-
Notifications
You must be signed in to change notification settings - Fork 208
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
refactor: extract decode user to util #32
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,65 @@ | ||
// Copyright IBM Corp. 2019. All Rights Reserved. | ||
// Node module: @loopback/example-shopping | ||
// This file is licensed under the MIT License. | ||
// License text available at https://opensource.org/licenses/MIT | ||
|
||
import {expect, toJSON} from '@loopback/testlab'; | ||
import {MongoDataSource} from '../../src/datasources'; | ||
import { | ||
decodeAccessToken, | ||
getAccessTokenForUser, | ||
} from '../../src/utils/user.authentication'; | ||
import {UserRepository, OrderRepository} from '../../src/repositories'; | ||
import {User} from '../../src/models'; | ||
import * as _ from 'lodash'; | ||
const SECRET = 'secretforjwt'; | ||
|
||
describe('authentication', () => { | ||
const mongodbDS = new MongoDataSource(); | ||
const orderRepo = new OrderRepository(mongodbDS); | ||
const userRepo = new UserRepository(mongodbDS, orderRepo); | ||
const user = { | ||
email: '[email protected]', | ||
password: 'p4ssw0rd', | ||
firstname: 'unit', | ||
surname: 'test', | ||
}; | ||
let newUser: User; | ||
|
||
before('create user', async () => { | ||
newUser = await userRepo.create(user); | ||
}); | ||
|
||
it('decodes valid access token', async () => { | ||
const token = await getAccessTokenForUser(userRepo, { | ||
email: '[email protected]', | ||
password: 'p4ssw0rd', | ||
}); | ||
const expectedUser = getExpectedUser(newUser); | ||
const currentUser = await decodeAccessToken(token, SECRET); | ||
expect(currentUser).to.deepEqual(expectedUser); | ||
}); | ||
|
||
it('throws error for invalid accesstoken', async () => { | ||
const token = 'fake'; | ||
try { | ||
await decodeAccessToken(token, SECRET); | ||
expect('throws error').to.be.true(); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Here is a better way for verifying that a call of an async function throws an error: await expect(decodeAccessToken(token, SECRET))
.to.be.rejectedWith('jwt malformed'); There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. |
||
} catch (err) { | ||
expect(err.message).to.equal('jwt malformed'); | ||
} | ||
}); | ||
}); | ||
|
||
function getExpectedUser(originalUser: User) { | ||
const userProfile: Partial<User> = _.pick(toJSON(originalUser), [ | ||
'id', | ||
'email', | ||
'firstName', | ||
]); | ||
return { | ||
id: userProfile.id, | ||
email: userProfile.email, | ||
name: userProfile.firstname, | ||
}; | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is implemented in the next PR #33