github/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2024-11-25 11:16:31 -05:00
Code Issues Projects Releases Packages Wiki Activity

test(e2e/public/notes): enable real auth

Browse source 
Signed-off-by: David Mehren <git@herrmehren.de>
This commit is contained in:
David Mehren 2022-09-11 18:59:50 +02:00 committed by Yannick Bungers
parent 845861a030
commit 3884d79474
1 changed files with 81 additions and 40 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

121
backend/test/public-api/notes.e2e-spec.ts
View file

@ -9,21 +9,18 @@ import request from 'supertest';
import { NotInDBError } from '../../src/errors/errors'; import { NotInDBError } from '../../src/errors/errors';
import { NotePermissionsUpdateDto } from '../../src/notes/note-permissions.dto'; import { NotePermissionsUpdateDto } from '../../src/notes/note-permissions.dto';
import { User } from '../../src/users/user.entity';
import { TestSetup, TestSetupBuilder } from '../test-setup'; import { TestSetup, TestSetupBuilder } from '../test-setup';
describe('Notes', () => { describe('Notes', () => {
let testSetup: TestSetup; let testSetup: TestSetup;
let user: User;
let user2: User;
let content: string; let content: string;
let forbiddenNoteId: string; let forbiddenNoteId: string;
let uploadPath: string; let uploadPath: string;
let testImage: Buffer; let testImage: Buffer;
beforeAll(async () => { beforeAll(async () => {
testSetup = await TestSetupBuilder.create().withMockAuth().build(); testSetup = await TestSetupBuilder.create().withUsers().build();
forbiddenNoteId = forbiddenNoteId =
testSetup.configService.get('noteConfig').forbiddenNoteIds[0]; testSetup.configService.get('noteConfig').forbiddenNoteIds[0];
@ -32,11 +29,6 @@ describe('Notes', () => {
await testSetup.app.init(); await testSetup.app.init();
user = await testSetup.userService.createUser('hardcoded', 'Testy');
user2 = await testSetup.userService.createUser(
'hardcoded2',
'Max Mustermann',
);
content = 'This is a test note.'; content = 'This is a test note.';
testImage = await fs.readFile('test/public-api/fixtures/test.png'); testImage = await fs.readFile('test/public-api/fixtures/test.png');
}); });
@ -49,6 +41,7 @@ describe('Notes', () => {
it('POST /notes', async () => { it('POST /notes', async () => {
const response = await request(testSetup.app.getHttpServer()) const response = await request(testSetup.app.getHttpServer())
.post('/api/v2/notes') .post('/api/v2/notes')
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
.set('Content-Type', 'text/markdown') .set('Content-Type', 'text/markdown')
.send(content) .send(content)
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
@ -66,9 +59,9 @@ describe('Notes', () => {
describe('GET /notes/{note}', () => { describe('GET /notes/{note}', () => {
it('works with an existing note', async () => { it('works with an existing note', async () => {
// check if we can succefully get a note that exists // check if we can succefully get a note that exists
await testSetup.notesService.createNote(content, user, 'test1');
const response = await request(testSetup.app.getHttpServer()) const response = await request(testSetup.app.getHttpServer())
.get('/api/v2/notes/test1') .get('/api/v2/notes/testAlias1')
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
.expect(200); .expect(200);
expect(response.body.content).toEqual(content); expect(response.body.content).toEqual(content);
@ -77,6 +70,7 @@ describe('Notes', () => {
// check if a missing note correctly returns 404 // check if a missing note correctly returns 404
await request(testSetup.app.getHttpServer()) await request(testSetup.app.getHttpServer())
.get('/api/v2/notes/i_dont_exist') .get('/api/v2/notes/i_dont_exist')
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
.expect(404); .expect(404);
}); });
@ -84,6 +78,7 @@ describe('Notes', () => {
// check if a forbidden note correctly returns 400 // check if a forbidden note correctly returns 400
await request(testSetup.app.getHttpServer()) await request(testSetup.app.getHttpServer())
.get('/api/v2/notes/forbiddenNoteId') .get('/api/v2/notes/forbiddenNoteId')
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
.expect(400); .expect(400);
}); });
@ -93,6 +88,7 @@ describe('Notes', () => {
