const verifyToken = require('../services/verifyToken'); const authSignupSpec = (chai, knex, server) => { const newUserFormData = { 'username':'newUser', 'password':'password', 'email':'user@example.com' } const invalidEmailFormData = { 'username':'newUser', 'email': 'useremail', 'password':'password' } const scriptInjectionFormData = { 'username': '', 'password':'password', 'email':'user@example.com' } const sqlInjectionFormData = { 'username': '; DROP TABLE user;', 'password':'password', 'email':'user@example.com' } it('post to /signup should return 200 status', done => { chai.request(server) .post('/auth/signup') .type('form') .send(newUserFormData) .end((err, res) => { if (err) done(err); res.should.status(200); done(); }); }); it('post to /signup should return token', done => { chai.request(server) .post('/auth/signup') .type('form') .send(newUserFormData) .end((err, res) => { if (err) done(err); res.should.cookie('token'); done(); }); }); it('post to /signup should add user to db', done => { chai.request(server) .post('/auth/signup') .type('form') .send(newUserFormData) .end((err, res) => { if (err) done(err); knex('user').where({'username': newUserFormData.username}).then(results => { const newUser = results[0]; if (newUser.username === newUserFormData.username) done(); }) }); }) it('post to /signup should add user to db with password', done => { chai.request(server) .post('/auth/signup') .type('form') .send(newUserFormData) .end((err, res) => { if (err) done(err); knex('user').where({'username': newUserFormData.username}).then(results => { const newUser = results[0]; if (newUser.password !== newUserFormData.password) done(); }) }); }); it('post to /signup with invalid email should return 422', done => { chai.request(server) .post('/auth/signup') .type('form') .send(invalidEmailFormData) .end((err, res) => { if (err) done(err); res.should.status(422); done(); }); }) it('post to /signup should return cookie with jwt for user', done => { chai.request(server) .post('/auth/signup') .type('form') .send(newUserFormData) .end((err, res) => { if (err) done(err); const cookie = res.headers['set-cookie'][0]; const token = cookie.split(';')[0].split('token=')[1] const verifiedToken = verifyToken(token); const userAssertion = verifiedToken.should.have.property('user'); userAssertion.with.property('username'); userAssertion.with.property('email'); userAssertion.not.with.property('password'); done() }) }) it('post to /signup should sanitize inputs for script injection', done => { chai.request(server) .post('/auth/signup') .type('form') .send(scriptInjectionFormData) .end((err, res) => { if (err) done(err); const cookie = res.headers['set-cookie'][0]; const token = cookie.split(';')[0].split('token=')[1] const verifiedToken = verifyToken(token); verifiedToken.should.have.property('user') .with.property('username') .to.not.equal('') done() }) }) it('post to /signup should sanitize inputs for sql injection', done => { chai.request(server) .post('/auth/signup') .type('form') .send(sqlInjectionFormData) .end((err, res) => { if (err) done(err); knex('user') .where('id', 1) .select('id','username','email') .then(results => { const newUser = results[0]; if (newUser) done(); }) }) }) } module.exports = authSignupSpec;