Fix async errors, hash user password before saving

... and verify user before posting something

Author: roschaefer

features/env/database.js

@@ -1,6 +1,7 @@
 const {Before, AfterAll, BeforeAll} = require('cucumber');
 const mongoose = require('mongoose');
 const sinon = require('sinon');
+
 const userSchema = require('../../human-connection-api/server/models/users.model.js');
 
 mongoose.connect("mongodb://localhost/hc_api_test");
@@ -15,14 +16,17 @@ let User;
 db.on('error', console.error.bind(console, 'connection error:'));
 db.once('open', function() {
   User = userSchema(app); // initialize User model
-
 });
 
 // Asynchronous Promise
-Before(function () {
-  User.remove();
+Before(function(_, callback) {
+  User.remove(function (err) {
+    if(err) throw(err);
+    callback();
+  });
 });
 
-AfterAll(function() {
-  return db.close();
+AfterAll(function(callback) {
+  db.close();
+  callback();
 });

features/importPost.feature

@@ -29,15 +29,16 @@ Feature: Import a post from an organization and publish it in Human Connection
 
   Scenario: Publish a post
     Given I am authenticated
+    And my user account is verified
     When I send a POST request to "/contributions" with:
     """
     {
       "title": "Cool title",
       "content": "<p>A nice content</p>",
       "contentExcerpt": "Nice",
-      "type": 'post',
-      "language": 'de',
-      "categoryIds: ['5ac7768f8d655d2ee6d48fe4']
+      "type": "post",
+      "language": "de",
+      "categoryIds": ["5ac7768f8d655d2ee6d48fe4"]
     }
     """
     Then a new post should be created

features/step_definitions/steps.js

@@ -1,5 +1,28 @@
 const { Given, When, Then } = require('cucumber');
+const fetch = require('node-fetch');
 const mongoose = require('mongoose');
+const expect = require('chai').expect;
+// Hack: Directly accessing the default password hashing function
+const encrypt = require('../../node_modules/feathers-authentication-local/lib/utils/hash');
+
+let currentUser, currentUserPassword, httpResponse, currentUserAccessToken;
+const hcBackendUrl = 'http://localhost:3030';
+
+
+function authenticate(email, plainTextPassword){
+  const formData = {
+    email: email,
+    password: plainTextPassword,
+    strategy: 'local',
+  };
+  return fetch(`${hcBackendUrl}/authentication`, {
+    method: 'post',
+    body: JSON.stringify(formData),
+    headers: { 'Content-Type': 'application/json' },
+  }).then(response => response.json()).then((json) => {
+    return json.accessToken;
+  });
+}
 
 Given('the Human Connection API is up and running', function () {
   // Just documentation
@@ -9,30 +32,53 @@ Given("there is a 3rd party application running, e.g. 'Democracy'", function ()
   // Just documentation
 });
 
-Given('there is an organization in Human Connection with these credentials:', function (dataTable) {
-  const table = dataTable.hashes()
-  dataTable.hashes().forEach((row) => {
-    const User = mongoose.model('users');
-    const aUser = new User(row);
-    aUser.save(function (err, user) {
-      if(err) throw(err);
+Given('there is an organization in Human Connection with these credentials:', function (dataTable, callback) {
+  const User = mongoose.model('users');
+  params = dataTable.hashes()[0];
+  encrypt(params.password).then((hashedPassword) => {
+    currentUserPassword = params.password; // remember plain text password
+    params.password = hashedPassword; // hashed password goes into db
+    currentUser = new User(params);
+    currentUser.save(function (err, user) {
+      if(err) callback(err);
+      callback();
     });
   });
 });
 
 Given('I am authenticated', function () {
-  // Write code here that turns the phrase above into concrete actions
-  return 'pending';
+  return authenticate(currentUser.email, currentUserPassword).then((accessToken) => {
+    currentUserAccessToken = accessToken;
+  });
 });
 
-When('I send a POST request to {string} with:', function (string, docString) {
+Given('my user account is verified', function (callback) {
   // Write code here that turns the phrase above into concrete actions
-  return 'pending';
+  currentUser.isVerified = true;
+  currentUser.save(function(err, user) {
+    if(err) throw(err);
+    callback();
+  });
+});
+
+When('I send a POST request to {string} with:', function (route, body, callback) {
+  let params = {
+    method: 'post',
+    body: body,
+    headers: { 'Content-Type': 'application/json' },
+  };
+  if (currentUserAccessToken) {
+    params.headers.Authorization = `Bearer ${currentUserAccessToken}`;
+  }
+  fetch(`${hcBackendUrl}${route}`, params).then(response => response.json()).then((json) => {
+    httpResponse = json;
+    callback();
+  });
 });
 
 Then('there is an access token in the response:', function (docString) {
-  // Write code here that turns the phrase above into concrete actions
-  return 'pending';
+  expect(httpResponse.accessToken).to.be.a('string');
+  expect(httpResponse.accessToken.length).to.eq(342);
 });
 
