@velocitycareerlabs/server-careerwallet 1.25.0-dev-build.12642c864

package/test/devices-controller.test.js

@@ -0,0 +1,1025 @@
+const { mongoDb } = require('@spencejs/spence-mongo-repos');
+const { ObjectId } = require('mongodb');
+const { omit } = require('lodash/fp');
+const {
+  OBJECT_ID_FORMAT,
+  ISO_DATETIME_FORMAT,
+} = require('@velocitycareerlabs/test-regexes');
+const { generateKeyPair } = require('@velocitycareerlabs/crypto');
+const { hexFromJwk } = require('@velocitycareerlabs/jwt');
+const initDevicesFactory = require('./factories/devices-factory');
+const initNotificationsFactory = require('./factories/notifications-factory');
+const buildFastify = require('./helpers/careerwallet-build-fastify');
+const devicesRepoPlugin = require('../src/controllers/api/v0.6/devices/repo');
+const {
+  NotificationTypes,
+} = require('../src/controllers/api/v0.6/push/notification-types');
+const { accountScopes } = require('../src/entities');
+const {
+  createAccessToken,
+  missingAccessTokenExpectation,
+  incorrectScopeExpectation,
+  incorrectAccessTokenExpectation,
+} = require('./helpers/access-token');
+
+const notificationExpectation = (notification) => ({
+  ...omit(['createdAt', 'deviceId', 'linkedDevice'])(notification),
+  id: notification._id,
+});
+describe('devices endpoints', () => {
+  let fastify;
+  let persistDevices;
+  let device;
+  let persistNotifications;
+  let devicesRepo;
+  let publicKey;
+  let privateKey;
+
+  beforeAll(async () => {
+    ({ publicKey, privateKey } = generateKeyPair({ format: 'jwk' }));
+
+    fastify = buildFastify({
+      holderAppServerAccessTokenPublicKey: publicKey,
+      holderAppServerAccessTokenSigningKey: hexFromJwk(privateKey),
+      oauthVerificationDisabledEndpoints: [
+        'GET:/api/v0.6/devices/:deviceId',
+        'GET:/api/v0.6/devices/:deviceId/pushes',
+        'DELETE:/api/v0.6/devices/:deviceId',
+        'PUT:/api/v0.6/devices/:deviceId',
+      ],
+    });
+
+    await fastify.ready();
+
+    ({ persistDevices } = initDevicesFactory(fastify));
+    ({ persistNotifications } = initNotificationsFactory(fastify));
+
+    devicesRepo = devicesRepoPlugin(fastify)({
+      log: fastify.log,
+      config: fastify.config,
+    });
+  });
+
+  afterAll(async () => {
+    await mongoDb().collection('devices').deleteMany({});
+    await mongoDb().collection('notifications').deleteMany({});
+    await fastify.close();
+  });
+  describe('Unprotected endpoints or access token verification disabled', () => {
+    describe('register device', () => {
+      it('should respond 400 when deviceId does not exist', async () => {
+        const response = await fastify.injectJson({
+          method: 'POST',
+          url: '/api/v0.6/devices',
+          payload: {
+            deviceType: 'phone',
+            deviceOS: 'osx',
+          },
+        });
+
+        expect(response.statusCode).toEqual(400);
+      });
+
+      it('should respond 400 when deviceId is empty string', async () => {
+        const response = await fastify.injectJson({
+          method: 'POST',
+          url: '/api/v0.6/devices',
+          payload: {
+            deviceType: 'phone',
+            deviceOS: 'osx',
+            deviceId: '',
+          },
+        });
+
+        expect(response.statusCode).toEqual(400);
+      });
+
+      it('should respond 400 when deviceType does not exist', async () => {
+        const response = await fastify.injectJson({
+          method: 'POST',
+          url: '/api/v0.6/devices',
+          payload: { deviceId: '122334', deviceOS: 'osx' },
+        });
+
+        expect(response.statusCode).toEqual(400);
+      });
+
+      it('should respond 400 when deviceType does not match the enum', async () => {
+        const response = await fastify.injectJson({
+          method: 'POST',
+          url: '/api/v0.6/devices',
+          payload: {
+            deviceId: '122334',
+            deviceType: 'laptop',
+            deviceOS: 'osx',
+          },
+        });
+
+        expect(response.statusCode).toEqual(400);
+      });
+
+      it('should respond 400 when deviceOS does not exist', async () => {
+        const response = await fastify.injectJson({
+          method: 'POST',
+          url: '/api/v0.6/devices',
