Giters

koajs / workshop

Koa Training Workshop

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Expected "Location" header field

Exegetech opened this issue · comments

commented

I am at 10-authentication, trying to get past the test that says "POST /login should 303 with good auth details"

/**
 * If successful, the logged in user should be redirected to `/`.
 */

app.use(function* login(next) {
  if (this.request.path !== '/login') return yield* next;
  if (this.request.method === 'GET') return this.response.body = form.replace('{{csrf}}', this.csrf);

  if (this.request.method === 'POST') {
    var body = yield parse.json(this);

    if (body.username !== 'username' || body.password !== 'password') {
      return this.response.status = 400;
    }
    if (body._csrf !== this.csrf) {
      return this.response.status = 403;
    }

    if (body.username === 'username' && body.password === 'password' && body._csrf === this.csrf) {
      this.response.status = 303;
      this.response.set('Location', '/');
    }
  }
})

here is the test result

  1) Authentication logging in POST /login should 303 with good auth details:
     Error: expected "Location" header field
      at Test.assert (/Users/christiansakai/Desktop/workshop/node_modules/supertest/lib/test.js:190:35)
      at assert (/Users/christiansakai/Desktop/workshop/node_modules/supertest/lib/test.js:132:12)
      at /Users/christiansakai/Desktop/workshop/node_modules/supertest/lib/test.js:129:5
      at Test.Request.callback (/Users/christiansakai/Desktop/workshop/node_modules/supertest/node_modules/superagent/lib/node/index.js:746:30)
      at Test.<anonymous> (/Users/christiansakai/Desktop/workshop/node_modules/supertest/node_modules/superagent/lib/node/index.js:135:10)
      at IncomingMessage.<anonymous> (/Users/christiansakai/Desktop/workshop/node_modules/supertest/node_modules/superagent/lib/node/index.js:938:12)
      at endReadableNT (_stream_readable.js:893:12)

Can you point me in the right direction?

commented

I have the same error. I think it could be a mistake in tests.
CSRF token is generated with each request (because we use csrf(app);) regardless of it type (GET or POST or whatever). But test gets csrf only once with GET request to /login page and supposes it as valid in each next POST request to /login.

commented

Please read the koa-csrf document. this.csrf creates a new CSRF token, so it will never equal to body._csrf. Use this.assertCSRF() instead.