Commit graph

141 commits

Author SHA1 Message Date
Philip Molares
cae55e0baa test: fix e2e test error codes
As these were changed with the openapi decorator the test need to reflect this.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2022-02-20 20:56:09 +01:00
David Mehren
81d47b57d6 test: app should not crash on requests to /
Regression test for 396ad181d0

Signed-off-by: David Mehren <git@herrmehren.de>
2022-02-14 11:28:02 +01:00
Philip Molares
6269c7f7bc test: fix expected error codes in multiple test
In the e2e tests the global filter must be added via the special provider 'APP_FILTER' and not with useGlobalFilters, because if not the filter breaks, because of the way supertest handles the http-connection.

See: https://github.com/nestjs/nest/issues/1160#issuecomment-468698640

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2022-02-07 00:08:41 +01:00
Yannick Bungers
42ad99e20b Replace fs.rmdir recursive by fs.rm recursive
fs.rmdir(path, { recursive: true}) is deprecated and
is replaced by fs.rm(path, { recursive: true}).

Signed-off-by: Yannick Bungers <git@innay.de>
2022-01-31 08:55:42 +01:00
Philip Molares
f4a580cf2a refactor(config): extract note config from app config
This commit separates the app config object from a new note config object. This was done to separate different concerns in different config files. Especially if the number of settings that are about notes increase, it is a good idea to keep them separate from the app config.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2022-01-30 22:19:50 +01:00
David Mehren
ac1cdc63e0 style(e2e-tests): remove unused imports
Signed-off-by: David Mehren <git@herrmehren.de>
2022-01-27 21:05:17 +01:00
David Mehren
4499ad4d96 test(e2e/public/alias): code cleanup
Signed-off-by: David Mehren <git@herrmehren.de>
2022-01-27 21:05:17 +01:00
David Mehren
54eefa9f6b feat(test-setup): create notes in withUsers
Signed-off-by: David Mehren <git@herrmehren.de>
2022-01-27 21:05:17 +01:00
David Mehren
d1dbd1bb22 feat(test-setup): restructure to synchronous builder
The previous pattern used async methods for the builder pattern,
which were hideous to use when chained multiple times.

This extracts the builder into a separate class
and uses normal functions in the builder.
These queue async functions in arrays, which are executed
at the correct time, when the new async `build` function is called.

Signed-off-by: David Mehren <git@herrmehren.de>
2022-01-27 21:05:17 +01:00
David Mehren
8f1aeab934 test(e2e/public/alias): test all error scenarios
Signed-off-by: David Mehren <git@herrmehren.de>
2022-01-27 21:05:17 +01:00
David Mehren
64b136fb8b test(e2e/public/alias): use real authentication
Signed-off-by: David Mehren <git@herrmehren.de>
2022-01-27 21:05:17 +01:00
David Mehren
28bd07597a test: create auth tokens in testSetup
Signed-off-by: David Mehren <git@herrmehren.de>
2022-01-27 21:05:17 +01:00
David Mehren
ff500f1be0 test: allow disabling mocked authentication
This adds a (default true) parameter `withMockAuth` to the
TestSetup class.
If it is false, the TokenAuthGuard is not overridden with a mock
implementation, allowing to test with the real authentication.

Signed-off-by: David Mehren <git@herrmehren.de>
2022-01-27 21:05:17 +01:00
David Mehren
ae52f70ef9 test(e2e/private/alias): test all error scenarios
Signed-off-by: David Mehren <git@herrmehren.de>
2022-01-27 21:05:17 +01:00
David Mehren
b2802d4c29 test(e2e/private/alias): use testSetup with users
Signed-off-by: David Mehren <git@herrmehren.de>
2022-01-27 21:05:17 +01:00
David Mehren
2096e23e35 test: allow creating testSetup with users
Signed-off-by: David Mehren <git@herrmehren.de>
2022-01-27 21:05:17 +01:00
David Mehren
898abc08f3 style: remove unused variables
Signed-off-by: David Mehren <git@herrmehren.de>
2022-01-23 23:01:45 +01:00
David Mehren
08f97209ec
refactor(note-metadata): do not embed User objects
This is part of an effort to consistently not embed User objects
in API responses. Usernames are returned instead.

Signed-off-by: David Mehren <git@herrmehren.de>
2022-01-16 22:54:53 +01:00
David Mehren
b955faa983
refactor(note-permissions-dto): do not embed User objects
This is part of an effort to consistently not embed User objects
in API responses. Usernames are returned instead.

Signed-off-by: David Mehren <git@herrmehren.de>
2022-01-16 22:19:53 +01:00
David Mehren
6cd3feb82c
refactor(history-entry): rename lastVisited
This is part of an effort to name all date attributes
consistently.

Signed-off-by: David Mehren <git@herrmehren.de>
2022-01-16 22:04:34 +01:00
David Mehren
f1feb3bf94
refactor(note-metadata): rename date attributes
This is part of an effort to name all date attributes
consistently.

Signed-off-by: David Mehren <git@herrmehren.de>
2022-01-16 21:59:54 +01:00
David Mehren
b0e2987987
refactor(auth-token): rename lastUsed to lastUsedAt
This is part of an effort to name all date attributes
consistently.

Signed-off-by: David Mehren <git@herrmehren.de>
2022-01-16 21:52:15 +01:00
Erik Michelson
277e2fb1ca
feat(auth): password change requires old password
By checking the "old" password of the user prior to a password change, the
password change function is more secured against abuse.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2021-12-28 01:46:40 +01:00
David Mehren
235e4f647c
refactor(note): lazy-load relations
Signed-off-by: David Mehren <git@herrmehren.de>
2021-11-30 16:46:07 +01:00
David Mehren
b4a65b47f0
fix(auth): use sha-512 for auth tokens
Bcrypt hashes are too slow to be validated on every request.
As our tokens are random and have a fixed length, it is reasonable
to use SHA-512 instead.

