Merge pull request #1673 from hedgedoc/remove-hardcoded

This commit is contained in:
Yannick Bungers 2021-10-13 21:14:33 +02:00 committed by GitHub
commit e5750b0084
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
14 changed files with 354 additions and 155 deletions

View file

@ -22,7 +22,7 @@ module.exports = {
'jest/expect-expect': [ 'jest/expect-expect': [
'error', 'error',
{ {
assertFunctionNames: ['expect', 'request.**.expect'], assertFunctionNames: ['expect', 'request.**.expect', 'agent.**.expect'],
}, },
], ],
'jest/no-standalone-expect': [ 'jest/no-standalone-expect': [

View file

@ -13,10 +13,9 @@ import {
Param, Param,
Post, Post,
Put, Put,
Req,
UnauthorizedException, UnauthorizedException,
UseGuards,
} from '@nestjs/common'; } from '@nestjs/common';
import { Request } from 'express';
import { import {
AlreadyInDBError, AlreadyInDBError,
@ -24,6 +23,7 @@ import {
NotInDBError, NotInDBError,
PrimaryAliasDeletionForbiddenError, PrimaryAliasDeletionForbiddenError,
} from '../../../errors/errors'; } from '../../../errors/errors';
import { SessionGuard } from '../../../identity/session.guard';
import { ConsoleLoggerService } from '../../../logger/console-logger.service'; import { ConsoleLoggerService } from '../../../logger/console-logger.service';
import { AliasCreateDto } from '../../../notes/alias-create.dto'; import { AliasCreateDto } from '../../../notes/alias-create.dto';
import { AliasUpdateDto } from '../../../notes/alias-update.dto'; import { AliasUpdateDto } from '../../../notes/alias-update.dto';
@ -31,8 +31,11 @@ import { AliasDto } from '../../../notes/alias.dto';
import { AliasService } from '../../../notes/alias.service'; import { AliasService } from '../../../notes/alias.service';
import { NotesService } from '../../../notes/notes.service'; import { NotesService } from '../../../notes/notes.service';
import { PermissionsService } from '../../../permissions/permissions.service'; import { PermissionsService } from '../../../permissions/permissions.service';
import { User } from '../../../users/user.entity';
import { UsersService } from '../../../users/users.service'; import { UsersService } from '../../../users/users.service';
import { RequestUser } from '../../utils/request-user.decorator';
@UseGuards(SessionGuard)
@Controller('alias') @Controller('alias')
export class AliasController { export class AliasController {
constructor( constructor(
@ -44,15 +47,12 @@ export class AliasController {
) { ) {
this.logger.setContext(AliasController.name); this.logger.setContext(AliasController.name);
} }
@Post() @Post()
async addAlias( async addAlias(
@Req() req: Request, @RequestUser() user: User,
@Body() newAliasDto: AliasCreateDto, @Body() newAliasDto: AliasCreateDto,
): Promise<AliasDto> { ): Promise<AliasDto> {
try { try {
// ToDo: use actual user here
const user = await this.userService.getUserByUsername('hardcoded');
const note = await this.noteService.getNoteByIdOrAlias( const note = await this.noteService.getNoteByIdOrAlias(
newAliasDto.noteIdOrAlias, newAliasDto.noteIdOrAlias,
); );
@ -77,7 +77,7 @@ export class AliasController {
@Put(':alias') @Put(':alias')
async makeAliasPrimary( async makeAliasPrimary(
@Req() req: Request, @RequestUser() user: User,
@Param('alias') alias: string, @Param('alias') alias: string,
@Body() changeAliasDto: AliasUpdateDto, @Body() changeAliasDto: AliasUpdateDto,
): Promise<AliasDto> { ): Promise<AliasDto> {
@ -87,8 +87,6 @@ export class AliasController {
); );
} }
try { try {
// ToDo: use actual user here
const user = await this.userService.getUserByUsername('hardcoded');
const note = await this.noteService.getNoteByIdOrAlias(alias); const note = await this.noteService.getNoteByIdOrAlias(alias);
if (!this.permissionsService.isOwner(user, note)) { if (!this.permissionsService.isOwner(user, note)) {
throw new UnauthorizedException('Reading note denied!'); throw new UnauthorizedException('Reading note denied!');
@ -112,12 +110,10 @@ export class AliasController {
@Delete(':alias') @Delete(':alias')
@HttpCode(204) @HttpCode(204)
async removeAlias( async removeAlias(
@Req() req: Request, @RequestUser() user: User,
@Param('alias') alias: string, @Param('alias') alias: string,
): Promise<void> { ): Promise<void> {
try { try {
// ToDo: use actual user here
const user = await this.userService.getUserByUsername('hardcoded');
const note = await this.noteService.getNoteByIdOrAlias(alias); const note = await this.noteService.getNoteByIdOrAlias(alias);
if (!this.permissionsService.isOwner(user, note)) { if (!this.permissionsService.isOwner(user, note)) {
throw new UnauthorizedException('Reading note denied!'); throw new UnauthorizedException('Reading note denied!');

View file

@ -13,6 +13,7 @@ import {
Param, Param,
Post, Post,
Put, Put,
UseGuards,
} from '@nestjs/common'; } from '@nestjs/common';
import { ApiTags } from '@nestjs/swagger'; import { ApiTags } from '@nestjs/swagger';
@ -21,27 +22,27 @@ import { HistoryEntryImportDto } from '../../../../history/history-entry-import.
import { HistoryEntryUpdateDto } from '../../../../history/history-entry-update.dto'; import { HistoryEntryUpdateDto } from '../../../../history/history-entry-update.dto';
import { HistoryEntryDto } from '../../../../history/history-entry.dto'; import { HistoryEntryDto } from '../../../../history/history-entry.dto';
import { HistoryService } from '../../../../history/history.service'; import { HistoryService } from '../../../../history/history.service';
import { SessionGuard } from '../../../../identity/session.guard';
import { ConsoleLoggerService } from '../../../../logger/console-logger.service'; import { ConsoleLoggerService } from '../../../../logger/console-logger.service';
import { GetNotePipe } from '../../../../notes/get-note.pipe'; import { GetNotePipe } from '../../../../notes/get-note.pipe';
import { Note } from '../../../../notes/note.entity'; import { Note } from '../../../../notes/note.entity';
import { UsersService } from '../../../../users/users.service'; import { User } from '../../../../users/user.entity';
import { RequestUser } from '../../../utils/request-user.decorator';
@UseGuards(SessionGuard)
@ApiTags('history') @ApiTags('history')
@Controller('/me/history') @Controller('/me/history')
export class HistoryController { export class HistoryController {
constructor( constructor(
private readonly logger: ConsoleLoggerService, private readonly logger: ConsoleLoggerService,
private historyService: HistoryService, private historyService: HistoryService,
private userService: UsersService,
) { ) {
this.logger.setContext(HistoryController.name); this.logger.setContext(HistoryController.name);
} }
@Get() @Get()
async getHistory(): Promise<HistoryEntryDto[]> { async getHistory(@RequestUser() user: User): Promise<HistoryEntryDto[]> {
// ToDo: use actual user here
try { try {
const user = await this.userService.getUserByUsername('hardcoded');
const foundEntries = await this.historyService.getEntriesByUser(user); const foundEntries = await this.historyService.getEntriesByUser(user);
return foundEntries.map((entry) => return foundEntries.map((entry) =>
this.historyService.toHistoryEntryDto(entry), this.historyService.toHistoryEntryDto(entry),
@ -56,11 +57,10 @@ export class HistoryController {
@Post() @Post()
async setHistory( async setHistory(
@RequestUser() user: User,
@Body('history') history: HistoryEntryImportDto[], @Body('history') history: HistoryEntryImportDto[],
): Promise<void> { ): Promise<void> {
try { try {
// ToDo: use actual user here
const user = await this.userService.getUserByUsername('hardcoded');
await this.historyService.setHistory(user, history); await this.historyService.setHistory(user, history);
} catch (e) { } catch (e) {
if (e instanceof NotInDBError || e instanceof ForbiddenIdError) { if (e instanceof NotInDBError || e instanceof ForbiddenIdError) {
@ -71,10 +71,8 @@ export class HistoryController {
} }
@Delete() @Delete()
async deleteHistory(): Promise<void> { async deleteHistory(@RequestUser() user: User): Promise<void> {
try { try {
// ToDo: use actual user here
const user = await this.userService.getUserByUsername('hardcoded');
await this.historyService.deleteHistory(user); await this.historyService.deleteHistory(user);
} catch (e) { } catch (e) {
if (e instanceof NotInDBError) { if (e instanceof NotInDBError) {
@ -87,11 +85,10 @@ export class HistoryController {
@Put(':note') @Put(':note')
async updateHistoryEntry( async updateHistoryEntry(
@Param('note', GetNotePipe) note: Note, @Param('note', GetNotePipe) note: Note,
@RequestUser() user: User,
@Body() entryUpdateDto: HistoryEntryUpdateDto, @Body() entryUpdateDto: HistoryEntryUpdateDto,
): Promise<HistoryEntryDto> { ): Promise<HistoryEntryDto> {
try { try {
// ToDo: use actual user here
const user = await this.userService.getUserByUsername('hardcoded');
const newEntry = await this.historyService.updateHistoryEntry( const newEntry = await this.historyService.updateHistoryEntry(
note, note,
user, user,
@ -109,10 +106,9 @@ export class HistoryController {
@Delete(':note') @Delete(':note')
async deleteHistoryEntry( async deleteHistoryEntry(
@Param('note', GetNotePipe) note: Note, @Param('note', GetNotePipe) note: Note,
@RequestUser() user: User,
): Promise<void> { ): Promise<void> {
try { try {
// ToDo: use actual user here
const user = await this.userService.getUserByUsername('hardcoded');
await this.historyService.deleteHistoryEntry(note, user); await this.historyService.deleteHistoryEntry(note, user);
} catch (e) { } catch (e) {
if (e instanceof NotInDBError) { if (e instanceof NotInDBError) {

