search

fnakstad / angular-client-side-auth

One way to implement authentication/authorization in Angular applications
http://angular-client-side-auth.herokuapp.com/
MIT License
1.63k stars 346 forks source link

Automated Tests #35

Closed jshemas closed 11 years ago

jshemas commented 11 years ago

Hello,

I'm trying to build a small web app based on this project. Is it possible you could provide a example of how to test 'when a user logs in and then goes to /private'?

((To be more clear... Test one would be 'log user in'. Test two is 'user goes to /private')))

Basically, i'm able able to log in, but after that i'm having trouble mocking authenticated passport.js users in my tests.

I've been trying to use this module. https://github.com/steventux/passport-stub

Thank you ahead of time!

Edit: End goal is to have the function 'ensureAuthorized' to have valid data in 'req.user' so I can test a route that has a accessLevel higher then public. (Like an admin only POST request)

fnakstad commented 11 years ago

Hmmm, I gather you are trying to test the server-side code here? Unit tests or integration/functional tests?

When unit testing my own code which uses 3rd party libraries I often use SinonJS to mock/stub out the external functions that are called in whatever function I'm testing. That way you can isolate the function you're testing without involving other dependent libraries.

For functional/integration tests I have often used supertest. This will fire up a server instance, so that you can perform automated HTTP requests against it, and enables you to test the entire dependency chain.

I'm not sure if I answered your question well, so be sure to tell me if I need to clarify anything :)

jshemas commented 11 years ago

Thanks for the reply!

Yes, these are server side integration/functional tests. Below is a code sample of what i'm trying to do. The problem is, after I log in, I go to the next test and the application dosen't know i'm logged in as a user and returns a 403 instead of a 200 on the /users call. 

var request = require('supertest'),
    expect = require('expect.js');

//enter your domain
var baseURL = "http://localhost:8000/";

describe('Test Login', function (done) {
    it('First see if the home page loads', function(done) {
        request(baseURL)
            .get('')
            .end( function(err, result) {
                expect(result.res.statusCode).to.be(200);
                done();
            });
    });
    it('then lets log in', function(done) {
        var user = {'username':'admin','password':'123'};
        request(baseURL)
            .post('login')
            .send(user)
            .end( function(err, result) {
                // Note, result.body has this is it...
                // { role: { bitMask: 4, title: 'admin' }, username: 'admin' }
                // so I know the login worked
                expect(result.res.statusCode).to.be(200);
                done();
            });
    });
    it('now we should be able to do a get call /users because we are loged in', function(done) {
        request(baseURL)
            .get('users')
            .end( function(err, result) {
                /* this returns a 403 */
                expect(result.res.statusCode).to.be(200);
                done();
            });
    });
});
jshemas commented 11 years ago

Okay. I got this working with the help some guys who worked on passport-stub

In server.js:

Change this line var app = express(); To var app = module.exports = express();

And here is my test scrip

var app = require('../server');
var request = require('supertest');
var passportStub = require('passport-stub');
passportStub.install(app);

describe('Test Login', function (done) {
    afterEach(function() {
      passportStub.logout(); //logout after each test
    });
    it('First see if the home page loads', function(done) {
        request(app).get('/').expect(200, done);
    });
    it('a logouted out user shouldnt be able to get to this page', function(done) {
        request(app).get('/users').expect(403, done);
    });
    it('then lets log in', function(done) {
        var user = {'username':'admin','password':'123'};
        request(app).post('/login').send(user).expect(200, done);
    });
    it('now we should be able to do a get call /users because we are loged in', function(done) {
        passportStub.login({ id: 2, username: 'admin', password: '123', role: { bitMask: 4, title: 'admin' } });
        request(app).get('/users').expect(200, done);
    });
});

If you want, I can make a pull request so other people can use this.

fnakstad commented 11 years ago

Ah, right. So you're passing the entire server setup to Passport Stub, which I guess stubs out the necessary Passport components. I'd be happy to receive a pull request!