From d24b232a2d057936806005657a6cd06d4674aeb4 Mon Sep 17 00:00:00 2001
From: Paolo Arena <paolo.arena77@gmail.com>
Date: Mon, 11 Feb 2019 02:59:05 +0100
Subject: [PATCH] - fix: Date problems... (it was a bad "copy" function, the
 object date was not valid...) - fix: error fetch on loading... (offline
 appeared)

---
 server/middleware/authenticate.js |  10 +-
 server/models/todo.js             |   7 +-
 server/models/user.js             |  10 +-
 server/router/todos_router.js     |  27 +-
 server/tests/seed/seed.js         |  49 ++-
 server/tests/server.test.js       | 698 ++++++++++++++++--------------
 server/tools/general.js           |   6 +-
 7 files changed, 437 insertions(+), 370 deletions(-)

diff --git a/server/middleware/authenticate.js b/server/middleware/authenticate.js
index 0e1d979..de5b740 100644
--- a/server/middleware/authenticate.js
+++ b/server/middleware/authenticate.js
@@ -9,22 +9,22 @@ var authenticate = (req, res, next) => {
 
   const useragent = req.get('User-Agent');
 
-  tools.mylog("TOKEN = ", token);
-  tools.mylog("USER-AGENT = ", useragent);
+  // tools.mylog("TOKEN = ", token);
+  // tools.mylog("USER-AGENT = ", useragent);
 
   User.findByToken(token, 'auth ' + useragent).then((user) => {
     if (!user) {
-      tools.mylogshow("TOKEN NOT FOUND! Maybe Connected to other Page");
+      tools.mylog("TOKEN NOT FOUND! Maybe Connected to other Page");
       return Promise.reject(server_constants.RIS_CODE_HTTP_INVALID_TOKEN);
       // res.status().send();
     }
-    tools.mylog('userid', user._id);
+    // tools.mylog('userid', user._id);
 
     req.user = user;
     req.token = token;
     next();
   }).catch((e) => {
-    tools.mylogshow("ERR =", e);
+    tools.mylog("ERR =", e);
     res.status(server_constants.RIS_CODE_HTTP_INVALID_TOKEN).send();
   });
 };
diff --git a/server/models/todo.js b/server/models/todo.js
index 5f738c2..9bf1a87 100644
--- a/server/models/todo.js
+++ b/server/models/todo.js
@@ -44,7 +44,7 @@ var TodoSchema = new mongoose.Schema({
     type: Date
   },
   expiring_at: {
-    type: Date
+    type: Date,
   },
   enableExpiring: {
     type: Boolean,
@@ -83,10 +83,15 @@ TodoSchema.statics.findAllByUserId = function (userId) {
 };
 
 TodoSchema.pre('save', function (next) {
+  // var todo = this;
+
+  // console.log('todo.expiring_at', todo.expiring_at);
+
   next();
 });
 
 
+
 var Todo = mongoose.model('Todos', TodoSchema);
 
 module.exports = { Todo };
diff --git a/server/models/user.js b/server/models/user.js
index a74e8ef..9dc74a0 100644
--- a/server/models/user.js
+++ b/server/models/user.js
@@ -64,7 +64,10 @@ var UserSchema = new mongoose.Schema({
     token: {
       type: String,
       required: true
-    }
+    },
+    date_login: {
+      type: Date
+    },
   }],
   date_tokenforgot: {
     type: Date
@@ -91,10 +94,11 @@ UserSchema.methods.generateAuthToken = function (req) {
 
   var access = 'auth ' + useragent;
   var token = jwt.sign({ _id: user._id.toHexString(), access }, process.env.SIGNCODE).toString();
+  var date_login = new Date();
 
   // CANCELLA IL PRECEDENTE !
   user.tokens = user.tokens.filter(function(tok) { return tok.access !== access; });
-  user.tokens.push({ access, token });
+  user.tokens.push({ access, token, date_login });
 
   return user.save()
     .then(() => {
@@ -119,7 +123,7 @@ UserSchema.statics.findByToken = function (token, typeaccess) {
   return User.findOne({
     '_id': decoded._id,
     'tokens.token': token,
-    'tokens.access': typeaccess
+    'tokens.access': typeaccess,
   });
 };
 
diff --git a/server/router/todos_router.js b/server/router/todos_router.js
index 33cecbe..74579a6 100644
--- a/server/router/todos_router.js
+++ b/server/router/todos_router.js
@@ -22,11 +22,16 @@ const { ObjectID } = require('mongodb');
 router.post('/', authenticate, (req, res) => {
 
   var body = _.pick(req.body, tools.allfieldTodoWithId());
+  tools.mylogshow('INPUT', body);
   var todo = new Todo(body);
 
