Create user authenticate workflow (#2)

Author: Matheus Ishiyama

package.json

@@ -28,6 +28,7 @@
         "dotenv": "^8.2.0",
         "email-validator": "^2.0.4",
         "express": "^4.17.1",
+        "jsonwebtoken": "^8.5.1",
         "mongoose": "^5.12.3",
         "nodemailer": "^6.5.0"
     },

src/app.js

@@ -7,5 +7,6 @@ app.use(express.urlencoded({ extended: true }));
 
 //* routes
 app.use("/user", require("./routes/user"));
+app.use("/auth", require("./routes/auth"));
 
 module.exports = app;

src/middlewares/validateAuth.js

@@ -0,0 +1,10 @@
+const validateAuth = (req, res, next) => {
+    if (!req.body.username)
+        return res.status(400).json({ message: "No username provided" });
+    if (!req.body.password)
+        return res.status(400).json({ message: "No password provided" });
+
+    next();
+};
+
+module.exports = validateAuth;

src/middlewares/validateCode.js

@@ -1,4 +1,4 @@
-module.exports = (req, res, next) => {
+const validateCode = (req, res, next) => {
     if (!req.params.verifyCode)
         return res.status(400).json({ message: "No verifyCode provided" });
 
@@ -7,3 +7,5 @@ module.exports = (req, res, next) => {
 
     next();
 };
+
+module.exports = validateCode;

src/middlewares/validateRegister.js

@@ -2,8 +2,7 @@ const User = require("../models/user");
 const EmailValidator = require("email-validator");
 const validateBody = require("../services/validateBody");
 
-module.exports = async (req, res, next) => {
-    if (!req.body) return res.status(400).json({ message: "No body provided" });
+const validateRegister = async (req, res, next) => {
     const { username, name, email, password, checkPassword } = req.body;
 
     //* validate body
@@ -38,7 +37,11 @@ module.exports = async (req, res, next) => {
     const emailExists = await User.findOne({ email });
 
     if (userExists || emailExists)
-        return res.status(400).json({ message: "Username or Email already exists"});
+        return res
+            .status(400)
+            .json({ message: "Username or Email already exists" });
 
     next();
 };
+
+module.exports = validateRegister;

src/routes/auth.js

@@ -0,0 +1,11 @@
+const express = require("express");
+const authRoutes = express.Router();
+const authenticate = require("../services/authenticate");
+const validateAuth = require('../middlewares/validateAuth');
+
+authRoutes.post("/", validateAuth, (req, res) => {
+    const { username, password } = req.body;
+    authenticate(username, password, res);
+});
+
+module.exports = authRoutes;

src/services/authenticate.js

@@ -0,0 +1,36 @@
+const User = require("../models/user");
+const checkPassword = require("./password");
+const jwt = require("jsonwebtoken");
+require("dotenv").config();
+
+const authenticate = async (username, password, res) => {
+    if (!username)
+        return res.status(400).json({ message: "No username provided" });
+
+    if (!password)
+        return res.status(400).json({ message: "No password provided" });
+
+    const userExists = await User.findOne({ username });
+
+    if (userExists) {
+        const isValid = checkPassword.validate(password, userExists.password);
+
+        if (isValid) {
+            userExists.password = undefined;
+
+            if (!userExists.verified)
+                return res.status(401).json({ message: "User unverified" });
+
+            const token = jwt.sign(userExists.username, process.env.JWT_SECRET);
+
+            return res.status(202).json({ token });
+        }
+
+        return res
+            .status(401)
+            .json({ message: "Invalid username or password" });
+    }
+    return res.status(401).json({ message: "Invalid username or password" });
+};
+
+module.exports = authenticate;

src/tests/integration/validateRegister.test.js renamed to src/tests/integration/validateRegister.spec.js

@@ -26,17 +26,6 @@ describe("test validateRegister middleware", () => {
         console.log("[DEV_DATABASE] Connected");
     });
 
-    it("undefined body", async () => {
-        const req = mockRequest();
-        const res = mockResponse();
-
-        const response = await validateRegister(req, res);
-        expect(response.status).toHaveBeenCalledWith(400);
-        expect(response.json).toHaveBeenCalledWith({
-            message: "No body provided",
-        });
-    });
-
     describe('test body["username"]', () => {
         it("undefined username", async () => {
             const req = mockRequest({ email: "test" });

