add login route tests

Author: janishar

src/auth/authUtils.ts

@@ -6,11 +6,11 @@ import { IUser } from '../database/model/User';
 import { tokenInfo } from '../config';
 
 export const validateTokenData = async (payload: JwtPayload, userId: Types.ObjectId): Promise<JwtPayload> => {
-	// if (!payload || !payload.iss || !payload.sub || !payload.aud || !payload.prm
-	// 	|| payload.iss !== tokenInfo.issuer
-	// 	|| payload.aud !== tokenInfo.audience
-	// 	|| payload.sub !== userId.toHexString())
-	// 	throw new AuthFailureError('Invalid Access Token');
+	if (!payload || !payload.iss || !payload.sub || !payload.aud || !payload.prm
+		|| payload.iss !== tokenInfo.issuer
+		|| payload.aud !== tokenInfo.audience
+		|| payload.sub !== userId.toHexString())
+		throw new AuthFailureError('Invalid Access Token');
 	return payload;
 };
 

tests/auth/authentication/index.test.ts

@@ -63,9 +63,7 @@ describe('authentication validation', () => {
 	});
 
 	it('Should response with 404 if correct x-access-token and x-user-id header are provided', async () => {
-		const response = await addHeaders(request.get(endpoint))
-			.set('x-access-token', ACCESS_TOKEN)
-			.set('x-user-id', USER_ID.toHexString());
+		const response = await addAuthHeaders(request.get(endpoint));
 		expect(response.body.message).not.toMatch(/not registered/);
 		expect(response.body.message).not.toMatch(/token/i);
 		expect(response.status).toBe(404);

tests/auth/authorization/index.test.ts

@@ -1,4 +1,7 @@
 import { addAuthHeaders } from '../authentication/mock';
+
+// import the mock for the current test after all other mock imports
+// this will prevent the different implementations by the other mock
 import { mockRoleRepoyFindByCode, mockUserFindByIdForWriter } from './mock';
 
 import app from '../../../src/app';

tests/core/jwt/index.test.ts

@@ -1,4 +1,4 @@
-import { readFileSpy, ACCESS_TOKEN } from './mock';
+import { readFileSpy } from './mock';
 import JWT, { JwtPayload, ValidationParams } from '../../../src/core/JWT';
 import { BadTokenError, TokenExpiredError } from '../../../src/core/ApiError';
 

tests/core/jwt/mock.ts

@@ -1,5 +1,3 @@
 import fs from 'fs';
 
-export const ACCESS_TOKEN = 'eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJhZnRlcmFjYWRlbXkuY29tIiwiYXVkIjoiYWZ0ZXJhY2FkZW15X3VzZXJzIiwic3ViIjoiNWU3Yjk1OTIzMDg1ODcyZDNjMzc4ZjM1IiwiaWF0IjoxNTg1Mzk5MDY0LCJleHAiOjE1ODc5OTEwNjQsInBybSI6Ijk1MTY0ZTBlZjFiMDI1ZDJlNGI3ZGNmMzQwNjI0YTc0MTgwZjdhM2RhYWFiMzZhMDU1OTgwNjQ2ZGUzNmFlMGI2N2ZjODZjNGNkNmYxZmQzOTk0Y2Q0MWE5YmE3NjliMWFhMzQ0OTE4YWNiOTFkYmZhYjQ0ZmU0ZmMxZjc4ZGYyIn0.NYojtQhOx151ObtYiPLRIZkNV36ptMj-ZCihgcs2WZu4EDKsLjn3vuBpyK0BNESO1QBOMBh631vm3mCYTl3bCg';
-
 export const readFileSpy = jest.spyOn(fs, 'readFile');

