wiki
/
weseek__growi
oglindă de https://github.com/weseek/growi


			
							1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889
							const mongoose = require('mongoose');

const { getInstance } = require('../setup-crowi');

describe('loginRequired', () => {
  let crowi;
  let accessTokenParser;

  let User;
  let targetUser;

  beforeAll(async(done) => {
    crowi = await getInstance();
    User = mongoose.model('User');
    accessTokenParser = require('@server/middlewares/access-token-parser')(crowi);

    targetUser = await User.create({
      name: 'Example for access token parser',
      username: 'targetUser',
      password: 'usertestpass',
      lang: 'en_US',
      apiToken: 'N4xPDjh48TBsC7ahUN+ajjL5asnGpwtA5VAR+EhIDeg=',
    });


    done();
  });

  describe('accessTokenParser', () => {
    crowi = {
      model: jest.fn().mockReturnValue(User),
    };
    const req = {
      skipCsrfVerify: false,
      query: {},
      body: {},
      user: {},
    };
    const res = {};
    const next = jest.fn().mockReturnValue('next');
    //  crowi.model = jest.fn().mockReturnValue('huge');

    // const findUserByApiToken = jest.spyOn(User, 'findUserByApiToken').mockImplementation((accessToken) => {
    //   return User.find({ apiToken: accessToken });
    // });

    test('without accessToken', async() => {
      const result = await accessTokenParser(req, res, next);

      expect(next).toHaveBeenCalled();
      expect(result).toBe('next');
    });

    test('with invalid accessToken', async() => {
      req.query.access_token = 'invalidAccessToken';

      const result = await accessTokenParser(req, res, next);

      expect(next).toHaveBeenCalled();
      expect(result).toBe('next');
      expect(req.skipCsrfVerify).toBe(false);
    });

    test('with accessToken in query', async() => {
      req.query.access_token = 'N4xPDjh48TBsC7ahUN+ajjL5asnGpwtA5VAR+EhIDeg=';

      const result = await accessTokenParser(req, res, next);

      expect(next).toHaveBeenCalled();
      expect(result).toBe('next');
      expect(req.skipCsrfVerify).toBe(true);
      expect(req.user._id).toStrictEqual(targetUser._id);
    });

    test('with accessToken in body', async() => {
      req.body.access_token = 'N4xPDjh48TBsC7ahUN+ajjL5asnGpwtA5VAR+EhIDeg=';

      const result = await accessTokenParser(req, res, next);

      expect(next).toHaveBeenCalled();
      expect(result).toBe('next');
      expect(req.skipCsrfVerify).toBe(true);
      expect(req.user._id).toStrictEqual(targetUser._id);
    });


  });

});