1
00:00:00,180 --> 00:00:06,450
You've used a super test to test the sign up route which creates data and the lag in route which needs

2
00:00:06,450 --> 00:00:08,730
existing data to be in place.

3
00:00:08,760 --> 00:00:14,490
In this lesson you're going to learn how to test an endpoint that requires authentication in order to

4
00:00:14,490 --> 00:00:21,630
work such as the end point for getting your user profile or the endpoint for deleting and closing your

5
00:00:21,630 --> 00:00:22,620
account.

6
00:00:22,710 --> 00:00:30,450
So to get this done we need an authentication token that super test in our test cases can actually access

7
00:00:30,780 --> 00:00:32,630
much like our test cases.

8
00:00:32,730 --> 00:00:36,300
Access to the user's credentials down below.

9
00:00:36,300 --> 00:00:40,430
So what we're going to do is start by modifying the data up here.

10
00:00:40,470 --> 00:00:46,980
We want to make sure that when we save this user to the database they have an authentication token that

11
00:00:46,980 --> 00:00:49,650
can be used by our test cases.

12
00:00:49,650 --> 00:00:53,250
Note to get this done we'll need to do two very important things.

13
00:00:53,250 --> 00:00:59,790
First stop will need to generate our own object I.D. for this user will need to know what the I.D. is

14
00:00:59,790 --> 00:01:06,120
ahead of time so we can actually create the correct token and then two will have to create the token.

15
00:01:06,120 --> 00:01:10,280
So up above let's go ahead and load in the additional stuff we're gonna need.

16
00:01:10,290 --> 00:01:15,330
And don't worry in a couple of videos we'll talk about how we can better structure things so it's not

17
00:01:15,360 --> 00:01:17,110
all in a single file.

18
00:01:17,220 --> 00:01:24,900
For now though we'll go ahead and load in first JWT so I can generate that Jason web token so I'll load

19
00:01:24,930 --> 00:01:26,480
that NPM library in.

20
00:01:26,490 --> 00:01:32,880
Which is already installed and next up we're going to load in Mongoose so we can actually generate our

21
00:01:32,880 --> 00:01:38,020
very own object I.D. right here requiring that library.

22
00:01:38,160 --> 00:01:39,270
Perfect.

23
00:01:39,270 --> 00:01:40,380
No down below.

24
00:01:40,380 --> 00:01:42,920
Let's start by creating the I.D..

25
00:01:42,960 --> 00:01:51,810
I'm gonna create a new variable called User 1 I.D. and we're gonna use Mongoose to generate a new I.D.

26
00:01:51,810 --> 00:01:53,960
And we do that using the following code.

27
00:01:53,970 --> 00:02:02,690
The new operator with the following that is Mongoose dot capital T types dot object I.D..

28
00:02:02,790 --> 00:02:04,320
Just like that.

29
00:02:04,410 --> 00:02:10,350
Now the reason I'm creating this as a standalone variable outside of this object is because I need to

30
00:02:10,350 --> 00:02:12,050
use it in two places.

31
00:02:12,180 --> 00:02:16,380
I'll be using it once right here as the I.D. for the user.

32
00:02:16,380 --> 00:02:24,420
So user 1 I.D. and I'll be using it again when I actually add tokens to the user we create.

33
00:02:24,450 --> 00:02:31,590
So right here I'll add a comma after password and we'll set up a tokens array so we can give this user

34
00:02:31,590 --> 00:02:33,900
and authentication token which we can use.

35
00:02:33,900 --> 00:02:37,200
That's the whole purpose of doing this right here.

36
00:02:37,200 --> 00:02:44,020
We're gonna set up that token property and we're going to create a new Jason web token and using JWT

37
00:02:44,040 --> 00:02:48,990
dot sign exactly like we would've done from anywhere else in our app.

38
00:02:48,990 --> 00:02:55,320
Now to create a valid one all we do is provide the I.D. like we've been doing before.

39
00:02:55,320 --> 00:03:07,850
User 1 I.D. And we also provide these secret process dot EMV dot right here JWT underscore secret now

40
00:03:07,850 --> 00:03:14,450
that we have this in place when our test user gets created we will have an I.D. and a token associated

41
00:03:14,450 --> 00:03:17,700
with that user that we can take advantage of.

42
00:03:17,750 --> 00:03:23,270
Now if I save things in their current state I would expect everything to be working as expected.

43
00:03:23,390 --> 00:03:28,430
Right here my test cases are running and I have nine passing tests.