-  // tools.mylogshow('ID :', todo._id)
+  // todo.expiring_at = new Date(todo.expiring_at);
 
-  // tools.mylogshow('userid', todo.userId, req.user._id)
+  tools.mylogshow('TODO', todo);
+
+  tools.mylog('ID :', todo._id);
+
+  tools.mylog('userid', todo.userId, req.user._id);
 
   if (!('descr' in req.body)){
     return res.status(400).send({ code: server_constants.RIS_CODE_LOGIN_ERR_GENERIC });
@@ -38,7 +43,7 @@ router.post('/', authenticate, (req, res) => {
     return res.status(404).send({ code: server_constants.RIS_CODE_TODO_CREATING_NOTMYUSER });
   }
 
-  tools.mylog('POST :', todo.descr, todo._id);
+  tools.mylog('TODO POST :', todo.descr, todo._id);
 
   todo.modified = false;
   if (!todo.descr) {
@@ -55,7 +60,7 @@ router.post('/', authenticate, (req, res) => {
         res.send({record});
       })
   }).catch((e) => {
-    console.log(e.message);
+    console.log('ERRORE in TODO POST', e.message);
     res.status(400).send(e);
   });
 });
@@ -102,6 +107,7 @@ function sendNotificationToUser(userId, title, content, openUrl, tag) {
             TTL: payload.ttl,
             headers: {}
           };
+
           webpush.sendNotification(
             pushSubscription,
             pushPayload,
@@ -119,6 +125,9 @@ function sendNotificationToUser(userId, title, content, openUrl, tag) {
               data: err
             });
           });
+        }).catch(error => {
+          console.log('ERROR: sendNotificationToUser', error
+          )
         });
       });
       // q.allSettled(parallelSubscriptionCalls).then((pushResults) => {
@@ -136,6 +145,8 @@ router.patch('/:id', authenticate, (req, res) => {
   var id = req.params.id;
   var body = _.pick(req.body, tools.allfieldTodo());
 
+  tools.mylogshow('PATCH TODO: ', id)
+
   if (!ObjectID.isValid(id)) {
     tools.mylog('ERROR: id not VALID', id);
     return res.status(404).send();
@@ -143,6 +154,7 @@ router.patch('/:id', authenticate, (req, res) => {
 
 
   Todo.findByIdAndUpdate(id, {$set: body}, {new: true}).then((todo) => {
+    tools.mylogshow(' TODO TO MODIFY: ', todo)
     if (!todo) {
       return res.status(404).send();
     }
@@ -180,8 +192,10 @@ router.get('/:userId', authenticate, (req, res) => {
 
   // Extract all the todos of the userId only
   Todo.findAllByUserId(userId).then((todos) => {
-    // tools.mylog('todos', todos)
-    res.send({ todos });
+
+    tools.mylog('todos', todos);
+
+    res.send({ todos: todos });
   }).catch((e) => {
     console.log(e);
     res.status(400).send(e);
@@ -209,4 +223,5 @@ router.delete('/:id', authenticate, (req, res) => {
   });
 });
 
+
 module.exports = router;
diff --git a/server/tests/seed/seed.js b/server/tests/seed/seed.js
index a7288af..951c9d1 100644
--- a/server/tests/seed/seed.js
+++ b/server/tests/seed/seed.js
@@ -24,6 +24,11 @@ const userTwoId = new ObjectID();
 let mypwdchiaro = 'mypassword@1A';
 let mypwdcrypted = '$2b$12$mteST.isuWO0SNsfeZ0aCe.Dz3qwPh5SU8t9rc5SaPTkb3j0ywGv6'
 
