Merge verify-token into /entities?token=

Prismatik · Oct 14, 2015 · b99c278 · b99c278
1 parent 975c345
commit b99c278
Show file tree

Hide file tree

Showing 4 changed files with 39 additions and 57 deletions.
diff --git a/controllers/entities.js b/controllers/entities.js
@@ -51,10 +51,17 @@ exports.getAll = function(req, res, next) {
       r.table('entities').filter(entity =>
         entity('emails').contains(decoded.email)).run())
     .then(entities => {
-      res.send(entities)
+      if (!entities || entities.length === 0) {
+        res.send(404);
+      } else {
+        res.send(entities)
+      };
       return next();
     })
-    .catch((e) => next(new restify.ForbiddenError('Invalid Token')))
+    .catch((e) => {
+      if (e.name === 'TokenExpiredError') return next(new restify.UnauthorizedError('Token Expired'));
+      next(new restify.ForbiddenError('Invalid Token'));
+    });
   }
 
   Entity.buildQuery(req.query, req.params).run()

diff --git a/routes/index.js b/routes/index.js
@@ -3,22 +3,8 @@ var restify = require('restify');
 var jwt = require('jsonwebtoken');
 
 module.exports = function(server) {
-  server.post('/verify-token', verifyToken);
-
   _.invoke([
     require('root/controllers/entities'),
     require('root/controllers/login')
   ], 'route', server);
 };
-
-function verifyToken(req, res, next) {
-  if (!req.body.token) return next(new restify.NotFoundError('Missing token.'));
-
-  jwt.verify(req.body.token, process.env.JWT_SECRET, (err, decoded) => {
-    if (err) return next(new restify.BadRequestError(err.message))
-    if (!decoded.email) return next(new restify.NotFoundError('Missing email.'))
-
-    // Note: Add entity.getByEmail or similar and return ok/error response
-    // back to client.
-  });
-};
diff --git a/test/routes.js b/test/routes.js
@@ -10,44 +10,3 @@ const pass = (t, message) => (error) => {
   t.pass(message);
   t.end();
 };
-
-test('verifying token must respond 404 Not Found if token missing', (t) => {
-  request(server)
-  .post('/verify-token')
-  .auth('test', key)
-  .send({})
-  .expect(404, {code: 'NotFoundError', message: 'Missing token.'}, pass(t, 'returned 404 not fond'))
-});
-
-test('verifying token must respond 400 Bad Request if token invalid signature', (t) => {
-  var token = jwt.sign({}, 'nope');
-
-  request(server)
-  .post('/verify-token')
-  .auth('test', key)
-  .send({token: token})
-  .expect(400, {code: 'BadRequestError', message: 'invalid signature'}, pass(t, 'respond invalid signature error'));
-});
-
-test('verifying token must respond 400 Bad Request if token expired', (t) => {
-  var attr = {expiresIn: 1};
-  var token = jwt.sign({}, process.env.JWT_SECRET, attr);
-
-  setTimeout(() => {
-    request(server)
-    .post('/verify-token')
-    .auth('test', key)
-    .send({token: token})
-    .expect(400, {code: 'BadRequestError', message: 'jwt expired'}, pass(t, 'respond jwt expired error'));
-  }, 1100);
-});
-
-test('verifying token must respond 404 Not Found if token email does not exist', (t) => {
-  var token = jwt.sign({}, process.env.JWT_SECRET);
-
-  request(server)
-  .post('/verify-token')
-  .auth('test', key)
-  .send({token: token})
-  .expect(404, {code: 'NotFoundError', message: 'Missing email.'}, pass(t, 'respond missing email error'));
-});
diff --git a/test/spec.js b/test/spec.js
@@ -6,6 +6,7 @@ var request = require('supertest');
 var _ = require('lodash');
 var entities = require('root/test/fixtures/entities');
 var r = require('root/lib/r');
+var jwt = require('jsonwebtoken');
 
 const key = process.env.API_KEY;
 
@@ -169,6 +170,35 @@ test('it should not return any Entity given an invalid token', function(t) {
   .expect(403, pass(t, 'return 403 forbidden'))
 });
 
+test('it should respond 404 for a valid token that contains a non-existent email', (t) => {
+  var token = jwt.sign({email: '[email protected]'}, process.env.JWT_SECRET);
+  request(server)
+  .get('/entities?token='+token)
+  .auth('test', key)
+  .expect(404, pass(t, 'return 404 not found'))
+});
+
+test('it should respond 401 Unauthorized if token expired', (t) => {
+  var attr = {expiresIn: 1};
+  var token = jwt.sign({}, process.env.JWT_SECRET, attr);
+
+  setTimeout(() => {
+    request(server)
+    .get('/entities?token='+token)
+    .auth('test', key)
+    .expect(401, pass(t, 'return 401 unauthorized'))
+  }, 1100);
+});
+
+test('it should respond 403 Forbidden if token invalid signature', (t) => {
+  var token = jwt.sign({}, 'nope');
+
+  request(server)
+  .get('/entities?token='+token)
+  .auth('test', key)
+  .expect(403, pass(t, 'return 403 Forbidden'))
+});
+
 test('it should return the Entity associated with a valid email', function(t) {
   const entity = genEntity();