Skip to content

Commit

Permalink
Add middleware.test.ts comments
Browse files Browse the repository at this point in the history
  • Loading branch information
aelassas committed Nov 19, 2024
1 parent 9c327ae commit 3cd7611
Showing 1 changed file with 15 additions and 9 deletions.
24 changes: 15 additions & 9 deletions api/tests/middleware.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -36,11 +36,11 @@ afterAll(async () => {

describe('POST /api/sign-in/backend', () => {
it('should authenticate through backend HttpOnly cookie', async () => {
// test success (backend auth without origin)
const payload: bookcarsTypes.SignInPayload = {
email: ADMIN_EMAIL,
password: testHelper.PASSWORD,
}

let res = await request(app)
.post(`/api/sign-in/${bookcarsTypes.AppType.Backend}`)
.send(payload)
Expand All @@ -49,20 +49,22 @@ describe('POST /api/sign-in/backend', () => {
expect(cookies.length).toBeGreaterThan(1)
const cookie = cookies[1].replace(env.X_ACCESS_TOKEN, env.BACKEND_AUTH_COOKIE_NAME)

// test success (backend auth with origin)
res = await request(app)
.post(`/api/sign-in/${bookcarsTypes.AppType.Backend}`)
.set('Origin', env.BACKEND_HOST)
.send(payload)
expect(res.statusCode).toBe(200)

// test success (cookie)
res = await request(app)
.get(`/api/user/${USER_ID}`)
.set('Origin', env.BACKEND_HOST)
.set('Cookie', cookie)
expect(res.statusCode).toBe(200)
expect(res.body.email).toBe(USER_EMAIL)

// Not allowed by CORS
// test failure (not allowed by CORS)
res = await request(app)
.post(`/api/sign-in/${bookcarsTypes.AppType.Backend}`)
.set('Origin', 'http://unknow/')
Expand All @@ -73,11 +75,11 @@ describe('POST /api/sign-in/backend', () => {

describe('POST /api/sign-in/frontend', () => {
it('should authenticate through frontend HttpOnly cookie', async () => {
// test success (backend auth without origin)
const payload: bookcarsTypes.SignInPayload = {
email: USER_EMAIL,
password: testHelper.PASSWORD,
}

let res = await request(app)
.post(`/api/sign-in/${bookcarsTypes.AppType.Frontend}`)
.send(payload)
Expand All @@ -86,25 +88,28 @@ describe('POST /api/sign-in/frontend', () => {
expect(cookies.length).toBeGreaterThan(1)
const cookie = cookies[1].replace(env.X_ACCESS_TOKEN, env.FRONTEND_AUTH_COOKIE_NAME)

// test success (backend auth wit origin)
res = await request(app)
.post(`/api/sign-in/${bookcarsTypes.AppType.Frontend}`)
.set('Origin', env.FRONTEND_HOST)
.send(payload)
expect(res.statusCode).toBe(200)

// test success
res = await request(app)
.post(`/api/sign-in/${bookcarsTypes.AppType.Frontend}`)
.send(payload)
expect(res.statusCode).toBe(200)

// test success (cookie)
res = await request(app)
.get(`/api/user/${USER_ID}`)
.set('Origin', env.FRONTEND_HOST)
.set('Cookie', cookie)
expect(res.statusCode).toBe(200)
expect(res.body.email).toBe(USER_EMAIL)

// Not allowed by CORS
// test failure (not allowed by CORS)
res = await request(app)
.post(`/api/sign-in/${bookcarsTypes.AppType.Frontend}`)
.set('Origin', 'http://unknow/')
Expand All @@ -117,12 +122,14 @@ describe('GET /api/user/:id', () => {
it('should authenticate through request header', async () => {
let token = await testHelper.signinAsAdmin()

// test success (admin)
let res = await request(app)
.get(`/api/user/${USER_ID}`)
.set(env.X_ACCESS_TOKEN, token)
expect(res.statusCode).toBe(200)
expect(res.body.email).toBe(USER_EMAIL)

// test success (user)
token = await testHelper.signinAsUser()

res = await request(app)
Expand All @@ -131,27 +138,25 @@ describe('GET /api/user/:id', () => {
expect(res.statusCode).toBe(200)
expect(res.body.email).toBe(USER_EMAIL)

// Token not found
// test failure (token not found)
res = await request(app)
.get(`/api/user/${USER_ID}`)
expect(res.statusCode).toBe(403)

// Token not valid
// test failure (token not valid)
res = await request(app)
.get(`/api/user/${USER_ID}`)
.set(env.X_ACCESS_TOKEN, 'unknown')
expect(res.statusCode).toBe(401)

// Token not valid: User not found
// test failure (user not found)
const user = await User.findById(USER_ID)
user!.blacklisted = true
await user?.save()

res = await request(app)
.get(`/api/user/${USER_ID}`)
.set(env.X_ACCESS_TOKEN, token)
expect(res.statusCode).toBe(401)

user!.blacklisted = false
await user?.save()
})
Expand All @@ -161,6 +166,7 @@ describe('PATCH /api/user/:id', () => {
it('should revoke access to PATCH method', async () => {
const token = await testHelper.signinAsAdmin()

// test success
const res = await request(app)
.patch(`/api/user/${USER_ID}`)
.set(env.X_ACCESS_TOKEN, token)
Expand Down

0 comments on commit 3cd7611

Please sign in to comment.