We have an error middleware in our app for handling uncaught errors throughout our application. Let’s write our first test case for handling an UnauthorizedError which our authentication abstraction throws when someone attempts to access data they shouldn’t.

Test Node.js Backends

Write a Unit Test for Handling an UnauthorizedError

Presenter: [00:00] All right. We want to get this middleware tested. There are three cases that we're going to be testing for. Let's go ahead and get started by following barry the bombs advice in getting rid of that.

[00:10] We're going to need these things. I'll just pull those in. That's our `UnauthorizedError` that we're going to get from `express-jwt`, and then the `errorMiddleware`, which is the thing that we're going to be testing.

#### error-middleware.exercise.js

```javascript
import {UnauthorizedError} from 'express-jwt'
import `errorMiddleware` from '../error-middleware'
```

[00:19] First, we're going to start with the `UnauthorizedError` case. For that one, we're going to say `test` that...What does it do here? We're going to respond with a 401. It's also going to be calling .json. Here we'll say `responds with 401 for express-jwt UnauthorizedError`.

```javascript
test("responds with 401 for express-jwt UnauthorizedError", () => {});
```

[00:39] For this, we're going to be calling the `errorMiddleware` with an `error`, a request, a response, and a `next`. These are going to be fake versions of those things because we're not going to be setting up an entire Express app and then mounting this `errorMiddleware`, whatever. We're not going to be doing that.

[00:53] We're just going to be calling this middleware function with some fake versions of these things.

[00:58] The `error` we know, it needs to be an instance of an `UnauthorizedError`. Let's go ahead and create that. Make our `error` a new `UnauthorizedError` and that `UnauthorizedError` and it looks like Marty the Money Bag has come to save the day with this.

[01:12] Let's go ahead and uncomment those. We'll get rid of Marty here and that's going to give us our `error`, which is a new `UnauthorizedError`. Here's our error `code` and our error `message` here.

```javascript
test("responds with 401 for express-jwt UnauthorizedError", () => {
  const error = new UnauthorizedError("some_error_code", {
    message: "some message"
  });
});
```

[01:23] Our response is going to be this object. This object has a `json` and a `status`

```javascript
test("responds with 401 for express-jwt UnauthorizedError", () => {
  const error = new UnauthorizedError("some_error_code", {
    message: "some message"
  });
  const res = { json: `jest`.fn(() => res), status: `jest`.fn(() => res) };
});
```

and here, we're going to be calling their `status` and our `json` methods on that response.

#### error-middleware.js

```javascript
else if (error instanceof UnauthorizedError) {
    res.status(401)
    res.json({code: error.code, message: error.message})
  }
```

[01:33] One reason why Marty the Money Bag is telling us to just make it this one object that has this fake functions that return the response itself is because the Express API allows you to chain these things. You want to make your mock version of this response object look as close to the real deal as possible. That's why it's creating this `jest` function that returns the response, so that these functions are chainable.

[01:56] We're also going to need a request object here, so let's take a look. We're not actually using the request object. We'll just go ahead and we'll create a request object here.

#### error-middleware.exercise.js

```javascript
const req = {};
```

[02:06] Finally, we have a `next` function here, but that's not being used either. Let's just make it a fake `next` that is a `jest` function here, like that.

```javascript
const next = jest.fn();
```

[02:16] We'll go ahead and call our `errorMiddleware`. We'll say `errorMiddleware`. We'll call it with the `error`, the request, the response, and the `next` function. Then we just need to make sure that the `errorMiddleware` handles each one of these properly.

```javascript
test("responds with 401 for express-jwt UnauthorizedError", () => {
  const req = {};
  const next = jest.fn();
  const error = new UnauthorizedError("some_error_code", {
    message: "some message"
  });
  const res = { json: `jest`.fn(() => res), status: `jest`.fn(() => res) };
  errorMiddleware(error, req, res, next);
});
```

[02:28] First off, it would be good for us to make sure that the `next` function is not called because that would be a problem. Like if that showed up right there somehow or if somebody accidentally put it right here, that could be a problem. We don't want that to happen.

[02:42] What I'm going to do is do a little bit of defensive testing here. We'll say, `expect` `next` not to have been called.

```javascript
expect(next).not.toHaveBeenCalled();
```

We don't want it to have been called at all. Then we do expect our `res.status` to be called with `401` and our `res.json` to be called with `error.code` property and the `error.message` property.

