Allow get route for user without being logged in, update tests to reflect this

models/post.js

@@ -30,11 +30,11 @@ module.exports = (sequelize, DataTypes) => {
 				let models = sequelize.models
 
 				return [
-					{ model: models.User, attributes: ['username', 'createdAt', 'id'] }, 
+					{ model: models.User, attributes: ['username', 'createdAt', 'id', 'color'] }, 
 					{ model: models.Thread, include: [models.Category]} ,
 					{
 						model: models.Post, as: 'Replies', include:
-						[{ model: models.User, attributes: ['username', 'id'] }]	
+						[{ model: models.User, attributes: ['username', 'id', 'color'] }]	
 					}
 				]
 			}

routes/user.js

@@ -119,13 +119,6 @@ router.post('/', async (req, res) => {
 
 router.get('/:username', async (req, res) => {
 	try {
-		if(
-			!req.session.loggedIn ||
-			req.session.username !== req.params.username
-		) {
-			throw Errors.requestNotAuthorized
-		}
-
 		let user = await User.findOne({
 			attributes: { exclude: ['hash', 'id'] },
 			where: { username: req.params.username }
@@ -133,19 +126,10 @@ router.get('/:username', async (req, res) => {
 
 		res.json(user.toJSON())
 	} catch (err) {
-		if(err === Errors.requestNotAuthorized) {
-			res.status(403)
-			res.json({
-				errors: [Errors.requestNotAuthorized]
-			})
-		} else {
-			console.log(err)
-
-			res.status(500)
-			res.json({
-				errors: [Errors.unknown]
-			})
-		}
+		res.status(500)
+		res.json({
+			errors: [Errors.unknown]
+		})
 	}
 })
 

test/user.js

@@ -175,29 +175,6 @@ describe('User', () => {
 			}
 		})
 
-		it('should log in the user after creating an account', (done) => {
-			let agent = chai.request.agent(server)
-
-			agent
-				.post('/api/v1/user')
-				.set('content-type', 'application/x-www-form-urlencoded')
-				.send({
-					username: 'username1',
-					password: 'password'
-				})
-				.end((err, res) => {
-					
-					agent
-						.get('/api/v1/user/username1')
-						.then((res) => {
-							res.should.have.status(200)
-
-							done()
-						})
-						.catch(done)
-				})
-		})
-
 		it('should throw an error if account already created', (done) => {
 			chai.request(server)
 				.post('/api/v1/user')
@@ -320,6 +297,7 @@ describe('User', () => {
 					res.should.have.status(401)
 					res.body.should.have.property('errors')
 					res.body.errors.should.contain.something.that.deep.equals(Errors.invalidLoginCredentials)
+					res.should.not.have.cookie('username')
 
 					done()
 				})
@@ -335,16 +313,13 @@ describe('User', () => {
 				.end((err, res) => {
 					res.should.have.status(200)
 					res.should.be.json
-					res.should.have.cookie('connect.sid')
+					res.should.have.cookie('username', 'username')
 
-					agent
-						.get('/api/v1/user/username')
-						.then((res) => {
-							res.should.have.status(200)
-
-							done()
-						})
-						.catch(done)
+					if(err) {
+						done(err)
+					} else {
+						done()
+					}
 				})
 		})
 	})
@@ -366,24 +341,13 @@ describe('User', () => {
 						.post('/api/v1/user/username/logout')
 						.end((err, res) => {
 							res.should.have.status(200)
+							res.should.not.have.cookie('username')
 
-							agent
-								.get('/api/v1/user/username')
-								.then((res) => {
-									res.should.have.status(403)
-									res.body.errors.should.contain.something.that.deep.equals(Errors.requestNotAuthorized)
-
-									done()
-								})
-								.catch((res) => {
-									res.should.have.status(403)
-									JSON
-										.parse(res.response.text)
-										.errors.should.contain.something
-										.that.deep.equals(Errors.requestNotAuthorized)
-
-									done()
-								})
+							if(err) {
+								done(err)
+							} else {
+								done()
+							}
 						})
 				})
 		})