it('should report error when the refreshToken is expired', async () => { await RefreshToken.create(expiredRefreshToken); return request(app) .post('/v1/auth/refresh-token') .send({ email: dbUser.email, refreshToken: expiredRefreshToken.token }) .expect(httpStatus.UNAUTHORIZED) .then((res) => { expect(res.body.code).to.be.equal(401); expect(res.body.message).to.be.equal('Invalid refresh token.'); }); });
it('should report error when the resetToken is expired', async () => { const expiredPasswordResetTokenObj = await PasswordResetToken.create(expiredResetToken); expect(expiredPasswordResetTokenObj.resetToken).to.be.equal('5947397b323ae82d8c3a333b.c69d0435e62c9f4953af912442a3d064e20291f0d228c0552ed4be473e7d191ba40b18c2c47e8b9d'); expect(expiredPasswordResetTokenObj.userId.toString()).to.be.equal('5947397b323ae82d8c3a333b'); expect(expiredPasswordResetTokenObj.userEmail).to.be.equal(dbUser.email); expect(expiredPasswordResetTokenObj.expires).to.be.below(moment().toDate()); return request(app) .post('/v1/auth/reset-password') .send({ email: dbUser.email, password: 'updated password', resetToken: expiredResetToken.resetToken, }) .expect(httpStatus.UNAUTHORIZED) .then((res) => { expect(res.body.code).to.be.equal(401); expect(res.body.message).to.include('Reset token is expired'); }); });
status: httpStatus.UNAUTHORIZED, isPublic: true, };
const apiError = new APIError({ message: error ? error.message : 'Unauthorized', status: httpStatus.UNAUTHORIZED, stack: error ? error.stack : undefined, });
.get('/v1/users/profile') .set('Authorization', `Bearer ${expiredAccessToken}`) .expect(httpStatus.UNAUTHORIZED) .then((res) => { expect(res.body.code).to.be.equal(httpStatus.UNAUTHORIZED); expect(res.body.message).to.be.equal('jwt expired'); expect(res.body).to.not.have.a.property('stack');
.post('/v1/auth/send-password-reset') .send({ email: user.email }) .expect(httpStatus.UNAUTHORIZED) .then((res) => { const { code } = res.body; const { message } = res.body; expect(code).to.be.equal(httpStatus.UNAUTHORIZED); expect(message).to.be.equal('No account found with that email'); });
.post('/v1/auth/login') .send(dbUser) .expect(httpStatus.UNAUTHORIZED) .then((res) => { const { code } = res.body;
it("should report error when email and refreshToken don't match", async () => { await RefreshToken.create(refreshToken); return request(app) .post('/v1/auth/refresh-token') .send({ email: user.email, refreshToken: refreshToken.token }) .expect(httpStatus.UNAUTHORIZED) .then((res) => { const { code } = res.body; const { message } = res.body; expect(code).to.be.equal(401); expect(message).to.be.equal('Incorrect email or refreshToken'); }); });
// try to connect to server using JWT token const expectTokenIsInvalid = (url, token, done) => { request(app) .get(url) .set('Authorization', `bearer ${token}`) .expect(httpStatus.UNAUTHORIZED) .then(() => { done(); }) .catch(done); }
function passportWrapper(strategy) { // eslint-disable-next-line max-len return (req, res, next) => passport.authenticate(strategy, { session: false }, (err, wrappedUser) => { if (err) { return next(err); } if (!wrappedUser) { return next(new APIError('Unauthorized', httpStatus.UNAUTHORIZED, false)); } req[wrappedUser.bindTo] = wrappedUser.user; return next(); })(req, res, next); }
async findAndGenerateToken (payload) { const { email, password } = payload if (!email) throw new APIError('Email must be provided for login') const user = await this.findOne({ email }).exec() if (!user) throw new APIError(`No user associated with ${email}`, httpStatus.NOT_FOUND) const passwordOK = await user.passwordMatches(password) if (!passwordOK) throw new APIError(`Password mismatch`, httpStatus.UNAUTHORIZED) if (!user.active) throw new APIError(`User not activated`, httpStatus.UNAUTHORIZED) return user }
it('should return 401 ( invalid token )', (done) => { reqs.user .resetPassword({ password: 'sd23knca@cKPs', token: 'passwordResetJWT' }) .then((res) => { expect(res.status) .to .be .eq(httpStatus.UNAUTHORIZED); done(); }) .catch(done); });
it("should report error when email and reset token doesn't match a user", async () => { await PasswordResetToken.create(resetToken); return request(app) .post('/v1/auth/reset-password') .send({ email: user.email, password: 'updatedPassword', resetToken: resetToken.resetToken, }) .expect(httpStatus.UNAUTHORIZED) .then((res) => { const { code } = res.body; const { message } = res.body; expect(code).to.be.equal(401); expect(message).to.be.equal('Cannot find matching reset token'); }); });
async findAndGenerateToken (payload) { const { email, password } = payload if (!email) throw new APIError('Email must be provided for login') const user = await this.findOne({ email }).exec() if (!user) throw new APIError(`No user associated with ${email}`, httpStatus.NOT_FOUND) const passwordOK = await user.passwordMatches(password) if (!passwordOK) throw new APIError(`Password mismatch`, httpStatus.UNAUTHORIZED) return user }
it('should return 401 ( invalid token )', (done) => { reqs.businessUser .resetPassword({ password: 'sd23knca@cKPs', token: 'passwordResetJWT' }) .then((res) => { expect(res.status) .to .be .eq(httpStatus.UNAUTHORIZED); done(); }) .catch(done); });