+const date_login = new Date();
+
+// const useragent = "auth Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.96 Safari/537.36"
+const useragent = "node-superagent/2.3.0";
+
 const users = [{
   _id: userOneId,
   keyappid: process.env.KEY_APP_ID,
@@ -33,8 +38,9 @@ const users = [{
   username: 'paoloar77B',
   password: mypwdcrypted,
   tokens: [{
-    access: 'auth',
-    token: jwt.sign({ _id: userOneId, access: 'auth' }, process.env.SIGNCODE).toString()
+    access: 'auth ' + useragent,
+    token: jwt.sign({ _id: userOneId, access: 'auth ' + useragent }, process.env.SIGNCODE).toString(),
+    date_login
   }]
 },
   {
@@ -46,8 +52,9 @@ const users = [{
     password: mypwdcrypted,
     username: 'paoloar77C',
     tokens: [{
-      access: 'auth',
-      token: jwt.sign({ _id: userTwoId, access: 'auth' }, process.env.SIGNCODE).toString()
+      access: 'auth ' + useragent,
+      token: jwt.sign({ _id: userTwoId, access: 'auth ' + useragent }, process.env.SIGNCODE).toString(),
+      date_login
     }]
   }, {
     keyappid: process.env.KEY_APP_ID,      // RECORD CHE VERRA' UTILIZZATO PER UNA NUOVA REGISTRAZIONE
@@ -67,15 +74,15 @@ const todos = [{
   _id: new ObjectID(),
   category: "personal",
   completed: false,
-  completed_at: 0,
-  created_at: 6,
+  completed_at: new Date(),
+  created_at: new Date(),
   descr: "Primo Task Esempio",
   enableExpiring: false,
-  expiring_at: 16,
+  expiring_at: new Date(),
   id_next: "10000000",
   id_prev: "0",
   modified: false,
-  modify_at: 6,
+  modify_at: new Date(),
   pos: 1,
   priority: 1,
   progress: 0,
@@ -84,15 +91,15 @@ const todos = [{
   _id: new ObjectID(),
   category: "personal",
   completed: false,
-  completed_at: 0,
-  created_at: 6,
+  completed_at: new Date(),
+  created_at: new Date(),
   descr: "Secondo Task Esempio",
   enableExpiring: false,
-  expiring_at: 16,
+  expiring_at: new Date(),
   id_next: "10000000",
   id_prev: "1",
   modified: false,
-  modify_at: 6,
+  modify_at: new Date(),
   pos: 2,
   priority: 1,
   progress: 0,
@@ -101,15 +108,15 @@ const todos = [{
   _id: new ObjectID(),
   category: "personal",
   completed: false,
-  completed_at: 0,
-  created_at: 6,
+  completed_at: new Date(),
+  created_at: new Date(),
   descr: "Terzo Task Esempio",
   enableExpiring: false,
-  expiring_at: 16,
+  expiring_at: new Date(),
   id_next: "10000000",
   id_prev: "1",
   modified: false,
-  modify_at: 6,
+  modify_at: new Date(),
   pos: 3,
   priority: 1,
   progress: 0,
@@ -118,15 +125,15 @@ const todos = [{
   _id: new ObjectID(),
   category: "personal",
   completed: false,
-  completed_at: 0,
-  created_at: 6,
+  completed_at: new Date(),
+  created_at: new Date(),
   descr: "Nuovo Quarto Task Esempio da Inserire",
   enableExpiring: false,
-  expiring_at: 16,
+  expiring_at: new Date(),
   id_next: "10000000",
   id_prev: "2",
   modified: false,
-  modify_at: 6,
+  modify_at: new Date(),
   pos: 4,
   priority: 1,
   progress: 0,
@@ -167,4 +174,4 @@ const populateUsers = (done) => {
 
 };
 
-module.exports = { todos, populateTodos, users, populateUsers, userjson, mypwdcrypted, mypwdchiaro };
+module.exports = { todos, populateTodos, users, populateUsers, userjson, mypwdcrypted, mypwdchiaro, date_login };
diff --git a/server/tests/server.test.js b/server/tests/server.test.js
index 4c72d3c..b553b95 100644
--- a/server/tests/server.test.js
+++ b/server/tests/server.test.js
@@ -5,7 +5,7 @@ const { ObjectID } = require('mongodb');
 const { app } = require('./../server');
 const { Todo } = require('./../models/todo');
 const { User } = require('./../models/user');
-const { todos, populateTodos, users, populateUsers, userjson, mypwdcrypted, mypwdchiaro } = require('./seed/seed');
+const { todos, populateTodos, users, populateUsers, userjson, mypwdcrypted, mypwdchiaro, date_login } = require('./seed/seed');
 
 const tools = require('../tools/general');
 