+          payload: {
+            deviceId: '122334',
+            deviceType: 'phone',
+          },
+        });
+
+        expect(response.statusCode).toEqual(400);
+      });
+
+      it('should respond 400 when deviceOS does not match the enum', async () => {
+        const response = await fastify.injectJson({
+          method: 'POST',
+          url: '/api/v0.6/devices',
+          payload: {
+            deviceId: '122334',
+            deviceType: 'phone',
+            deviceOS: 'chromeos',
+          },
+        });
+
+        expect(response.statusCode).toEqual(400);
+      });
+
+      it('should register a device', async () => {
+        const response = await fastify.injectJson({
+          method: 'POST',
+          url: '/api/v0.6/devices',
+          payload: {
+            deviceId: '122334',
+            deviceType: 'phone',
+            deviceOS: 'ios',
+          },
+        });
+
+        expect(response.statusCode).toEqual(200);
+        expect(response.json).toEqual({
+          deviceId: '122334',
+          deviceType: 'phone',
+          deviceOS: 'ios',
+          pushToken: expect.any(String),
+        });
+        const dbResult = await mongoDb()
+          .collection('devices')
+          .findOne({ deviceId: '122334' });
+        expect(dbResult).toEqual({
+          _id: expect.any(ObjectId),
+          deviceId: '122334',
+          deviceType: 'phone',
+          deviceOS: 'ios',
+          pushToken: expect.any(String),
+          createdAt: expect.any(Date),
+          updatedAt: expect.any(Date),
+        });
+      });
+
+      it('should respond 200 when pushActivated flag does not exist', async () => {
+        const response = await fastify.injectJson({
+          method: 'POST',
+          url: '/api/v0.6/devices',
+          payload: {
+            deviceId: '122334',
+            deviceType: 'phone',
+            deviceOS: 'ios',
+          },
+        });
+
+        expect(response.statusCode).toEqual(200);
+      });
+
+      it('should respond 400 when pushActivated is non boolean', async () => {
+        const response = await fastify.injectJson({
+          method: 'POST',
+          url: '/api/v0.6/devices',
+          payload: {
+            deviceId: '122334',
+            deviceType: 'phone',
+            deviceOS: 'ios',
+            pushActivated: 'nonBoolean',
+          },
+        });
+
+        expect(response.statusCode).toEqual(400);
+      });
+    });
+
+    it('should register device with the same deviceId without creating a new device', async () => {
+      await mongoDb().collection('devices').deleteMany({});
+      const reqJSON = {
+        method: 'POST',
+        url: '/api/v0.6/devices',
+        payload: {
+          deviceId: '122334',
+          deviceType: 'phone',
+          deviceOS: 'ios',
+        },
+      };
+      const response = await fastify.injectJson(reqJSON);
+      const response2 = await fastify.injectJson(reqJSON);
+      await fastify.injectJson(reqJSON);
+
+      expect(response.statusCode).toEqual(200);
+      expect(response.json).toEqual({
+        deviceId: '122334',
+        deviceType: 'phone',
+        deviceOS: 'ios',
+        pushToken: expect.any(String),
+      });
+      expect(response.json).toEqual(response2.json);
+      const dbResult = await mongoDb()
+        .collection('devices')
+        .find({ deviceId: '122334' })
+        .toArray();
+      expect(dbResult.length).toEqual(1);
+    });
+
+    describe('get a device by device id', () => {
+      beforeAll(async () => {
+        device = await persistDevices();
+        await persistDevices({ deviceId: '1223' });
+      });
+
+      it('should return a device by deviceId', async () => {
+        const response = await fastify.injectJson({
+          method: 'GET',
+          url: `/api/v0.6/devices/${device.deviceId}`,
+        });
+
+        expect(response.statusCode).toEqual(200);
+        expect(response.json).toEqual({
+          ...omit('_id', device),
+          id: expect.stringMatching(OBJECT_ID_FORMAT),
+          updatedAt: expect.stringMatching(ISO_DATETIME_FORMAT),
+          createdAt: expect.stringMatching(ISO_DATETIME_FORMAT),
+        });
+      });
+
+      it('should return a list of devices', async () => {
