loopback/test/rest.middleware.test.js

describe('loopback.rest', function() {
  var MyModel;
  beforeEach(function() {
    var ds = app.dataSource('db', { connector: loopback.Memory });
    MyModel = ds.createModel('MyModel', {name: String});
    loopback.autoAttach();
  });

  it('works out-of-the-box', function(done) {
    app.model(MyModel);
    app.use(loopback.rest());
    request(app).get('/mymodels')
      .expect(200)
      .end(done);
  });

  it('should report 404 for GET /:id not found', function(done) {
    app.model(MyModel);
    app.use(loopback.rest());
    request(app).get('/mymodels/1')
      .expect(404)
      .end(function(err, res) {
        if (err) {
          return done(err);
        }
        var errorResponse = res.body.error;
        assert(errorResponse);
        assert.equal(errorResponse.code, 'MODEL_NOT_FOUND');
        done();
      });
  });

  it('should report 404 for HEAD /:id not found', function(done) {
    app.model(MyModel);
    app.use(loopback.rest());
    request(app).head('/mymodels/1')
      .expect(404)
      .end(done);
  });

  it('should report 200 for GET /:id/exists not found', function(done) {
    app.model(MyModel);
    app.use(loopback.rest());
    request(app).get('/mymodels/1/exists')
      .expect(200)
      .end(function(err, res) {
        if (err) return done(err);
        expect(res.body).to.eql({exists: false});
        done();
      });
  });

  it('should report 200 for GET /:id found', function(done) {
    app.model(MyModel);
    app.use(loopback.rest());
    MyModel.create({name: 'm1'}, function(err, inst) {
      request(app).get('/mymodels/' + inst.id)
        .expect(200)
        .end(done);
    });
  });

  it('should report 200 for HEAD /:id found', function(done) {
    app.model(MyModel);
    app.use(loopback.rest());
    MyModel.create({name: 'm2'}, function(err, inst) {
      request(app).head('/mymodels/' + inst.id)
        .expect(200)
        .end(done);
    });
  });

  it('should report 200 for GET /:id/exists found', function(done) {
    app.model(MyModel);
    app.use(loopback.rest());
    MyModel.create({name: 'm2'}, function(err, inst) {
      request(app).get('/mymodels/' + inst.id + '/exists')
        .expect(200)
        .end(function(err, res) {
          if (err) return done(err);
          expect(res.body).to.eql({exists: true});
          done();
        });
    });
  });

  it('should honour `remoting.rest.supportedTypes`', function(done) {
    var app = loopback();

    // NOTE it is crucial to set `remoting` before creating any models
    var supportedTypes = ['json', 'application/javascript', 'text/javascript'];
    app.set('remoting', { rest: { supportedTypes: supportedTypes } });

    app.model(MyModel);
    app.use(loopback.rest());

    request(app).get('/mymodels')
      .set('Accept', 'text/html,application/xml;q= 0.9,*/*;q= 0.8')
      .expect('Content-Type', 'application/json; charset=utf-8')
      .expect(200, done);
  });

  it('allows models to provide a custom HTTP path', function(done) {
    var ds = app.dataSource('db', { connector: loopback.Memory });
    var CustomModel = ds.createModel('CustomModel',
      { name: String },
      { http: { 'path': 'domain1/CustomModelPath' }
    });

    app.model(CustomModel);
    app.use(loopback.rest());

    request(app).get('/domain1/CustomModelPath').expect(200).end(done);
  });

  it('should report 200 for url-encoded HTTP path', function(done) {
    var ds = app.dataSource('db', { connector: loopback.Memory });
    var CustomModel = ds.createModel('CustomModel',
      { name: String },
      { http: { path: 'domain%20one/CustomModelPath' }
    });

    app.model(CustomModel);
    app.use(loopback.rest());

    request(app).get('/domain%20one/CustomModelPath').expect(200).end(done);
  });

  it('includes loopback.token when necessary', function(done) {
    givenUserModelWithAuth();
    app.enableAuth();
    app.use(loopback.rest());

    givenLoggedInUser(function(err, token) {
      if (err) return done(err);
      expect(token).instanceOf(app.models.accessToken);
      request(app).get('/users/' + token.userId)
        .set('Authorization', token.id)
        .expect(200)
        .end(done);
    }, done);
  });

