Add tests on accessing a protected route

betagouv · Nov 9, 2016 · d5cf06a · d5cf06a
1 parent 00889d1
commit d5cf06a
Show file tree

Hide file tree

Showing 3 changed files with 34 additions and 6 deletions.
diff --git a/server/api/auth/auth.controller.js b/server/api/auth/auth.controller.js
@@ -4,6 +4,10 @@ const passport = require('passport')
 const auth = require('./auth.service')
 
 class AuthController {
+  ping(req, res) {
+    res.json('pong')
+  }
+
   getToken(req, res, next) {
     passport.authenticate('local', function (err, user, info) {
       var error = err || info

diff --git a/server/api/auth/index.js b/server/api/auth/index.js
@@ -4,6 +4,7 @@ const express = require('express')
 const passport = require('passport')
 const router = express.Router()
 
+const auth = require('./auth.service.js')
 const User = require('../user/user.model')
 const Controller = require('./auth.controller')
 
@@ -21,5 +22,6 @@ require('./passport-strategy').setup(User)
 module.exports = (options) => {
   const authController = new Controller(options)
   router.post('/', authController.getToken)
+  router.get('/authProtected', auth.isAuthenticated(), authController.ping)
   return router
 }
diff --git a/server/api/auth/test/auth.api.test.js b/server/api/auth/test/auth.api.test.js
@@ -3,6 +3,7 @@ const Server = require('../../server')
 
 describe('api: auth', () => {
   let app
+  let validToken
 
   before(() => {
     app = new Server({ isTest: true }).getApp()
@@ -12,31 +13,52 @@ describe('api: auth', () => {
     it('should return 401 given email and password are missing', (done) => {
       supertest(app)
         .post('/api/auth/')
-        .expect(401, { message: 'Missing credentials'}, done)
+        .expect(401, { message: 'Missing credentials' }, done)
     })
     it('should return 401 given email and password are invalid', (done) => {
       supertest(app)
         .post('/api/auth/')
-        .send({email: 'anonymous', password: 'wrongPassword'})
-        .expect(401, { 'message': 'Email ou mot de passe incorrect'}, done)
+        .send({ email: 'anonymous', password: 'wrongPassword' })
+        .expect(401, { 'message': 'Email ou mot de passe incorrect' }, done)
     })
     it('should return 401 given password is invalid', (done) => {
       supertest(app)
         .post('/api/auth/')
-        .send({email: 'peel@univ-lorraine.fr', password: 'wrongPassword'})
-        .expect(401, { message: 'Email ou mot de passe incorrect'}, done)
+        .send({ email: 'peel@univ-lorraine.fr', password: 'wrongPassword' })
+        .expect(401, { message: 'Email ou mot de passe incorrect' }, done)
     })
     it('should return 200 and a token given email and password are valid', (done) => {
       supertest(app)
         .post('/api/auth/')
-        .send({email: 'peel@univ-lorraine.fr', password: 'test'})
+        .send({ email: 'peel@univ-lorraine.fr', password: 'test' })
         .expect(200)
         .expect((res) => {
           if (!('token' in res.body)) {
             throw new Error('Missing token key')
           }
+          validToken = res.body.token
         })
         .end(done)
     })
   })
+
+  describe('When requesting route requiring authentication', () => {
+    it('should return 401 given no token is provided', (done) => {
+      supertest(app)
+        .get('/api/auth/authProtected')
+        .expect(401, done)
+    })
+    it('should return 401 given an invalid token is provided', (done) => {
+      supertest(app)
+        .get('/api/auth/authProtected')
+        .set('Authorization', 'Bearer invalidToken')
+        .expect(401, 'The provided token is invalid', done)
+    })
+    it('should return 401 given an invalid token is provided', (done) => {
+      supertest(app)
+        .get('/api/auth/authProtected')
+        .set('Authorization', `Bearer ${validToken}`)
+        .expect(200, '"pong"', done)
+    })
+  })
 })