@@ -33,162 +33,12 @@ const IndexTodoToCreate = 3;
 
 // console.log('userjson', userjson);
 
-describe('POST /users', () => {
-  it('should create a user', (done) => {
-    request(app)
-      .post('/users')
-      .send(users[IndexUserToCreate])
-      .expect(200)
-      .expect((res) => {
-        expect(res.headers['x-auth']).toExist();
-        expect(res.body._id).toExist();
-        expect(res.body.email).toBe(users[IndexUserToCreate].email);
-        expect(res.body.username).toBe(users[IndexUserToCreate].username);
-      })
-      .end((err) => {
-        if (err) {
-          console.log('ERR:', err);
-          return done(err);
-        }
+// const useragent = "auth Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.96 Safari/537.36";
+const useragent = "node-superagent/2.3.0";
 
-        User.findOne({ email: users[IndexUserToCreate].email }).then((user) => {
-          expect(user).toExist();
-          done();
-        }).catch((e) => done(e));
-      });
-  });
-
-  it('should return validation errors if request invalid', (done) => {
-    request(app)
-      .post('/users')
-      .send({
-        email: 'and',
-        password: '123'
-      })
-      .expect(400)
-      .end(done);
-  });
-
-  it('should not create user if email in use', (done) => {
-    request(app)
-      .post('/users')
-      .send(users[1])
-      .expect(400)
-      .end(done);
-  });
-});
-
-describe('GET /users/myusername', () => {
-  it('should return 200 if myusername exist', (done) => {
-    request(app)
-      .get('/users/' + users[0].username)
-      // .set('x-auth', users[0].tokens[0].token)
-      .expect(200)
-      .end(done);
-  });
-
-  it('should return 404 if myusername doesn\'t exist', (done) => {
-    request(app)
-      .get('/users/' + users[0].username + 'pippo')
-      .expect(404)
-      .end(done);
-  });
-});
-
-describe('POST /users/login', () => {
-  it('should login user and return auth token', (done) => {
-    request(app)
-      .post('/users/login')
-      .set('x-auth', users[0].tokens[0].token)
-      .send({
-        username: users[0].username,
-        password: mypwdchiaro,
-        idapp: users[0].idapp,
-        keyappid: users[0].keyappid,
-        lang: users[0].lang,
-      })
-      .expect(200)
-      .expect((res) => {
-        expect(res.headers['x-auth']).toExist();
-      })
-      .end((err, res) => {
-        if (err) {
-          return done(err);
-        }
-
-        User.findById(users[0]._id).then((user) => {
-          expect(user.tokens[0]).toInclude({
-            access: 'auth',
-            token: res.headers['x-auth']
-          });
-          done();
-        }).catch((e) => done(e));
-      });
-  });
-
-  it('should reject invalid login', (done) => {
-    request(app)
-      .post('/users/login')
-      .send({
-        username: users[0].username,
-        password: mypwdchiaro + '1'
-      })
-      .expect(400)
-      .expect((res) => {
-        expect(res.headers['x-auth']).toNotExist();
-      })
-      .end((err, res) => {
-        if (err) {
-          return done(err);
-        }
-
-        User.findById(users[1]._id).then((user) => {
-          expect(user.tokens.length).toBe(1);
-          done();
-        }).catch((e) => done(e));
-      });
-  });
-
-});
-
-describe('DELETE /users/me/token', () => {
-  it('should logout user deleting auth token', (done) => {
-    request(app)
-      .delete('/users/me/token')
-      .set('x-auth', users[0].tokens[0].token)
-      .send()
-      .expect(200)
-      .expect((res) => {
-        expect(res.headers['x-auth']).toNotExist();
-      })
-      .end((err, res) => {
-        if (err) {
-          return done(err);
-        }
-
-        done();
-      });
-  });
-
-  it('should return 403 deleting with an invalid token', (done) => {
-    request(app)
-      .delete('/users/me/token')
-      .set('x-auth', users[0].tokens[0].token + '1')
-      .send()
-      .expect(403)
-      .end((err, res) => {
-        if (err) {
-          return done(err);
-        }
-
-        done();
-      });
-  });
-});
-
-
-describe('POST /todos', () => {
+const testsingolo = true;
 
