ghost/core/test/unit/middleware/client-auth_spec.js

/*globals describe, beforeEach, it*/
/*jshint expr:true*/
var should          = require('should'),
    sinon           = require('sinon'),

    middleware      = require('../../../server/middleware').middleware;

describe('Middleware: Client Auth', function () {
    var req, res, next;

    beforeEach(function () {
        req = {};
        res = {};
        next = sinon.spy();
    });

    describe('addClientSecret', function () {
        it('sets a `client_secret` if not part of body', function () {
            var requestBody = {};

            req.body = requestBody;

            middleware.api.addClientSecret(req, res, next);

            next.called.should.be.true;
            should(req.body).have.property('client_secret');
            req.body.client_secret.should.not.be.empty;
        });

        it('does not tamper with `client_secret` if already present', function () {
            var requestBody = {
                client_secret: 'keep-it-safe-keep-it-secret'
            };

            req.body = requestBody;

            middleware.api.addClientSecret(req, res, next);

            next.called.should.be.true;
            should(req.body).have.property('client_secret');
            req.body.client_secret.should.equal('keep-it-safe-keep-it-secret');
        });
    });
});
splitting client authentication-related middleware in to its own file * refs #5286 * includes test cases for `addClientSecret` * no tests first `generateAccessToken` and `authenticateClient` because there isn't anything to test in them 2015-05-26 17:02:49 -05:00			`/globals describe, beforeEach, it/`
			`/jshint expr:true/`
			`var should = require('should'),`
			`sinon = require('sinon'),`

			`middleware = require('../../../server/middleware').middleware;`

			`describe('Middleware: Client Auth', function () {`
			`var req, res, next;`

			`beforeEach(function () {`
			`req = {};`
			`res = {};`
			`next = sinon.spy();`
			`});`

			`describe('addClientSecret', function () {`
			it('sets a `client_secret` if not part of body', function () {
			`var requestBody = {};`

			`req.body = requestBody;`

Improve API error handling close #2757, refs #5286 - moves error formatting from api/index into errors lib - moves error handling from api/index into its own middleware - adds extra middleware for method not allowed which captures all unsupported routes 2015-06-14 14:07:52 -05:00			`middleware.api.addClientSecret(req, res, next);`
splitting client authentication-related middleware in to its own file * refs #5286 * includes test cases for `addClientSecret` * no tests first `generateAccessToken` and `authenticateClient` because there isn't anything to test in them 2015-05-26 17:02:49 -05:00
			`next.called.should.be.true;`
			`should(req.body).have.property('client_secret');`
			`req.body.client_secret.should.not.be.empty;`
			`});`

			it('does not tamper with `client_secret` if already present', function () {
			`var requestBody = {`
			`client_secret: 'keep-it-safe-keep-it-secret'`
			`};`

			`req.body = requestBody;`

Improve API error handling close #2757, refs #5286 - moves error formatting from api/index into errors lib - moves error handling from api/index into its own middleware - adds extra middleware for method not allowed which captures all unsupported routes 2015-06-14 14:07:52 -05:00			`middleware.api.addClientSecret(req, res, next);`
splitting client authentication-related middleware in to its own file * refs #5286 * includes test cases for `addClientSecret` * no tests first `generateAccessToken` and `authenticateClient` because there isn't anything to test in them 2015-05-26 17:02:49 -05:00
			`next.called.should.be.true;`
			`should(req.body).have.property('client_secret');`
			`req.body.client_secret.should.equal('keep-it-safe-keep-it-secret');`
			`});`
			`});`
			`});`