 Then('a new post should be created', function () {

package.json

@@ -1,7 +1,9 @@
 {
   "dependencies": {
+    "chai": "^4.1.2",
     "cucumber": "^4.2.1",
     "eslint-plugin-you-dont-need-lodash-underscore": "^6.3.1",
+    "feathers-authentication-local": "^0.4.4",
     "lodash": "^4.17.5",
     "mongoose": "^5.0.16",
     "node-fetch": "^2.1.2",

yarn.lock

@@ -97,6 +97,10 @@ assertion-error-formatter@^2.0.1:
     pad-right "^0.2.2"
     repeat-string "^1.6.1"
 
+assertion-error@^1.0.1:
+  version "1.1.0"
+  resolved "https://registry.yarnpkg.com/assertion-error/-/assertion-error-1.1.0.tgz#e60b6b0e8f301bd97e5375215bda406c85118c0b"
+
 [email protected]:
   version "2.1.4"
   resolved "https://registry.yarnpkg.com/async/-/async-2.1.4.tgz#2d2160c7788032e4dd6cbe2502f1f9a2c8f6cde4"
@@ -140,6 +144,10 @@ bcrypt-pbkdf@^1.0.0:
   dependencies:
     tweetnacl "^0.14.3"
 
+bcryptjs@^2.3.0:
+  version "2.4.3"
+  resolved "https://registry.yarnpkg.com/bcryptjs/-/bcryptjs-2.4.3.tgz#9ab5627b93e60621ff7cdac5da9733027df1d0cb"
+
 becke-ch--regex--s0-0-v1--base--pl--lib@^1.2.0:
   version "1.4.0"
   resolved "https://registry.yarnpkg.com/becke-ch--regex--s0-0-v1--base--pl--lib/-/becke-ch--regex--s0-0-v1--base--pl--lib-1.4.0.tgz#429ceebbfa5f7e936e78d73fbdc7da7162b20e20"
@@ -197,6 +205,17 @@ caseless@~0.12.0:
   version "0.12.0"
   resolved "https://registry.yarnpkg.com/caseless/-/caseless-0.12.0.tgz#1b681c21ff84033c826543090689420d187151dc"
 
+chai@^4.1.2:
+  version "4.1.2"
+  resolved "https://registry.yarnpkg.com/chai/-/chai-4.1.2.tgz#0f64584ba642f0f2ace2806279f4f06ca23ad73c"
+  dependencies:
+    assertion-error "^1.0.1"
+    check-error "^1.0.1"
+    deep-eql "^3.0.0"
+    get-func-name "^2.0.0"
+    pathval "^1.0.0"
+    type-detect "^4.0.0"
+
 chalk@^1.1.3:
   version "1.1.3"
   resolved "https://registry.yarnpkg.com/chalk/-/chalk-1.1.3.tgz#a8115c55e4a702fe4d150abd3872822a7e09fc98"
@@ -219,6 +238,10 @@ chardet@^0.4.0:
   version "0.4.2"
   resolved "https://registry.yarnpkg.com/chardet/-/chardet-0.4.2.tgz#b5473b33dc97c424e5d98dc87d55d4d8a29c8bf2"
 
+check-error@^1.0.1:
+  version "1.0.2"
+  resolved "https://registry.yarnpkg.com/check-error/-/check-error-1.0.2.tgz#574d312edd88bb5dd8912e9286dd6c0aed4aac82"
+
 circular-json@^0.3.1:
   version "0.3.3"
   resolved "https://registry.yarnpkg.com/circular-json/-/circular-json-0.3.3.tgz#815c99ea84f6809529d2f45791bdf82711352d66"
@@ -377,12 +400,18 @@ [email protected], debug@^2.6.8, debug@^2.6.9:
   dependencies:
     ms "2.0.0"
 
-debug@^3.1.0:
+debug@^3.0.0, debug@^3.1.0:
   version "3.1.0"
   resolved "https://registry.yarnpkg.com/debug/-/debug-3.1.0.tgz#5bb5a0672628b64149566ba16819e61518c67261"
   dependencies:
     ms "2.0.0"
 
+deep-eql@^3.0.0:
+  version "3.0.1"
+  resolved "https://registry.yarnpkg.com/deep-eql/-/deep-eql-3.0.1.tgz#dfc9404400ad1c8fe023e7da1df1c147c4b444df"
+  dependencies:
+    type-detect "^4.0.0"
+
 deep-is@~0.1.3:
   version "0.1.3"
   resolved "https://registry.yarnpkg.com/deep-is/-/deep-is-0.1.3.tgz#b369d6fb5dbc13eecf524f91b070feedc357cf34"
@@ -634,6 +663,25 @@ fast-levenshtein@~2.0.4:
   version "2.0.6"
   resolved "https://registry.yarnpkg.com/fast-levenshtein/-/fast-levenshtein-2.0.6.tgz#3d8a5c66883a16a30ca8643e851f19baa7797917"
 