+if (testsingolo) {
   it('should create a new Todos', (done) => {
     request(app)
       .post('/todos')
@@ -210,193 +60,375 @@ describe('POST /todos', () => {
       });
   });
 
-  it('should return 404 if not authenticated', (done) => {
-    request(app)
-      .post('/todos')
-      .set('x-auth', users[0].tokens[0].token)
-      .send(todos[IndexTodoToCreate])
-      .expect(404)
-      .end((err) => {
-        done();
-      });
+} else {
+
+  describe('POST /users', () => {
+    it('should create a user', (done) => {
+      request(app)
+        .post('/users')
+        .send(users[IndexUserToCreate])
+        .expect(200)
+        .expect((res) => {
+          expect(res.headers['x-auth']).toExist();
+          expect(res.body._id).toExist();
+          expect(res.body.email).toBe(users[IndexUserToCreate].email);
+          expect(res.body.username).toBe(users[IndexUserToCreate].username);
+        })
+        .end((err) => {
+          if (err) {
+            console.log('ERR:', err);
+            return done(err);
+          }
+
+          User.findOne({ email: users[IndexUserToCreate].email }).then((user) => {
+            expect(user).toExist();
+            done();
+          }).catch((e) => done(e));
+        });
+    });
+
+    it('should return validation errors if request invalid', (done) => {
+      request(app)
+        .post('/users')
+        .send({
+          email: 'and',
+          password: '123'
+        })
+        .expect(400)
+        .end(done);
+    });
+
+    it('should not create user if email in use', (done) => {
+      request(app)
+        .post('/users')
+        .send(users[1])
+        .expect(400)
+        .end(done);
+    });
   });
 
-  it('should not create todo with invalid body data', (done) => {
-    request(app)
-      .post('/todos')
-      .set('x-auth', users[0].tokens[0].token)
-      .send({})
-      .expect(400)
-      .end((err, res) => {
-        if (err) {
-          return done(err);
-        }
+  describe('GET /users/myusername', () => {
+    it('should return 200 if myusername exist', (done) => {
+      request(app)
+        .get('/users/' + users[0].username)
+        // .set('x-auth', users[0].tokens[0].token)
+        .expect(200)
+        .end(done);
+    });
 
-        Todo.find().then((todos) => {
-          done();
-        }).catch((e) => done(e));
-      });
-  });
-});
-
-describe('GET /todos', () => {
-  it('should get all todos', (done) => {
-    request(app)
-      .get(`/todos/${users[0]._id }`)
-      .set('x-auth', users[0].tokens[0].token)
-      .expect(200)
-      .expect((res) => {
-        expect(res.body.todos.length).toBe(2);
-      })
-      .end(done);
-  });
-});
-
-
-describe('GET /todos/:id', () => {
-  it('should return todos of the User', (done) => {
-    request(app)
-      .get(`/todos/${todos[0].userId}`)
-      .set('x-auth', users[0].tokens[0].token)
-      .expect(200)
-      .expect((res) => {
-        let miores = res
-        let miadescr = miores.body.todos[0].descr
-        expect(res.body.todos.length).toBe(2);
-        expect(miadescr).toBe(todos[0].descr);
-      })
-      .end(done);
+    it('should return 404 if myusername doesn\'t exist', (done) => {
+      request(app)
+        .get('/users/' + users[0].username + 'pippo')
+        .expect(404)
+        .end(done);
+    });
   });
 
