codecombat/test/server/functional/auth.spec.coffee

require '../common'
request = require 'request'

urlLogin = getURL('/auth/login')
urlReset = getURL('/auth/reset')

describe '/auth/whoami', ->
  http = require 'http'
  it 'returns 200', (done) ->
    http.get(getURL('/auth/whoami'), (response) ->
      expect(response).toBeDefined()
      expect(response.statusCode).toBe(200)
      done()
    )

describe '/auth/login', ->

  it 'clears Users first', (done) ->
    User.remove {}, (err) ->
      request.get getURL('/auth/whoami'), ->
        throw err if err
        done()

  it 'finds no user', (done) ->
    req = request.post(urlLogin, (error, response) ->
      expect(response).toBeDefined()
      expect(response.statusCode).toBe(401)
      done()
    )
    form = req.form()
    form.append('username', 'scott@gmail.com')
    form.append('password', 'nada')

  it 'creates a user', (done) ->
    req = request.post(getURL('/db/user'),
      (error, response) ->
        expect(response).toBeDefined()
        expect(response.statusCode).toBe(200)
        done()
    )
    form = req.form()
    form.append('email', 'scott@gmail.com')
    form.append('password', 'nada')

  it 'finds that created user', (done) ->
    req = request.post(urlLogin, (error, response) ->
      expect(response).toBeDefined()
      expect(response.statusCode).toBe(200)
      done()
    )
    form = req.form()
    form.append('username', 'scott@gmail.com')
    form.append('password', 'nada')

  it 'rejects wrong passwords', (done) ->
    req = request.post(urlLogin, (error, response) ->
      expect(response.statusCode).toBe(401)
      expect(response.body.indexOf("wrong, wrong")).toBeGreaterThan(-1)
      done()
    )
    form = req.form()
    form.append('username', 'scott@gmail.com')
    form.append('password', 'blahblah')

  it 'is completely case insensitive', (done) ->
    req = request.post(urlLogin, (error, response) ->
      expect(response.statusCode).toBe(200)
      done()
    )
    form = req.form()
    form.append('username', 'scoTT@gmaIL.com')
    form.append('password', 'NaDa')


describe '/auth/reset', ->
  passwordReset = ''

  it 'emails require', (done) ->
    req = request.post(urlReset, (error, response) ->
      expect(response).toBeDefined()
      expect(response.statusCode).toBe(422)
      done()
    )
    form = req.form()
    form.append('username', 'scott@gmail.com')

  it 'can\'t reset an unknow user', (done) ->
    req = request.post(urlReset, (error, response) ->
      expect(response).toBeDefined()
      expect(response.statusCode).toBe(404)
      done()
    )
    form = req.form()
    form.append('email', 'unknow')

  it 'resets user password', (done) ->
    req = request.post(urlReset, (error, response) ->
      expect(response).toBeDefined()
      console.log 'status code is', response.statusCode
      expect(response.statusCode).toBe(200)
      expect(response.body).toBeDefined()
      passwordReset = response.body
      done()
    )
    form = req.form()
    form.append('email', 'scott@gmail.com')

  it 'can login after resetting', (done) ->
    req = request.post(urlLogin, (error, response) ->
      expect(response).toBeDefined()
      expect(response.statusCode).toBe(200)
      done()
    )
    form = req.form()
    form.append('username', 'scott@gmail.com')
    form.append('password', passwordReset)

  it 'resetting password is not permanent', (done) ->
    req = request.post(urlLogin, (error, response) ->
      expect(response).toBeDefined()
      expect(response.statusCode).toBe(401)
      done()
    )
    form = req.form()
    form.append('username', 'scott@gmail.com')
    form.append('password', passwordReset)


  it 'can still login with old password', (done) ->
    req = request.post(urlLogin, (error, response) ->
      expect(response).toBeDefined()
      expect(response.statusCode).toBe(200)
      done()
    )
    form = req.form()
    form.append('username', 'scott@gmail.com')
    form.append('password', 'nada')
refactor server test folder 2014-02-03 15:55:09 -05:00			`require '../common'`
add server auth test (reset password) 2014-02-02 18:02:47 -05:00			`request = require 'request'`

			`urlLogin = getURL('/auth/login')`
			`urlReset = getURL('/auth/reset')`
Ready for action, sir! 2014-01-03 13:32:13 -05:00
			`describe '/auth/whoami', ->`
			`http = require 'http'`
			`it 'returns 200', (done) ->`
			`http.get(getURL('/auth/whoami'), (response) ->`
			`expect(response).toBeDefined()`
			`expect(response.statusCode).toBe(200)`
			`done()`
			`)`

