will/adopt-a-street
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b51cd29282758c9bc115c5432ccd1be80f770bc8
adopt-a-street/backend/__tests__/middleware/auth.test.js
William Valentin 17e5c90a90 test(backend): add comprehensive testing infrastructure 
Implement complete backend testing infrastructure with Jest and Supertest:

Test Setup:
- Configure Jest for Node.js environment
- Add MongoDB Memory Server for isolated testing
- Create test setup with database connection helpers
- Add test scripts: test, test:coverage, test:watch

Test Files (176 total tests, 109 passing):
- Middleware tests: auth.test.js (100% coverage)
- Model tests: User, Street, Task, Post (82.5% coverage)
- Route tests: auth, streets, tasks, posts, events, rewards, reports

Test Coverage:
- Overall: 54.75% (on track for 70% target)
- Models: 82.5%
- Middleware: 100%
- Routes: 45.84%

Test Utilities:
- Helper functions for creating test users, streets, tasks, posts
- Test database setup and teardown
- MongoDB Memory Server configuration
- Coverage reporting with lcov

Testing Features:
- Isolated test environment (no production data pollution)
- Async/await test patterns
- Proper setup/teardown for each test
- Authentication testing with JWT tokens
- Validation testing for all routes
- Error handling verification

Scripts:
- Database seeding scripts for development
- Test data generation utilities

