Home > Software engineering >  How to test requests that require the user to be authenticated in Express
How to test requests that require the user to be authenticated in Express

Time:06-21

How can you test requests that require the user to be authenticated? I'm using local passport.js in my express app. I'm testing using Jest and Supertest. I've looked up countless posts, I tried supertest-session and that doesn't seem to work either. All of these posts are from almost 10 years ago so I'm not sure if they're still valid.

Here is the last thing that I've tried:

const request = require('supertest');
const app = require('../app');
const { pool } = require('../dbConfig');
let testAccount = { email:  '[email protected]', password: '123456' }

const loginUrl = '/users/login';
const createRoomUrl = '/rooms/create'
const successfulRoomCreateUrl = '/users/dashboard';
const successfulLoginUrl = '/users/dashboard';
const failedRoomCreateUrl = '/';


afterAll(async () => {
    pool.end();
});


describe('Room CRUD: Create | POST /rooms/create', () => {
    describe('Given the user is Authenticated', () => {
        let token;
        beforeEach( async () => {
        const response = await
            request(app).post(loginUrl).type('form').send(testAccount);
        token = { access_token: response.body.token }
    });

    test(`should get statusCode 200 if user is logged in`, async () => {
        const createRoomResponse = await request(app).get(createRoomUrl).query(token);
        // 302 since the user doesn't stay logged in
        expect(createRoomResponse.statusCode).toEqual(200);
    });
});
});

Here is what I tried with supertest-session and it also doesn't work:

const session = require('supertest-session');
const myApp = require('../app');
let testAccount = { email:  '[email protected]', password: '123456' }

var testSession = null;
 
beforeEach(function () {
  testSession = session(myApp);
});

it('should fail accessing a restricted page', function (done) {
  testSession.get('/rooms/create')
    .expect(302)
    .end(done)
});
 
it('should sign in', function (done) {
  testSession.post('/users/login')
    .send(testAccount)
    .expect(302) // get redirected to dashboard
    .end(done);
});

describe('after authenticating session', function () {
 
  var authenticatedSession;
 
  beforeEach(function (done) {
    testSession.post('/users/login')
      .send(testAccount)
      .expect(302) // get redirected to /users/dashboard
      .end(function (err) {
        if (err) return done(err);
        authenticatedSession = testSession;
        return done();
      });
  });
 
  it('should get a restricted page', function (done) {
    authenticatedSession.get('/rooms/create')
      .expect(200) // <------ still get a 302 (redirect if user !logged
      .end(done)
  });
});

CodePudding user response:

Turns out all I needed to do was append .type('form') like so:

beforeEach(function (done) {
  testSession.post('/users/login').type('form')
    .send(testAccount)
    .expect(302) // get redirected to /users/dashboard
    .end(function (err) {
      if (err) return done(err);
      authenticatedSession = testSession;
      return done();
    });
});
  • Related