npm - @w3-commons/js-build-resources - Versions diffs - 0.0.1-security → 1.0.4 - Mend

@w3-commons/js-build-resources 0.0.1-security → 1.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of @w3-commons/js-build-resources might be problematic. Click here for more details.

Files changed (98) hide show

package/settings-service/package.json ADDED Viewed

@@ -0,0 +1,101 @@
+{
+  "name": "settings-service",
+  "version": "1.0.0",
+  "description": "",
+  "main": "index.js",
+  "scripts": {
+    "local": "nodemon --watch src/ -e ts  --exec \"npm run build-quick\"",
+    "build": "npm run compile && npm run package && npm run analyze",
+    "build-quick": "npm run compile && npm run package && node ./build/server.js ",
+    "compile": "npm run clean && tsc -p tsconfig.json",
+    "analyze": "npm run unit-test",
+    "clean": "rm -rf build",
+    "test:functional": "sh ./scripts/run-fn-tests.sh",
+    "smoke-test": "npm run --silent",
+    "unit-test": "jest --forceExit -c jest.config.unit.js --coverage && node collectCodeCoverage",
+    "integration-test": "jest -i --forceExit -c jest.config.it.js",
+    "package": "cp jest.config* build && cp -r scripts build",
+    "lint": "eslint \"src/**/*.ts\" --fix"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.ibm.com/w3-profile/settings-service.git"
+  },
+  "author": "",
+  "license": "ISC",
+  "dependencies": {
+    "app-root-path": "^2.2.1",
+    "axios": "^0.19.0",
+    "cors": "^2.8.5",
+    "dotenv": "^6.2.0",
+    "dse-driver": "^2.3.1",
+    "eslint-plugin-import": "^2.25.4",
+    "lodash": "^4.17.21",
+    "npm-run": "^5.0.1",
+    "randomstring": "^1.1.5",
+    "request-promise": "^4.2.6",
+    "restify": "^8.1.0",
+    "restify-cors-middleware": "^1.1.1",
+    "restify-errors": "^8.0.2",
+    "swagger-ui-restify": "^3.0.8",
+    "ts-node": "^10.7.0",
+    "winston": "^3.2.1"
+  },
+  "devDependencies": {
+    "@types/app-root-path": "^1.2.4",
+    "@types/cors": "^2.8.4",
+    "@types/eslint": "^7.29.0",
+    "@types/jest": "^24.0.11",
+    "@types/lodash": "^4.14.123",
+    "@types/node": "^11.9.4",
+    "@types/node-fetch": "^2.1.6",
+    "@types/node-schedule": "^1.2.4",
+    "@types/request": "^2.0.12",
+    "@types/request-promise": "^4.1.42",
+    "@types/restify": "^7.2.5",
+    "@types/restify-errors": "^4.3.3",
+    "@typescript-eslint/eslint-plugin": "^4.6.1",
+    "@typescript-eslint/parser": "^4.6.1",
+    "@w3-commons/js-build-resources": "^1.0.3",
+    "eslint": "^7.27.0",
+    "eslint-config-airbnb-base": "^14.2.1",
+    "eslint-config-prettier": "^6.15.0",
+    "eslint-import-resolver-typescript": "^2.5.0",
+    "eslint-plugin-prettier": "^3.4.1",
+    "jest": "^26.6.3",
+    "nodemon": "^1.18.10",
+    "prettier": "^2.5.1",
+    "request": "^2.88.2",
+    "ts-jest": "^26.5.6",
+    "typescript": "^4.5.4",
+    "typescript-eslint-parser": "^22.0.0"
+  },
+  "jest": {
+    "verbose": false,
+    "transform": {
+      "^.+\\.tsx?$": "ts-jest"
+    },
+    "testRegex": "(/__tests__/unit/.*)spec.ts$",
+    "moduleFileExtensions": [
+      "ts",
+      "tsx",
+      "js",
+      "json"
+    ],
+    "coverageDirectory": "test/coverage",
+    "collectCoverageFrom": [
+      "**/src/**/*.{ts,tsx}"
+    ],
+    "coveragePathIgnorePatterns": [
+      "(/__tests__/unit/.*)"
+    ],
+    "coverageThreshold": {
+      "global": {
+        "branches": 70,
+        "functions": 80,
+        "lines": 80,
+        "statements": 80
+      }
+    }
+  }
+}

