fix(component): axios-jest-test-fix

- Added axios jest test fix

BREAKING CHANGE: Cookies are now restricted based the env vars and there are new env vars that
prevent emails being sent for local development

fix #1

Author: Manny

.env.example

@@ -1,6 +1,9 @@
 PORT=5000
 NODE_ENV=development
 VERSION=1.0.0
+ENABLE_EMAIL=false
+CORS_ALLOW=http://localhost:3000;https://localhost:5000;http://app.local
+COOKIE_ALLOW=
 
 JWT_SECRET=jwt_secret_key
 JWT_ISSUER=api.localhost
@@ -16,7 +19,7 @@ JWT_RESET_MAX_AGE=300
 CSRF_COOKIE_PREFIX=nodetscookie
 CSRF_COOKIE_MAXAGE=900
 
-MAILGUN_API_URL=
+MAILGUN_API_URL=https://api.mailgun.net/v3
 MAILGUN_SECRET_KEY=
 MAILGUN_DOMAIN=
 

package.json

@@ -1,8 +1,8 @@
 {
-  "name": "nodets-bootstrap",
+  "name": "nodets-rest-auth-bootstrap",
   "version": "1.0.3",
   "main": "src/index.js",
-  "repository": "https://github.com/codingwithmanny/nodets-base",
+  "repository": "https://github.com/codingwithmanny/nodets-rest-auth-bootstrap",
   "author": "@codingwithmanny",
   "license": "MIT",
   "scripts": {
@@ -11,8 +11,8 @@
     "dev": "ts-node-dev src/server.ts",
     "start": "export NODE_ENV=production && tsc && node build/server.js",
     "test": "yarn test:lint && yarn test:coverage",
-    "test:jest": "./node_modules/.bin/jest --watch",
-    "test:coverage": "./node_modules/.bin/jest --coverage",
+    "test:jest": "./node_modules/.bin/jest --watch src",
+    "test:coverage": "./node_modules/.bin/jest --coverage src",
     "test:lint": "./node_modules/.bin/eslint '*/**/*.{js,ts}' --quiet --fix",
     "db:save": "./node_modules/.bin/prisma migrate save --experimental",
     "db:seed:gen": "cp ./prisma/seedings/TemplateSeeder.ts.example ./prisma/seedings/NEW.ts",

src/controllers/auth/forgot.ts

@@ -56,7 +56,9 @@ router.post(
 
     // Send email
     try {
-      await sendResetPasswordEmail(user.email, resetToken);
+      if (process.env.ENABLE_EMAIL === 'true') {
+        await sendResetPasswordEmail(user.email, resetToken);
+      }
     } catch (error) {
       return res.status(500).json(
         buildErrorResponse({

src/controllers/auth/login.ts

@@ -25,7 +25,7 @@ const prisma = new PrismaClient();
 // ========================================================
 router.post(
   '/',
-  [(check('email').isEmail(), check('password').isLength({ min: 8 }))],
+  [check('email').isString(), check('password').isLength({ min: 8 })],
   validation,
   async (req: Request, res: Response) => {
     // Get body
@@ -78,12 +78,18 @@ router.post(
       res.cookie('token', token, {
         httpOnly: true,
         maxAge: parseInt(process.env.JWT_MAX_AGE || '900') * 1000,
+        // domain: '.app.local',
+        path: '/',
+        secure: process.env.NODE_ENV === 'production' ? true : false,
       });
 
       // 6. Set refresh token cookie
       res.cookie('refreshToken', refreshToken, {
         httpOnly: true,
         maxAge: parseInt(process.env.JWT_REFRESH_MAX_AGE || '604800') * 1000,
+        // domain: '.app.local',
+        path: '/',
+        secure: process.env.NODE_ENV === 'production' ? true : false,
       });
 
       // 7. Send token data

src/controllers/auth/refresh.ts

@@ -22,6 +22,9 @@ router.get('/', async (req: Request, res: Response) => {
   const token: string = req.cookies.refreshToken;
 
   try {
+    if (!token) {
+      throw new Error(CONST.AUTH.REFRESH.ERRORS.INVALID);
+    }
     const verify = verifyRefreshToken(token);
 
     const users: User[] | null = await prisma.user.findMany({

src/controllers/auth/register.ts

@@ -55,7 +55,9 @@ router.post(
       });
 