src/tests/units/authenticate.js

@@ -0,0 +1,125 @@
+const authenticate = require("../../services/authenticate");
+const password = require("../../services/password");
+const User = require("../../models/user");
+const mongoose = require("mongoose");
+require("dotenv").config();
+
+const mockResponse = () => {
+    const res = {};
+    res.status = jest.fn().mockReturnValue(res);
+    res.json = jest.fn().mockReturnValue(res);
+    return res;
+};
+
+beforeAll(async () => {
+    await mongoose.disconnect();
+    await mongoose.connect(process.env.MONGO_DEV, {
+        useCreateIndex: true,
+        useUnifiedTopology: true,
+        useNewUrlParser: true,
+        useFindAndModify: false,
+    });
+
+    console.log("[DEV_DATABASE] Connected");
+});
+
+afterAll(async () => {
+    await User.findOneAndDelete({ username: "test_test" });
+    await User.findOneAndDelete({ username: "testTesting" });
+    await User.findOneAndDelete({ username: "test123test" });
+    await mongoose.disconnect();
+    console.log("[DEV_DATABASE] Disconnected");
+});
+
+describe("test authenticate", () => {
+    it("undefined username", async () => {
+        const res = mockResponse();
+
+        const response = await authenticate(undefined, undefined, res);
+        expect(response.status).toHaveBeenCalledWith(400);
+        expect(response.json).toHaveBeenCalledWith({
+            message: "No username provided",
+        });
+    });
+
+    it("undefined password", async () => {
+        const res = mockResponse();
+
+        const response = await authenticate("test_test", undefined, res);
+        expect(response.status).toHaveBeenCalledWith(400);
+        expect(response.json).toHaveBeenCalledWith({
+            message: "No password provided",
+        });
+    });
+
+    it("invalid username", async () => {
+        const res = mockResponse();
+
+        const response = await authenticate("test_test", "testTEST12!@", res);
+        expect(response.status).toHaveBeenCalledWith(401);
+        expect(response.json).toHaveBeenCalledWith({
+            message: "Invalid username or password",
+        });
+    });
+
+    it("invalid password", async () => {
+        const res = mockResponse();
+        const pwd = await password.hash("test");
+        const user = new User({
+            username: "test_test",
+            name: "test_test",
+            email: "[email protected]",
+            verifyCode: "testtest",
+            verified: false,
+            password: pwd,
+            createdAt: Date.now(),
+        });
+        await user.save();
+
+        const response = await authenticate("test_test", "testTEST12!@", res);
+        expect(response.status).toHaveBeenCalledWith(401);
+        expect(response.json).toHaveBeenCalledWith({
+            message: "Invalid username or password",
+        });
+    });
+
+    it("valid username and password but not verified", async () => {
+        const res = mockResponse();
+        const pwd = await password.hash("test");
+        const user = new User({
+            username: "testTesting",
+            name: "test_test",
+            email: "[email protected]",
+            verifyCode: "testtest",
+            verified: false,
+            password: pwd,
+            createdAt: Date.now(),
+        });
+        await user.save();
+
+        const response = await authenticate("testTesting", "test", res);
+        expect(response.status).toHaveBeenCalledWith(401);
+        expect(response.json).toHaveBeenCalledWith({
+            message: "User unverified",
+        });
+    });
+
+    it("valid username and password", async () => {
+        const res = mockResponse();
+        const pwd = await password.hash("test");
+        const user = new User({
+            username: "test123test",
+            name: "test_test",
+            email: "[email protected]",
+            verifyCode: "verified",
+            verified: true,
+            password: pwd,
+            createdAt: Date.now(),
+        });
+        await user.save();
+
+        const response = await authenticate("test123test", "test", res);
+        expect(response.status).toHaveBeenCalledWith(202);
+        expect(response.json).toHaveBeenCalled();
+    });
+});

src/tests/units/validateAuth.spec.js

@@ -0,0 +1,45 @@
+const validateAuth = require("../../middlewares/validateAuth");
+
+const mockRequest = (content) => {
+    return { body: content };
+};
+
+const mockResponse = () => {
+    const res = {};
+    res.status = jest.fn().mockReturnValue(res);
+    res.json = jest.fn().mockReturnValue(res);
+    return res;
+};
+
+describe("test validate auth", () => {
+    it("undefined username", () => {
+        const req = mockRequest({ username: undefined });
+        const res = mockResponse();
+
+        const response = validateAuth(req, res);
+        expect(response.status).toHaveBeenCalledWith(400);
+        expect(response.json).toHaveBeenCalledWith({
+            message: "No username provided",
+        });
+    });
+
+    it("undefined password", () => {
+        const req = mockRequest({ username: "Test" });
+        const res = mockResponse();
+
+        const response = validateAuth(req, res);
+        expect(response.status).toHaveBeenCalledWith(400);
+        expect(response.json).toHaveBeenCalledWith({
+            message: "No password provided",
+        });
+    });
+
+    it("username and password provided", async () => {
+        const req = mockRequest({ username: "Test", password: "test" });
+        const res = mockResponse();
+        const next = jest.fn();
+
+        await validateAuth(req, res, next);
+        expect(next).toHaveBeenCalled();
+    });
+});