package/settings-service/scripts/run-fn-tests.sh ADDED Viewed

@@ -0,0 +1,3 @@
+if [ "${APP_ENVIRONMENT}" = "test" -o "${APP_ENVIRONMENT}" = "dev" ]; then
+   jest -i --forceExit -c jest.config.fn.js
+fi

package/settings-service/sonar-project.properties ADDED Viewed

@@ -0,0 +1,3 @@
+sonar.sources=src
+sonar.typescript.lcov.reportPaths=coverage/lcov.info
+sonar.exclusions=src/__tests__/**/*,src/index.ts,src/server.ts,src/logger/logger.ts

package/settings-service/src/__tests__/functional/controller/ApiKeyController.fn.ts ADDED Viewed

@@ -0,0 +1,132 @@
+import axios from 'axios';
+import http from 'axios/lib/adapters/http';
+import { downloadCassandra } from '../../../util/downloadCassandra';
+import { cassandraDBHelpers } from '../../../repo/cassandraDBHelpers';
+import { settings } from '../../../config/config';
+import { deleteApiKeyQuery } from '../../../repo/apiKeyQueries';
+import { sampleAuthorization, TEST_APP_ID, TEST_USER_ID } from '../../utils/test-utils';
+axios.defaults.adapter = http;
+const apiKeyAuthorizedIds: string = settings.apiKeyAuthorizedUserIds;
+settings.apiKeyAuthorizedUserIds = TEST_USER_ID;
+const urlprefix =
+  process.env.INGRESS_HOSTNAME !== undefined
+    ? `https://${process.env.INGRESS_HOSTNAME}`
+    : 'http://localhost:8000';
+let createdApiKey = '';
+const TEST_HEADER = { Authorization: `Bearer ${JSON.stringify(sampleAuthorization)}` };
+beforeAll(async () => {
+  await downloadCassandra();
+  await cassandraDBHelpers.execute(deleteApiKeyQuery, [TEST_APP_ID]);
+});
+afterAll(async () => {
+  await cassandraDBHelpers.execute(deleteApiKeyQuery, [TEST_APP_ID]);
+  await cassandraDBHelpers.shutdown();
+  settings.apiKeyAuthorizedUserIds = apiKeyAuthorizedIds;
+});
+afterEach(() => {
+  jest.clearAllMocks();
+});
+describe('create api key', () => {
+  it('should allow an authorized user to create an api key', async () => {
+    const data = await axios({
+      method: 'post',
+      url: `${urlprefix}/v1/settings/apiKey/app/${TEST_APP_ID}`,
+      headers: TEST_HEADER,
+    }).then((res) => res.data);
+    createdApiKey = data.key;
+    expect(data).toBeDefined();
+    expect(data.key).toHaveLength(48);
+    expect(typeof data.key).toBe('string');
+  });
+  it('should not allow an unauthorized user to create an api key', async () => {
+    expect.assertions(3);
+    try {
+      await axios({
+        method: 'post',
+        url: `${urlprefix}/v1/settings/apiKey/app/${TEST_APP_ID}`,
+        headers: {
+          Authorization: `Bearer ${JSON.stringify({ email: 'invalidEmail@ibm.com', id: 'INVALIDID' })}`,
+        },
+      }).then((res) => res.data);
+    } catch (err) {
+      expect(err).toBeDefined();
+      expect(err).toBeInstanceOf(Error);
+      expect(err.message).toBe('Request failed with status code 403');
+    }
+  });
+});
+describe('get api key', () => {
+  it('should allow an authorized user to create an api key', async () => {
+    const data = await axios({
+      method: 'get',
+      url: `${urlprefix}/v1/settings/apiKey/app/${TEST_APP_ID}`,
+      headers: TEST_HEADER,
+    }).then((res) => res.data);
+    expect(data).toBeDefined();
+    expect(data.key).toHaveLength(48);
+    expect(typeof data.key).toBe('string');
+    expect(data.key).toEqual(createdApiKey);
+  });
+  it('should not allow an unauthorized user to retrive an api key', async () => {
+    expect.assertions(3);
+    try {
+      await axios({
+        method: 'get',
+        url: `${urlprefix}/v1/settings/apiKey/app/${TEST_APP_ID}`,
+        headers: {
+          Authorization: `Bearer ${JSON.stringify({ email: 'invalidEmail@ibm.com', id: 'INVALIDID' })}`,
+        },
+      }).then((res) => res.data);
+    } catch (err) {
+      expect(err).toBeDefined();
+      expect(err).toBeInstanceOf(Error);
+      expect(err.message).toBe('Request failed with status code 403');
+    }
+  });
+  describe('update api key', () => {
+    it('should allow an authorized user to update an api key', async () => {
+      const data = await axios({
+        method: 'put',
+        url: `${urlprefix}/v1/settings/apiKey/app/${TEST_APP_ID}`,
+        headers: TEST_HEADER,
+      }).then((res) => res.data);
+      expect(data).toBeDefined();
+      expect(data.key).toHaveLength(48);
+      expect(typeof data.key).toBe('string');
+      expect(data.key).not.toEqual(createdApiKey);
+    });
+    it('should not allow an unauthorized user to update an api key', async () => {
+      expect.assertions(3);
+      try {
+        await axios({
+          method: 'put',
+          url: `${urlprefix}/v1/settings/apiKey/app/${TEST_APP_ID}`,
+          headers: {
+            Authorization: `Bearer ${JSON.stringify({ email: 'invalidEmail@ibm.com', id: 'INVALIDID' })}`,
+          },
+        }).then((res) => res.data);
+      } catch (err) {
+        expect(err).toBeDefined();
+        expect(err).toBeInstanceOf(Error);
+        expect(err.message).toBe('Request failed with status code 403');
+      }
+    });
+  });
+});

