test: app token tests to api-test

2021-06-05 15:39:34 -07:00
parent b778f1e616
commit 579c046944
2 changed files with 83 additions and 18 deletions
--- a/src/routes/test/api-test.js
+++ b/src/routes/test/api-test.js
@@ -7,33 +7,99 @@
 'use strict';

 const common = require('./common.js'),
+    delay = require('delay'),
    expect = require('expect.js'),
-    superagent = require('superagent');
+    superagent = require('superagent'),
+    tokens = require('../../tokens.js');

 describe('REST API', function () {
-    const { setup, cleanup, serverUrl, owner } = common;
+    const { setup, cleanup, serverUrl, owner, user } = common;

    before(setup);
    after(cleanup);

-    it('does not crash with invalid JSON', async function () {
-        const response = await superagent.post(`${serverUrl}/api/v1/users`)
-            .query({ access_token: owner.token })
-            .set('content-type', 'application/json')
-            .send('some invalid non-strict json')
-            .ok(() => true);
+    describe('express handlers', function () {
+        it('does not crash with invalid JSON', async function () {
+            const response = await superagent.post(`${serverUrl}/api/v1/users`)
+                .query({ access_token: owner.token })
+                .set('content-type', 'application/json')
+                .send('some invalid non-strict json')
+                .ok(() => true);

-        expect(response.statusCode).to.equal(400);
-        expect(response.body.message).to.be('Failed to parse body');
+            expect(response.statusCode).to.equal(400);
+            expect(response.body.message).to.be('Failed to parse body');
+        });
+
+        it('does not crash with invalid string', async function () {
+            const response = await superagent.post(`${serverUrl}/api/v1/users`)
+                .query({ access_token: owner.token })
+                .set('content-type', 'application/x-www-form-urlencoded')
+                .send('some string')
+                .ok(() => true);
+
+            expect(response.statusCode).to.equal(400);
+        });
    });

-    it('does not crash with invalid string', async function () {
-        const response = await superagent.post(`${serverUrl}/api/v1/users`)
-            .query({ access_token: owner.token })
-            .set('content-type', 'application/x-www-form-urlencoded')
-            .send('some string')
-            .ok(() => true);
+    describe('authentication', function () {
+        it('cannot get userInfo only with basic auth', async function () {
+            const response = await superagent.get(`${serverUrl}/api/v1/users/${user.id}`)
+                .auth(owner.username, owner.password)
+                .ok(() => true);

-        expect(response.statusCode).to.equal(400);
+            expect(response.statusCode).to.equal(401);
+        });
+
+        it('cannot get userInfo with invalid token (token length)', async function () {
+            const response = await superagent.get(`${serverUrl}/api/v1/users/${user.id}`)
+                .query({ access_token: 'x' + owner.token })
+                .ok(() => true);
+
+            expect(response.statusCode).to.equal(401);
+        });
+
+
+        it('can get userInfo with token in auth header', async function () {
+            const response = await superagent.get(`${serverUrl}/api/v1/users/${user.id}`)
+                .set('Authorization', 'Bearer ' + owner.token);
+
+            expect(response.statusCode).to.equal(200);
+            expect(response.body.username).to.equal(user.username.toLowerCase());
+            expect(response.body.email).to.equal(user.email.toLowerCase());
+        });
+
+        it('cannot get userInfo with invalid token in auth header', async function () {
+            const response = await superagent.get(`${serverUrl}/api/v1/users/${user.id}`)
+                .set('Authorization', 'Bearer ' + 'x' + owner.token)
+                .ok(() => true);
+
+            expect(response.statusCode).to.equal(401);
+        });
+
+        it('cannot get userInfo with expired token', async function () {
+            const token2 = {
+                name: 'token2',
+                identifier: owner.id,
+                clientId: 'clientid-2',
+                expires: Date.now() + 2000, // expires in 3 seconds
+                lastUsedTime: null
+            };
+
+            let result = await tokens.add(token2);
+            token2.id = result.id;
+            token2.accessToken = result.accessToken;
+
+            const response = await superagent.get(`${serverUrl}/api/v1/users/${user.id}`)
+                .set('Authorization', 'Bearer ' + token2.accessToken);
+            expect(response.statusCode).to.be(200);
+
+            await delay(3000); // wait for token to expire
+
+            const response2 = await superagent.get(`${serverUrl}/api/v1/users/${user.id}`)
+                .set('Authorization', 'Bearer ' + token2.accessToken)
+                .ok(() => true);
+            expect(response2.statusCode).to.be(401);
+
+        });
    });
 });