it('works with a non-existing alias', async () => { it('works with a non-existing alias', async () => {
const response = await request(testSetup.app.getHttpServer()) const response = await request(testSetup.app.getHttpServer())
.post('/api/v2/notes/test2') .post('/api/v2/notes/test2')
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
.set('Content-Type', 'text/markdown') .set('Content-Type', 'text/markdown')
.send(content) .send(content)
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
@ -110,6 +106,7 @@ describe('Notes', () => {
it('fails with a forbidden alias', async () => { it('fails with a forbidden alias', async () => {
await request(testSetup.app.getHttpServer()) await request(testSetup.app.getHttpServer())
.post(`/api/v2/notes/${forbiddenNoteId}`) .post(`/api/v2/notes/${forbiddenNoteId}`)
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
.set('Content-Type', 'text/markdown') .set('Content-Type', 'text/markdown')
.send(content) .send(content)
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
@ -119,6 +116,7 @@ describe('Notes', () => {
it('fails with a existing alias', async () => { it('fails with a existing alias', async () => {
await request(testSetup.app.getHttpServer()) await request(testSetup.app.getHttpServer())
.post('/api/v2/notes/test2') .post('/api/v2/notes/test2')
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
.set('Content-Type', 'text/markdown') .set('Content-Type', 'text/markdown')
.send(content) .send(content)
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
@ -142,15 +140,20 @@ describe('Notes', () => {
describe('DELETE /notes/{note}', () => { describe('DELETE /notes/{note}', () => {
describe('works', () => { describe('works', () => {
it('with an existing alias and keepMedia false', async () => { it('with an existing alias and keepMedia false', async () => {
const noteId = 'test3'; const noteId = 'deleteTest1';
const note = await testSetup.notesService.createNote( const note = await testSetup.notesService.createNote(
content, content,
user, testSetup.users[0],
noteId, noteId,
); );
await testSetup.mediaService.saveFile(testImage, user, note); await testSetup.mediaService.saveFile(
testImage,
testSetup.users[0],
note,
);
await request(testSetup.app.getHttpServer()) await request(testSetup.app.getHttpServer())
.delete(`/api/v2/notes/${noteId}`) .delete(`/api/v2/notes/${noteId}`)
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
.set('Content-Type', 'application/json') .set('Content-Type', 'application/json')
.send({ .send({
keepMedia: false, keepMedia: false,
@ -162,24 +165,25 @@ describe('Notes', () => {
new NotInDBError(`Note with id/alias '${noteId}' not found.`), new NotInDBError(`Note with id/alias '${noteId}' not found.`),
); );
expect( expect(
await testSetup.mediaService.listUploadsByUser(user), await testSetup.mediaService.listUploadsByUser(testSetup.users[0]),
).toHaveLength(0); ).toHaveLength(0);
}); });
it('with an existing alias and keepMedia true', async () => { it('with an existing alias and keepMedia true', async () => {
const noteId = 'test3a'; const noteId = 'deleteTest2';
const note = await testSetup.notesService.createNote( const note = await testSetup.notesService.createNote(
content, content,
user, testSetup.users[0],
noteId, noteId,
); );
const upload = await testSetup.mediaService.saveFile( const upload = await testSetup.mediaService.saveFile(
testImage, testImage,
user, testSetup.users[0],
note, note,
); );
await request(testSetup.app.getHttpServer()) await request(testSetup.app.getHttpServer())
.delete(`/api/v2/notes/${noteId}`) .delete(`/api/v2/notes/${noteId}`)
.set('Content-Type', 'application/json') .set('Content-Type', 'application/json')
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
.send({ .send({
keepMedia: true, keepMedia: true,
}) })
@ -190,7 +194,7 @@ describe('Notes', () => {
new NotInDBError(`Note with id/alias '${noteId}' not found.`), new NotInDBError(`Note with id/alias '${noteId}' not found.`),
); );
expect( expect(
await testSetup.mediaService.listUploadsByUser(user), await testSetup.mediaService.listUploadsByUser(testSetup.users[0]),
).toHaveLength(1); ).toHaveLength(1);
// Remove /upload/ from path as we just need the filename. // Remove /upload/ from path as we just need the filename.