  it('does not include loopback.token when auth not enabled', function(done) {
    var User = givenUserModelWithAuth();
    User.getToken = function(req, cb) {
      cb(null, req.accessToken ? req.accessToken.id : null);
    };
    loopback.remoteMethod(User.getToken, {
      accepts: [{ type: 'object', http: { source: 'req' } }],
      returns: [{ type: 'object', name: 'id' }]
    });

    app.use(loopback.rest());
    givenLoggedInUser(function(err, token) {
      if (err) return done(err);
      request(app).get('/users/getToken')
        .set('Authorization', token.id)
        .expect(200)
        .end(function(err, res) {
          if (err) return done(err);
          expect(res.body.id).to.equal(null);
          done();
        });
    }, done);
  });

  it('should report 200 for legacy explorer route /routes', function(done) {
    app.use(loopback.rest());
    request(app).get('/routes')
      .expect(200)
      .end(function(err, res) {
        if (err) return done(err);
        expect(res.body).to.eql([]);
        done();
      });
  });

  it('should report 200 for legacy explorer route /models', function(done) {
    app.use(loopback.rest());
    request(app).get('/models')
      .expect(200)
      .end(function(err, res) {
        if (err) return done(err);
        expect(res.body).to.eql({});
        done();
      });
  });

  it('should report 404 for disabled legacy explorer route /routes', function(done) {
    app.set('legacyExplorer', false);
    app.use(loopback.rest());
    request(app).get('/routes')
      .expect(404)
      .end(done);
  });

  it('should report 404 for disabled legacy explorer route /models', function(done) {
    app.set('legacyExplorer', false);
    app.use(loopback.rest());
    request(app).get('/models')
      .expect(404)
      .end(done);
  });

  describe('context propagation', function() {
    var User;

    beforeEach(function() {
      User = givenUserModelWithAuth();
      User.getToken = function(cb) {
        var context = loopback.getCurrentContext();
        var req = context.get('http').req;
        expect(req).to.have.property('accessToken');

        var juggler = require('loopback-datasource-juggler');
        expect(juggler.getCurrentContext().get('http').req)
          .to.have.property('accessToken');

        var remoting = require('strong-remoting');
        expect(remoting.getCurrentContext().get('http').req)
          .to.have.property('accessToken');

        cb(null, req && req.accessToken ? req.accessToken.id : null);
      };
      // Set up the ACL
      User.settings.acls.push({principalType: 'ROLE',
        principalId: '$authenticated', permission: 'ALLOW',
        property: 'getToken'});

      loopback.remoteMethod(User.getToken, {
        accepts: [],
        returns: [
          { type: 'object', name: 'id' }
        ]
      });
    });

    function invokeGetToken(done) {
      givenLoggedInUser(function(err, token) {
        if (err) return done(err);
        request(app).get('/users/getToken')
          .set('Authorization', token.id)
          .expect(200)
          .end(function(err, res) {
            if (err) return done(err);
            expect(res.body.id).to.equal(token.id);
            done();
          });
      });
    }

    it('should enable context using loopback.context', function(done) {
      app.use(loopback.context({ enableHttpContext: true }));
      app.enableAuth();
      app.use(loopback.rest());

      invokeGetToken(done);
    });

    it('should enable context with loopback.rest', function(done) {
      app.enableAuth();
      app.set('remoting', { context: { enableHttpContext: true } });
      app.use(loopback.rest());

      invokeGetToken(done);
    });

    it('should support explicit context', function(done) {
      app.enableAuth();
      app.use(loopback.context());
      app.use(loopback.token(
        { model: loopback.getModelByType(loopback.AccessToken) }));
      app.use(function(req, res, next) {
        loopback.getCurrentContext().set('accessToken', req.accessToken);
        next();
      });
      app.use(loopback.rest());

