Test GraphQl passport Context

Question

Okey, this is the repo

What I want to do: Test my protected routes.

Currently, the security of the app is handle by passport, with this strategy: graphql-passport. I am running my rests with supertest (for the request) and jest

When I build the Apollo Server, i use it to create the context:

import { buildContext } from 'graphql-passport';

const server = new ApolloServer({
  typeDefs,
  resolvers,
  context: ({ req, res }) => {
    return buildContext({ req, res, User })
  },
  playground: {
    settings: {
      'request.credentials': 'same-origin',
    },
  },
});

This allows me to get the user from the request. Like any authentication with passport works.

passport.use(
    new GraphQLLocalStrategy((email, password, next) => {
        console.log(`  GraphQLLocalStrategy ${email}   ‍♂`)
        User.findOne({ email })
            .then(user => !user
                ? next(null, false, 'Invalid email or password')
                : user.checkPassword(password) //bcrypt
                        .then(match => !match
                            ? next(null, false, 'Invalid email or password')
                            : next(null, user)
                        )
            )
            .catch(error => next(error))
    }),
);

So far, it works good enough. For every test that i run, I can see my GraphQLLocalStrategy ${email} ‍♂ being called. Good!.

For some mutations, like login and update user profile, i am able to do this: user.mutations.test.js

// * Login for add the user in the context
      agent
        .post("/graphql")
        .send({ query: ` mutation {
          ${loginQuery(email)}
          ${updateFirstName}
        }`})
        .set("Accept", "application/json")
        .end((err, {body:{data, errors}}) => {
          if (err) return done(err);
          const {updateUser} = data;
          expect(updateUser).toBeInstanceOf(Object);
          expect(updateUser.email).toBe(email);
          expect(updateUser.firstName).toBe(newName);
          expect(updateUser.rol).toBe("patron");
          UserFields.map(checkFields(updateUser));
          done();
        })

So, in one query, I can send the login mutation and then run the update the first name mutation. Both, works good enough, and according to passport I am logged and I can update the user profile.

What is the issue?? I want to run a loging mutation and after that run a query to get all users.

But, ofcourse, I can not run both at the same time in the request(app).post("/graphql").send() It has to be a one or multiple mutations or a queries... but not both.

The other idea, who doesnt work, is run one, and in the response, run the second one, like this:

  const agent = request(app);
  agent
    .post("/graphql")
    .send({ query: `mutation { ${loginQuery(email)} }`})
    .end((err, {body:{data}}) => {
      if (err) return done(err);
      agent
        .post("/graphql")
        .send({ query: `query { getGuestsQuery() }`})
...

If I try to ask in a second request for a protected route, there is not a way to know that i was authenticated, at least not automatically... Can I make an authenticated request here with supertest

**How can I tell to my tested application that I am authenticated???? **

Answer 1

test("fetch all Guests", async (done) => {
  const userAdmin = await User.findOne({rol:"admin"}).exec();
  if(!userAdmin) return done('no admin users for testing');
  const agent = request.agent(app);

  agent
    .post('/graphql')
    .send({ query: ` mutation { ${loginQuery(userAdmin.email)} }`})
    .expect(200)
    .end((err, res) => {
      if (err) return done(err);

    agent
      .post("/graphql")
      .send({query: `{ getGuests { ${GuestInput.join(' ')} } }`})
      .set("Accept", "application/json")
      .expect("Content-Type", /json/)
      .expect(200)
      .end((err, {body:{data}}) => {
        if (err) return done(err);
        expect(data).toBeInstanceOf(Object);
        const {getGuests} = data;
        expect(getGuests).toBeInstanceOf(Array);
        getGuests.map(user => GuestInput.map(checkFields(user)))
        done();
      });
  });
});