-  it('should not return todo doc created by other user', (done) => {
-    request(app)
-      .get(`/todos/${todos[2].userId}`)
-      .set('x-auth', users[0].tokens[0].token)
-      .expect(404)
-      .end(done);
+  describe('POST /users/login', () => {
+    it('should login user and return auth token', (done) => {
+      request(app)
+        .post('/users/login')
+        // .set('x-auth', users[0].tokens[0].token)
+        .send({
+          username: users[0].username,
+          password: mypwdchiaro,
+          idapp: users[0].idapp,
+          keyappid: users[0].keyappid,
+          lang: users[0].lang,
+        })
+        .expect(200)
+        .expect((res) => {
+          expect(res.headers['x-auth']).toExist();
+        })
+        .end((err, res) => {
+          if (err) {
+            return done(err);
+          }
+
+          User.findById(users[0]._id).then((user) => {
+            expect(user.tokens[0]).toInclude({
+              access: 'auth ' + useragent,
+              // token: res.headers['x-auth'],
+              date_login: date_login
+            });
+            done();
+          }).catch((e) => done(e));
+        });
+    });
+
+    it('should reject invalid login', (done) => {
+      request(app)
+        .post('/users/login')
+        .send({
+          username: users[0].username,
+          password: mypwdchiaro + '1'
+        })
+        .expect(400)
+        .expect((res) => {
+          expect(res.headers['x-auth']).toNotExist();
+        })
+        .end((err, res) => {
+          if (err) {
+            return done(err);
+          }
+
+          User.findById(users[1]._id).then((user) => {
+            expect(user.tokens.length).toBe(1);
+            done();
+          }).catch((e) => done(e));
+        });
+    });
+
   });
 