View file

@ -3,14 +3,26 @@
* *
* SPDX-License-Identifier: AGPL-3.0-only * SPDX-License-Identifier: AGPL-3.0-only
*/ */
import { Body, Controller, Delete, Get, HttpCode, Post } from '@nestjs/common'; import {
Body,
Controller,
Delete,
Get,
HttpCode,
Post,
UseGuards,
} from '@nestjs/common';
import { SessionGuard } from '../../../identity/session.guard';
import { ConsoleLoggerService } from '../../../logger/console-logger.service'; import { ConsoleLoggerService } from '../../../logger/console-logger.service';
import { MediaUploadDto } from '../../../media/media-upload.dto'; import { MediaUploadDto } from '../../../media/media-upload.dto';
import { MediaService } from '../../../media/media.service'; import { MediaService } from '../../../media/media.service';
import { UserInfoDto } from '../../../users/user-info.dto'; import { UserInfoDto } from '../../../users/user-info.dto';
import { User } from '../../../users/user.entity';
import { UsersService } from '../../../users/users.service'; import { UsersService } from '../../../users/users.service';
import { RequestUser } from '../../utils/request-user.decorator';
@UseGuards(SessionGuard)
@Controller('me') @Controller('me')
export class MeController { export class MeController {
constructor( constructor(
@ -20,27 +32,20 @@ export class MeController {
) { ) {
this.logger.setContext(MeController.name); this.logger.setContext(MeController.name);
} }
@Get() @Get()
async getMe(): Promise<UserInfoDto> { getMe(@RequestUser() user: User): UserInfoDto {
// ToDo: use actual user here
const user = await this.userService.getUserByUsername('hardcoded');
return this.userService.toUserDto(user); return this.userService.toUserDto(user);
} }
@Get('media') @Get('media')
async getMyMedia(): Promise<MediaUploadDto[]> { async getMyMedia(@RequestUser() user: User): Promise<MediaUploadDto[]> {
// ToDo: use actual user here
const user = await this.userService.getUserByUsername('hardcoded');
const media = await this.mediaService.listUploadsByUser(user); const media = await this.mediaService.listUploadsByUser(user);
return media.map((media) => this.mediaService.toMediaUploadDto(media)); return media.map((media) => this.mediaService.toMediaUploadDto(media));
} }
@Delete() @Delete()
@HttpCode(204) @HttpCode(204)
async deleteUser(): Promise<void> { async deleteUser(@RequestUser() user: User): Promise<void> {
// ToDo: use actual user here
const user = await this.userService.getUserByUsername('hardcoded');
const mediaUploads = await this.mediaService.listUploadsByUser(user); const mediaUploads = await this.mediaService.listUploadsByUser(user);
for (const mediaUpload of mediaUploads) { for (const mediaUpload of mediaUploads) {
await this.mediaService.deleteFile(mediaUpload); await this.mediaService.deleteFile(mediaUpload);
@ -52,9 +57,10 @@ export class MeController {
@Post('profile') @Post('profile')
@HttpCode(200) @HttpCode(200)
async updateDisplayName(@Body('name') newDisplayName: string): Promise<void> { async updateDisplayName(
// ToDo: use actual user here @RequestUser() user: User,
const user = await this.userService.getUserByUsername('hardcoded'); @Body('name') newDisplayName: string,
): Promise<void> {
await this.userService.changeDisplayName(user, newDisplayName); await this.userService.changeDisplayName(user, newDisplayName);
} }
} }

View file

@ -11,6 +11,7 @@ import {
InternalServerErrorException, InternalServerErrorException,
Post, Post,
UploadedFile, UploadedFile,
UseGuards,
UseInterceptors, UseInterceptors,
} from '@nestjs/common'; } from '@nestjs/common';
import { FileInterceptor } from '@nestjs/platform-express'; import { FileInterceptor } from '@nestjs/platform-express';
@ -20,6 +21,7 @@ import {
MediaBackendError, MediaBackendError,
NotInDBError, NotInDBError,
} from '../../../errors/errors'; } from '../../../errors/errors';
import { SessionGuard } from '../../../identity/session.guard';
import { ConsoleLoggerService } from '../../../logger/console-logger.service'; import { ConsoleLoggerService } from '../../../logger/console-logger.service';
import { MediaUploadUrlDto } from '../../../media/media-upload-url.dto'; import { MediaUploadUrlDto } from '../../../media/media-upload-url.dto';
import { MediaService } from '../../../media/media.service'; import { MediaService } from '../../../media/media.service';
@ -28,7 +30,9 @@ import { Note } from '../../../notes/note.entity';
import { NotesService } from '../../../notes/notes.service'; import { NotesService } from '../../../notes/notes.service';
import { User } from '../../../users/user.entity'; import { User } from '../../../users/user.entity';
import { UsersService } from '../../../users/users.service'; import { UsersService } from '../../../users/users.service';
import { RequestUser } from '../../utils/request-user.decorator';
@UseGuards(SessionGuard)
@Controller('media') @Controller('media')
export class MediaController { export class MediaController {
constructor( constructor(
@ -46,9 +50,8 @@ export class MediaController {
async uploadMedia( async uploadMedia(
@UploadedFile() file: MulterFile, @UploadedFile() file: MulterFile,
@Headers('HedgeDoc-Note') noteId: string, @Headers('HedgeDoc-Note') noteId: string,
@RequestUser() user: User,
): Promise<MediaUploadUrlDto> { ): Promise<MediaUploadUrlDto> {
// ToDo: Get real userName
const user: User = await this.userService.getUserByUsername('hardcoded');
try { try {
// TODO: Move getting the Note object into a decorator // TODO: Move getting the Note object into a decorator
const note: Note = await this.noteService.getNoteByIdOrAlias(noteId); const note: Note = await this.noteService.getNoteByIdOrAlias(noteId);

View file

@ -14,6 +14,7 @@ import {
Param, Param,
Post, Post,
UnauthorizedException, UnauthorizedException,
UseGuards,
} from '@nestjs/common'; } from '@nestjs/common';
import { import {
@ -22,6 +23,7 @@ import {
NotInDBError, NotInDBError,
} from '../../../errors/errors'; } from '../../../errors/errors';
import { HistoryService } from '../../../history/history.service'; import { HistoryService } from '../../../history/history.service';
import { SessionGuard } from '../../../identity/session.guard';
import { ConsoleLoggerService } from '../../../logger/console-logger.service'; import { ConsoleLoggerService } from '../../../logger/console-logger.service';
import { MediaUploadDto } from '../../../media/media-upload.dto'; import { MediaUploadDto } from '../../../media/media-upload.dto';
import { MediaService } from '../../../media/media.service'; import { MediaService } from '../../../media/media.service';
@ -34,9 +36,12 @@ import { PermissionsService } from '../../../permissions/permissions.service';
import { RevisionMetadataDto } from '../../../revisions/revision-metadata.dto'; import { RevisionMetadataDto } from '../../../revisions/revision-metadata.dto';
import { RevisionDto } from '../../../revisions/revision.dto'; import { RevisionDto } from '../../../revisions/revision.dto';
import { RevisionsService } from '../../../revisions/revisions.service'; import { RevisionsService } from '../../../revisions/revisions.service';
import { User } from '../../../users/user.entity';
import { UsersService } from '../../../users/users.service'; import { UsersService } from '../../../users/users.service';
import { MarkdownBody } from '../../utils/markdownbody-decorator'; import { MarkdownBody } from '../../utils/markdownbody-decorator';
import { RequestUser } from '../../utils/request-user.decorator';
@UseGuards(SessionGuard)
@Controller('notes') @Controller('notes')
export class NotesController { export class NotesController {
constructor( constructor(
@ -53,10 +58,9 @@ export class NotesController {
@Get(':noteIdOrAlias') @Get(':noteIdOrAlias')
async getNote( async getNote(
@RequestUser() user: User,
@Param('noteIdOrAlias', GetNotePipe) note: Note, @Param('noteIdOrAlias', GetNotePipe) note: Note,
): Promise<NoteDto> { ): Promise<NoteDto> {
// ToDo: use actual user here
const user = await this.userService.getUserByUsername('hardcoded');
if (!this.permissionsService.mayRead(user, note)) { if (!this.permissionsService.mayRead(user, note)) {
throw new UnauthorizedException('Reading note denied!'); throw new UnauthorizedException('Reading note denied!');
} }
@ -67,10 +71,9 @@ export class NotesController {
@Get(':noteIdOrAlias/media') @Get(':noteIdOrAlias/media')
async getNotesMedia( async getNotesMedia(
@Param('noteIdOrAlias', GetNotePipe) note: Note, @Param('noteIdOrAlias', GetNotePipe) note: Note,
@RequestUser() user: User,
): Promise<MediaUploadDto[]> { ): Promise<MediaUploadDto[]> {
try { try {
// ToDo: use actual user here
const user = await this.userService.getUserByUsername('hardcoded');
if (!this.permissionsService.mayRead(user, note)) { if (!this.permissionsService.mayRead(user, note)) {
throw new UnauthorizedException('Reading note denied!'); throw new UnauthorizedException('Reading note denied!');
} }
@ -86,10 +89,10 @@ export class NotesController {
@Post() @Post()
@HttpCode(201) @HttpCode(201)
async createNote(@MarkdownBody() text: string): Promise<NoteDto> { async createNote(
// ToDo: use actual user here @RequestUser() user: User,
const user = await this.userService.getUserByUsername('hardcoded'); @MarkdownBody() text: string,
// ToDo: provide user for createNoteDto ): Promise<NoteDto> {
if (!this.permissionsService.mayCreate(user)) { if (!this.permissionsService.mayCreate(user)) {
throw new UnauthorizedException('Creating note denied!'); throw new UnauthorizedException('Creating note denied!');
} }
@ -102,11 +105,10 @@ export class NotesController {
@Post(':noteAlias') @Post(':noteAlias')
@HttpCode(201) @HttpCode(201)
async createNamedNote( async createNamedNote(
@RequestUser() user: User,
@Param('noteAlias') noteAlias: string, @Param('noteAlias') noteAlias: string,
@MarkdownBody() text: string, @MarkdownBody() text: string,
): Promise<NoteDto> { ): Promise<NoteDto> {
// ToDo: use actual user here
const user = await this.userService.getUserByUsername('hardcoded');
if (!this.permissionsService.mayCreate(user)) { if (!this.permissionsService.mayCreate(user)) {
throw new UnauthorizedException('Creating note denied!'); throw new UnauthorizedException('Creating note denied!');
} }
@ -129,12 +131,11 @@ export class NotesController {
@Delete(':noteIdOrAlias') @Delete(':noteIdOrAlias')
@HttpCode(204) @HttpCode(204)
async deleteNote( async deleteNote(
@RequestUser() user: User,
@Param('noteIdOrAlias', GetNotePipe) note: Note, @Param('noteIdOrAlias', GetNotePipe) note: Note,
@Body() noteMediaDeletionDto: NoteMediaDeletionDto, @Body() noteMediaDeletionDto: NoteMediaDeletionDto,
): Promise<void> { ): Promise<void> {
try { try {
// ToDo: use actual user here
const user = await this.userService.getUserByUsername('hardcoded');
if (!this.permissionsService.isOwner(user, note)) { if (!this.permissionsService.isOwner(user, note)) {
throw new UnauthorizedException('Deleting note denied!'); throw new UnauthorizedException('Deleting note denied!');
} }
@ -160,11 +161,10 @@ export class NotesController {
@Get(':noteIdOrAlias/revisions') @Get(':noteIdOrAlias/revisions')
async getNoteRevisions( async getNoteRevisions(
@RequestUser() user: User,
@Param('noteIdOrAlias', GetNotePipe) note: Note, @Param('noteIdOrAlias', GetNotePipe) note: Note,
): Promise<RevisionMetadataDto[]> { ): Promise<RevisionMetadataDto[]> {
try { try {
// ToDo: use actual user here
const user = await this.userService.getUserByUsername('hardcoded');
if (!this.permissionsService.mayRead(user, note)) { if (!this.permissionsService.mayRead(user, note)) {
throw new UnauthorizedException('Reading note denied!'); throw new UnauthorizedException('Reading note denied!');
} }
@ -185,11 +185,10 @@ export class NotesController {
@Delete(':noteIdOrAlias/revisions') @Delete(':noteIdOrAlias/revisions')
@HttpCode(204) @HttpCode(204)
async purgeNoteRevisions( async purgeNoteRevisions(
@RequestUser() user: User,
@Param('noteIdOrAlias') noteIdOrAlias: string, @Param('noteIdOrAlias') noteIdOrAlias: string,
): Promise<void> { ): Promise<void> {
try { try {
// ToDo: use actual user here
const user = await this.userService.getUserByUsername('hardcoded');
const note = await this.noteService.getNoteByIdOrAlias(noteIdOrAlias); const note = await this.noteService.getNoteByIdOrAlias(noteIdOrAlias);
if (!this.permissionsService.mayRead(user, note)) { if (!this.permissionsService.mayRead(user, note)) {
throw new UnauthorizedException('Reading note denied!'); throw new UnauthorizedException('Reading note denied!');
@ -217,12 +216,11 @@ export class NotesController {
@Get(':noteIdOrAlias/revisions/:revisionId') @Get(':noteIdOrAlias/revisions/:revisionId')
async getNoteRevision( async getNoteRevision(
@RequestUser() user: User,
@Param('noteIdOrAlias', GetNotePipe) note: Note, @Param('noteIdOrAlias', GetNotePipe) note: Note,
@Param('revisionId') revisionId: number, @Param('revisionId') revisionId: number,
): Promise<RevisionDto> { ): Promise<RevisionDto> {
try { try {
// ToDo: use actual user here
const user = await this.userService.getUserByUsername('hardcoded');
if (!this.permissionsService.mayRead(user, note)) { if (!this.permissionsService.mayRead(user, note)) {
throw new UnauthorizedException('Reading note denied!'); throw new UnauthorizedException('Reading note denied!');
} }

