-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathauth.test.js
131 lines (123 loc) · 4.08 KB
/
auth.test.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
const request = require('supertest');
const createApp = require('../app')
const app = createApp()
const pool = require('../data/config');
const jwt = require('jsonwebtoken');
const SECRET_KEY = require('../data/jwt')
const { doQuery } = require('../routes/helper.js')
const _query = params => {
var esc = encodeURIComponent;
var query = Object.keys(params)
.map(k => esc(k) + '=' + esc(params[k]))
.join('&');
return query;
};
const username = 'admin_' + new Date().toISOString()
const password = 'admin1'
const channelID = 1
describe('User Login / Signup', () => {
it('should create new user', (done) => {
request(app)
.post('/signup')
.send({ username , password })
.set('Accept', 'application/json')
.expect(200)
.then(res => {
expect(res.body).toHaveProperty("token")
const decoded = jwt.verify(res.body.token, SECRET_KEY)
expect(decoded).toHaveProperty("id")
expect(decoded).toHaveProperty("name")
expect(decoded.name).toBe(username)
done()
})
})
it('should reject duplicated new user', (done) => {
request(app)
.post('/signup')
.send({ username , password })
.set('Accept', 'application/json')
.expect(401)
.end(done)
})
it('should log that user in successfully with token', (done) => {
request(app)
.post('/login')
.send({ username, password })
.set('Accept', 'application/json')
.expect(200)
.then(res => {
expect(res.body).toHaveProperty("token")
const decoded = jwt.verify(res.body.token, SECRET_KEY)
expect(decoded).toHaveProperty("id")
expect(decoded).toHaveProperty("name")
expect(decoded.name).toBe(username)
done()
})
});
it('should reject with bad password', (done) => {
request(app)
.post('/login')
.send(_query({ username: username, password: 'badpass' }))
.set('Accept', 'application/json')
.expect(401)
.then(res => {
expect(res.body).toHaveProperty('msg')
expect(res.body.msg).toMatch(/cannot login/)
done()
})
});
})
describe('Access Control', async () => {
let token = ''
let user_id = Infinity
let _wrap = (f) => (err) => {
if (err) throw err;
f();
}
it('should reject setting other users\' subscription and only allow self', (done) => {
const badRequest2 = () => {
request(app)
.post('/subscribe')
.set('Authorization', `Bearer ${token}`)
.send(_query({ user_id: user_id, channel_id: channelID + 1000 }))
.expect(401)
.expect(/no such/)
.end(done)
}
const badRequest = () => {
request(app)
.post('/subscribe')
.set('Authorization', `Bearer ${token}`)
.send(_query({ user_id: user_id + 100, channel_id: channelID }))
.expect(401)
.expect(/access/)
.end(_wrap(badRequest2))
}
const goodRequest = () => {
request(app)
.post('/subscribe')
.set('Authorization', `Bearer ${token}`)
.send(_query({ user_id, channel_id: channelID }))
.expect(201)
.end(_wrap(badRequest))
}
request(app)
.post('/login')
.send(_query({ username, password }))
.set('Accept', 'application/json')
.expect(200)
.expect(res => {
token = res.body.token
user_id = res.body.id
})
.end(_wrap(goodRequest))
})
})
afterAll(async () => {
await _cleanUp()
pool.end()
});
const _cleanUp = async () => {
// delete user
await doQuery('DELETE FROM user WHERE name = ? AND password = ?', [username, password])
}