@w3-commons/js-build-resources 0.0.1-security → 1.0.4

package/settings-service/src/__tests__/unit/middleware/AuthenticationMiddleware.spec.ts

@@ -0,0 +1,494 @@
+import { Response } from 'restify';
+import { NotFoundError } from 'restify-errors';
+import { AuthenticationMiddlewareFactory } from '../../../middleware/AuthenticationMiddlewareFactory';
+import { settings } from '../../../config/config';
+import { AuthenticationMiddleware } from '../../../middleware/AuthenticationMiddleware';
+import { ApiKey } from '../../../types/ApiKey';
+import { ApiKeyRepoImpl } from '../../../repo/ApiKeyRepo';
+import * as commons from '../../../helpers/commons';
+import { TEST_API_KEY, TEST_APP_ID, TEST_USER_ID } from '../../utils/test-utils';
+import { ErrResponse } from '../ErrResponse';
+
+jest.mock('axios');
+jest.mock('request-promise');
+
+const W3ID_TOKEN = `Bearer token`;
+
+const TEST_API_KEY_TOKEN =
+  'dzNub3RpZmljYXRpb25zLXRlc3Q6c29MVFlJQnFzUjFKYjlmb0FTbjRwYURVeW1Ca0dudlQ0ZHRXanZMN1BhakNMbWM4';
+
+// INCORRECT_APP_ID matches the appId in the INVALID_API_KEY_TOKEN to pass the match appId condition before failing
+const INCORRECT_APP_ID = 'test';
+const INVALID_API_KEY_TOKEN = `dGVzdDpEOXQwOVAycllyM1lzeXh4RW1YTllaeHc1WHVnZ09MT3FzaDJNdUNKelBidHladVE=`;
+
+const apiKeyAuthorizedIds: string = settings.apiKeyAuthorizedUserIds;
+
+afterAll(() => {
+  settings.apiKeyAuthorizedUserIds = apiKeyAuthorizedIds;
+});
+/**
+ * Below are the test cases for Authentication Middleware
+ */
+describe('requestHandler', () => {
+  afterEach(() => {
+    process.env.APP_ENVIRONMENT = 'dev';
+    jest.clearAllMocks();
+  });
+
+  it('verify singleton working', async () => {
+    let middleware = AuthenticationMiddlewareFactory.accessOrCreateSingleton();
+    expect(middleware).toBeDefined();
+    middleware = AuthenticationMiddlewareFactory.accessOrCreateSingleton();
+    expect(middleware).toBeDefined();
+  });
+
+  it('pre-authentication should work for valid input', async () => {
+    const route = { path: '/v1/settings/users/:userID/apps/:appID', spec: { authRequired: true } };
+    const req = {
+      getRoute: jest.fn().mockReturnValue(route),
+    } as any;
+    req.headers = {};
+    req.path = () => '/v1/settings/users/:userID/apps/:appID';
+    const res = {} as any;
+    let respObj = {} as any;
+    let statusCode = 0;
+    res.send = (code: number, obj: any) => {
+      statusCode = code;
+      respObj = obj;
+      return obj;
+    };
+    const next = jest.fn() as any;
+    await AuthenticationMiddleware.checkPreAuthentication(req, res, next);
+    expect(statusCode).toEqual(401);
+    expect(respObj.code).toEqual(401);
+    expect(respObj.message).toEqual(
+      'w3id/jwt token or API key based authentication strategy must be used for settings Query.',
+    );
+  });
+
+  /**
+   * This test case handles the missing authoriztion header scenario.
+   */
+  it('missing authorization header', async () => {
+    const route = { path: '/settings/users/:userID/apps/:appID', spec: { authRequired: true } };
+    const req = {
+      getRoute: jest.fn().mockReturnValue(route),
+    } as any;
+    req.headers = {};
+    const res = {} as any;
+    let respObj = {} as any;
+    let statusCode = 0;
+    res.send = (code: number, obj: any) => {
+      statusCode = code;
+      respObj = obj;
+      return obj;
+    };
+    const next = jest.fn() as any;
+    await AuthenticationMiddleware.checkAuthentication(req, res, next);
+    expect(statusCode).toEqual(401);
+    expect(respObj.code).toEqual(401);
+    expect(respObj.message).toEqual('Missing required authentication header');
+  });
+
+  /**
+   * This test case checks for authentication is disabled.