const fileName = upload.fileUrl.replace('/uploads/', ''); const fileName = upload.fileUrl.replace('/uploads/', '');
@ -201,13 +205,13 @@ describe('Notes', () => {
it('works with an existing alias with permissions', async () => { it('works with an existing alias with permissions', async () => {
const note = await testSetup.notesService.createNote( const note = await testSetup.notesService.createNote(
content, content,
user, testSetup.users[0],
'test3', 'deleteTest3',
); );
const updateNotePermission = new NotePermissionsUpdateDto(); const updateNotePermission = new NotePermissionsUpdateDto();
updateNotePermission.sharedToUsers = [ updateNotePermission.sharedToUsers = [
{ {
username: user.username, username: testSetup.users[0].username,
canEdit: true, canEdit: true,
}, },
]; ];
@ -225,26 +229,29 @@ describe('Notes', () => {
); );
expect( expect(
(await (await updatedNote.userPermissions)[0].user).username, (await (await updatedNote.userPermissions)[0].user).username,
).toEqual(user.username); ).toEqual(testSetup.users[0].username);
expect(await updatedNote.groupPermissions).toHaveLength(0); expect(await updatedNote.groupPermissions).toHaveLength(0);
await request(testSetup.app.getHttpServer()) await request(testSetup.app.getHttpServer())
.delete('/api/v2/notes/test3') .delete('/api/v2/notes/deleteTest3')
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
.send({ keepMedia: false }) .send({ keepMedia: false })
.expect(204); .expect(204);
await expect( await expect(
testSetup.notesService.getNoteByIdOrAlias('test3'), testSetup.notesService.getNoteByIdOrAlias('deleteTest3'),
).rejects.toEqual( ).rejects.toEqual(
new NotInDBError("Note with id/alias 'test3' not found."), new NotInDBError("Note with id/alias 'deleteTest3' not found."),
); );
}); });
it('fails with a forbidden alias', async () => { it('fails with a forbidden alias', async () => {
await request(testSetup.app.getHttpServer()) await request(testSetup.app.getHttpServer())
.delete(`/api/v2/notes/${forbiddenNoteId}`) .delete(`/api/v2/notes/${forbiddenNoteId}`)
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
.expect(400); .expect(400);
}); });
it('fails with a non-existing alias', async () => { it('fails with a non-existing alias', async () => {
await request(testSetup.app.getHttpServer()) await request(testSetup.app.getHttpServer())
.delete('/api/v2/notes/i_dont_exist') .delete('/api/v2/notes/i_dont_exist')
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
.expect(404); .expect(404);
}); });
}); });
@ -252,9 +259,14 @@ describe('Notes', () => {
describe('PUT /notes/{note}', () => { describe('PUT /notes/{note}', () => {
const changedContent = 'New note text'; const changedContent = 'New note text';
it('works with existing alias', async () => { it('works with existing alias', async () => {
await testSetup.notesService.createNote(content, user, 'test4'); await testSetup.notesService.createNote(
content,
testSetup.users[0],
'test4',
);
const response = await request(testSetup.app.getHttpServer()) const response = await request(testSetup.app.getHttpServer())
.put('/api/v2/notes/test4') .put('/api/v2/notes/test4')
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
.set('Content-Type', 'text/markdown') .set('Content-Type', 'text/markdown')
.send(changedContent) .send(changedContent)
.expect(200); .expect(200);
@ -268,6 +280,7 @@ describe('Notes', () => {
it('fails with a forbidden alias', async () => { it('fails with a forbidden alias', async () => {
await request(testSetup.app.getHttpServer()) await request(testSetup.app.getHttpServer())
.put(`/api/v2/notes/${forbiddenNoteId}`) .put(`/api/v2/notes/${forbiddenNoteId}`)
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
.set('Content-Type', 'text/markdown') .set('Content-Type', 'text/markdown')
.send(changedContent) .send(changedContent)
.expect(400); .expect(400);
@ -275,6 +288,7 @@ describe('Notes', () => {
it('fails with a non-existing alias', async () => { it('fails with a non-existing alias', async () => {