			`describe '/auth/login', ->`

			`it 'clears Users first', (done) ->`
			`User.remove {}, (err) ->`
Made the server resistant to req.user being undefined sometimes. 2014-02-24 23:27:38 -05:00			`request.get getURL('/auth/whoami'), ->`
			`throw err if err`
			`done()`
Ready for action, sir! 2014-01-03 13:32:13 -05:00
			`it 'finds no user', (done) ->`
add server auth test (reset password) 2014-02-02 18:02:47 -05:00			`req = request.post(urlLogin, (error, response) ->`
Ready for action, sir! 2014-01-03 13:32:13 -05:00			`expect(response).toBeDefined()`
			`expect(response.statusCode).toBe(401)`
			`done()`
			`)`
			`form = req.form()`
			`form.append('username', 'scott@gmail.com')`
			`form.append('password', 'nada')`

			`it 'creates a user', (done) ->`
			`req = request.post(getURL('/db/user'),`
			`(error, response) ->`
			`expect(response).toBeDefined()`
			`expect(response.statusCode).toBe(200)`
			`done()`
			`)`
			`form = req.form()`
			`form.append('email', 'scott@gmail.com')`
			`form.append('password', 'nada')`

			`it 'finds that created user', (done) ->`
add server auth test (reset password) 2014-02-02 18:02:47 -05:00			`req = request.post(urlLogin, (error, response) ->`
Ready for action, sir! 2014-01-03 13:32:13 -05:00			`expect(response).toBeDefined()`
			`expect(response.statusCode).toBe(200)`
			`done()`
			`)`
			`form = req.form()`
			`form.append('username', 'scott@gmail.com')`
			`form.append('password', 'nada')`

			`it 'rejects wrong passwords', (done) ->`
add server auth test (reset password) 2014-02-02 18:02:47 -05:00			`req = request.post(urlLogin, (error, response) ->`
Ready for action, sir! 2014-01-03 13:32:13 -05:00			`expect(response.statusCode).toBe(401)`
			`expect(response.body.indexOf("wrong, wrong")).toBeGreaterThan(-1)`
			`done()`
			`)`
			`form = req.form()`
			`form.append('username', 'scott@gmail.com')`
			`form.append('password', 'blahblah')`

			`it 'is completely case insensitive', (done) ->`
add server auth test (reset password) 2014-02-02 18:02:47 -05:00			`req = request.post(urlLogin, (error, response) ->`
Ready for action, sir! 2014-01-03 13:32:13 -05:00			`expect(response.statusCode).toBe(200)`
			`done()`
			`)`
			`form = req.form()`
			`form.append('username', 'scoTT@gmaIL.com')`
add server auth test (reset password) 2014-02-02 18:02:47 -05:00			`form.append('password', 'NaDa')`


			`describe '/auth/reset', ->`
			`passwordReset = ''`

			`it 'emails require', (done) ->`
			`req = request.post(urlReset, (error, response) ->`
			`expect(response).toBeDefined()`
			`expect(response.statusCode).toBe(422)`
			`done()`
			`)`
			`form = req.form()`
			`form.append('username', 'scott@gmail.com')`

			`it 'can\'t reset an unknow user', (done) ->`
			`req = request.post(urlReset, (error, response) ->`
			`expect(response).toBeDefined()`
			`expect(response.statusCode).toBe(404)`
			`done()`
			`)`
			`form = req.form()`
			`form.append('email', 'unknow')`

Made the server resistant to req.user being undefined sometimes. 2014-02-24 23:27:38 -05:00			`it 'resets user password', (done) ->`
add server auth test (reset password) 2014-02-02 18:02:47 -05:00			`req = request.post(urlReset, (error, response) ->`
			`expect(response).toBeDefined()`
Made the server resistant to req.user being undefined sometimes. 2014-02-24 23:27:38 -05:00			`console.log 'status code is', response.statusCode`
add server auth test (reset password) 2014-02-02 18:02:47 -05:00			`expect(response.statusCode).toBe(200)`
			`expect(response.body).toBeDefined()`
			`passwordReset = response.body`
			`done()`
			`)`
			`form = req.form()`
			`form.append('email', 'scott@gmail.com')`

			`it 'can login after resetting', (done) ->`
			`req = request.post(urlLogin, (error, response) ->`
			`expect(response).toBeDefined()`
			`expect(response.statusCode).toBe(200)`
			`done()`
			`)`
			`form = req.form()`
			`form.append('username', 'scott@gmail.com')`
			`form.append('password', passwordReset)`

			`it 'resetting password is not permanent', (done) ->`
			`req = request.post(urlLogin, (error, response) ->`
			`expect(response).toBeDefined()`
			`expect(response.statusCode).toBe(401)`
			`done()`
			`)`
			`form = req.form()`
			`form.append('username', 'scott@gmail.com')`
			`form.append('password', passwordReset)`


			`it 'can still login with old password', (done) ->`
			`req = request.post(urlLogin, (error, response) ->`
			`expect(response).toBeDefined()`
			`expect(response.statusCode).toBe(200)`
			`done()`
			`)`
			`form = req.form()`
			`form.append('username', 'scott@gmail.com')`
			`form.append('password', 'nada')`