      User.getToken = function(cb) {
        var context = loopback.getCurrentContext();
        var accessToken = context.get('accessToken');
        expect(context.get('accessToken')).to.have.property('id');

        var juggler = require('loopback-datasource-juggler');
        context = juggler.getCurrentContext();
        expect(context.get('accessToken')).to.have.property('id');

        var remoting = require('strong-remoting');
        context = remoting.getCurrentContext();
        expect(context.get('accessToken')).to.have.property('id');

        cb(null, accessToken ? accessToken.id : null);
      };

      loopback.remoteMethod(User.getToken, {
        accepts: [],
        returns: [
          { type: 'object', name: 'id' }
        ]
      });

      invokeGetToken(done);
    });
  });

  function givenUserModelWithAuth() {
    // NOTE(bajtos) It is important to create a custom AccessToken model here,
    // in order to overwrite the entry created by previous tests in
    // the global model registry
    app.model('accessToken', {
      options: {
        base: 'AccessToken'
      },
      dataSource: 'db'
    });
    return app.model('user', {
      options: {
        base: 'User',
        relations: {
          accessTokens: {
            model: 'accessToken',
            type: 'hasMany',
            foreignKey: 'userId'
          }
        }
      },
      dataSource: 'db'
    });
  }
  function givenLoggedInUser(cb, done) {
    var credentials = { email: 'user@example.com', password: 'pwd' };
    var User = app.models.user;
    User.create(credentials,
      function(err, user) {
        if (err) return done(err);
        User.login(credentials, cb);
      });
  }
});
Modify `loopback.rest` to include `loopback.token` Make `loopback.rest` self-contained, so that authentication works out of the box. var app = loopback(); app.enableAuth(); app.use(loopback.rest()); Note that cookie parsing middleware is not added, users have to explicitly configure that if they want to store access tokens in cookies. Modify `loopback.token` to skip token lookup when the request already contains `accessToken` property. This is in line with other connect-based middleware like `cookieParser` or `json`. 2014-02-04 15:17:32 +00:00			`describe('loopback.rest', function() {`
Expose Model.exists over HTTP HEAD 2014-07-31 04:57:45 +00:00			`var MyModel;`
Modify `loopback.rest` to include `loopback.token` Make `loopback.rest` self-contained, so that authentication works out of the box. var app = loopback(); app.enableAuth(); app.use(loopback.rest()); Note that cookie parsing middleware is not added, users have to explicitly configure that if they want to store access tokens in cookies. Modify `loopback.token` to skip token lookup when the request already contains `accessToken` property. This is in line with other connect-based middleware like `cookieParser` or `json`. 2014-02-04 15:17:32 +00:00			`beforeEach(function() {`
Expose Model.exists over HTTP HEAD 2014-07-31 04:57:45 +00:00			`var ds = app.dataSource('db', { connector: loopback.Memory });`
			`MyModel = ds.createModel('MyModel', {name: String});`
test: remove global autoAttach 2015-04-07 11:43:26 +00:00			`loopback.autoAttach();`
Modify `loopback.rest` to include `loopback.token` Make `loopback.rest` self-contained, so that authentication works out of the box. var app = loopback(); app.enableAuth(); app.use(loopback.rest()); Note that cookie parsing middleware is not added, users have to explicitly configure that if they want to store access tokens in cookies. Modify `loopback.token` to skip token lookup when the request already contains `accessToken` property. This is in line with other connect-based middleware like `cookieParser` or `json`. 2014-02-04 15:17:32 +00:00			`});`

			`it('works out-of-the-box', function(done) {`
Expose Model.exists over HTTP HEAD 2014-07-31 04:57:45 +00:00			`app.model(MyModel);`
Modify `loopback.rest` to include `loopback.token` Make `loopback.rest` self-contained, so that authentication works out of the box. var app = loopback(); app.enableAuth(); app.use(loopback.rest()); Note that cookie parsing middleware is not added, users have to explicitly configure that if they want to store access tokens in cookies. Modify `loopback.token` to skip token lookup when the request already contains `accessToken` property. This is in line with other connect-based middleware like `cookieParser` or `json`. 2014-02-04 15:17:32 +00:00			`app.use(loopback.rest());`
			`request(app).get('/mymodels')`
			`.expect(200)`
			`.end(done);`
			`});`

Expose Model.exists over HTTP HEAD 2014-07-31 04:57:45 +00:00			`it('should report 404 for GET /:id not found', function(done) {`
			`app.model(MyModel);`
			`app.use(loopback.rest());`
			`request(app).get('/mymodels/1')`
			`.expect(404)`
Add error code property to known error responses. Enhance the error objects with a `code` property containing a machine-readable string code describing the error, for example INVALID_TOKEN or USER_NOT_FOUND. Also improve 404 error messages to include the model name. 2014-12-18 20:26:27 +00:00			`.end(function(err, res) {`
			`if (err) {`
			`return done(err);`
			`}`
			`var errorResponse = res.body.error;`
			`assert(errorResponse);`
			`assert.equal(errorResponse.code, 'MODEL_NOT_FOUND');`
			`done();`
			`});`
Expose Model.exists over HTTP HEAD 2014-07-31 04:57:45 +00:00			`});`

