From 8c6f89ae649b141c2168a3e1ad4d945a6b60dc07 Mon Sep 17 00:00:00 2001 From: Jay Date: Mon, 25 May 2026 18:49:22 +0530 Subject: [PATCH] test: add authentication edge case coverage --- spec/auth.routes.spec.cjs | 153 ++++++++++++++++++++++++++++++++++---- 1 file changed, 138 insertions(+), 15 deletions(-) diff --git a/spec/auth.routes.spec.cjs b/spec/auth.routes.spec.cjs index 926b5c7e..85b4e094 100644 --- a/spec/auth.routes.spec.cjs +++ b/spec/auth.routes.spec.cjs @@ -10,7 +10,13 @@ const authRoutes = require('../backend/routes/auth'); function createTestApp() { const app = express(); app.use(express.json()); - app.use(session({ secret: 'test', resave: false, saveUninitialized: false })); + app.use( + session({ + secret: 'test', + resave: false, + saveUninitialized: false, + }) + ); app.use(passport.initialize()); app.use(passport.session()); require('../backend/config/passportConfig'); @@ -22,7 +28,9 @@ describe('Auth Routes', () => { let app; beforeAll(async () => { - await mongoose.connect('mongodb://127.0.0.1:27017/github_tracker_test'); + await mongoose.connect( + 'mongodb://127.0.0.1:27017/github_tracker_test' + ); app = createTestApp(); }); @@ -38,27 +46,56 @@ describe('Auth Routes', () => { it('should sign up a new user', async () => { const res = await request(app) .post('/auth/signup') - .send({ username: 'testuser', email: 'test@example.com', password: 'password123' }); + .send({ + username: 'testuser', + email: 'test@example.com', + password: 'password123', + }); + expect(res.status).toBe(201); expect(res.body.message).toBe('User created successfully'); - const user = await User.findOne({ email: 'test@example.com' }); + + const user = await User.findOne({ + email: 'test@example.com', + }); + expect(user).toBeTruthy(); }); it('should not sign up a user with existing email', async () => { - await new User({ username: 'testuser', email: 'test@example.com', password: 'password123' }).save(); + await new User({ + username: 'testuser', + email: 'test@example.com', + password: 'password123', + }).save(); + const res = await request(app) .post('/auth/signup') - .send({ username: 'testuser2', email: 'test@example.com', password: 'password456' }); + .send({ + username: 'testuser2', + email: 'test@example.com', + password: 'password456', + }); + expect(res.status).toBe(400); expect(res.body.message).toBe('User already exists'); }); it('should not sign up a user with existing username', async () => { - await new User({ username: 'testuser', email: 'test@example.com', password: 'password123' }).save(); + await new User({ + username: 'testuser', + email: 'test@example.com', + password: 'password123', + }).save(); + const res = await request(app) .post('/auth/signup') - .send({ username: 'testuser', email: 'test2@example.com', password: 'password456' }); + .send({ + username: 'testuser', + email: 'test2@example.com', + password: 'password456', + }); + expect(res.status).toBe(400); expect(res.body.message).toBe('User already exists'); }); @@ -66,11 +103,21 @@ describe('Auth Routes', () => { it('should login a user with correct credentials', async () => { await request(app) .post('/auth/signup') - .send({ username: 'testuser', email: 'test@example.com', password: 'password123' }); + .send({ + username: 'testuser', + email: 'test@example.com', + password: 'password123', + }); + const agent = request.agent(app); + const res = await agent .post('/auth/login') - .send({ email: 'test@example.com', password: 'password123' }); + .send({ + email: 'test@example.com', + password: 'password123', + }); + expect(res.status).toBe(200); expect(res.body.message).toBe('Login successful'); expect(res.body.user.email).toBe('test@example.com'); @@ -79,24 +126,100 @@ describe('Auth Routes', () => { it('should not login a user with wrong password', async () => { await request(app) .post('/auth/signup') - .send({ username: 'testuser', email: 'test@example.com', password: 'password123' }); + .send({ + username: 'testuser', + email: 'test@example.com', + password: 'password123', + }); + const agent = request.agent(app); + const res = await agent .post('/auth/login') - .send({ email: 'test@example.com', password: 'wrongpassword' }); + .send({ + email: 'test@example.com', + password: 'wrongpassword', + }); + expect(res.status).toBe(401); }); it('should logout a logged-in user', async () => { await request(app) .post('/auth/signup') - .send({ username: 'testuser', email: 'test@example.com', password: 'password123' }); + .send({ + username: 'testuser', + email: 'test@example.com', + password: 'password123', + }); + const agent = request.agent(app); + await agent .post('/auth/login') - .send({ email: 'test@example.com', password: 'password123' }); + .send({ + email: 'test@example.com', + password: 'password123', + }); + const res = await agent.get('/auth/logout'); + expect(res.status).toBe(200); expect(res.body.message).toBe('Logged out successfully'); }); -}); \ No newline at end of file + + // Additional important test cases + + it('should not login a non-existent user', async () => { + const agent = request.agent(app); + + const res = await agent + .post('/auth/login') + .send({ + email: 'nouser@example.com', + password: 'password123', + }); + + expect(res.status).toBe(401); + }); + + it('should not sign up with missing email', async () => { + const res = await request(app) + .post('/auth/signup') + .send({ + username: 'testuser', + password: 'password123', + }); + + expect(res.status).toBeGreaterThanOrEqual(400); + }); + + it('should not sign up with missing password', async () => { + const res = await request(app) + .post('/auth/signup') + .send({ + username: 'testuser', + email: 'test@example.com', + }); + + expect(res.status).toBeGreaterThanOrEqual(400); + }); + + it('should not login with empty credentials', async () => { + const agent = request.agent(app); + + const res = await agent + .post('/auth/login') + .send({}); + + expect(res.status).toBeGreaterThanOrEqual(400); + }); + + it('should not sign up with empty request body', async () => { + const res = await request(app) + .post('/auth/signup') + .send({}); + + expect(res.status).toBeGreaterThanOrEqual(400); + }); +}); \ No newline at end of file