使用Mocha + supertest +护照使用JWT测试经过身份验证的路由失败 [英] Testing authenticated routes with JWT fails using Mocha + supertest + passport
问题描述
我正在尝试在Mocha中测试经过身份验证的路由,但是在before
或beforeEach
挂钩中创建的用户不能持久保存.
I'm trying to test authenticated routes in Mocha but the user created in before
or beforeEach
hooks does not persist.
在test.js
const should = require('chai').should(),
mongoose = require('mongoose'),
request = require('supertest'),
app = require('../../../../server'),
agent = request.agent(app),
AdminUser = require('../../../models/AdminUser');
var credentials = {
username: 'admin',
password: 'password'
};
var admin = new AdminUser(credentials);
describe('authenticated routes', function() {
before(function (done) {
admin.save(function (err) {
if (err) done(err);
agent.post('/api/authenticate')
.send(credentials)
.end(function (err, res) {
if (err) done(err);
jwtToken = res.body.token;
done();
});
});
});
it('should get content with 200', function (done) {
agent.get('/api/content')
.set('Authorization', 'JWT ' + jwtToken)
.expect(200)
.end((err, res) => {
if (err) return done(err);
done();
});
});
after(function (done) {
AdminUser.remove().exec();
done();
})
});
我尝试使用beforeEach
并在afterEach
中清理,到/api/authenticate
的初始帖子成功返回了200
,收到了令牌,但是当尝试使用令牌进行身份验证时,它得到了AdminUser
.
I have tried using beforeEach
and cleaning up in afterEach
, the initial post to /api/authenticate
returns a 200
successfully, a token is received but when trying to authenticate with the token, it gets a 400
. This is due to AdminUser
not found.
在护照策略中,我有:
module.exports = function (passport) {
passport.use(new JwtStrategy(opts, function(jwtPayload, done) {
AdminUser.findOne({ username: jwtPayload.username }, function (err, user) {
if (err) { return done(err); }
if (!user) {
return done(null, false, { message: 'Bad token.' });
}
return done(null, user);
});
}));
};
不管我在哪里保存用户,
AdminUser
始终为null
.仅当我嵌套回调时有效,但否定了before
或beforeEach
的使用.
AdminUser
is always null
regardless of where I save the user. Only works when I nest the callbacks but that negates the use of before
or beforeEach
.
推荐答案
您需要在 Bearer 身份验证方案中使用Authorization标头:
You need to use Authorization header with the Bearer authentication scheme:
.set('Authorization', 'Bearer ' + jwtToken)
这篇关于使用Mocha + supertest +护照使用JWT测试经过身份验证的路由失败的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!