+        const response = await fastify.injectJson({
+          method: 'GET',
+          url: '/api/v0.6/devices',
+        });
+
+        expect(response.statusCode).toEqual(200);
+        expect(response.json).toEqual(
+          expect.arrayContaining([
+            {
+              ...omit('_id', device),
+              id: expect.stringMatching(OBJECT_ID_FORMAT),
+              updatedAt: expect.stringMatching(ISO_DATETIME_FORMAT),
+              createdAt: expect.stringMatching(ISO_DATETIME_FORMAT),
+            },
+            {
+              ...omit('_id', device),
+              id: expect.stringMatching(OBJECT_ID_FORMAT),
+              updatedAt: expect.stringMatching(ISO_DATETIME_FORMAT),
+              createdAt: expect.stringMatching(ISO_DATETIME_FORMAT),
+            },
+          ])
+        );
+      });
+    });
+
+    describe('remove a device by device id', () => {
+      beforeAll(async () => {
+        device = await persistDevices();
+        notification = await persistNotifications({
+          deviceId: device.deviceId,
+        });
+      });
+
+      it('should delete a device', async () => {
+        const response = await fastify.injectJson({
+          method: 'DELETE',
+          url: `/api/v0.6/devices/${device.deviceId}`,
+        });
+
+        expect(response.statusCode).toEqual(204);
+        expect(response.json).toEqual({});
+        const dbResult = await mongoDb()
+          .collection('devices')
+          .findOne({ deviceId: device.deviceId });
+        expect(dbResult).toEqual(null);
+      });
+
+      it('should delete a device and the linked notifications', async () => {
+        await mongoDb().collection('devices').deleteMany({});
+        await mongoDb().collection('notifications').deleteMany({});
+        device = await persistDevices();
+        const { deviceId, _id } = device;
+        await persistNotifications({
+          deviceId,
+          linkedDevice: new ObjectId(_id),
+        });
+        await persistNotifications({
+          deviceId,
+          linkedDevice: new ObjectId(_id),
+        });
+
+        const response = await fastify.injectJson({
+          method: 'DELETE',
+          url: `/api/v0.6/devices/${deviceId}`,
+        });
+
+        expect(response.statusCode).toEqual(204);
+        expect(response.json).toEqual({});
+        let dbResult = await mongoDb()
+          .collection('devices')
+          .findOne({ deviceId });
+        expect(dbResult).toEqual(null);
+        dbResult = await mongoDb()
+          .collection('notifications')
+          .findOne({ deviceId });
+        expect(dbResult).toEqual(null);
+      });
+      it('should delete a device without linked notifications', async () => {
+        device = await persistDevices();
+        const { deviceId } = device;
+
+        const response = await fastify.injectJson({
+          method: 'DELETE',
+          url: `/api/v0.6/devices/${deviceId}`,
+        });
+
+        expect(response.statusCode).toEqual(204);
+        expect(response.json).toEqual({});
+        let dbResult = await mongoDb()
+          .collection('devices')
+          .findOne({ deviceId });
+        expect(dbResult).toEqual(null);
+        dbResult = await mongoDb()
+          .collection('notifications')
+          .findOne({ deviceId });
+        expect(dbResult).toEqual(null);
+      });
+
+      it('should throw an error when device not found', async () => {
+        const response = await fastify.injectJson({
+          method: 'DELETE',
+          url: '/api/v0.6/devices/1234',
+        });
+
+        expect(response.statusCode).toEqual(404);
+      });
+    });
+
+    let notification;
+    let notifications;
+    describe('get notifications for a device', () => {
+      const deviceId =
+        // eslint-disable-next-line max-len
+        'fs9hEl5QeENQmf_fR4xl4k:APA91bGJgbkY03CIcOTm2h1gEXv4jHgY1UuhIavAR9_IiN6p-VBUqfpkNF3UZM_V9pqq1iFckvteao4wjT7Q8gxg7DuC9yH9e0MuxX2U6byM-SAL1J0P-DaWBsPiRyLLkjIcB60nq21J';
+      beforeAll(async () => {
+        notification = await persistNotifications();
+        notifications = [
+          await persistNotifications({ deviceId }),
+          await persistNotifications({ deviceId }),
+        ];
+      });
+