await request(testSetup.app.getHttpServer()) await request(testSetup.app.getHttpServer())
.put('/api/v2/notes/i_dont_exist') .put('/api/v2/notes/i_dont_exist')
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
.set('Content-Type', 'text/markdown') .set('Content-Type', 'text/markdown')
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
.expect(404); .expect(404);
@ -283,9 +297,14 @@ describe('Notes', () => {
describe('GET /notes/{note}/metadata', () => { describe('GET /notes/{note}/metadata', () => {
it('returns complete metadata object', async () => { it('returns complete metadata object', async () => {
await testSetup.notesService.createNote(content, user, 'test5'); await testSetup.notesService.createNote(
content,
testSetup.users[0],
'test5',
);
const metadata = await request(testSetup.app.getHttpServer()) const metadata = await request(testSetup.app.getHttpServer())
.get('/api/v2/notes/test5/metadata') .get('/api/v2/notes/test5/metadata')
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
.expect(200); .expect(200);
expect(typeof metadata.body.id).toEqual('string'); expect(typeof metadata.body.id).toEqual('string');
expect(metadata.body.aliases[0].name).toEqual('test5'); expect(metadata.body.aliases[0].name).toEqual('test5');
@ -294,7 +313,7 @@ describe('Notes', () => {
expect(metadata.body.description).toEqual(''); expect(metadata.body.description).toEqual('');
expect(typeof metadata.body.createdAt).toEqual('string'); expect(typeof metadata.body.createdAt).toEqual('string');
expect(metadata.body.editedBy).toEqual([]); expect(metadata.body.editedBy).toEqual([]);
expect(metadata.body.permissions.owner).toEqual('hardcoded'); expect(metadata.body.permissions.owner).toEqual('testuser1');
expect(metadata.body.permissions.sharedToUsers).toEqual([]); expect(metadata.body.permissions.sharedToUsers).toEqual([]);
expect(metadata.body.permissions.sharedToUsers).toEqual([]); expect(metadata.body.permissions.sharedToUsers).toEqual([]);
expect(metadata.body.tags).toEqual([]); expect(metadata.body.tags).toEqual([]);
@ -307,6 +326,7 @@ describe('Notes', () => {
it('fails with a forbidden alias', async () => { it('fails with a forbidden alias', async () => {
await request(testSetup.app.getHttpServer()) await request(testSetup.app.getHttpServer())
.get(`/api/v2/notes/${forbiddenNoteId}/metadata`) .get(`/api/v2/notes/${forbiddenNoteId}/metadata`)
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
.expect(400); .expect(400);
}); });
@ -314,6 +334,7 @@ describe('Notes', () => {
// check if a missing note correctly returns 404 // check if a missing note correctly returns 404
await request(testSetup.app.getHttpServer()) await request(testSetup.app.getHttpServer())
.get('/api/v2/notes/i_dont_exist/metadata') .get('/api/v2/notes/i_dont_exist/metadata')
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
.expect(404); .expect(404);
}); });
@ -322,8 +343,7 @@ describe('Notes', () => {
// create a note // create a note
const note = await testSetup.notesService.createNote( const note = await testSetup.notesService.createNote(
content, content,
user, testSetup.users[0],
'test5a', 'test5a',
); );
// save the creation time // save the creation time
@ -336,6 +356,7 @@ describe('Notes', () => {
await testSetup.notesService.updateNote(note, 'More test content'); await testSetup.notesService.updateNote(note, 'More test content');
const metadata = await request(testSetup.app.getHttpServer()) const metadata = await request(testSetup.app.getHttpServer())
.get('/api/v2/notes/test5a/metadata') .get('/api/v2/notes/test5a/metadata')
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
.expect(200); .expect(200);
expect(metadata.body.createdAt).toEqual(createDate.toISOString()); expect(metadata.body.createdAt).toEqual(createDate.toISOString());
expect(metadata.body.updatedAt).not.toEqual(updatedDate.toISOString()); expect(metadata.body.updatedAt).not.toEqual(updatedDate.toISOString());
