Press n or j to go to the next uncovered block, b, p or k for the previous block.
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 | 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 10x 10x 10x 10x 10x 10x 10x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x | import request from 'supertest';
import app from '../../../app';
import db, {syncPromise} from '../../../db';
import {expect} from 'chai';
import config from '../../../config';
import {User} from '../../../models';
import jsonwebtoken from 'jsonwebtoken';
const csrfHeaderName = config.jwt.securityOptions.tokenName;
describe('LoginValidator', () => {
let jwt: string;
let csrf: string;
// Force sync database before each test
beforeEach(async function() {
const csrfHeaderName = config.jwt.securityOptions.tokenName.toLowerCase();
jwt = 'FAIL';
// Get csrf token
csrf = await request(app).head('/auth')
.then((response) => {
// Save jwt cookie
jwt = response.header['set-cookie'].pop().split(';')[0];
return response.header[csrfHeaderName];
});
await syncPromise;
return db.sync({force: true});
});
describe('responses with 400', function() {
it('if no username and password given', () => {
return request(app)
.put('/auth/login')
.set(csrfHeaderName, csrf)
.set('Cookie', [jwt])
.expect(400);
});
it('if user doesn\'t exist', function() {
const body = {
username: 'demo',
password: 'password',
};
return request(app).put('/auth/login')
.set(csrfHeaderName, csrf)
.set('Cookie', [jwt])
.send(body)
.expect(400).then((response) => {
expect(response.body).to.have
.property('message', 'Username or email is invalid');
expect(response.body).to.have
.property('statusCode', 400);
});
});
it('if password is wrong', async function() {
const userData = {
username: 'test',
email: 'test@mail.com',
password: 'testPassword',
};
const loginBody = {
username: 'test',
password: 'wrong password',
};
// Create user in database
await User.create(userData);
await request(app).put('/auth/login')
.send(loginBody)
.set(csrfHeaderName, csrf)
.set('Cookie', [jwt])
.expect(400)
.then((response) => {
expect(response.body).to.have
.property('message', 'Username or email is invalid');
expect(response.body).to.have.property('statusCode', 400);
});
});
});
it('logs in, if user exists and password is correct', async function() {
const userData = {
username: 'test',
email: 'test@mail.com',
password: 'testPassword',
};
const loginBody = {
username: 'test',
password: 'testPassword',
};
// Create user in database
await User.create(userData);
await request(app).put('/auth/login')
.set(csrfHeaderName, csrf)
.set('Cookie', [jwt])
.send(loginBody)
.expect(200)
.then((response) => {
expect(response.body).to.have
.property('username', userData.username);
expect(response.body).to.have.property('email', userData.email);
expect(response.body).to.have.property('createdAt');
expect(response.body).to.have.property('updatedAt');
expect(response.body).to.not.have.property('password');
});
});
describe('responses with 401', function() {
it('if request is missing a jwt token', function() {
const loginBody = {
username: 'test',
password: 'testPassword',
};
return request(app).put('/auth/login')
.send(loginBody)
.expect(401);
});
it('if jwt token exists but without secret', function() {
const loginBody = {
username: 'test',
password: 'testPassword',
};
return request(app).put('/auth/login')
.send(loginBody)
.expect(401);
});
it('if csrf header exist but no jwt', function() {
const loginBody = {
username: 'test',
password: 'testPassword',
};
jwt = jsonwebtoken.sign({username: 'username'},
config.jwt.secret,
config.jwt.getOptions());
return request(app).put('/auth/login')
.send(loginBody)
.set('Cookie', [jwt])
.expect(401);
});
it('if jwt token with secret exists ' +
'but no header for the csrf token', function() {
const loginBody = {
username: 'test',
password: 'testPassword',
};
return request(app).put('/auth/login')
.set('Cookie', [jwt])
.send(loginBody)
.expect(401);
});
it('if jwt token and csrf header ' +
'exist, but jwt token has no secret', function() {
const loginBody = {
username: 'test',
password: 'testPassword',
};
jwt = jsonwebtoken.sign({username: 'username'},
config.jwt.secret,
config.jwt.getOptions());
return request(app).put('/auth/login')
.set(csrfHeaderName, csrf)
.set('Cookie', [jwt])
.send(loginBody)
.expect(401);
});
it('if jwt token with secret and csrf ' +
'header exist, but they don\'t belong together', function() {
const loginBody = {
username: 'test',
password: 'testPassword',
};
return request(app).put('/auth/login')
.set(csrfHeaderName, 'FAIL')
.set('Cookie', [jwt])
.send(loginBody)
.expect(401);
});
});
});
|