From 986132d79f1a5cd3019adb2b85e127d334adec61 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Miroslav=20Bajto=C5=A1?= <miroslav@strongloop.com>
Date: Fri, 29 May 2015 11:29:21 +0200
Subject: [PATCH] Add a unit-test for searchDefaultTokenKeys

---
 test/access-token.test.js | 34 +++++++++++++++++++++++++++++++++-
 1 file changed, 33 insertions(+), 1 deletion(-)

diff --git a/test/access-token.test.js b/test/access-token.test.js
index 82723f1b..9e57cba2 100644
--- a/test/access-token.test.js
+++ b/test/access-token.test.js
@@ -31,6 +31,30 @@ describe('loopback.token(options)', function() {
       .end(done);
   });
 
+  it('should not search default keys when searchDefaultTokenKeys is false',
+  function(done) {
+    var tokenId = this.token.id;
+    var app = createTestApp(
+      this.token,
+      { token: { searchDefaultTokenKeys: false } },
+      done);
+    var agent = request.agent(app);
+
+    // Set the token cookie
+    agent.get('/token').expect(200).end(function(err, res) {
+      if (err) return done(err);
+
+      // Make a request that sets the token in all places searched by default
+      agent.get('/check-access?access_token=' + tokenId)
+        .set('X-Access-Token', tokenId)
+        .set('authorization', tokenId)
+        // Expect 401 because there is no (non-default) place configured where
+        // the middleware should load the token from
+        .expect(401)
+        .end(done);
+    });
+  });
+
   it('should populate req.token from an authorization header with bearer token', function(done) {
     var token = this.token.id;
     token = 'Bearer ' + new Buffer(token).toString('base64');
@@ -350,13 +374,18 @@ function createTestApp(testToken, settings, done) {
 
   var appSettings = settings.app || {};
   var modelSettings = settings.model || {};
+  var tokenSettings = extend({
+    model: Token,
+    currentUserLiteral: 'me'
+  }, settings.token);
 
   var app = loopback();
 
   app.use(loopback.cookieParser('secret'));
-  app.use(loopback.token({model: Token, currentUserLiteral: 'me'}));
+  app.use(loopback.token(tokenSettings));
   app.get('/token', function(req, res) {
     res.cookie('authorization', testToken.id, {signed: true});
+    res.cookie('access_token', testToken.id, {signed: true});
     res.end();
   });
   app.get('/', function(req, res) {
@@ -368,6 +397,9 @@ function createTestApp(testToken, settings, done) {
     }
     res.send('ok');
   });
+  app.get('/check-access', function(req, res) {
+    res.status(req.accessToken ? 200 : 401).end();
+  });
   app.use('/users/:uid', function(req, res) {
     var result = {userId: req.params.uid};
     if (req.query.state) {