Add tests for auth endpoints.

Author: oampo

package.json

@@ -4,7 +4,8 @@
   "description": "",
   "main": "index.js",
   "scripts": {
-    "start": "node server.js"
+    "start": "node server.js",
+    "test": "mocha"
   },
   "keywords": [],
   "author": "",
@@ -22,9 +23,9 @@
     "passport-jwt": "^2.2.1"
   },
   "devDependencies": {
-    "chai": "^3.5.0",
+    "chai": "^4.0.1",
     "chai-http": "^3.0.0",
     "faker": "^3.1.0",
-    "mocha": "^3.2.0"
+    "mocha": "^3.4.2"
   }
 }

test/test-auth.js

@@ -0,0 +1,208 @@
+global.DATABASE_URL = 'mongodb://localhost/jwt-auth-demo-test';
+const chai = require('chai');
+const chaiHttp = require('chai-http');
+const jwt = require('jsonwebtoken');
+
+const {app, runServer, closeServer} = require('../server');
+const {User} = require('../users');
+const {JWT_SECRET} = require('../config');
+
+const expect = chai.expect;
+
+
+// This let's us make HTTP requests
+// in our tests.
+// see: https://github.com/chaijs/chai-http
+chai.use(chaiHttp);
+
+
+describe('Auth endpoints', function() {
+  const username = 'exampleUser';
+  const password = 'examplePass';
+  const firstName = 'Example';
+  const lastName = 'User';
+
+  before(function() {
+    return runServer();
+  });
+
+  after(function() {
+    return closeServer();
+  });
+
+  beforeEach(function() {
+    return User.hashPassword(password).then(password =>
+      User.create({
+        username,
+        password,
+        firstName,
+        lastName
+      })
+    );
+  });
+
+  afterEach(function() {
+    return User.remove({});
+  });
+
+  describe('/api/auth/login', function() {
+    it('Should reject requests with no credentials', function() {
+      return chai.request(app)
+        .post('/api/auth/login')
+        .then(() => expect.fail(null, null, 'Request should not succeed'))
+        .catch(err => {
+          if (err instanceof chai.AssertionError) {
+            throw err;
+          }
+
+          const res = err.response;
+          expect(res).to.have.status(401);
+        });
+    });
+    it('Should reject requests with incorrect usernames', function() {
+      return chai.request(app)
+        .post('/api/auth/login')
+        .auth('wrongUsername', password)
+        .then(() => expect.fail(null, null, 'Request should not succeed'))
+        .catch(err => {
+          if (err instanceof chai.AssertionError) {
+            throw err;
+          }
+
+          const res = err.response;
+          expect(res).to.have.status(401);
+        });
+    });
+    it('Should reject requests with incorrect passwords', function() {
+      return chai.request(app)
+        .post('/api/auth/login')
+        .auth(username, 'wrongPassword')
+        .then(() => expect.fail(null, null, 'Request should not succeed'))
+        .catch(err => {
+          if (err instanceof chai.AssertionError) {
+            throw err;
+          }
+
+          const res = err.response;
+          expect(res).to.have.status(401);
+        });
+    });
+    it('Should return a valid auth token', function() {
+      return chai.request(app)
+        .post('/api/auth/login')
+        .auth(username, password)
+        .then(res => {
+          expect(res).to.have.status(200);
+          expect(res.body).to.be.an('object');
+          const token = res.body.authToken;
+          expect(token).to.be.a('string');
+          const payload = jwt.verify(token, JWT_SECRET, {
+            algorithm:  ["HS256"]
+          });
+          expect(payload.user).to.deep.equal({
+            username,
+            firstName,
+            lastName
+          });
+        })
+    });
+  });
+
+  describe('/api/auth/refresh', function() {
+    it('Should reject requests with no credentials', function() {
+      return chai.request(app)
+        .post('/api/auth/refresh')
+        .then(() => expect.fail(null, null, 'Request should not succeed'))
+        .catch(err => {
+          if (err instanceof chai.AssertionError) {
+            throw err;
+          }
+
+          const res = err.response;
+          expect(res).to.have.status(401);
+        });
+    });
+    it('Should reject requests with an invalid token', function() {
+      const token = jwt.sign({
+        username,
+        firstName,
+        lastName
+      }, 'wrongSecret', {
+        algorithm: 'HS256',
+        expiresIn: '7d'
+      });
+
+      return chai.request(app)
+        .post('/api/auth/refresh')
+        .set('Authorization', `Bearer ${token}`)
+        .then(() => expect.fail(null, null, 'Request should not succeed'))
+        .catch(err => {
+          if (err instanceof chai.AssertionError) {
+            throw err;
+          }
+
+          const res = err.response;
+          expect(res).to.have.status(401);
+        });
+    });
+    it('Should reject requests with an expired token', function() {
+      const token = jwt.sign({
+        user: {
+          username,
+          firstName,
+          lastName
+        },
+        exp: Math.floor(Date.now() / 1000) - 10 // Expired ten seconds ago
+      }, JWT_SECRET, {
+        algorithm: 'HS256',
+        subject: username
+      });
+
+      return chai.request(app)
+        .post('/api/auth/refresh')
+        .set('authorization', `Bearer ${token}`)
+        .then(() => expect.fail(null, null, 'Request should not succeed'))
+        .catch(err => {
+          if (err instanceof chai.AssertionError) {
+            throw err;
+          }
+
+          const res = err.response;
+          expect(res).to.have.status(401);
+        });
+    });
+    it('Should return a valid auth token with a newer expiry date', function() {
+      const token = jwt.sign({
+        user: {
+          username,
+          firstName,
+          lastName
+        },
+      }, JWT_SECRET, {
+        algorithm: 'HS256',
+        subject: username,
+        expiresIn: '7d'
+      });
+      const decoded = jwt.decode(token);
+
+      return chai.request(app)
+        .post('/api/auth/refresh')
+        .set('authorization', `Bearer ${token}`)
+        .then(res => {
+          expect(res).to.have.status(200);
+          expect(res.body).to.be.an('object');
+          const token = res.body.authToken;
+          expect(token).to.be.a('string');
+          const payload = jwt.verify(token, JWT_SECRET, {
+            algorithm:  ["HS256"]
+          });
+          expect(payload.user).to.deep.equal({
+            username,
+            firstName,
+            lastName
+          });
+          expect(payload.exp).to.be.at.least(decoded.exp);
+        });
+    });
+  });
+});

