Commit graph

130 commits

Author SHA1 Message Date
David Mehren
28bd07597a test: create auth tokens in testSetup
Signed-off-by: David Mehren <git@herrmehren.de>
2022-01-27 21:05:17 +01:00
David Mehren
ff500f1be0 test: allow disabling mocked authentication
This adds a (default true) parameter `withMockAuth` to the
TestSetup class.
If it is false, the TokenAuthGuard is not overridden with a mock
implementation, allowing to test with the real authentication.

Signed-off-by: David Mehren <git@herrmehren.de>
2022-01-27 21:05:17 +01:00
David Mehren
ae52f70ef9 test(e2e/private/alias): test all error scenarios
Signed-off-by: David Mehren <git@herrmehren.de>
2022-01-27 21:05:17 +01:00
David Mehren
b2802d4c29 test(e2e/private/alias): use testSetup with users
Signed-off-by: David Mehren <git@herrmehren.de>
2022-01-27 21:05:17 +01:00
David Mehren
2096e23e35 test: allow creating testSetup with users
Signed-off-by: David Mehren <git@herrmehren.de>
2022-01-27 21:05:17 +01:00
David Mehren
898abc08f3 style: remove unused variables
Signed-off-by: David Mehren <git@herrmehren.de>
2022-01-23 23:01:45 +01:00
David Mehren
08f97209ec
refactor(note-metadata): do not embed User objects
This is part of an effort to consistently not embed User objects
in API responses. Usernames are returned instead.

Signed-off-by: David Mehren <git@herrmehren.de>
2022-01-16 22:54:53 +01:00
David Mehren
b955faa983
refactor(note-permissions-dto): do not embed User objects
This is part of an effort to consistently not embed User objects
in API responses. Usernames are returned instead.

Signed-off-by: David Mehren <git@herrmehren.de>
2022-01-16 22:19:53 +01:00
David Mehren
6cd3feb82c
refactor(history-entry): rename lastVisited
This is part of an effort to name all date attributes
consistently.

Signed-off-by: David Mehren <git@herrmehren.de>
2022-01-16 22:04:34 +01:00
David Mehren
f1feb3bf94
refactor(note-metadata): rename date attributes
This is part of an effort to name all date attributes
consistently.

Signed-off-by: David Mehren <git@herrmehren.de>
2022-01-16 21:59:54 +01:00
David Mehren
b0e2987987
refactor(auth-token): rename lastUsed to lastUsedAt
This is part of an effort to name all date attributes
consistently.

Signed-off-by: David Mehren <git@herrmehren.de>
2022-01-16 21:52:15 +01:00
Erik Michelson
277e2fb1ca
feat(auth): password change requires old password
By checking the "old" password of the user prior to a password change, the
password change function is more secured against abuse.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2021-12-28 01:46:40 +01:00
David Mehren
235e4f647c
refactor(note): lazy-load relations
Signed-off-by: David Mehren <git@herrmehren.de>
2021-11-30 16:46:07 +01:00
David Mehren
b4a65b47f0
fix(auth): use sha-512 for auth tokens
Bcrypt hashes are too slow to be validated on every request.
As our tokens are random and have a fixed length, it is reasonable
to use SHA-512 instead.

SHA-512 is recommended as cryptographically strong by the BSI:
https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/TechGuidelines/TG02102/BSI-TR-02102-1.pdf?__blob=publicationFile

Fixes https://github.com/hedgedoc/hedgedoc/issues/1881

Signed-off-by: David Mehren <git@herrmehren.de>
2021-12-09 23:04:00 +01:00
Philip Molares
0cb3b65998
test: fix note e2e test 'fails with non-existing alias'
Because the rejection now happens automatically in the permissions guard it does not get to the controller method and does not report the Content-Type to text/markdown

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-11-21 18:04:47 +01:00
Philip Molares
988909eb0b
test: fix note e2e test 'fails, when user can't read note'
Because the rejection now happens automatically in the permissions guard it now returns a 403 instead of 401

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-11-21 18:03:29 +01:00
Philip Molares
e9fab8c568
test: fix test name in alias.e2e-spec.ts
This seems to be a copy/paste bug