[03:01] The `error.code` property gets added by `UnauthorizedError` as this code right here. That's what we going to do here. We'll `expect` `res.json` to have been called with an object that has a `code` and a `message`. That `code` is going to be the `some_error_code` right here and that `message` is going to be the `Some Message` right here.

```javascript
expect(res.json).toHaveBeenCalledWith({
  code: "some_error_code",
  message: "some message"
});
```

[03:24] Then we are also going to `expect` `res.status` to have been called with `401`.

```javascript
expect(res.status).toHaveBeenCalledWith(401);
```

We'll save that pop up in our test and, boom, we've got a passing test.

![Passing Test](https://res.cloudinary.com/dg3gyk0gu/image/upload/v1575569288/transcript-images/07_scikit-learn-write-a-unit-test-for-handling-an-unauthorizederror-passing.jpg)

[03:36] Let's just make sure that this test can indeed fail. We are testing the thing that we think we are. By making this break, we change this to a `404` and, poof, our test does break.

![404](https://res.cloudinary.com/dg3gyk0gu/image/upload/v1575572533/transcript-images/07_scikit-learn-write-a-unit-test-for-handling-an-unauthorizederror-404.jpg)

[03:47] Expected a `401` we've got a `404`. Perfect. We are testing what we think we are. We could go ahead and change that and make sure that that is failing as well which is great.

[03:55] There are couple enhancements I want to make to this test before we move on.

[03:58] That is, it would be not a good a thing if I did something like this, but there's nothing about my test that would prevent me from doing something like that.

#### error-middleware.js

```javascript
function errorMiddleware(error, req, res, next) {
  if (res.headersSent) {
    next(error)
  } else if (error instanceof UnauthorizedError) {
    res.status(401)
    res.status(401)
    res.status(401)
    res.status(401)
    res.status(401)
    res.status(401)
    res.json({code: error.code, message: error.message})
  } else {
    res.status(500)
    res.json({
      message: error.message,
      // we only add a `stack` property in non-production environments
      ...(process.env.NODE_ENV === 'production' ? null : {stack: error.stack}),
    })
  }
```

[04:07] Let's go ahead and make sure that can't happen. We'll say, `expect` `res.status` to have been called times once and only once."

#### error-middleware.exercise.js

```javascript
expect(res.status).toHaveBeenCalledTimes(1);
```

We save that and we get a failure.

![Called Once Failure](https://res.cloudinary.com/dg3gyk0gu/image/upload/v1575572533/transcript-images/07_scikit-learn-write-a-unit-test-for-handling-an-unauthorizederror-called-once-failure.jpg)

[04:18] That's awesome. We can get rid of those calls. We've made sure that we aren't calling `res.status` more than one time.

[04:25] That's something that I always do, on mock functions, is not only do you verify that it was called with what you think it was called, but that it was called exactly the number of times you expect it to have been called.

[04:36] We're going to do the same thing for our `res.json`. `expect` `res.json` to have been called times once and only once.

```javascript
expect(res.json).toHaveBeenCalledTimes(1);
```

Awesome. We've got a passing test.

[04:48] Another thing that I noticed in here is we have a little bit of duplication. I'm going to actually clean that up just a tiny bit by making it `code` variable and extracting this out through our `code` variable.

[04:59] We'll also make a `message` variable. We'll pull this out through to be our message. Then, we can just put that on one line.

```javascript
const error = new UnauthorizedError(code, { message });
```

[05:07] Here, we can reference the `code` above and the `message` above.

```javascript
expect(res.json).toHaveBeenCalledWith({
  code,
  message
});
```

That actually makes things read a lot clearer because we say, "OK, whatever this `code` and the `message` doesn't really matter so long as it's the same code and message that we are getting for the `UnauthorizedError`."

[05:24] We can actually take this a step even further to make this communicate even more clearly by saying the `code` is whatever that `error.code` is, and the `message` is whatever the `error.message` is.

```javascript
expect(res.json).toHaveBeenCalledWith({
  code: error.code,
  message: error.message
});
```

[05:36] What this is doing is we're using our test to communicate to future maintainers of this test what's important about what we're testing.

[05:45] What's important is that when you called `errorMiddleware` with an `UnauthorizedError` that the `next` is not called, the `status` is called with a `401`, and it's only called once, the `json` is going to be called with an object that has a `code` property that came from the `error` and a `message` property that also came from the `error`. We expect that it was only called once.

[06:07] I'm really happy with this test because it's giving me confidence that when our `errorMiddleware` is called with an `express-jwt` `UnauthorizedError`, it's going to be dealing with the response object properly.


Backends hold so much of our application's business logic that is often used to support multiple clients (web, mobile, and other native platforms). This logic is critical to get right and deploying a breaking change to this can be devastating to your company's goals (not to mention the bottom-line). Increasing your "deployment confidence" is crucial and automated testing is the best way to do that.