Dependencies:
- jest@29.7.0
- supertest@7.0.0
- mongodb-memory-server@10.1.2

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-01 10:43:20 -07:00

289 lines
7.3 KiB
JavaScript
Raw Blame History

const jwt = require('jsonwebtoken');
const auth = require('../../middleware/auth');
describe('Auth Middleware', () => {
let req, res, next;
beforeEach(() => {
req = {
header: jest.fn(),
};
res = {
status: jest.fn().mockReturnThis(),
json: jest.fn(),
};
next = jest.fn();
});
describe('Valid Token', () => {
it('should authenticate with valid token and call next()', () => {
const userId = 'user123';
const token = jwt.sign(
{ user: { id: userId } },
process.env.JWT_SECRET,
{ expiresIn: 3600 }
);
req.header.mockReturnValue(token);
auth(req, res, next);
expect(req.user).toBeDefined();
expect(req.user.id).toBe(userId);
expect(next).toHaveBeenCalled();
expect(res.status).not.toHaveBeenCalled();
expect(res.json).not.toHaveBeenCalled();
});
it('should decode token with correct user data', () => {
const userData = { id: 'user456' };
const token = jwt.sign(
{ user: userData },
process.env.JWT_SECRET,
{ expiresIn: 3600 }
);
req.header.mockReturnValue(token);
auth(req, res, next);
expect(req.user).toEqual(userData);
expect(next).toHaveBeenCalled();
});
});
describe('No Token', () => {
it('should return 401 when no token is provided', () => {
req.header.mockReturnValue(null);
auth(req, res, next);
expect(res.status).toHaveBeenCalledWith(401);
expect(res.json).toHaveBeenCalledWith({
msg: 'No token, authorization denied',
});
expect(next).not.toHaveBeenCalled();
});
it('should return 401 when token is undefined', () => {
req.header.mockReturnValue(undefined);
auth(req, res, next);
expect(res.status).toHaveBeenCalledWith(401);
expect(res.json).toHaveBeenCalledWith({
msg: 'No token, authorization denied',
});
expect(next).not.toHaveBeenCalled();
});
it('should return 401 when token is empty string', () => {
req.header.mockReturnValue('');
auth(req, res, next);
expect(res.status).toHaveBeenCalledWith(401);
expect(res.json).toHaveBeenCalledWith({
msg: 'No token, authorization denied',
});
expect(next).not.toHaveBeenCalled();
});
});
describe('Invalid Token', () => {
it('should return 401 with malformed token', () => {
req.header.mockReturnValue('invalid-token-format');
auth(req, res, next);
expect(res.status).toHaveBeenCalledWith(401);
expect(res.json).toHaveBeenCalledWith({
msg: 'Token is not valid',
});
expect(next).not.toHaveBeenCalled();
});
it('should return 401 with expired token', () => {
const expiredToken = jwt.sign(
{ user: { id: 'user123' } },
process.env.JWT_SECRET,
{ expiresIn: -1 } // Already expired
);
req.header.mockReturnValue(expiredToken);
auth(req, res, next);
expect(res.status).toHaveBeenCalledWith(401);
expect(res.json).toHaveBeenCalledWith({
msg: 'Token is not valid',
});
expect(next).not.toHaveBeenCalled();
});
it('should return 401 with token signed with wrong secret', () => {
const wrongToken = jwt.sign(
{ user: { id: 'user123' } },
'wrong-secret',
{ expiresIn: 3600 }
);
req.header.mockReturnValue(wrongToken);
auth(req, res, next);
expect(res.status).toHaveBeenCalledWith(401);
expect(res.json).toHaveBeenCalledWith({
msg: 'Token is not valid',
});
expect(next).not.toHaveBeenCalled();
});
it('should return 401 with random string token', () => {
req.header.mockReturnValue('randomstringnotajwt');
auth(req, res, next);
expect(res.status).toHaveBeenCalledWith(401);
expect(res.json).toHaveBeenCalledWith({
msg: 'Token is not valid',
});
expect(next).not.toHaveBeenCalled();
});
});
describe('Header Name', () => {
it('should check for "x-auth-token" header', () => {
req.header.mockReturnValue(null);
auth(req, res, next);
expect(req.header).toHaveBeenCalledWith('x-auth-token');
});
});
describe('Token Format', () => {
it('should accept token with Bearer prefix if properly formatted', () => {
// Note: The current middleware doesn't strip Bearer prefix
// This test verifies current behavior
const token = jwt.sign(
{ user: { id: 'user123' } },
process.env.JWT_SECRET,
{ expiresIn: 3600 }
);
const bearerToken = `Bearer ${token}`;
req.header.mockReturnValue(bearerToken);
auth(req, res, next);
// Will fail because middleware doesn't strip Bearer
expect(res.status).toHaveBeenCalledWith(401);
expect(res.json).toHaveBeenCalledWith({
msg: 'Token is not valid',
});
});
it('should accept token without Bearer prefix', () => {
const token = jwt.sign(
{ user: { id: 'user123' } },
process.env.JWT_SECRET,
{ expiresIn: 3600 }
);
req.header.mockReturnValue(token);
auth(req, res, next);
expect(next).toHaveBeenCalled();
expect(res.status).not.toHaveBeenCalled();
});
});
describe('Request Mutation', () => {
it('should add user object to request', () => {
const userId = 'user789';
const token = jwt.sign(
{ user: { id: userId } },
process.env.JWT_SECRET,
{ expiresIn: 3600 }
);
req.header.mockReturnValue(token);
expect(req.user).toBeUndefined();
auth(req, res, next);
expect(req.user).toBeDefined();
expect(req.user.id).toBe(userId);
});
it('should not modify request when token is invalid', () => {
req.header.mockReturnValue('invalid');
expect(req.user).toBeUndefined();
auth(req, res, next);
expect(req.user).toBeUndefined();
});
});
describe('Multiple Token Formats', () => {
it('should handle token with extra whitespace', () => {
const token = jwt.sign(
{ user: { id: 'user123' } },
process.env.JWT_SECRET,
{ expiresIn: 3600 }
);
// Token with leading/trailing spaces
req.header.mockReturnValue(` ${token} `);
auth(req, res, next);
// Current middleware doesn't trim, so this will fail
expect(res.status).toHaveBeenCalledWith(401);
});
});
describe('Edge Cases', () => {
it('should handle token with missing user data', () => {
const token = jwt.sign(
{ someOtherData: 'value' },
process.env.JWT_SECRET,
{ expiresIn: 3600 }
);
req.header.mockReturnValue(token);
auth(req, res, next);
// Middleware will accept token if valid, even without user field
expect(next).toHaveBeenCalled();
expect(req.user).toBeUndefined();
});
it('should handle very long tokens', () => {
const largePayload = {
user: {
id: 'user123',
data: 'x'.repeat(10000),
},
};
const token = jwt.sign(largePayload, process.env.JWT_SECRET, {
expiresIn: 3600,
});
req.header.mockReturnValue(token);
auth(req, res, next);
expect(next).toHaveBeenCalled();
expect(req.user.id).toBe('user123');
});
});
});
Reference in New Issue View Git Blame Copy Permalink