			`it('should report 404 for HEAD /:id not found', function(done) {`
			`app.model(MyModel);`
			`app.use(loopback.rest());`
			`request(app).head('/mymodels/1')`
			`.expect(404)`
			`.end(done);`
			`});`

Make sure GET /:id/exists returns 200 {exists: true\|false} https://github.com/strongloop/loopback/issues/679 2014-10-22 21:39:39 +00:00			`it('should report 200 for GET /:id/exists not found', function(done) {`
			`app.model(MyModel);`
			`app.use(loopback.rest());`
			`request(app).get('/mymodels/1/exists')`
			`.expect(200)`
			`.end(function(err, res) {`
			`if (err) return done(err);`
			`expect(res.body).to.eql({exists: false});`
			`done();`
			`});`
			`});`

Expose Model.exists over HTTP HEAD 2014-07-31 04:57:45 +00:00			`it('should report 200 for GET /:id found', function(done) {`
			`app.model(MyModel);`
			`app.use(loopback.rest());`
			`MyModel.create({name: 'm1'}, function(err, inst) {`
			`request(app).get('/mymodels/' + inst.id)`
			`.expect(200)`
			`.end(done);`
			`});`
			`});`

			`it('should report 200 for HEAD /:id found', function(done) {`
			`app.model(MyModel);`
			`app.use(loopback.rest());`
			`MyModel.create({name: 'm2'}, function(err, inst) {`
			`request(app).head('/mymodels/' + inst.id)`
			`.expect(200)`
			`.end(done);`
			`});`
			`});`

Make sure GET /:id/exists returns 200 {exists: true\|false} https://github.com/strongloop/loopback/issues/679 2014-10-22 21:39:39 +00:00			`it('should report 200 for GET /:id/exists found', function(done) {`
			`app.model(MyModel);`
			`app.use(loopback.rest());`
			`MyModel.create({name: 'm2'}, function(err, inst) {`
			`request(app).get('/mymodels/' + inst.id + '/exists')`
			`.expect(200)`
			`.end(function(err, res) {`
			`if (err) return done(err);`
			`expect(res.body).to.eql({exists: true});`
			`done();`
			`});`
			`});`
			`});`

Add test for `remoting.rest.supportedTypes` 2014-10-31 09:36:59 +00:00			it('should honour `remoting.rest.supportedTypes`', function(done) {
			`var app = loopback();`

			// NOTE it is crucial to set `remoting` before creating any models
			`var supportedTypes = ['json', 'application/javascript', 'text/javascript'];`
			`app.set('remoting', { rest: { supportedTypes: supportedTypes } });`

			`app.model(MyModel);`
			`app.use(loopback.rest());`

			`request(app).get('/mymodels')`
fix jscs errors 2014-11-21 02:35:36 +00:00			`.set('Accept', 'text/html,application/xml;q= 0.9,/;q= 0.8')`
Add test for `remoting.rest.supportedTypes` 2014-10-31 09:36:59 +00:00			`.expect('Content-Type', 'application/json; charset=utf-8')`
			`.expect(200, done);`
			`});`

Add test case for loopback issue #698 Verify that the following model options change the HTTP path where the model is exposed: { http: { path: 'domain/mymodels' } } 2015-01-22 07:02:43 +00:00			`it('allows models to provide a custom HTTP path', function(done) {`
			`var ds = app.dataSource('db', { connector: loopback.Memory });`
			`var CustomModel = ds.createModel('CustomModel',`
			`{ name: String },`
			`{ http: { 'path': 'domain1/CustomModelPath' }`
			`});`