View file

@ -14,6 +14,7 @@ import { Identity } from '../../../identity/identity.entity';
import { LoggerModule } from '../../../logger/logger.module'; import { LoggerModule } from '../../../logger/logger.module';
import { Session } from '../../../users/session.entity'; import { Session } from '../../../users/session.entity';
import { User } from '../../../users/user.entity'; import { User } from '../../../users/user.entity';
import { UsersModule } from '../../../users/users.module';
import { TokensController } from './tokens.controller'; import { TokensController } from './tokens.controller';
describe('TokensController', () => { describe('TokensController', () => {
@ -29,6 +30,7 @@ describe('TokensController', () => {
}), }),
LoggerModule, LoggerModule,
AuthModule, AuthModule,
UsersModule,
], ],
}) })
.overrideProvider(getRepositoryToken(User)) .overrideProvider(getRepositoryToken(User))

View file

@ -9,17 +9,25 @@ import {
Delete, Delete,
Get, Get,
HttpCode, HttpCode,
NotFoundException,
Param, Param,
Post, Post,
UnauthorizedException,
UseGuards,
} from '@nestjs/common'; } from '@nestjs/common';
import { ApiTags } from '@nestjs/swagger'; import { ApiTags } from '@nestjs/swagger';
import { AuthTokenWithSecretDto } from '../../../auth/auth-token-with-secret.dto'; import { AuthTokenWithSecretDto } from '../../../auth/auth-token-with-secret.dto';
import { AuthTokenDto } from '../../../auth/auth-token.dto'; import { AuthTokenDto } from '../../../auth/auth-token.dto';
import { AuthService } from '../../../auth/auth.service'; import { AuthService } from '../../../auth/auth.service';
import { NotInDBError } from '../../../errors/errors';
import { SessionGuard } from '../../../identity/session.guard';
import { ConsoleLoggerService } from '../../../logger/console-logger.service'; import { ConsoleLoggerService } from '../../../logger/console-logger.service';
import { User } from '../../../users/user.entity';
import { TimestampMillis } from '../../../utils/timestamp'; import { TimestampMillis } from '../../../utils/timestamp';
import { RequestUser } from '../../utils/request-user.decorator';
@UseGuards(SessionGuard)
@ApiTags('tokens') @ApiTags('tokens')
@Controller('tokens') @Controller('tokens')
export class TokensController { export class TokensController {
@ -31,9 +39,8 @@ export class TokensController {
} }
@Get() @Get()
async getUserTokens(): Promise<AuthTokenDto[]> { async getUserTokens(@RequestUser() user: User): Promise<AuthTokenDto[]> {
// ToDo: Get real userName return (await this.authService.getTokensByUsername(user.userName)).map(
return (await this.authService.getTokensByUsername('hardcoded')).map(
(token) => this.authService.toAuthTokenDto(token), (token) => this.authService.toAuthTokenDto(token),
); );
} }
@ -42,10 +49,10 @@ export class TokensController {
async postTokenRequest( async postTokenRequest(
@Body('label') label: string, @Body('label') label: string,
@Body('validUntil') validUntil: TimestampMillis, @Body('validUntil') validUntil: TimestampMillis,
@RequestUser() user: User,
): Promise<AuthTokenWithSecretDto> { ): Promise<AuthTokenWithSecretDto> {
// ToDo: Get real userName
return await this.authService.createTokenForUser( return await this.authService.createTokenForUser(
'hardcoded', user.userName,
label, label,
validUntil, validUntil,
); );
@ -53,7 +60,24 @@ export class TokensController {
@Delete('/:keyId') @Delete('/:keyId')
@HttpCode(204) @HttpCode(204)
async deleteToken(@Param('keyId') keyId: string): Promise<void> { async deleteToken(
return await this.authService.removeToken(keyId); @RequestUser() user: User,
@Param('keyId') keyId: string,
): Promise<void> {
const tokens = await this.authService.getTokensByUsername(user.userName);
try {
for (const token of tokens) {
if (token.keyId == keyId) {
return await this.authService.removeToken(keyId);
}
}
} catch (e) {
if (e instanceof NotInDBError) {
throw new NotFoundException(e.message);
}
}
throw new UnauthorizedException(
'User is not authorized to delete this token',
);
} }
} }