yarn.lock

@@ -99,13 +99,20 @@ chai-http@^3.0.0:
     qs "^6.2.0"
     superagent "^2.0.0"
 
-chai@^3.5.0:
-  version "3.5.0"
-  resolved "https://registry.yarnpkg.com/chai/-/chai-3.5.0.tgz#4d02637b067fe958bdbfdd3a40ec56fef7373247"
+chai@^4.0.1:
+  version "4.0.1"
+  resolved "https://registry.yarnpkg.com/chai/-/chai-4.0.1.tgz#9e41e808e17a7f10807721e2ac5a589d5bb09082"
   dependencies:
     assertion-error "^1.0.1"
-    deep-eql "^0.1.3"
-    type-detect "^1.0.0"
+    check-error "^1.0.1"
+    deep-eql "^2.0.1"
+    get-func-name "^2.0.0"
+    pathval "^1.0.0"
+    type-detect "^4.0.0"
+
+check-error@^1.0.1:
+  version "1.0.2"
+  resolved "https://registry.yarnpkg.com/check-error/-/check-error-1.0.2.tgz#574d312edd88bb5dd8912e9286dd6c0aed4aac82"
 
 combined-stream@^1.0.5:
   version "1.0.5"
@@ -175,11 +182,11 @@ debug@2.6.4, debug@^2.2.0:
   dependencies:
     ms "0.7.3"
 
