1

so I am trying to test a route in my express app, and in order to do so I need to login a user before making my call. I create and save a user in the beforeEach function. Here is the test I am writing: 

it('should update username', function(done){
    var _this = this;
     req.post('/login')
      .send(_this.data)
      .then(function(res){
        req.put('/users/' + res.body.user._id)
          .send({ username: 'robert'})
          .expect(200)
          .end(function(err, res){
            if(err) return done(err);
            console.log(res.body);
            res.body.success.should.equal(true);
            res.body.user.username.should.match(/robert/);
            done();
        });
    });
 });

Here is the output I get when I run the test:

  Users
    Routes
      Authenticated
POST /login 200 195.059 ms - 142
PUT /users/568a432e1daa24083fa6778a 401 2.785 ms - 21
        1) should update username
    Unauthenticated
GET /users 401 1.502 ms - 21
      ✓ should return 401


  1 passing (516ms)
  1 failing

  1) Users Routes Authenticated should update username:
     Error: expected 200 "OK", got 401 "Unauthorized"
      at Test._assertStatus (node_modules/supertest/lib/test.js:232:12)
      at Test._assertFunction (node_modules/supertest/lib/test.js:247:11)
      at Test.assert (node_modules/supertest/lib/test.js:148:18)
      at Server.assert (node_modules/supertest/lib/test.js:127:12)
      at net.js:1273:10

I'm confused why it's responding in a 401, when the POST /login request responded with a 200.

Using Postman I am able to create a user, login as that user, and with a PUT request I am able to update the data successfuly. So, I am assuming this has something to do with the req chaining of supertest.

I have written the request chaining using both supertest-as-promised as well as just supertest.

As far as I understand the following code behaves the same as using the then() syntax:

it('should update username', function(done){
   var _this = this;
   req.post('/login')
   .send(_this.data)
   .endfunction(err, res){
      if(err) return done(err);
      req.put('/users/' + res.body.user._id)
         .send({ username: 'robert'})
         .expect(200)
         .end(function(err, res){
            if(err) return done(err);
            console.log(res.body);
            res.body.success.should.equal(true);
            res.body.user.username.should.match(/robert/);
            done();
         });
    });
});

I'm confused by what is going on here. Like I said, I can do this using Postman so I assume, this is a problem with how the request chaining is working. If you need more context I can provide more code if need be.

Dustin
  • 567
  • 2
  • 5
  • 18
  • Rather than `req` you should try using an agent `var agent = request.agent(app)` followed by `agent.get( ...)` – Joe Jan 04 '16 at 11:34
  • @Joe That's what req is. `var req = require('supertest-as-promised')(app); `. I've tried it as just `supertest` and `supertest-as-promised`, to the same effect it seems... – Dustin Jan 04 '16 at 11:36
  • Pasted some code that I use that works as answer. – Joe Jan 04 '16 at 11:40

2 Answers2

1

The solution was as simple as changing

var req = require('supertest-as-promised')(app);

To

var req = require('supertest-as-promised').agent(app);

Calling supertest.agent allows supertest to work as a web session and persist sessions, cookies, and headers while chaining the requests.

Dustin
  • 567
  • 2
  • 5
  • 18
0

Here is some of my code using the supertest agent;

/*
    Authentication tests
*/
process.env.NODE_ENV = 'test'

var should = require('should'),
    app = require('../main.js'),
    supertest = require('supertest')


describe('authentication', function(){
    // I expose the webapp (express) on an object called app that is exported from main.js
    var agent = supertest.agent(app.webapp)

    before(function(cb){

        // Create a user (I expose my models on an object called app)
        var User = app.models.User
        var adminUser = new User({
            username : 'admin',
            password : 'admin',
            role : 'admin'
        })
        adminUser.save(function(err, _admin){
            should.not.exist(err)
            should.exist(_admin)        
            cb()
        })

    })

    describe('invalid user', function(){

        it('fail to login', function(cb){

            agent.post('/api/v1/login').send({ username : 'NEONE', password : '123'}).end(function(err,res){

                should(res.status).equal(401) // Unauthorised 
                cb()
            })

        })

        it('is not logged in', function(done){

            agent.get('/api/v1/loggedin').end(function(err, res){
                res.body.should.equal('0')
                done()              
            })

        })
    })

    describe('valid user', function(){

        it('should be able to login', function(done){

            agent.post('/api/v1/login').send({ username : 'admin', password : 'admin'}).end(function(err,res){
                should(res.status).equal(200) // Authorised
                done()
            })

        })

        it('should be logged in', function(done){

            agent.get('/api/v1/loggedin').end(function(err, res){
                should.not.exist(err)
                res.status.should.equal(200)
                res.body.username.should.equal('admin')
                done()              
            })

        })

        it('should be able to logout', function(done){

            agent.get('/api/v1/logout').end(function(err, res){
                res.status.should.equal(200)
                done()
            })

        })

        it('should not be logged in', function(done){

            agent.get('/api/v1/loggedin').end(function(err, res){
                res.body.should.equal('0')
                done()              
            })

        })

    })

})
Joe
  • 1,455
  • 2
  • 19
  • 36
  • The way I am writing my tests, I create a user in my test database in the `beforeEach`, and drop the collection in `afterEach`. Each one of my tests are independent of another. I'm obviously being logged in, since the first request is returning a `user` object. – Dustin Jan 04 '16 at 11:52
  • I think you may need to explicitly call `supertest.agent` to have supertest behave as a web session rather than making repeated anonymous calls to the server. I.e, I am not sure that you are retaining the response headers, cookies etc. – Joe Jan 04 '16 at 11:58
  • I.e, I often use. `adminUser = supertest.agent(app)` and `regularUser= supertest.agent(app)`. Then make requests with these two different agents that independently store session data. – Joe Jan 04 '16 at 12:00
  • Just had a quick search.. this question has some answers that explain it much better http://stackoverflow.com/questions/14001183/how-to-authenticate-supertest-requests-with-passport?rq=1 – Joe Jan 04 '16 at 12:07
  • Wow, I am an idiot. Your original comment on the question was correct, I thought i was calling `agent`, but I wasn't. Can't believe I misread that. Maybe I should sleep. Thanks for the help Joe. – Dustin Jan 04 '16 at 12:13
  • Pleasure. My answer lacks clarity so perhaps it would be worth adding your own and accepting that in case anyone else stumbles upon this. – Joe Jan 04 '16 at 12:15