package/settings-service/src/__tests__/functional/middleware/AuthMiddlewareNextGenSSO.fn.ts ADDED Viewed

@@ -0,0 +1,82 @@
+import axios from 'axios';
+import http from 'axios/lib/adapters/http';
+import { ApiKeyRepoFactory } from '../../../repo/ApiKeyRepoFactory';
+import { deleteApiKeyQuery } from '../../../repo/apiKeyQueries';
+import { ApiKeyRepo } from '../../../repo/ApiKeyRepo';
+import { cassandraDBHelpers } from '../../../repo/cassandraDBHelpers';
+import { SettingsRepo } from '../../../repo/settingsRepo';
+import { TEST_APP_ID, TEST_USER_ID } from '../../utils/test-utils';
+import { SettingsRepoFactory } from '../../../repo/settingsRepoFactory';
+import { downloadCassandra } from '../../../util/downloadCassandra';
+axios.defaults.adapter = http;
+const TEST_SETTING = 'test';
+const W3ID_TOKEN = `Bearer Q3ccWQ4TZxK3bm6vnuOk5kQ9JApv7PCr8aLFxtKf`;
+async function apiKeySetup(): Promise<string> {
+  const apiKeyRepo: ApiKeyRepo = ApiKeyRepoFactory.accessOrCreateSingleton();
+  const createdApiKey = await apiKeyRepo.createApiKey(TEST_APP_ID, 'TEST_USER_ID');
+  return Buffer.from(`w3notifications-test:${createdApiKey}`).toString('base64');
+}
+const TEST_HEADER = { headers: { Authorization: `${W3ID_TOKEN}` } };
+let TEST_HEADER_API: any = {};
+const urlprefix =
+  process.env.INGRESS_HOSTNAME !== undefined
+    ? `https://${process.env.INGRESS_HOSTNAME}`
+    : 'http://localhost:8000';
+const settingsRepo: SettingsRepo = SettingsRepoFactory.accessOrCreateSingleton();
+/**
+ * Below are functional tests for Authentication Middleware NextGen SSO (ISV)
+ */
+describe('Authentication fails with invalid token', () => {
+  const TEST_RESP = { general: {} };
+  TEST_RESP[TEST_APP_ID] = {};
+  beforeAll(async () => {
+    await downloadCassandra();
+    await settingsRepo.deleteUserSettings(TEST_USER_ID);
+    await settingsRepo.deleteAppSettings(TEST_APP_ID, TEST_SETTING);
+    TEST_HEADER_API = { headers: { Authorization: `apiKey ${await apiKeySetup()}`, nextgen_sso: true } };
+  });
+  afterAll(async () => {
+    await settingsRepo.deleteUserSettings(TEST_USER_ID);
+    await cassandraDBHelpers.execute(deleteApiKeyQuery, [TEST_APP_ID]);
+    await cassandraDBHelpers.shutdown();
+  });
+  it('will not authenticate invalid token', async () => {
+    let caughtError;
+    try {
+      await axios.post(`${urlprefix}/v1/settings/users/${TEST_USER_ID}/apps/${TEST_APP_ID}`, {}, TEST_HEADER);
+      expect(false).toBeTruthy();
+    } catch (err) {
+      caughtError = err;
+    }
+    expect(caughtError.response.data.code).toBe(401);
+    expect(caughtError.response.data.message).toBe('User token is expired or is invalid');
+  });
+  it('will authenticate API key with nextgen_sso true', async () => {
+    let data = await axios
+      .get(`${urlprefix}/v1/settings/app/${TEST_APP_ID}`, TEST_HEADER_API)
+      .then((res) => res.data);
+    expect(data).toEqual({});
+    data = await axios
+      .get(`${urlprefix}/v1/settings/app/${TEST_APP_ID}/setting/${TEST_SETTING}`, TEST_HEADER_API)
+      .then((res) => res.data);
+    expect(data).toEqual({});
+  });
+  it('does not need authentication for user get request', async () => {
+    const resp = await axios.get(`${urlprefix}/v1/settings/users/${TEST_USER_ID}/apps/${TEST_APP_ID}`);
+    expect(resp.status).toBe(200);
+    expect(resp.data).toBeDefined();
+  });
+});

package/settings-service/src/__tests__/functional/repo/settingsRepo.fn.ts ADDED Viewed

