Ghost/test/unit/api/v3/session.test.js

const should = require('should');
const sinon = require('sinon');
const {UnauthorizedError} = require('@tryghost/errors');

const models = require('../../../../core/server/models');

const sessionController = require('../../../../core/server/api/v3/session');
const sessionServiceMiddleware = require('../../../../core/server/services/auth/session');

describe('v3 Session controller', function () {
    before(function () {
        models.init();
    });

    afterEach(function () {
        sinon.restore();
    });

    it('exports an add method', function () {
        should.equal(typeof sessionController.add, 'function');
    });
    it('exports an delete method', function () {
        should.equal(typeof sessionController.delete, 'function');
    });

    describe('#add', function () {
        it('throws an UnauthorizedError if the object is missing a username and password', function () {
            return sessionController.add({}).then(() => {
                should.fail('session.add did not throw');
            },(err) => {
                should.equal(err instanceof UnauthorizedError, true);
            });
        });

        it('it checks the username and password and throws UnauthorizedError if it fails', function () {
            const userCheckStub = sinon.stub(models.User, 'check')
                .rejects(new Error());

            return sessionController.add({data: {
                username: 'freddy@vodafone.com',
                password: 'qu33nRul35'
            }}).then(() => {
                should.fail('session.add did not throw');
            },(err) => {
                should.equal(err instanceof UnauthorizedError, true);
            });
        });

        it('it returns a function that calls req.brute.reset, sets req.user and calls createSession if the check works', function () {
            const fakeReq = {
                brute: {
                    reset: sinon.stub().callsArg(0)
                }
            };
            const fakeRes = {};
            const fakeNext = () => {};
            const fakeUser = models.User.forge({});
            sinon.stub(models.User, 'check')
                .resolves(fakeUser);

            const createSessionStub = sinon.stub(sessionServiceMiddleware, 'createSession');

            return sessionController.add({data: {
                username: 'freddy@vodafone.com',
                password: 'qu33nRul35'
            }}).then((fn) => {
                fn(fakeReq, fakeRes, fakeNext);
            }).then(function () {
                should.equal(fakeReq.brute.reset.callCount, 1);

                const createSessionStubCall = createSessionStub.getCall(0);
                should.equal(fakeReq.user, fakeUser);
                should.equal(createSessionStubCall.args[0], fakeReq);
                should.equal(createSessionStubCall.args[1], fakeRes);
                should.equal(createSessionStubCall.args[2], fakeNext);
            });
        });

        it('it returns a function that calls req.brute.reset and calls next if reset errors', function () {
            const resetError = new Error();
            const fakeReq = {
                brute: {
                    reset: sinon.stub().callsArgWith(0, resetError)
                }
            };
            const fakeRes = {};
            const fakeNext = sinon.stub();
            const fakeUser = models.User.forge({});
            sinon.stub(models.User, 'check')
                .resolves(fakeUser);

            const createSessionStub = sinon.stub(sessionServiceMiddleware, 'createSession');

            return sessionController.add({data: {
                username: 'freddy@vodafone.com',
                password: 'qu33nRul35'
            }}).then((fn) => {
                fn(fakeReq, fakeRes, fakeNext);
            }).then(function () {
                should.equal(fakeReq.brute.reset.callCount, 1);
                should.equal(fakeNext.callCount, 1);
                should.equal(fakeNext.args[0][0], resetError);
            });
        });
    });

    describe('#delete', function () {
        it('returns a function that calls destroySession', function () {
            const fakeReq = {};
            const fakeRes = {};
            const fakeNext = () => {};
            const destroySessionStub = sinon.stub(sessionServiceMiddleware, 'destroySession');

            return sessionController.delete().then((fn) => {
                fn(fakeReq, fakeRes, fakeNext);
            }).then(function () {
                const destroySessionStubCall = destroySessionStub.getCall(0);
                should.equal(destroySessionStubCall.args[0], fakeReq);
                should.equal(destroySessionStubCall.args[1], fakeRes);
                should.equal(destroySessionStubCall.args[2], fakeNext);
            });
        });
    });

    describe('#get', function () {
        it('returns the result of User.findOne', function () {
            const findOneReturnVal = new Promise(() => {});
            const findOneStub = sinon.stub(models.User, 'findOne')
                .returns(findOneReturnVal);

            const result = sessionController.read({
                options: {
                    context: {
                        user: 108
                    }
                }
            });
            should.equal(result, findOneReturnVal);
            should.deepEqual(findOneStub.args[0][0], {
                id: 108
            });
        });
    });
});