Comments (7)
Hey, @okunoyuki!
Regarding test state, any cookies held by the session should be available from testSession.cookies
(see e.g. this test). supertest-session
is meant to handle cookie-based sessions transparently; if that's broken, there's a bug.
As far as the problem here, I'm not sure exactly what's up. When you have a moment, could you provide a few more details about the implementation and behavior you're seeing?
- what middleware is the app using for session management?
- if you log out
res.headers
after callingGET /login
in the test setup, the_csrf
cookie should be present. Is a session cookie (if expected) present as well? And if so, does it (or its backing datastore) contain the expected values? - finally, if the cookies sent from the
app
look correct, are they also present intestSession.cookies
?
Thanks in advance!
from supertest-session.
Thank you for your quick and kind reply! @rjz
I didn't know about testSession.cookies
but that sounds convenient!
Looks like we use multiple session-related frameworks(express-session and passport). Maybe we shouldn't use both of them at a time?
var passport = require('passport');
app.use(require('express-session')({ secret: 'keyboard cat', resave: false, saveUninitialized: false }));
app.use(passport.session());
For 2, the _csrf cookie exists in res.headers
after calling GET /login
(The following is the output that I got). I assume that I can access 'session cookie' using supertest-session
(I apologize if it's a totally wrong assumption), but I don't know how. Could you show me how to access session?
{ 'cache-control': 'private,no-store,no-cache,must-revalidate,proxy-revalidate',
pragma: 'no-cache',
'set-cookie':
[ '_csrf=XXXXXXXXXXXXXXXXXXXXXXXXXX; Path=/',
'connect.sid=YYYYYYYYYYYYYYYYYYYYYYY; Path=/; HttpOnly' ],
'content-type': 'text/html; charset=utf-8',
'content-length': '1394',
etag: 'W/"572-LEgv480pG9D7SI5tj94/Zg"',
date: 'Mon, 29 Jan 2018 23:36:59 GMT',
connection: 'close' }
For 3, testSession.cookies
had _csrf
cookie with expected values.
from supertest-session.
Got it—thanks, @okunoyuki!
Depending on what backing store you are using with express-session
, it may not be possible (or desirable) to peek into the session from outside the app. But I think we may be able to make this work from the outside.
First thought: since supertest-session
will echo any cookies it receives, try dropping .send('cookie', ...)
from the test setup:
testSession.get('/login')
.end(function(err, res) {
if (err) {
return done(err);
}
testSession.post('/login')
.type('form')
.send({
username: 'xxxxxxxx',
password: 'xxxxxxxx',
})
.end(done);
});
It looks like the session cookie is being attached correctly (you can see it in the HTTP requests, and it should appear in testSession.cookies['connect.sid']
after the initial request). The next thought, then, would be to make sure the session is being restored correctly inside the app. If you log out req.cookies
in the post
routes, the connect.sid
cookie should match the cookie seen inside the tests. If it doesn't, it's possible that something is missing in the express-session
configuration.
from supertest-session.
Thank you! @rjz
I'm sorry I was pretty busy this week and haven't tried you ideas yet.
I'll try them and get back to you next week!
from supertest-session.
@rjz
Thank you for your advice!
It worked without .send('cookie', ...)
. And I found out that there is something wrong with express-session
configuration since the connect.sid
cookie in the post
routes didn't match the one inside the tests.
Since my problem doesn't seem relevant to supertest-session
for now, you can close this issue. Thank you so much!
from supertest-session.
Awesome, @okunoyuki, I'm glad to hear that it's working!
Please do be in touch if you run into any other issues.
from supertest-session.
having the same issue
getting XSRF-TOKEN successfully but when i try to login it shows XSRF-TOKEN mismatch also it is working preety fine on browsers and postman
`const app = require('../../../app.js');
const expect = require('chai').expect;
const request = require('supertest');
var csrfToken;
describe('GET /api/csrf-token', () => {
it('OK, Getting CSRF Token', (done) => {
request(app).get('/api/csrf-token')
.expect(200)
.then((res) => {
const body = res.body;
csrfToken=body.csrfToken;
expect(body).to.contain.property('csrfToken');
done();
})
.catch((err) => done(err));
});
});
describe('POST /api/users/login', () => {
it('OK, Logging in with super admin crediantials', (done) => {
request(app).post('/api/users/login')
.set('Content-Type', 'application/json')
.set("Accept","/")
.set("XSRF-TOKEN",csrfToken)
.set("Cookie","XSRF-TOKEN",csrfToken)
.set("withCredentials",true)
.expect(200)
.send({"email":"[email protected]","password":"abc"})
.expect((res) => {
const body = res.body;
console.log(body);
expect(body.message).to.contain.property('Auth Successful');
expect(body).to.contain.property('token');
done();
})
.catch((err) => done(err));
});
});
`
from supertest-session.
Related Issues (20)
- Version 1.0.0 causes 'process out of memory' HOT 3
- pass envs to application HOT 1
- Use conformant API
- legacySession is completely broken HOT 3
- Use superagent for cookie handling HOT 1
- Chaining problem when calling done inside expect HOT 1
- Promise wrapper method HOT 2
- Clarity in Readme HOT 6
- supertest-session is causing mocha test suite to hang HOT 8
- Tests fail for instantiated app
- Test stops after when use authenticatedSession HOT 2
- NPM Audit report - Supertest version update. HOT 1
- Server sets two cookies during a request, supertest-session persists only one HOT 2
- Dependency declarations missing for clean load in Yarn PnP / Berry HOT 1
- having the same issue HOT 1
- Impossible to write on req.session
- How can I use supertest-session without TypeScript type definitions?
- Missing documentation for manipulating session BEFORE calling methods HOT 4
- Upgrade to use supertest 1.x
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from supertest-session.