+      it('should return one notification for the deviceId', async () => {
+        const response = await fastify.injectJson({
+          method: 'GET',
+          url: `/api/v0.6/devices/${notification.deviceId}/pushes`,
+        });
+
+        expect(response.statusCode).toEqual(200);
+        expect(response.json).toEqual({
+          nextPushSeqId: notification._id,
+          pushes: [
+            {
+              ...notificationExpectation(notification),
+            },
+          ],
+        });
+      });
+
+      it('should return notifications for the deviceId', async () => {
+        const response = await fastify.injectJson({
+          method: 'GET',
+          url: `/api/v0.6/devices/${deviceId}/pushes`,
+        });
+
+        expect(response.statusCode).toEqual(200);
+        expect(response.json).toEqual({
+          nextPushSeqId: notifications[1]._id,
+          pushes: notifications.map(notificationExpectation),
+        });
+      });
+
+      it('should return a filtered array of notifications', async () => {
+        const pushSeqId = notifications[0]._id;
+        const response = await fastify.injectJson({
+          method: 'GET',
+          url: `/api/v0.6/devices/${deviceId}/pushes?pushSeqId=${pushSeqId}`,
+        });
+
+        expect(response.statusCode).toEqual(200);
+        expect(response.json).toEqual({
+          nextPushSeqId: notifications[1]._id,
+          pushes: [
+            {
+              ...notificationExpectation(notifications[1]),
+            },
+          ],
+        });
+      });
+
+      it('should return an empty array of notifications', async () => {
+        const withoutNotificationsId = 'CR18oDogm8BiCtdSqgsnP';
+        const response = await fastify.injectJson({
+          method: 'GET',
+          url: `/api/v0.6/devices/${withoutNotificationsId}/pushes`,
+        });
+
+        expect(response.statusCode).toEqual(200);
+        expect(response.json).toEqual({
+          pushes: [],
+        });
+      });
+    });
+
+    describe('update device id on FCM token refresh', () => {
+      it('should return updated device with new push token id', async () => {
+        const { deviceId } = await persistDevices();
+        const newDeviceId = `${deviceId}-new`;
+
+        const response = await fastify.injectJson({
+          method: 'PUT',
+          url: `/api/v0.6/devices/${deviceId}`,
+          payload: {
+            deviceType: 'phone',
+            deviceOS: 'ios',
+            deviceId: newDeviceId,
+          },
+        });
+
+        expect(response.statusCode).toEqual(200);
+
+        expect(response.json).toEqual({
+          deviceType: 'phone',
+          deviceOS: 'ios',
+          deviceId: newDeviceId,
+        });
+
+        expect(
+          await devicesRepo.findOne({ deviceId: newDeviceId })
+        ).toBeTruthy();
+      });
+
+      it('should return 404 in case device not found', async () => {
+        const { deviceId } = await persistDevices();
+        const notExistingDeviceId = 'not-existing-device-id';
+
+        const response = await fastify.injectJson({
+          method: 'PUT',
+          url: `/api/v0.6/devices/${notExistingDeviceId}`,
+          payload: {
+            deviceType: 'phone',
+            deviceOS: 'ios',
+            deviceId,
+          },
+        });
+
+        expect(response.statusCode).toEqual(404);
+      });
+
+      it('related push notifications should have updated device id', async () => {
+        const { deviceId, _id } = await persistDevices();
+        const newDeviceId = `${deviceId}-new`;
+
+        await persistNotifications({
+          deviceId,
+          linkedDevice: new ObjectId(_id),
+        });
+        await persistNotifications({
+          deviceId,
+          linkedDevice: new ObjectId(_id),
+        });
+
+        await fastify.injectJson({
+          method: 'PUT',
+          url: `/api/v0.6/devices/${deviceId}`,
+          payload: {
+            deviceType: 'phone',
+            deviceOS: 'ios',
+            deviceId: newDeviceId,
+          },
+        });
+
+        const dbResult = await mongoDb()
+          .collection('notifications')
+          .find({ deviceId: newDeviceId })
+          .toArray();
+
+        expect(dbResult).toHaveLength(2);