@@ -0,0 +1,302 @@
+import axios from 'axios';
+import http from 'axios/lib/adapters/http';
+import { ApiKeyRepoFactory } from '../../../repo/ApiKeyRepoFactory';
+import { deleteApiKeyQuery } from '../../../repo/apiKeyQueries';
+import { ApiKeyRepo } from '../../../repo/ApiKeyRepo';
+import { cassandraDBHelpers } from '../../../repo/cassandraDBHelpers';
+import { SettingsRepo } from '../../../repo/settingsRepo';
+import { INVALID_APP_ID, sampleAuthorization, TEST_APP_ID, TEST_USER_ID } from '../../utils/test-utils';
+import { SettingsRepoFactory } from '../../../repo/settingsRepoFactory';
+import { downloadCassandra } from '../../../util/downloadCassandra';
+axios.defaults.adapter = http;
+const TEST_SETTING = 'test';
+const TEST_SETTING_OPTIONS_DEFAULT = { default: 'false', options: ['true', 'false'], setting_type: null };
+const TEST_SETTING_OPTIONS_DEFAULT_NO_TYPE = { default: 'false', options: ['true', 'false'] };
+async function apiKeySetup(): Promise<string> {
+  const apiKeyRepo: ApiKeyRepo = ApiKeyRepoFactory.accessOrCreateSingleton();
+  const createdApiKey = await apiKeyRepo.createApiKey(TEST_APP_ID, 'TEST_USER_ID');
+  return Buffer.from(`w3notifications-test:${createdApiKey}`).toString('base64');
+}
+const TEST_HEADER = { headers: { Authorization: `Bearer ${JSON.stringify(sampleAuthorization)}` } };
+let TEST_HEADER_API: any = {};
+const urlprefix =
+  process.env.INGRESS_HOSTNAME !== undefined
+    ? `https://${process.env.INGRESS_HOSTNAME}`
+    : 'http://localhost:8000';
+const settingsRepo: SettingsRepo = SettingsRepoFactory.accessOrCreateSingleton();
+const secondaryLanguageSetting = { options: ['sk', 'en', 'fr'], setting_type: 'array' };
+describe('get/update user and app settings', () => {
+  const TEST_RESP = { general: {} };
+  TEST_RESP[TEST_APP_ID] = {};
+  beforeAll(async () => {
+    await downloadCassandra();
+    await settingsRepo.deleteUserSettings(TEST_USER_ID);
+    await settingsRepo.deleteAppSettings(TEST_APP_ID, TEST_SETTING);
+    await settingsRepo.deleteAppSettings(TEST_APP_ID, 'secondaryLanguages');
+    TEST_HEADER_API = { headers: { Authorization: `apiKey ${await apiKeySetup()}` } };
+  });
+  afterAll(async () => {
+    await settingsRepo.deleteUserSettings(TEST_USER_ID);
+    await cassandraDBHelpers.execute(deleteApiKeyQuery, [TEST_APP_ID]);
+    await settingsRepo.deleteAppSettings(TEST_APP_ID, 'secondaryLanguages');
+    await cassandraDBHelpers.shutdown();
+  });
+  it('reads empty user settings', async () => {
+    const data = await axios
+      .get(`${urlprefix}/v1/settings/users/${TEST_USER_ID}/apps/${TEST_APP_ID}`, TEST_HEADER)
+      .then((res) => res.data);
+    data.general = {};
+    expect(data).toEqual(TEST_RESP);
+  });
+  it('reads empty app settings', async () => {
+    let data = await axios
+      .get(`${urlprefix}/v1/settings/app/${TEST_APP_ID}`, TEST_HEADER_API)
+      .then((res) => res.data);
+    expect(data).toEqual({});
+    data = await axios
