github/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2024-11-28 21:33:59 -05:00
Code Issues Projects Releases Packages Wiki Activity

test(e2e/private/alias): test all error scenarios

Browse source 
Signed-off-by: David Mehren <git@herrmehren.de>
This commit is contained in:
David Mehren 2021-12-07 17:20:28 +01:00
parent b2802d4c29
commit ae52f70ef9
1 changed files with 96 additions and 34 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

130
test/private-api/alias.e2e-spec.ts
View file

@ -3,6 +3,7 @@
* *
* SPDX-License-Identifier: AGPL-3.0-only * SPDX-License-Identifier: AGPL-3.0-only
*/ */
import { response } from 'express';
import request from 'supertest'; import request from 'supertest';
import { AliasCreateDto } from '../../src/notes/alias-create.dto'; import { AliasCreateDto } from '../../src/notes/alias-create.dto';
@ -13,28 +14,32 @@ import { TestSetup } from '../test-setup';
describe('Alias', () => { describe('Alias', () => {
let testSetup: TestSetup; let testSetup: TestSetup;
let user: User; let users: User[];
let content: string; const content = 'This is a test note.';
let forbiddenNoteId: string; let forbiddenNoteId: string;
let agent: request.SuperAgentTest; let agent1: request.SuperAgentTest;
let agent2: request.SuperAgentTest;
beforeAll(async () => { beforeAll(async () => {
testSetup = await (await TestSetup.create()).withUsers(); testSetup = await (await TestSetup.create()).withUsers();
await testSetup.app.init();
forbiddenNoteId = forbiddenNoteId =
testSetup.configService.get('appConfig').forbiddenNoteIds[0]; testSetup.configService.get('appConfig').forbiddenNoteIds[0];
users = testSetup.users;
await testSetup.app.init(); agent1 = request.agent(testSetup.app.getHttpServer());
await agent1
user = testSetup.users[0];
content = 'This is a test note.';
agent = request.agent(testSetup.app.getHttpServer());
await agent
.post('/api/private/auth/local/login') .post('/api/private/auth/local/login')
.send({ username: 'testuser1', password: 'testuser1' }) .send({ username: 'testuser1', password: 'testuser1' })
.expect(201); .expect(201);
agent2 = request.agent(testSetup.app.getHttpServer());
await agent2
.post('/api/private/auth/local/login')
.send({ username: 'testuser2', password: 'testuser2' })
.expect(201);
}); });
describe('POST /alias', () => { describe('POST /alias', () => {
@ -47,7 +52,7 @@ describe('Alias', () => {
beforeAll(async () => { beforeAll(async () => {
const note = await testSetup.notesService.createNote( const note = await testSetup.notesService.createNote(
content, content,
user, users[0],
testAlias, testAlias,
); );
publicId = note.publicId; publicId = note.publicId;
@ -56,7 +61,7 @@ describe('Alias', () => {
it('create with normal alias', async () => { it('create with normal alias', async () => {
const newAlias = 'normalAlias'; const newAlias = 'normalAlias';
newAliasDto.newAlias = newAlias; newAliasDto.newAlias = newAlias;
const metadata = await agent const metadata = await agent1
.post(`/api/private/alias`) .post(`/api/private/alias`)
.set('Content-Type', 'application/json') .set('Content-Type', 'application/json')
.send(newAliasDto) .send(newAliasDto)
@ -64,7 +69,7 @@ describe('Alias', () => {
expect(metadata.body.name).toEqual(newAlias); expect(metadata.body.name).toEqual(newAlias);
expect(metadata.body.primaryAlias).toBeFalsy(); expect(metadata.body.primaryAlias).toBeFalsy();
expect(metadata.body.noteId).toEqual(publicId); expect(metadata.body.noteId).toEqual(publicId);
const note = await agent const note = await agent1
.get(`/api/private/notes/${newAlias}`) .get(`/api/private/notes/${newAlias}`)
.expect(200); .expect(200);
expect(note.body.metadata.aliases).toContain(newAlias); expect(note.body.metadata.aliases).toContain(newAlias);
@ -75,19 +80,32 @@ describe('Alias', () => {
describe('does not create an alias', () => { describe('does not create an alias', () => {
it('because of a forbidden alias', async () => { it('because of a forbidden alias', async () => {
newAliasDto.newAlias = forbiddenNoteId; newAliasDto.newAlias = forbiddenNoteId;
await agent await agent1
.post(`/api/private/alias`)
.set('Content-Type', 'application/json')
.send(newAliasDto)
.expect(400)
.then((response) => {
expect(response.body.message).toContain(
'is forbidden by the administrator',
);
});
});
it('because of a alias that is a public id', async () => {
newAliasDto.newAlias = publicId;
await agent1
.post(`/api/private/alias`) .post(`/api/private/alias`)
.set('Content-Type', 'application/json') .set('Content-Type', 'application/json')
.send(newAliasDto) .send(newAliasDto)
.expect(400); .expect(400);
}); });
it('because of a alias that is a public id', async () => { it('because the user is not an owner', async () => {
newAliasDto.newAlias = publicId; newAliasDto.newAlias = publicId;
await agent await agent2
.post(`/api/private/alias`) .post(`/api/private/alias`)
.set('Content-Type', 'application/json') .set('Content-Type', 'application/json')
.send(newAliasDto) .send(newAliasDto)
.expect(400); .expect(401);
}); });
}); });
}); });
@ -102,7 +120,7 @@ describe('Alias', () => {
beforeAll(async () => { beforeAll(async () => {
const note = await testSetup.notesService.createNote( const note = await testSetup.notesService.createNote(
content, content,
user, users[0],
testAlias, testAlias,