+      });
+
+      it('in case new device id is the same notifications should not be updated', async () => {
+        const { deviceId, _id } = await persistDevices();
+
+        await persistNotifications({
+          deviceId,
+          linkedDevice: new ObjectId(_id),
+        });
+        await persistNotifications({
+          deviceId,
+          linkedDevice: new ObjectId(_id),
+        });
+
+        await fastify.injectJson({
+          method: 'PUT',
+          url: `/api/v0.6/devices/${deviceId}`,
+          payload: {
+            deviceType: 'phone',
+            deviceOS: 'ios',
+            deviceId,
+          },
+        });
+
+        const notificationsThatHaventChanged = await mongoDb()
+          .collection('notifications')
+          .find({
+            deviceId,
+            $expr: { $eq: ['$createdAt', '$updatedAt'] },
+          })
+          .toArray();
+
+        expect(notificationsThatHaventChanged).toHaveLength(2);
+      });
+    });
+
+    describe('Notifications should have proper fields in GET /pushes response', () => {
+      let deviceId;
+      let response;
+      let presentationVerifiedNotification;
+      let newOffersReadyNotification;
+      let noOffersFoundNotification;
+      let credentialRevokedNotification;
+      let credentialReplacedNotification;
+
+      beforeAll(async () => {
+        ({ deviceId } = await persistDevices());
+
+        presentationVerifiedNotification = await persistNotifications({
+          deviceId,
+          data: {
+            notificationType: NotificationTypes.PresentationVerified,
+            notificationId: 'testNotificationId1',
+            count: '0',
+            issuer: 'testDid1',
+            exchangeId: 'testExchangeId',
+            serviceEndpoint: 'https://testserviceendpoint.com',
+          },
+        });
+
+        newOffersReadyNotification = await persistNotifications({
+          deviceId,
+          data: {
+            notificationType: NotificationTypes.NewOffersReady,
+            notificationId: 'testNotificationId2',
+            count: '0',
+            issuer: 'testDid2',
+            exchangeId: 'testExchangeId',
+            serviceEndpoint: 'https://testserviceendpoint.com',
+            credentialTypes: '["EmploymentPastV1.1"]',
+          },
+        });
+
+        noOffersFoundNotification = await persistNotifications({
+          deviceId,
+          data: {
+            notificationType: NotificationTypes.NoOffersFound,
+            notificationId: 'testNotificationId3',
+            count: '0',
+            issuer: 'testDid3',
+            exchangeId: 'testExchangeId',
+            serviceEndpoint: 'https://testserviceendpoint.com',
+            credentialTypes: '[]',
+          },
+        });
+
+        credentialRevokedNotification = await persistNotifications({
+          deviceId,
+          data: {
+            notificationType: NotificationTypes.CredentialRevoked,
+            notificationId: 'testNotificationId4',
+            count: '0',
+            issuer: 'testDid4',
+            exchangeId: 'testExchangeId',
+            serviceEndpoint: 'https://testserviceendpoint.com',
+            credentialTypes: '["EmploymentPastV1.1"]',
+            credentialId: 'testCredentialId',
+          },
+        });
+
+        credentialReplacedNotification = await persistNotifications({
+          deviceId,
+          data: {
+            notificationType: NotificationTypes.CredentialReplaced,
+            notificationId: 'testNotificationId5',
+            count: '0',
+            issuer: 'testDid5',
+            exchangeId: 'testExchangeId',
+            serviceEndpoint: 'https://testserviceendpoint.com',
+            credentialTypes: '["EmploymentPastV1.1"]',
+            replacementCredentialType: 'EmploymentCurrentV1.1',
+          },
+        });
+
+        response = await fastify.injectJson({
+          method: 'GET',
+          url: `/api/v0.6/devices/${deviceId}/pushes`,
+        });
+      });
+
+      it('PresentationVerified notification should have proper fields in GET /pushes response', async () => {
+        expect(response.json).toEqual(
+          expect.objectContaining({
+            pushes: expect.arrayContaining([
+              {