+   */
+  it('authRequired is disabled and should call next middleware', async () => {
+    const route = { path: '/settings/users/:userID/apps/:appID', spec: { authRequired: false } };
+    const req = {
+      getRoute: jest.fn().mockReturnValue(route) as any,
+    } as any;
+    const res: Response = {} as any;
+    const next = jest.fn() as any;
+    await AuthenticationMiddleware.checkAuthentication(req, res, next);
+    expect(next).toBeCalled();
+  });
+
+  /**
+   * This test case checks for valid test token in the headers present in the
+   * incoming request.
+   */
+  it('authRequired is enabled and should authorize for fake valid token format for test environment', async () => {
+    const route = { path: '/settings/users/:userID/apps/:appID', spec: { authRequired: true } };
+    const req = {
+      getRoute: jest.fn().mockReturnValue(route) as any,
+    } as any;
+    req.headers = { authorization: `Bearer {"email":"xxxxxx@us.ibm.com","id":"AAAABBCCC"}` };
+    const res: Response = {} as any;
+    const next = jest.fn() as any;
+    await AuthenticationMiddleware.checkAuthentication(req, res, next);
+    expect(req.isAuthenticated).toEqual(true);
+    expect(req.username).toEqual('AAAABBCCC');
+    expect(next).toHaveBeenCalled();
+  });
+
+  /**
+   * This test case checks for valid test token in the headers present in the
+   * incoming request.
+   */
+  it('authRequired is enabled and should authorize for valid w3Id/JWT token format for test environment', async () => {
+    const route = { path: '/settings/users/:userID/apps/:appID', spec: { authRequired: true } };
+    const req = {
+      getRoute: jest.fn().mockReturnValue(route) as any,
+    } as any;
+    req.headers = { authorization: `Bearer ${W3ID_TOKEN}` };
+    const res: Response = {} as any;
+    const next = jest.fn() as any;
+    const spy = jest.spyOn(AuthenticationMiddleware, 'ensureAuthenticated');
+    await AuthenticationMiddleware.checkAuthentication(req, res, next);
+    expect(spy).toHaveBeenCalled();
+  });
+
+  /**
+   * This test case handles the missing token in header scenario.
+   */
+  it('missing authorization token in header', async () => {
+    const route = { path: '/settings/users/:userID/apps/:appID', spec: { authRequired: true } };
+    const req = {
+      getRoute: jest.fn().mockReturnValue(route),
+    } as any;
+    req.headers = { authorization: 'Bearer' };
+
+    const res: Response = {} as any;
+    let respObj: ErrResponse = {} as any;
+    let statusCode = 0;
+    res.send = (code: number, obj: any) => {
+      statusCode = code;
+      respObj = obj;
+      return obj;
+    };
+    const next = jest.fn() as any;
+    await AuthenticationMiddleware.checkAuthentication(req, res, next);
+    expect(statusCode).toEqual(401);
+    expect(respObj.code).toEqual(401);
+    expect(respObj.message).toEqual('Missing required authentication token');
+    expect(next).toHaveBeenCalled();
+  });
+
+  describe('verifyApiKeyWithAppId tests', () => {
+    const res: Response = {
+      send: jest.fn(),
+    } as any;
+
+    it('check verifyApiKeyWithAppId returns true for valid api key', async () => {
+      const getApiKeySpy = jest
+        .spyOn(ApiKeyRepoImpl.prototype, 'getApiKey')
+        .mockResolvedValue(new ApiKey(TEST_APP_ID, TEST_API_KEY, TEST_USER_ID, new Date(), new Date()));
+
+      expect(
+        await AuthenticationMiddleware.verifyApiKeyWithAppId(res, TEST_API_KEY_TOKEN, TEST_APP_ID),
+      ).toBeTruthy();
+      expect(getApiKeySpy).toHaveBeenCalled();
+    });
+
+    it('check verifyApiKeyWithAppId returns true for w3 (master key)', async () => {
+      const parseAppIdSpy = jest
+        .spyOn(commons, 'parseAppIdAndToken')
+        .mockReturnValueOnce(['w3', TEST_API_KEY]);
+      const getApiKeySpy = jest
