Node.js: Share session cookie when using mocha with passport.socketio

4
votes

I'm working in a Node.js project where we use passport for authentication. To bridge the authentication to socket.io/engine.io instead we use passport.socketio package. This works great in the browser as the available cookies are sent in the initial socket.io/engine.io handshake that is done via HTTP.

When we try write tests with mocha for the socket API how ever by first logging in via passport HTTP call with the module request we cannot find a way to pass the received session cookie along with the socket.io-client (that uses engine.io-client) initial connection. Hence we cannot find a way to write these tests in mocha.

Is there a way to set additional headers to be sent in the handshake or to share a cookie jar between the request and socket connection or is there another solution to this?

(there is an outdated "hack" solution but it is not working any more jfromaniello/passport.socketio#72)

1
node.jsauthenticationsocket.iomocha.jspassport.js
It makes me very surprised that this question receives so little attention (just 1 upvote besides mine, and no answers/comments at all). I'm having exactly the same issue: need to test socket.io connection with cookies. This task seems so common to me, and I found almost nothing on the subject. Very little people use socket.io in this way? Or those who do, don't care about tests? Quite strange to me.. - Dmitry Frank
The only somewhat valuable that I've came up with is this: we can check how do developers of passport.socketio actually test passport.socketio: in particular, see this file: github.com/jfromaniello/passport.socketio/blob/master/test/… It takes xmlhttprequest and monkey-patches it, adding custom cookies. It works if only it is exactly the same xmlhttprequest as is used by the socket.io, and socket.io has changed dramatically since then, so it's not so trivial to make it work now. - Dmitry Frank

1 Answers

4
votes

I was struggling with this too, and after I figured that out, I've written an article about it: Testing Socket.io + Passport.socketio with Mocha.

In short, I was not able to inject cookies in the handshake request, but passport.socketio allows us to pass session_id as a query parameter, like this:

var socket = io(
  socketUrl,
  {
    //-- pass session_id as a query parameter
    query: 'session_id=' + mySessionId
  }
);

See the article for details and example.