+                ...notificationExpectation(presentationVerifiedNotification),
+                data: {
+                  notificationType: NotificationTypes.PresentationVerified,
+                  notificationId: 'testNotificationId1',
+                  count: '0',
+                  issuer: 'testDid1',
+                  exchangeId: 'testExchangeId',
+                },
+              },
+            ]),
+          })
+        );
+      });
+
+      it('NewOffersReady notification should have proper fields in GET /pushes response', async () => {
+        expect(response.json).toEqual(
+          expect.objectContaining({
+            pushes: expect.arrayContaining([
+              {
+                ...notificationExpectation(newOffersReadyNotification),
+                data: {
+                  notificationType: NotificationTypes.NewOffersReady,
+                  notificationId: 'testNotificationId2',
+                  count: '0',
+                  issuer: 'testDid2',
+                  exchangeId: 'testExchangeId',
+                  credentialTypes: '["EmploymentPastV1.1"]',
+                },
+              },
+            ]),
+          })
+        );
+      });
+
+      it('NoOffersFound notification should have proper fields in GET /pushes response', async () => {
+        expect(response.json).toEqual(
+          expect.objectContaining({
+            pushes: expect.arrayContaining([
+              {
+                ...notificationExpectation(noOffersFoundNotification),
+                data: {
+                  notificationType: NotificationTypes.NoOffersFound,
+                  notificationId: 'testNotificationId3',
+                  count: '0',
+                  issuer: 'testDid3',
+                  exchangeId: 'testExchangeId',
+                  credentialTypes: '[]',
+                },
+              },
+            ]),
+          })
+        );
+      });
+
+      it('CredentialRevoked notification should have proper fields in GET /pushes response', async () => {
+        expect(response.json).toEqual(
+          expect.objectContaining({
+            pushes: expect.arrayContaining([
+              {
+                ...notificationExpectation(credentialRevokedNotification),
+                data: {
+                  notificationType: NotificationTypes.CredentialRevoked,
+                  notificationId: 'testNotificationId4',
+                  count: '0',
+                  issuer: 'testDid4',
+                  exchangeId: 'testExchangeId',
+                  credentialTypes: '["EmploymentPastV1.1"]',
+                  credentialId: 'testCredentialId',
+                },
+              },
+            ]),
+          })
+        );
+      });
+
+      it('CredentialReplaced notification should have proper fields in GET /pushes response', async () => {
+        expect(response.json).toEqual(
+          expect.objectContaining({
+            pushes: expect.arrayContaining([
+              {
+                ...notificationExpectation(credentialReplacedNotification),
+                data: {
+                  notificationType: NotificationTypes.CredentialReplaced,
+                  notificationId: 'testNotificationId5',
+                  count: '0',
+                  issuer: 'testDid5',
+                  exchangeId: 'testExchangeId',
+                  credentialTypes: '["EmploymentPastV1.1"]',
+                  replacementCredentialType: 'EmploymentCurrentV1.1',
+                },
+              },
+            ]),
+          })
+        );
+      });
+    });
+  });
+
+  describe('Access token verification enabled', () => {
+    const deviceId = 'test-device-id';
+
+    beforeAll(async () => {
+      fastify.overrides.reqConfig = (config) => ({
+        ...config,
+        oauthVerificationDisabledEndpoints: [], // enabled for all endpoints
+      });
+
+      device = await persistDevices();
+    });
+
+    describe('GET /api/v0.6/devices/:deviceId/pushes - get pushes endpoint', () => {
+      it('should return notifications for the deviceId if correct access token and inbox scope are provided', async () => {
+        const accessToken = await createAccessToken(
+          accountScopes.inbox,
+          privateKey
+        );
+
+        const notifications = [