+        .spyOn(ApiKeyRepoImpl.prototype, 'getApiKey')
+        .mockResolvedValue(new ApiKey('w3', TEST_API_KEY, TEST_USER_ID, new Date(), new Date()));
+
+      expect(
+        await AuthenticationMiddleware.verifyApiKeyWithAppId(res, TEST_API_KEY_TOKEN, 'w3'),
+      ).toBeTruthy();
+      expect(getApiKeySpy).toHaveBeenCalled();
+      expect(parseAppIdSpy).toHaveBeenCalled();
+    });
+
+    it('check verifyApiKeyWithAppId throws an error if token appId does not match appId from query params', async () => {
+      expect.assertions(2);
+      try {
+        await AuthenticationMiddleware.verifyApiKeyWithAppId(res, INVALID_API_KEY_TOKEN, TEST_APP_ID);
+      } catch (err) {
+        expect(err).toBeInstanceOf(Error);
+        expect(err.message).toEqual(
+          `Unable to verify API key: appId you are trying to access does not match bearer token`,
+        );
+      }
+    });
+
+    it('check verifyApiKeyWithAppId should return false with invalid api key', async () => {
+      expect(
+        await AuthenticationMiddleware.verifyApiKeyWithAppId(res, INVALID_API_KEY_TOKEN, INCORRECT_APP_ID),
+      ).toBeFalsy();
+    });
+
+    it('check verifyApiKeyWithAppId returns false if NotFoundError when getting apiKey', async () => {
+      const getApiKeySpy = jest.spyOn(ApiKeyRepoImpl.prototype, 'getApiKey').mockImplementationOnce(() => {
+        throw new NotFoundError();
+      });
+
+      expect(
+        await AuthenticationMiddleware.verifyApiKeyWithAppId(res, TEST_API_KEY_TOKEN, TEST_APP_ID),
+      ).toBeFalsy();
+      expect(getApiKeySpy).toHaveBeenCalled();
+    });
+
+    it('check verifyApiKeyWithAppId should throw error if Error caught in getApiKey', async () => {
+      const getApiKeySpy = jest.spyOn(ApiKeyRepoImpl.prototype, 'getApiKey').mockImplementationOnce(() => {
+        throw new Error('error getting apiKey from DB');
+      });
+
+      expect.assertions(3);
+      try {
+        await AuthenticationMiddleware.verifyApiKeyWithAppId(res, TEST_API_KEY_TOKEN, TEST_APP_ID);
+      } catch (err) {
+        expect(err).toBeInstanceOf(Error);
+        expect(err.message).toEqual('Unable to verify API key: error getting apiKey from DB');
+        expect(getApiKeySpy).toHaveBeenCalled();
+      }
+    });
+  });
+
+  /**
+   * Below test case checks for the successful api key verification from ensureAuthenticated method
+   */
+  describe('ensureAuthenticated API key tests', () => {
+    it('ensureAuthenticated with right API key', async () => {
+      const req = {} as any;
+      req.params = { appID: 'w3notifications-test' };
+      req.headers = { authorization: `apiKey ${TEST_API_KEY_TOKEN}` };
+      AuthenticationMiddleware.verifyApiKeyWithAppId = jest.fn().mockReturnValue(true);
+      const res: Response = {} as any;
+      res.send = (code: number, obj) => {
+        return obj;
+      };
+      const next = jest.fn() as any;
+      await AuthenticationMiddleware.ensureAuthenticated(req, res, next);
+      expect(req.username).toBeUndefined();
+      expect(req.isAuthenticated).toEqual(true);
+      expect(req.auth_policy).toEqual(AuthenticationMiddleware.AUTH_POLICY_API_KEY);
+      expect(next).toHaveBeenCalled();
+    });
+
+    /**
+     * Below test case checks for the successful invalid api key verification from ensureAuthenticated
+     */
+    it('ensureAuthenticated with invalid API key', async () => {
+      const req = {} as any;
+      req.params = { appID: 'w3notifications-test' };
+      req.headers = { authorization: `apiKey ${INVALID_API_KEY_TOKEN}` };
+      AuthenticationMiddleware.verifyApiKeyWithAppId = jest.fn().mockReturnValue(false);
+      const res: Response = {} as any;
+      let errorCode;
+      res.send = (code: number, obj) => {
+        errorCode = code;
