2014-02-04 15:17:32 +00:00
|
|
|
describe('loopback.rest', function() {
|
2014-07-31 04:57:45 +00:00
|
|
|
var MyModel;
|
2014-02-04 15:17:32 +00:00
|
|
|
beforeEach(function() {
|
2014-07-31 04:57:45 +00:00
|
|
|
var ds = app.dataSource('db', { connector: loopback.Memory });
|
|
|
|
MyModel = ds.createModel('MyModel', {name: String});
|
2014-02-04 15:17:32 +00:00
|
|
|
});
|
|
|
|
|
|
|
|
it('works out-of-the-box', function(done) {
|
2014-07-31 04:57:45 +00:00
|
|
|
app.model(MyModel);
|
2014-02-04 15:17:32 +00:00
|
|
|
app.use(loopback.rest());
|
|
|
|
request(app).get('/mymodels')
|
|
|
|
.expect(200)
|
|
|
|
.end(done);
|
|
|
|
});
|
|
|
|
|
2014-07-31 04:57:45 +00:00
|
|
|
it('should report 404 for GET /:id not found', function(done) {
|
|
|
|
app.model(MyModel);
|
|
|
|
app.use(loopback.rest());
|
|
|
|
request(app).get('/mymodels/1')
|
|
|
|
.expect(404)
|
|
|
|
.end(done);
|
|
|
|
});
|
|
|
|
|
|
|
|
it('should report 404 for HEAD /:id not found', function(done) {
|
|
|
|
app.model(MyModel);
|
|
|
|
app.use(loopback.rest());
|
|
|
|
request(app).head('/mymodels/1')
|
|
|
|
.expect(404)
|
|
|
|
.end(done);
|
|
|
|
});
|
|
|
|
|
2014-10-22 21:39:39 +00:00
|
|
|
it('should report 200 for GET /:id/exists not found', function(done) {
|
|
|
|
app.model(MyModel);
|
|
|
|
app.use(loopback.rest());
|
|
|
|
request(app).get('/mymodels/1/exists')
|
|
|
|
.expect(200)
|
|
|
|
.end(function(err, res) {
|
|
|
|
if (err) return done(err);
|
|
|
|
expect(res.body).to.eql({exists: false});
|
|
|
|
done();
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
2014-07-31 04:57:45 +00:00
|
|
|
it('should report 200 for GET /:id found', function(done) {
|
|
|
|
app.model(MyModel);
|
|
|
|
app.use(loopback.rest());
|
|
|
|
MyModel.create({name: 'm1'}, function(err, inst) {
|
|
|
|
request(app).get('/mymodels/' + inst.id)
|
|
|
|
.expect(200)
|
|
|
|
.end(done);
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
it('should report 200 for HEAD /:id found', function(done) {
|
|
|
|
app.model(MyModel);
|
|
|
|
app.use(loopback.rest());
|
|
|
|
MyModel.create({name: 'm2'}, function(err, inst) {
|
|
|
|
request(app).head('/mymodels/' + inst.id)
|
|
|
|
.expect(200)
|
|
|
|
.end(done);
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
2014-10-22 21:39:39 +00:00
|
|
|
it('should report 200 for GET /:id/exists found', function(done) {
|
|
|
|
app.model(MyModel);
|
|
|
|
app.use(loopback.rest());
|
|
|
|
MyModel.create({name: 'm2'}, function(err, inst) {
|
|
|
|
request(app).get('/mymodels/' + inst.id + '/exists')
|
|
|
|
.expect(200)
|
|
|
|
.end(function(err, res) {
|
|
|
|
if (err) return done(err);
|
|
|
|
expect(res.body).to.eql({exists: true});
|
|
|
|
done();
|
|
|
|
});
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
2014-10-31 09:36:59 +00:00
|
|
|
it('should honour `remoting.rest.supportedTypes`', function(done) {
|
|
|
|
var app = loopback();
|
|
|
|
|
|
|
|
// NOTE it is crucial to set `remoting` before creating any models
|
|
|
|
var supportedTypes = ['json', 'application/javascript', 'text/javascript'];
|
|
|
|
app.set('remoting', { rest: { supportedTypes: supportedTypes } });
|
|
|
|
|
|
|