As Node.js continues to grow in usage around the world, learning how to test this mission-critical code in a way that increases developer velocity as well as confidence becomes increasingly important. In this workshop we use an Express.js example and focus on the patterns and practices that you need to learn so you can apply what you learn to test your code written in any Node.js web framework.

You'll learn:

Intro to Test Node.js Backends

Of all things you can test, the easiest thing you can test is a pure function because they require no setup or teardown. In this exercise, we’ll explore testing a pure function called isPasswordAllowed.

Test Pure Functions Overview

Let’s write the basic tests for our simple isPasswordAllowed function to ensure that both valid and invalid passwords receive the correct return value.

Write Unit Tests for a Simple Pure Function

One of the most crucial things you can do when writing tests is ensuring that the error message explains the problem as clearly as possible so it can be addressed quickly. Let’s improve our test by generating test titles so error messages are more descriptive.

Improve Error Messages by Generating Test Titles

Jest has a test-generation feature built-in called test.each which is great, but I don’t particularly like it’s API. Instead, we’re going to use an open source project called jest-in-case which gives us a really nice API for generated tests and improved error messages. Let’s try that library out for our isPasswordAllowed tests here.

Use jest-in-case to Reduce Duplication and Improve Test Titles

Even with jest-in-case there can be a little boilerplate and you can easily side-step that by creating a simple function that allows you to write test cases that are more suited for your use case. Let’s give that a try!

Create a Casify Function to Generate Cases for jest-in-case

There are various types of middleware and for many of them you write tests for them in the same way, so let’s get a look at one of these and try our hand at writing some tests for it.

Test Node Middleware Overview

Our next test will be really similar to the first. This time we want to handle the case where a response has already been sent which you know if the res.headersSent property is set. So we’ll add that property to our fake response object and verify the middleware behaves correctly.

Write a Unit Test for Handling headersSent in an Error Middleware

Our final case is the fallback scenario where we don’t know exactly why things are failing. In this situation we’ll just give all the information that we can and hopefully the developers can figure out what that is. Let’s write a test case for that situation.

Write a Unit Test for Status 500 Error Middleware Fallback

We’ve got a little bit of duplication between these tests and in a more complex middleware we’ll have a lot of duplication. The duplication itself isn’t necessarily problematic. The problem comes in the form of readability of our tests. When there’s a great amount of duplication, it makes it harder to identify the parts of the test that distinguishes it from other tests. In this lesson we’ll apply the object factory pattern to reduce duplication and make it easier to maintain our tests.

Improve Test Maintainability using the Test Object Factory Pattern

We’re going to need the same utilities for our object factories in several places in our tests, so let’s use some pre-built utilities instead of the ones we wrote for this file.

Use a Test Object Factory utils/generate

Controllers are a collection of middleware that applies business logic specific to your domain. Typically these are tested like any other middleware, but often they require mocking the database for unit tests.

Test Node Controllers Overview

Let’s write our first controller middleware unit test by mocking out a database call and verifying that the database is interacted with correctly and the response is sent correctly.

Write a Unit Test for a Controller by Mocking the Database

Let’s add a test for an edge case that responds with an error message. In this lesson we’ll talk about the value of using the toMatchInlineSnapshot assertion for error messages.

Simplify Assertions on Error Messages with toMatchInlineSnapshot

Not all controller middleware send responses. In this unit test, we’ll verify that a controller’s middleware interacts with the request, response, next function, and database correctly.

Unit Test Business Logic of a Controller’s Middleware

Sometimes people try to access data that’s not there and it would be great if our server doesn’t fall over when they do, so we have some code to handle that case. Let’s get that tested and use toMatchInlineSnapshot for asserting on the error message.

Test Controller 404 Edge Case where Resource is Not Found

If the user tries to access a resource they shouldn’t have access to, we need to make sure they can’t get that resource, and we’ll want a test to make sure that functionality doesn’t break because this is a data security concern. In this one we handle dynamic data in a snapshot by making a consistent ID for the user and list item.

Test Controller Unauthorized Case

We have another controller function we want to test that will retrieve all of the user’s list items. For this one we’ll need to mock out a few new APIs and build multiple books and list items. Then we’ll have to do a few things to ensure that the APIs were called correctly.

Test getListItems for Getting Multiple Mock Objects

We want to test the createListItem controller function so we can ensure that users can create new list items. In this one we need to mock out several database requests. We also see how great Jest error output is which helps us identify a few mistakes that we made really easily.

Test the Happy Path of a Creation Flow

Even though your edge cases don’t run as often as your happy path cases, they are important to test to make sure you handle those correctly. In this one we’ll verify that if a user attempts to create a new list item for a book even though they already have a list item for that book.

