mirror of
https://github.com/hedgedoc/hedgedoc.git
synced 2024-11-24 18:56:32 -05:00
Merge pull request #1673 from hedgedoc/remove-hardcoded
This commit is contained in:
commit
e5750b0084
14 changed files with 354 additions and 155 deletions
|
@ -22,7 +22,7 @@ module.exports = {
|
|||
'jest/expect-expect': [
|
||||
'error',
|
||||
{
|
||||
assertFunctionNames: ['expect', 'request.**.expect'],
|
||||
assertFunctionNames: ['expect', 'request.**.expect', 'agent.**.expect'],
|
||||
},
|
||||
],
|
||||
'jest/no-standalone-expect': [
|
||||
|
|
|
@ -13,10 +13,9 @@ import {
|
|||
Param,
|
||||
Post,
|
||||
Put,
|
||||
Req,
|
||||
UnauthorizedException,
|
||||
UseGuards,
|
||||
} from '@nestjs/common';
|
||||
import { Request } from 'express';
|
||||
|
||||
import {
|
||||
AlreadyInDBError,
|
||||
|
@ -24,6 +23,7 @@ import {
|
|||
NotInDBError,
|
||||
PrimaryAliasDeletionForbiddenError,
|
||||
} from '../../../errors/errors';
|
||||
import { SessionGuard } from '../../../identity/session.guard';
|
||||
import { ConsoleLoggerService } from '../../../logger/console-logger.service';
|
||||
import { AliasCreateDto } from '../../../notes/alias-create.dto';
|
||||
import { AliasUpdateDto } from '../../../notes/alias-update.dto';
|
||||
|
@ -31,8 +31,11 @@ import { AliasDto } from '../../../notes/alias.dto';
|
|||
import { AliasService } from '../../../notes/alias.service';
|
||||
import { NotesService } from '../../../notes/notes.service';
|
||||
import { PermissionsService } from '../../../permissions/permissions.service';
|
||||
import { User } from '../../../users/user.entity';
|
||||
import { UsersService } from '../../../users/users.service';
|
||||
import { RequestUser } from '../../utils/request-user.decorator';
|
||||
|
||||
@UseGuards(SessionGuard)
|
||||
@Controller('alias')
|
||||
export class AliasController {
|
||||
constructor(
|
||||
|
@ -44,15 +47,12 @@ export class AliasController {
|
|||
) {
|
||||
this.logger.setContext(AliasController.name);
|
||||
}
|
||||
|
||||
@Post()
|
||||
async addAlias(
|
||||
@Req() req: Request,
|
||||
@RequestUser() user: User,
|
||||
@Body() newAliasDto: AliasCreateDto,
|
||||
): Promise<AliasDto> {
|
||||
try {
|
||||
// ToDo: use actual user here
|
||||
const user = await this.userService.getUserByUsername('hardcoded');
|
||||
const note = await this.noteService.getNoteByIdOrAlias(
|
||||
newAliasDto.noteIdOrAlias,
|
||||
);
|
||||
|
@ -77,7 +77,7 @@ export class AliasController {
|
|||
|
||||
@Put(':alias')
|
||||
async makeAliasPrimary(
|
||||
@Req() req: Request,
|
||||
@RequestUser() user: User,
|
||||
@Param('alias') alias: string,
|
||||
@Body() changeAliasDto: AliasUpdateDto,
|
||||
): Promise<AliasDto> {
|
||||
|
@ -87,8 +87,6 @@ export class AliasController {
|
|||
);
|
||||
}
|
||||
try {
|
||||
// ToDo: use actual user here
|
||||
const user = await this.userService.getUserByUsername('hardcoded');
|
||||
const note = await this.noteService.getNoteByIdOrAlias(alias);
|
||||
if (!this.permissionsService.isOwner(user, note)) {
|
||||
throw new UnauthorizedException('Reading note denied!');
|
||||
|
@ -112,12 +110,10 @@ export class AliasController {
|
|||
@Delete(':alias')
|
||||
@HttpCode(204)
|
||||
async removeAlias(
|
||||
@Req() req: Request,
|
||||
@RequestUser() user: User,
|
||||
@Param('alias') alias: string,
|
||||
): Promise<void> {
|
||||
try {
|
||||
// ToDo: use actual user here
|
||||
const user = await this.userService.getUserByUsername('hardcoded');
|
||||
const note = await this.noteService.getNoteByIdOrAlias(alias);
|
||||
if (!this.permissionsService.isOwner(user, note)) {
|
||||
throw new UnauthorizedException('Reading note denied!');
|
||||
|
|
|
@ -13,6 +13,7 @@ import {
|
|||
Param,
|
||||
Post,
|
||||
Put,
|
||||
UseGuards,
|
||||
} from '@nestjs/common';
|
||||
import { ApiTags } from '@nestjs/swagger';
|
||||
|
||||
|
@ -21,27 +22,27 @@ import { HistoryEntryImportDto } from '../../../../history/history-entry-import.
|
|||
import { HistoryEntryUpdateDto } from '../../../../history/history-entry-update.dto';
|
||||
import { HistoryEntryDto } from '../../../../history/history-entry.dto';
|
||||
import { HistoryService } from '../../../../history/history.service';
|
||||
import { SessionGuard } from '../../../../identity/session.guard';
|
||||
import { ConsoleLoggerService } from '../../../../logger/console-logger.service';
|
||||
import { GetNotePipe } from '../../../../notes/get-note.pipe';
|
||||
import { Note } from '../../../../notes/note.entity';
|
||||
import { UsersService } from '../../../../users/users.service';
|
||||
import { User } from '../../../../users/user.entity';
|
||||
import { RequestUser } from '../../../utils/request-user.decorator';
|
||||
|
||||
@UseGuards(SessionGuard)
|
||||
@ApiTags('history')
|
||||
@Controller('/me/history')
|
||||
export class HistoryController {
|
||||
constructor(
|
||||
private readonly logger: ConsoleLoggerService,
|
||||
private historyService: HistoryService,
|
||||
private userService: UsersService,
|
||||
) {
|
||||
this.logger.setContext(HistoryController.name);
|
||||
}
|
||||
|
||||
@Get()
|
||||
async getHistory(): Promise<HistoryEntryDto[]> {
|
||||
// ToDo: use actual user here
|
||||
async getHistory(@RequestUser() user: User): Promise<HistoryEntryDto[]> {
|
||||
try {
|
||||
const user = await this.userService.getUserByUsername('hardcoded');
|
||||
const foundEntries = await this.historyService.getEntriesByUser(user);
|
||||
return foundEntries.map((entry) =>
|
||||
this.historyService.toHistoryEntryDto(entry),
|
||||
|
@ -56,11 +57,10 @@ export class HistoryController {
|
|||
|
||||
@Post()
|
||||
async setHistory(
|
||||
@RequestUser() user: User,
|
||||
@Body('history') history: HistoryEntryImportDto[],
|
||||
): Promise<void> {
|
||||
try {
|
||||
// ToDo: use actual user here
|
||||
const user = await this.userService.getUserByUsername('hardcoded');
|
||||
await this.historyService.setHistory(user, history);
|
||||
} catch (e) {
|
||||
if (e instanceof NotInDBError || e instanceof ForbiddenIdError) {
|
||||
|
@ -71,10 +71,8 @@ export class HistoryController {
|
|||
}
|
||||
|
||||
@Delete()
|
||||
async deleteHistory(): Promise<void> {
|
||||
async deleteHistory(@RequestUser() user: User): Promise<void> {
|
||||
try {
|
||||
// ToDo: use actual user here
|
||||
const user = await this.userService.getUserByUsername('hardcoded');
|
||||
await this.historyService.deleteHistory(user);
|
||||
} catch (e) {
|
||||
if (e instanceof NotInDBError) {
|
||||
|
@ -87,11 +85,10 @@ export class HistoryController {
|
|||
@Put(':note')
|
||||
async updateHistoryEntry(
|
||||
@Param('note', GetNotePipe) note: Note,
|
||||
@RequestUser() user: User,
|
||||
@Body() entryUpdateDto: HistoryEntryUpdateDto,
|
||||
): Promise<HistoryEntryDto> {
|
||||
try {
|
||||
// ToDo: use actual user here
|
||||
const user = await this.userService.getUserByUsername('hardcoded');
|
||||
const newEntry = await this.historyService.updateHistoryEntry(
|
||||
note,
|
||||
user,
|
||||
|
@ -109,10 +106,9 @@ export class HistoryController {
|
|||
@Delete(':note')
|
||||
async deleteHistoryEntry(
|
||||
@Param('note', GetNotePipe) note: Note,
|
||||
@RequestUser() user: User,
|
||||
): Promise<void> {
|
||||
try {
|
||||
// ToDo: use actual user here
|
||||
const user = await this.userService.getUserByUsername('hardcoded');
|
||||
await this.historyService.deleteHistoryEntry(note, user);
|
||||
} catch (e) {
|
||||
if (e instanceof NotInDBError) {
|
||||
|
|
|
@ -3,14 +3,26 @@
|
|||
*
|
||||
* SPDX-License-Identifier: AGPL-3.0-only
|
||||
*/
|
||||
import { Body, Controller, Delete, Get, HttpCode, Post } from '@nestjs/common';
|
||||
import {
|
||||
Body,
|
||||
Controller,
|
||||
Delete,
|
||||
Get,