       // Send email
-      await sendConfirmAccountEmail(body.email, confirmationToken);
+      if (process.env.ENABLE_EMAIL === 'true') {
+        await sendConfirmAccountEmail(body.email, confirmationToken);
+      }
 
       return res.json(
         buildSuccessResponse({
@@ -64,7 +66,9 @@ router.post(
       );
     } catch (error) {
       // Fail if could not create user (ex: duplicate record)
-      return res.json(buildErrorResponse({ msg: ErrorDefinition(error) }));
+      return res
+        .status(400)
+        .json(buildErrorResponse({ msg: ErrorDefinition(error) }));
     }
   },
 );

src/index.ts

@@ -2,7 +2,7 @@
 // ========================================================
 import * as dotenv from 'dotenv';
 import express from 'express';
-import cors from 'express';
+import cors from 'cors';
 import helmet from 'helmet';
 import csrf from 'csurf';
 import cookieParser from 'cookie-parser';
@@ -22,19 +22,25 @@ const app = express();
 
 // Middlewares
 // ========================================================
-app.use(cors());
+app.use(
+  cors({
+    origin: `${process.env.CORS_ALLOW || 'http://localhost:5000'}`.split(';'),
+  }),
+);
+
 app.use(helmet());
 app.use(cookieParser());
 app.use(express.json());
 app.use(
   csrf({
     cookie: {
-      key: process.env.CSRF_COOKIE_PREFIX || '',
+      key: process.env.CSRF_COOKIE_PREFIX || '_csrf',
       maxAge: parseInt(process.env.CSRF_COOKIE_MAXAGE || '900'),
       signed: NODE_ENV === 'production' ? true : false, // signature
       secure: NODE_ENV === 'production' ? true : false, // https
       httpOnly: true,
       sameSite: NODE_ENV === 'production' ? true : false, // sets the same site policy for the cookie
+      domain: process.env.COOKIE_ALLOW || 'http://localhost:5000',
     },
   }),
 );

src/utils/__tests__/index.ts

@@ -2,9 +2,10 @@
 // ========================================================
 import faker from 'faker';
 import jwtDecode from 'jwt-decode';
-import { User } from '@prisma/client';
-import axios, { AxiosRequestConfig } from 'axios';
+import axios from 'axios';
 import formData from 'form-data';
+import bcrypt from 'bcrypt';
+import { User } from '@prisma/client';
 import {
   hashPassword,
   getGeneratedToken,
@@ -25,11 +26,11 @@ import {
 
 // Mocks
 // ========================================================
-const axiosPost = jest.fn();
-jest.mock('axios');
-(axios as jest.Mocked<typeof axios>).post.mockImplementation(
-  jest.fn().mockImplementation(axiosPost),
-);
+jest.mock('axios', () => {
+  return Object.assign(jest.fn(), {
+    post: jest.fn().mockReturnValue({ success: true }),
+  });
+});
 
 const formDataAppend = jest.fn();
 const formDataGetHeaders = jest.fn();
@@ -361,14 +362,16 @@ test('test - sendEmail - [email protected], [email protected], my subject, hello ther
   const subject = 'my subject';
   const body = 'hello there!';
   const basicAuth = Buffer.from(`api:secret`).toString('base64');
+  const spyOnAxiosPost = jest.spyOn(axios, 'post');
 
+  process.env.ENABLE_EMAIL = 'true';
   process.env.MAILGUN_API_URL = 'url';
   process.env.MAILGUN_DOMAIN = 'domain';
   process.env.MAILGUN_SECRET_KEY = 'secret';
 
   // Pre Expectations
   expect(formData).not.toHaveBeenCalled();
-  expect(axiosPost).not.toHaveBeenCalled();
+  expect(spyOnAxiosPost).not.toBeCalled();
 
   // Init
   const result = await sendEmail(from, to, subject, body);
@@ -388,7 +391,7 @@ test('test - sendEmail - [email protected], [email protected], my subject, hello ther
   expect(formDataGetHeaders).toHaveBeenCalledTimes(1);
 