-  it('FORBIDDEN ! should return [] if user not found', (done) => {
-    var hexId = new ObjectID().toHexString();
-
-    request(app)
-      .get(`/todos/${hexId}`)
-      .set('x-auth', users[0].tokens[0].token)
-      .expect(404)
-      .expect((res) => {
-        console.log('res', res.status)
-        expect(res.body.todos).toBe(undefined);
-      })
-      .end(done);
-  });
-
-  it('should return 404 for non-object ids', (done) => {
-    request(app)
-      .get('/todos/123abc')
-      .set('x-auth', users[0].tokens[0].token)
-      .expect(404)
-      .end(done);
-  });
-});
-
-describe('DELETE /todos/:id', () => {
-  it('should remove a todo', (done) => {
-    var hexId = todos[0]._id.toHexString();
-
-    request(app)
-      .delete(`/todos/${hexId}`)
-      .set('x-auth', users[0].tokens[0].token)
-      .expect(200)
-      .expect((res) => {
-        expect(res.body.todo._id).toBe(hexId);
-      })
-      .end((err, res) => {
-        if (err) {
-          return done(err);
-        }
-
-        Todo.findById(hexId).then((todo) => {
-          expect(todo).toNotExist();
-          done();
-        }).catch((e) => done(e));
-      });
-  });
-
-  it('should return 404 if todo not found', (done) => {
-    var hexId = new ObjectID().toHexString();
-
-    request(app)
-      .delete(`/todos/${hexId}`)
-      .set('x-auth', users[0].tokens[0].token)
-      .expect(404)
-      .end(done);
-  });
-
-  it('should return 404 if object id is invalid', (done) => {
-    request(app)
-      .delete('/todos/123abc')
-      .set('x-auth', users[0].tokens[0].token)
-      .expect(404)
-      .end(done);
-  });
-});
-
-describe('PATCH /todos/:id', () => {
-  it('should update the todo', (done) => {
-    var hexId = todos[0]._id.toHexString();
-    var descr = 'This should be the new text';
-
-    request(app)
-      .patch(`/todos/${hexId}`)
-      .set('x-auth', users[0].tokens[0].token)
-      .send({
-        completed: true,
-        descr
-      })
-      .expect(200)
-      .expect((res) => {
-        expect(res.body.todo.descr).toBe(descr);
-        expect(res.body.todo.completed).toBe(true);
-        // expect(res.body.todo.completedAt).toBeA('number');
-      })
-      .end(done);
-  });
-
-  it('should not update the todo created by other user', (done) => {
-    var hexId = todos[0]._id.toHexString();
-    var descr = 'This should be the new text';
-
-    request(app)
-      .patch(`/todos/${hexId}`)
-      .set('x-auth', users[1].tokens[0].token)
-      .send({
-        completed: true,
-        descr
-      })
-      .expect(404)
-      .end(done);
-  });
-
-  // it('should clear completedAt when todo is not completed', (done) => {
-  //   var hexId = todos[1]._id.toHexString();
-  //   var text = 'This should be the new text!!';
+  // describe('DELETE /users/me/token', () => {
+  //   it('should logout user deleting auth token', (done) => {
+  //     request(app)
+  //       .delete('/users/me/token')
+  //       .set('x-auth', users[0].tokens[0].token)
+  //       .send()
+  //       .expect(200)
+  //       .expect((res) => {
+  //         expect(res.headers['x-auth']).toNotExist();
+  //       })
+  //       .end((err, res) => {
+  //         if (err) {
+  //           return done(err);
+  //         }
   //
-  //   request(app)
-  //     .patch(`/todos/${hexId}`)
-  //     .set('x-auth', users[1].tokens[0].token)
-  //     .send({
-  //       completed: false,
-  //       text
-  //     })
-  //     .expect(200)
-  //     .expect((res) => {
-  //       expect(res.body.todo.text).toBe(text);
-  //       expect(res.body.todo.completed).toBe(false);
-  //       expect(res.body.todo.completedAt).toNotExist();
-  //     })
-  //     .end(done);
+  //         done();
+  //       });
+  //   });
+  //
+  //   it('should return 403 deleting with an invalid token', (done) => {
+  //     request(app)
+  //       .delete('/users/me/token')
+  //       .set('x-auth', users[0].tokens[0].token + '1')
+  //       .send()
+  //       .expect(403)
+  //       .end((err, res) => {
+  //         if (err) {
+  //           return done(err);
+  //         }
+  //
+  //         done();
+  //       });
+  //   });
   // });
-});
+
+
+  describe('POST /todos', () => {
+
+    it('should create a new Todos', (done) => {
+      request(app)
+        .post('/todos')
+        .set('x-auth', users[0].tokens[0].token)
+        .send(todos[IndexTodoToCreate])
+        .expect(200)
+        .end((err, res) => {
+          if (err) {
+            return done(err);
+          }
+
+          Todo.find({ descr: todos[IndexTodoToCreate].descr }).then((arr_todos) => {
+            expect(arr_todos.length).toBe(1);
+            expect(arr_todos[0].descr).toBe(todos[IndexTodoToCreate].descr);
+            expect(String(arr_todos[0]._id)).toBe(String(todos[IndexTodoToCreate]._id));
+            expect(String(arr_todos[0].userId)).toBe(String(users[0]._id));
+            done();
+          }).catch((e) => done(e));
+        });
+    });
+
+    it('should return 404 if not authenticated', (done) => {
+      request(app)
+        .post('/todos')
+        .set('x-auth', users[0].tokens[0].token)
+        .send(todos[IndexTodoToCreate])
+        .expect(404)
+        .end((err) => {
+          done();
+        });
+    });
+
+    it('should not create todo with invalid body data', (done) => {
