node-go/server/test/auth.signup.spec.js

const verifyToken = require('../services/verifyToken');

const authSignupSpec = (chai, knex, server) => {
  const newUserFormData = {
    'username':'newUser',
    'password':'password',
    'email':'user@example.com'
  }
  const invalidEmailFormData = {
    'username':'newUser',
    'email': 'useremail',
    'password':'password'
  }
  const scriptInjectionFormData = {
    'username': '<script> alert("hello, there");</script>',
    'password':'password',
    'email':'user@example.com'
  }
  const sqlInjectionFormData = {
    'username': '; DROP TABLE user;',
    'password':'password',
    'email':'user@example.com'
  }

  it('post to /signup should return 200 status', done => {
    chai.request(server)
    .post('/auth/signup')
    .type('form')
    .send(newUserFormData)
    .end((err, res) => {
      if (err) done(err);
      res.should.status(200);
      done();
    });
  });
    
  it('post to /signup should return token', done => {
    chai.request(server)
    .post('/auth/signup')
    .type('form')
    .send(newUserFormData)
    .end((err, res) => {
      if (err) done(err);
      res.should.cookie('token');
      done();
    });
  });
    
  it('post to /signup should add user to db', done => {
    chai.request(server)
    .post('/auth/signup')
    .type('form')
    .send(newUserFormData)
    .end((err, res) => {
      if (err) done(err);
      knex('user').where({'username': newUserFormData.username}).then(results => {
        const newUser = results[0];
        if (newUser.username === newUserFormData.username) done();
      })
    });
  })
    
  it('post to /signup should add user to db with password', done => {
    chai.request(server)
    .post('/auth/signup')
    .type('form')
    .send(newUserFormData)
    .end((err, res) => {
      if (err) done(err);
      knex('user').where({'username': newUserFormData.username}).then(results => {
        const newUser = results[0];
        if (newUser.password !== newUserFormData.password) done();
      })
    });
  });

  it('post to /signup with invalid email should return 422', done => {
    chai.request(server)
    .post('/auth/signup')
    .type('form')
    .send(invalidEmailFormData)
    .end((err, res) => {
      if (err) done(err);
      res.should.status(422);
      done();
    });
  })
  
  it('post to /signup should return cookie with jwt for user', done => {
    chai.request(server)
    .post('/auth/signup')
    .type('form')
    .send(newUserFormData)
    .end((err, res) => {
      if (err) done(err);
      const cookie = res.headers['set-cookie'][0];
      const token = cookie.split(';')[0].split('token=')[1]
      const verifiedToken = verifyToken(token);
      const userAssertion = verifiedToken.should.have.property('user');
      userAssertion.with.property('username');
      userAssertion.with.property('email');
      userAssertion.not.with.property('password');
      done()
    })
  })
  
  it('post to /signup should sanitize inputs for script injection', done => {
    chai.request(server)
    .post('/auth/signup')
    .type('form')
    .send(scriptInjectionFormData)
    .end((err, res) => {
      if (err) done(err);
      const cookie = res.headers['set-cookie'][0];
      const token = cookie.split(';')[0].split('token=')[1]
      const verifiedToken = verifyToken(token);
      verifiedToken.should.have.property('user')
      .with.property('username')
      .to.not.equal('<script> alert("hello, there");</script>')
      done()
    })
  })

  it('post to /signup should sanitize inputs for sql injection', done => {
    chai.request(server)
    .post('/auth/signup')
    .type('form')
    .send(sqlInjectionFormData)
    .end((err, res) => {
      if (err) done(err);
      knex('user')
      .where('id', 1)
      .select('id','username','email')
      .then(results => {
        const newUser = results[0];
        if (newUser) done();
      })
    })
  })


}
module.exports = authSignupSpec;
add validation and sanitization for auth/. posts 2020-01-15 21:52:01 +00:00			`const verifyToken = require('../services/verifyToken');`

