// https://www.npmjs.com/package/lab | |
var Lab = require('lab'), | |
lab = exports.lab = Lab.script(), | |
experiment = lab.experiment, | |
before = lab.before, | |
after = lab.after, | |
test = lab.test, | |
// https://www.npmjs.com/package/code | |
expect = require('code').expect, | |
server; | |
// Create a mock server before the test | |
before(function(done) { | |
require('./mocks/server')(function(obj) { | |
server = obj; | |
done(); | |
}); | |
}); | |
// stop the mock server | |
after(function(done) { | |
server.stop(done); | |
}); | |
experiment('test route', function() { | |
test('returns data', function(done) { | |
// inject a request | |
server.inject({ | |
path: '/protected/data', | |
method: 'get', | |
// provide credentials, so auth strategies applied to the route are skipped | |
credentials: { | |
id: 123 | |
username: 'cade' | |
} | |
}, function(resp) { | |
// expect success! | |
expect(resp.statusCode).to.equal(200); | |
expect(resp.result).to.be.an.object(); | |
done(); | |
}); | |
}); | |
test('rejects requests without credentials', function(done) { | |
// inject a request that's doomed to fail | |
server.inject({ | |
path: '/protected/data', | |
method: 'get' | |
}, function(resp) { | |
// without credentials (or a header that the auth strategy can actually verify) | |
// the request should return 403 forbidden | |
expect(resp.statusCode).to.equal(403); | |
done(); | |
}); | |
}); | |
}); |