Express middleware testing
27 Feb, 2020
👋 FYI, this note is over 6 months old. Some of the content may be out of date.
import reqresnext from 'reqresnext'
import { userIdChecker } from './userIdMiddleware'
const DOMAIN = 'https://example.com'
const VALID_USER_ID = '103003'
const jwtToken =
'eyJraWQiOiI1WFwvUjdxdEdoeWxcLzNYcnY5SXFiWFwvWEhEKytvb2p0TXhBNDhZRzVERVlZPSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiJhNTdjMmM1YS1hNmMyLTQzZGYtYjJiMS04YmU1ZTA1YzI1NzMiLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwiaXNzIjoiaHR0cHM6XC9cL2NvZ25pdG8taWRwLmV1LXdlc3QtMi5hbWF6b25hd3MuY29tXC9ldS13ZXN0LTJfUDZVMkhmNTZ5IiwiY3VzdG9tOnVzZXJfaWQiOiIxMDMwMDMiLCJjb2duaXRvOnVzZXJuYW1lIjoiYTU3YzJjNWEtYTZjMi00M2RmLWIyYjEtOGJlNWUwNWMyNTczIiwiY3VzdG9tOmlzX2FkbWluIjoiZmFsc2UiLCJhdWQiOiIyZ3FpaWlrdGQwNXFibm1jdmluODV2Zm0yZCIsImV2ZW50X2lkIjoiZDFmMjI4ZWYtMjE0Yi00NmE2LTljMjQtZWZjYTNhNDM1NzQxIiwidG9rZW5fdXNlIjoiaWQiLCJhdXRoX3RpbWUiOjE1NjM0NDgzMTksImV4cCI6MTU2MzQ1MjUzOSwiaWF0IjoxNTYzNDQ4OTM5LCJlbWFpbCI6ImhpK2RpenpsZUB6YW5kZXIud3RmIn0.gAelFt52A-84nkTMjuJ1_0SLSGUNQJgMnPPhci2zeLM0j2g4fCK12tVHbWbRq1yFeJ8LyRpobCq0CyNfDGechYqbnt91owaBDQzZNySdb0Edsfbxoq-JkgGbCJWCTddW9YxDzupZ4IjnYlfQlk6yH0bAzUH0WmACu22pLSk1isDJO8YiPvjtAN10calUkP7O4i0wTMNXXikh4UVylqfJCP4C-6XvJxG8x_UELyVB38N4Vti4aeUOpMjxii6bLxu2fvtCvQIlZJhRBjtHxKb3pWeVxldPMYpEeGrhgW6IiOgGdinGRsM0ENM0EtSrkvJpxCcnmWXjHWQBJsUJqxVD2w'
describe('Given a userIdChecker middleware', () => {
describe(`when it is called with matching userId's`, () => {
describe('when the request has a user_id as a query param', () => {
it('should not modify the request', () => {
const originalRequest = `${DOMAIN}/api/fx-api/user/103003?user_id=103003`
const path = `/api/fx-api/user/${VALID_USER_ID}?user_id=${VALID_USER_ID}`
const { req, res, next } = reqresnext({
url: `${DOMAIN}${path}`,
originalUrl: `${DOMAIN}${path}`,
path,
cookies: {
jwt_id_token: jwtToken,
},
})
userIdChecker(req, res, next)
expect(req.url).toEqual(originalRequest)
})
})
describe('when the request has a userId in the request body', () => {
it('should not modify the request', () => {
const path = `/api/fx-api/user/${VALID_USER_ID}`
const { req, res, next } = reqresnext({
url: `${DOMAIN}${path}`,
originalUrl: `${DOMAIN}${path}`,
path,
cookies: {
jwt_id_token: jwtToken,
},
body: {
userId: VALID_USER_ID,
},
})
userIdChecker(req, res, next)
expect(req.body.userId).toEqual(VALID_USER_ID)
})
})
})
describe(`when it is called with mismatching userId's`, () => {
const WRONG_USER_ID = '12345'
it('should forbid the API call', () => {
const originalRequest = `${DOMAIN}/api/fx-api/user/103003?user_id=${WRONG_USER_ID}`
const path = `/api/fx-api/user/${VALID_USER_ID}?user_id=${WRONG_USER_ID}`
const { req, res, next } = reqresnext({
url: `${DOMAIN}${path}`,
originalUrl: `${DOMAIN}${path}`,
path,
cookies: {
jwt_id_token: jwtToken,
},
})
userIdChecker(req, res, next)
expect(req.url).toEqual(originalRequest)
expect(res.statusCode).toEqual(403)
expect(JSON.parse(res.body)).toEqual({ message: 'Forbidden' })
})
describe('when the request has a userId in the request body', () => {
it('should forbid the API call', () => {
const path = `/api/fx-api/user/${VALID_USER_ID}`
const { req, res, next } = reqresnext({
url: `${DOMAIN}${path}`,
originalUrl: `${DOMAIN}${path}`,
path,
cookies: {
jwt_id_token: jwtToken,
},
body: {
userId: WRONG_USER_ID,
},
})
userIdChecker(req, res, next)
expect(res.statusCode).toEqual(403)
expect(JSON.parse(res.body)).toEqual({ message: 'Forbidden' })
})
})
})
})
← Back home