Login session test with mocha

login.test.js

var request = require('supertest'),
  should = require('should'),
  app = require('../server');
 
var Cookies;
 
describe('Functional Test <Sessions>:', function () {
  it('should create user session for valid user', function (done) {
    request(app)
      .post('/v1/sessions')
      .set('Accept','application/json')
      .send({"email": "[email protected]", "password": "123"})
      .expect('Content-Type', /json/)
      .expect(200)
      .end(function (err, res) {
        res.body.id.should.equal('1');
        res.body.short_name.should.equal('Test user');
        res.body.email.should.equal('[email protected]');
        // Save the cookie to use it later to retrieve the session
        Cookies = res.headers['set-cookie'].pop().split(';')[0];
        done();
      });
  });
  it('should get user session for current user', function (done) {
    var req = request(app).get('/v1/sessions');
    // Set cookie to get saved user session
    req.cookies = Cookies;
    req.set('Accept','application/json')
      .expect('Content-Type', /json/)
      .expect(200)
      .end(function (err, res) {
        res.body.id.should.equal('1');
        res.body.short_name.should.equal('Test user');
        res.body.email.should.equal('[email protected]');
        done();
      });
  });
});

thanks

+1

How can I thank you enough?

Tanks of Thanks !!!

Thanks. Works great for Cookies persistence.

It's not working for me. Actually, the login is working but when I use the session in the second block it() the application still require the login

const assert = require('chai').assert,
	  expect = require('chai').expect,
          request = require('supertest'),
	  envData = require('../../data/envData'),
	  tokenAuthData = require('../../data/tokenAuthData');
	  
var Cookies;

describe ('POST /Authenticate', function() {

	const authenticate = '/TokenAuth/Authenticate';

	it ('Should create a session', function(done) {
		request(envData.upstreamUrl)
		.post(authenticate)
		.set('Content-type', 'application/json')
		.send(tokenAuthData.masterUser)
		.end(function(err, res) {
			if (err) return done(err);
			assert.equal(res.status, 200)
			Cookies = res.header['set-cookie'];
			done();
		});
    });
    
	it ('Should return status 200', function(done) {
		var req = request(envData.upstreamUrl).get('/v1/StudyDashboard/DataConfirmation');
		req.cookies = Cookies;
		req.set('Accept', 'application/json')
		.end(function(err, res) {
			if (err) return done(err);
			assert.equal(res.status, 200)
			done();
		});
    });
});

Hello @rafaelcs,
I did a working test here, with a simple app and changed a few parameters in your test. Take a look in your test, the envData and tokenAuthData may have some missing parameter.
The supertest request should receive your express app and the tokenAuthData login payload
I changed some things in your test, commenting on the lines that may be causing the behavior you mentioned

const assert = require('chai').assert;
const expect = require('chai').expect;
const request = require('supertest');
// const envData = require('../../data/envData');
// const tokenAuthData = require('../../data/tokenAuthData');

const app = require('./app');

var Cookies;

describe ('POST /Authenticate', function() {

  const authenticate = '/TokenAuth/Authenticate';

  it ('Should create a session', function(done) {
    // request(envData.upstreamUrl)
    request(app)
      .post(authenticate)
      .set('Content-type', 'application/json')
      // .send(tokenAuthData.masterUser)
      .send({ username: 'myself', password: 'mypass' })
      .end(function(err, res) {
        if (err) return done(err);
        assert.equal(res.status, 200)
        Cookies = res.header['set-cookie'];
        done();
      });
  });

  it ('Should return status 200', function(done) {
    // var req = request(envData.upstreamUrl).get('/v1/StudyDashboard/DataConfirmation');
    var req = request(app).get('/v1/StudyDashboard/DataConfirmation');
    req.cookies = Cookies;
    req.set('Accept', 'application/json')
      .end(function(err, res) {
        if (err) return done(err);
        assert.equal(res.body.message, 'Restricted resource')
        assert.equal(res.status, 200)
        done();
      });
  });

  it ('Should return status 401', function(done) {
    var req = request(app).get('/v1/StudyDashboard/DataConfirmation');
    // req.cookies = Cookies;
    req.set('Accept', 'application/json')
      .end(function(err, res) {
        if (err) return done(err);
        assert.equal(res.status, 401)
        done();
      });
  });
});

const express = require('express');
const app = express();
const session = require('express-session');

const isLoggedIn = (req, res, next) => {
  if (!req.session.authenticated) {
    return res.status(401).send({ message: 'Unauthorized' });
  }
  next();
}

app.use(session({
  secret: 'keyboard cat',
  resave: false,
  saveUninitialized: true
}));

app.post('/TokenAuth/Authenticate', (req, res) => {
  req.session.authenticated = true;
  res.send({ message: 'Login success' });
});

app.get('/v1/StudyDashboard/DataConfirmation', isLoggedIn, (req, res) => {
  res.send({ message: 'Restricted resource' });
});

module.exports = app;

I hope it helps you to solve the problem.

Thank you.

Worked a treat 👍