SHA-512 is recommended as cryptographically strong by the BSI:
https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/TechGuidelines/TG02102/BSI-TR-02102-1.pdf?__blob=publicationFile

Fixes https://github.com/hedgedoc/hedgedoc/issues/1881

Signed-off-by: David Mehren <git@herrmehren.de>
2021-12-09 23:04:00 +01:00
Philip Molares
0cb3b65998
test: fix note e2e test 'fails with non-existing alias'
Because the rejection now happens automatically in the permissions guard it does not get to the controller method and does not report the Content-Type to text/markdown

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-11-21 18:04:47 +01:00
Philip Molares
988909eb0b
test: fix note e2e test 'fails, when user can't read note'
Because the rejection now happens automatically in the permissions guard it now returns a 403 instead of 401

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-11-21 18:03:29 +01:00
Philip Molares
e9fab8c568
test: fix test name in alias.e2e-spec.ts
This seems to be a copy/paste bug

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-11-21 18:06:41 +01:00
David Mehren
b9d3c95d2d
fix(note): fix type for owner param
To make the create method easier to use in conjunction
with the authentication framework, this commit changes the type of
the `owner` parameter from `User | undefined` to `User | null`.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-11-14 21:44:59 +01:00
Philip Molares
ed5367d456
test(private-api): fix aliases expect
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-11-08 21:40:36 +01:00
David Mehren
0fc2b1309a
Add E2E tests for login and registration
Signed-off-by: David Mehren <git@herrmehren.de>
2021-10-21 19:51:42 +02:00
David Mehren
c02f845ecb
AuthController: Return 409 Conflict when user already exists
The previously used HTTP error 400 'Bad Request' is not really
applicable here, as the client did not send a malformed message.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-10-27 19:39:18 +02:00
David Mehren
b73ac2f99b
TestSetup: Initialize full app and session middleware
Signed-off-by: David Mehren <git@herrmehren.de>
2021-10-21 19:51:23 +02:00
David Mehren
9e2b9caca9
Update API routes in private API E2E tests
Signed-off-by: David Mehren <git@herrmehren.de>
2021-10-15 17:06:56 +02:00
David Mehren
4805c9c5c5
Update API routes in public API E2E tests
Signed-off-by: David Mehren <git@herrmehren.de>
2021-10-15 16:53:10 +02:00
David Mehren
1cc797f13d
Separate private and public API in TestSetup
Including both PublicApiModule and PrivateApiModule in the test setup
lead to the API routes overwriting each other.
This adds a router to separate the APIs as they are in the normal app.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-10-15 16:44:43 +02:00
David Mehren
474ca5deaf
Migrate private history API E2E test to global TestSetup
Signed-off-by: David Mehren <git@herrmehren.de>
2021-10-14 22:44:30 +02:00
David Mehren
6ee9589b2c
Migrate private me API E2E test to global TestSetup
Signed-off-by: David Mehren <git@herrmehren.de>
2021-10-14 22:01:18 +02:00
David Mehren
60bbe42447
Migrate private media API E2E test to global TestSetup
Signed-off-by: David Mehren <git@herrmehren.de>
2021-10-14 21:57:10 +02:00
David Mehren
86a910a9e8
Migrate private notes API E2E test to global TestSetup
Signed-off-by: David Mehren <git@herrmehren.de>
2021-10-14 21:45:13 +02:00
David Mehren
df97845e19
Migrate public alias API E2E test to global TestSetup
Signed-off-by: David Mehren <git@herrmehren.de>
2021-10-14 21:25:17 +02:00
David Mehren
ee946877e1
Migrate public me API E2E test to global TestSetup
Signed-off-by: David Mehren <git@herrmehren.de>
2021-10-14 21:17:42 +02:00
David Mehren
1bc3fbb449
Migrate public media API E2E test to global TestSetup
Signed-off-by: David Mehren <git@herrmehren.de>
2021-10-14 21:01:29 +02:00
David Mehren
21f4ffe2df
Migrate public notes API E2E test to global TestSetup
Signed-off-by: David Mehren <git@herrmehren.de>
2021-10-14 20:52:57 +02:00
David Mehren
386098ed2b
Move common test preparations into TestSetup class
Signed-off-by: David Mehren <git@herrmehren.de>
2021-10-14 20:17:28 +02:00
David Mehren
441e7402a8
Move tsconfig.test.json to test directory
WebStorm does not support typescript.*.json files,
but always uses the nearest tsconfig.json.
Moving the test-specific tsconfig into the test folder allows WebStorm
to use the correct config for the E2E-tests and
stops it from showing unnecessary errors.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-10-14 19:55:55 +02:00
Alexandru Văleanu
32929c1e77
Add delete media in private API (#1736)
Adds the missing API route of deleting media in the private API.
2021-10-18 19:00:28 +01:00
Yannick Bungers
40103cb397
fix username spelling from userName
Signed-off-by: Yannick Bungers <git@innay.de>
2021-10-13 22:28:10 +02:00
Yannick Bungers
4c6bb4246b
Add e2e tests for tokens
Signed-off-by: Yannick Bungers <git@innay.de>
2021-10-08 13:06:44 +02:00
Yannick Bungers
11ae7d133c
Fix tests with using sessions in e2e tests of private api
Signed-off-by: Yannick Bungers <git@innay.de>
2021-10-13 20:43:56 +02:00