notAnymore/Udemy API

Make authentication API with TDD [express]

mooonQ 2020. 5. 25. 10:45

The first thing I will do is defining User model. after this, authentication process is wating(login, sign up, etc).


Let's just put minimum fieds that we need. [name, email, role, password]

const mongoose = require('mongoose');
const bcrypt = require('bcryptjs');		// used when hashing password.

const UserSchema = new mongoose.Schema({
	name: {
		type: String,
		required: [true, 'Please add a name']
	email: {
		type: String,
		required: [true,'Please add an email'],
		unique: true,
		match: [
      	'Please add a valid email'
	role: {
		type: String,
		enum: ['user', 'instructor'],
		defalut: 'user'
	password: {
		type: String,
		required: [true, 'Please add a password'],
		minlength: 6,
		select: false
	createdAt: {
		type: Date,

UserSchema.pre('save', async function(next) {	// pre middleware
    if (!this.isModified('password')) {

    const salt = await bcrypt.genSalt(10);
    this.password = await bcrypt.hash(this.password, salt);

module.exports = mongoose.model('User', UserSchema);

To do hash, we need to install 'bcryptjs'

> npm install bcryptjs

"pre('save', ~);" is a middleware process before saving user model. In this case, this hashs inputed password.


now we defiend minimum user modelSchema. so the next, we just make directorys controllers, routes.

const User = require('../models/User');
const express = require('express');
const router = express.Router();

module.exports = router;

Connect route.


//Route files
const auth = require('.routes/auth');

//Mount routers
app.use('/api/v1/auths', auth);

If http request "/api/v1/auths/" comes, goes to udemy/routes/auth.js file.

Now then It is time to make Test Code first time.

we will use mocha, chai, supertest for test. Install these.

> npm install mocha supertest chai

then put in package.json

"script": {
    "test": "mocha"		// put this code.

Test Requirement: POST /register()

Register User
- If input valid datas client can create new user. 200 success.
- If input invalid datas, 400 error occurs.
- If input same email already exist, 409 error occurs.

Make file "/udemy/tests/user.spec.js". and bring utils.


const User = require('../models/User');
const request = request("supertest");
const expect = require("chai").expect;
const app = require("../server"); // connect with application.

Next is making test code.

describe("/api/v1/auth", () =>
  beforeEach(async () => {
    await User.deleteMany({});
  describe("POST /", () => {
    // success register
    it("[Success] register/create a user", async () => {
      const res = await request(app)
          name: "test",
          email: "",
          password: "123412345",
          role: "user"
    it("[Fail] invalid input", async() => {
      const res = await request(app)
          name: "test",
          email: "testgamilcom",
          password: "1234556",
          role: "user"
      it("[Fail] duplicated error", async () => {
       const user = {
            name: "test", email: "", password: "123456", role: "user"};
            await User.insertMany(user);
            const res = await request(app)
                name: "test",
                email: "",
                password: "123456",
                role: "user"
            expect(res.body.error)'Duplicate field value entered');

If we do test with this console "npm test tests/user.spec.js", We got this log.

PS C:\Users\moonq\Desktop\udemy> npm test tests/user.spec.js

> udemy@1.0.0 test C:\Users\moonq\Desktop\udemy
> mocha --timeout 10000 "tests/user.spec.js"

Server running in development mode on port 5000

    POST /
MongoDB Connected:
POST /api/v1/auth/regitser 404 1.813 ms - 160
      1) should register/create a user

  0 passing (3s)
  1 failing

  1) api/v1/auth
       POST /
         should register/create a user:

      AssertionError: expected 404 to equal 200
      + expected - actual


      at Context.<anonymous> (tests\user.spec.js:27:35)
      at processTicksAndRejections (internal/process/task_queues.js:97:5)

Test is done with fail. but it is work! So let's make "auth controller" to get expecting result.

Just made "register methods" in auth Controller.

const User = require('../models/User');
const asyncHandler = require('../middlewares/async');

exports.register = asyncHandler(async(req, res, next) => {
  const {name, email, role, password } = req.body;
  const user = await User.create({

Test passed!


Test Requirement: login(), logout()

- If input valid data(email, password), client gets token.
- If input invalide data(email, password), 400 error occur.

- If request GET /logout, success, and client lose token.(make token to none)

Make test code.

describe("POST /login", async () => {
  it("[Success] login", async () => {
  	const user = {
      name: "test", email: "", password: "123456", role: "user"
    await User.create(user);
    const res = await request(app)
        	email: "",
            password: "123456"
  it("[Fail] Incorrect email or password", async () => {
      const user = { name: "test",
      				 email: "", 
                     password: "1234566", 
                     role: "user"

      await User.create(user);
      const res = await request(app)
                email: "",
                password: "0000000"
      expect(res.body.error)'Invalid credentials');
describe("GET /logout", async () => {
    it("[Success] logout", async () => {
       const user = {
       	 name: "test", email: "", password: "1234566", role: "user"
	   await User.create(user);
       const res = await request(app)

Then let's make controller methods to pass test.

exports.login = asyncHandler( async (req, res, next) => {
    const { email, password } = req.body;

    // Validate email & password
    if (!email || !password) {
        return next(new ErrorResponse('Please provide an email ans password', 400));

    // Check for user 
    const user = await User.findOne({ email }).select('+password');

    if (!user) {
        return next(new ErrorResponse('Invalid credentials', 401));

    // check if password matches
    const isMatch = await user.matchPassword(password);

    if (!isMatch) {
        return next(new ErrorResponse('Invalid credentials', 401));

    sendTokenResponse(user, 200, res);

exports.logout = asyncHandler( async (req, res, next) => {
    res.cookie('token', 'none', {
        expires: new Date( + 10 * 1000),
        httpOnly: true

        success: true,
        token: 'none'


UserSchema.methods.matchPassword = async function(enteredPassword) {
    return await, this.password);


Test Requirement: GET /getMe()

- If client request with valid token, client get self data.

- If client requet with invalid token, 401 error occurs