View file

@ -11,12 +11,14 @@ import request from 'supertest';
import { PrivateApiModule } from '../../src/api/private/private-api.module'; import { PrivateApiModule } from '../../src/api/private/private-api.module';
import { AuthModule } from '../../src/auth/auth.module'; import { AuthModule } from '../../src/auth/auth.module';
import { AuthConfig } from '../../src/config/auth.config';
import appConfigMock from '../../src/config/mock/app.config.mock'; import appConfigMock from '../../src/config/mock/app.config.mock';
import authConfigMock from '../../src/config/mock/auth.config.mock'; import authConfigMock from '../../src/config/mock/auth.config.mock';
import customizationConfigMock from '../../src/config/mock/customization.config.mock'; import customizationConfigMock from '../../src/config/mock/customization.config.mock';
import externalConfigMock from '../../src/config/mock/external-services.config.mock'; import externalConfigMock from '../../src/config/mock/external-services.config.mock';
import mediaConfigMock from '../../src/config/mock/media.config.mock'; import mediaConfigMock from '../../src/config/mock/media.config.mock';
import { GroupsModule } from '../../src/groups/groups.module'; import { GroupsModule } from '../../src/groups/groups.module';
import { IdentityService } from '../../src/identity/identity.service';
import { LoggerModule } from '../../src/logger/logger.module'; import { LoggerModule } from '../../src/logger/logger.module';
import { AliasCreateDto } from '../../src/notes/alias-create.dto'; import { AliasCreateDto } from '../../src/notes/alias-create.dto';
import { AliasUpdateDto } from '../../src/notes/alias-update.dto'; import { AliasUpdateDto } from '../../src/notes/alias-update.dto';
@ -27,14 +29,17 @@ import { PermissionsModule } from '../../src/permissions/permissions.module';
import { User } from '../../src/users/user.entity'; import { User } from '../../src/users/user.entity';
import { UsersModule } from '../../src/users/users.module'; import { UsersModule } from '../../src/users/users.module';
import { UsersService } from '../../src/users/users.service'; import { UsersService } from '../../src/users/users.service';
import { setupSessionMiddleware } from '../../src/utils/session';
describe('Alias', () => { describe('Alias', () => {
let app: INestApplication; let app: INestApplication;
let aliasService: AliasService; let aliasService: AliasService;
let notesService: NotesService; let notesService: NotesService;
let identityService: IdentityService;
let user: User; let user: User;
let content: string; let content: string;
let forbiddenNoteId: string; let forbiddenNoteId: string;
let agent: request.SuperAgentTest;
beforeAll(async () => { beforeAll(async () => {
const moduleRef = await Test.createTestingModule({ const moduleRef = await Test.createTestingModule({
@ -69,12 +74,21 @@ describe('Alias', () => {
const config = moduleRef.get<ConfigService>(ConfigService); const config = moduleRef.get<ConfigService>(ConfigService);
forbiddenNoteId = config.get('appConfig').forbiddenNoteIds[0]; forbiddenNoteId = config.get('appConfig').forbiddenNoteIds[0];
app = moduleRef.createNestApplication(); app = moduleRef.createNestApplication();
const authConfig = config.get('authConfig') as AuthConfig;
setupSessionMiddleware(app, authConfig);
await app.init(); await app.init();
aliasService = moduleRef.get(AliasService); aliasService = moduleRef.get(AliasService);
notesService = moduleRef.get(NotesService); notesService = moduleRef.get(NotesService);
identityService = moduleRef.get(IdentityService);
const userService = moduleRef.get(UsersService); const userService = moduleRef.get(UsersService);
user = await userService.createUser('hardcoded', 'Testy'); user = await userService.createUser('hardcoded', 'Testy');
await identityService.createLocalIdentity(user, 'test');
content = 'This is a test note.'; content = 'This is a test note.';
agent = request.agent(app.getHttpServer());
await agent
.post('/auth/local/login')
.send({ username: 'hardcoded', password: 'test' })
.expect(201);
}); });
describe('POST /alias', () => { describe('POST /alias', () => {
@ -92,7 +106,7 @@ describe('Alias', () => {
it('create with normal alias', async () => { it('create with normal alias', async () => {
const newAlias = 'normalAlias'; const newAlias = 'normalAlias';
newAliasDto.newAlias = newAlias; newAliasDto.newAlias = newAlias;
const metadata = await request(app.getHttpServer()) const metadata = await agent
.post(`/alias`) .post(`/alias`)
.set('Content-Type', 'application/json') .set('Content-Type', 'application/json')
.send(newAliasDto) .send(newAliasDto)
@ -100,9 +114,7 @@ describe('Alias', () => {
expect(metadata.body.name).toEqual(newAlias); expect(metadata.body.name).toEqual(newAlias);
expect(metadata.body.primaryAlias).toBeFalsy(); expect(metadata.body.primaryAlias).toBeFalsy();
expect(metadata.body.noteId).toEqual(publicId); expect(metadata.body.noteId).toEqual(publicId);
const note = await request(app.getHttpServer()) const note = await agent.get(`/notes/${newAlias}`).expect(200);
.get(`/notes/${newAlias}`)
.expect(200);
expect(note.body.metadata.aliases).toContain(newAlias); expect(note.body.metadata.aliases).toContain(newAlias);
expect(note.body.metadata.primaryAlias).toBeTruthy(); expect(note.body.metadata.primaryAlias).toBeTruthy();
expect(note.body.metadata.id).toEqual(publicId); expect(note.body.metadata.id).toEqual(publicId);
@ -111,7 +123,7 @@ describe('Alias', () => {
describe('does not create an alias', () => { describe('does not create an alias', () => {
it('because of a forbidden alias', async () => { it('because of a forbidden alias', async () => {
newAliasDto.newAlias = forbiddenNoteId; newAliasDto.newAlias = forbiddenNoteId;
await request(app.getHttpServer()) await agent
.post(`/alias`) .post(`/alias`)
.set('Content-Type', 'application/json') .set('Content-Type', 'application/json')
.send(newAliasDto) .send(newAliasDto)
@ -119,7 +131,7 @@ describe('Alias', () => {
}); });
it('because of a alias that is a public id', async () => { it('because of a alias that is a public id', async () => {
newAliasDto.newAlias = publicId; newAliasDto.newAlias = publicId;
await request(app.getHttpServer()) await agent
.post(`/alias`) .post(`/alias`)
.set('Content-Type', 'application/json') .set('Content-Type', 'application/json')
.send(newAliasDto) .send(newAliasDto)
@ -142,7 +154,7 @@ describe('Alias', () => {
}); });
it('updates a note with a normal alias', async () => { it('updates a note with a normal alias', async () => {
const metadata = await request(app.getHttpServer()) const metadata = await agent
.put(`/alias/${newAlias}`) .put(`/alias/${newAlias}`)
.set('Content-Type', 'application/json') .set('Content-Type', 'application/json')
.send(changeAliasDto) .send(changeAliasDto)
@ -150,9 +162,7 @@ describe('Alias', () => {
expect(metadata.body.name).toEqual(newAlias); expect(metadata.body.name).toEqual(newAlias);
expect(metadata.body.primaryAlias).toBeTruthy(); expect(metadata.body.primaryAlias).toBeTruthy();
expect(metadata.body.noteId).toEqual(publicId); expect(metadata.body.noteId).toEqual(publicId);
const note = await request(app.getHttpServer()) const note = await agent.get(`/notes/${newAlias}`).expect(200);
.get(`/notes/${newAlias}`)
.expect(200);
expect(note.body.metadata.aliases).toContain(newAlias); expect(note.body.metadata.aliases).toContain(newAlias);
expect(note.body.metadata.primaryAlias).toBeTruthy(); expect(note.body.metadata.primaryAlias).toBeTruthy();
expect(note.body.metadata.id).toEqual(publicId); expect(note.body.metadata.id).toEqual(publicId);
@ -160,7 +170,7 @@ describe('Alias', () => {
describe('does not update', () => { describe('does not update', () => {
it('a note with unknown alias', async () => { it('a note with unknown alias', async () => {
await request(app.getHttpServer()) await agent
.put(`/alias/i_dont_exist`) .put(`/alias/i_dont_exist`)
.set('Content-Type', 'application/json') .set('Content-Type', 'application/json')
.send(changeAliasDto) .send(changeAliasDto)
@ -168,7 +178,7 @@ describe('Alias', () => {
}); });
it('if the property primaryAlias is false', async () => { it('if the property primaryAlias is false', async () => {
changeAliasDto.primaryAlias = false; changeAliasDto.primaryAlias = false;
await request(app.getHttpServer()) await agent
.put(`/alias/${newAlias}`) .put(`/alias/${newAlias}`)
.set('Content-Type', 'application/json') .set('Content-Type', 'application/json')
.send(changeAliasDto) .send(changeAliasDto)
@ -186,34 +196,24 @@ describe('Alias', () => {
}); });
it('deletes a normal alias', async () => { it('deletes a normal alias', async () => {
await request(app.getHttpServer()) await agent.delete(`/alias/${newAlias}`).expect(204);
.delete(`/alias/${newAlias}`) await agent.get(`/notes/${newAlias}`).expect(404);
.expect(204);
await request(app.getHttpServer()).get(`/notes/${newAlias}`).expect(404);
}); });
it('does not delete an unknown alias', async () => { it('does not delete an unknown alias', async () => {
await request(app.getHttpServer()) await agent.delete(`/alias/i_dont_exist`).expect(404);
.delete(`/alias/i_dont_exist`)
.expect(404);
}); });
it('does not delete an primary alias (if it is not the only one)', async () => { it('does not delete an primary alias (if it is not the only one)', async () => {
const note = await notesService.getNoteByIdOrAlias(testAlias); const note = await notesService.getNoteByIdOrAlias(testAlias);
await aliasService.addAlias(note, newAlias); await aliasService.addAlias(note, newAlias);
await request(app.getHttpServer()) await agent.delete(`/alias/${testAlias}`).expect(400);
.delete(`/alias/${testAlias}`) await agent.get(`/notes/${newAlias}`).expect(200);
.expect(400);
await request(app.getHttpServer()).get(`/notes/${newAlias}`).expect(200);
}); });
it('deletes a primary alias (if it is the only one)', async () => { it('deletes a primary alias (if it is the only one)', async () => {
await request(app.getHttpServer()) await agent.delete(`/alias/${newAlias}`).expect(204);
.delete(`/alias/${newAlias}`) await agent.delete(`/alias/${testAlias}`).expect(204);
.expect(204);
await request(app.getHttpServer())
.delete(`/alias/${testAlias}`)
.expect(204);
}); });
}); });
}); });