+          await persistNotifications({ deviceId }),
+          await persistNotifications({ deviceId }),
+        ];
+
+        const response = await fastify.injectJson({
+          method: 'GET',
+          url: `/api/v0.6/devices/${deviceId}/pushes`,
+          headers: {
+            authorization: `Bearer ${accessToken}`,
+          },
+        });
+
+        expect(response.statusCode).toEqual(200);
+        expect(response.json).toEqual({
+          nextPushSeqId: notifications[1]._id,
+          pushes: notifications.map(notificationExpectation),
+        });
+      });
+
+      it('should return 401 when no access token is provided', async () => {
+        const response = await fastify.injectJson({
+          method: 'GET',
+          url: `/api/v0.6/devices/${deviceId}/pushes`,
+        });
+
+        missingAccessTokenExpectation(response);
+      });
+
+      it('Should return 403 when incorrect scope is provided', async () => {
+        const accessToken = await createAccessToken('wrong-scope', privateKey);
+
+        const response = await fastify.injectJson({
+          method: 'GET',
+          url: `/api/v0.6/devices/${deviceId}/pushes`,
+          headers: {
+            authorization: `Bearer ${accessToken}`,
+          },
+        });
+
+        incorrectScopeExpectation(response);
+      });
+
+      it('should return 401 when incorrect access token is provided', async () => {
+        const response = await fastify.injectJson({
+          method: 'GET',
+          url: `/api/v0.6/devices/${deviceId}/pushes`,
+          headers: {
+            authorization: 'Bearer incorrect_token',
+          },
+        });
+
+        incorrectAccessTokenExpectation(response);
+      });
+    });
+
+    describe('GET /api/v0.6/devices/:deviceId - get device endpoint', () => {
+      it('should return a device by deviceId if correct access token and account scope are provided', async () => {
+        const accessToken = await createAccessToken(
+          accountScopes.account,
+          privateKey
+        );
+
+        const response = await fastify.injectJson({
+          method: 'GET',
+          url: `/api/v0.6/devices/${device.deviceId}`,
+          headers: {
+            authorization: `Bearer ${accessToken}`,
+          },
+        });
+
+        expect(response.statusCode).toEqual(200);
+        expect(response.json).toEqual({
+          ...omit('_id', device),
+          id: expect.stringMatching(OBJECT_ID_FORMAT),
+          updatedAt: expect.stringMatching(ISO_DATETIME_FORMAT),
+          createdAt: expect.stringMatching(ISO_DATETIME_FORMAT),
+        });
+      });
+
+      it('should return 401 when no access token is provided', async () => {
+        const response = await fastify.injectJson({
+          method: 'GET',
+          url: `/api/v0.6/devices/${device.deviceId}`,
+        });
+
+        missingAccessTokenExpectation(response);
+      });
+
+      it('Should return 403 when incorrect scope is provided', async () => {
+        const accessToken = await createAccessToken('wrong-scope', privateKey);
+
+        const response = await fastify.injectJson({
+          method: 'GET',
+          url: `/api/v0.6/devices/${device.deviceId}`,
+          headers: {
+            authorization: `Bearer ${accessToken}`,
+          },
+        });
+
+        incorrectScopeExpectation(response);
+      });
+
+      it('should return 401 when incorrect access token is provided', async () => {
+        const response = await fastify.injectJson({
+          method: 'GET',
+          url: `/api/v0.6/devices/${device.deviceId}`,
+          headers: {
+            authorization: 'Bearer incorrect_token',
+          },
+        });
+
+        incorrectAccessTokenExpectation(response);
+      });
+    });
+
+    describe('DELETE /api/v0.6/devices/:deviceId - delete devices endpoint', () => {
+      it('should delete a device if correct access token and account scope are provided', async () => {
+        const accessToken = await createAccessToken(
+          accountScopes.account,
+          privateKey
+        );
+
+        const response = await fastify.injectJson({
+          method: 'DELETE',
+          url: `/api/v0.6/devices/${device.deviceId}`,
+          headers: {