+      .get(`${urlprefix}/v1/settings/app/${TEST_APP_ID}/setting/${TEST_SETTING}`, TEST_HEADER_API)
+      .then((res) => res.data);
+    expect(data).toEqual({});
+  });
+  it('updates app data', async () => {
+    const data = await axios
+      .post(
+        `${urlprefix}/v1/settings/app/${TEST_APP_ID}/setting/${TEST_SETTING}`,
+        TEST_SETTING_OPTIONS_DEFAULT,
+        TEST_HEADER_API,
+      )
+      .then((res) => res.data);
+    expect(data).toEqual('Success');
+  });
+  it('reads updated app settings', async () => {
+    let data = await axios
+      .get(`${urlprefix}/v1/settings/app/${TEST_APP_ID}`, TEST_HEADER_API)
+      .then((res) => res.data);
+    expect(data[TEST_SETTING]).toEqual(TEST_SETTING_OPTIONS_DEFAULT_NO_TYPE);
+    data = await axios
+      .get(`${urlprefix}/v1/settings/app/${TEST_APP_ID}/setting/${TEST_SETTING}`, TEST_HEADER_API)
+      .then((res) => res.data);
+    expect(data[TEST_SETTING]).toEqual(TEST_SETTING_OPTIONS_DEFAULT_NO_TYPE);
+  });
+  it('updates app data with default', async () => {
+    const data = await axios
+      .post(
+        `${urlprefix}/v1/settings/app/${TEST_APP_ID}/setting/${TEST_SETTING}`,
+        TEST_SETTING_OPTIONS_DEFAULT,
+        TEST_HEADER_API,
+      )
+      .then((res) => res.data);
+    expect(data).toEqual('Success');
+  });
+  it('reads default user settings', async () => {
+    TEST_RESP[TEST_APP_ID] = {};
+    TEST_RESP[TEST_APP_ID][TEST_SETTING] = 'false';
+    const data = await axios
+      .get(`${urlprefix}/v1/settings/users/${TEST_USER_ID}/apps/${TEST_APP_ID}`, TEST_HEADER)
+      .then((res) => res.data);
+    data.general = {};
+    expect(data).toEqual(TEST_RESP);
+  });
+  it('updates user data', async () => {
+    TEST_RESP[TEST_APP_ID] = {};
+    TEST_RESP[TEST_APP_ID][TEST_SETTING] = 'true';
+    const data = await axios
+      .post(
+        `${urlprefix}/v1/settings/users/${TEST_USER_ID}/apps/${TEST_APP_ID}`,
+        TEST_RESP[TEST_APP_ID],
+        TEST_HEADER,
+      )
+      .then((res) => res.data);
+    expect(data).toEqual(TEST_RESP[TEST_APP_ID]);
+  });
+  it('reads updated user settings', async () => {
+    const data = await axios
+      .get(`${urlprefix}/v1/settings/users/${TEST_USER_ID}/apps/${TEST_APP_ID}`, TEST_HEADER)
+      .then((res) => res.data);
+    data.general = {};
+    expect(data).toEqual(TEST_RESP);
+  });
+  it('throws error for invalid app', async () => {
+    await axios
+      .get(`${urlprefix}/v1/settings/users/${TEST_USER_ID}/apps/${TEST_APP_ID}`, TEST_HEADER)
+      .catch((error) => expect(error.response.status).toEqual(400));
+  });
+  it('deletes app data', async () => {
+    const data = await axios
+      .delete(`${urlprefix}/v1/settings/app/${TEST_APP_ID}/setting/${TEST_SETTING}`, TEST_HEADER_API)
+      .then((res) => res.data);
+    expect(data).toEqual('Success');
+  });
+  it('reads empty app settings', async () => {
+    let data = await axios
