import passport from 'passport';import jwt from 'jsonwebtoken';import

1. import passport from 'passport';
2. import jwt from 'jsonwebtoken';
3. import expressJwt from 'express-jwt';
4. import compose from 'composable-middleware';
5.  
6. import User from '../apis/user/user.model';
7. import config from '../../config/app';
8.  
9. const validateJwt = expressJwt({
10. secret: config.auth.secret
11. });
12.  
13. export function signToken(id, role) {
14. return jwt.sign({ id, role }, config.auth.secret, {
15. expiresIn: config.auth.expiresIn
16. });
17. }
18.  
19. export function setTokenCookie(req, res) {
20. if (!req.user)
21. return res.status(404)
22. .json({
23. message: "It looks like you aren't logged in, please try again"
24. });
25.  
26. const token = signToken(req.user.id, req.user.role);
27. res.cookie('token', token);
28. res.redirect('/');
29. }
30.  
31. export function isAuthenticated() {
32. return compose()
33. .use((req, res, next) => validateJwt(req, res, next))
34. .use((req, res, next) => {
35. User.get(req.user.id)
36. .then(user => {
37. req.user = user;
38. next();
39. }, () => {
40. return res.status(404).json({
41. message: 'User not found, please try to login again'
42. });
43. })
44. .catch(err => next(err));
45. });
46. }
47.  
48. export function hasRole(role) {
49. return compose()
50. .use(isAuthenticated())
51. .use((req, res, next) => {
52. if (req.user.role === role) {
53. next();
54. } else {
55. res.status(403).json({
56. message: "You don't have the right privilege to access this resource"
57. });
58. }
59. });
60. }
61.  
62. import request from 'supertest';
63.  
64. import app from '../main';
65. import User from '../apis/user/user.model';
66. import { hasRole } from './auth.service';
67.  
68. describe('Auth Service', () => {
69. let user, admin;
70.  
71. before(done => {
72. const _user = {
73. username: 'user',
74. email: 'user@user.com',
75. password: 'user'
76. };
77.  
78. const _admin = {
79. username: 'admin',
80. email: 'admin@admin.com',
81. password: 'admin',
82. role: 'admin'
83. };
84.  
85. User.delete().execute()
86. .then(() => {
87. return User.save([_user, _admin]);
88. })
89. .then(users => {
90. user = users[0];
91. admin = users[1];
92.  
93. done();
94. });
95. });
96.  
97. after(done => {
98. User.delete().execute()
99. .then(() => done());
100. });
101.  
102. describe('hasRole', () => {
103.  
104. it('should call res.status with 403 and send message if the user does not have the right access', done => {
105. const token = signToken(user.id, user.role);
106. const reqStub = {
107. headers: {
108. authorization: `Bearer ${token}`
109. }
110. };
111.  
112. const statusSpy = spy();
113. const jsonSpy = spy();
114.  
115. const resStub = {
116. status(statusCode) {
117. statusSpy(statusCode);
118.  
119. return {
120. json: jsonSpy
121. };
122. }
123. };
124.  
125. const nextSpy = spy();
126.  
127. Object.observe(statusSpy, changes => {
128. if (changes[0].name === 'called') {
129. expect(statusSpy.args[0][0]).to.equal(403);
130.  
131. expect(jsonSpy).to.have.been.calledOnce;
132. expect(jsonSpy.args[0][0].message).to.equal("You don't have the right privilege to access this resource");
133.  
134. done();
135. }
136. });
137.  
138. hasRole('admin')(reqStub, resStub, nextSpy);
139.  
140. // This particular test sometimes does not work
141. // This setTimeout is just a reminder
142. setTimeout(() => {
143. done(new Error('Sometimes this does not work, please investigate'));
144. }, 1500);
145. });
146. });
147. });