|
||||
HttpCode,
|
||||
Post,
|
||||
UseGuards,
|
||||
} from '@nestjs/common';
|
||||
|
||||
import { SessionGuard } from '../../../identity/session.guard';
|
||||
import { ConsoleLoggerService } from '../../../logger/console-logger.service';
|
||||
import { MediaUploadDto } from '../../../media/media-upload.dto';
|
||||
import { MediaService } from '../../../media/media.service';
|
||||
import { UserInfoDto } from '../../../users/user-info.dto';
|
||||
import { User } from '../../../users/user.entity';
|
||||
import { UsersService } from '../../../users/users.service';
|
||||
import { RequestUser } from '../../utils/request-user.decorator';
|
||||
|
||||
@UseGuards(SessionGuard)
|
||||
@Controller('me')
|
||||
export class MeController {
|
||||
constructor(
|
||||
|
@ -20,27 +32,20 @@ export class MeController {
|
|||
) {
|
||||
this.logger.setContext(MeController.name);
|
||||
}
|
||||
|
||||
@Get()
|
||||
async getMe(): Promise<UserInfoDto> {
|
||||
// ToDo: use actual user here
|
||||
const user = await this.userService.getUserByUsername('hardcoded');
|
||||
getMe(@RequestUser() user: User): UserInfoDto {
|
||||
return this.userService.toUserDto(user);
|
||||
}
|
||||
|
||||
@Get('media')
|
||||
async getMyMedia(): Promise<MediaUploadDto[]> {
|
||||
// ToDo: use actual user here
|
||||
const user = await this.userService.getUserByUsername('hardcoded');
|
||||
async getMyMedia(@RequestUser() user: User): Promise<MediaUploadDto[]> {
|
||||
const media = await this.mediaService.listUploadsByUser(user);
|
||||
return media.map((media) => this.mediaService.toMediaUploadDto(media));
|
||||
}
|
||||
|
||||
@Delete()
|
||||
@HttpCode(204)
|
||||
async deleteUser(): Promise<void> {
|
||||
// ToDo: use actual user here
|
||||
const user = await this.userService.getUserByUsername('hardcoded');
|
||||
async deleteUser(@RequestUser() user: User): Promise<void> {
|
||||
const mediaUploads = await this.mediaService.listUploadsByUser(user);
|
||||
for (const mediaUpload of mediaUploads) {
|
||||
await this.mediaService.deleteFile(mediaUpload);
|
||||
|
@ -52,9 +57,10 @@ export class MeController {
|
|||
|
||||
@Post('profile')
|
||||
@HttpCode(200)
|
||||
async updateDisplayName(@Body('name') newDisplayName: string): Promise<void> {
|
||||
// ToDo: use actual user here
|
||||
const user = await this.userService.getUserByUsername('hardcoded');
|
||||
async updateDisplayName(
|
||||
@RequestUser() user: User,
|
||||
@Body('name') newDisplayName: string,
|
||||
): Promise<void> {
|
||||
await this.userService.changeDisplayName(user, newDisplayName);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -11,6 +11,7 @@ import {
|
|||
InternalServerErrorException,
|
||||
Post,
|
||||
UploadedFile,
|
||||
UseGuards,
|
||||
UseInterceptors,
|
||||
} from '@nestjs/common';
|
||||
import { FileInterceptor } from '@nestjs/platform-express';
|
||||
|
@ -20,6 +21,7 @@ import {
|
|||
MediaBackendError,
|
||||
NotInDBError,
|
||||
} from '../../../errors/errors';
|
||||
import { SessionGuard } from '../../../identity/session.guard';
|
||||
import { ConsoleLoggerService } from '../../../logger/console-logger.service';
|
||||
import { MediaUploadUrlDto } from '../../../media/media-upload-url.dto';
|
||||
import { MediaService } from '../../../media/media.service';
|
||||
|
@ -28,7 +30,9 @@ import { Note } from '../../../notes/note.entity';
|
|||
import { NotesService } from '../../../notes/notes.service';
|
||||
import { User } from '../../../users/user.entity';
|
||||
import { UsersService } from '../../../users/users.service';
|
||||
import { RequestUser } from '../../utils/request-user.decorator';
|
||||
|
||||
@UseGuards(SessionGuard)
|
||||
@Controller('media')
|
||||
export class MediaController {
|
||||
constructor(
|
||||
|
@ -46,9 +50,8 @@ export class MediaController {
|
|||
async uploadMedia(
|
||||
@UploadedFile() file: MulterFile,
|
||||
@Headers('HedgeDoc-Note') noteId: string,
|
||||
@RequestUser() user: User,
|
||||
): Promise<MediaUploadUrlDto> {
|
||||
// ToDo: Get real userName
|
||||
const user: User = await this.userService.getUserByUsername('hardcoded');
|
||||
try {
|
||||
// TODO: Move getting the Note object into a decorator
|
||||
const note: Note = await this.noteService.getNoteByIdOrAlias(noteId);
|
||||
|
|
|
@ -14,6 +14,7 @@ import {
|
|||
Param,
|
||||
Post,
|
||||
UnauthorizedException,
|
||||
UseGuards,
|
||||
} from '@nestjs/common';
|
||||
|
||||
import {
|
||||
|
@ -22,6 +23,7 @@ import {
|
|||
NotInDBError,
|
||||
} from '../../../errors/errors';
|
||||
import { HistoryService } from '../../../history/history.service';
|
||||
import { SessionGuard } from '../../../identity/session.guard';
|
||||
import { ConsoleLoggerService } from '../../../logger/console-logger.service';
|
||||
import { MediaUploadDto } from '../../../media/media-upload.dto';
|
||||
import { MediaService } from '../../../media/media.service';
|
||||
|
@ -34,9 +36,12 @@ import { PermissionsService } from '../../../permissions/permissions.service';
|
|||
import { RevisionMetadataDto } from '../../../revisions/revision-metadata.dto';
|
||||
import { RevisionDto } from '../../../revisions/revision.dto';
|
||||
import { RevisionsService } from '../../../revisions/revisions.service';
|
||||
import { User } from '../../../users/user.entity';
|
||||
import { UsersService } from '../../../users/users.service';
|
||||
import { MarkdownBody } from '../../utils/markdownbody-decorator';
|
||||
import { RequestUser } from '../../utils/request-user.decorator';
|
||||
|
||||
@UseGuards(SessionGuard)
|
||||
@Controller('notes')
|
||||
export class NotesController {
|
||||
constructor(
|
||||
|
@ -53,10 +58,9 @@ export class NotesController {
|
|||
|
||||
@Get(':noteIdOrAlias')
|
||||
async getNote(
|
||||
@RequestUser() user: User,
|
||||
@Param('noteIdOrAlias', GetNotePipe) note: Note,
|
||||
): Promise<NoteDto> {
|
||||
// ToDo: use actual user here
|
||||
const user = await this.userService.getUserByUsername('hardcoded');
|
||||
if (!this.permissionsService.mayRead(user, note)) {
|
||||
throw new UnauthorizedException('Reading note denied!');
|
||||
}
|
||||
|
@ -67,10 +71,9 @@ export class NotesController {
|
|||
@Get(':noteIdOrAlias/media')
|
||||
async getNotesMedia(
|
||||
@Param('noteIdOrAlias', GetNotePipe) note: Note,
|
||||
@RequestUser() user: User,
|
||||
): Promise<MediaUploadDto[]> {
|
||||
try {
|
||||
// ToDo: use actual user here
|
||||
const user = await this.userService.getUserByUsername('hardcoded');
|
||||
if (!this.permissionsService.mayRead(user, note)) {
|
||||
throw new UnauthorizedException('Reading note denied!');
|
||||
}
|
||||
|
@ -86,10 +89,10 @@ export class NotesController {
|
|||
|
||||
@Post()
|
||||
@HttpCode(201)
|
||||
async createNote(@MarkdownBody() text: string): Promise<NoteDto> {
|
||||
// ToDo: use actual user here
|
||||
const user = await this.userService.getUserByUsername('hardcoded');
|
||||
// ToDo: provide user for createNoteDto
|
||||
async createNote(
|
||||
@RequestUser() user: User,
|
||||
@MarkdownBody() text: string,
|
||||
): Promise<NoteDto> {
|
||||
if (!this.permissionsService.mayCreate(user)) {
|
||||
throw new UnauthorizedException('Creating note denied!');
|
||||
}
|
||||
|
@ -102,11 +105,10 @@ export class NotesController {
|
|||
@Post(':noteAlias')
|
||||
@HttpCode(201)
|
||||
async createNamedNote(
|
||||
@RequestUser() user: User,
|
||||
@Param('noteAlias') noteAlias: string,
|
||||
@MarkdownBody() text: string,
|
||||
): Promise<NoteDto> {
|
||||
// ToDo: use actual user here
|
||||
const user = await this.userService.getUserByUsername('hardcoded');
|
||||
if (!this.permissionsService.mayCreate(user)) {
|
||||
throw new UnauthorizedException('Creating note denied!');