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-11-21 18:06:41 +01:00
David Mehren
b9d3c95d2d
fix(note): fix type for owner param
To make the create method easier to use in conjunction
with the authentication framework, this commit changes the type of
the `owner` parameter from `User | undefined` to `User | null`.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-11-14 21:44:59 +01:00
Philip Molares
ed5367d456
test(private-api): fix aliases expect
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-11-08 21:40:36 +01:00
David Mehren
0fc2b1309a
Add E2E tests for login and registration
Signed-off-by: David Mehren <git@herrmehren.de>
2021-10-21 19:51:42 +02:00
David Mehren
c02f845ecb
AuthController: Return 409 Conflict when user already exists
The previously used HTTP error 400 'Bad Request' is not really
applicable here, as the client did not send a malformed message.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-10-27 19:39:18 +02:00
David Mehren
b73ac2f99b
TestSetup: Initialize full app and session middleware
Signed-off-by: David Mehren <git@herrmehren.de>
2021-10-21 19:51:23 +02:00
David Mehren
9e2b9caca9
Update API routes in private API E2E tests
Signed-off-by: David Mehren <git@herrmehren.de>
2021-10-15 17:06:56 +02:00
David Mehren
4805c9c5c5
Update API routes in public API E2E tests
Signed-off-by: David Mehren <git@herrmehren.de>
2021-10-15 16:53:10 +02:00
David Mehren
1cc797f13d
Separate private and public API in TestSetup
Including both PublicApiModule and PrivateApiModule in the test setup
lead to the API routes overwriting each other.
This adds a router to separate the APIs as they are in the normal app.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-10-15 16:44:43 +02:00
David Mehren
474ca5deaf
Migrate private history API E2E test to global TestSetup
Signed-off-by: David Mehren <git@herrmehren.de>
2021-10-14 22:44:30 +02:00
David Mehren
6ee9589b2c
Migrate private me API E2E test to global TestSetup
Signed-off-by: David Mehren <git@herrmehren.de>
2021-10-14 22:01:18 +02:00
David Mehren
60bbe42447
Migrate private media API E2E test to global TestSetup
Signed-off-by: David Mehren <git@herrmehren.de>
2021-10-14 21:57:10 +02:00
David Mehren
86a910a9e8
Migrate private notes API E2E test to global TestSetup
Signed-off-by: David Mehren <git@herrmehren.de>
2021-10-14 21:45:13 +02:00
David Mehren
df97845e19
Migrate public alias API E2E test to global TestSetup
Signed-off-by: David Mehren <git@herrmehren.de>
2021-10-14 21:25:17 +02:00
David Mehren
ee946877e1
Migrate public me API E2E test to global TestSetup
Signed-off-by: David Mehren <git@herrmehren.de>
2021-10-14 21:17:42 +02:00
David Mehren
1bc3fbb449
Migrate public media API E2E test to global TestSetup
Signed-off-by: David Mehren <git@herrmehren.de>
2021-10-14 21:01:29 +02:00
David Mehren
21f4ffe2df
Migrate public notes API E2E test to global TestSetup
Signed-off-by: David Mehren <git@herrmehren.de>
2021-10-14 20:52:57 +02:00
David Mehren
386098ed2b
Move common test preparations into TestSetup class
Signed-off-by: David Mehren <git@herrmehren.de>
2021-10-14 20:17:28 +02:00
David Mehren
441e7402a8
Move tsconfig.test.json to test directory
WebStorm does not support typescript.*.json files,
but always uses the nearest tsconfig.json.
Moving the test-specific tsconfig into the test folder allows WebStorm
to use the correct config for the E2E-tests and
stops it from showing unnecessary errors.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-10-14 19:55:55 +02:00
Alexandru Văleanu
32929c1e77
Add delete media in private API (#1736)
Adds the missing API route of deleting media in the private API.
2021-10-18 19:00:28 +01:00
Yannick Bungers
40103cb397
fix username spelling from userName
Signed-off-by: Yannick Bungers <git@innay.de>
2021-10-13 22:28:10 +02:00
Yannick Bungers
4c6bb4246b
Add e2e tests for tokens
Signed-off-by: Yannick Bungers <git@innay.de>
2021-10-08 13:06:44 +02:00
Yannick Bungers
11ae7d133c
Fix tests with using sessions in e2e tests of private api
Signed-off-by: Yannick Bungers <git@innay.de>
2021-10-13 20:43:56 +02:00
Philip Molares
56eaddff8c
test: fix e2e tests to handle the new aliases
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-06-06 17:55:41 +02:00
Philip Molares
5bc1513bd8
feat: add auth e2e tests
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-09-02 23:41:32 +02:00
Abhilasha Sinha
f63a2b79b7
Add new API to purge note history #1064
Signed-off-by: Abhilasha Sinha <abhisinha662000@gmail.com>

Combine the describe block

Signed-off-by: Abhilasha Sinha <abhisinha662000@gmail.com>

Fix naming

Signed-off-by: Abhilasha Sinha <abhisinha662000@gmail.com>

Rename purgeRevision to purgeRevisions

Signed-off-by: Abhilasha Sinha <abhisinha662000@gmail.com>

Fix notes e2e test description

Signed-off-by: Abhilasha Sinha <abhisinha662000@gmail.com>

Add yarn.lock

Fix lint and format

Signed-off-by: Abhilasha Sinha <abhisinha662000@gmail.com>
2021-08-30 05:37:35 +05:30
Philip Molares
216baa42a1
refactor: move TokenAuthGuard in the same file as TokenStrategy
This should help to make clear why code is executed when the TokenAuthGuard is encountered by a request. Currently, one has to connect both files via the string 'token', which is a bit cryptic

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-09-04 18:03:41 +02:00
David Mehren
fe26f1689c
MediaService: Refactor saveFile
The function now expects a `Note` object instead of a noteId
and a `User` instead of a username to
make it more consistent with other functions.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-29 22:28:21 +02:00
David Mehren
d2b60a316f
HistoryService: Refactor deleteHistoryEntry
The function now expects a `Note` object instead of a noteId to
make it more consistent with other functions.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-29 21:42:46 +02:00
David Mehren
3396d3e47d
UserService: Improve method naming
This renames `createOrUpdateHistoryEntry` to `updateHistoryEntryTimestamp`,
which reduces confusion with the similarly named
`updateHistoryEntry` function.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-29 21:19:53 +02:00
David Mehren
e65c19ddd8
Public API: Test that forbidden notes can't be accessed
Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-29 17:36:03 +02:00
David Mehren
5ed2fae44e
Enforce import order with prettier
Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-29 18:45:46 +02:00
David Mehren
a8d6b33139
[E2E tests] Don't use hardcoded service tokens
The DI tokens for services seem to have changed with NestJS 8.
As we can also use the class object instead of a hardcoded token,
this commit replaces the tokens accordingly.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-07-15 20:30:51 +02:00
Philip Molares
0f58757858
chore(test): Change test to work with publicId
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-05-16 22:46:02 +02:00