-
-
Save bq1990/595c615970250e97f3ea to your computer and use it in GitHub Desktop.
| 'use strict'; | |
| var should = require('should'); | |
| var app = require('../../app'); | |
| var request = require('supertest')(app); | |
| describe('GET /api/incidents', function() { | |
| it('should require authorization', function(done) { | |
| request | |
| .get('/api/incidents') | |
| .expect(401) | |
| .end(function(err, res) { | |
| if (err) return done(err); | |
| done(); | |
| }); | |
| }); | |
| var auth = {}; | |
| before(loginUser(auth)); | |
| it('should respond with JSON array', function(done) { | |
| request | |
| .get('/api/incidents') | |
| .set('Authorization', 'bearer ' + auth.token) | |
| .expect(200) | |
| .expect('Content-Type', /json/) | |
| .end(function(err, res) { | |
| if (err) return done(err); | |
| res.body.should.be.instanceof(Array); | |
| done(); | |
| }); | |
| }); | |
| }); | |
| function loginUser(auth) { | |
| return function(done) { | |
| request | |
| .post('/auth/local') | |
| .send({ | |
| email: '[email protected]', | |
| password: 'test' | |
| }) | |
| .expect(200) | |
| .end(onResponse); | |
| function onResponse(err, res) { | |
| auth.token = res.body.token; | |
| return done(); | |
| } | |
| }; | |
| } |
Holy crap! Wonderful. Slightly modified but definitely works! Great!
Could you please post your modified code?
Thank you. could you please explain why bearer in lowercase not Bearer in uppercase? is a super test only accept bearer in lowercase?
You can use the auth method instead of setting the Authorization header by hand:
it('should respond with JSON array', function(done) {
request
.get('/api/incidents')
.auth(auth.token, { type: 'bearer' })
.expect(200)
.expect('Content-Type', /json/)
.end(function(err, res) {
if (err) return done(err);
res.body.should.be.instanceof(Array);
done();
});
});
``'
Thank you. could you please explain why bearer in lowercase not Bearer in uppercase? is a super test only accept bearer in lowercase?
This excerpt from RFC7235 may shed a light on your doubt:
- Access Authentication Framework
2.1. Challenge and Response
HTTP provides a simple challenge-response authentication framework
that can be used by a server to challenge a client request and by a
client to provide authentication information. It uses a case-
insensitive token as a means to identify the authentication scheme,
followed by additional information necessary for achieving
authentication via that scheme.
Note that by "token", the RFC author is referring to a lexical token, representing the authentication scheme (like "Basic", "Bearer", etc...), or "auth-scheme" for short, and not your authentication token string.
The Basic authentication scheme builds on top of the HTTP Authentication Framework, along with the Bearer scheme. Take a look at what the Basic Authentication RFC (RFC767 states in the following section:
The Basic authentication scheme utilizes the Authentication Framework
as follows.In challenges:
o The scheme name is "Basic".
o The authentication parameter 'realm' is REQUIRED ([RFC7235],
Section 2.2).o The authentication parameter 'charset' is OPTIONAL (see
Section 2.1).o No other authentication parameters are defined -- unknown
parameters MUST be ignored by recipients, and new parameters can
only be defined by revising this specification.See also Section 4.1 of [RFC7235], which discusses the complexity of
parsing challenges properly.Note that both scheme and parameter names are matched case-
insensitively.
So, although it's common to see auth-schemes written with the first letter capitalized, they are in fact case-insensitive.
Thank you very much for this!
please i have a question ... how do i test a secured route with jest (supertest) ....... where when a user login it generate a jwt and then that jwt generated will be used as a middleware to test other routes?????
You can use the
authmethod instead of setting the Authorization header by hand:it('should respond with JSON array', function(done) { request .get('/api/incidents') .auth(auth.token, { type: 'bearer' }) .expect(200) .expect('Content-Type', /json/) .end(function(err, res) { if (err) return done(err); res.body.should.be.instanceof(Array); done(); }); }); ``'
This worked for me. Thank you!
i am doing the exact same thing, but onResponse is never called ( I am using supertest 3.0.0 ) and test runner is mocha