I am writing an integration test for a REST API protected by a jwt
.
One API operation POST /user/token
is returning a jwt
given a username
and a password
and this token is then used for a list of operations such as:
GET /user/:id
Where the route is using jwt({secret: secret.secretToken})
, so the token is included into the HTTP header Authorization
.
When testing with supertest, I can have nested testing but I want to first get the token, then use this token for testing other operations.
POST /user/token => 12345
GET /user/:id, `Authorization Bearer 12345`
GET /user/:foo, `Authorization Bearer 12345`
How to avoid generating a new token for every operation testing (see below) but use only a single one generate by POST /user/token.
it('should get a valid token for user: user1', function(done) {
request(url)
.post('/user/token')
.send({ _id: user1._id, password: user1.password })
.expect(200) // created
.end(function(err, res) {
// test operation GET /user/:id
You want to perform single POST to /user/token
and then use the token received in every test case? If so, then use the before
hook of the test framework you are using (Mocha?) and store the token to a variable, e.g.
describe('My API tests', function() {
var token = null;
before(function(done) {
request(url)
.post('/user/token')
.send({ _id: user1._id, password: user1.password })
.end(function(err, res) {
token = res.body.token; // Or something
done();
});
});
it('should get a valid token for user: user1', function(done) {
request('/get/user')
.set('Authorization', 'Bearer ' + token)
.expect(200, done);
});
});