55 lines
1.5 KiB
TypeScript
55 lines
1.5 KiB
TypeScript
import { describe, it, expect, vi, beforeEach, afterEach } from "vitest";
|
|
import express, { Request, Response } from "express";
|
|
import request from "supertest";
|
|
import cookieParser from "cookie-parser";
|
|
import { requireAuth } from "../src/middleware/auth.middleware";
|
|
|
|
function buildApp() {
|
|
const app = express();
|
|
app.use(express.json());
|
|
app.use(cookieParser());
|
|
app.get("/protected", requireAuth, (_req: Request, res: Response) => {
|
|
res.json({ success: true });
|
|
});
|
|
return app;
|
|
}
|
|
|
|
describe("requireAuth middleware", () => {
|
|
beforeEach(() => {
|
|
process.env.SUPER_OAUTH_URL = "http://fake-oauth";
|
|
});
|
|
|
|
afterEach(() => {
|
|
vi.unstubAllGlobals();
|
|
delete process.env.SUPER_OAUTH_URL;
|
|
});
|
|
|
|
it("retourne 401 quand le token est invalide (SuperOAuth répond valid: false)", async () => {
|
|
vi.stubGlobal(
|
|
"fetch",
|
|
vi.fn().mockResolvedValue({
|
|
ok: true,
|
|
json: async () => ({ success: true, data: { valid: false } }),
|
|
})
|
|
);
|
|
|
|
const res = await request(buildApp())
|
|
.get("/protected")
|
|
.set("Authorization", "Bearer invalid-token");
|
|
|
|
expect(res.status).toBe(401);
|
|
expect(res.body.error).toBeDefined();
|
|
});
|
|
|
|
it("retourne 401 quand aucun cookie ni header Authorization", async () => {
|
|
const fetchMock = vi.fn();
|
|
vi.stubGlobal("fetch", fetchMock);
|
|
|
|
const res = await request(buildApp()).get("/protected");
|
|
|
|
expect(res.status).toBe(401);
|
|
expect(res.body.message).toBe("Access token required");
|
|
expect(fetchMock).not.toHaveBeenCalled();
|
|
});
|
|
});
|