|
||||
}
|
||||
|
@ -129,12 +131,11 @@ export class NotesController {
|
|||
@Delete(':noteIdOrAlias')
|
||||
@HttpCode(204)
|
||||
async deleteNote(
|
||||
@RequestUser() user: User,
|
||||
@Param('noteIdOrAlias', GetNotePipe) note: Note,
|
||||
@Body() noteMediaDeletionDto: NoteMediaDeletionDto,
|
||||
): Promise<void> {
|
||||
try {
|
||||
// ToDo: use actual user here
|
||||
const user = await this.userService.getUserByUsername('hardcoded');
|
||||
if (!this.permissionsService.isOwner(user, note)) {
|
||||
throw new UnauthorizedException('Deleting note denied!');
|
||||
}
|
||||
|
@ -160,11 +161,10 @@ export class NotesController {
|
|||
|
||||
@Get(':noteIdOrAlias/revisions')
|
||||
async getNoteRevisions(
|
||||
@RequestUser() user: User,
|
||||
@Param('noteIdOrAlias', GetNotePipe) note: Note,
|
||||
): Promise<RevisionMetadataDto[]> {
|
||||
try {
|
||||
// ToDo: use actual user here
|
||||
const user = await this.userService.getUserByUsername('hardcoded');
|
||||
if (!this.permissionsService.mayRead(user, note)) {
|
||||
throw new UnauthorizedException('Reading note denied!');
|
||||
}
|
||||
|
@ -185,11 +185,10 @@ export class NotesController {
|
|||
@Delete(':noteIdOrAlias/revisions')
|
||||
@HttpCode(204)
|
||||
async purgeNoteRevisions(
|
||||
@RequestUser() user: User,
|
||||
@Param('noteIdOrAlias') noteIdOrAlias: string,
|
||||
): Promise<void> {
|
||||
try {
|
||||
// ToDo: use actual user here
|
||||
const user = await this.userService.getUserByUsername('hardcoded');
|
||||
const note = await this.noteService.getNoteByIdOrAlias(noteIdOrAlias);
|
||||
if (!this.permissionsService.mayRead(user, note)) {
|
||||
throw new UnauthorizedException('Reading note denied!');
|
||||
|
@ -217,12 +216,11 @@ export class NotesController {
|
|||
|
||||
@Get(':noteIdOrAlias/revisions/:revisionId')
|
||||
async getNoteRevision(
|
||||
@RequestUser() user: User,
|
||||
@Param('noteIdOrAlias', GetNotePipe) note: Note,
|
||||
@Param('revisionId') revisionId: number,
|
||||
): Promise<RevisionDto> {
|
||||
try {
|
||||
// ToDo: use actual user here
|
||||
const user = await this.userService.getUserByUsername('hardcoded');
|
||||
if (!this.permissionsService.mayRead(user, note)) {
|
||||
throw new UnauthorizedException('Reading note denied!');
|
||||
}
|
||||
|
|
|
@ -14,6 +14,7 @@ import { Identity } from '../../../identity/identity.entity';
|
|||
import { LoggerModule } from '../../../logger/logger.module';
|
||||
import { Session } from '../../../users/session.entity';
|
||||
import { User } from '../../../users/user.entity';
|
||||
import { UsersModule } from '../../../users/users.module';
|
||||
import { TokensController } from './tokens.controller';
|
||||
|
||||
describe('TokensController', () => {
|
||||
|
@ -29,6 +30,7 @@ describe('TokensController', () => {
|
|||
}),
|
||||
LoggerModule,
|
||||
AuthModule,
|
||||
UsersModule,
|
||||
],
|
||||
})
|
||||
.overrideProvider(getRepositoryToken(User))
|
||||
|
|
|
@ -9,17 +9,25 @@ import {
|
|||
Delete,
|
||||
Get,
|
||||
HttpCode,
|
||||
NotFoundException,
|
||||
Param,
|
||||
Post,
|
||||
UnauthorizedException,
|
||||
UseGuards,
|
||||
} from '@nestjs/common';
|
||||
import { ApiTags } from '@nestjs/swagger';
|
||||
|
||||
import { AuthTokenWithSecretDto } from '../../../auth/auth-token-with-secret.dto';
|
||||
import { AuthTokenDto } from '../../../auth/auth-token.dto';
|
||||
import { AuthService } from '../../../auth/auth.service';
|
||||
import { NotInDBError } from '../../../errors/errors';
|
||||
import { SessionGuard } from '../../../identity/session.guard';
|
||||
import { ConsoleLoggerService } from '../../../logger/console-logger.service';
|
||||
import { User } from '../../../users/user.entity';
|
||||
import { TimestampMillis } from '../../../utils/timestamp';
|
||||
import { RequestUser } from '../../utils/request-user.decorator';
|
||||
|
||||
@UseGuards(SessionGuard)
|
||||
@ApiTags('tokens')
|
||||
@Controller('tokens')
|
||||
export class TokensController {
|
||||
|
@ -31,9 +39,8 @@ export class TokensController {
|
|||
}
|
||||
|
||||
@Get()
|
||||
async getUserTokens(): Promise<AuthTokenDto[]> {
|
||||
// ToDo: Get real userName
|
||||
return (await this.authService.getTokensByUsername('hardcoded')).map(
|
||||
async getUserTokens(@RequestUser() user: User): Promise<AuthTokenDto[]> {
|
||||
return (await this.authService.getTokensByUsername(user.userName)).map(
|
||||
(token) => this.authService.toAuthTokenDto(token),
|
||||
);
|
||||
}
|
||||
|
@ -42,10 +49,10 @@ export class TokensController {
|
|||
async postTokenRequest(
|
||||
@Body('label') label: string,
|
||||
@Body('validUntil') validUntil: TimestampMillis,
|
||||
@RequestUser() user: User,
|
||||
): Promise<AuthTokenWithSecretDto> {
|
||||
// ToDo: Get real userName
|
||||
return await this.authService.createTokenForUser(
|
||||
'hardcoded',
|
||||
user.userName,
|
||||
label,
|
||||
validUntil,
|
||||
);
|
||||
|
@ -53,7 +60,24 @@ export class TokensController {
|
|||
|
||||
@Delete('/:keyId')
|
||||
@HttpCode(204)
|
||||
async deleteToken(@Param('keyId') keyId: string): Promise<void> {
|
||||
return await this.authService.removeToken(keyId);
|
||||
async deleteToken(
|
||||
@RequestUser() user: User,
|
||||
@Param('keyId') keyId: string,
|
||||
): Promise<void> {
|
||||
const tokens = await this.authService.getTokensByUsername(user.userName);
|
||||
try {
|
||||
for (const token of tokens) {
|
||||
if (token.keyId == keyId) {
|
||||
return await this.authService.removeToken(keyId);
|
||||
}
|
||||
}
|
||||
} catch (e) {
|
||||
if (e instanceof NotInDBError) {
|
||||
throw new NotFoundException(e.message);
|
||||
}
|
||||
}
|
||||
throw new UnauthorizedException(
|
||||
'User is not authorized to delete this token',
|
||||
);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -11,12 +11,14 @@ import request from 'supertest';
|
|||
|
||||
import { PrivateApiModule } from '../../src/api/private/private-api.module';
|
||||
import { AuthModule } from '../../src/auth/auth.module';
|
||||
import { AuthConfig } from '../../src/config/auth.config';
|
||||
import appConfigMock from '../../src/config/mock/app.config.mock';
|
||||
import authConfigMock from '../../src/config/mock/auth.config.mock';
|
||||
import customizationConfigMock from '../../src/config/mock/customization.config.mock';
|
||||
import externalConfigMock from '../../src/config/mock/external-services.config.mock';
|
||||
import mediaConfigMock from '../../src/config/mock/media.config.mock';
|
||||
import { GroupsModule } from '../../src/groups/groups.module';
|
||||
import { IdentityService } from '../../src/identity/identity.service';
|
||||
import { LoggerModule } from '../../src/logger/logger.module';
|
||||
import { AliasCreateDto } from '../../src/notes/alias-create.dto';
|
||||
import { AliasUpdateDto } from '../../src/notes/alias-update.dto';
|
||||
|
@ -27,14 +29,17 @@ import { PermissionsModule } from '../../src/permissions/permissions.module';
|
|||
import { User } from '../../src/users/user.entity';
|
||||
import { UsersModule } from '../../src/users/users.module';
|
||||
import { UsersService } from '../../src/users/users.service';
|
||||
import { setupSessionMiddleware } from '../../src/utils/session';
|
||||
|
||||
describe('Alias', () => {
|
||||
let app: INestApplication;
|
||||
let aliasService: AliasService;
|
||||
let notesService: NotesService;
|
||||
let identityService: IdentityService;
|
||||
let user: User;
|
||||
let content: string;
|
||||
let forbiddenNoteId: string;
|
||||
let agent: request.SuperAgentTest;
|
||||
|
||||
beforeAll(async () => {
|
||||
const moduleRef = await Test.createTestingModule({
|
||||
|
@ -69,12 +74,21 @@ describe('Alias', () => {
|
|||
