frisbyjstesting失败,因为get()没有发送HTTP头
我有另一个frisbyjstesting的afterJSON()失败后frisbyjstesting。 当我debugging服务器代码时,看起来x-access-token和x-key HTTP头没有被发送。 我发错了吗? 当然,我正在做一些愚蠢的事情。
以下是外部testing。 afterJSON()中的第一个testing是失败的:
frisby.create('Should be able to log in with test user') .post(appHost + '/login', { username:'test@voxoid.com', password:'pass123' }, {json: true}, {headers: {'Content-Type': 'application/json'}}) .expectStatus(200) .expectJSONTypes({ token: String }) .expectJSON({ user: { name:'test', role:'admin', username:'test@voxoid.com' } }) .afterJSON(function(res) { // TODO: The functionality works, but this test does not; the headers do not get sent. console.log('x-access-token: ' + res.token); console.log('x-key: ' + res.user.username); // **************** THIS IS THE TEST THAT FAILS ******************** frisby.create('Should allow access with valid token') .get(appHost + '/api/v1/products',{}, {json:true}, {headers:{ 'x-access-token': res.token, 'x-key': res.user.username }}) .inspectJSON() .expectStatus(200) .toss(); frisby.create('Should not allow access with invalid token') .get(appHost + '/api/v1/products',{}, {json:true}, {headers:{ 'x-access-token': res.token + '123', 'x-key': res.user.username }}) .expectStatus(401) .toss(); }) .toss(); inspectJSON()的结果是:
{ status: 401, message: 'Invalid Token or Key' }
这里是处理请求的服务器代码(一个快速中间件),其中令牌和密钥在debugging时都以'undefined'结束,res.headers不包含x-access-token和x-key头文件:
var jwt = require('jwt-simple'); var validateUser = require('../routes/auth').validateUser; module.exports = function(req, res, next) { // When performing a cross domain request, you will recieve // a preflighted request first. This is to check if our the app // is safe. // We skip the token outh for [OPTIONS] requests. //if(req.method == 'OPTIONS') next(); var token = (req.body && req.body.access_token) || (req.query && req.query.access_token) || req.headers['x-access-token']; var key = (req.body && req.body.x_key) || (req.query && req.query.x_key) || req.headers['x-key']; if (token || key) { try { var decoded = jwt.decode(token, require('../config/secret.js')()); if (decoded.exp <= Date.now()) { res.status(400); res.json({ "status": 400, "message": "Token Expired" }); return; } // Authorize the user to see if s/he can access our resources var dbUser = validateUser(key); // The key would be the logged in user's username if (dbUser) { if ((req.url.indexOf('admin') >= 0 && dbUser.role == 'admin') || (req.url.indexOf('admin') < 0 && req.url.indexOf('/api/v1/') >= 0)) { next(); // To move to next middleware } else { res.status(403); res.json({ "status": 403, "message": "Not Authorized" }); return; } } else { // No user with this name exists, respond back with a 401 res.status(401); res.json({ "status": 401, "message": "Invalid User" }); return; } } catch (err) { res.status(500); res.json({ "status": 500, "message": "Oops something went wrong", "error": err }); } } else { res.status(401); res.json({ "status": 401, "message": "Invalid Token or Key" }); return; } };
是的,这很简单 – “几乎是一个错字”。 这是工作代码:
frisby.create('Should allow access with valid token') .get(appHost + '/api/v1/products', { json: true, headers: { 'x-access-token': res.token, 'x-key': res.user.username } }) .inspectJSON() .expectStatus(200) .toss();
注意,我们是如何将单个选项对象传递给.get() ,而不是三个单独的对象(对于json和headers ,而在开头是空的)。
另外:如果您的大部分请求都包含这些头文件,则可以将它们设置为全局。 这也适用于其他选项:
frisby.globalSetup({ request: { json: true, headers: { 'x-access-token': res.token, 'x-key': res.user.username } } }); frisby.create('Should allow access with valid token') .get(appHost + '/api/v1/products') //no need for options - they're already set! .inspectJSON() .expectStatus(200) .toss(); frisby.create('Should not allow access with invalid token') .get(appHost + '/api/v1/products', { // ...but you still can override them - when needed headers: { 'x-access-token': res.token + '123', 'x-key': res.user.username } }) .expectStatus(401) .toss();