-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathauth.int.test.ts
More file actions
142 lines (129 loc) · 5.36 KB
/
auth.int.test.ts
File metadata and controls
142 lines (129 loc) · 5.36 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
import { AppErrorResponse, AuthResponse } from '../../../types';
import { it, expect, describe, afterAll, beforeAll, vi } from 'vitest';
import { User } from '../../../../prisma/generated/client';
import { SIGNIN_URL, VERIFY_URL, SIGNED_IN_USER_URL } from './utils';
import jwt from 'jsonwebtoken';
import setup from '../setup';
describe('Authentication endpoint', async () => {
const {
api,
userData,
createUser,
deleteAllUsers,
prepForAuthorizedTest,
assertUnauthorizedErrorRes,
} = await setup(SIGNIN_URL);
let dbUser: User;
beforeAll(async () => {
await deleteAllUsers();
dbUser = await createUser(userData);
});
afterAll(deleteAllUsers);
describe(`POST ${SIGNIN_URL}`, () => {
it('should not sign in with wrong username', async () => {
const res = await api
.post(SIGNIN_URL)
.send({ username: 'blah...', password: userData.password });
const resBody = res.body as AppErrorResponse;
expect(res.type).toMatch(/json/);
expect(res.statusCode).toBe(400);
expect(resBody.error).toBeTypeOf('object');
expect(resBody.error.message).toMatch(/incorrect/i);
expect(resBody.error.message).toMatch(/username/i);
expect(resBody.error.message).toMatch(/password/i);
});
it('should not sign in with wrong password', async () => {
const res = await api
.post(SIGNIN_URL)
.send({ username: userData.username, password: 'blah...' });
const resBody = res.body as AppErrorResponse;
expect(res.type).toMatch(/json/);
expect(res.statusCode).toBe(400);
expect(resBody.error).toBeTypeOf('object');
expect(resBody.error.message).toMatch(/incorrect/i);
expect(resBody.error.message).toMatch(/username/i);
expect(resBody.error.message).toMatch(/password/i);
});
it('should sign in and response with JWT and user insensitive-info', async () => {
const res = await api.post(SIGNIN_URL).send(userData);
const resBody = res.body as AuthResponse;
const resUser = resBody.user as User;
const resJwtPayload = jwt.decode(
resBody.token.replace(/^Bearer /, '')
) as User;
expect(res.type).toMatch(/json/);
expect(res.statusCode).toBe(200);
expect(resUser.username).toBe(userData.username);
expect(resUser.fullname).toBe(userData.fullname);
expect(resUser.isAdmin).toStrictEqual(false);
expect(resUser.password).toBeUndefined();
expect(resBody.token).toMatch(/^Bearer /i);
expect(resJwtPayload.id).toStrictEqual(dbUser.id);
expect(resJwtPayload.isAdmin).toStrictEqual(false);
expect(resJwtPayload.username).toBeUndefined();
expect(resJwtPayload.fullname).toBeUndefined();
expect(resJwtPayload.password).toBeUndefined();
expect(resJwtPayload.createdAt).toBeUndefined();
expect(resJwtPayload.updatedAt).toBeUndefined();
});
});
describe(`GET ${VERIFY_URL}`, () => {
it('should verify a valid, fresh token and respond with `true`', async () => {
const signinResBody = (await api.post(SIGNIN_URL).send(userData))
.body as AuthResponse;
const res = await api
.get(VERIFY_URL)
.set('Authorization', signinResBody.token);
expect(res.type).toMatch(/json/);
expect(res.statusCode).toBe(200);
expect(res.body).toBe(true);
});
it('should not verify an invalid token and respond 401', async () => {
const signinResBody = (await api.post(SIGNIN_URL).send(userData))
.body as AuthResponse;
const res = await api
.get(VERIFY_URL)
.set('Authorization', signinResBody.token.replace(/\../, '.x'));
expect(res.statusCode).toBe(401);
});
it('should not verify an expired token and respond 401', async () => {
const signinResBody = (await api.post(SIGNIN_URL).send(userData))
.body as AuthResponse;
vi.useFakeTimers();
const now = new Date();
const future = new Date(now.setFullYear(now.getFullYear() + 3));
vi.setSystemTime(future);
const res = await api
.get(VERIFY_URL)
.set('Authorization', signinResBody.token);
expect(res.statusCode).toBe(401);
});
});
describe(`GET ${SIGNED_IN_USER_URL}`, () => {
it('should respond with 401 if the user is not found', async () => {
const { authorizedApi } = await prepForAuthorizedTest(userData);
await deleteAllUsers();
const res = await authorizedApi.get(SIGNED_IN_USER_URL);
dbUser = await createUser(userData); // All tests expects this user to be exist
assertUnauthorizedErrorRes(res);
});
it('should respond with 401 if the JWT is invalid', async () => {
const res = await api
.get(SIGNED_IN_USER_URL)
.set('Authorization', 'blah');
assertUnauthorizedErrorRes(res);
});
it('should respond with current signed in user data base on the JWT', async () => {
const { authorizedApi } = await prepForAuthorizedTest(userData);
const res = await authorizedApi.get(SIGNED_IN_USER_URL);
const resBody = res.body as User;
expect(res.statusCode).toBe(200);
expect(res.type).toMatch(/json/);
expect(resBody.password).toBeUndefined();
expect(resBody.id).toStrictEqual(dbUser.id);
expect(resBody.isAdmin).toStrictEqual(false);
expect(resBody.username).toBe(dbUser.username);
expect(resBody.fullname).toBe(dbUser.fullname);
});
});
});