const config = moduleRef.get<ConfigService>(ConfigService);
|
||||
forbiddenNoteId = config.get('appConfig').forbiddenNoteIds[0];
|
||||
app = moduleRef.createNestApplication();
|
||||
const authConfig = config.get('authConfig') as AuthConfig;
|
||||
setupSessionMiddleware(app, authConfig);
|
||||
await app.init();
|
||||
aliasService = moduleRef.get(AliasService);
|
||||
notesService = moduleRef.get(NotesService);
|
||||
identityService = moduleRef.get(IdentityService);
|
||||
const userService = moduleRef.get(UsersService);
|
||||
user = await userService.createUser('hardcoded', 'Testy');
|
||||
await identityService.createLocalIdentity(user, 'test');
|
||||
content = 'This is a test note.';
|
||||
agent = request.agent(app.getHttpServer());
|
||||
await agent
|
||||
.post('/auth/local/login')
|
||||
.send({ username: 'hardcoded', password: 'test' })
|
||||
.expect(201);
|
||||
});
|
||||
|
||||
describe('POST /alias', () => {
|
||||
|
@ -92,7 +106,7 @@ describe('Alias', () => {
|
|||
it('create with normal alias', async () => {
|
||||
const newAlias = 'normalAlias';
|
||||
newAliasDto.newAlias = newAlias;
|
||||
const metadata = await request(app.getHttpServer())
|
||||
const metadata = await agent
|
||||
.post(`/alias`)
|
||||
.set('Content-Type', 'application/json')
|
||||
.send(newAliasDto)
|
||||
|
@ -100,9 +114,7 @@ describe('Alias', () => {
|
|||
expect(metadata.body.name).toEqual(newAlias);
|
||||
expect(metadata.body.primaryAlias).toBeFalsy();
|
||||
expect(metadata.body.noteId).toEqual(publicId);
|
||||
const note = await request(app.getHttpServer())
|
||||
.get(`/notes/${newAlias}`)
|
||||
.expect(200);
|
||||
const note = await agent.get(`/notes/${newAlias}`).expect(200);
|
||||
expect(note.body.metadata.aliases).toContain(newAlias);
|
||||
expect(note.body.metadata.primaryAlias).toBeTruthy();
|
||||
expect(note.body.metadata.id).toEqual(publicId);
|
||||
|
@ -111,7 +123,7 @@ describe('Alias', () => {
|
|||
describe('does not create an alias', () => {
|
||||
it('because of a forbidden alias', async () => {
|
||||
newAliasDto.newAlias = forbiddenNoteId;
|
||||
await request(app.getHttpServer())
|
||||
await agent
|
||||
.post(`/alias`)
|
||||
.set('Content-Type', 'application/json')
|
||||
.send(newAliasDto)
|
||||
|
@ -119,7 +131,7 @@ describe('Alias', () => {
|
|||
});
|
||||
it('because of a alias that is a public id', async () => {
|
||||
newAliasDto.newAlias = publicId;
|
||||
await request(app.getHttpServer())
|
||||
await agent
|
||||
.post(`/alias`)
|
||||
.set('Content-Type', 'application/json')
|
||||
.send(newAliasDto)
|
||||
|
@ -142,7 +154,7 @@ describe('Alias', () => {
|
|||
});
|
||||
|
||||
it('updates a note with a normal alias', async () => {
|
||||
const metadata = await request(app.getHttpServer())
|
||||
const metadata = await agent
|
||||
.put(`/alias/${newAlias}`)
|
||||
.set('Content-Type', 'application/json')
|
||||
.send(changeAliasDto)
|
||||
|
@ -150,9 +162,7 @@ describe('Alias', () => {
|
|||
expect(metadata.body.name).toEqual(newAlias);
|
||||
expect(metadata.body.primaryAlias).toBeTruthy();
|
||||
expect(metadata.body.noteId).toEqual(publicId);
|
||||
const note = await request(app.getHttpServer())
|
||||
.get(`/notes/${newAlias}`)
|
||||
.expect(200);
|
||||
const note = await agent.get(`/notes/${newAlias}`).expect(200);
|
||||
expect(note.body.metadata.aliases).toContain(newAlias);
|
||||
expect(note.body.metadata.primaryAlias).toBeTruthy();
|
||||
expect(note.body.metadata.id).toEqual(publicId);
|
||||
|
@ -160,7 +170,7 @@ describe('Alias', () => {
|
|||
|
||||
describe('does not update', () => {
|
||||
it('a note with unknown alias', async () => {
|
||||
await request(app.getHttpServer())
|
||||
await agent
|
||||
.put(`/alias/i_dont_exist`)
|
||||
.set('Content-Type', 'application/json')
|
||||
.send(changeAliasDto)
|
||||
|
@ -168,7 +178,7 @@ describe('Alias', () => {
|
|||
});
|
||||
it('if the property primaryAlias is false', async () => {
|
||||
changeAliasDto.primaryAlias = false;
|
||||
await request(app.getHttpServer())
|
||||
await agent
|
||||
.put(`/alias/${newAlias}`)
|
||||
.set('Content-Type', 'application/json')
|
||||
.send(changeAliasDto)
|
||||
|
@ -186,34 +196,24 @@ describe('Alias', () => {
|
|||
});
|
||||
|
||||
it('deletes a normal alias', async () => {
|
||||
await request(app.getHttpServer())
|
||||
.delete(`/alias/${newAlias}`)
|
||||
.expect(204);
|
||||
await request(app.getHttpServer()).get(`/notes/${newAlias}`).expect(404);
|
||||
await agent.delete(`/alias/${newAlias}`).expect(204);
|
||||
await agent.get(`/notes/${newAlias}`).expect(404);
|
||||
});
|
||||
|
||||
it('does not delete an unknown alias', async () => {
|
||||
await request(app.getHttpServer())
|
||||
.delete(`/alias/i_dont_exist`)
|
||||
.expect(404);
|
||||
await agent.delete(`/alias/i_dont_exist`).expect(404);
|
||||
});
|
||||
|
||||
it('does not delete an primary alias (if it is not the only one)', async () => {
|
||||
const note = await notesService.getNoteByIdOrAlias(testAlias);
|
||||
await aliasService.addAlias(note, newAlias);
|
||||
await request(app.getHttpServer())
|
||||
.delete(`/alias/${testAlias}`)
|
||||
.expect(400);
|
||||
await request(app.getHttpServer()).get(`/notes/${newAlias}`).expect(200);
|
||||
await agent.delete(`/alias/${testAlias}`).expect(400);
|
||||
await agent.get(`/notes/${newAlias}`).expect(200);
|
||||
});
|
||||
|
||||
it('deletes a primary alias (if it is the only one)', async () => {
|
||||
await request(app.getHttpServer())
|
||||
.delete(`/alias/${newAlias}`)
|
||||
.expect(204);
|
||||
await request(app.getHttpServer())
|
||||
.delete(`/alias/${testAlias}`)
|
||||
.expect(204);
|
||||
await agent.delete(`/alias/${newAlias}`).expect(204);
|
||||
await agent.delete(`/alias/${testAlias}`).expect(204);
|
||||
});
|
||||
});
|
||||
});
|
||||
|
|
|
@ -11,6 +11,7 @@ import request from 'supertest';
|
|||
|
||||
import { PrivateApiModule } from '../../src/api/private/private-api.module';
|
||||
import { AuthModule } from '../../src/auth/auth.module';
|
||||
import { AuthConfig } from '../../src/config/auth.config';
|
||||
import appConfigMock from '../../src/config/mock/app.config.mock';
|
||||
import authConfigMock from '../../src/config/mock/auth.config.mock';
|
||||
import customizationConfigMock from '../../src/config/mock/customization.config.mock';
|
||||
|
@ -20,6 +21,7 @@ import { GroupsModule } from '../../src/groups/groups.module';
|
|||
import { HistoryEntryImportDto } from '../../src/history/history-entry-import.dto';
|
||||
import { HistoryEntry } from '../../src/history/history-entry.entity';
|
||||
import { HistoryService } from '../../src/history/history.service';
|
||||
import { IdentityService } from '../../src/identity/identity.service';
|
||||
import { LoggerModule } from '../../src/logger/logger.module';
|
||||
import { Note } from '../../src/notes/note.entity';
|
||||
import { NotesModule } from '../../src/notes/notes.module';
|
||||
|
@ -28,15 +30,18 @@ import { PermissionsModule } from '../../src/permissions/permissions.module';
|
|||
import { User } from '../../src/users/user.entity';
|
||||
import { UsersModule } from '../../src/users/users.module';
|
||||
import { UsersService } from '../../src/users/users.service';
|
||||
import { setupSessionMiddleware } from '../../src/utils/session';
|
||||
|
||||
describe('History', () => {
|
||||
let app: INestApplication;
|
||||
let historyService: HistoryService;
|
||||
let identityService: IdentityService;
|
||||
let user: User;
|
||||
let note: Note;
|
||||
let note2: Note;
|
||||
let forbiddenNoteId: string;
|
||||
let content: string;
|
||||
let agent: request.SuperAgentTest;
|
||||
|
||||
beforeAll(async () => {
|
||||
const moduleRef = await Test.createTestingModule({
