diff --git a/packages/server/packages/play-node-go/server/controllers/auth.js b/packages/server/packages/play-node-go/server/controllers/auth.js index febf350..f9e0b0d 100644 --- a/packages/server/packages/play-node-go/server/controllers/auth.js +++ b/packages/server/packages/play-node-go/server/controllers/auth.js @@ -1,11 +1,14 @@ const knex = require('../data/db') + const { hashPassword, compareHash } = require('../services/bcrypt'); - const signToken = require('../services/signToken'); +const { validateSignup, validateLogin } = require('../services/userValidate'); -const signUp = async (req, res, next) => { +const signup = async (req, res, next) => { const user = req.body; + if (!validateSignup(user)) return; + try { const hashedPassword = await hashPassword(user.password); @@ -24,11 +27,38 @@ const signUp = async (req, res, next) => { } } -const login = (req, res, next) => { +const login = async (req, res, next) => { + + const user = req.body; + if (!validateLogin(user)) return; + try { + + const queryResults = await knex('user') + .where({username: user.username}) + .select('username', 'email', 'password') + .then(queryResults => queryResults); + + const savedUser = queryResults[0] || null; + if (!savedUser) return res.status(401).json({err: 'bad credentials'}); + + const hashedPassword = savedUser.password; + const passwordMatch = await compareHash(user.password, hashedPassword); + + if (!passwordMatch) return res.status(401).json({err: 'bad credentials'}); + + const authorizedUser = {...savedUser}; + delete authorizedUser.password; + + signToken(res, authorizedUser); + res.send('ok').status(200); + } + catch (err) { + res.status(500).json(err); + } } module.exports = { - signUp, + signup, login } \ No newline at end of file diff --git a/packages/server/packages/play-node-go/server/data/migrations/20200107214047_init.js b/packages/server/packages/play-node-go/server/data/migrations/20200107214047_init.js deleted file mode 100644 index 38e13fe..0000000 --- a/packages/server/packages/play-node-go/server/data/migrations/20200107214047_init.js +++ /dev/null @@ -1,6 +0,0 @@ - -exports.up = function(knex) { -}; - -exports.down = function(knex) { -}; diff --git a/packages/server/packages/play-node-go/server/package.json b/packages/server/packages/play-node-go/server/package.json index a228a0e..f332bd1 100644 --- a/packages/server/packages/play-node-go/server/package.json +++ b/packages/server/packages/play-node-go/server/package.json @@ -4,7 +4,7 @@ "private": true, "scripts": { "start": "node ./bin/www", - "test": "mocha ./test/*", + "test": "mocha ./test/* --exit", "make-migration": "./node_modules/.bin/knex migrate:make", "migrate": "./node_modules/.bin/knex migrate:latest", "migrate-test": "./node_modules/.bin/knex migrate:latest --env test", diff --git a/packages/server/packages/play-node-go/server/routes/auth.js b/packages/server/packages/play-node-go/server/routes/auth.js index d19c502..b521ecc 100644 --- a/packages/server/packages/play-node-go/server/routes/auth.js +++ b/packages/server/packages/play-node-go/server/routes/auth.js @@ -3,7 +3,7 @@ const router = express.Router(); const authController = require('../controllers/auth'); -router.post('/signup', authController.signUp); +router.post('/signup', authController.signup); router.post('/login', authController.login); module.exports = router; diff --git a/packages/server/packages/play-node-go/server/services/bcrypt.js b/packages/server/packages/play-node-go/server/services/bcrypt.js index 7b569ee..f59d05f 100644 --- a/packages/server/packages/play-node-go/server/services/bcrypt.js +++ b/packages/server/packages/play-node-go/server/services/bcrypt.js @@ -20,12 +20,10 @@ const compareHash = async (password, hash) => { const success = await new Promise((resolve, reject) => { bcrypt.compare(password, hash, (err, res) => { if (err) reject(err); - if (res) return true; - return false; + if (res) resolve(true); }) }); - - return compareHash; + return success; } module.exports = { hashPassword, compareHash }; \ No newline at end of file diff --git a/packages/server/packages/play-node-go/server/services/signToken.js b/packages/server/packages/play-node-go/server/services/signToken.js index 06de9fd..a6cebb8 100644 --- a/packages/server/packages/play-node-go/server/services/signToken.js +++ b/packages/server/packages/play-node-go/server/services/signToken.js @@ -7,7 +7,6 @@ const msHourOffset = 3600000; const