			`app.model(CustomModel);`
			`app.use(loopback.rest());`

			`request(app).get('/domain1/CustomModelPath').expect(200).end(done);`
			`});`

Add test case to demonstrate url-encoded http path 2015-01-23 13:04:13 +00:00			`it('should report 200 for url-encoded HTTP path', function(done) {`
			`var ds = app.dataSource('db', { connector: loopback.Memory });`
			`var CustomModel = ds.createModel('CustomModel',`
			`{ name: String },`
			`{ http: { path: 'domain%20one/CustomModelPath' }`
			`});`

			`app.model(CustomModel);`
			`app.use(loopback.rest());`

			`request(app).get('/domain%20one/CustomModelPath').expect(200).end(done);`
			`});`

Modify `loopback.rest` to include `loopback.token` Make `loopback.rest` self-contained, so that authentication works out of the box. var app = loopback(); app.enableAuth(); app.use(loopback.rest()); Note that cookie parsing middleware is not added, users have to explicitly configure that if they want to store access tokens in cookies. Modify `loopback.token` to skip token lookup when the request already contains `accessToken` property. This is in line with other connect-based middleware like `cookieParser` or `json`. 2014-02-04 15:17:32 +00:00			`it('includes loopback.token when necessary', function(done) {`
			`givenUserModelWithAuth();`
			`app.enableAuth();`
			`app.use(loopback.rest());`

			`givenLoggedInUser(function(err, token) {`
			`if (err) return done(err);`
			`expect(token).instanceOf(app.models.accessToken);`
			`request(app).get('/users/' + token.userId)`
			`.set('Authorization', token.id)`
			`.expect(200)`
			`.end(done);`
'done' is not defined 2014-11-21 01:52:11 +00:00			`}, done);`
Modify `loopback.rest` to include `loopback.token` Make `loopback.rest` self-contained, so that authentication works out of the box. var app = loopback(); app.enableAuth(); app.use(loopback.rest()); Note that cookie parsing middleware is not added, users have to explicitly configure that if they want to store access tokens in cookies. Modify `loopback.token` to skip token lookup when the request already contains `accessToken` property. This is in line with other connect-based middleware like `cookieParser` or `json`. 2014-02-04 15:17:32 +00:00			`});`

			`it('does not include loopback.token when auth not enabled', function(done) {`
			`var User = givenUserModelWithAuth();`
			`User.getToken = function(req, cb) {`
			`cb(null, req.accessToken ? req.accessToken.id : null);`
			`};`
			`loopback.remoteMethod(User.getToken, {`
			`accepts: [{ type: 'object', http: { source: 'req' } }],`
			`returns: [{ type: 'object', name: 'id' }]`
			`});`

			`app.use(loopback.rest());`
			`givenLoggedInUser(function(err, token) {`
			`if (err) return done(err);`
			`request(app).get('/users/getToken')`
			`.set('Authorization', token.id)`
			`.expect(200)`
			`.end(function(err, res) {`
			`if (err) return done(err);`
			`expect(res.body.id).to.equal(null);`
			`done();`
			`});`
'done' is not defined 2014-11-21 01:52:11 +00:00			`}, done);`
Modify `loopback.rest` to include `loopback.token` Make `loopback.rest` self-contained, so that authentication works out of the box. var app = loopback(); app.enableAuth(); app.use(loopback.rest()); Note that cookie parsing middleware is not added, users have to explicitly configure that if they want to store access tokens in cookies. Modify `loopback.token` to skip token lookup when the request already contains `accessToken` property. This is in line with other connect-based middleware like `cookieParser` or `json`. 2014-02-04 15:17:32 +00:00			`});`

Config option to disable legacy explorer routes Setting legacyExplorer to false in the loopback config will disable the routes /routes and /models made available in loopback.rest. The deprecate module has been added to the project with a reference added for the legacyExplorer option as it is no longer required by loopback-explorer. Tests added to validate functionality of disabled and enabled legacy explorer routes. 2015-02-25 19:48:08 +00:00			`it('should report 200 for legacy explorer route /routes', function(done) {`
			`app.use(loopback.rest());`
			`request(app).get('/routes')`
			`.expect(200)`
			`.end(function(err, res) {`
			`if (err) return done(err);`
			`expect(res.body).to.eql([]);`
			`done();`
			`});`
			`});`

			`it('should report 200 for legacy explorer route /models', function(done) {`
			`app.use(loopback.rest());`
			`request(app).get('/models')`
			`.expect(200)`
			`.end(function(err, res) {`
			`if (err) return done(err);`
			`expect(res.body).to.eql({});`
			`done();`
			`});`
			`});`