44
00:03:28,430 --> 00:03:36,410
That means down below we can actually go ahead and use this token to create a new test case that interacts

45
00:03:36,410 --> 00:03:40,970
with one of our endpoints that requires authentication down below.

46
00:03:40,970 --> 00:03:46,450
Let's go ahead and start with the end point for fetching the user's profile.

47
00:03:46,500 --> 00:03:50,710
Well let's get started with our first test case we can pick a name for this one.

48
00:03:50,720 --> 00:03:58,720
Something like should get profile for user and we'll set it up as an async function.

49
00:03:58,760 --> 00:04:03,440
And the first and pretty much only thing we're going to do inside of here like our other test cases

50
00:04:03,440 --> 00:04:05,300
is use super test.

51
00:04:05,450 --> 00:04:12,250
So I will call request I'll pass in the Express app and this time to get the profile.

52
00:04:12,260 --> 00:04:18,180
It is a get h TTP request instead of post so I will use get from there.

53
00:04:18,200 --> 00:04:24,210
We're gonna go ahead and provide the path that is forward slash users forward slash me.

54
00:04:24,230 --> 00:04:27,690
Now we can go ahead and send that off by calling send.

55
00:04:27,770 --> 00:04:29,510
We can leave this as empty.

56
00:04:29,510 --> 00:04:33,140
There is no need to provide a request body.

57
00:04:33,410 --> 00:04:39,110
And last up we'll expect something I'll expect that I get a two hundred back when things go well.

58
00:04:39,290 --> 00:04:44,030
Now the problem here is that at no point do we set up the authentication header.

59
00:04:44,030 --> 00:04:47,630
So if we did try to run this we would not get a two hundred back.

60
00:04:47,660 --> 00:04:54,170
We can see down below this one new test is failing what we need to do is tell Super Test we want to

61
00:04:54,170 --> 00:05:00,470
set the authorization header now to do this I'm going to restructure the code a little bit when we work

62
00:05:00,470 --> 00:05:03,030
with an API that has a lot of chaining.

63
00:05:03,080 --> 00:05:06,380
There are a lot of different ways people seem to structure it.

64
00:05:06,440 --> 00:05:11,440
In general it's a good idea to keep the different method calls on their own line.

65
00:05:11,510 --> 00:05:13,730
So this allows you to stay a bit organized.

66
00:05:13,820 --> 00:05:18,150
So something like this is clear and easy to pass mentally.

67
00:05:18,230 --> 00:05:20,340
So we'll use an approach like this.

68
00:05:20,360 --> 00:05:24,320
You could also leave the first method call on the original line.

69
00:05:24,470 --> 00:05:27,370
You'll see some people use something like this as well.

70
00:05:27,410 --> 00:05:29,610
It's not important which one you use.

71
00:05:29,630 --> 00:05:32,510
It's important though that you do go ahead and stay consistent.

72
00:05:32,510 --> 00:05:37,130
Now yes we have some inconsistencies we'll address those in a little bit.

73
00:05:37,130 --> 00:05:41,220
For now I'll go ahead and leave each method call on its own line.

74
00:05:41,270 --> 00:05:47,870
Perfect so to set the header we use these set method and we want to use it before we send the request

75
00:05:47,930 --> 00:05:48,280
off.

76
00:05:48,320 --> 00:05:50,120
So I'll use it right here.

77
00:05:50,120 --> 00:05:53,750
That is dot set and we provide to it to arguments.

78
00:05:53,750 --> 00:06:00,830
The first is the name of the header we're trying to set in our case as we know that is authorization.

79
00:06:00,890 --> 00:06:04,140
And the second is the value we're trying to set.

80
00:06:04,160 --> 00:06:07,000
Now this is going to include our token.

81
00:06:07,040 --> 00:06:14,000
So I'll go ahead and stick with a template string here and we start off with bearer space followed by

82
00:06:14,000 --> 00:06:19,850
that token right here inside of the template string I'll use the syntax for injecting a value and the

83
00:06:19,850 --> 00:06:22,300
value is stored on user 1.

84
00:06:22,460 --> 00:06:25,310
It is user 1 dot tokens.

85
00:06:25,310 --> 00:06:26,400
That's an array.

86
00:06:26,570 --> 00:06:29,990
We'll grab the first one and we'll access the token property.

87
00:06:30,290 --> 00:06:33,920
So this right here is exactly what we had set up up above.

