// https://www.npmjs.com/package/lab
var Lab = require('lab'),
  lab = exports.lab = Lab.script(),
  experiment = lab.experiment,
  before = lab.before,
  after = lab.after,
  test = lab.test,
  // https://www.npmjs.com/package/code
  expect = require('code').expect,
  server;

// Create a mock server before the test
before(function(done) {
  require('./mocks/server')(function(obj) {
    server = obj;
    done();
  });
});

// stop the mock server
after(function(done) {
  server.stop(done);
});

experiment('test route', function() {
  test('returns data', function(done) {
    // inject a request
    server.inject({
      path: '/protected/data',
      method: 'get',
      // provide credentials, so auth strategies applied to the route are skipped
      credentials: {
        id: 123
        username: 'cade'
      }
    }, function(resp) {
      // expect success!
      expect(resp.statusCode).to.equal(200);
      expect(resp.result).to.be.an.object();
      done();
    });
  });

  test('rejects requests without credentials', function(done) {
    // inject a request that's doomed to fail
    server.inject({
      path: '/protected/data',
      method: 'get'
    }, function(resp) {
      // without credentials (or a header that the auth strategy can actually verify)
      // the request should return 403 forbidden
      expect(resp.statusCode).to.equal(403);
      done();
    });
  });
});
	// https://www.npmjs.com/package/lab
	var Lab = require('lab'),
	lab = exports.lab = Lab.script(),
	experiment = lab.experiment,
	before = lab.before,
	after = lab.after,
	test = lab.test,
	// https://www.npmjs.com/package/code
	expect = require('code').expect,
	server;

	// Create a mock server before the test
	before(function(done) {
	require('./mocks/server')(function(obj) {
	server = obj;
	done();
	});
	});

	// stop the mock server
	after(function(done) {
	server.stop(done);
	});

	experiment('test route', function() {
	test('returns data', function(done) {
	// inject a request
	server.inject({
	path: '/protected/data',
	method: 'get',
	// provide credentials, so auth strategies applied to the route are skipped
	credentials: {
	id: 123
	username: 'cade'
	}
	}, function(resp) {
	// expect success!
	expect(resp.statusCode).to.equal(200);
	expect(resp.result).to.be.an.object();
	done();
	});
	});

	test('rejects requests without credentials', function(done) {
	// inject a request that's doomed to fail
	server.inject({
	path: '/protected/data',
	method: 'get'
	}, function(resp) {
	// without credentials (or a header that the auth strategy can actually verify)
	// the request should return 403 forbidden
	expect(resp.statusCode).to.equal(403);
	done();
	});
	});
	});