View file

@ -11,6 +11,7 @@ import request from 'supertest';
import { PrivateApiModule } from '../../src/api/private/private-api.module'; import { PrivateApiModule } from '../../src/api/private/private-api.module';
import { AuthModule } from '../../src/auth/auth.module'; import { AuthModule } from '../../src/auth/auth.module';
import { AuthConfig } from '../../src/config/auth.config';
import appConfigMock from '../../src/config/mock/app.config.mock'; import appConfigMock from '../../src/config/mock/app.config.mock';
import authConfigMock from '../../src/config/mock/auth.config.mock'; import authConfigMock from '../../src/config/mock/auth.config.mock';
import customizationConfigMock from '../../src/config/mock/customization.config.mock'; import customizationConfigMock from '../../src/config/mock/customization.config.mock';
@ -20,6 +21,7 @@ import { GroupsModule } from '../../src/groups/groups.module';
import { HistoryEntryImportDto } from '../../src/history/history-entry-import.dto'; import { HistoryEntryImportDto } from '../../src/history/history-entry-import.dto';
import { HistoryEntry } from '../../src/history/history-entry.entity'; import { HistoryEntry } from '../../src/history/history-entry.entity';
import { HistoryService } from '../../src/history/history.service'; import { HistoryService } from '../../src/history/history.service';
import { IdentityService } from '../../src/identity/identity.service';
import { LoggerModule } from '../../src/logger/logger.module'; import { LoggerModule } from '../../src/logger/logger.module';
import { Note } from '../../src/notes/note.entity'; import { Note } from '../../src/notes/note.entity';
import { NotesModule } from '../../src/notes/notes.module'; import { NotesModule } from '../../src/notes/notes.module';
@ -28,15 +30,18 @@ import { PermissionsModule } from '../../src/permissions/permissions.module';
import { User } from '../../src/users/user.entity'; import { User } from '../../src/users/user.entity';
import { UsersModule } from '../../src/users/users.module'; import { UsersModule } from '../../src/users/users.module';
import { UsersService } from '../../src/users/users.service'; import { UsersService } from '../../src/users/users.service';
import { setupSessionMiddleware } from '../../src/utils/session';
describe('History', () => { describe('History', () => {
let app: INestApplication; let app: INestApplication;
let historyService: HistoryService; let historyService: HistoryService;
let identityService: IdentityService;
let user: User; let user: User;
let note: Note; let note: Note;
let note2: Note; let note2: Note;
let forbiddenNoteId: string; let forbiddenNoteId: string;
let content: string; let content: string;
let agent: request.SuperAgentTest;
beforeAll(async () => { beforeAll(async () => {
const moduleRef = await Test.createTestingModule({ const moduleRef = await Test.createTestingModule({
@ -71,25 +76,34 @@ describe('History', () => {
const config = moduleRef.get<ConfigService>(ConfigService); const config = moduleRef.get<ConfigService>(ConfigService);
forbiddenNoteId = config.get('appConfig').forbiddenNoteIds[0]; forbiddenNoteId = config.get('appConfig').forbiddenNoteIds[0];
app = moduleRef.createNestApplication(); app = moduleRef.createNestApplication();
const authConfig = config.get('authConfig') as AuthConfig;
setupSessionMiddleware(app, authConfig);
await app.init(); await app.init();
content = 'This is a test note.'; content = 'This is a test note.';
historyService = moduleRef.get(HistoryService); historyService = moduleRef.get(HistoryService);
const userService = moduleRef.get(UsersService); const userService = moduleRef.get(UsersService);
identityService = moduleRef.get(IdentityService);
user = await userService.createUser('hardcoded', 'Testy'); user = await userService.createUser('hardcoded', 'Testy');
await identityService.createLocalIdentity(user, 'test');
const notesService = moduleRef.get(NotesService); const notesService = moduleRef.get(NotesService);
note = await notesService.createNote(content, 'note', user); note = await notesService.createNote(content, 'note', user);
note2 = await notesService.createNote(content, 'note2', user); note2 = await notesService.createNote(content, 'note2', user);
agent = request.agent(app.getHttpServer());
await agent
.post('/auth/local/login')
.send({ username: 'hardcoded', password: 'test' })
.expect(201);
}); });
it('GET /me/history', async () => { it('GET /me/history', async () => {
const emptyResponse = await request(app.getHttpServer()) const emptyResponse = await agent
.get('/me/history') .get('/me/history')
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
.expect(200); .expect(200);
expect(emptyResponse.body.length).toEqual(0); expect(emptyResponse.body.length).toEqual(0);
const entry = await historyService.updateHistoryEntryTimestamp(note, user); const entry = await historyService.updateHistoryEntryTimestamp(note, user);
const entryDto = historyService.toHistoryEntryDto(entry); const entryDto = historyService.toHistoryEntryDto(entry);
const response = await request(app.getHttpServer()) const response = await agent
.get('/me/history') .get('/me/history')
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
.expect(200); .expect(200);
@ -114,7 +128,7 @@ describe('History', () => {
)[0].name; )[0].name;
postEntryDto.pinStatus = pinStatus; postEntryDto.pinStatus = pinStatus;
postEntryDto.lastVisited = lastVisited; postEntryDto.lastVisited = lastVisited;
await request(app.getHttpServer()) await agent
.post('/me/history') .post('/me/history')
.set('Content-Type', 'application/json') .set('Content-Type', 'application/json')
.send(JSON.stringify({ history: [postEntryDto] })) .send(JSON.stringify({ history: [postEntryDto] }))
@ -149,7 +163,7 @@ describe('History', () => {
brokenEntryDto.note = forbiddenNoteId; brokenEntryDto.note = forbiddenNoteId;
brokenEntryDto.pinStatus = pinStatus; brokenEntryDto.pinStatus = pinStatus;
brokenEntryDto.lastVisited = lastVisited; brokenEntryDto.lastVisited = lastVisited;
await request(app.getHttpServer()) await agent
.post('/me/history') .post('/me/history')
.set('Content-Type', 'application/json') .set('Content-Type', 'application/json')
.send(JSON.stringify({ history: [brokenEntryDto] })) .send(JSON.stringify({ history: [brokenEntryDto] }))
@ -160,7 +174,7 @@ describe('History', () => {
brokenEntryDto.note = 'i_dont_exist'; brokenEntryDto.note = 'i_dont_exist';
brokenEntryDto.pinStatus = pinStatus; brokenEntryDto.pinStatus = pinStatus;
brokenEntryDto.lastVisited = lastVisited; brokenEntryDto.lastVisited = lastVisited;
await request(app.getHttpServer()) await agent
.post('/me/history') .post('/me/history')
.set('Content-Type', 'application/json') .set('Content-Type', 'application/json')
.send(JSON.stringify({ history: [brokenEntryDto] })) .send(JSON.stringify({ history: [brokenEntryDto] }))
@ -181,7 +195,7 @@ describe('History', () => {
it('DELETE /me/history', async () => { it('DELETE /me/history', async () => {
expect((await historyService.getEntriesByUser(user)).length).toEqual(1); expect((await historyService.getEntriesByUser(user)).length).toEqual(1);
await request(app.getHttpServer()).delete('/me/history').expect(200); await agent.delete('/me/history').expect(200);
expect((await historyService.getEntriesByUser(user)).length).toEqual(0); expect((await historyService.getEntriesByUser(user)).length).toEqual(0);
}); });
@ -189,7 +203,7 @@ describe('History', () => {
const entry = await historyService.updateHistoryEntryTimestamp(note2, user); const entry = await historyService.updateHistoryEntryTimestamp(note2, user);
expect(entry.pinStatus).toBeFalsy(); expect(entry.pinStatus).toBeFalsy();
const alias = entry.note.aliases.filter((alias) => alias.primary)[0].name; const alias = entry.note.aliases.filter((alias) => alias.primary)[0].name;
await request(app.getHttpServer()) await agent
.put(`/me/history/${alias || 'undefined'}`) .put(`/me/history/${alias || 'undefined'}`)
.send({ pinStatus: true }) .send({ pinStatus: true })
.expect(200); .expect(200);
@ -204,9 +218,7 @@ describe('History', () => {
const alias = entry.note.aliases.filter((alias) => alias.primary)[0].name; const alias = entry.note.aliases.filter((alias) => alias.primary)[0].name;
const entry2 = await historyService.updateHistoryEntryTimestamp(note, user); const entry2 = await historyService.updateHistoryEntryTimestamp(note, user);
const entryDto = historyService.toHistoryEntryDto(entry2); const entryDto = historyService.toHistoryEntryDto(entry2);
await request(app.getHttpServer()) await agent.delete(`/me/history/${alias || 'undefined'}`).expect(200);
.delete(`/me/history/${alias || 'undefined'}`)
.expect(200);
const userEntries = await historyService.getEntriesByUser(user); const userEntries = await historyService.getEntriesByUser(user);
expect(userEntries.length).toEqual(1); expect(userEntries.length).toEqual(1);
const userEntryDto = historyService.toHistoryEntryDto(userEntries[0]); const userEntryDto = historyService.toHistoryEntryDto(userEntries[0]);