+            authorization: `Bearer ${accessToken}`,
+          },
+        });
+
+        expect(response.statusCode).toEqual(204);
+        expect(response.json).toEqual({});
+        const dbResult = await mongoDb()
+          .collection('devices')
+          .findOne({ deviceId: device.deviceId });
+        expect(dbResult).toEqual(null);
+      });
+
+      it('should return 401 when no access token is provided', async () => {
+        const response = await fastify.injectJson({
+          method: 'DELETE',
+          url: `/api/v0.6/devices/${device.deviceId}`,
+        });
+
+        missingAccessTokenExpectation(response);
+      });
+
+      it('Should return 403 when incorrect scope is provided', async () => {
+        const accessToken = await createAccessToken('wrong-scope', privateKey);
+
+        const response = await fastify.injectJson({
+          method: 'DELETE',
+          url: `/api/v0.6/devices/${device.deviceId}`,
+          headers: {
+            authorization: `Bearer ${accessToken}`,
+          },
+        });
+
+        incorrectScopeExpectation(response);
+      });
+
+      it('should return 401 when incorrect access token is provided', async () => {
+        const response = await fastify.injectJson({
+          method: 'DELETE',
+          url: `/api/v0.6/devices/${device.deviceId}`,
+          headers: {
+            authorization: 'Bearer incorrect_token',
+          },
+        });
+
+        incorrectAccessTokenExpectation(response);
+      });
+    });
+
+    describe('PUT /api/v0.6/devices - update device endpoint', () => {
+      it('should return updated device with new push token id if correct access token and account scope are provided', async () => {
+        const oldDeviceId = 'old-device-id';
+        const oldDevice = await persistDevices({ deviceId: oldDeviceId });
+        const newDeviceId = `${oldDevice.deviceId}-new`;
+
+        const accessToken = await createAccessToken(
+          accountScopes.account,
+          privateKey
+        );
+
+        const response = await fastify.injectJson({
+          method: 'PUT',
+          url: `/api/v0.6/devices/${oldDevice.deviceId}`,
+          payload: {
+            deviceType: 'phone',
+            deviceOS: 'ios',
+            deviceId: newDeviceId,
+          },
+          headers: {
+            authorization: `Bearer ${accessToken}`,
+          },
+        });
+
+        expect(response.statusCode).toEqual(200);
+
+        expect(response.json).toEqual({
+          deviceType: 'phone',
+          deviceOS: 'ios',
+          deviceId: newDeviceId,
+        });
+
+        expect(
+          await devicesRepo.findOne({ deviceId: newDeviceId })
+        ).toBeTruthy();
+      });
+
+      it('should return 401 when no access token is provided', async () => {
+        const response = await fastify.injectJson({
+          method: 'PUT',
+          url: `/api/v0.6/devices/${device.deviceId}`,
+          payload: {
+            deviceType: 'phone',
+            deviceOS: 'ios',
+            deviceId,
+          },
+        });
+
+        missingAccessTokenExpectation(response);
+      });
+
+      it('Should return 403 when incorrect scope is provided', async () => {
+        const accessToken = await createAccessToken('wrong-scope', privateKey);
+
+        const response = await fastify.injectJson({
+          method: 'PUT',
+          url: `/api/v0.6/devices/${device.deviceId}`,
+          payload: {
+            deviceType: 'phone',
+            deviceOS: 'ios',
+            deviceId,
+          },
+          headers: {
+            authorization: `Bearer ${accessToken}`,
+          },
+        });
+
+        incorrectScopeExpectation(response);
+      });
+
+      it('should return 401 when incorrect access token is provided', async () => {
+        const response = await fastify.injectJson({
+          method: 'PUT',
+          url: `/api/v0.6/devices/${device.deviceId}`,
+          payload: {
+            deviceType: 'phone',
+            deviceOS: 'ios',
+            deviceId,
+          },
+          headers: {
+            authorization: 'Bearer incorrect_token',
+          },
+        });
+
+        incorrectAccessTokenExpectation(response);
+      });
+    });
+  });
+});