mirror of
https://github.com/HabitRPG/habitica.git
synced 2025-12-16 22:27:26 +01:00
1ea9be8aa2
* protect all paths in user.pre(save using this.isDirectSelected to see if a field is available * fix linting * authWithHeaders: specify user fields to exclude instead of the ones to include, add comments, doc and improve test * add more options to unit helper generateReq and add tests for excluding fields in authWithHeaders
41 lines
1.2 KiB
JavaScript
41 lines
1.2 KiB
JavaScript
import {
|
|
generateRes,
|
|
generateReq,
|
|
} from '../../../../helpers/api-unit.helper';
|
|
import { authWithHeaders as authWithHeadersFactory } from '../../../../../website/server/middlewares/auth';
|
|
|
|
describe('auth middleware', () => {
|
|
let res, req, user;
|
|
|
|
beforeEach(async () => {
|
|
res = generateRes();
|
|
req = generateReq();
|
|
user = await res.locals.user.save();
|
|
});
|
|
|
|
describe('auth with headers', () => {
|
|
it('allows to specify a list of user field that we do not want to load', (done) => {
|
|
const authWithHeaders = authWithHeadersFactory(false, {
|
|
userFieldsToExclude: ['items', 'flags', 'auth.timestamps'],
|
|
});
|
|
|
|
req.headers['x-api-user'] = user._id;
|
|
req.headers['x-api-key'] = user.apiToken;
|
|
|
|
authWithHeaders(req, res, (err) => {
|
|
if (err) return done(err);
|
|
|
|
const userToJSON = res.locals.user.toJSON();
|
|
expect(userToJSON.items).to.not.exist;
|
|
expect(userToJSON.flags).to.not.exist;
|
|
expect(userToJSON.auth.timestamps).to.not.exist;
|
|
expect(userToJSON.auth).to.exist;
|
|
expect(userToJSON.notifications).to.exist;
|
|
expect(userToJSON.preferences).to.exist;
|
|
|
|
done();
|
|
});
|
|
});
|
|
});
|
|
});
|