+        return obj;
+      };
+      const next = jest.fn() as any;
+      await AuthenticationMiddleware.ensureAuthenticated(req, res, next);
+
+      expect(req.username).toBeUndefined();
+      expect(errorCode).toEqual(401);
+      expect(next).toHaveBeenCalledWith(false);
+    });
+
+    /**
+     * Below test case checks for the case of invalid api key from ensureAuthenticated method
+     */
+    it('failure case validation of API key', async () => {
+      const req = {} as any;
+      req.headers = { authorization: `apiKey ${INVALID_API_KEY_TOKEN}` };
+      AuthenticationMiddleware.verifyApiKeyWithAppId = jest.fn().mockImplementation(() => {
+        throw new Error('Unable to verify API key');
+      });
+      const res: Response = {} as any;
+      res.send = (code: number, obj) => {
+        return obj;
+      };
+      const next = jest.fn() as any;
+      await AuthenticationMiddleware.ensureAuthenticated(req, res, next);
+      expect(next).toHaveBeenCalledWith(false);
+      jest.clearAllMocks();
+    });
+
+    it('Check for checkPreAuthentication for REST endpoint - invalid credentials', async () => {
+      const req = {
+        headers: {},
+        body: {
+          variables: { appId: 'general' },
+          operationName: 'appSettings',
+        },
+        params: { appID: 'w3notifications-test' },
+        path: () => '/v1/settings/app/:appID/setting/:settingName',
+      } as any;
+      const res: Response = {
+        send: jest.fn(),
+      } as any;
+      const next = jest.fn() as any;
+      AuthenticationMiddleware.checkPreAuthentication(req, res, next);
+      expect(next).toBeCalledWith(false);
+      expect(res.send).toBeCalledWith(401, {
+        code: 401,
+        message: 'API key based authentication strategy must be used for appSettings Query.',
+      });
+    });
+
+    it('Check for checkPreAuthentication for getAllSettings endpoint - invalid credentials', async () => {
+      const req = {
+        headers: {},
+        path: () => '/v1/settings/users/all',
+      } as any;
+      const res: Response = {
+        send: jest.fn(),
+      } as any;
+      const next = jest.fn() as any;
+      AuthenticationMiddleware.checkPreAuthentication(req, res, next);
+      expect(next).toBeCalledWith(false);
+      expect(res.send).toBeCalledWith(401, {
+        code: 401,
+        message: 'API key based authentication strategy must be used for get all user settings operation.',
+      });
+    });
+
+    it('Check for checkPreAuthentication for delete endpoint - invalid credentials', async () => {
+      const req = {
+        headers: {},
+        path: () => '/v1/settings/users/ABCDEFGHI',
+        method: 'DELETE',
+      } as any;
+      const res: Response = {
+        send: jest.fn(),
+      } as any;
+      const next = jest.fn() as any;
+      AuthenticationMiddleware.checkPreAuthentication(req, res, next);
+      expect(next).toBeCalledWith(false);
+      expect(res.send).toBeCalledWith(401, {
+        code: 401,
+        message: 'API key based authentication strategy must be used for delete settings operation.',
+      });
+    });
+
+    it('Check for checkPreAuthentication for REST endpoint - valid apikey credentials', async () => {
+      const req = {
+        headers: {
+          authorization: 'apiKey dummy_api_key',
+        },
+        body: {
+          variables: { appId: 'general' },
+          operationName: 'appSettings',
+        },
+        params: { appID: 'w3notifications-test' },
+        path: () => '/v1/settings/app/:appID/setting/:settingName',
+      } as any;
+      const res: Response = {
+        send: jest.fn(),
+      } as any;
+      const next = jest.fn() as any;
+      AuthenticationMiddleware.checkPreAuthentication(req, res, next);