|
app.model(MyModel);
|
|
|
|
app.use(loopback.rest());
|
|
|
|
|
|
|
|
request(app).get('/mymodels')
|
|
|
|
.set('Accept', 'text/html,application/xml;q=0.9,*/*;q=0.8')
|
|
|
|
.expect('Content-Type', 'application/json; charset=utf-8')
|
|
|
|
.expect(200, done);
|
|
|
|
});
|
|
|
|
|
2014-02-04 15:17:32 +00:00
|
|
|
it('includes loopback.token when necessary', function(done) {
|
|
|
|
givenUserModelWithAuth();
|
|
|
|
app.enableAuth();
|
|
|
|
app.use(loopback.rest());
|
|
|
|
|
|
|
|
givenLoggedInUser(function(err, token) {
|
|
|
|
if (err) return done(err);
|
|
|
|
expect(token).instanceOf(app.models.accessToken);
|
|
|
|
request(app).get('/users/' + token.userId)
|
|
|
|
.set('Authorization', token.id)
|
|
|
|
.expect(200)
|
|
|
|
.end(done);
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
it('does not include loopback.token when auth not enabled', function(done) {
|
|
|
|
var User = givenUserModelWithAuth();
|
|
|
|
User.getToken = function(req, cb) {
|
|
|
|
cb(null, req.accessToken ? req.accessToken.id : null);
|
|
|
|
};
|
|
|
|
loopback.remoteMethod(User.getToken, {
|
|
|
|
accepts: [{ type: 'object', http: { source: 'req' } }],
|
|
|
|
returns: [{ type: 'object', name: 'id' }]
|
|
|
|
});
|
|
|
|
|
|
|
|
app.use(loopback.rest());
|
|
|
|
givenLoggedInUser(function(err, token) {
|
|
|
|
if (err) return done(err);
|
|
|
|
request(app).get('/users/getToken')
|
|
|
|
.set('Authorization', token.id)
|
|
|
|
.expect(200)
|
|
|
|
.end(function(err, res) {
|
|
|
|
if (err) return done(err);
|
|
|
|
expect(res.body.id).to.equal(null);
|
|
|
|
done();
|
|
|
|
});
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
2014-10-22 21:29:56 +00:00
|
|
|
describe('context propagation', function() {
|
|
|
|
var User;
|
2014-06-17 17:35:19 +00:00
|
|
|
|
2014-10-22 21:29:56 +00:00
|
|
|
beforeEach(function() {
|
|
|
|
User = givenUserModelWithAuth();
|
|
|
|
User.getToken = function(cb) {
|
|
|
|
var context = loopback.getCurrentContext();
|
|
|
|
var req = context.get('http').req;
|
|
|
|
expect(req).to.have.property('accessToken');
|
2014-06-17 17:35:19 +00:00
|
|
|
|
2014-10-22 21:29:56 +00:00
|
|
|
var juggler = require('loopback-datasource-juggler');
|
|
|
|
expect(juggler.getCurrentContext().get('http').req)
|
|
|
|
.to.have.property('accessToken');
|
2014-06-17 17:35:19 +00:00
|
|
|
|
2014-10-22 21:29:56 +00:00
|
|
|
var remoting = require('strong-remoting');
|
|
|
|
expect(remoting.getCurrentContext().get('http').req)
|
|
|
|
.to.have.property('accessToken');
|
2014-06-17 17:35:19 +00:00
|
|
|
|
2014-10-22 21:29:56 +00:00
|
|
|
cb(null, req && req.accessToken ? req.accessToken.id : null);
|
|
|
|
};
|
|
|
|
// Set up the ACL
|
|
|
|
User.settings.acls.push({principalType: 'ROLE',
|
|
|
|
principalId: '$authenticated', permission: 'ALLOW',
|
|
|
|
property: 'getToken'});
|
|
|
|
|
|
|
|
loopback.remoteMethod(User.getToken, {
|
|
|
|
accepts: [],
|
|
|
|
returns: [
|
|
|
|
{ type: 'object', name: 'id' }
|
|
|
|
]
|
|
|
|
});
|
2014-06-17 17:35:19 +00:00
|
|
|
});
|
|
|
|
|
2014-10-22 21:29:56 +00:00
|
|
|
function invokeGetToken(done) {
|
|
|
|
givenLoggedInUser(function(err, token) {
|
|
|