|
||||
|
@ -71,25 +76,34 @@ describe('History', () => {
|
|||
const config = moduleRef.get<ConfigService>(ConfigService);
|
||||
forbiddenNoteId = config.get('appConfig').forbiddenNoteIds[0];
|
||||
app = moduleRef.createNestApplication();
|
||||
const authConfig = config.get('authConfig') as AuthConfig;
|
||||
setupSessionMiddleware(app, authConfig);
|
||||
await app.init();
|
||||
content = 'This is a test note.';
|
||||
historyService = moduleRef.get(HistoryService);
|
||||
const userService = moduleRef.get(UsersService);
|
||||
identityService = moduleRef.get(IdentityService);
|
||||
user = await userService.createUser('hardcoded', 'Testy');
|
||||
await identityService.createLocalIdentity(user, 'test');
|
||||
const notesService = moduleRef.get(NotesService);
|
||||
note = await notesService.createNote(content, 'note', user);
|
||||
note2 = await notesService.createNote(content, 'note2', user);
|
||||
agent = request.agent(app.getHttpServer());
|
||||
await agent
|
||||
.post('/auth/local/login')
|
||||
.send({ username: 'hardcoded', password: 'test' })
|
||||
.expect(201);
|
||||
});
|
||||
|
||||
it('GET /me/history', async () => {
|
||||
const emptyResponse = await request(app.getHttpServer())
|
||||
const emptyResponse = await agent
|
||||
.get('/me/history')
|
||||
.expect('Content-Type', /json/)
|
||||
.expect(200);
|
||||
expect(emptyResponse.body.length).toEqual(0);
|
||||
const entry = await historyService.updateHistoryEntryTimestamp(note, user);
|
||||
const entryDto = historyService.toHistoryEntryDto(entry);
|
||||
const response = await request(app.getHttpServer())
|
||||
const response = await agent
|
||||
.get('/me/history')
|
||||
.expect('Content-Type', /json/)
|
||||
.expect(200);
|
||||
|
@ -114,7 +128,7 @@ describe('History', () => {
|
|||
)[0].name;
|
||||
postEntryDto.pinStatus = pinStatus;
|
||||
postEntryDto.lastVisited = lastVisited;
|
||||
await request(app.getHttpServer())
|
||||
await agent
|
||||
.post('/me/history')
|
||||
.set('Content-Type', 'application/json')
|
||||
.send(JSON.stringify({ history: [postEntryDto] }))
|
||||
|
@ -149,7 +163,7 @@ describe('History', () => {
|
|||
brokenEntryDto.note = forbiddenNoteId;
|
||||
brokenEntryDto.pinStatus = pinStatus;
|
||||
brokenEntryDto.lastVisited = lastVisited;
|
||||
await request(app.getHttpServer())
|
||||
await agent
|
||||
.post('/me/history')
|
||||
.set('Content-Type', 'application/json')
|
||||
.send(JSON.stringify({ history: [brokenEntryDto] }))
|
||||
|
@ -160,7 +174,7 @@ describe('History', () => {
|
|||
brokenEntryDto.note = 'i_dont_exist';
|
||||
brokenEntryDto.pinStatus = pinStatus;
|
||||
brokenEntryDto.lastVisited = lastVisited;
|
||||
await request(app.getHttpServer())
|
||||
await agent
|
||||
.post('/me/history')
|
||||
.set('Content-Type', 'application/json')
|
||||
.send(JSON.stringify({ history: [brokenEntryDto] }))
|
||||
|
@ -181,7 +195,7 @@ describe('History', () => {
|
|||
|
||||
it('DELETE /me/history', async () => {
|
||||
expect((await historyService.getEntriesByUser(user)).length).toEqual(1);
|
||||
await request(app.getHttpServer()).delete('/me/history').expect(200);
|
||||
await agent.delete('/me/history').expect(200);
|
||||
expect((await historyService.getEntriesByUser(user)).length).toEqual(0);
|
||||
});
|
||||
|
||||
|
@ -189,7 +203,7 @@ describe('History', () => {
|
|||
const entry = await historyService.updateHistoryEntryTimestamp(note2, user);
|
||||
expect(entry.pinStatus).toBeFalsy();
|
||||
const alias = entry.note.aliases.filter((alias) => alias.primary)[0].name;
|
||||
await request(app.getHttpServer())
|
||||
await agent
|
||||
.put(`/me/history/${alias || 'undefined'}`)
|
||||
.send({ pinStatus: true })
|
||||
.expect(200);
|
||||
|
@ -204,9 +218,7 @@ describe('History', () => {
|
|||
const alias = entry.note.aliases.filter((alias) => alias.primary)[0].name;
|
||||
const entry2 = await historyService.updateHistoryEntryTimestamp(note, user);
|
||||
const entryDto = historyService.toHistoryEntryDto(entry2);
|
||||
await request(app.getHttpServer())
|
||||
.delete(`/me/history/${alias || 'undefined'}`)
|
||||
.expect(200);
|
||||
await agent.delete(`/me/history/${alias || 'undefined'}`).expect(200);
|
||||
const userEntries = await historyService.getEntriesByUser(user);
|
||||
expect(userEntries.length).toEqual(1);
|
||||
const userEntryDto = historyService.toHistoryEntryDto(userEntries[0]);
|
||||
|
|
|
@ -17,6 +17,7 @@ import request from 'supertest';
|
|||
|
||||
import { PrivateApiModule } from '../../src/api/private/private-api.module';
|
||||
import { AuthModule } from '../../src/auth/auth.module';
|
||||
import { AuthConfig } from '../../src/config/auth.config';
|
||||
import appConfigMock from '../../src/config/mock/app.config.mock';
|
||||
import authConfigMock from '../../src/config/mock/auth.config.mock';
|
||||
import customizationConfigMock from '../../src/config/mock/customization.config.mock';
|
||||
|
@ -25,6 +26,7 @@ import mediaConfigMock from '../../src/config/mock/media.config.mock';
|
|||
import { NotInDBError } from '../../src/errors/errors';
|
||||
import { GroupsModule } from '../../src/groups/groups.module';
|
||||
import { HistoryModule } from '../../src/history/history.module';
|
||||
import { IdentityService } from '../../src/identity/identity.service';
|
||||
import { LoggerModule } from '../../src/logger/logger.module';
|
||||
import { MediaModule } from '../../src/media/media.module';
|
||||
import { MediaService } from '../../src/media/media.service';
|
||||
|
@ -36,17 +38,20 @@ import { UserInfoDto } from '../../src/users/user-info.dto';
|
|||
import { User } from '../../src/users/user.entity';
|
||||
import { UsersModule } from '../../src/users/users.module';
|
||||
import { UsersService } from '../../src/users/users.service';
|
||||
import { setupSessionMiddleware } from '../../src/utils/session';
|
||||
|
||||
describe('Me', () => {
|
||||
let app: INestApplication;
|
||||
let userService: UsersService;
|
||||
let mediaService: MediaService;
|
||||
let identityService: IdentityService;
|
||||
let uploadPath: string;
|
||||
let user: User;
|
||||
let content: string;
|
||||
let note1: Note;
|
||||
let alias2: string;
|
||||
let note2: Note;
|
||||
let agent: request.SuperAgentTest;
|
||||
|
||||
beforeAll(async () => {
|
||||
const moduleRef = await Test.createTestingModule({
|
||||
|
@ -82,21 +87,31 @@ describe('Me', () => {
|
|||
const config = moduleRef.get<ConfigService>(ConfigService);
|
||||
uploadPath = config.get('mediaConfig').backend.filesystem.uploadPath;
|
||||
app = moduleRef.createNestApplication();
|
||||
const authConfig = config.get('authConfig') as AuthConfig;
|
||||
setupSessionMiddleware(app, authConfig);
|
||||
await app.init();
|
||||
//historyService = moduleRef.get();
|
||||
userService = moduleRef.get(UsersService);
|
||||
mediaService = moduleRef.get(MediaService);
|
||||
identityService = moduleRef.get(IdentityService);
|
||||
user = await userService.createUser('hardcoded', 'Testy');
|
||||
await identityService.createLocalIdentity(user, 'test');
|
||||
|
||||
const notesService = moduleRef.get(NotesService);
|
||||
content = 'This is a test note.';
|
||||
alias2 = 'note2';
|
||||
note1 = await notesService.createNote(content, undefined, user);
|
||||
note2 = await notesService.createNote(content, alias2, user);
|
||||
agent = request.agent(app.getHttpServer());
|
||||
await agent
|
||||
.post('/auth/local/login')
|
||||
.send({ username: 'hardcoded', password: 'test' })
|
||||
.expect(201);
|
||||
});
|
||||
|
||||
it('GET /me', async () => {
|
||||
const userInfo = userService.toUserDto(user);
|
||||
const response = await request(app.getHttpServer())
|
||||
const response = await agent