+      expect(next).toBeCalled();
+      expect(next).not.toBeCalledWith(false);
+    });
+
+    it('Check for checkPreAuthentication for invalid REST endpoint - valid apikey credentials', async () => {
+      const req = {
+        headers: {
+          authorization: 'apiKey dummy_api_key',
+        },
+        body: {
+          variables: { appId: 'general' },
+          operationName: 'appSettings',
+        },
+        params: { appID: 'w3notifications-test' },
+        path: () => '/invalidpath',
+      } as any;
+      const res: Response = {
+        send: jest.fn(),
+      } as any;
+      const next = jest.fn() as any;
+      AuthenticationMiddleware.checkPreAuthentication(req, res, next);
+      expect(next).toBeCalled();
+    });
+  });
+
+  describe('checkPostAuthentication', () => {
+    it('should return next if operationDetails are undefined', () => {
+      const req = {
+        path: () => '/invalidpath',
+      } as any;
+      const res: Response = {
+        send: jest.fn(),
+      } as any;
+      const next = jest.fn() as any;
+
+      AuthenticationMiddleware.checkPostAuthentication(req, res, next);
+
+      expect(next).toHaveBeenCalled();
+    });
+
+    it('should return next if user is authorized to request api key', () => {
+      const req = {
+        headers: {
+          authorization: 'apiKey dummy_api_key',
+        },
+        body: {
+          variables: { appId: 'general' },
+          operationName: 'apiKey',
+        },
+        params: { appID: 'w3notifications-test' },
+        path: () => '/v1/settings/apiKey/app/:appID',
+      } as any;
+      const res: Response = {
+        send: jest.fn(),
+      } as any;
+      const next = jest.fn() as any;
+
+      jest.spyOn(AuthenticationMiddleware, 'isAuthorizedToRequestApiKey').mockReturnValueOnce(true);
+
+      AuthenticationMiddleware.checkPostAuthentication(req, res, next);
+
+      expect(next).toHaveBeenCalled();
+    });
+
+    it('should send a 403 response if user is not authorized to request api key', () => {
+      const req = {
+        headers: {
+          authorization: 'apiKey dummy_api_key',
+        },
+        body: {
+          variables: { appId: 'general' },
+          operationName: 'apiKey',
+        },
+        params: { appID: 'w3notifications-test' },
+        path: () => '/v1/settings/apiKey/app/:appID',
+      } as any;
+      const res: Response = {
+        send: jest.fn(),
+      } as any;
+      const next = jest.fn() as any;
+
+      jest.spyOn(AuthenticationMiddleware, 'isAuthorizedToRequestApiKey').mockReturnValueOnce(false);
+      res.send = jest.fn();
+
+      AuthenticationMiddleware.checkPostAuthentication(req, res, next);
+
+      expect(res.send).toHaveBeenCalledWith(403, {
+        code: 403,
+        message: `You are not authorized for apiKey operations.`,
+      });
+      expect(next).toHaveBeenCalledWith(false);
+      jest.restoreAllMocks();
+    });
+  });
+
+  describe('isAuthorizedToRequestApiKey method', () => {
+    it('should return true if username is on list of authorized user ids', () => {
+      const req = {} as any;
+      req.isAuthenticated = true;
+      req.username = TEST_USER_ID;
+      settings.apiKeyAuthorizedUserIds = TEST_USER_ID;
+
+      expect(AuthenticationMiddleware.isAuthorizedToRequestApiKey(req)).toBeTruthy();
+    });
+
+    it('should return false if username is on list of authorized user ids', () => {
+      const req = {} as any;
+      req.isAuthenticated = true;
+      req.username = 'invalidUser';
+      settings.apiKeyAuthorizedUserIds = TEST_USER_ID;
+
+      expect(AuthenticationMiddleware.isAuthorizedToRequestApiKey(req)).toBeFalsy();
+    });
+  });
+});

package/settings-service/src/__tests__/unit/repo/ApiKeyRepo.spec.ts

@@ -0,0 +1,194 @@
