loopback/test/rest.middleware.test.js

describe('loopback.rest', function() {
  beforeEach(function() {
    app.dataSource('db', { connector: loopback.Memory });
  });

  it('works out-of-the-box', function(done) {
    app.model('MyModel', { dataSource: 'db' });
    app.use(loopback.rest());
    request(app).get('/mymodels')
      .expect(200)
      .end(done);
  });

  it('includes loopback.token when necessary', function(done) {
    givenUserModelWithAuth();
    app.enableAuth();
    app.use(loopback.rest());

    givenLoggedInUser(function(err, token) {
      if (err) return done(err);
      expect(token).instanceOf(app.models.accessToken);
      request(app).get('/users/' + token.userId)
        .set('Authorization', token.id)
        .expect(200)
        .end(done);
    });
  });

  it('does not include loopback.token when auth not enabled', function(done) {
    var User = givenUserModelWithAuth();
    User.getToken = function(req, cb) {
      cb(null, req.accessToken ? req.accessToken.id : null);
    };
    loopback.remoteMethod(User.getToken, {
      accepts: [{ type: 'object', http: { source: 'req' } }],
      returns: [{ type: 'object', name: 'id' }]
    });

    app.use(loopback.rest());
    givenLoggedInUser(function(err, token) {
      if (err) return done(err);
      request(app).get('/users/getToken')
        .set('Authorization', token.id)
        .expect(200)
        .end(function(err, res) {
          if (err) return done(err);
          expect(res.body.id).to.equal(null);
          done();
        });
    });
  });

  function givenUserModelWithAuth() {
    // NOTE(bajtos) It is important to create a custom AccessToken model here,
    // in order to overwrite the entry created by previous tests in
    // the global model registry
    app.model('accessToken', {
      options: {
        base: 'AccessToken'
      },
      dataSource: 'db'
    });
    return app.model('user', {
      options: {
        base: 'User',
        relations: {
          accessTokens: {
            model: 'accessToken',
            type: 'hasMany',
            foreignKey: 'userId'
          }
        }
      },
      dataSource: 'db'
    });
  }
  function givenLoggedInUser(cb) {
    var credentials = { email: 'user@example.com', password: 'pwd' };
    var User = app.models.user;
    User.create(credentials,
      function(err, user) {
        if (err) return done(err);
        User.login(credentials, cb);
      });
  }
});
Modify `loopback.rest` to include `loopback.token` Make `loopback.rest` self-contained, so that authentication works out of the box. var app = loopback(); app.enableAuth(); app.use(loopback.rest()); Note that cookie parsing middleware is not added, users have to explicitly configure that if they want to store access tokens in cookies. Modify `loopback.token` to skip token lookup when the request already contains `accessToken` property. This is in line with other connect-based middleware like `cookieParser` or `json`. 2014-02-04 15:17:32 +00:00			`describe('loopback.rest', function() {`
			`beforeEach(function() {`
			`app.dataSource('db', { connector: loopback.Memory });`
			`});`

			`it('works out-of-the-box', function(done) {`
			`app.model('MyModel', { dataSource: 'db' });`
			`app.use(loopback.rest());`
			`request(app).get('/mymodels')`
			`.expect(200)`
			`.end(done);`
			`});`

			`it('includes loopback.token when necessary', function(done) {`
			`givenUserModelWithAuth();`
			`app.enableAuth();`
			`app.use(loopback.rest());`

			`givenLoggedInUser(function(err, token) {`
			`if (err) return done(err);`
			`expect(token).instanceOf(app.models.accessToken);`
			`request(app).get('/users/' + token.userId)`
			`.set('Authorization', token.id)`
			`.expect(200)`
			`.end(done);`
			`});`
			`});`

			`it('does not include loopback.token when auth not enabled', function(done) {`
			`var User = givenUserModelWithAuth();`
			`User.getToken = function(req, cb) {`
			`cb(null, req.accessToken ? req.accessToken.id : null);`
			`};`
			`loopback.remoteMethod(User.getToken, {`
			`accepts: [{ type: 'object', http: { source: 'req' } }],`
			`returns: [{ type: 'object', name: 'id' }]`
			`});`

			`app.use(loopback.rest());`
			`givenLoggedInUser(function(err, token) {`
			`if (err) return done(err);`
			`request(app).get('/users/getToken')`
			`.set('Authorization', token.id)`
			`.expect(200)`
			`.end(function(err, res) {`
			`if (err) return done(err);`
			`expect(res.body.id).to.equal(null);`
			`done();`
			`});`
			`});`
			`});`

			`function givenUserModelWithAuth() {`
			`// NOTE(bajtos) It is important to create a custom AccessToken model here,`
			`// in order to overwrite the entry created by previous tests in`
			`// the global model registry`
			`app.model('accessToken', {`
			`options: {`
			`base: 'AccessToken'`
			`},`
			`dataSource: 'db'`
			`});`
			`return app.model('user', {`
			`options: {`
			`base: 'User',`
			`relations: {`
			`accessTokens: {`
			`model: 'accessToken',`
			`type: 'hasMany',`
			`foreignKey: 'userId'`
			`}`
			`}`
			`},`
			`dataSource: 'db'`
			`});`
			`}`
			`function givenLoggedInUser(cb) {`
			`var credentials = { email: 'user@example.com', password: 'pwd' };`
			`var User = app.models.user;`
			`User.create(credentials,`
			`function(err, user) {`
			`if (err) return done(err);`
			`User.login(credentials, cb);`
			`});`
			`}`
			`});`