All files / server/api/auth auth.api.spec.js

100% Statements 51/51
100% Branches 0/0
100% Functions 12/12
100% Lines 51/51
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 1501x 1x 1x   1x 1x 1x 1x 1x 1x   1x   1x     1x 7x 7x 7x 7x     1x 1x   7x 7x           7x           1x   1x   1x 1x           1x   1x 1x   1x 1x             1x   1x 1x   1x           1x   1x 1x   1x           1x   1x 1x   1x           1x   1x   1x                                   1x   1x 1x 1x   1x                                         2x        
const crypto = require('crypto');
const _ = require('lodash');
const moment = require('moment');
 
const app = require('../../app');
const config = require('../../../config');
const User = require('../../models/user');
const expectUser = require('../../spec/expectations/user');
const userFixtures = require('../../spec/fixtures/user');
const { cleanDatabase, expect, expectErrors, initSuperRest, setUp } = require('../../spec/utils');
 
setUp();
 
describe('Authentication API', function() {
 
  let api, now, reqBody, twoDaysAgo, user;
  beforeEach(async function() {
    api = initSuperRest();
    await cleanDatabase();
    now = new Date();
    twoDaysAgo = moment().subtract(2, 'days').toDate();
  });
 
  describe('POST /api/auth', () => {
    beforeEach(async () => {
 
      const password = userFixtures.password();
      user = await userFixtures.user({
        createdAt: twoDaysAgo,
        password: password,
        updatedAt: twoDaysAgo
      });
 
      reqBody = {
        email: user.get('email'),
        password: password
      };
    });
 
    it('should log in a user', async function() {
 
      const res = this.test.res = await api.create('/auth', reqBody);
 
      expect(res.body.token).to.be.a('string');
      expectUser(res.body.user, getExpectedUser({
        createdAt: twoDaysAgo,
        updatedAt: twoDaysAgo
      }));
    });
 
    it('should log in an admin', async function() {
 
      await user.save({ roles: [ 'admin' ] });
      const res = this.test.res = await api.create('/auth', reqBody);
 
      expect(res.body.token).to.be.a('string');
      expectUser(res.body.user, getExpectedUser({
        createdAt: twoDaysAgo,
        roles: [ 'admin' ],
        updatedAt: [ 'gte', now, 1000 ]
      }));
    });
 
    it('should not log in a non-existent user', async function() {
 
      reqBody.email = userFixtures.email();
      const res = this.test.res = await api.create('/auth', reqBody, { expectedStatus: 401 });
 
      expectErrors(res, {
        code: 'auth.invalidUser',
        message: 'This user account does not exist or is inactive.'
      });
    });
 
    it('should not log in an inactive user', async function() {
 
      await user.save({ active: false });
      const res = this.test.res = await api.create('/auth', reqBody, { expectedStatus: 401 });
 
      expectErrors(res, {
        code: 'auth.invalidUser',
        message: 'This user account does not exist or is inactive.'
      });
    });
 
    it('should not log in with the wrong password', async function() {
 
      reqBody.password = userFixtures.password();
      const res = this.test.res = await api.create('/auth', reqBody, { expectedStatus: 401 });
 
      expectErrors(res, {
        code: 'auth.invalidCredentials',
        message: 'The password is invalid.'
      });
    });
 
    it('should not log in with no credentials', async function() {
 
      const res = this.test.res = await api.create('/auth', {}, { expectedStatus: 422 });
 
      expectErrors(res, [
        {
          message: 'is required',
          type: 'json',
          location: '/email',
          validator: 'required',
          valueSet: false
        },
        {
          message: 'is required',
          type: 'json',
          location: '/password',
          validator: 'required',
          valueSet: false
        }
      ]);
    });
 
    it('should not log in with invalid credentials', async function() {
 
      reqBody.email = 'foo';
      reqBody.password = '   ';
      const res = this.test.res = await api.create('/auth', reqBody, { expectedStatus: 422 });
 
      expectErrors(res, [
        {
          message: 'must be a valid e-mail address',
          type: 'json',
          location: '/email',
          validator: 'email',
          value: 'foo',
          valueSet: true
        },
        {
          message: 'must not be blank',
          type: 'json',
          location: '/password',
          validator: 'notBlank',
          value: '   ',
          valueSet: true
        }
      ]);
    });
 
    function getExpectedUser(...properties) {
      return _.extend({}, reqBody, ...properties);
    }
  });
});