@ -344,9 +365,14 @@ describe('Notes', () => {
describe('GET /notes/{note}/revisions', () => { describe('GET /notes/{note}/revisions', () => {
it('works with existing alias', async () => { it('works with existing alias', async () => {
await testSetup.notesService.createNote(content, user, 'test6'); await testSetup.notesService.createNote(
content,
testSetup.users[0],
'test6',
);
const response = await request(testSetup.app.getHttpServer()) const response = await request(testSetup.app.getHttpServer())
.get('/api/v2/notes/test6/revisions') .get('/api/v2/notes/test6/revisions')
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
.expect(200); .expect(200);
expect(response.body).toHaveLength(1); expect(response.body).toHaveLength(1);
@ -355,6 +381,7 @@ describe('Notes', () => {
it('fails with a forbidden alias', async () => { it('fails with a forbidden alias', async () => {
await request(testSetup.app.getHttpServer()) await request(testSetup.app.getHttpServer())
.get(`/api/v2/notes/${forbiddenNoteId}/revisions`) .get(`/api/v2/notes/${forbiddenNoteId}/revisions`)
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
.expect(400); .expect(400);
}); });
@ -362,6 +389,7 @@ describe('Notes', () => {
// check if a missing note correctly returns 404 // check if a missing note correctly returns 404
await request(testSetup.app.getHttpServer()) await request(testSetup.app.getHttpServer())
.get('/api/v2/notes/i_dont_exist/revisions') .get('/api/v2/notes/i_dont_exist/revisions')
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
.expect(404); .expect(404);
}); });
@ -371,13 +399,13 @@ describe('Notes', () => {
it('works with an existing alias', async () => { it('works with an existing alias', async () => {
const note = await testSetup.notesService.createNote( const note = await testSetup.notesService.createNote(
content, content,
user, testSetup.users[0],
'test7', 'test7',
); );
const revision = await testSetup.revisionsService.getLatestRevision(note); const revision = await testSetup.revisionsService.getLatestRevision(note);
const response = await request(testSetup.app.getHttpServer()) const response = await request(testSetup.app.getHttpServer())
.get(`/api/v2/notes/test7/revisions/${revision.id}`) .get(`/api/v2/notes/test7/revisions/${revision.id}`)
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
.expect(200); .expect(200);
expect(response.body.content).toEqual(content); expect(response.body.content).toEqual(content);
@ -385,12 +413,14 @@ describe('Notes', () => {
it('fails with a forbidden alias', async () => { it('fails with a forbidden alias', async () => {
await request(testSetup.app.getHttpServer()) await request(testSetup.app.getHttpServer())
.get(`/api/v2/notes/${forbiddenNoteId}/revisions/1`) .get(`/api/v2/notes/${forbiddenNoteId}/revisions/1`)
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
.expect(400); .expect(400);
}); });
it('fails with non-existing alias', async () => { it('fails with non-existing alias', async () => {
// check if a missing note correctly returns 404 // check if a missing note correctly returns 404
await request(testSetup.app.getHttpServer()) await request(testSetup.app.getHttpServer())
.get('/api/v2/notes/i_dont_exist/revisions/1') .get('/api/v2/notes/i_dont_exist/revisions/1')
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
.expect(404); .expect(404);
}); });
@ -398,21 +428,28 @@ describe('Notes', () => {
describe('GET /notes/{note}/content', () => { describe('GET /notes/{note}/content', () => {
it('works with an existing alias', async () => { it('works with an existing alias', async () => {
await testSetup.notesService.createNote(content, user, 'test8'); await testSetup.notesService.createNote(
content,
testSetup.users[0],
'test8',
);
const response = await request(testSetup.app.getHttpServer()) const response = await request(testSetup.app.getHttpServer())
.get('/api/v2/notes/test8/content') .get('/api/v2/notes/test8/content')
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
