Expected "Location" header field
Exegetech opened this issue · comments
I am at 10-authentication, trying to get past the test that says "POST /login should 303 with good auth details"
/**
* If successful, the logged in user should be redirected to `/`.
*/
app.use(function* login(next) {
if (this.request.path !== '/login') return yield* next;
if (this.request.method === 'GET') return this.response.body = form.replace('{{csrf}}', this.csrf);
if (this.request.method === 'POST') {
var body = yield parse.json(this);
if (body.username !== 'username' || body.password !== 'password') {
return this.response.status = 400;
}
if (body._csrf !== this.csrf) {
return this.response.status = 403;
}
if (body.username === 'username' && body.password === 'password' && body._csrf === this.csrf) {
this.response.status = 303;
this.response.set('Location', '/');
}
}
})
here is the test result
1) Authentication logging in POST /login should 303 with good auth details:
Error: expected "Location" header field
at Test.assert (/Users/christiansakai/Desktop/workshop/node_modules/supertest/lib/test.js:190:35)
at assert (/Users/christiansakai/Desktop/workshop/node_modules/supertest/lib/test.js:132:12)
at /Users/christiansakai/Desktop/workshop/node_modules/supertest/lib/test.js:129:5
at Test.Request.callback (/Users/christiansakai/Desktop/workshop/node_modules/supertest/node_modules/superagent/lib/node/index.js:746:30)
at Test.<anonymous> (/Users/christiansakai/Desktop/workshop/node_modules/supertest/node_modules/superagent/lib/node/index.js:135:10)
at IncomingMessage.<anonymous> (/Users/christiansakai/Desktop/workshop/node_modules/supertest/node_modules/superagent/lib/node/index.js:938:12)
at endReadableNT (_stream_readable.js:893:12)
Can you point me in the right direction?
I have the same error. I think it could be a mistake in tests.
CSRF token is generated with each request (because we use csrf(app);
) regardless of it type (GET or POST or whatever). But test gets csrf only once with GET request to /login
page and supposes it as valid in each next POST request to /login
.