+      .get(`${urlprefix}/v1/settings/app/${TEST_APP_ID}`, TEST_HEADER_API)
+      .then((res) => res.data);
+    expect(data).toEqual({});
+    data = await axios
+      .get(`${urlprefix}/v1/settings/app/${TEST_APP_ID}/setting/${TEST_SETTING}`, TEST_HEADER_API)
+      .then((res) => res.data);
+    expect(data).toEqual({});
+  });
+  it('throws error for invalid app', async () => {
+    await axios
+      .get(`${urlprefix}/v1/settings/app/${INVALID_APP_ID}`, TEST_HEADER_API)
+      .catch((error) => expect(error.response.status).toEqual(400));
+    await axios
+      .get(`${urlprefix}/v1/settings/app/${INVALID_APP_ID}/setting/${TEST_SETTING}`, TEST_HEADER_API)
+      .catch((error) => expect(error.response.status).toEqual(400));
+  });
+  it('updates user setting with array value', async () => {
+    await axios.post(
+      `${urlprefix}/v1/settings/app/${TEST_APP_ID}/setting/secondaryLanguages`,
+      secondaryLanguageSetting,
+      TEST_HEADER_API,
+    );
+    const updatedSetting = { secondaryLanguages: ['en', 'fr'] };
+    const data = await axios
+      .post(`${urlprefix}/v1/settings/users/${TEST_USER_ID}/apps/${TEST_APP_ID}`, updatedSetting, TEST_HEADER)
+      .then((res) => res.data);
+    expect(data).toEqual({ secondaryLanguages: ['en', 'fr'] });
+  });
+  it('reads user settings with array value', async () => {
+    const data = await axios
+      .get(`${urlprefix}/v1/settings/users/${TEST_USER_ID}/apps/${TEST_APP_ID}`, TEST_HEADER)
+      .then((res) => res.data);
+    expect(data[TEST_APP_ID].secondaryLanguages).toEqual(['en', 'fr']);
+  });
+  it('updates user setting with null value', async () => {
+    const data = await axios
+      .post(
+        `${urlprefix}/v1/settings/users/${TEST_USER_ID}/apps/${TEST_APP_ID}`,
+        { secondaryLanguages: null },
+        TEST_HEADER,
+      )
+      .then((res) => res.data);
+    expect(data).toEqual({ secondaryLanguages: null });
+  });
+  it('update general settings', async () => {
+    const data = await axios
+      .post(
+        `${urlprefix}/v1/settings/users/${TEST_USER_ID}/apps/general`,
+        { primaryLanguage: 'pt', secondaryLanguages: ['fr', 'es'], secondaryLocationIds: ['US', 'CH'] },
+        TEST_HEADER,
+      )
+      .then((res) => res.data);
+    expect(data.primaryLanguage).toEqual('pt');
+    expect(data.secondaryLanguages).toStrictEqual(['fr', 'es']);
+    expect(data.secondaryLocationIds).toStrictEqual(['US', 'CH']);
+  });
+  it('get general settings', async () => {
+    const data = await axios
+      .get(`${urlprefix}/v1/settings/users/${TEST_USER_ID}/apps/general`, TEST_HEADER)
+      .then((res) => res.data);
+    expect(data.general.primaryLanguage).toEqual('pt');
+    expect(data.general.secondaryLanguages).toStrictEqual(['fr', 'es']);
+    expect(data.general.secondaryLocationIds).toStrictEqual(['US', 'CH']);
+  });
+  it('update general settings with nulls and empty arrays', async () => {
+    const data = await axios