			`it('should report 404 for disabled legacy explorer route /routes', function(done) {`
			`app.set('legacyExplorer', false);`
			`app.use(loopback.rest());`
			`request(app).get('/routes')`
			`.expect(404)`
			`.end(done);`
			`});`

			`it('should report 404 for disabled legacy explorer route /models', function(done) {`
			`app.set('legacyExplorer', false);`
			`app.use(loopback.rest());`
			`request(app).get('/models')`
			`.expect(404)`
			`.end(done);`
			`});`

Enable the context middleware from loopback.rest 2014-10-22 21:29:56 +00:00			`describe('context propagation', function() {`
			`var User;`
Add context propagation middleware - Implement the middleware `loopback.context` - Inject context into juggler and strong-remoting - Make http context optional and default to false - Optionally mount context middleware from `loopback.rest` 2014-06-17 17:35:19 +00:00
Enable the context middleware from loopback.rest 2014-10-22 21:29:56 +00:00			`beforeEach(function() {`
			`User = givenUserModelWithAuth();`
			`User.getToken = function(cb) {`
			`var context = loopback.getCurrentContext();`
			`var req = context.get('http').req;`
			`expect(req).to.have.property('accessToken');`
Add context propagation middleware - Implement the middleware `loopback.context` - Inject context into juggler and strong-remoting - Make http context optional and default to false - Optionally mount context middleware from `loopback.rest` 2014-06-17 17:35:19 +00:00
Enable the context middleware from loopback.rest 2014-10-22 21:29:56 +00:00			`var juggler = require('loopback-datasource-juggler');`
			`expect(juggler.getCurrentContext().get('http').req)`
			`.to.have.property('accessToken');`
Add context propagation middleware - Implement the middleware `loopback.context` - Inject context into juggler and strong-remoting - Make http context optional and default to false - Optionally mount context middleware from `loopback.rest` 2014-06-17 17:35:19 +00:00
Enable the context middleware from loopback.rest 2014-10-22 21:29:56 +00:00			`var remoting = require('strong-remoting');`
			`expect(remoting.getCurrentContext().get('http').req)`
			`.to.have.property('accessToken');`
Add context propagation middleware - Implement the middleware `loopback.context` - Inject context into juggler and strong-remoting - Make http context optional and default to false - Optionally mount context middleware from `loopback.rest` 2014-06-17 17:35:19 +00:00
Enable the context middleware from loopback.rest 2014-10-22 21:29:56 +00:00			`cb(null, req && req.accessToken ? req.accessToken.id : null);`
			`};`
			`// Set up the ACL`
			`User.settings.acls.push({principalType: 'ROLE',`
			`principalId: '$authenticated', permission: 'ALLOW',`
			`property: 'getToken'});`

			`loopback.remoteMethod(User.getToken, {`
			`accepts: [],`
			`returns: [`
			`{ type: 'object', name: 'id' }`
			`]`
			`});`
Add context propagation middleware - Implement the middleware `loopback.context` - Inject context into juggler and strong-remoting - Make http context optional and default to false - Optionally mount context middleware from `loopback.rest` 2014-06-17 17:35:19 +00:00			`});`

Enable the context middleware from loopback.rest 2014-10-22 21:29:56 +00:00			`function invokeGetToken(done) {`
			`givenLoggedInUser(function(err, token) {`
			`if (err) return done(err);`
			`request(app).get('/users/getToken')`
			`.set('Authorization', token.id)`
			`.expect(200)`
			`.end(function(err, res) {`
			`if (err) return done(err);`
			`expect(res.body.id).to.equal(token.id);`
			`done();`
			`});`
			`});`
			`}`
Add context propagation middleware - Implement the middleware `loopback.context` - Inject context into juggler and strong-remoting - Make http context optional and default to false - Optionally mount context middleware from `loopback.rest` 2014-06-17 17:35:19 +00:00
Enable the context middleware from loopback.rest 2014-10-22 21:29:56 +00:00			`it('should enable context using loopback.context', function(done) {`
rest middleware: clean up context config Modify `loopback.rest()` to read the configuration for `loopback.context` from `app.get('remoting')`, which is the approach used for all other configuration options related to the REST transport. 2014-11-04 10:27:49 +00:00			`app.use(loopback.context({ enableHttpContext: true }));`
Enable the context middleware from loopback.rest 2014-10-22 21:29:56 +00:00			`app.enableAuth();`
			`app.use(loopback.rest());`