+import fs from 'fs';
+import { NotFoundError } from 'restify-errors';
+import { ApiKeyRepoFactory } from '../../../repo/ApiKeyRepoFactory';
+import { settings } from '../../../config/config';
+import { ApiKey } from '../../../types/ApiKey';
+import { ApiKeyRepo, ApiKeyRepoImpl } from '../../../repo/ApiKeyRepo';
+import { cassandraDBHelpers } from '../../../repo/cassandraDBHelpers';
+import * as commons from '../../../helpers/commons';
+import { mockApiKey, TEST_API_KEY, TEST_APP_ID, TEST_USER_ID } from '../../utils/test-utils';
+
+const mockApiKeyDBRow = {
+  '[json]': fs.readFileSync('test_resources/mockApiKeyDBResult.json').toString(),
+};
+
+const encryptionKey: string = process.env.AES_ENCRYPTION_KEY || '';
+settings.aesEncryptionKey = 'kXp2s5v8x/A?D(G+KbPeShVmYq3t6w9z';
+
+const apiKeyRepo: ApiKeyRepo = ApiKeyRepoFactory.accessOrCreateSingleton();
+
+afterEach(() => {
+  jest.clearAllMocks();
+});
+
+afterAll(() => {
+  settings.aesEncryptionKey = encryptionKey;
+});
+
+describe('getInstance method', () => {
+  it('getInstance returns the current instance of the repo', async () => {
+    expect(apiKeyRepo).toBeDefined();
+    expect(apiKeyRepo).toBeInstanceOf(ApiKeyRepoImpl);
+  });
+});
+
+describe('getApiKey method', () => {
+  it('gets the api key from the database', async () => {
+    const results = {
+      first: jest.fn().mockReturnValue(mockApiKeyDBRow),
+    } as any;
+    jest.spyOn(cassandraDBHelpers, 'execute').mockResolvedValueOnce(results);
+
+    const returnedApiKey: ApiKey = await apiKeyRepo.getApiKey(TEST_APP_ID);
+
+    expect(returnedApiKey).toBeDefined();
+    expect(returnedApiKey.key).toEqual(TEST_API_KEY);
+  });
+
+  it('getApiKey throws an error if no results found in DB', async () => {
+    const results = {
+      first: jest.fn().mockReturnValue(null),
+    } as any;
+    const executeSpy = jest.spyOn(cassandraDBHelpers, 'execute').mockResolvedValueOnce(results);
+
+    expect.assertions(4);
+    try {
+      await apiKeyRepo.getApiKey(TEST_APP_ID);
+    } catch (err) {
+      expect(err).toBeDefined();
+      expect(err).toBeInstanceOf(NotFoundError);
+      expect(err.message).toEqual(`ApiKey for the appId: ${JSON.stringify(TEST_APP_ID)} doesn't exist.`);
+      expect(executeSpy).toHaveBeenCalled();
+    }
+  });
+});
+
+describe('createApiKey method', () => {
+  it('createApiKey returns api key if it already exists', async () => {
+    const getApiKeySpy = jest.spyOn(ApiKeyRepoImpl.prototype, 'getApiKey').mockResolvedValueOnce(mockApiKey);
+
+    const returnedKey: string = await apiKeyRepo.createApiKey(TEST_APP_ID, TEST_USER_ID);
+
+    expect(returnedKey).toBeDefined();
+    expect(returnedKey).toEqual(mockApiKey.key);
+    expect(getApiKeySpy).toHaveBeenCalled();
+  });
+
+  it('createApiKey throws an error if there is an error in getApiKey', async () => {
+    const getApiKeySpy = jest.spyOn(ApiKeyRepoImpl.prototype, 'getApiKey').mockImplementationOnce(() => {
+      throw new Error();
+    });
+
+    expect.assertions(4);
+    try {
+      await apiKeyRepo.createApiKey(TEST_APP_ID, TEST_USER_ID);
+    } catch (err) {
+      expect(err).toBeDefined();
+      expect(err).toBeInstanceOf(Error);
+      expect(err.message).toEqual('Unable to create API key. Please try again later.');
+      expect(getApiKeySpy).toHaveBeenCalled();
+    }
+  });
+
+  it('createApiKey should create and insert a new api key in database and return decrypted value', async () => {
+    const results = {
+      first: jest.fn().mockReturnValue(mockApiKeyDBRow),
+    } as any;
+    const createRandomTokenSpy = jest.spyOn(commons, 'createRandomToken').mockReturnValueOnce(TEST_API_KEY);
+    const getApiKeySpy = jest.spyOn(ApiKeyRepoImpl.prototype, 'getApiKey').mockImplementationOnce(() => {
