1var app = require('../../examples/auth')2var request = require('supertest')34function getCookie(res) {5  return res.headers['set-cookie'][0].split(';')[0];6}78describe('auth', function(){9  describe('GET /',function(){10    it('should redirect to /login', function(done){11      request(app)12      .get('/')13      .expect('Location', '/login')14      .expect(302, done)15    })16  })1718  describe('GET /login',function(){19    it('should render login form', function(done){20      request(app)21      .get('/login')22      .expect(200, /<form/, done)23    })2425    it('should display login error for bad user', function (done) {26      request(app)27      .post('/login')28      .type('urlencoded')29      .send('username=not-tj&password=foobar')30      .expect('Location', '/login')31      .expect(302, function(err, res){32        if (err) return done(err)33        request(app)34        .get('/login')35        .set('Cookie', getCookie(res))36        .expect(200, /Authentication failed/, done)37      })38    })3940    it('should display login error for bad password', function (done) {41      request(app)42        .post('/login')43        .type('urlencoded')44        .send('username=tj&password=nogood')45        .expect('Location', '/login')46        .expect(302, function (err, res) {47          if (err) return done(err)48          request(app)49            .get('/login')50            .set('Cookie', getCookie(res))51            .expect(200, /Authentication failed/, done)52        })53    })54  })5556  describe('GET /logout',function(){57    it('should redirect to /', function(done){58      request(app)59      .get('/logout')60      .expect('Location', '/')61      .expect(302, done)62    })63  })6465  describe('GET /restricted',function(){66    it('should redirect to /login without cookie', function(done){67      request(app)68      .get('/restricted')69      .expect('Location', '/login')70      .expect(302, done)71    })7273    it('should succeed with proper cookie', function(done){74      request(app)75      .post('/login')76      .type('urlencoded')77      .send('username=tj&password=foobar')78      .expect('Location', '/')79      .expect(302, function(err, res){80        if (err) return done(err)81        request(app)82        .get('/restricted')83        .set('Cookie', getCookie(res))84        .expect(200, done)85      })86    })87  })8889  describe('POST /login', function(){90    it('should fail without proper username', function(done){91      request(app)92      .post('/login')93      .type('urlencoded')94      .send('username=not-tj&password=foobar')95      .expect('Location', '/login')96      .expect(302, done)97    })9899    it('should fail without proper password', function(done){100      request(app)101      .post('/login')102      .type('urlencoded')103      .send('username=tj&password=baz')104      .expect('Location', '/login')105      .expect(302, done)106    })107108    it('should succeed with proper credentials', function(done){109      request(app)110      .post('/login')111      .type('urlencoded')112      .send('username=tj&password=foobar')113      .expect('Location', '/')114      .expect(302, done)115    })116  })117})