View file

@ -17,6 +17,7 @@ import request from 'supertest';
import { PrivateApiModule } from '../../src/api/private/private-api.module'; import { PrivateApiModule } from '../../src/api/private/private-api.module';
import { AuthModule } from '../../src/auth/auth.module'; import { AuthModule } from '../../src/auth/auth.module';
import { AuthConfig } from '../../src/config/auth.config';
import appConfigMock from '../../src/config/mock/app.config.mock'; import appConfigMock from '../../src/config/mock/app.config.mock';
import authConfigMock from '../../src/config/mock/auth.config.mock'; import authConfigMock from '../../src/config/mock/auth.config.mock';
import customizationConfigMock from '../../src/config/mock/customization.config.mock'; import customizationConfigMock from '../../src/config/mock/customization.config.mock';
@ -25,6 +26,7 @@ import mediaConfigMock from '../../src/config/mock/media.config.mock';
import { NotInDBError } from '../../src/errors/errors'; import { NotInDBError } from '../../src/errors/errors';
import { GroupsModule } from '../../src/groups/groups.module'; import { GroupsModule } from '../../src/groups/groups.module';
import { HistoryModule } from '../../src/history/history.module'; import { HistoryModule } from '../../src/history/history.module';
import { IdentityService } from '../../src/identity/identity.service';
import { LoggerModule } from '../../src/logger/logger.module'; import { LoggerModule } from '../../src/logger/logger.module';
import { MediaModule } from '../../src/media/media.module'; import { MediaModule } from '../../src/media/media.module';
import { MediaService } from '../../src/media/media.service'; import { MediaService } from '../../src/media/media.service';
@ -36,17 +38,20 @@ import { UserInfoDto } from '../../src/users/user-info.dto';
import { User } from '../../src/users/user.entity'; import { User } from '../../src/users/user.entity';
import { UsersModule } from '../../src/users/users.module'; import { UsersModule } from '../../src/users/users.module';
import { UsersService } from '../../src/users/users.service'; import { UsersService } from '../../src/users/users.service';
import { setupSessionMiddleware } from '../../src/utils/session';
describe('Me', () => { describe('Me', () => {
let app: INestApplication; let app: INestApplication;
let userService: UsersService; let userService: UsersService;
let mediaService: MediaService; let mediaService: MediaService;
let identityService: IdentityService;
let uploadPath: string; let uploadPath: string;
let user: User; let user: User;
let content: string; let content: string;
let note1: Note; let note1: Note;
let alias2: string; let alias2: string;
let note2: Note; let note2: Note;
let agent: request.SuperAgentTest;
beforeAll(async () => { beforeAll(async () => {
const moduleRef = await Test.createTestingModule({ const moduleRef = await Test.createTestingModule({
@ -82,21 +87,31 @@ describe('Me', () => {
const config = moduleRef.get<ConfigService>(ConfigService); const config = moduleRef.get<ConfigService>(ConfigService);
uploadPath = config.get('mediaConfig').backend.filesystem.uploadPath; uploadPath = config.get('mediaConfig').backend.filesystem.uploadPath;
app = moduleRef.createNestApplication(); app = moduleRef.createNestApplication();
const authConfig = config.get('authConfig') as AuthConfig;
setupSessionMiddleware(app, authConfig);
await app.init(); await app.init();
//historyService = moduleRef.get(); //historyService = moduleRef.get();
userService = moduleRef.get(UsersService); userService = moduleRef.get(UsersService);
mediaService = moduleRef.get(MediaService); mediaService = moduleRef.get(MediaService);
identityService = moduleRef.get(IdentityService);
user = await userService.createUser('hardcoded', 'Testy'); user = await userService.createUser('hardcoded', 'Testy');
await identityService.createLocalIdentity(user, 'test');
const notesService = moduleRef.get(NotesService); const notesService = moduleRef.get(NotesService);
content = 'This is a test note.'; content = 'This is a test note.';
alias2 = 'note2'; alias2 = 'note2';
note1 = await notesService.createNote(content, undefined, user); note1 = await notesService.createNote(content, undefined, user);
note2 = await notesService.createNote(content, alias2, user); note2 = await notesService.createNote(content, alias2, user);
agent = request.agent(app.getHttpServer());
await agent
.post('/auth/local/login')
.send({ username: 'hardcoded', password: 'test' })
.expect(201);
}); });
it('GET /me', async () => { it('GET /me', async () => {
const userInfo = userService.toUserDto(user); const userInfo = userService.toUserDto(user);
const response = await request(app.getHttpServer()) const response = await agent
.get('/me') .get('/me')
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
.expect(200); .expect(200);
@ -105,8 +120,7 @@ describe('Me', () => {
}); });
it('GET /me/media', async () => { it('GET /me/media', async () => {
const httpServer = app.getHttpServer(); const responseBefore = await agent
const responseBefore = await request(httpServer)
.get('/me/media/') .get('/me/media/')
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
.expect(200); .expect(200);
@ -118,7 +132,7 @@ describe('Me', () => {
const url2 = await mediaService.saveFile(testImage, user, note2); const url2 = await mediaService.saveFile(testImage, user, note2);
const url3 = await mediaService.saveFile(testImage, user, note2); const url3 = await mediaService.saveFile(testImage, user, note2);
const response = await request(httpServer) const response = await agent
.get('/me/media/') .get('/me/media/')
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
.expect(200); .expect(200);
@ -137,7 +151,7 @@ describe('Me', () => {
it('POST /me/profile', async () => { it('POST /me/profile', async () => {
const newDisplayName = 'Another name'; const newDisplayName = 'Another name';
expect(user.displayName).not.toEqual(newDisplayName); expect(user.displayName).not.toEqual(newDisplayName);
await request(app.getHttpServer()) await agent
.post('/me/profile') .post('/me/profile')
.send({ .send({
name: newDisplayName, name: newDisplayName,
@ -155,7 +169,7 @@ describe('Me', () => {
const mediaUploads = await mediaService.listUploadsByUser(dbUser); const mediaUploads = await mediaService.listUploadsByUser(dbUser);
expect(mediaUploads).toHaveLength(1); expect(mediaUploads).toHaveLength(1);
expect(mediaUploads[0].fileUrl).toEqual(url0); expect(mediaUploads[0].fileUrl).toEqual(url0);
await request(app.getHttpServer()).delete('/me').expect(204); await agent.delete('/me').expect(204);
await expect(userService.getUserByUsername('hardcoded')).rejects.toThrow( await expect(userService.getUserByUsername('hardcoded')).rejects.toThrow(
NotInDBError, NotInDBError,
); );

View file

@ -13,12 +13,14 @@ import request from 'supertest';
import { PrivateApiModule } from '../../src/api/private/private-api.module'; import { PrivateApiModule } from '../../src/api/private/private-api.module';
import { AuthModule } from '../../src/auth/auth.module'; import { AuthModule } from '../../src/auth/auth.module';
import { AuthConfig } from '../../src/config/auth.config';
import appConfigMock from '../../src/config/mock/app.config.mock'; import appConfigMock from '../../src/config/mock/app.config.mock';
import authConfigMock from '../../src/config/mock/auth.config.mock'; import authConfigMock from '../../src/config/mock/auth.config.mock';
import customizationConfigMock from '../../src/config/mock/customization.config.mock'; import customizationConfigMock from '../../src/config/mock/customization.config.mock';
import externalConfigMock from '../../src/config/mock/external-services.config.mock'; import externalConfigMock from '../../src/config/mock/external-services.config.mock';
import mediaConfigMock from '../../src/config/mock/media.config.mock'; import mediaConfigMock from '../../src/config/mock/media.config.mock';
import { GroupsModule } from '../../src/groups/groups.module'; import { GroupsModule } from '../../src/groups/groups.module';
import { IdentityService } from '../../src/identity/identity.service';
import { ConsoleLoggerService } from '../../src/logger/console-logger.service'; import { ConsoleLoggerService } from '../../src/logger/console-logger.service';
import { LoggerModule } from '../../src/logger/logger.module'; import { LoggerModule } from '../../src/logger/logger.module';
import { MediaModule } from '../../src/media/media.module'; import { MediaModule } from '../../src/media/media.module';
@ -26,11 +28,14 @@ import { NotesModule } from '../../src/notes/notes.module';
import { NotesService } from '../../src/notes/notes.service'; import { NotesService } from '../../src/notes/notes.service';
import { PermissionsModule } from '../../src/permissions/permissions.module'; import { PermissionsModule } from '../../src/permissions/permissions.module';
import { UsersService } from '../../src/users/users.service'; import { UsersService } from '../../src/users/users.service';
import { setupSessionMiddleware } from '../../src/utils/session';
import { ensureDeleted } from '../utils'; import { ensureDeleted } from '../utils';
describe('Media', () => { describe('Media', () => {
let identityService: IdentityService;
let app: NestExpressApplication; let app: NestExpressApplication;
let uploadPath: string; let uploadPath: string;
let agent: request.SuperAgentTest;
beforeAll(async () => { beforeAll(async () => {
const moduleRef = await Test.createTestingModule({ const moduleRef = await Test.createTestingModule({
@ -67,19 +72,28 @@ describe('Media', () => {
app.useStaticAssets(uploadPath, { app.useStaticAssets(uploadPath, {
prefix: '/uploads', prefix: '/uploads',
}); });
const authConfig = config.get('authConfig') as AuthConfig;
setupSessionMiddleware(app, authConfig);
await app.init(); await app.init();
const logger = await app.resolve(ConsoleLoggerService); const logger = await app.resolve(ConsoleLoggerService);
logger.log('Switching logger', 'AppBootstrap'); logger.log('Switching logger', 'AppBootstrap');
app.useLogger(logger); app.useLogger(logger);
identityService = moduleRef.get(IdentityService);
const notesService: NotesService = moduleRef.get(NotesService); const notesService: NotesService = moduleRef.get(NotesService);
await notesService.createNote('test content', 'test_upload_media'); await notesService.createNote('test content', 'test_upload_media');
const userService: UsersService = moduleRef.get(UsersService); const userService: UsersService = moduleRef.get(UsersService);
await userService.createUser('hardcoded', 'Testy'); const user = await userService.createUser('hardcoded', 'Testy');
await identityService.createLocalIdentity(user, 'test');
agent = request.agent(app.getHttpServer());
await agent
.post('/auth/local/login')
.send({ username: 'hardcoded', password: 'test' })
.expect(201);
}); });
describe('POST /media', () => { describe('POST /media', () => {
it('works', async () => { it('works', async () => {
const uploadResponse = await request(app.getHttpServer()) const uploadResponse = await agent
.post('/media') .post('/media')
.attach('file', 'test/private-api/fixtures/test.png') .attach('file', 'test/private-api/fixtures/test.png')
.set('HedgeDoc-Note', 'test_upload_media') .set('HedgeDoc-Note', 'test_upload_media')
@ -87,7 +101,7 @@ describe('Media', () => {
.expect(201); .expect(201);
const path: string = uploadResponse.body.link; const path: string = uploadResponse.body.link;
const testImage = await fs.readFile('test/private-api/fixtures/test.png'); const testImage = await fs.readFile('test/private-api/fixtures/test.png');
const downloadResponse = await request(app.getHttpServer()).get(path); const downloadResponse = await agent.get(path);
expect(downloadResponse.body).toEqual(testImage); expect(downloadResponse.body).toEqual(testImage);
// Remove /uploads/ from path as we just need the filename. // Remove /uploads/ from path as we just need the filename.
const fileName = path.replace('/uploads/', ''); const fileName = path.replace('/uploads/', '');
@ -99,7 +113,7 @@ describe('Media', () => {
await ensureDeleted(uploadPath); await ensureDeleted(uploadPath);
}); });
it('MIME type not supported', async () => { it('MIME type not supported', async () => {
await request(app.getHttpServer()) await agent
.post('/media') .post('/media')
.attach('file', 'test/private-api/fixtures/test.zip') .attach('file', 'test/private-api/fixtures/test.zip')
.set('HedgeDoc-Note', 'test_upload_media') .set('HedgeDoc-Note', 'test_upload_media')
@ -107,7 +121,7 @@ describe('Media', () => {
await expect(fs.access(uploadPath)).rejects.toBeDefined(); await expect(fs.access(uploadPath)).rejects.toBeDefined();
}); });
it('note does not exist', async () => { it('note does not exist', async () => {
await request(app.getHttpServer()) await agent
.post('/media') .post('/media')
.attach('file', 'test/private-api/fixtures/test.zip') .attach('file', 'test/private-api/fixtures/test.zip')
.set('HedgeDoc-Note', 'i_dont_exist') .set('HedgeDoc-Note', 'i_dont_exist')
@ -118,7 +132,7 @@ describe('Media', () => {
await fs.mkdir(uploadPath, { await fs.mkdir(uploadPath, {
mode: '444', mode: '444',
}); });
await request(app.getHttpServer()) await agent
.post('/media') .post('/media')
.attach('file', 'test/private-api/fixtures/test.png') .attach('file', 'test/private-api/fixtures/test.png')
.set('HedgeDoc-Note', 'test_upload_media') .set('HedgeDoc-Note', 'test_upload_media')