+      .post(
+        `${urlprefix}/v1/settings/users/${TEST_USER_ID}/apps/general`,
+        { primaryLanguage: null, secondaryLanguages: null, secondaryLocationIds: [] },
+        TEST_HEADER,
+      )
+      .then((res) => res.data);
+    expect(data.primaryLanguage).toEqual(null);
+    expect(data.secondaryLanguages).toStrictEqual(null);
+    expect(data.secondaryLocationIds).toStrictEqual([]);
+  });
+  it('get default general settings', async () => {
+    const badUserId = 'ABCDEFGHI'; // uses an invalid userId so it will always return defaults
+    const data = await axios
+      .get(`${urlprefix}/v1/settings/users/${badUserId}/apps/general`, TEST_HEADER)
+      .then((res) => res.data);
+    expect(data.general.primaryLanguage).toEqual('en');
+    expect(data.general.secondaryLanguages).toStrictEqual([]);
+    expect(data.general.secondaryLocationIds).toStrictEqual([]);
+  });
+  describe('deprecated_values tests', () => {
+    const settingConfigWithDeprecatedValues = {
+      default: 'false',
+      options: ['true', 'false'],
+      setting_type: null,
+      deprecated_values: { false: 'updatedFalse' },
+    };
+    const settingConfigWithDeprecatedValuesNull = {
+      default: 'false',
+      options: ['true', 'false'],
+      setting_type: null,
+      deprecated_values: null,
+    };
+    it('updates app data with deprecated_values', async () => {
+      const data = await axios
+        .post(
+          `${urlprefix}/v1/settings/app/${TEST_APP_ID}/setting/${TEST_SETTING}`,
+          settingConfigWithDeprecatedValues,
+          TEST_HEADER_API,
+        )
+        .then((res) => res.data);
+      expect(data).toEqual('Success');
+    });
+    it('reads updated app settings with deprecated_values', async () => {
+      let data = await axios
+        .get(`${urlprefix}/v1/settings/app/${TEST_APP_ID}`, TEST_HEADER_API)
+        .then((res) => res.data);
+      expect(data[TEST_SETTING].deprecated_values).toEqual(
+        settingConfigWithDeprecatedValues.deprecated_values,
+      );
+      data = await axios
+        .get(`${urlprefix}/v1/settings/app/${TEST_APP_ID}/setting/${TEST_SETTING}`, TEST_HEADER_API)
+        .then((res) => res.data);
+      expect(data[TEST_SETTING].deprecated_values).toEqual(
+        settingConfigWithDeprecatedValues.deprecated_values,
+      );
+    });
+    it('updates app data with deprecated_values as null', async () => {
+      const data = await axios
+        .post(
+          `${urlprefix}/v1/settings/app/${TEST_APP_ID}/setting/${TEST_SETTING}`,
+          settingConfigWithDeprecatedValuesNull,
+          TEST_HEADER_API,
+        )
+        .then((res) => res.data);
+      expect(data).toEqual('Success');
+      const getData = await axios
+        .get(`${urlprefix}/v1/settings/app/${TEST_APP_ID}/setting/${TEST_SETTING}`, TEST_HEADER_API)
+        .then((res) => res.data);
+      expect(getData.deprecated_values).toBeUndefined();
+    });
+  });
+});