   // Axios
-  expect(axiosPost).toHaveBeenCalledTimes(1);
+  expect(spyOnAxiosPost).toBeCalledTimes(1);
   expect(axios.post).toHaveBeenCalledWith(
     'url/domain/messages',
     { append: formDataAppend, getHeaders: formDataGetHeaders },
@@ -399,7 +402,7 @@ test('test - sendEmail - [email protected], [email protected], my subject, hello ther
       },
     },
   );
-  expect(result).toBe(undefined);
+  expect(result).toStrictEqual({ success: true });
 });
 
 /**
@@ -413,14 +416,16 @@ test('test - sendResetPasswordEmail - [email protected], [email protected], my subjec
   const body =
     '<p>Here is the link to <a href="/asdf1234">reset your password</a>.</p><p><a href="/asdf1234">/asdf1234</a></p>.';
   const basicAuth = Buffer.from(`api:secret`).toString('base64');
+  const spyOnAxiosPost = jest.spyOn(axios, 'post');
 
+  process.env.ENABLE_EMAIL = 'true';
   process.env.MAILGUN_DOMAIN = 'domain';
   process.env.MAILGUN_SECRET_KEY = 'secret';
   process.env.EMAIL_SUBJECT_RESET = subject;
 
   // Pre Expectations
   expect(formData).not.toHaveBeenCalled();
-  expect(axiosPost).not.toHaveBeenCalled();
+  expect(spyOnAxiosPost).not.toBeCalled();
 
   // Init
   const result = await sendResetPasswordEmail(to, 'asdf1234');
@@ -440,7 +445,7 @@ test('test - sendResetPasswordEmail - [email protected], [email protected], my subjec
   expect(formDataGetHeaders).toHaveBeenCalledTimes(1);
 
   // Axios
-  expect(axiosPost).toHaveBeenCalledTimes(1);
+  expect(spyOnAxiosPost).toBeCalledTimes(1);
   expect(axios.post).toHaveBeenCalledWith(
     'url/domain/messages',
     { append: formDataAppend, getHeaders: formDataGetHeaders },
@@ -451,7 +456,7 @@ test('test - sendResetPasswordEmail - [email protected], [email protected], my subjec
       },
     },
   );
-  expect(result).toBe(undefined);
+  expect(result).toStrictEqual({ success: true });
 });
 
 /**
@@ -465,14 +470,15 @@ test('test - sendConfirmAccountEmail - [email protected], [email protected], my subje
   const body =
     '<p>Here is the link to <a href="/asdf1234">confirm your account</a>.</p><p><a href="/asdf1234">/asdf1234</a></p>.';
   const basicAuth = Buffer.from(`api:secret`).toString('base64');
+  const spyOnAxiosPost = jest.spyOn(axios, 'post');
 
   process.env.MAILGUN_DOMAIN = 'domain';
   process.env.MAILGUN_SECRET_KEY = 'secret';
   process.env.EMAIL_SUBJECT_CONFIRM = subject;
 
   // Pre Expectations
   expect(formData).not.toHaveBeenCalled();
-  expect(axiosPost).not.toHaveBeenCalled();
+  expect(spyOnAxiosPost).not.toBeCalled();
 
   // Init
   const result = await sendConfirmAccountEmail(to, 'asdf1234');
@@ -492,7 +498,7 @@ test('test - sendConfirmAccountEmail - [email protected], [email protected], my subje
   expect(formDataGetHeaders).toHaveBeenCalledTimes(1);
 
   // Axios
-  expect(axiosPost).toHaveBeenCalledTimes(1);
+  expect(spyOnAxiosPost).toBeCalledTimes(1);
   expect(axios.post).toHaveBeenCalledWith(
     'url/domain/messages',
     { append: formDataAppend, getHeaders: formDataGetHeaders },
@@ -503,5 +509,5 @@ test('test - sendConfirmAccountEmail - [email protected], [email protected], my subje
       },
     },
   );
-  expect(result).toBe(undefined);
+  expect(result).toStrictEqual({ success: true });
 });