mirror of
https://github.com/HabitRPG/habitica.git
synced 2025-12-14 21:27:23 +01:00
f26d2a59ae
* add InvalidCredentialsError with language-agnostic code and update backend & web logout logic * error.code in API error responses Updated the error handler to serialize responseErr.code as the JSON error field, falling back to responseErr.name when no code is set. * fix(lint): whitespace and missing def * fix(lint): missed one * add InvalidCredentialsError case for bad token Add test verifying that auth middleware throws InvalidCredentialsError with code "invalid_credentials" and correct translated message when the API token is invalid. * fix(test): user fields implicitly required --------- Co-authored-by: Kalista Payne <sabrecat@gmail.com>
80 lines
2.4 KiB
JavaScript
80 lines
2.4 KiB
JavaScript
import {
|
|
generateRes,
|
|
generateReq,
|
|
} from '../../../helpers/api-unit.helper';
|
|
import { authWithHeaders as authWithHeadersFactory } from '../../../../website/server/middlewares/auth';
|
|
|
|
describe('auth middleware', () => {
|
|
let res; let req; let
|
|
user;
|
|
|
|
beforeEach(async () => {
|
|
res = generateRes();
|
|
req = generateReq();
|
|
user = await res.locals.user.save();
|
|
});
|
|
|
|
describe('auth with headers', () => {
|
|
it('allows to specify a list of user field that we do not want to load', done => {
|
|
const authWithHeaders = authWithHeadersFactory({
|
|
userFieldsToExclude: ['items'],
|
|
});
|
|
|
|
req.headers['x-api-user'] = user._id;
|
|
req.headers['x-api-key'] = user.apiToken;
|
|
|
|
authWithHeaders(req, res, err => {
|
|
if (err) return done(err);
|
|
|
|
const userToJSON = res.locals.user.toJSON();
|
|
expect(userToJSON.items).to.not.exist;
|
|
expect(userToJSON.auth).to.exist;
|
|
|
|
return done();
|
|
});
|
|
});
|
|
|
|
it('makes sure some fields are always included', done => {
|
|
const authWithHeaders = authWithHeadersFactory({
|
|
userFieldsToExclude: [
|
|
'items', 'auth.timestamps',
|
|
'preferences', 'notifications', '_id', 'flags', 'auth', // these are always loaded
|
|
],
|
|
});
|
|
|
|
req.headers['x-api-user'] = user._id;
|
|
req.headers['x-api-key'] = user.apiToken;
|
|
|
|
authWithHeaders(req, res, err => {
|
|
if (err) return done(err);
|
|
|
|
const userToJSON = res.locals.user.toJSON();
|
|
expect(userToJSON.items).to.not.exist;
|
|
expect(userToJSON.auth.timestamps).to.exist;
|
|
expect(userToJSON.auth).to.exist;
|
|
expect(userToJSON.notifications).to.exist;
|
|
expect(userToJSON.preferences).to.exist;
|
|
expect(userToJSON._id).to.exist;
|
|
expect(userToJSON.flags).to.exist;
|
|
|
|
return done();
|
|
});
|
|
});
|
|
|
|
it('errors with InvalidCredentialsError and code when token is wrong', done => {
|
|
const authWithHeaders = authWithHeadersFactory({ userFieldsToExclude: [] });
|
|
|
|
req.headers['x-api-user'] = user._id;
|
|
req.headers['x-api-key'] = 'totally-wrong-token';
|
|
|
|
authWithHeaders(req, res, err => {
|
|
expect(err).to.exist;
|
|
expect(err.name).to.equal('InvalidCredentialsError');
|
|
expect(err.code).to.equal('invalid_credentials');
|
|
expect(err.message).to.equal(res.t('invalidCredentials'));
|
|
return done();
|
|
});
|
|
});
|
|
});
|
|
});
|