88
00:06:33,920 --> 00:06:37,880
It is the value that comes back from JWT a dot sign.

89
00:06:38,390 --> 00:06:44,780
Now this is going to work if what if the server confirms that this token is valid.

90
00:06:44,840 --> 00:06:49,790
It's not expired and it's actually stored in the tokens array for that user.

91
00:06:49,940 --> 00:06:56,420
If I save the user test suite it's going to rerun everything and hopefully we are back to a completely

92
00:06:56,450 --> 00:07:01,520
passing test suite and we are 10 of 10 passing tests.

93
00:07:01,610 --> 00:07:06,830
So what you set to set up headers and the only time we're gonna use that in this class is when we're

94
00:07:06,830 --> 00:07:10,350
trying to set our authorisation header.

95
00:07:10,580 --> 00:07:17,450
Now down below let's go ahead and create a test case for ensuring that things fail when you're not authenticated

96
00:07:17,480 --> 00:07:19,500
and you're trying to fetch the profile.

97
00:07:19,610 --> 00:07:23,870
Then there'll be a challenge for you to test a different endpoint on your own.

98
00:07:23,870 --> 00:07:33,340
So right here test should not get profile or on authenticated user.

99
00:07:33,520 --> 00:07:39,370
And then we'll set it up as an async function and down below we'll actually go through that process.

100
00:07:39,400 --> 00:07:41,920
So very similar to what we had above.

101
00:07:41,920 --> 00:07:50,840
I'll use a wait calling request passing in the Express app on the next line dot get forward slash users

102
00:07:50,840 --> 00:07:52,570
forward slash me.

103
00:07:52,700 --> 00:07:56,720
Then we're gonna go ahead and send that one off without any token.

104
00:07:56,720 --> 00:08:00,070
And we are going to expect a 4 0 1.

105
00:08:00,080 --> 00:08:06,050
That is the status code we get back when our off middleware can't validate the authentication being

106
00:08:06,050 --> 00:08:07,100
provided.

107
00:08:07,100 --> 00:08:08,890
So right here none is provided.

108
00:08:08,900 --> 00:08:15,320
I would definitely expect a for one and I'm going to save things for the final time and make sure we

109
00:08:15,320 --> 00:08:19,400
now see 11 passing tests and that is exactly what we're getting.

110
00:08:19,970 --> 00:08:26,330
So now it's challenge time you'll be writing to test cases for the endpoint that allows users to close

111
00:08:26,330 --> 00:08:27,390
their account.

112
00:08:27,410 --> 00:08:30,430
Let's go ahead and talk about what I'd like you to do right here.

113
00:08:30,440 --> 00:08:33,750
You're going to be setting up two tests for deleting accounts.

114
00:08:33,770 --> 00:08:38,450
One is gonna make sure it works when you're authenticated and the other will make sure it fails when

115
00:08:38,450 --> 00:08:40,150
you're not authenticated.

116
00:08:40,160 --> 00:08:44,320
So the first one could be called something like should delete account for user.

117
00:08:44,360 --> 00:08:49,070
In this case you do want to set up the authentication header and you want to make sure you get that

118
00:08:49,070 --> 00:08:49,550
correct.

119
00:08:49,550 --> 00:08:51,110
Success status code.

120
00:08:51,110 --> 00:08:57,860
Back now to actually make the request instead of using post or get you'll use the delete method provided

121
00:08:58,040 --> 00:09:00,040
that's the same method we set up.

122
00:09:00,110 --> 00:09:05,150
We delete account and point with the TTP delete method.

123
00:09:05,150 --> 00:09:10,910
Next up you'll create the second test should not delete account for an authenticated user.

124
00:09:10,910 --> 00:09:16,420
In this case you will not provide the off header but you will expect the correct status code.

125
00:09:16,430 --> 00:09:22,730
Given the fact that they're not authenticated and finally you'll test your work you should have 13 passing

126
00:09:22,730 --> 00:09:25,360
tests when all is said and done.

127
00:09:25,370 --> 00:09:30,710
Now if you need to jog your memory about exactly what status codes you're going to get back or how that

128
00:09:30,710 --> 00:09:31,850
endpoint works.

129
00:09:31,850 --> 00:09:36,200
Feel free to pull up that code that's not violating the challenge rules.

130
00:09:36,290 --> 00:09:41,150
You're allowed to use anything we've done in the course so far in order to solve these.