			`invokeGetToken(done);`
			`});`

			`it('should enable context with loopback.rest', function(done) {`
			`app.enableAuth();`
rest middleware: clean up context config Modify `loopback.rest()` to read the configuration for `loopback.context` from `app.get('remoting')`, which is the approach used for all other configuration options related to the REST transport. 2014-11-04 10:27:49 +00:00			`app.set('remoting', { context: { enableHttpContext: true } });`
			`app.use(loopback.rest());`
Enable the context middleware from loopback.rest 2014-10-22 21:29:56 +00:00
			`invokeGetToken(done);`
			`});`

			`it('should support explicit context', function(done) {`
			`app.enableAuth();`
			`app.use(loopback.context());`
			`app.use(loopback.token(`
			`{ model: loopback.getModelByType(loopback.AccessToken) }));`
			`app.use(function(req, res, next) {`
			`loopback.getCurrentContext().set('accessToken', req.accessToken);`
			`next();`
			`});`
			`app.use(loopback.rest());`

			`User.getToken = function(cb) {`
			`var context = loopback.getCurrentContext();`
			`var accessToken = context.get('accessToken');`
			`expect(context.get('accessToken')).to.have.property('id');`

			`var juggler = require('loopback-datasource-juggler');`
			`context = juggler.getCurrentContext();`
			`expect(context.get('accessToken')).to.have.property('id');`

			`var remoting = require('strong-remoting');`
			`context = remoting.getCurrentContext();`
			`expect(context.get('accessToken')).to.have.property('id');`

			`cb(null, accessToken ? accessToken.id : null);`
			`};`

			`loopback.remoteMethod(User.getToken, {`
			`accepts: [],`
			`returns: [`
			`{ type: 'object', name: 'id' }`
			`]`
			`});`

			`invokeGetToken(done);`
Add context propagation middleware - Implement the middleware `loopback.context` - Inject context into juggler and strong-remoting - Make http context optional and default to false - Optionally mount context middleware from `loopback.rest` 2014-06-17 17:35:19 +00:00			`});`
			`});`

Modify `loopback.rest` to include `loopback.token` Make `loopback.rest` self-contained, so that authentication works out of the box. var app = loopback(); app.enableAuth(); app.use(loopback.rest()); Note that cookie parsing middleware is not added, users have to explicitly configure that if they want to store access tokens in cookies. Modify `loopback.token` to skip token lookup when the request already contains `accessToken` property. This is in line with other connect-based middleware like `cookieParser` or `json`. 2014-02-04 15:17:32 +00:00			`function givenUserModelWithAuth() {`
			`// NOTE(bajtos) It is important to create a custom AccessToken model here,`
			`// in order to overwrite the entry created by previous tests in`
			`// the global model registry`
			`app.model('accessToken', {`
			`options: {`
			`base: 'AccessToken'`
			`},`
			`dataSource: 'db'`
			`});`
			`return app.model('user', {`
			`options: {`
			`base: 'User',`
			`relations: {`
			`accessTokens: {`
			`model: 'accessToken',`
			`type: 'hasMany',`
			`foreignKey: 'userId'`
			`}`
			`}`
			`},`
			`dataSource: 'db'`
			`});`
			`}`
'done' is not defined 2014-11-21 01:52:11 +00:00			`function givenLoggedInUser(cb, done) {`
Modify `loopback.rest` to include `loopback.token` Make `loopback.rest` self-contained, so that authentication works out of the box. var app = loopback(); app.enableAuth(); app.use(loopback.rest()); Note that cookie parsing middleware is not added, users have to explicitly configure that if they want to store access tokens in cookies. Modify `loopback.token` to skip token lookup when the request already contains `accessToken` property. This is in line with other connect-based middleware like `cookieParser` or `json`. 2014-02-04 15:17:32 +00:00			`var credentials = { email: 'user@example.com', password: 'pwd' };`
			`var User = app.models.user;`
			`User.create(credentials,`
			`function(err, user) {`
			`if (err) return done(err);`
			`User.login(credentials, cb);`
			`});`
			`}`
			`});`