|
||||
.get('/me')
|
||||
.expect('Content-Type', /json/)
|
||||
.expect(200);
|
||||
|
@ -105,8 +120,7 @@ describe('Me', () => {
|
|||
});
|
||||
|
||||
it('GET /me/media', async () => {
|
||||
const httpServer = app.getHttpServer();
|
||||
const responseBefore = await request(httpServer)
|
||||
const responseBefore = await agent
|
||||
.get('/me/media/')
|
||||
.expect('Content-Type', /json/)
|
||||
.expect(200);
|
||||
|
@ -118,7 +132,7 @@ describe('Me', () => {
|
|||
const url2 = await mediaService.saveFile(testImage, user, note2);
|
||||
const url3 = await mediaService.saveFile(testImage, user, note2);
|
||||
|
||||
const response = await request(httpServer)
|
||||
const response = await agent
|
||||
.get('/me/media/')
|
||||
.expect('Content-Type', /json/)
|
||||
.expect(200);
|
||||
|
@ -137,7 +151,7 @@ describe('Me', () => {
|
|||
it('POST /me/profile', async () => {
|
||||
const newDisplayName = 'Another name';
|
||||
expect(user.displayName).not.toEqual(newDisplayName);
|
||||
await request(app.getHttpServer())
|
||||
await agent
|
||||
.post('/me/profile')
|
||||
.send({
|
||||
name: newDisplayName,
|
||||
|
@ -155,7 +169,7 @@ describe('Me', () => {
|
|||
const mediaUploads = await mediaService.listUploadsByUser(dbUser);
|
||||
expect(mediaUploads).toHaveLength(1);
|
||||
expect(mediaUploads[0].fileUrl).toEqual(url0);
|
||||
await request(app.getHttpServer()).delete('/me').expect(204);
|
||||
await agent.delete('/me').expect(204);
|
||||
await expect(userService.getUserByUsername('hardcoded')).rejects.toThrow(
|
||||
NotInDBError,
|
||||
);
|
||||
|
|
|
@ -13,12 +13,14 @@ import request from 'supertest';
|
|||
|
||||
import { PrivateApiModule } from '../../src/api/private/private-api.module';
|
||||
import { AuthModule } from '../../src/auth/auth.module';
|
||||
import { AuthConfig } from '../../src/config/auth.config';
|
||||
import appConfigMock from '../../src/config/mock/app.config.mock';
|
||||
import authConfigMock from '../../src/config/mock/auth.config.mock';
|
||||
import customizationConfigMock from '../../src/config/mock/customization.config.mock';
|
||||
import externalConfigMock from '../../src/config/mock/external-services.config.mock';
|
||||
import mediaConfigMock from '../../src/config/mock/media.config.mock';
|
||||
import { GroupsModule } from '../../src/groups/groups.module';
|
||||
import { IdentityService } from '../../src/identity/identity.service';
|
||||
import { ConsoleLoggerService } from '../../src/logger/console-logger.service';
|
||||
import { LoggerModule } from '../../src/logger/logger.module';
|
||||
import { MediaModule } from '../../src/media/media.module';
|
||||
|
@ -26,11 +28,14 @@ import { NotesModule } from '../../src/notes/notes.module';
|
|||
import { NotesService } from '../../src/notes/notes.service';
|
||||
import { PermissionsModule } from '../../src/permissions/permissions.module';
|
||||
import { UsersService } from '../../src/users/users.service';
|
||||
import { setupSessionMiddleware } from '../../src/utils/session';
|
||||
import { ensureDeleted } from '../utils';
|
||||
|
||||
describe('Media', () => {
|
||||
let identityService: IdentityService;
|
||||
let app: NestExpressApplication;
|
||||
let uploadPath: string;
|
||||
let agent: request.SuperAgentTest;
|
||||
|
||||
beforeAll(async () => {
|
||||
const moduleRef = await Test.createTestingModule({
|
||||
|
@ -67,19 +72,28 @@ describe('Media', () => {
|
|||
app.useStaticAssets(uploadPath, {
|
||||
prefix: '/uploads',
|
||||
});
|
||||
const authConfig = config.get('authConfig') as AuthConfig;
|
||||
setupSessionMiddleware(app, authConfig);
|
||||
await app.init();
|
||||
const logger = await app.resolve(ConsoleLoggerService);
|
||||
logger.log('Switching logger', 'AppBootstrap');
|
||||
app.useLogger(logger);
|
||||
identityService = moduleRef.get(IdentityService);
|
||||
const notesService: NotesService = moduleRef.get(NotesService);
|
||||
await notesService.createNote('test content', 'test_upload_media');
|
||||
const userService: UsersService = moduleRef.get(UsersService);
|
||||
await userService.createUser('hardcoded', 'Testy');
|
||||
const user = await userService.createUser('hardcoded', 'Testy');
|
||||
await identityService.createLocalIdentity(user, 'test');
|
||||
agent = request.agent(app.getHttpServer());
|
||||
await agent
|
||||
.post('/auth/local/login')
|
||||
.send({ username: 'hardcoded', password: 'test' })
|
||||
.expect(201);
|
||||
});
|
||||
|
||||
describe('POST /media', () => {
|
||||
it('works', async () => {
|
||||
const uploadResponse = await request(app.getHttpServer())
|
||||
const uploadResponse = await agent
|
||||
.post('/media')
|
||||
.attach('file', 'test/private-api/fixtures/test.png')
|
||||
.set('HedgeDoc-Note', 'test_upload_media')
|
||||
|
@ -87,7 +101,7 @@ describe('Media', () => {
|
|||
.expect(201);
|
||||
const path: string = uploadResponse.body.link;
|
||||
const testImage = await fs.readFile('test/private-api/fixtures/test.png');
|
||||
const downloadResponse = await request(app.getHttpServer()).get(path);
|
||||
const downloadResponse = await agent.get(path);
|
||||
expect(downloadResponse.body).toEqual(testImage);
|
||||
// Remove /uploads/ from path as we just need the filename.
|
||||
const fileName = path.replace('/uploads/', '');
|
||||
|
@ -99,7 +113,7 @@ describe('Media', () => {
|
|||
await ensureDeleted(uploadPath);
|
||||
});
|
||||
it('MIME type not supported', async () => {
|
||||
await request(app.getHttpServer())
|
||||
await agent
|
||||
.post('/media')
|
||||
.attach('file', 'test/private-api/fixtures/test.zip')
|
||||
.set('HedgeDoc-Note', 'test_upload_media')
|
||||
|
@ -107,7 +121,7 @@ describe('Media', () => {
|
|||
await expect(fs.access(uploadPath)).rejects.toBeDefined();
|
||||
});
|
||||
it('note does not exist', async () => {
|
||||
await request(app.getHttpServer())
|
||||
await agent
|
||||
.post('/media')
|
||||
.attach('file', 'test/private-api/fixtures/test.zip')
|
||||
.set('HedgeDoc-Note', 'i_dont_exist')
|
||||
|
@ -118,7 +132,7 @@ describe('Media', () => {
|
|||
await fs.mkdir(uploadPath, {
|
||||
mode: '444',
|
||||
});
|
||||
await request(app.getHttpServer())
|
||||
await agent
|
||||
.post('/media')
|
||||
.attach('file', 'test/private-api/fixtures/test.png')
|
||||
.set('HedgeDoc-Note', 'test_upload_media')
|
||||
|
|
|
@ -13,6 +13,7 @@ import request from 'supertest';
|
|||
|
||||
import { PrivateApiModule } from '../../src/api/private/private-api.module';
|
||||
import { AuthModule } from '../../src/auth/auth.module';
|
||||
import { AuthConfig } from '../../src/config/auth.config';
|
||||
import appConfigMock from '../../src/config/mock/app.config.mock';
|
||||
import authConfigMock from '../../src/config/mock/auth.config.mock';
|
||||
import customizationConfigMock from '../../src/config/mock/customization.config.mock';
|
||||
|
@ -20,6 +21,7 @@ import externalConfigMock from '../../src/config/mock/external-services.config.m
|
|||
import mediaConfigMock from '../../src/config/mock/media.config.mock';
|
||||
import { NotInDBError } from '../../src/errors/errors';
|
||||
import { GroupsModule } from '../../src/groups/groups.module';
|
||||
import { IdentityService } from '../../src/identity/identity.service';
|
||||
import { LoggerModule } from '../../src/logger/logger.module';
|
||||
import { MediaService } from '../../src/media/media.service';
|
||||
import { NotesModule } from '../../src/notes/notes.module';
|
||||
|
@ -28,17 +30,20 @@ import { PermissionsModule } from '../../src/permissions/permissions.module';
|
|||
import { User } from '../../src/users/user.entity';
|
||||
import { UsersModule } from '../../src/users/users.module';
|
||||
import { UsersService } from '../../src/users/users.service';
