adding some authorization tests

packages/backend/jobs-manager/service/src/modules/database/jobs/jobs.e2e-spec.ts

@@ -3,6 +3,7 @@ import { Test, TestingModule } from '@nestjs/testing';
 import {
   TestingData,
   checkAuthorizations,
+  checkAuthorizationsCronApiKey,
   createProject,
   deleteReq,
   getReq,
@@ -105,6 +106,10 @@ describe('Job Controller (e2e)', () => {
     expect(r.statusCode).toBe(HttpStatus.OK);
   });
 
+  // ####################################
+  // ########## Authorizations ##########
+  // ####################################
+
   it('Should have proper authorizations (GET /jobs)', async () => {
     const success = await checkAuthorizations(
       testData,
@@ -156,6 +161,23 @@ describe('Job Controller (e2e)', () => {
     expect(success).toBe(true);
   });
 
+  it('Should have proper authorizations (POST /jobs/cleanup)', async () => {
+    const success = await checkAuthorizationsCronApiKey(
+      testData,
+      async (givenToken: string, headers, authenticate) => {
+        return await postReq(
+          app,
+          givenToken,
+          `/jobs/cleanup`,
+          undefined,
+          headers,
+          authenticate,
+        );
+      },
+    );
+    expect(success).toBe(true);
+  });
+
   // The delete all jobs path cannot be called using this method
   // because it breaks the tests as they are run in parallel
 });

packages/backend/jobs-manager/service/src/modules/findings/findings.e2e-spec.ts

@@ -0,0 +1,70 @@
+import { INestApplication, ValidationPipe } from '@nestjs/common';
+import { Test, TestingModule } from '@nestjs/testing';
+import {
+  TestingData,
+  checkAuthorizations,
+  checkAuthorizationsCronApiKey,
+  getReq,
+  initTesting,
+  postReq,
+} from '../../test/e2e.utils';
+import { AppModule } from '../app.module';
+import { Role } from '../auth/constants';
+
+describe('Findings Controller (e2e)', () => {
+  let app: INestApplication;
+  let testData: TestingData;
+  let jobId: string;
+
+  beforeAll(async () => {
+    const moduleFixture: TestingModule = await Test.createTestingModule({
+      imports: [AppModule],
+    }).compile();
+
+    app = moduleFixture.createNestApplication();
+    app.useGlobalPipes(
+      new ValidationPipe({
+        whitelist: true,
+        forbidNonWhitelisted: true,
+      }),
+    );
+    await app.init();
+    testData = await initTesting(app);
+  });
+
+  afterAll(async () => {
+    await app.close();
+  });
+
+  // ####################################
+  // ########## Authorizations ##########
+  // ####################################
+
+  it('Should have proper authorizations (GET /findings/)', async () => {
+    const success = await checkAuthorizations(
+      testData,
+      Role.ReadOnly,
+      async (givenToken: string) => {
+        return await getReq(app, givenToken, `/findings/`);
+      },
+    );
+    expect(success).toBe(true);
+  });
+
+  it('Should have proper authorizations (POST /findings/cleanup)', async () => {
+    const success = await checkAuthorizationsCronApiKey(
+      testData,
+      async (givenToken: string, headers, authenticate) => {
+        return await postReq(
+          app,
+          givenToken,
+          `/findings/cleanup`,
+          undefined,
+          headers,
+          authenticate,
+        );
+      },
+    );
+    expect(success).toBe(true);
+  });
+});

packages/backend/jobs-manager/service/src/test/e2e.utils.ts

@@ -326,6 +326,14 @@ export async function checkAuthorizations(
   return true;
 }
 
+/**
+ * Automatically runs a test with the different valid authorization levels and
+ * returns true if the authorizations were properly checked. Used to check authorizations
+ * on a controller endpoint that uses the `CronApiTokenGuard`
+ * @param data The test data that includes valid user tokens.
+ * @param call The function to call to test the endpoint. Takes a bearer token as parameter, headers and if it should be authenticated. Returns a supertest Response
+ * @returns true if authorization is valid only for the cron API token, false otherwise
+ */
 export async function checkAuthorizationsCronApiKey(
   data: TestingData,
   call: (