			`const authSignupSpec = (chai, knex, server) => {`
			`const newUserFormData = {`
			`'username':'newUser',`
			`'password':'password',`
			`'email':'user@example.com'`
			`}`
			`const invalidEmailFormData = {`
			`'username':'newUser',`
			`'email': 'useremail',`
			`'password':'password'`
			`}`
			`const scriptInjectionFormData = {`
			`'username': '<script> alert("hello, there");</script>',`
			`'password':'password',`
			`'email':'user@example.com'`
			`}`
			`const sqlInjectionFormData = {`
			`'username': '; DROP TABLE user;',`
			`'password':'password',`
			`'email':'user@example.com'`
			`}`

			`it('post to /signup should return 200 status', done => {`
			`chai.request(server)`
			`.post('/auth/signup')`
			`.type('form')`
			`.send(newUserFormData)`
			`.end((err, res) => {`
			`if (err) done(err);`
			`res.should.status(200);`
			`done();`
			`});`
			`});`

			`it('post to /signup should return token', done => {`
			`chai.request(server)`
			`.post('/auth/signup')`
			`.type('form')`
			`.send(newUserFormData)`
			`.end((err, res) => {`
			`if (err) done(err);`
			`res.should.cookie('token');`
			`done();`
			`});`
			`});`

			`it('post to /signup should add user to db', done => {`
			`chai.request(server)`
			`.post('/auth/signup')`
			`.type('form')`
			`.send(newUserFormData)`
			`.end((err, res) => {`
			`if (err) done(err);`
			`knex('user').where({'username': newUserFormData.username}).then(results => {`
			`const newUser = results[0];`
			`if (newUser.username === newUserFormData.username) done();`
			`})`
			`});`
			`})`

			`it('post to /signup should add user to db with password', done => {`
			`chai.request(server)`
			`.post('/auth/signup')`
			`.type('form')`
			`.send(newUserFormData)`
			`.end((err, res) => {`
			`if (err) done(err);`
			`knex('user').where({'username': newUserFormData.username}).then(results => {`
			`const newUser = results[0];`
			`if (newUser.password !== newUserFormData.password) done();`
			`})`
			`});`
			`});`

			`it('post to /signup with invalid email should return 422', done => {`
			`chai.request(server)`
			`.post('/auth/signup')`
			`.type('form')`
			`.send(invalidEmailFormData)`
			`.end((err, res) => {`
			`if (err) done(err);`
			`res.should.status(422);`
			`done();`
			`});`
			`})`

			`it('post to /signup should return cookie with jwt for user', done => {`
			`chai.request(server)`
			`.post('/auth/signup')`
			`.type('form')`
			`.send(newUserFormData)`
			`.end((err, res) => {`
			`if (err) done(err);`
			`const cookie = res.headers['set-cookie'][0];`
			`const token = cookie.split(';')[0].split('token=')[1]`
			`const verifiedToken = verifyToken(token);`
			`const userAssertion = verifiedToken.should.have.property('user');`
			`userAssertion.with.property('username');`
			`userAssertion.with.property('email');`
			`userAssertion.not.with.property('password');`
			`done()`
			`})`
			`})`

			`it('post to /signup should sanitize inputs for script injection', done => {`
			`chai.request(server)`
			`.post('/auth/signup')`
			`.type('form')`
			`.send(scriptInjectionFormData)`
			`.end((err, res) => {`
			`if (err) done(err);`
			`const cookie = res.headers['set-cookie'][0];`
			`const token = cookie.split(';')[0].split('token=')[1]`
			`const verifiedToken = verifyToken(token);`
			`verifiedToken.should.have.property('user')`
			`.with.property('username')`
			`.to.not.equal('<script> alert("hello, there");</script>')`
			`done()`
			`})`
			`})`

			`it('post to /signup should sanitize inputs for sql injection', done => {`
			`chai.request(server)`
			`.post('/auth/signup')`
			`.type('form')`
			`.send(sqlInjectionFormData)`
			`.end((err, res) => {`
			`if (err) done(err);`
			`knex('user')`
			`.where('id', 1)`
			`.select('id','username','email')`
			`.then(results => {`
			`const newUser = results[0];`
			`if (newUser) done();`
			`})`
			`})`
			`})`



			`}`
			`module.exports = authSignupSpec;`