|
||||
import { setupSessionMiddleware } from '../../src/utils/session';
|
||||
|
||||
describe('Notes', () => {
|
||||
let app: INestApplication;
|
||||
let notesService: NotesService;
|
||||
let mediaService: MediaService;
|
||||
let identityService: IdentityService;
|
||||
let user: User;
|
||||
let user2: User;
|
||||
let content: string;
|
||||
let forbiddenNoteId: string;
|
||||
let uploadPath: string;
|
||||
let testImage: Buffer;
|
||||
let agent: request.SuperAgentTest;
|
||||
|
||||
beforeAll(async () => {
|
||||
const moduleRef = await Test.createTestingModule({
|
||||
|
@ -74,18 +79,28 @@ describe('Notes', () => {
|
|||
forbiddenNoteId = config.get('appConfig').forbiddenNoteIds[0];
|
||||
uploadPath = config.get('mediaConfig').backend.filesystem.uploadPath;
|
||||
app = moduleRef.createNestApplication();
|
||||
const authConfig = config.get('authConfig') as AuthConfig;
|
||||
setupSessionMiddleware(app, authConfig);
|
||||
await app.init();
|
||||
notesService = moduleRef.get(NotesService);
|
||||
mediaService = moduleRef.get(MediaService);
|
||||
identityService = moduleRef.get(IdentityService);
|
||||
const userService = moduleRef.get(UsersService);
|
||||
user = await userService.createUser('hardcoded', 'Testy');
|
||||
await identityService.createLocalIdentity(user, 'test');
|
||||
user2 = await userService.createUser('hardcoded2', 'Max Mustermann');
|
||||
await identityService.createLocalIdentity(user2, 'test');
|
||||
content = 'This is a test note.';
|
||||
testImage = await fs.readFile('test/public-api/fixtures/test.png');
|
||||
agent = request.agent(app.getHttpServer());
|
||||
await agent
|
||||
.post('/auth/local/login')
|
||||
.send({ username: 'hardcoded', password: 'test' })
|
||||
.expect(201);
|
||||
});
|
||||
|
||||
it('POST /notes', async () => {
|
||||
const response = await request(app.getHttpServer())
|
||||
const response = await agent
|
||||
.post('/notes')
|
||||
.set('Content-Type', 'text/markdown')
|
||||
.send(content)
|
||||
|
@ -103,7 +118,7 @@ describe('Notes', () => {
|
|||
it('works with an existing note', async () => {
|
||||
// check if we can succefully get a note that exists
|
||||
await notesService.createNote(content, 'test1', user);
|
||||
const response = await request(app.getHttpServer())
|
||||
const response = await agent
|
||||
.get('/notes/test1')
|
||||
.expect('Content-Type', /json/)
|
||||
.expect(200);
|
||||
|
@ -111,7 +126,7 @@ describe('Notes', () => {
|
|||
});
|
||||
it('fails with an non-existing note', async () => {
|
||||
// check if a missing note correctly returns 404
|
||||
await request(app.getHttpServer())
|
||||
await agent
|
||||
.get('/notes/i_dont_exist')
|
||||
.expect('Content-Type', /json/)
|
||||
.expect(404);
|
||||
|
@ -120,7 +135,7 @@ describe('Notes', () => {
|
|||
|
||||
describe('POST /notes/{note}', () => {
|
||||
it('works with a non-existing alias', async () => {
|
||||
const response = await request(app.getHttpServer())
|
||||
const response = await agent
|
||||
.post('/notes/test2')
|
||||
.set('Content-Type', 'text/markdown')
|
||||
.send(content)
|
||||
|
@ -135,7 +150,7 @@ describe('Notes', () => {
|
|||
});
|
||||
|
||||
it('fails with a forbidden alias', async () => {
|
||||
await request(app.getHttpServer())
|
||||
await agent
|
||||
.post(`/notes/${forbiddenNoteId}`)
|
||||
.set('Content-Type', 'text/markdown')
|
||||
.send(content)
|
||||
|
@ -144,7 +159,7 @@ describe('Notes', () => {
|
|||
});
|
||||
|
||||
it('fails with a existing alias', async () => {
|
||||
await request(app.getHttpServer())
|
||||
await agent
|
||||
.post('/notes/test2')
|
||||
.set('Content-Type', 'text/markdown')
|
||||
.send(content)
|
||||
|
@ -159,7 +174,7 @@ describe('Notes', () => {
|
|||
const noteId = 'test3';
|
||||
const note = await notesService.createNote(content, noteId, user);
|
||||
await mediaService.saveFile(testImage, user, note);
|
||||
await request(app.getHttpServer())
|
||||
await agent
|
||||
.delete(`/notes/${noteId}`)
|
||||
.set('Content-Type', 'application/json')
|
||||
.send({
|
||||
|
@ -176,7 +191,7 @@ describe('Notes', () => {
|
|||
const noteId = 'test3a';
|
||||
const note = await notesService.createNote(content, noteId, user);
|
||||
const url = await mediaService.saveFile(testImage, user, note);
|
||||
await request(app.getHttpServer())
|
||||
await agent
|
||||
.delete(`/notes/${noteId}`)
|
||||
.set('Content-Type', 'application/json')
|
||||
.send({
|
||||
|
@ -195,21 +210,17 @@ describe('Notes', () => {
|
|||
});
|
||||
});
|
||||
it('fails with a forbidden alias', async () => {
|
||||
await request(app.getHttpServer())
|
||||
.delete(`/notes/${forbiddenNoteId}`)
|
||||
.expect(400);
|
||||
await agent.delete(`/notes/${forbiddenNoteId}`).expect(400);
|
||||
});
|
||||
it('fails with a non-existing alias', async () => {
|
||||
await request(app.getHttpServer())
|
||||
.delete('/notes/i_dont_exist')
|
||||
.expect(404);
|
||||
await agent.delete('/notes/i_dont_exist').expect(404);
|
||||
});
|
||||
});
|
||||
|
||||
describe('GET /notes/{note}/revisions', () => {
|
||||
it('works with existing alias', async () => {
|
||||
await notesService.createNote(content, 'test4', user);
|
||||
const response = await request(app.getHttpServer())
|
||||
const response = await agent
|
||||
.get('/notes/test4/revisions')
|
||||
.expect('Content-Type', /json/)
|
||||
.expect(200);
|
||||
|
@ -217,14 +228,12 @@ describe('Notes', () => {
|
|||
});
|
||||
|
||||
it('fails with a forbidden alias', async () => {
|
||||
await request(app.getHttpServer())
|
||||
.get(`/notes/${forbiddenNoteId}/revisions`)
|
||||
.expect(400);
|
||||
await agent.get(`/notes/${forbiddenNoteId}/revisions`).expect(400);
|
||||
});
|
||||
|
||||
it('fails with non-existing alias', async () => {
|
||||
// check if a missing note correctly returns 404
|
||||
await request(app.getHttpServer())
|
||||
await agent
|
||||
.get('/notes/i_dont_exist/revisions')
|
||||
.expect('Content-Type', /json/)
|
||||
.expect(404);
|
||||
|
@ -236,29 +245,27 @@ describe('Notes', () => {
|
|||
const noteId = 'test8';
|
||||
const note = await notesService.createNote(content, noteId, user);
|
||||
await notesService.updateNote(note, 'update');
|
||||
const responseBeforeDeleting = await request(app.getHttpServer())
|
||||
const responseBeforeDeleting = await agent
|
||||
.get('/notes/test8/revisions')
|
||||
.expect('Content-Type', /json/)
|
||||
.expect(200);
|
||||
expect(responseBeforeDeleting.body).toHaveLength(2);
|
||||
await request(app.getHttpServer())
|
||||
await agent
|
||||
.delete(`/notes/${noteId}/revisions`)
|
||||
.set('Content-Type', 'application/json')
|
||||
.expect(204);
|
||||
const responseAfterDeleting = await request(app.getHttpServer())
|
||||
const responseAfterDeleting = await agent
|
||||
.get('/notes/test8/revisions')
|
||||
.expect('Content-Type', /json/)
|
||||
.expect(200);
|
||||
expect(responseAfterDeleting.body).toHaveLength(1);
|
||||
});
|
||||
it('fails with a forbidden alias', async () => {
|
||||
await request(app.getHttpServer())
|
||||
.delete(`/notes/${forbiddenNoteId}/revisions`)
|
||||
.expect(400);
|
||||
await agent.delete(`/notes/${forbiddenNoteId}/revisions`).expect(400);
|
||||
});
|
||||
it('fails with non-existing alias', async () => {
|
||||
// check if a missing note correctly returns 404
|
||||
await request(app.getHttpServer())
|
||||
await agent
|
||||
.delete('/notes/i_dont_exist/revisions')
|
||||
.expect('Content-Type', /json/)
|
||||
.expect(404);
|
||||
|
@ -269,20 +276,18 @@ describe('Notes', () => {
|
|||
it('works with an existing alias', async () => {
|
||||
const note = await notesService.createNote(content, 'test5', user);
|
||||