signToken = (res, user) => { const expiration = process.env.NODE_ENV === 'test' ? msHourOffset : msDayOffset; const secret = process.env.NODE_ENV === 'test' ? process.env.TEST_SECRET : process.env.JWT_SECRET; - console.log(process.env.NODE_ENV) const token = jwt.sign({ user }, secret, { expiresIn: process.env.NODE_ENV === 'test' ? '1h' : '24h', }); diff --git a/packages/server/packages/play-node-go/server/services/userValidate.js b/packages/server/packages/play-node-go/server/services/userValidate.js new file mode 100644 index 0000000..19dda00 --- /dev/null +++ b/packages/server/packages/play-node-go/server/services/userValidate.js @@ -0,0 +1,14 @@ +const validateSignup = (user) => { + if (!user.username) throw('no username'); + if (!user.email) throw('no email'); + if (!user.password) throw('no password'); + return true +} + +const validateLogin = (user) => { + if (!user.username) throw('no username'); + if (!user.password) throw('no password'); + return true; +} + +module.exports = { validateLogin, validateSignup }; \ No newline at end of file diff --git a/packages/server/packages/play-node-go/server/test/auth.spec.js b/packages/server/packages/play-node-go/server/test/auth.spec.js index 7a75945..0b466e7 100644 --- a/packages/server/packages/play-node-go/server/test/auth.spec.js +++ b/packages/server/packages/play-node-go/server/test/auth.spec.js @@ -4,19 +4,23 @@ const authSpec = (chai, knex, server) => { 'password':'password', 'email':'user@example.com' } + const loginFormData = { + 'username':'newUser', + 'password':'password' + } it('post to sign up should return 200 status', done => { chai.request(server) - .post('/auth/signup') - .type('form') - .send(newUserFormData) - .end((err, res) => { - if (err) done(err); - res.should.status(200); - done(); - }); - }); - + .post('/auth/signup') + .type('form') + .send(newUserFormData) + .end((err, res) => { + if (err) done(err); + res.should.status(200); + done(); + }); + }); + it('post to sign up should return token', done => { chai.request(server) .post('/auth/signup') @@ -42,7 +46,7 @@ const authSpec = (chai, knex, server) => { }) }); }) - + it('post to sign up should add user to db with password', done => { chai.request(server) .post('/auth/signup') @@ -55,7 +59,56 @@ const authSpec = (chai, knex, server) => { if (newUser.password !== newUserFormData.password) done(); }) }); + }); + + it('post to login with non-registered user should return status 401 with bad creds err', done => { + chai.request(server) + .post('/auth/login') + .type('form') + .send(newUserFormData) + .end((err, res) => { + if (err) done(err); + res.should.status(401); + res.body.err.should.equal('bad credentials'); + done(); + }); }) + + it('post to login with non-registered user should return status 401 with bad creds err', done => { + chai.request(server) + .post('/auth/login') + .type('form') + .send(newUserFormData) + .end((err, res) => { + if (err) done(err); + res.should.status(401); + res.body.err.should.equal('bad credentials'); + done(); + }) + }) + + it('post to login with registered user should return cookie', function(done) { + this.timeout(5000); + chai.request(server) + .post('/auth/signup') + .type('form') + .send(newUserFormData) + .end((err, res) => { + if (err) done(err); + + chai.request(server) + .post('/auth/login') + .type('form') + .send(loginFormData) + .end((err, res) => { + if(err) done(err); + res.should.status(200); + res.should.cookie('token'); + done(); + }) + }) + }) + } diff --git a/packages/server/packages/play-node-go/server/test/spec.js b/packages/server/packages/play-node-go/server/test/spec.js index 909768a..a304447 100644 --- a/packages/server/packages/play-node-go/server/test/spec.js +++ b/packages/server/packages/play-node-go/server/test/spec.js @@ -2,7 +2,7 @@ process.env.NODE_ENV = 'test'; const chai = require('chai'); const chaiHttp = require('chai-http'); -var knex = require('../data/db'); +const knex = require('../data/db'); const server = require('../server'); @@ -30,21 +30,20 @@ describe('Auth Routes', function() { setupDb(); authSpec(chai, knex, server) - -}) + +}); describe('API Routes', function() { setupDb(); - + it('home should return 200 status', done => { chai.request(server) - .get('/') - .end((err,res)=> { - if(err) done(err); - res.should.status(200); - done(); - }) - }) + .get('/') + .end((err,res)=> { + if(err) done(err); + res.should.status(200); + done(); + }); + }); + }); - -