tests/routes/v1/login/index.test.ts

@@ -0,0 +1,100 @@
+import { addHeaders } from '../../../auth/authentication/mock';
+
+// the mock for this class should be below all other mock imports
+import {
+	mockKeystoreCreate, mockUserFindByEmail, USER_EMAIL, USER_PASSWORD
+} from './mock';
+
+import supertest from 'supertest';
+import app from '../../../../src/app';
+
+describe('Login Route', () => {
+
+	const endpoint = '/v1/login/basic';
+	const request = supertest(app);
+
+	beforeAll(() => {
+		mockKeystoreCreate.mockClear();
+		mockUserFindByEmail.mockClear();
+	});
+
+	it('Should throw error when empty body is sent', async () => {
+		const response = await addHeaders(request.post(endpoint));
+		expect(response.status).toBe(400);
+	});
+
+	it('Should throw error when email is only sent', async () => {
+		const response = await addHeaders(request.post(endpoint)
+			.send({ email: USER_EMAIL })
+		);
+		expect(response.status).toBe(400);
+		expect(response.body.message).toMatch(/password/);
+	});
+
+	it('Should throw error when password is only sent', async () => {
+		const response = await addHeaders(request.post(endpoint)
+			.send({ password: USER_PASSWORD })
+		);
+		expect(response.status).toBe(400);
+		expect(response.body.message).toMatch(/email/);
+	});
+
+	it('Should throw error when email is not valid format', async () => {
+		const response = await addHeaders(request.post(endpoint)
+			.send({ email: '123' })
+		);
+		expect(response.status).toBe(400);
+		expect(response.body.message).toMatch(/valid email/);
+	});
+
+	it('Should throw error when password is not valid format', async () => {
+		const response = await addHeaders(request.post(endpoint)
+			.send({
+				email: '[email protected]',
+				password: '123'
+			}));
+		expect(response.status).toBe(400);
+		expect(response.body.message).toMatch(/password length/);
+		expect(response.body.message).toMatch(/6 char/);
+	});
+
+	it('Should throw error when user not registered for email', async () => {
+		const response = await addHeaders(request.post(endpoint)
+			.send({
+				email: '[email protected]',
+				password: '123456',
+			}));
+		expect(response.status).toBe(400);
+		expect(response.body.message).toMatch(/not registered/);
+	});
+
+	it('Should throw error for wrong password', async () => {
+		const response = await addHeaders(request.post(endpoint)
+			.send({
+				email: USER_EMAIL,
+				password: '123456',
+			}));
+		expect(response.status).toBe(401);
+		expect(response.body.message).toMatch(/authentication failure/i);
+	});
+
+	it('Should send success response for correct credentials', async () => {
+		const response = await addHeaders(request.post(endpoint)
+			.send({
+				email: USER_EMAIL,
+				password: USER_PASSWORD,
+			}));
+		expect(response.status).toBe(200);
+		expect(response.body.message).toMatch(/Success/i);
+		expect(response.body.data).toBeDefined();
+
+		expect(response.body.data.user).toHaveProperty('_id');
+		expect(response.body.data.user).toHaveProperty('name');
+		expect(response.body.data.user).toHaveProperty('roles');
+		expect(response.body.data.user).toHaveProperty('profilePicUrl');
+
+		expect(response.body.data.tokens).toBeDefined();
+		expect(response.body.data.tokens).toHaveProperty('accessToken');
+		expect(response.body.data.tokens).toHaveProperty('refreshToken');
+	});
+});

tests/routes/v1/login/mock.ts

@@ -0,0 +1,44 @@
+import { USER_ID } from '../../../auth/authentication/mock';
+import { IKeystore } from '../../../../src/database/model/Keystore';
+import { IUser } from '../../../../src/database/model/User';
+import { Types } from 'mongoose';
+import bcrypt from 'bcrypt';
+
+export const USER_EMAIL = '[email protected]';
+export const USER_PASSWORD = 'abc123';
+export const USER_PASSWORD_HASH = bcrypt.hashSync(USER_PASSWORD, 10);
+
+export const mockKeystoreCreate =
+	jest.fn(
+		async (client: IUser, primaryKey: string, secondaryKey: string): Promise<IKeystore> => {
+			return <IKeystore>{
+				_id: new Types.ObjectId(),
+				client: client,
+				primaryKey: primaryKey,
+				secondaryKey: secondaryKey
+			};
+		});
+
+export const mockUserFindByEmail =
+	jest.fn(async (email: string): Promise<IUser> => {
+		if (email === USER_EMAIL) return <IUser>{
+			_id: USER_ID,
+			email: USER_EMAIL,
+			password: USER_PASSWORD_HASH,
+			name: 'abc',
+			profilePicUrl: 'abc',
+			roles: []
+		};
+		return null;
+	});
+
+jest.mock('../../../../src/database/repository/KeystoreRepo', () => ({
+	get create() { return mockKeystoreCreate; }
+}));
+
+
+jest.mock('../../../../src/database/repository/UserRepo', () => ({
+	get findByEmail() { return mockUserFindByEmail; }
+}));
+
+jest.unmock('../../../../src/auth/authUtils');