const revision = await notesService.getLatestRevision(note);
|
||||
const response = await request(app.getHttpServer())
|
||||
const response = await agent
|
||||
.get(`/notes/test5/revisions/${revision.id}`)
|
||||
.expect('Content-Type', /json/)
|
||||
.expect(200);
|
||||
expect(response.body.content).toEqual(content);
|
||||
});
|
||||
it('fails with a forbidden alias', async () => {
|
||||
await request(app.getHttpServer())
|
||||
.get(`/notes/${forbiddenNoteId}/revisions/1`)
|
||||
.expect(400);
|
||||
await agent.get(`/notes/${forbiddenNoteId}/revisions/1`).expect(400);
|
||||
});
|
||||
it('fails with non-existing alias', async () => {
|
||||
// check if a missing note correctly returns 404
|
||||
await request(app.getHttpServer())
|
||||
await agent
|
||||
.get('/notes/i_dont_exist/revisions/1')
|
||||
.expect('Content-Type', /json/)
|
||||
.expect(404);
|
||||
|
@ -295,8 +300,7 @@ describe('Notes', () => {
|
|||
const extraAlias = 'test7';
|
||||
const note1 = await notesService.createNote(content, alias, user);
|
||||
const note2 = await notesService.createNote(content, extraAlias, user);
|
||||
const httpServer = app.getHttpServer();
|
||||
const response = await request(httpServer)
|
||||
const response = await agent
|
||||
.get(`/notes/${alias}/media/`)
|
||||
.expect('Content-Type', /json/)
|
||||
.expect(200);
|
||||
|
@ -306,7 +310,7 @@ describe('Notes', () => {
|
|||
const url0 = await mediaService.saveFile(testImage, user, note1);
|
||||
const url1 = await mediaService.saveFile(testImage, user, note2);
|
||||
|
||||
const responseAfter = await request(httpServer)
|
||||
const responseAfter = await agent
|
||||
.get(`/notes/${alias}/media/`)
|
||||
.expect('Content-Type', /json/)
|
||||
.expect(200);
|
||||
|
@ -321,7 +325,7 @@ describe('Notes', () => {
|
|||
await fs.rmdir(uploadPath, { recursive: true });
|
||||
});
|
||||
it('fails, when note does not exist', async () => {
|
||||
await request(app.getHttpServer())
|
||||
await agent
|
||||
.get(`/notes/i_dont_exist/media/`)
|
||||
.expect('Content-Type', /json/)
|
||||
.expect(404);
|
||||
|
@ -329,7 +333,7 @@ describe('Notes', () => {
|
|||
it("fails, when user can't read note", async () => {
|
||||
const alias = 'test11';
|
||||
await notesService.createNote('This is a test note.', alias, user2);
|
||||
await request(app.getHttpServer())
|
||||
await agent
|
||||
.get(`/notes/${alias}/media/`)
|
||||
.expect('Content-Type', /json/)
|
||||
.expect(401);
|
||||
|
|
130
test/public-api/tokens.e2e-spec.ts
Normal file
130
test/public-api/tokens.e2e-spec.ts
Normal file
|
@ -0,0 +1,130 @@
|
|||
/*
|
||||
* SPDX-FileCopyrightText: 2021 The HedgeDoc developers (see AUTHORS file)
|
||||
*
|
||||
* SPDX-License-Identifier: AGPL-3.0-only
|
||||
*/
|
||||
import { INestApplication } from '@nestjs/common';
|
||||
import { ConfigModule, ConfigService } from '@nestjs/config';
|
||||
import { Test } from '@nestjs/testing';
|
||||
import { TypeOrmModule } from '@nestjs/typeorm';
|
||||
import request from 'supertest';
|
||||
|
||||
import { PrivateApiModule } from '../../src/api/private/private-api.module';
|
||||
import { AuthModule } from '../../src/auth/auth.module';
|
||||
import { MockAuthGuard } from '../../src/auth/mock-auth.guard';
|
||||
import { TokenAuthGuard } from '../../src/auth/token.strategy';
|
||||
import { AuthConfig } from '../../src/config/auth.config';
|
||||
import appConfigMock from '../../src/config/mock/app.config.mock';
|
||||
import authConfigMock from '../../src/config/mock/auth.config.mock';
|
||||
import customizationConfigMock from '../../src/config/mock/customization.config.mock';
|
||||
import externalServicesConfigMock from '../../src/config/mock/external-services.config.mock';
|
||||
import mediaConfigMock from '../../src/config/mock/media.config.mock';
|
||||
import { GroupsModule } from '../../src/groups/groups.module';
|
||||
import { HistoryModule } from '../../src/history/history.module';
|
||||
import { IdentityService } from '../../src/identity/identity.service';
|
||||
import { LoggerModule } from '../../src/logger/logger.module';
|
||||
import { MediaModule } from '../../src/media/media.module';
|
||||
import { NotesModule } from '../../src/notes/notes.module';
|
||||
import { PermissionsModule } from '../../src/permissions/permissions.module';
|
||||
import { User } from '../../src/users/user.entity';
|
||||
import { UsersModule } from '../../src/users/users.module';
|
||||
import { UsersService } from '../../src/users/users.service';
|
||||
import { setupSessionMiddleware } from '../../src/utils/session';
|
||||
|
||||
describe('Tokens', () => {
|
||||
let app: INestApplication;
|
||||
let userService: UsersService;
|
||||
let identityService: IdentityService;
|
||||
let user: User;
|
||||
let agent: request.SuperAgentTest;
|
||||
let keyId: string;
|
||||
|
||||
beforeAll(async () => {
|
||||
const moduleRef = await Test.createTestingModule({
|
||||
imports: [
|
||||
ConfigModule.forRoot({
|
||||
isGlobal: true,
|
||||
load: [
|
||||
appConfigMock,
|
||||
authConfigMock,
|
||||
mediaConfigMock,
|
||||
customizationConfigMock,
|
||||
externalServicesConfigMock,
|
||||
],
|
||||
}),
|
||||
PrivateApiModule,
|
||||
NotesModule,
|
||||
PermissionsModule,
|
||||
GroupsModule,
|
||||
TypeOrmModule.forRoot({
|
||||
type: 'sqlite',
|
||||
database: './hedgedoc-e2e-private-me.sqlite',
|
||||
autoLoadEntities: true,
|
||||
synchronize: true,
|
||||
dropSchema: true,
|
||||
}),
|
||||
LoggerModule,
|
||||
AuthModule,
|
||||
UsersModule,
|
||||
MediaModule,
|
||||
HistoryModule,
|
||||
],
|
||||
})
|
||||
.overrideGuard(TokenAuthGuard)
|
||||
.useClass(MockAuthGuard)
|
||||
.compile();
|
||||
const config = moduleRef.get<ConfigService>(ConfigService);
|
||||
identityService = moduleRef.get(IdentityService);
|
||||
app = moduleRef.createNestApplication();
|
||||
userService = moduleRef.get(UsersService);
|
||||
user = await userService.createUser('hardcoded', 'Testy');
|
||||
await identityService.createLocalIdentity(user, 'test');
|
||||
const authConfig = config.get('authConfig') as AuthConfig;
|
||||
setupSessionMiddleware(app, authConfig);
|
||||
await app.init();
|
||||
agent = request.agent(app.getHttpServer());
|
||||
await agent
|
||||
.post('/auth/local/login')
|
||||
.send({ username: 'hardcoded', password: 'test' })
|
||||
.expect(201);
|
||||
});
|
||||
|
||||
it(`POST /tokens`, async () => {
|
||||
const tokenName = 'testToken';
|
||||
const response = await agent
|
||||
.post('/tokens')
|
||||
.send({
|
||||
label: tokenName,
|
||||
})
|
||||
.expect('Content-Type', /json/)
|
||||
.expect(201);
|
||||
keyId = response.body.keyId;
|
||||
expect(response.body.label).toBe(tokenName);
|
||||
expect(response.body.validUntil).toBe(null);
|
||||
expect(response.body.lastUsed).toBe(null);
|
||||
expect(response.body.secret.length).toBe(84);
|
||||
});
|
||||
|
||||
it(`GET /tokens`, async () => {
|
||||
const tokenName = 'testToken';
|
||||
const response = await agent
|
||||
.get('/tokens/')
|
||||
.expect('Content-Type', /json/)
|
||||
.expect(200);
|
||||
expect(response.body[0].label).toBe(tokenName);
|
||||
expect(response.body[0].validUntil).toBe(null);
|
||||
expect(response.body[0].lastUsed).toBe(null);
|
||||
expect(response.body[0].secret).not.toBeDefined();
|
||||
});
|
||||
it(`DELETE /tokens/:keyid`, async () => {
|
||||
const response = await agent.delete('/tokens/' + keyId).expect(204);
|
||||
expect(response.body).toStrictEqual({});
|
||||
});
|
||||
it(`GET /tokens 2`, async () => {
|
||||
const response = await agent
|
||||
.get('/tokens/')
|
||||
.expect('Content-Type', /json/)
|
||||
.expect(200);
|
||||
expect(response.body).toStrictEqual([]);
|
||||
});
|
||||
});
|
Loading…
Reference in a new issue