View file

@ -13,6 +13,7 @@ import request from 'supertest';
import { PrivateApiModule } from '../../src/api/private/private-api.module'; import { PrivateApiModule } from '../../src/api/private/private-api.module';
import { AuthModule } from '../../src/auth/auth.module'; import { AuthModule } from '../../src/auth/auth.module';
import { AuthConfig } from '../../src/config/auth.config';
import appConfigMock from '../../src/config/mock/app.config.mock'; import appConfigMock from '../../src/config/mock/app.config.mock';
import authConfigMock from '../../src/config/mock/auth.config.mock'; import authConfigMock from '../../src/config/mock/auth.config.mock';
import customizationConfigMock from '../../src/config/mock/customization.config.mock'; import customizationConfigMock from '../../src/config/mock/customization.config.mock';
@ -20,6 +21,7 @@ import externalConfigMock from '../../src/config/mock/external-services.config.m
import mediaConfigMock from '../../src/config/mock/media.config.mock'; import mediaConfigMock from '../../src/config/mock/media.config.mock';
import { NotInDBError } from '../../src/errors/errors'; import { NotInDBError } from '../../src/errors/errors';
import { GroupsModule } from '../../src/groups/groups.module'; import { GroupsModule } from '../../src/groups/groups.module';
import { IdentityService } from '../../src/identity/identity.service';
import { LoggerModule } from '../../src/logger/logger.module'; import { LoggerModule } from '../../src/logger/logger.module';
import { MediaService } from '../../src/media/media.service'; import { MediaService } from '../../src/media/media.service';
import { NotesModule } from '../../src/notes/notes.module'; import { NotesModule } from '../../src/notes/notes.module';
@ -28,17 +30,20 @@ import { PermissionsModule } from '../../src/permissions/permissions.module';
import { User } from '../../src/users/user.entity'; import { User } from '../../src/users/user.entity';
import { UsersModule } from '../../src/users/users.module'; import { UsersModule } from '../../src/users/users.module';
import { UsersService } from '../../src/users/users.service'; import { UsersService } from '../../src/users/users.service';
import { setupSessionMiddleware } from '../../src/utils/session';
describe('Notes', () => { describe('Notes', () => {
let app: INestApplication; let app: INestApplication;
let notesService: NotesService; let notesService: NotesService;
let mediaService: MediaService; let mediaService: MediaService;
let identityService: IdentityService;
let user: User; let user: User;
let user2: User; let user2: User;
let content: string; let content: string;
let forbiddenNoteId: string; let forbiddenNoteId: string;
let uploadPath: string; let uploadPath: string;
let testImage: Buffer; let testImage: Buffer;
let agent: request.SuperAgentTest;
beforeAll(async () => { beforeAll(async () => {
const moduleRef = await Test.createTestingModule({ const moduleRef = await Test.createTestingModule({
@ -74,18 +79,28 @@ describe('Notes', () => {
forbiddenNoteId = config.get('appConfig').forbiddenNoteIds[0]; forbiddenNoteId = config.get('appConfig').forbiddenNoteIds[0];
uploadPath = config.get('mediaConfig').backend.filesystem.uploadPath; uploadPath = config.get('mediaConfig').backend.filesystem.uploadPath;
app = moduleRef.createNestApplication(); app = moduleRef.createNestApplication();
const authConfig = config.get('authConfig') as AuthConfig;
setupSessionMiddleware(app, authConfig);
await app.init(); await app.init();
notesService = moduleRef.get(NotesService); notesService = moduleRef.get(NotesService);
mediaService = moduleRef.get(MediaService); mediaService = moduleRef.get(MediaService);
identityService = moduleRef.get(IdentityService);
const userService = moduleRef.get(UsersService); const userService = moduleRef.get(UsersService);
user = await userService.createUser('hardcoded', 'Testy'); user = await userService.createUser('hardcoded', 'Testy');
await identityService.createLocalIdentity(user, 'test');
user2 = await userService.createUser('hardcoded2', 'Max Mustermann'); user2 = await userService.createUser('hardcoded2', 'Max Mustermann');
await identityService.createLocalIdentity(user2, 'test');
content = 'This is a test note.'; content = 'This is a test note.';
testImage = await fs.readFile('test/public-api/fixtures/test.png'); testImage = await fs.readFile('test/public-api/fixtures/test.png');
agent = request.agent(app.getHttpServer());
await agent
.post('/auth/local/login')
.send({ username: 'hardcoded', password: 'test' })
.expect(201);
}); });
it('POST /notes', async () => { it('POST /notes', async () => {
const response = await request(app.getHttpServer()) const response = await agent
.post('/notes') .post('/notes')
.set('Content-Type', 'text/markdown') .set('Content-Type', 'text/markdown')
.send(content) .send(content)
@ -103,7 +118,7 @@ describe('Notes', () => {
it('works with an existing note', async () => { it('works with an existing note', async () => {
// check if we can succefully get a note that exists // check if we can succefully get a note that exists
await notesService.createNote(content, 'test1', user); await notesService.createNote(content, 'test1', user);
const response = await request(app.getHttpServer()) const response = await agent
.get('/notes/test1') .get('/notes/test1')
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
.expect(200); .expect(200);
@ -111,7 +126,7 @@ describe('Notes', () => {
}); });
it('fails with an non-existing note', async () => { it('fails with an non-existing note', async () => {
// check if a missing note correctly returns 404 // check if a missing note correctly returns 404
await request(app.getHttpServer()) await agent
.get('/notes/i_dont_exist') .get('/notes/i_dont_exist')
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
.expect(404); .expect(404);
@ -120,7 +135,7 @@ describe('Notes', () => {
describe('POST /notes/{note}', () => { describe('POST /notes/{note}', () => {
it('works with a non-existing alias', async () => { it('works with a non-existing alias', async () => {
const response = await request(app.getHttpServer()) const response = await agent
.post('/notes/test2') .post('/notes/test2')
.set('Content-Type', 'text/markdown') .set('Content-Type', 'text/markdown')
.send(content) .send(content)
@ -135,7 +150,7 @@ describe('Notes', () => {
}); });
it('fails with a forbidden alias', async () => { it('fails with a forbidden alias', async () => {
await request(app.getHttpServer()) await agent
.post(`/notes/${forbiddenNoteId}`) .post(`/notes/${forbiddenNoteId}`)
.set('Content-Type', 'text/markdown') .set('Content-Type', 'text/markdown')
.send(content) .send(content)
@ -144,7 +159,7 @@ describe('Notes', () => {
}); });
it('fails with a existing alias', async () => { it('fails with a existing alias', async () => {
await request(app.getHttpServer()) await agent
.post('/notes/test2') .post('/notes/test2')
.set('Content-Type', 'text/markdown') .set('Content-Type', 'text/markdown')
.send(content) .send(content)
@ -159,7 +174,7 @@ describe('Notes', () => {
const noteId = 'test3'; const noteId = 'test3';
const note = await notesService.createNote(content, noteId, user); const note = await notesService.createNote(content, noteId, user);
await mediaService.saveFile(testImage, user, note); await mediaService.saveFile(testImage, user, note);
await request(app.getHttpServer()) await agent
.delete(`/notes/${noteId}`) .delete(`/notes/${noteId}`)
.set('Content-Type', 'application/json') .set('Content-Type', 'application/json')
.send({ .send({
@ -176,7 +191,7 @@ describe('Notes', () => {
const noteId = 'test3a'; const noteId = 'test3a';
const note = await notesService.createNote(content, noteId, user); const note = await notesService.createNote(content, noteId, user);
const url = await mediaService.saveFile(testImage, user, note); const url = await mediaService.saveFile(testImage, user, note);
await request(app.getHttpServer()) await agent
.delete(`/notes/${noteId}`) .delete(`/notes/${noteId}`)
.set('Content-Type', 'application/json') .set('Content-Type', 'application/json')
.send({ .send({
@ -195,21 +210,17 @@ describe('Notes', () => {
}); });
}); });
it('fails with a forbidden alias', async () => { it('fails with a forbidden alias', async () => {
await request(app.getHttpServer()) await agent.delete(`/notes/${forbiddenNoteId}`).expect(400);
.delete(`/notes/${forbiddenNoteId}`)
.expect(400);
}); });
it('fails with a non-existing alias', async () => { it('fails with a non-existing alias', async () => {
await request(app.getHttpServer()) await agent.delete('/notes/i_dont_exist').expect(404);
.delete('/notes/i_dont_exist')
.expect(404);
}); });
}); });
describe('GET /notes/{note}/revisions', () => { describe('GET /notes/{note}/revisions', () => {
it('works with existing alias', async () => { it('works with existing alias', async () => {
await notesService.createNote(content, 'test4', user); await notesService.createNote(content, 'test4', user);
const response = await request(app.getHttpServer()) const response = await agent
.get('/notes/test4/revisions') .get('/notes/test4/revisions')
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
.expect(200); .expect(200);
@ -217,14 +228,12 @@ describe('Notes', () => {
}); });
it('fails with a forbidden alias', async () => { it('fails with a forbidden alias', async () => {
await request(app.getHttpServer()) await agent.get(`/notes/${forbiddenNoteId}/revisions`).expect(400);
.get(`/notes/${forbiddenNoteId}/revisions`)
.expect(400);
}); });
it('fails with non-existing alias', async () => { it('fails with non-existing alias', async () => {
// check if a missing note correctly returns 404 // check if a missing note correctly returns 404
await request(app.getHttpServer()) await agent
.get('/notes/i_dont_exist/revisions') .get('/notes/i_dont_exist/revisions')
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
.expect(404); .expect(404);
@ -236,29 +245,27 @@ describe('Notes', () => {
const noteId = 'test8'; const noteId = 'test8';
const note = await notesService.createNote(content, noteId, user); const note = await notesService.createNote(content, noteId, user);
await notesService.updateNote(note, 'update'); await notesService.updateNote(note, 'update');
const responseBeforeDeleting = await request(app.getHttpServer()) const responseBeforeDeleting = await agent
.get('/notes/test8/revisions') .get('/notes/test8/revisions')
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
.expect(200); .expect(200);
expect(responseBeforeDeleting.body).toHaveLength(2); expect(responseBeforeDeleting.body).toHaveLength(2);
await request(app.getHttpServer()) await agent
.delete(`/notes/${noteId}/revisions`) .delete(`/notes/${noteId}/revisions`)
.set('Content-Type', 'application/json') .set('Content-Type', 'application/json')
.expect(204); .expect(204);
const responseAfterDeleting = await request(app.getHttpServer()) const responseAfterDeleting = await agent
.get('/notes/test8/revisions') .get('/notes/test8/revisions')
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
.expect(200); .expect(200);
expect(responseAfterDeleting.body).toHaveLength(1); expect(responseAfterDeleting.body).toHaveLength(1);
}); });
it('fails with a forbidden alias', async () => { it('fails with a forbidden alias', async () => {
await request(app.getHttpServer()) await agent.delete(`/notes/${forbiddenNoteId}/revisions`).expect(400);
.delete(`/notes/${forbiddenNoteId}/revisions`)
.expect(400);
}); });
it('fails with non-existing alias', async () => { it('fails with non-existing alias', async () => {
// check if a missing note correctly returns 404 // check if a missing note correctly returns 404
await request(app.getHttpServer()) await agent
.delete('/notes/i_dont_exist/revisions') .delete('/notes/i_dont_exist/revisions')
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
.expect(404); .expect(404);
@ -269,20 +276,18 @@ describe('Notes', () => {
it('works with an existing alias', async () => { it('works with an existing alias', async () => {
const note = await notesService.createNote(content, 'test5', user); const note = await notesService.createNote(content, 'test5', user);
const revision = await notesService.getLatestRevision(note); const revision = await notesService.getLatestRevision(note);
const response = await request(app.getHttpServer()) const response = await agent
.get(`/notes/test5/revisions/${revision.id}`) .get(`/notes/test5/revisions/${revision.id}`)
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
.expect(200); .expect(200);
expect(response.body.content).toEqual(content); expect(response.body.content).toEqual(content);
}); });
it('fails with a forbidden alias', async () => { it('fails with a forbidden alias', async () => {
await request(app.getHttpServer()) await agent.get(`/notes/${forbiddenNoteId}/revisions/1`).expect(400);
.get(`/notes/${forbiddenNoteId}/revisions/1`)
.expect(400);
}); });
it('fails with non-existing alias', async () => { it('fails with non-existing alias', async () => {
// check if a missing note correctly returns 404 // check if a missing note correctly returns 404
await request(app.getHttpServer()) await agent
.get('/notes/i_dont_exist/revisions/1') .get('/notes/i_dont_exist/revisions/1')
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
.expect(404); .expect(404);
@ -295,8 +300,7 @@ describe('Notes', () => {
const extraAlias = 'test7'; const extraAlias = 'test7';
const note1 = await notesService.createNote(content, alias, user); const note1 = await notesService.createNote(content, alias, user);
const note2 = await notesService.createNote(content, extraAlias, user); const note2 = await notesService.createNote(content, extraAlias, user);
const httpServer = app.getHttpServer(); const response = await agent
const response = await request(httpServer)
.get(`/notes/${alias}/media/`) .get(`/notes/${alias}/media/`)
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
.expect(200); .expect(200);
@ -306,7 +310,7 @@ describe('Notes', () => {
const url0 = await mediaService.saveFile(testImage, user, note1); const url0 = await mediaService.saveFile(testImage, user, note1);
const url1 = await mediaService.saveFile(testImage, user, note2); const url1 = await mediaService.saveFile(testImage, user, note2);
const responseAfter = await request(httpServer) const responseAfter = await agent
.get(`/notes/${alias}/media/`) .get(`/notes/${alias}/media/`)
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
.expect(200); .expect(200);
@ -321,7 +325,7 @@ describe('Notes', () => {
await fs.rmdir(uploadPath, { recursive: true }); await fs.rmdir(uploadPath, { recursive: true });
}); });
it('fails, when note does not exist', async () => { it('fails, when note does not exist', async () => {
await request(app.getHttpServer()) await agent
.get(`/notes/i_dont_exist/media/`) .get(`/notes/i_dont_exist/media/`)
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
.expect(404); .expect(404);
@ -329,7 +333,7 @@ describe('Notes', () => {
it("fails, when user can't read note", async () => { it("fails, when user can't read note", async () => {
const alias = 'test11'; const alias = 'test11';
await notesService.createNote('This is a test note.', alias, user2); await notesService.createNote('This is a test note.', alias, user2);
await request(app.getHttpServer()) await agent
.get(`/notes/${alias}/media/`) .get(`/notes/${alias}/media/`)
.expect('Content-Type', /json/) .expect('Content-Type', /json/)
.expect(401); .expect(401);