|
if (err) return done(err);
|
|
|
|
request(app).get('/users/getToken')
|
|
|
|
.set('Authorization', token.id)
|
|
|
|
.expect(200)
|
|
|
|
.end(function(err, res) {
|
|
|
|
if (err) return done(err);
|
|
|
|
expect(res.body.id).to.equal(token.id);
|
|
|
|
done();
|
|
|
|
});
|
|
|
|
});
|
|
|
|
}
|
2014-06-17 17:35:19 +00:00
|
|
|
|
2014-10-22 21:29:56 +00:00
|
|
|
it('should enable context using loopback.context', function(done) {
|
|
|
|
app.use(loopback.context({enableHttpContext: true}));
|
|
|
|
app.enableAuth();
|
|
|
|
app.use(loopback.rest());
|
|
|
|
|
|
|
|
invokeGetToken(done);
|
|
|
|
});
|
|
|
|
|
|
|
|
it('should enable context with loopback.rest', function(done) {
|
|
|
|
app.enableAuth();
|
|
|
|
app.use(loopback.rest({context: {enableHttpContext: true}}));
|
|
|
|
|
|
|
|
invokeGetToken(done);
|
|
|
|
});
|
|
|
|
|
|
|
|
it('should support explicit context', function(done) {
|
|
|
|
app.enableAuth();
|
|
|
|
app.use(loopback.context());
|
|
|
|
app.use(loopback.token(
|
|
|
|
{ model: loopback.getModelByType(loopback.AccessToken) }));
|
|
|
|
app.use(function(req, res, next) {
|
|
|
|
loopback.getCurrentContext().set('accessToken', req.accessToken);
|
|
|
|
next();
|
|
|
|
});
|
|
|
|
app.use(loopback.rest());
|
|
|
|
|
|
|
|
User.getToken = function(cb) {
|
|
|
|
var context = loopback.getCurrentContext();
|
|
|
|
var accessToken = context.get('accessToken');
|
|
|
|
expect(context.get('accessToken')).to.have.property('id');
|
|
|
|
|
|
|
|
var juggler = require('loopback-datasource-juggler');
|
|
|
|
context = juggler.getCurrentContext();
|
|
|
|
expect(context.get('accessToken')).to.have.property('id');
|
|
|
|
|
|
|
|
var remoting = require('strong-remoting');
|
|
|
|
context = remoting.getCurrentContext();
|
|
|
|
expect(context.get('accessToken')).to.have.property('id');
|
|
|
|
|
|
|
|
cb(null, accessToken ? accessToken.id : null);
|
|
|
|
};
|
|
|
|
|
|
|
|
loopback.remoteMethod(User.getToken, {
|
|
|
|
accepts: [],
|
|
|
|
returns: [
|
|
|
|
{ type: 'object', name: 'id' }
|
|
|
|
]
|
|
|
|
});
|
|
|
|
|
|
|
|
invokeGetToken(done);
|
2014-06-17 17:35:19 +00:00
|
|
|
});
|
|
|
|
});
|
|
|
|
|
2014-02-04 15:17:32 +00:00
|
|
|
function givenUserModelWithAuth() {
|
|
|
|
// NOTE(bajtos) It is important to create a custom AccessToken model here,
|
|
|
|
// in order to overwrite the entry created by previous tests in
|
|
|
|
// the global model registry
|
|
|
|
app.model('accessToken', {
|
|
|
|
options: {
|
|
|
|
base: 'AccessToken'
|
|
|
|
},
|
|
|
|
dataSource: 'db'
|
|
|
|
});
|
|
|
|
return app.model('user', {
|
|
|
|
options: {
|
|
|
|
base: 'User',
|
|
|
|
relations: {
|
|
|
|
accessTokens: {
|
|
|
|
model: 'accessToken',
|
|
|
|
type: 'hasMany',
|
|
|
|
foreignKey: 'userId'
|
|
|
|
}
|
|
|
|
}
|
|
|
|
},
|
|
|
|
dataSource: 'db'
|
|
|
|
});
|
|
|
|
}
|
|
|
|
function givenLoggedInUser(cb) {
|
|
|
|
var credentials = { email: 'user@example.com', password: 'pwd' };
|
|
|
|
var User = app.models.user;
|
|
|
|
User.create(credentials,
|
|
|
|
function(err, user) {
|
|
|
|
if (err) return done(err);
|
|
|
|
User.login(credentials, cb);
|
|
|
|
});
|
|
|
|
}
|
|
|
|
});
|