+      request(app)
+        .post('/todos')
+        .set('x-auth', users[0].tokens[0].token)
+        .send({})
+        .expect(400)
+        .end((err, res) => {
+          if (err) {
+            return done(err);
+          }
+
+          Todo.find().then((todos) => {
+            done();
+          }).catch((e) => done(e));
+        });
+    });
+  });
+
+  describe('GET /todos', () => {
+    it('should get all todos', (done) => {
+      request(app)
+        .get(`/todos/${users[0]._id }`)
+        .set('x-auth', users[0].tokens[0].token)
+        .expect(200)
+        .expect((res) => {
+          expect(res.body.todos.length).toBe(2);
+        })
+        .end(done);
+    });
+  });
+
+
+  describe('GET /todos/:id', () => {
+    it('should return todos of the User', (done) => {
+      request(app)
+        .get(`/todos/${todos[0].userId}`)
+        .set('x-auth', users[0].tokens[0].token)
+        .expect(200)
+        .expect((res) => {
+          let miores = res
+          let miadescr = miores.body.todos[0].descr
+          expect(res.body.todos.length).toBe(2);
+          expect(miadescr).toBe(todos[0].descr);
+        })
+        .end(done);
+    });
+
+    it('should not return todo doc created by other user', (done) => {
+      request(app)
+        .get(`/todos/${todos[2].userId}`)
+        .set('x-auth', users[0].tokens[0].token)
+        .expect(404)
+        .end(done);
+    });
+
+    it('FORBIDDEN ! should return [] if user not found', (done) => {
+      var hexId = new ObjectID().toHexString();
+
+      request(app)
+        .get(`/todos/${hexId}`)
+        .set('x-auth', users[0].tokens[0].token)
+        .expect(404)
+        .expect((res) => {
+          console.log('res', res.status)
+          expect(res.body.todos).toBe(undefined);
+        })
+        .end(done);
+    });
+
+    it('should return 404 for non-object ids', (done) => {
+      request(app)
+        .get('/todos/123abc')
+        .set('x-auth', users[0].tokens[0].token)
+        .expect(404)
+        .end(done);
+    });
+  });
+
+  describe('DELETE /todos/:id', () => {
+    it('should remove a todo', (done) => {
+      var hexId = todos[0]._id.toHexString();
+
+      request(app)
+        .delete(`/todos/${hexId}`)
+        .set('x-auth', users[0].tokens[0].token)
+        .expect(200)
+        .expect((res) => {
+          expect(res.body.todo._id).toBe(hexId);
+        })
+        .end((err, res) => {
+          if (err) {
+            return done(err);
+          }
+
+          Todo.findById(hexId).then((todo) => {
+            expect(todo).toNotExist();
+            done();
+          }).catch((e) => done(e));
+        });
+    });
+
+    it('should return 404 if todo not found', (done) => {
+      var hexId = new ObjectID().toHexString();
+
+      request(app)
+        .delete(`/todos/${hexId}`)
+        .set('x-auth', users[0].tokens[0].token)
+        .expect(404)
+        .end(done);
+    });
+
+    it('should return 404 if object id is invalid', (done) => {
+      request(app)
+        .delete('/todos/123abc')
+        .set('x-auth', users[0].tokens[0].token)
+        .expect(404)
+        .end(done);
+    });
+  });
+
+  describe('PATCH /todos/:id', () => {
+    it('should update the todo', (done) => {
+      var hexId = todos[0]._id.toHexString();
+      var descr = 'This should be the new text';
+
+      request(app)
+        .patch(`/todos/${hexId}`)
+        .set('x-auth', users[0].tokens[0].token)
+        .send({
+          completed: true,
+          descr
+        })
+        .expect(200)
+        .expect((res) => {
+          expect(res.body.todo.descr).toBe(descr);
+          expect(res.body.todo.completed).toBe(true);
+          // expect(res.body.todo.completedAt).toBeA('number');
+        })
+        .end(done);
+    });
+
+    it('should not update the todo created by other user', (done) => {
+      var hexId = todos[0]._id.toHexString();
+      var descr = 'This should be the new text';
+
+      request(app)
+        .patch(`/todos/${hexId}`)
+        .set('x-auth', users[1].tokens[0].token)
+        .send({
+          completed: true,
+          descr
+        })
+        .expect(404)
+        .end(done);
+    });
+
+    // it('should clear completedAt when todo is not completed', (done) => {
+    //   var hexId = todos[1]._id.toHexString();
+    //   var text = 'This should be the new text!!';
+    //
+    //   request(app)
+    //     .patch(`/todos/${hexId}`)
+    //     .set('x-auth', users[1].tokens[0].token)
+    //     .send({
+    //       completed: false,
+    //       text
+    //     })
+    //     .expect(200)
+    //     .expect((res) => {
+    //       expect(res.body.todo.text).toBe(text);
+    //       expect(res.body.todo.completed).toBe(false);
+    //       expect(res.body.todo.completedAt).toNotExist();
+    //     })
+    //     .end(done);
+    // });
+  });
+
+}
 
 /*
 
diff --git a/server/tools/general.js b/server/tools/general.js
index 1211b8e..03e7cee 100644
--- a/server/tools/general.js
+++ b/server/tools/general.js
@@ -13,7 +13,11 @@ module.exports = {
       console.log(args)
   },
 
-  mylogshow: function (...args) {
+  mylogoff: function (...args) {
+    // doing nothing
+  },
+
+    mylogshow: function (...args) {
     console.log(args)
   },