+      throw new NotFoundError();
+    });
+    const executeSpy = jest.spyOn(cassandraDBHelpers, 'execute').mockResolvedValueOnce(results);
+
+    const createdKey = await apiKeyRepo.createApiKey('newApiKey', TEST_USER_ID);
+
+    expect(createdKey).toBeDefined();
+    expect(createdKey).toEqual(TEST_API_KEY);
+    expect(executeSpy).toHaveBeenCalled();
+    expect(getApiKeySpy).toHaveBeenCalled();
+    expect(createRandomTokenSpy).toHaveBeenCalled();
+  });
+
+  it('createApiKey throws an error if error inserting into DB', async () => {
+    const getApiKeySpy = jest.spyOn(ApiKeyRepoImpl.prototype, 'getApiKey').mockImplementationOnce(() => {
+      throw new NotFoundError();
+    });
+    jest.spyOn(cassandraDBHelpers, 'execute').mockRejectedValue(new Error());
+
+    expect.assertions(4);
+    try {
+      await apiKeyRepo.createApiKey(TEST_APP_ID, TEST_USER_ID);
+    } catch (err) {
+      expect(err).toBeDefined();
+      expect(err).toBeInstanceOf(Error);
+      expect(err.message).toEqual(`Unable to create API key. Please try again later.`);
+      expect(getApiKeySpy).toHaveBeenCalled();
+    }
+  });
+});
+
+describe('updateApiKey', () => {
+  it('updateApiKey throws an error if there is an error in getApiKey', async () => {
+    const getApiKeySpy = jest.spyOn(ApiKeyRepoImpl.prototype, 'getApiKey').mockImplementationOnce(() => {
+      throw new Error();
+    });
+
+    expect.assertions(4);
+    try {
+      await apiKeyRepo.updateApiKey(TEST_APP_ID, TEST_USER_ID);
+    } catch (err) {
+      expect(err).toBeDefined();
+      expect(err).toBeInstanceOf(Error);
+      expect(err.message).toEqual('Unable to update API key. Please try again later.');
+      expect(getApiKeySpy).toHaveBeenCalled();
+    }
+  });
+
+  it('updateApiKey throws an error if the apiKey is not already in the datbase', async () => {
+    const getApiKeySpy = jest.spyOn(ApiKeyRepoImpl.prototype, 'getApiKey').mockImplementationOnce(() => {
+      throw new NotFoundError();
+    });
+
+    expect.assertions(4);
+    try {
+      await apiKeyRepo.updateApiKey(TEST_APP_ID, TEST_USER_ID);
+    } catch (err) {
+      expect(err).toBeDefined();
+      expect(err).toBeInstanceOf(Error);
+      expect(err.message).toEqual(`API key doesn't exist for the appId`);
+      expect(getApiKeySpy).toHaveBeenCalled();
+    }
+  });
+
+  it('updateApiKey should update api key in database and return decrypted value', async () => {
+    const results = {
+      first: jest.fn().mockReturnValue(mockApiKeyDBRow),
+    } as any;
+    const getApiKeySpy = jest.spyOn(ApiKeyRepoImpl.prototype, 'getApiKey').mockResolvedValueOnce(mockApiKey);
+    const createRandomTokenSpy = jest.spyOn(commons, 'createRandomToken').mockReturnValueOnce(TEST_API_KEY);
+    const executeSpy = jest.spyOn(cassandraDBHelpers, 'execute').mockResolvedValueOnce(results);
+
+    const updatedKey = await apiKeyRepo.updateApiKey(TEST_APP_ID, TEST_USER_ID);
+
+    expect(updatedKey).toBeDefined();
+    expect(updatedKey).toEqual(TEST_API_KEY);
+    expect(createRandomTokenSpy).toHaveBeenCalled();
+    expect(executeSpy).toHaveBeenCalled();
+    expect(getApiKeySpy).toHaveBeenCalled();
+  });
+
+  it('updateApiKey throws an error if error updating key in DB', async () => {
+    const getApiKeySpy = jest.spyOn(ApiKeyRepoImpl.prototype, 'getApiKey').mockResolvedValueOnce(mockApiKey);
+    jest.spyOn(cassandraDBHelpers, 'execute').mockRejectedValue(new Error());
+
+    expect.assertions(4);
+    try {
+      await apiKeyRepo.updateApiKey(TEST_APP_ID, TEST_USER_ID);
+    } catch (err) {
+      expect(err).toBeDefined();
+      expect(err).toBeInstanceOf(Error);
+      expect(err.message).toEqual(`Unable to update Api key. Please try again later.`);
+      expect(getApiKeySpy).toHaveBeenCalled();
+    }
+  });
+});