View file

@ -0,0 +1,130 @@
/*
* SPDX-FileCopyrightText: 2021 The HedgeDoc developers (see AUTHORS file)
*
* SPDX-License-Identifier: AGPL-3.0-only
*/
import { INestApplication } from '@nestjs/common';
import { ConfigModule, ConfigService } from '@nestjs/config';
import { Test } from '@nestjs/testing';
import { TypeOrmModule } from '@nestjs/typeorm';
import request from 'supertest';
import { PrivateApiModule } from '../../src/api/private/private-api.module';
import { AuthModule } from '../../src/auth/auth.module';
import { MockAuthGuard } from '../../src/auth/mock-auth.guard';
import { TokenAuthGuard } from '../../src/auth/token.strategy';
import { AuthConfig } from '../../src/config/auth.config';
import appConfigMock from '../../src/config/mock/app.config.mock';
import authConfigMock from '../../src/config/mock/auth.config.mock';
import customizationConfigMock from '../../src/config/mock/customization.config.mock';
import externalServicesConfigMock from '../../src/config/mock/external-services.config.mock';
import mediaConfigMock from '../../src/config/mock/media.config.mock';
import { GroupsModule } from '../../src/groups/groups.module';
import { HistoryModule } from '../../src/history/history.module';
import { IdentityService } from '../../src/identity/identity.service';
import { LoggerModule } from '../../src/logger/logger.module';
import { MediaModule } from '../../src/media/media.module';
import { NotesModule } from '../../src/notes/notes.module';
import { PermissionsModule } from '../../src/permissions/permissions.module';
import { User } from '../../src/users/user.entity';
import { UsersModule } from '../../src/users/users.module';
import { UsersService } from '../../src/users/users.service';
import { setupSessionMiddleware } from '../../src/utils/session';
describe('Tokens', () => {
let app: INestApplication;
let userService: UsersService;
let identityService: IdentityService;
let user: User;
let agent: request.SuperAgentTest;
let keyId: string;
beforeAll(async () => {
const moduleRef = await Test.createTestingModule({
imports: [
ConfigModule.forRoot({
isGlobal: true,
load: [
appConfigMock,
authConfigMock,
mediaConfigMock,
customizationConfigMock,
externalServicesConfigMock,
],
}),
PrivateApiModule,
NotesModule,
PermissionsModule,
GroupsModule,
TypeOrmModule.forRoot({
type: 'sqlite',
database: './hedgedoc-e2e-private-me.sqlite',
autoLoadEntities: true,
synchronize: true,
dropSchema: true,
}),
LoggerModule,
AuthModule,
UsersModule,
MediaModule,
HistoryModule,
],
})
.overrideGuard(TokenAuthGuard)
.useClass(MockAuthGuard)
.compile();
const config = moduleRef.get<ConfigService>(ConfigService);
identityService = moduleRef.get(IdentityService);
app = moduleRef.createNestApplication();
userService = moduleRef.get(UsersService);
user = await userService.createUser('hardcoded', 'Testy');
await identityService.createLocalIdentity(user, 'test');
const authConfig = config.get('authConfig') as AuthConfig;
setupSessionMiddleware(app, authConfig);
await app.init();
agent = request.agent(app.getHttpServer());
await agent
.post('/auth/local/login')
.send({ username: 'hardcoded', password: 'test' })
.expect(201);
});
it(`POST /tokens`, async () => {
const tokenName = 'testToken';
const response = await agent
.post('/tokens')
.send({
label: tokenName,
})
.expect('Content-Type', /json/)
.expect(201);
keyId = response.body.keyId;
expect(response.body.label).toBe(tokenName);
expect(response.body.validUntil).toBe(null);
expect(response.body.lastUsed).toBe(null);
expect(response.body.secret.length).toBe(84);
});
it(`GET /tokens`, async () => {
const tokenName = 'testToken';
const response = await agent
.get('/tokens/')
.expect('Content-Type', /json/)
.expect(200);
expect(response.body[0].label).toBe(tokenName);
expect(response.body[0].validUntil).toBe(null);
expect(response.body[0].lastUsed).toBe(null);
expect(response.body[0].secret).not.toBeDefined();
});
it(`DELETE /tokens/:keyid`, async () => {
const response = await agent.delete('/tokens/' + keyId).expect(204);
expect(response.body).toStrictEqual({});
});
it(`GET /tokens 2`, async () => {
const response = await agent
.get('/tokens/')
.expect('Content-Type', /json/)
.expect(200);
expect(response.body).toStrictEqual([]);
});
});