-deep-eql@^0.1.3:
-  version "0.1.3"
-  resolved "https://registry.yarnpkg.com/deep-eql/-/deep-eql-0.1.3.tgz#ef558acab8de25206cd713906d74e56930eb69f2"
+deep-eql@^2.0.1:
+  version "2.0.2"
+  resolved "https://registry.yarnpkg.com/deep-eql/-/deep-eql-2.0.2.tgz#b1bac06e56f0a76777686d50c9feb75c2ed7679a"
   dependencies:
-    type-detect "0.1.1"
+    type-detect "^3.0.0"
 
 delayed-stream@~1.0.0:
   version "1.0.0"
@@ -309,6 +316,10 @@ fs.realpath@^1.0.0:
   version "1.0.0"
   resolved "https://registry.yarnpkg.com/fs.realpath/-/fs.realpath-1.0.0.tgz#1504ad2523158caa40db4a2787cb01411994ea4f"
 
+get-func-name@^2.0.0:
+  version "2.0.0"
+  resolved "https://registry.yarnpkg.com/get-func-name/-/get-func-name-2.0.0.tgz#ead774abee72e20409433a066366023dd6887a41"
+
 glob@7.1.1:
   version "7.1.1"
   resolved "https://registry.yarnpkg.com/glob/-/glob-7.1.1.tgz#805211df04faaf1c63a3600306cdf5ade50b2ec8"
@@ -527,9 +538,9 @@ mkdirp@0.5.1:
   dependencies:
     minimist "0.0.8"
 
-mocha@^3.2.0:
-  version "3.3.0"
-  resolved "https://registry.yarnpkg.com/mocha/-/mocha-3.3.0.tgz#d29b7428d3f52c82e2e65df1ecb7064e1aabbfb5"
+mocha@^3.4.2:
+  version "3.4.2"
+  resolved "https://registry.yarnpkg.com/mocha/-/mocha-3.4.2.tgz#d0ef4d332126dbf18d0d640c9b382dd48be97594"
   dependencies:
     browser-stdout "1.3.0"
     commander "2.9.0"
@@ -682,6 +693,10 @@ path-to-regexp@0.1.7:
   version "0.1.7"
   resolved "https://registry.yarnpkg.com/path-to-regexp/-/path-to-regexp-0.1.7.tgz#df604178005f522f15eb4490e7247a1bfaa67f8c"
 
+pathval@^1.0.0:
+  version "1.1.0"
+  resolved "https://registry.yarnpkg.com/pathval/-/pathval-1.1.0.tgz#b942e6d4bde653005ef6b71361def8727d0645e0"
+
 pause@0.0.1:
   version "0.0.1"
   resolved "https://registry.yarnpkg.com/pause/-/pause-0.0.1.tgz#1d408b3fdb76923b9543d96fb4c9dfd535d9cb5d"
@@ -824,13 +839,13 @@ topo@1.x.x:
   dependencies:
     hoek "2.x.x"
 
-type-detect@0.1.1:
-  version "0.1.1"
-  resolved "https://registry.yarnpkg.com/type-detect/-/type-detect-0.1.1.tgz#0ba5ec2a885640e470ea4e8505971900dac58822"
+type-detect@^3.0.0:
+  version "3.0.0"
+  resolved "https://registry.yarnpkg.com/type-detect/-/type-detect-3.0.0.tgz#46d0cc8553abb7b13a352b0d6dea2fd58f2d9b55"
 
-type-detect@^1.0.0:
-  version "1.0.0"
-  resolved "https://registry.yarnpkg.com/type-detect/-/type-detect-1.0.0.tgz#762217cc06db258ec48908a1298e8b95121e8ea2"
+type-detect@^4.0.0:
+  version "4.0.3"
+  resolved "https://registry.yarnpkg.com/type-detect/-/type-detect-4.0.3.tgz#0e3f2670b44099b0b46c284d136a7ef49c74c2ea"
 
 type-is@~1.6.14:
   version "1.6.15"