我在另一个frisbyjs测试的afterJSON()失败后进行了frisbyjs测试。当我调试服务器代码时,似乎没有发送x-access-token和x-key HTTP标头。我发错了吗?当然,我正在做些傻事。
以下是外部测试。 afterJSON()中的第一个测试是失败的测试:
frisby.create('Should be able to log in with test user')
.post(appHost + '/login',
{
username:'test@voxoid.com',
password:'pass123'
},
{json: true},
{headers: {'Content-Type': 'application/json'}})
.expectStatus(200)
.expectJSONTypes({ token: String })
.expectJSON({
user: {
name:'test',
role:'admin',
username:'test@voxoid.com'
}
})
.afterJSON(function(res) {
// TODO: The functionality works, but this test does not; the headers do not get sent.
console.log('x-access-token: ' + res.token);
console.log('x-key: ' + res.user.username);
// **************** THIS IS THE TEST THAT FAILS ********************
frisby.create('Should allow access with valid token')
.get(appHost + '/api/v1/products',{},
{json:true},
{headers:{
'x-access-token': res.token,
'x-key': res.user.username
}})
.inspectJSON()
.expectStatus(200)
.toss();
frisby.create('Should not allow access with invalid token')
.get(appHost + '/api/v1/products',{},
{json:true},
{headers:{
'x-access-token': res.token + '123',
'x-key': res.user.username
}})
.expectStatus(401)
.toss();
})
.toss();
inspectJSON()导致:
{ status: 401, message: 'Invalid Token or Key' }
这是处理请求的服务器代码(快速中间件),其中令牌和密钥在调试时都以“未定义”结束,而res.headers不包含x-access-token和x-key头:
var jwt = require('jwt-simple');
var validateUser = require('../routes/auth').validateUser;
module.exports = function(req, res, next) {
// When performing a cross domain request, you will recieve
// a preflighted request first. This is to check if our the app
// is safe.
// We skip the token outh for [OPTIONS] requests.
//if(req.method == 'OPTIONS') next();
var token = (req.body && req.body.access_token) || (req.query && req.query.access_token) || req.headers['x-access-token'];
var key = (req.body && req.body.x_key) || (req.query && req.query.x_key) || req.headers['x-key'];
if (token || key) {
try {
var decoded = jwt.decode(token, require('../config/secret.js')());
if (decoded.exp <= Date.now()) {
res.status(400);
res.json({
"status": 400,
"message": "Token Expired"
});
return;
}
// Authorize the user to see if s/he can access our resources
var dbUser = validateUser(key); // The key would be the logged in user's username
if (dbUser) {
if ((req.url.indexOf('admin') >= 0 && dbUser.role == 'admin') || (req.url.indexOf('admin') < 0 && req.url.indexOf('/api/v1/') >= 0)) {
next(); // To move to next middleware
} else {
res.status(403);
res.json({
"status": 403,
"message": "Not Authorized"
});
return;
}
} else {
// No user with this name exists, respond back with a 401
res.status(401);
res.json({
"status": 401,
"message": "Invalid User"
});
return;
}
} catch (err) {
res.status(500);
res.json({
"status": 500,
"message": "Oops something went wrong",
"error": err
});
}
} else {
res.status(401);
res.json({
"status": 401,
"message": "Invalid Token or Key"
});
return;
}
};
答案 0 :(得分:1)
是的,这很简单 - “几乎是一个错字”。这是工作代码:
frisby.create('Should allow access with valid token')
.get(appHost + '/api/v1/products', {
json: true,
headers: {
'x-access-token': res.token,
'x-key': res.user.username
}
})
.inspectJSON()
.expectStatus(200)
.toss();
注意我们如何将单个选项对象传递给.get(),而不是三个单独的选项(json和headers,并且开始)。
另外:如果您的大多数请求都包含这些标头,那么全局设置它们可能会很有用。这也适用于其他选项:
frisby.globalSetup({
request: {
json: true,
headers: {
'x-access-token': res.token,
'x-key': res.user.username
}
}
});
frisby.create('Should allow access with valid token')
.get(appHost + '/api/v1/products') //no need for options - they're already set!
.inspectJSON()
.expectStatus(200)
.toss();
frisby.create('Should not allow access with invalid token')
.get(appHost + '/api/v1/products', {
// ...but you still can override them - when needed
headers: {
'x-access-token': res.token + '123',
'x-key': res.user.username
}
})
.expectStatus(401)
.toss();