const dotenv = require("dotenv"); const { generateAccesToken, generateRefreshToken, generatePermtoken, verifyToken} = require("./auth"); const {auth, publicauth} = require("./middleware"); dotenv.config(); describe('Middleware.js Tests', () => { let req, res, next; const user = { id: 1, name: 'Test User' }; beforeEach(() => { req = { cookies: {} }; res = { cookie: jest.fn(), status: jest.fn(function() { return this; }), json: jest.fn() }; next = jest.fn(); }); test('should call next() if access token is valid', () => { const token = generateAccesToken(user); req.cookies.accessToken = token; auth(req, res, next); expect(next).toHaveBeenCalled(); }); test('should call next() if refresh token is valid', () => { const token = generateRefreshToken(user); req.cookies.refreshToken = token; auth(req, res, next); expect(next).toHaveBeenCalled(); }); test('should call next() if permtoken is valid', () => { const token = generatePermtoken(user); req.cookies.permtoken = token; auth(req, res, next); expect(next).toHaveBeenCalled(); }); test('should return 401 if no tokens are present', () => { auth(req, res, next); expect(res.status).toHaveBeenCalledWith(401); }); test('should return 401 if access token is invalid', () => { const token = generateAccesToken(user); req.cookies.accessToken = token + 'a'; auth(req, res, next); expect(res.status).toHaveBeenCalledWith(401); }); test('should return 401 if refresh token is invalid', () => { const token = generateRefreshToken(user); req.cookies.refreshToken = token + 'a'; auth(req, res, next); expect(res.status).toHaveBeenCalledWith(401); }); test('should return 401 if permtoken is invalid', () => { const token = generatePermtoken(user); req.cookies.permtoken = token + 'a'; auth(req, res, next); expect(res.status).toHaveBeenCalledWith(401); }); test('should return access token if refresh token is valid', () => { const token = generateRefreshToken(user); req.cookies.refreshToken = token; auth(req, res, next); expect(res.cookie).toHaveBeenCalledWith('accessToken', expect.any(String), { httpOnly: true }); }); test('should return access token and refresh if permtoken is valid', () => { const token = generatePermtoken(user); req.cookies.permtoken = token; auth(req, res, next); expect(res.cookie).toHaveBeenCalledWith('accessToken', expect.any(String), { httpOnly: true }); expect(res.cookie).toHaveBeenCalledWith('refreshToken', expect.any(String), { httpOnly: true }); }); test('should not return refresh token if access token is valid', () => { const token = generateAccesToken(user); req.cookies.accessToken = token; auth(req, res, next); expect(res.cookie).not.toHaveBeenCalledWith('refreshToken', expect.any(String), { httpOnly: true }); }); test('should not return permtoken token if refresh is valid', () => { const token = generatePermtoken(user); req.cookies.permtoken = token; auth(req, res, next); expect(res.cookie).not.toHaveBeenCalledWith('permtoken', expect.any(String), { httpOnly: true }); }); test('should return req.user equals null if no tokens are present for publicauth', () => { publicauth(req, res, next); expect(req.user).toBe(null); }); test('should return req.user equals null if access token is invalid for publicauth', () => { const token = generateAccesToken(user); req.cookies.accessToken = token + 'a'; publicauth(req, res, next); expect(req.user).toBe(null); }); test('should return req.user equals null if refresh token is invalid for publicauth', () => { const token = generateRefreshToken(user); req.cookies.refreshToken = token + 'a'; publicauth(req, res, next); expect(req.user).toBe(null); }); test('should return req.user equals null if permtoken is invalid for publicauth', () => { const token = generatePermtoken(user); req.cookies.permtoken = token + 'a'; publicauth(req, res, next); expect(req.user).toBe(null); }); test('should return req.user equals user if access token is valid for publicauth', () => { const token = generateAccesToken(user); req.cookies.accessToken = token; publicauth(req, res, next); expect(req.user).toEqual(user); }); test('should remove access token if access token is invalid', () => { const token = generateAccesToken(user); req.cookies.accessToken = token + 'a'; auth(req, res, next); expect(res.cookie).toHaveBeenCalledWith('accessToken', '', { httpOnly: true }); }); test('should remove refresh token if refresh token is invalid', () => { const token = generateRefreshToken(user); req.cookies.refreshToken = token + 'a'; auth(req, res, next); expect(res.cookie).toHaveBeenCalledWith('refreshToken', '', { httpOnly: true }); }); test('should remove permtoken if permtoken is invalid', () => { const token = generatePermtoken(user); req.cookies.permtoken = token + 'a'; auth(req, res, next); expect(res.cookie).toHaveBeenCalledWith('permtoken', '', { httpOnly: true }); }); test('should remove access token if access token is invalid for publicauth', () => { const token = generateAccesToken(user); req.cookies.accessToken = token + 'a'; publicauth(req, res, next); expect(res.cookie).toHaveBeenCalledWith('accessToken', '', { httpOnly: true }); }); test('should remove refresh token if refresh token is invalid for publicauth', () => { const token = generateRefreshToken(user); req.cookies.refreshToken = token + 'a'; publicauth(req, res, next); expect(res.cookie).toHaveBeenCalledWith('refreshToken', '', { httpOnly: true }); }); test('should remove permtoken if permtoken is invalid for publicauth', () => { const token = generatePermtoken(user); req.cookies.permtoken = token + 'a'; publicauth(req, res, next); expect(res.cookie).toHaveBeenCalledWith('permtoken', '', { httpOnly: true }); }); });