131
00:09:41,180 --> 00:09:45,070
Take some time to get it done when you're done come back and click play

132
00:09:49,080 --> 00:09:49,890
how that go.

133
00:09:49,890 --> 00:09:51,450
Let's get to it up above.

134
00:09:51,450 --> 00:09:58,650
I'm going to add the first of those two test cases we'll just go one at a time right here test the following

135
00:09:58,650 --> 00:10:03,570
name or something similar should delete account for user.

136
00:10:03,630 --> 00:10:05,510
We want to make sure that works.

137
00:10:05,610 --> 00:10:10,920
Now in a couple of videos we'll get into more advanced assertions where we could do something like see

138
00:10:10,920 --> 00:10:13,470
if there's actually no account in the database.

139
00:10:13,470 --> 00:10:19,260
For now though just going off of the response is status code will get us started.

140
00:10:19,290 --> 00:10:24,320
So a sync right here we are going to use super test.

141
00:10:24,320 --> 00:10:31,880
So I will use a wait I'll call request passing in the app and we'll set up things using delete with

142
00:10:31,880 --> 00:10:37,970
the following path that is forward slash users forward slash me to delete your own account.

143
00:10:37,970 --> 00:10:40,990
Now in this case I do want to provide authentication.

144
00:10:41,000 --> 00:10:45,770
So right here dot set setting up that header authorization

145
00:10:48,380 --> 00:10:49,730
with the following value.

146
00:10:49,760 --> 00:10:58,430
Once again bearer space followed by the token that is user 1 and Dot tokens grabbing the first item

147
00:10:58,460 --> 00:11:03,340
in that array was not the one with the index of nine index of 0.

148
00:11:03,590 --> 00:11:06,830
Then accessing the token property on it.

149
00:11:06,830 --> 00:11:13,070
Now with that in place we should be able to continue on actually sending this off and asserting something

150
00:11:13,070 --> 00:11:14,470
about the response.

151
00:11:14,570 --> 00:11:17,350
So right here dot send it to send it off.

152
00:11:17,360 --> 00:11:19,620
No request body necessary.

153
00:11:19,730 --> 00:11:27,170
And then Don expect to expect something about these status code that would be a 200 if it's deleted.

154
00:11:27,170 --> 00:11:34,330
Now we can go ahead and save things and we can test out this one test case before adding multiple it's

155
00:11:34,340 --> 00:11:34,910
passing.

156
00:11:34,900 --> 00:11:38,380
So now we can continue on to the other one right here.

157
00:11:39,040 --> 00:11:47,690
Another test test should not delete account bore on authenticated user

158
00:11:50,370 --> 00:11:51,100
Excellent.

159
00:11:51,240 --> 00:11:59,160
We'll set it up as an async function and we'll go ahead and use Super Test await a call to request passing

160
00:11:59,160 --> 00:12:00,570
in the app.

161
00:12:00,570 --> 00:12:06,370
Once again still using delete and still using forward slash users forward slash me.

162
00:12:06,540 --> 00:12:12,450
After that though no header we're just gonna send things off without any sort of authentication and

163
00:12:12,450 --> 00:12:16,240
I will expect in that case to get a 4 0 1 back.

164
00:12:16,290 --> 00:12:22,290
Now we just need to test our work for that second and test case so I'll remove the challenge comments

165
00:12:22,620 --> 00:12:26,310
I can save the file and we'll see what we get down below.

166
00:12:26,310 --> 00:12:29,520
I would be expecting I believe 13 or 14.

167
00:12:29,520 --> 00:12:30,640
There it is 13.

168
00:12:30,780 --> 00:12:32,670
Passing tests.

169
00:12:32,730 --> 00:12:35,500
So now we know how to use super tests.

170
00:12:35,730 --> 00:12:41,200
Excuse me Super Test singular with our endpoints that require authentication.

171
00:12:41,220 --> 00:12:45,730
This is going to allow us to test everything else we have in our application.

172
00:12:45,750 --> 00:12:51,600
We could test the ability to create tasks edit them or delete them though in the next video.

173
00:12:51,600 --> 00:12:59,070
What I want to do is not necessarily test new endpoints but explore how we can add more assertions to

174
00:12:59,160 --> 00:13:04,980
endpoints like this one for example asserting that we get an authentication token back.

175
00:13:05,190 --> 00:13:08,600
We'll start to talk about how we can do that in the next lesson.

176
00:13:08,610 --> 00:13:10,620
I'm excited to get to it and I'll see you then.