feat(admin-signup): add admin secret field to signup

- modify tests and test seed data to accomodate new changes - modify POST /auth/signup implementation to allow other users signup as admin - add admin secret as enviromental variable [Finishes #161119874]
akhilome · Oct 10, 2018 · ff1af3a · ff1af3a
1 parent 7c122cf
commit ff1af3a
Show file tree

Hide file tree

Showing 5 changed files with 15 additions and 7 deletions.
diff --git a/.env.example b/.env.example
@@ -2,3 +2,4 @@ PORT=[server_port_number]
 DATABASE_URL=postgres://[username]@[server]:[port]/fastfoodfast
 TEST_DATABASE_URL=postgres://[username]@[server]:[port]/fastfoodfast_test
 JWT_SECRET=[your_supersecret_secret]
+ADMIN_SECRET=[secret_keyword_admins_should_provide_on_signup]
diff --git a/server/controllers/authController.js b/server/controllers/authController.js
@@ -3,8 +3,13 @@ import pool from '../db/config';
 
 class AuthController {
   static async signup(req, res) {
-    const { name, email, password } = req;
-    const isAdmin = email === 'hovkard@gmail.com' ? 't' : 'f';
+    const {
+      name,
+      email,
+      password,
+      adminSecret,
+    } = req;
+    const isAdmin = adminSecret === process.env.ADMIN_SECRET ? 't' : 'f';
 
     try {
       // Check if a user with the provided email already exists

diff --git a/server/middleware/sanitizer.js b/server/middleware/sanitizer.js
@@ -7,6 +7,7 @@ class Sanitize {
       email,
       password,
       confirmPassword,
+      adminSecret,
     } = req.body;
 
     const missingFields = [name, email, password, confirmPassword].map((field, index) => {
@@ -36,6 +37,7 @@ class Sanitize {
     req.name = name.trim();
     req.email = email.trim();
     req.password = password.trim();
+    req.adminSecret = adminSecret;
     return next();
   }
 

diff --git a/tests/routes/auth.spec.js b/tests/routes/auth.spec.js
@@ -1,9 +1,11 @@
 import chai from 'chai';
 import 'chai/register-should';
 import chaiHttp from 'chai-http';
+import dotenv from 'dotenv';
 import app from '../../server/index';
 import { users, emptyTables } from '../seed/seed';
 
+dotenv.config();
 chai.use(chaiHttp);
 
 before(emptyTables);

diff --git a/tests/seed/seed.js b/tests/seed/seed.js
@@ -1,16 +1,14 @@
 import jwt from 'jsonwebtoken';
 import pool from '../../server/db/config';
 
-const adminEmail = 'hovkard@gmail.com';
-
-
 const users = {
   admin: {
     id: 1,
     name: 'Kizito',
-    email: adminEmail,
+    email: 'hovkard@gmail.com',
     password: 'suppersecurepassword',
     confirmPassword: 'suppersecurepassword',
+    adminSecret: process.env.ADMIN_SECRET,
   },
   validUser: {
     id: 2,
@@ -63,7 +61,7 @@ function generateValidToken(userObject) {
     userId: userObject.id,
     userName: userObject.name,
     userEmail: userObject.email,
-    userStatus: userObject.email === adminEmail ? 'admin' : 'customer',
+    userStatus: userObject.adminSecret === process.env.ADMIN_SECRET ? 'admin' : 'customer',
   }, process.env.JWT_SECRET).toString();
 }