+feathers-authentication-local@^0.4.4:
+  version "0.4.4"
+  resolved "https://registry.yarnpkg.com/feathers-authentication-local/-/feathers-authentication-local-0.4.4.tgz#eed529520f69e68503291adf6ba76e3e4f615872"
+  dependencies:
+    bcryptjs "^2.3.0"
+    debug "^3.0.0"
+    feathers-errors "^2.4.0"
+    lodash.get "^4.4.2"
+    lodash.merge "^4.6.0"
+    lodash.omit "^4.5.0"
+    lodash.pick "^4.4.0"
+    passport-local "^1.0.0"
+
+feathers-errors@^2.4.0:
+  version "2.9.2"
+  resolved "https://registry.yarnpkg.com/feathers-errors/-/feathers-errors-2.9.2.tgz#96ca0e5fe50cc56f0eccc90ce3fa5e1f8840828d"
+  dependencies:
+    debug "^3.0.0"
+
 [email protected], figures@^2.0.0:
   version "2.0.0"
   resolved "https://registry.yarnpkg.com/figures/-/figures-2.0.0.tgz#3ab1a2d2a62c8bfb431a0c94cb797a2fce27c962"
@@ -693,6 +741,10 @@ functional-red-black-tree@^1.0.1:
   version "1.0.1"
   resolved "https://registry.yarnpkg.com/functional-red-black-tree/-/functional-red-black-tree-1.0.1.tgz#1b0ab3bd553b2a0d6399d29c0e3ea0b252078327"
 
+get-func-name@^2.0.0:
+  version "2.0.0"
+  resolved "https://registry.yarnpkg.com/get-func-name/-/get-func-name-2.0.0.tgz#ead774abee72e20409433a066366023dd6887a41"
+
 getpass@^0.1.1:
   version "0.1.7"
   resolved "https://registry.yarnpkg.com/getpass/-/getpass-0.1.7.tgz#5eff8e3e684d569ae4cb2b1282604e8ba62149fa"
@@ -1002,6 +1054,18 @@ [email protected], lodash.get@^4.4.2:
   version "4.4.2"
   resolved "https://registry.yarnpkg.com/lodash.get/-/lodash.get-4.4.2.tgz#2d177f652fa31e939b4438d5341499dfa3825e99"
 
+lodash.merge@^4.6.0:
+  version "4.6.1"
+  resolved "https://registry.yarnpkg.com/lodash.merge/-/lodash.merge-4.6.1.tgz#adc25d9cb99b9391c59624f379fbba60d7111d54"
+
+lodash.omit@^4.5.0:
+  version "4.5.0"
+  resolved "https://registry.yarnpkg.com/lodash.omit/-/lodash.omit-4.5.0.tgz#6eb19ae5a1ee1dd9df0b969e66ce0b7fa30b5e60"
+
+lodash.pick@^4.4.0:
+  version "4.4.0"
+  resolved "https://registry.yarnpkg.com/lodash.pick/-/lodash.pick-4.4.0.tgz#52f05610fff9ded422611441ed1fc123a03001b3"
+
 lodash@^4.14.0:
   version "4.17.10"
   resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.10.tgz#1b7793cf7259ea38fb3661d4d38b3260af8ae4e7"
@@ -1225,6 +1289,16 @@ parse-json@^2.2.0:
   dependencies:
     error-ex "^1.2.0"
 
+passport-local@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/passport-local/-/passport-local-1.0.0.tgz#1fe63268c92e75606626437e3b906662c15ba6ee"
+  dependencies:
+    passport-strategy "1.x.x"
+
+[email protected]:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/passport-strategy/-/passport-strategy-1.0.0.tgz#b5539aa8fc225a3d1ad179476ddf236b440f52e4"
+
 path-exists@^2.0.0:
   version "2.1.0"
   resolved "https://registry.yarnpkg.com/path-exists/-/path-exists-2.1.0.tgz#0feb6c64f0fc518d9a754dd5efb62c7022761f4b"
@@ -1259,6 +1333,10 @@ path-type@^2.0.0:
   dependencies:
     pify "^2.0.0"
 
+pathval@^1.0.0:
+  version "1.1.0"
+  resolved "https://registry.yarnpkg.com/pathval/-/pathval-1.1.0.tgz#b942e6d4bde653005ef6b71361def8727d0645e0"
+
 performance-now@^2.1.0:
   version "2.1.0"
   resolved "https://registry.yarnpkg.com/performance-now/-/performance-now-2.1.0.tgz#6309f4e0e5fa913ec1c69307ae364b4b377c9e7b"
@@ -1712,7 +1790,7 @@ type-check@~0.3.2:
   dependencies:
     prelude-ls "~1.1.2"
 
-type-detect@^4.0.5:
+type-detect@^4.0.0, type-detect@^4.0.5:
   version "4.0.8"
   resolved "https://registry.yarnpkg.com/type-detect/-/type-detect-4.0.8.tgz#7646fb5f18871cfbb7749e69bd39a6388eb7450c"