); );
publicId = note.publicId; publicId = note.publicId;
@ -110,7 +128,7 @@ describe('Alias', () => {
}); });
it('updates a note with a normal alias', async () => { it('updates a note with a normal alias', async () => {
const metadata = await agent const metadata = await agent1
.put(`/api/private/alias/${newAlias}`) .put(`/api/private/alias/${newAlias}`)
.set('Content-Type', 'application/json') .set('Content-Type', 'application/json')
.send(changeAliasDto) .send(changeAliasDto)
@ -118,7 +136,7 @@ describe('Alias', () => {
expect(metadata.body.name).toEqual(newAlias); expect(metadata.body.name).toEqual(newAlias);
expect(metadata.body.primaryAlias).toBeTruthy(); expect(metadata.body.primaryAlias).toBeTruthy();
expect(metadata.body.noteId).toEqual(publicId); expect(metadata.body.noteId).toEqual(publicId);
const note = await agent const note = await agent1
.get(`/api/private/notes/${newAlias}`) .get(`/api/private/notes/${newAlias}`)
.expect(200); .expect(200);
expect(note.body.metadata.aliases).toContain(newAlias); expect(note.body.metadata.aliases).toContain(newAlias);
@ -128,54 +146,98 @@ describe('Alias', () => {
describe('does not update', () => { describe('does not update', () => {
it('a note with unknown alias', async () => { it('a note with unknown alias', async () => {
await agent await agent1
.put(`/api/private/alias/i_dont_exist`) .put(`/api/private/alias/i_dont_exist`)
.set('Content-Type', 'application/json') .set('Content-Type', 'application/json')
.send(changeAliasDto) .send(changeAliasDto)
.expect(404); .expect(404);
}); });
it('a note with a forbidden ID', async () => {
await agent1
.put(`/api/private/alias/${forbiddenNoteId}`)
.set('Content-Type', 'application/json')
.send(changeAliasDto)
.expect(400)
.then((response) => {
expect(response.body.message).toContain(
'is forbidden by the administrator',
);
});
});
it('if the property primaryAlias is false', async () => { it('if the property primaryAlias is false', async () => {
changeAliasDto.primaryAlias = false; changeAliasDto.primaryAlias = false;
await agent await agent1
.put(`/api/private/alias/${newAlias}`) .put(`/api/private/alias/${newAlias}`)
.set('Content-Type', 'application/json') .set('Content-Type', 'application/json')
.send(changeAliasDto) .send(changeAliasDto)
.expect(400); .expect(400);
}); });
it('if the user is not an owner', async () => {
changeAliasDto.primaryAlias = true;
await agent2
.put(`/api/private/alias/${newAlias}`)
.set('Content-Type', 'application/json')
.send(changeAliasDto)
.expect(401);
});
}); });
}); });
describe('DELETE /alias/{alias}', () => { describe('DELETE /alias/{alias}', () => {
const testAlias = 'aliasTest3'; const testAlias = 'aliasTest3';
const newAlias = 'normalAlias3'; const newAlias = 'normalAlias3';
beforeAll(async () => { let note;
const note = await testSetup.notesService.createNote(
beforeEach(async () => {
note = await testSetup.notesService.createNote(
content, content,
user, users[0],
testAlias, testAlias,
); );
await testSetup.aliasService.addAlias(note, newAlias); await testSetup.aliasService.addAlias(note, newAlias);
}); });
afterEach(async () => {
try {
await testSetup.aliasService.removeAlias(note, newAlias);
// Ignore errors on removing alias
// eslint-disable-next-line no-empty
} catch (e) {}
await testSetup.notesService.deleteNote(note);
});
it('deletes a normal alias', async () => { it('deletes a normal alias', async () => {
await agent.delete(`/api/private/alias/${newAlias}`).expect(204); await agent1.delete(`/api/private/alias/${newAlias}`).expect(204);
await agent.get(`/api/private/notes/${newAlias}`).expect(404); await agent1.get(`/api/private/notes/${newAlias}`).expect(404);
}); });
it('does not delete an unknown alias', async () => { it('does not delete an unknown alias', async () => {
await agent.delete(`/api/private/alias/i_dont_exist`).expect(404); await agent1.delete(`/api/private/alias/i_dont_exist`).expect(404);
});
it('does not delete an alias of a forbidden note', async () => {
await agent1
.delete(`/api/private/alias/${forbiddenNoteId}`)
.expect(400)
.then((response) => {
expect(response.body.message).toContain(
'is forbidden by the administrator',
);
});
});
it('fails if the user does not own the note', async () => {
await agent2.delete(`/api/private/alias/${newAlias}`).expect(401);
}); });
it('does not delete an primary alias (if it is not the only one)', async () => { it('does not delete an primary alias (if it is not the only one)', async () => {
const note = await testSetup.notesService.getNoteByIdOrAlias(testAlias); await agent1.delete(`/api/private/alias/${testAlias}`).expect(400);
await testSetup.aliasService.addAlias(note, newAlias); await agent1.get(`/api/private/notes/${newAlias}`).expect(200);
await agent.delete(`/api/private/alias/${testAlias}`).expect(400);
await agent.get(`/api/private/notes/${newAlias}`).expect(200);
}); });
it('deletes a primary alias (if it is the only one)', async () => { it('deletes a primary alias (if it is the only one)', async () => {
await agent.delete(`/api/private/alias/${newAlias}`).expect(204); await agent1.delete(`/api/private/alias/${newAlias}`).expect(204);
await agent.delete(`/api/private/alias/${testAlias}`).expect(204); await agent1.delete(`/api/private/alias/${testAlias}`).expect(204);
}); });
}); });
}); });