UNPKG

fh-wfm-user

Version:

A user module for WFM

github.com/feedhenry-raincatcher/raincatcher-user

feedhenry-raincatcher/raincatcher-user

156 lines (147 loc) 7.58 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
var _ = require('lodash'); const assert = require('assert'); const authHandler = require('../../lib/mbaas/index'); const sampleUserConfig = require('../fixtures/sampleUserConfig.json'); const sampleProfileData = require('../fixtures/sampleUserProfile.json'); const sampleProfileDataLength = Object.keys(sampleProfileData).length; var mbaasRouter = require('../../lib/mbaas/index'); var express = require('express'); var supertest = require('supertest'); var bodyParser = require('body-parser'); var mediatorMock = require('../mocks/mediatorMock'); var sampleUser = require('../fixtures/user'); var sinon = require('sinon'); var sampleExclusionList1 = ['banner']; var sampleExclusionList2 = ['banner', 'avatar']; var sampleExclusionList3 = []; var sampleExclusionList4 = undefined; var sampleExclusionList5 = null; describe('Test mbass authentication', function() { var app, request; beforeEach(function(done) { mediatorMock.request.reset(); app = express(); app.use(bodyParser.json()); request = supertest(app); mbaasRouter.init(mediatorMock, app, [], {}, done); }); it('Should log in using correct credentials', function(done) { request .get('/api/wfm/user/auth') .send({userId: sampleUser.username, password: sampleUser.password}) .expect(200, function(err, res) { assert.ok(!err, err); assert.ok(res, "Expected a result from the authentication request."); assert.equal(res.body.status, 'ok', "Expected status ok from the successful authentication request."); assert.equal(res.body.userId, sampleUser.username, "Expected user profile from the successful authentication request."); sinon.assert.calledTwice(mediatorMock.request); sinon.assert.calledWith(mediatorMock.request, 'wfm:user:auth', {username: sampleUser.username, password: sampleUser.password}); sinon.assert.calledWith(mediatorMock.request, 'wfm:user:username:read', sampleUser.username); done(); }); }); it('Should get 401 User not found when logging in with incorrect username', function(done) { request .get('/api/wfm/user/auth') .send({userId: 'invalid_username', password: sampleUser.password}) .expect(401, function(err, res) { assert.ok(!err, err); assert.ok(res, "Expected a result from the failed authentication request."); assert.equal(res.body, 'Invalid Credentials', 'Expected Invalid credentials message in response body on unsuccessful authentication request.'); sinon.assert.calledOnce(mediatorMock.request); sinon.assert.calledWith(mediatorMock.request, 'wfm:user:auth', sinon.match({ username: sinon.match(function(username) { return username !== sampleUser.username; }), password: sinon.match(sampleUser.password) })); done(); }); }); it('Should get 401 Invalid credentials when logging in with incorrect password', function(done) { request .get('/api/wfm/user/auth') .send({userId: sampleUser.username, password: 'invalid_password'}) .expect(401, function(err, res) { assert.ok(!err, err); assert.ok(res, "Expected a result from the authentication request."); assert.equal(res.body, 'Invalid Credentials', 'Expected Invalid credentials message in response body on unsuccessful authentication request.'); sinon.assert.calledOnce(mediatorMock.request); sinon.assert.calledWith(mediatorMock.request, 'wfm:user:auth', sinon.match({ username: sinon.match(sampleUser.username), password: sinon.match(function(password) { return password !== sampleUser.password; }) })); done(); }); }); }); describe('#testAuthResponseData', function() { it('it should not remove any fields when an empty exclusion list is specified', function(done) { var authResponse = authHandler.trimProfileData(_.clone(sampleProfileData), sampleExclusionList3); assert(Object.keys(authResponse).length === sampleProfileDataLength, "Expect that specifying an empty exclusion list returns all the User fields in the response."); done(); }); it('it should remove the password field by default', function(done) { var authResponse = authHandler.trimProfileData(_.clone(sampleProfileData), sampleUserConfig.authResponseExclusionList); assert(authResponse.password === undefined, "Check that the Password field has been removed from the Response."); assert(Object.keys(authResponse).length !== sampleProfileDataLength, "Expect that the auth response has a different length to the user profile data."); done(); }); it('it should remove a single field when specified', function(done) { var authResponse = authHandler.trimProfileData(_.clone(sampleProfileData), sampleExclusionList1); assert(authResponse.banner === undefined, "Check that the Banner field has been removed from the Response."); assert(Object.keys(authResponse).length !== sampleProfileDataLength, "Expect that the auth response has a different length to the user profile data."); done(); }); it('it should remove a single field when specified and also not remove the password', function(done) { var authResponse = authHandler.trimProfileData(_.clone(sampleProfileData), sampleExclusionList1); assert(authResponse.banner === undefined, "Check that the Banner field has been removed from the Response."); assert(authResponse.password !== undefined, "Check that the Password field has Not been removed from the Response."); assert(Object.keys(authResponse).length !== sampleProfileDataLength, "Expect that the auth response has a different length to the user profile data."); done(); }); it('it should remove a number of fields when specified', function(done) { var authResponse = authHandler.trimProfileData(_.clone(sampleProfileData), sampleExclusionList2); assert(authResponse.banner === undefined, "Check that the Banner field has been removed from the Response."); assert(authResponse.avatar === undefined, "Check that the Avatar field has been removed from the Response."); assert(Object.keys(authResponse).length !== sampleProfileDataLength, "Expect that the auth response has a different length to the user profile data."); done(); }); it('it should remove the password field by default when the exclusion list is undefined', function(done) { var authResponse = authHandler.trimProfileData(_.clone(sampleProfileData), sampleExclusionList4); assert(authResponse.password === undefined, "Check that the Password field has been removed from the Response."); assert(Object.keys(authResponse).length !== sampleProfileDataLength, "Expect that specifying an undefined exclusion list will result in the default exclusion list being used"); done(); }); it('it should remove the password field by default when the exclusion list is null', function(done) { var authResponse = authHandler.trimProfileData(_.clone(sampleProfileData), sampleExclusionList5); assert(authResponse.password === undefined, "Check that the Password field has been removed from the Response."); assert(Object.keys(authResponse).length !== sampleProfileDataLength, "Expect that specifying a null exclusion list will result in the default exclusion list being used."); done(); }); });