktrace": "true",
      })
    )
@ -167,10 +163,18 @@ export abstract class TestAPI {
    }
  }

-  protected _checkResponse = (
-    response: Response,
-    expectations?: Expectations
-  ) => {
+  protected async getHeaders(
+    opts?: RequestOpts,
+    extras?: Record<string, string | string[]>
+  ): Promise<Record<string, string | string[]>> {
+    if (opts?.publicUser) {
+      return this.config.publicHeaders({ prodApp: opts?.useProdApp, extras })
+    } else {
+      return this.config.defaultHeaders(extras, opts?.useProdApp)
+    }
+  }
+
+  protected _checkResponse(response: Response, expectations?: Expectations) {
    const { status = 200 } = expectations || {}

    if (response.status !== status) {
@ -236,3 +240,34 @@ export abstract class TestAPI {
    ).body
  }
 }
+
+export abstract class PublicAPI extends TestAPI {
+  prefix = "/api/public/v1"
+
+  protected async getHeaders(
+    opts?: RequestOpts,
+    extras?: Record<string, string | string[]>
+  ): Promise<Record<string, string | string[]>> {
+    const apiKey = await this.config.generateApiKey()
+
+    const headers: Record<string, string | string[]> = {
+      Accept: "application/json",
+      Host: this.config.tenantHost(),
+      "x-budibase-api-key": apiKey,
+      "x-budibase-app-id": this.config.getAppId(),
+      ...extras,
+    }
+
+    return headers
+  }
+
+  protected _checkResponse(response: Response, expectations?: Expectations) {
+    const checked = super._checkResponse(response, expectations)
+    if (checked.status >= 200 && checked.status < 300) {
+      // We don't seem to have documented our errors yet, so for the time being
+      // we'll only do the schema check for successful responses.
+      expect(checked).toSatisfyApiSpec()
+    }
+    return checked
+  }
+}
--- a/packages/server/src/tests/utilities/api/index.ts
+++ b/packages/server/src/tests/utilities/api/index.ts
@ -17,6 +17,7 @@ import { RowActionAPI } from "./rowAction"
 import { AutomationAPI } from "./automation"
 import { PluginAPI } from "./plugin"
 import { WebhookAPI } from "./webhook"
+import { UserPublicAPI } from "./public/user"

 export default class API {
  application: ApplicationAPI
@ -38,6 +39,10 @@ export default class API {
  viewV2: ViewV2API
  webhook: WebhookAPI

+  public: {
+    user: UserPublicAPI
+  }
+
  constructor(config: TestConfiguration) {
    this.application = new ApplicationAPI(config)
    this.attachment = new AttachmentAPI(config)
@ -57,5 +62,8 @@ export default class API {
    this.user = new UserAPI(config)
    this.viewV2 = new ViewV2API(config)
    this.webhook = new WebhookAPI(config)
+    this.public = {
+      user: new UserPublicAPI(config),
+    }
  }
 }
--- a/packages/server/src/tests/utilities/api/public/user.ts
+++ b/packages/server/src/tests/utilities/api/public/user.ts
@ -0,0 +1,34 @@
+import { UnsavedUser, User } from "@budibase/types"
+import { Expectations, PublicAPI } from "../base"
+
+export class UserPublicAPI extends PublicAPI {
+  find = async (id: string, expectations?: Expectations): Promise<User> => {
+    const response = await this._get<{ data: User }>(`/users/${id}`, {
+      expectations,
+    })
+    return response.data
+  }
+
+  update = async (user: User, expectations?: Expectations): Promise<User> => {
+    const response = await this._put<{ data: User }>(`/users/${user._id}`, {
+      body: user,
+      expectations,
+    })
+    return response.data
+  }
+
+  destroy = async (id: string, expectations?: Expectations): Promise<void> => {
+    return await this._delete(`/users/${id}`, { expectations })
+  }
+
+  create = async (
+    user: UnsavedUser,
+    expectations?: Expectations
+  ): Promise<User> => {
+    const response = await this._post<{ data: User }>("/users", {
+      body: user,
+      expectations,
+    })
+    return response.data
+  }
+}
--- a/yarn.lock
+++ b/yarn.lock
@ -2796,9 +2796,9 @@
    through2 "^2.0.0"

 "@budibase/pro@npm:@budibase/pro@latest":
-  version "3.4.20"
-  resolved "https://registry.yarnpkg.com/@budibase/pro/-/pro-3.4.20.tgz#0d855d6ed8fe92fd178c74a8963d879cc124b034"
-  integrity sha512-hUteGvhMOKjBo0fluxcqNs7d4x8OU5W8Oqqrm7eIS9Ohe7ala2iWNCcrj+x+S9CavIm6s7JZZnAewa2Maiz2zQ==
+  version "3.4.22"
+  resolved "https://registry.yarnpkg.com/@budibase/pro/-/pro-3.4.22.tgz#943f23cb7056041bc1f433ee60b3d093145e7a4a"
+  integrity sha512-Du3iZsmRLopfoi2SvxQyY1P2Su3Nw0WbITOrKmZFsVLjZ9MzzTZs0Ph/SJHzrfJpM7rn9+8788BLSf3Z3l9KcQ==
  dependencies:
    "@anthropic-ai/sdk" "^0.27.3"
    "@budibase/backend-core" "*"
@ -7142,6 +7142,11 @@
  dependencies:
    "@types/superagent" "*"

+"@types/swagger-jsdoc@^6.0.4":
+  version "6.0.4"
+  resolved "https://registry.yarnpkg.com/@types/swagger-jsdoc/-/swagger-jsdoc-6.0.4.tgz#bb4f60f3a5f103818e022f2e29ff8935113fb83d"
+  integrity sha512-W+Xw5epcOZrF/AooUM/PccNMSAFOKWZA5dasNyMujTwsBkU74njSJBpvCCJhHAJ95XRMzQrrW844Btu0uoetwQ==
+
 "@types/tar-fs@2.0.1":
  version "2.0.1"
  resolved "https://registry.yarnpkg.com/@types/tar-fs/-/tar-fs-2.0.1.tgz#6391dcad1b03dea2d79fac07371585ab54472bb1"