Permalink
Browse files

Updated auth example for express 3.x. With a test.

  • Loading branch information...
1 parent 6368ab4 commit a8c73649ce2b468a9dfff2d255f0a817b14ebb4b @slaskis slaskis committed with tj Dec 10, 2011
Showing with 94 additions and 24 deletions.
  1. +1 −1 Makefile
  2. +21 −23 examples/auth/app.js
  3. +72 −0 test/acceptance/auth.js
View
@@ -35,4 +35,4 @@ benchmark:
docclean:
rm -f docs/*.{1,html}
-.PHONY: site test benchmark docs docclean test-acceptance
+.PHONY: site test benchmark docs docclean test-acceptance
View
@@ -6,28 +6,25 @@
var express = require('../../lib/express')
, crypto = require('crypto');
-var app = express.createServer(
- express.bodyParser()
- , express.cookieParser()
- , express.session({ secret: 'keyboard cat' })
-);
+var app = module.exports = express()
+
+app.use(express.bodyParser())
+app.use(express.cookieParser('shhhh, very secret'))
+app.use(express.session({ secret: 'keyboard cat' }))
app.set('views', __dirname + '/views');
-app.set('view engine', 'ejs');
// Message helper, ideally we would use req.flash()
// however this is more light-weight for an example
-
-app.dynamicHelpers({
- message: function(req){
- var err = req.session.error
- , msg = req.session.success;
- delete req.session.error;
- delete req.session.success;
- if (err) return '<p class="msg error">' + err + '</p>';
- if (msg) return '<p class="msg success">' + msg + '</p>';
- }
-});
+app.locals.use(function(req,res){
+ var err = req.session.error
+ , msg = req.session.success;
+ delete req.session.error;
+ delete req.session.success;
+ res.locals.message = '';
+ if (err) res.locals.message = '<p class="msg error">' + err + '</p>';
+ if (msg) res.locals.message = '<p class="msg success">' + msg + '</p>';
+})
// Generate a salt for the user to prevent rainbow table attacks
// for better security take a look at the bcrypt c++ addon:
@@ -70,12 +67,13 @@ function restrict(req, res, next) {
}
function accessLogger(req, res, next) {
- console.log('/restricted accessed by %s', req.session.user.name);
+ if( process.env.NODE_ENV !== 'test' )
+ console.log('/restricted accessed by %s', req.session.user.name);
next();
}
app.get('/', function(req, res){
- res.redirect('/login');
+ res.redirect('login');
});
app.get('/restricted', restrict, accessLogger, function(req, res){
@@ -86,7 +84,7 @@ app.get('/logout', function(req, res){
// destroy the user's session to log them out
// will be re-created next request
req.session.destroy(function(){
- res.redirect('home');
+ res.redirect('/');
});
});
@@ -96,7 +94,7 @@ app.get('/login', function(req, res){
+ ' click to <a href="/logout">logout</a>. '
+ ' You may now access <a href="/restricted">/restricted</a>.';
}
- res.render('login');
+ res.render('login.ejs');
});
app.post('/login', function(req, res){
@@ -109,13 +107,13 @@ app.post('/login', function(req, res){
// in the session store to be retrieved,
// or in this case the entire user object
req.session.user = user;
- res.redirect('back');
+ res.redirect('restricted');
});
} else {
req.session.error = 'Authentication failed, please check your '
+ ' username and password.'
+ ' (use "tj" and "foobar")';
- res.redirect('back');
+ res.redirect('login');
}
});
});
View
@@ -0,0 +1,72 @@
+var app = require('../../examples/auth/app')
+ , request = require('../support/http')
+ , should = require('should');
+
+describe('examples', function(){
+ describe('auth', function(){
+ var cookie;
+ it('should redirect to /login', function(done){
+ request(app)
+ .get('/')
+ .end(function(res){
+ res.statusCode.should.equal(302);
+ res.headers.should.have.property('location').match(/\/login$/);
+ done();
+ })
+ })
+ it('should be restricted', function(done){
+ request(app)
+ .get('/restricted')
+ .end(function(res){
+ res.statusCode.should.equal(302);
+ res.headers.should.have.property('location').match(/\/login$/);
+ done();
+ })
+ })
+ it('should fail to authenticate', function(done){
+ request(app)
+ .post('/login')
+ .write('&username=not-tj&password=foobar')
+ .end(function(res){
+ res.statusCode.should.equal(302);
+ res.headers.should.have.property('location').match(/\/login$/);
+ done();
+ })
+ })
+ it('should authenticate', function(done){
+ request(app)
+ .post('/login')
+ .set('content-type','application/x-www-form-urlencoded')
+ .write('&username=tj&password=foobar')
+ .end(function(res){
+ res.statusCode.should.equal(302);
+ res.headers.should.have.property('location').match(/\/restricted$/);
+ cookie = res.headers['set-cookie'][0].split(';')[0];
+ cookie.should.match(/^connect.sid=/)
+ done();
+ })
+ })
+ it('should not be restricted with an authenticated session cookie',function(done){
+ request(app)
+ .get('/restricted')
+ .set('cookie',cookie)
+ .expect(200,done)
+ })
+ it('should logout',function(done){
+ request(app)
+ .get('/logout')
+ .set('cookie',cookie)
+ .end(function(res){
+ res.statusCode.should.equal(302);
+ res.headers.should.not.have.property('set-cookie')
+ done();
+ })
+ })
+ it('should be restricted again',function(done){
+ request(app)
+ .get('/restricted')
+ .set('cookie',cookie)
+ .expect(302,done)
+ })
+ })
+})

0 comments on commit a8c7364

Please sign in to comment.