Testing an Error Case for createListItem

For this one, we’ll need to have an existing listItem and we’ll create some new notes for it. Then we’ll have the original list item and the updated list item and ensure that our API is being called with the right version of the list item.

Testing the Happy Path for updateListItem

This one’s a bit unique because it’s pretty simple. All we need to do here is verify that the remove method of our was called properly, but we don’t need to bother mocking out what it returns because our code doesn’t use that return value. We also want to verify that the res.json was called properly, so we’ll do that as well.

Testing Resource Deletion

Let’s start doing some server integration tests. We’ll get our server started and database going so we can hit the endpoints in the same way clients will be using our endpoints. Let’s explore how our app is started so we can start it in our test environment and I’ll show you around the codebase so you can navigate around while you test things out.

Test Authentication API Routes Overview

Let’s get our test ready to roll by getting our API server and database started and in a clean state. Because our tests and server both run in node, we can do this all using the utilities that Jest exposes for us like beforeAll and afterAll. Then we’ll get a test started and fire a request to the API to make sure we can communicate with the server.

Start a Node Server and Fire a Request to an HTTP API Endpoint

When you’re interacting with the API response of a server, some of the data you receive is information that you cannot assert on directly. In this lesson we’ll talk about how to use Jest’s asymmetric matchers to assert on the type of data your server is sending.

Make Assertions on HTTP API Responses for Registration

Let’s make another request in this same test to the login endpoint with the same post data as we used for registration. Then we can verify that the information we retrieved from the registration request is the same as the information we retrieved from the login request.

Test the Login Endpoint for a Node Server

Our server has an API for authenticated clients to request information for the currently logged in user. Let’s make an authenticated request using the user token we retrieved from the login request to get confidence that the token generated will get the data for the user.

Test the User’s Resource Endpoint

We’ve got a bit of duplication in our test for each request and it’d be nice to remove that, so we’ll create a pre-configured axios client to reduce that duplication.

Create a Pre-configured axios Client for the baseURL

If our request fails, the error message is really useless. The server sends us back a much more useful error message, but by default Jest wont display that error properly and we can’t identify the line of code that made the failing request. Let’s use a custom axios interceptor which will improve those error messages considerably by displaying the response that the server returned.

Improve Error Messages with an axios Interceptor

If you want to run your tests in parallel and each of your tests starts up the server on its own, then you could run into a problem where two servers try to bind to the same port. To avoid this, we can use the JEST_WORKER_ID environment variable so we can ensure that the port our server starts on is unique. Let’s try that out.

Ensure a Unique Server Port

Let’s test the case where we try to register two users of the same username. We’ll first register a user, and then we’ll attempt to register a second user with the same username and assert on the error message. We’ll use toMatchInlineSnapshot on the error that’s returned and Jest will serialize that like a champ.

Use Snapshots to Assert on Server Error Responses

Often in integration tests you’ll have situations where you are over testing. Sometimes that’s acceptable, but you can speed up your tests by getting your application into a testable state a little quicker. In this lesson we’ll skip hitting the API for our setup and instead interact directly with the database.

Interact Directly with the Database

Integration tests are typically best for common cases and you can cover other cases using lower level tests, but I thought it’d be interesting to show you how to cover a few other edge cases as well in this lesson.

Test all the Edge Cases

Things change a little bit when we want to hit an endpoint that requires the user to be authenticated. For this exercise you’ll need to use an authenticated test with a test user that’s already in the database. Then you can use that test user for each of the operations you do on the list item resource (Create, React, Update, Delete).

Test CRUD API Routes Overview

Let’s get a test user and authenticated axios client, and then we’ll need to generate a book and insert that into the database directly so we can create a list item for our test user for that book. Then we can verify that the response data is correct.

Write an Integration Test for a Resource Create Endpoint

Now that we’ve created a list item, let’s try to read that list item. This will give us confidence that the list item we created was actually saved to the database and can now be retrieved.

Write an Integration Test for a Resource Read Endpoint

For the update, we’ll need to create new notes for our list item and send those updates to the updates endpoint. Then we can verify that the response we get back is the same as the original list item except with the updated notes.

Integration Test a Resource Update Endpoint

For our delete endpoint, we don’t need to do too much beyond hitting the endpoint, but it could be problematic if we just hit the endpoint and verify the response. In this lesson we’ll find out why that is and how we can use our test to make sure that the item was actually deleted from the database.

Integration Test a Resource Delete Endpoint

Typically, it’s nicer to use toMatchInlineSnapshot for error messages, but sometimes the contents of the error message are generated. But I’ve got a little trick for solving this problem that you’ll probably find useful.

Write a Unit Test for Handling an UnauthorizedError

Transcript

Write a Unit Test for Handling an UnauthorizedError