.expect(200); .expect(200);
expect(response.text).toEqual(content); expect(response.text).toEqual(content);
}); });
it('fails with a forbidden alias', async () => { it('fails with a forbidden alias', async () => {
await request(testSetup.app.getHttpServer()) await request(testSetup.app.getHttpServer())
.get(`/api/v2/notes/${forbiddenNoteId}/content`) .get(`/api/v2/notes/${forbiddenNoteId}/content`)
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
.expect(400); .expect(400);
}); });
it('fails with non-existing alias', async () => { it('fails with non-existing alias', async () => {
// check if a missing note correctly returns 404 // check if a missing note correctly returns 404
await request(testSetup.app.getHttpServer()) await request(testSetup.app.getHttpServer())
.get('/api/v2/notes/i_dont_exist/content') .get('/api/v2/notes/i_dont_exist/content')
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
.expect(404); .expect(404);
}); });
}); });
@ -423,17 +460,18 @@ describe('Notes', () => {
const extraAlias = 'test10'; const extraAlias = 'test10';
const note1 = await testSetup.notesService.createNote( const note1 = await testSetup.notesService.createNote(
content, content,
user, testSetup.users[0],
alias, alias,
); );
const note2 = await testSetup.notesService.createNote( const note2 = await testSetup.notesService.createNote(
content, content,
user, testSetup.users[0],
extraAlias, extraAlias,
); );
const httpServer = testSetup.app.getHttpServer(); const httpServer = testSetup.app.getHttpServer();
const response = await request(httpServer) const response = await request(httpServer)
.get(`/api/v2/notes/${alias}/media/`) .get(`/api/v2/notes/${alias}/media/`)
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
.expect(200); .expect(200);
expect(response.body).toHaveLength(0); expect(response.body).toHaveLength(0);
@ -441,17 +479,18 @@ describe('Notes', () => {
const testImage = await fs.readFile('test/public-api/fixtures/test.png'); const testImage = await fs.readFile('test/public-api/fixtures/test.png');
const upload0 = await testSetup.mediaService.saveFile( const upload0 = await testSetup.mediaService.saveFile(
testImage, testImage,
user, testSetup.users[0],
note1, note1,
); );
const upload1 = await testSetup.mediaService.saveFile( const upload1 = await testSetup.mediaService.saveFile(
testImage, testImage,
user, testSetup.users[0],
note2, note2,
); );
const responseAfter = await request(httpServer) const responseAfter = await request(httpServer)
.get(`/api/v2/notes/${alias}/media/`) .get(`/api/v2/notes/${alias}/media/`)
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
.expect(200); .expect(200);
expect(responseAfter.body).toHaveLength(1); expect(responseAfter.body).toHaveLength(1);
@ -467,6 +506,7 @@ describe('Notes', () => {
it('fails, when note does not exist', async () => { it('fails, when note does not exist', async () => {
await request(testSetup.app.getHttpServer()) await request(testSetup.app.getHttpServer())
.get(`/api/v2/notes/i_dont_exist/media/`) .get(`/api/v2/notes/i_dont_exist/media/`)
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
.expect(404); .expect(404);
}); });
@ -474,7 +514,7 @@ describe('Notes', () => {
const alias = 'test11'; const alias = 'test11';
await testSetup.notesService.createNote( await testSetup.notesService.createNote(
'This is a test note.', 'This is a test note.',
user2, testSetup.users[1],
alias, alias,
); );
// Redact default read permissions // Redact default read permissions
@ -485,6 +525,7 @@ describe('Notes', () => {
await testSetup.permissionsService.removeGroupPermission(note, loggedin); await testSetup.permissionsService.removeGroupPermission(note, loggedin);
await request(testSetup.app.getHttpServer()) await request(testSetup.app.getHttpServer())
.get(`/api/v2/notes/${alias}/media/`) .get(`/api/v2/notes/${alias}/media/`)
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
.expect(403); .expect(403);
}); });