Commit graph

117 commits

Author SHA1 Message Date
David Mehren
b4a65b47f0
fix(auth): use sha-512 for auth tokens
Bcrypt hashes are too slow to be validated on every request.
As our tokens are random and have a fixed length, it is reasonable
to use SHA-512 instead.

SHA-512 is recommended as cryptographically strong by the BSI:
https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/TechGuidelines/TG02102/BSI-TR-02102-1.pdf?__blob=publicationFile

Fixes https://github.com/hedgedoc/hedgedoc/issues/1881

Signed-off-by: David Mehren <git@herrmehren.de>
2021-12-09 23:04:00 +01:00
Philip Molares
0cb3b65998
test: fix note e2e test 'fails with non-existing alias'
Because the rejection now happens automatically in the permissions guard it does not get to the controller method and does not report the Content-Type to text/markdown

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-11-21 18:04:47 +01:00
Philip Molares
988909eb0b
test: fix note e2e test 'fails, when user can't read note'
Because the rejection now happens automatically in the permissions guard it now returns a 403 instead of 401

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-11-21 18:03:29 +01:00
Philip Molares
e9fab8c568
test: fix test name in alias.e2e-spec.ts
This seems to be a copy/paste bug

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-11-21 18:06:41 +01:00
David Mehren
b9d3c95d2d
fix(note): fix type for owner param
To make the create method easier to use in conjunction
with the authentication framework, this commit changes the type of
the `owner` parameter from `User | undefined` to `User | null`.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-11-14 21:44:59 +01:00
Philip Molares
ed5367d456
test(private-api): fix aliases expect
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-11-08 21:40:36 +01:00
David Mehren
0fc2b1309a
Add E2E tests for login and registration
Signed-off-by: David Mehren <git@herrmehren.de>
2021-10-21 19:51:42 +02:00
David Mehren
c02f845ecb
AuthController: Return 409 Conflict when user already exists
The previously used HTTP error 400 'Bad Request' is not really
applicable here, as the client did not send a malformed message.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-10-27 19:39:18 +02:00
David Mehren
b73ac2f99b
TestSetup: Initialize full app and session middleware
Signed-off-by: David Mehren <git@herrmehren.de>
2021-10-21 19:51:23 +02:00
David Mehren
9e2b9caca9
Update API routes in private API E2E tests
Signed-off-by: David Mehren <git@herrmehren.de>
2021-10-15 17:06:56 +02:00
David Mehren
4805c9c5c5
Update API routes in public API E2E tests
Signed-off-by: David Mehren <git@herrmehren.de>
2021-10-15 16:53:10 +02:00
David Mehren
1cc797f13d
Separate private and public API in TestSetup
Including both PublicApiModule and PrivateApiModule in the test setup
lead to the API routes overwriting each other.
This adds a router to separate the APIs as they are in the normal app.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-10-15 16:44:43 +02:00
David Mehren
474ca5deaf
Migrate private history API E2E test to global TestSetup
Signed-off-by: David Mehren <git@herrmehren.de>
2021-10-14 22:44:30 +02:00
David Mehren
6ee9589b2c
Migrate private me API E2E test to global TestSetup
Signed-off-by: David Mehren <git@herrmehren.de>
2021-10-14 22:01:18 +02:00
David Mehren
60bbe42447
Migrate private media API E2E test to global TestSetup
Signed-off-by: David Mehren <git@herrmehren.de>
2021-10-14 21:57:10 +02:00
David Mehren
86a910a9e8
Migrate private notes API E2E test to global TestSetup
Signed-off-by: David Mehren <git@herrmehren.de>
2021-10-14 21:45:13 +02:00
David Mehren
df97845e19
Migrate public alias API E2E test to global TestSetup
Signed-off-by: David Mehren <git@herrmehren.de>
2021-10-14 21:25:17 +02:00
David Mehren
ee946877e1
Migrate public me API E2E test to global TestSetup
Signed-off-by: David Mehren <git@herrmehren.de>
2021-10-14 21:17:42 +02:00
David Mehren
1bc3fbb449
Migrate public media API E2E test to global TestSetup
Signed-off-by: David Mehren <git@herrmehren.de>
2021-10-14 21:01:29 +02:00
David Mehren
21f4ffe2df
Migrate public notes API E2E test to global TestSetup
Signed-off-by: David Mehren <git@herrmehren.de>
2021-10-14 20:52:57 +02:00
David Mehren
386098ed2b
Move common test preparations into TestSetup class
Signed-off-by: David Mehren <git@herrmehren.de>
2021-10-14 20:17:28 +02:00
David Mehren
441e7402a8
Move tsconfig.test.json to test directory
WebStorm does not support typescript.*.json files,
but always uses the nearest tsconfig.json.
Moving the test-specific tsconfig into the test folder allows WebStorm
to use the correct config for the E2E-tests and
stops it from showing unnecessary errors.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-10-14 19:55:55 +02:00
Alexandru Văleanu
32929c1e77
Add delete media in private API (#1736)
Adds the missing API route of deleting media in the private API.
2021-10-18 19:00:28 +01:00
Yannick Bungers
40103cb397
fix username spelling from userName
Signed-off-by: Yannick Bungers <git@innay.de>
2021-10-13 22:28:10 +02:00
Yannick Bungers
4c6bb4246b
Add e2e tests for tokens
Signed-off-by: Yannick Bungers <git@innay.de>
2021-10-08 13:06:44 +02:00
Yannick Bungers
11ae7d133c
Fix tests with using sessions in e2e tests of private api
Signed-off-by: Yannick Bungers <git@innay.de>
2021-10-13 20:43:56 +02:00
Philip Molares
56eaddff8c
test: fix e2e tests to handle the new aliases
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-06-06 17:55:41 +02:00
Philip Molares
5bc1513bd8
feat: add auth e2e tests
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-09-02 23:41:32 +02:00
Abhilasha Sinha
f63a2b79b7
Add new API to purge note history #1064
Signed-off-by: Abhilasha Sinha <abhisinha662000@gmail.com>

Combine the describe block

Signed-off-by: Abhilasha Sinha <abhisinha662000@gmail.com>

Fix naming

Signed-off-by: Abhilasha Sinha <abhisinha662000@gmail.com>

Rename purgeRevision to purgeRevisions

Signed-off-by: Abhilasha Sinha <abhisinha662000@gmail.com>

Fix notes e2e test description

Signed-off-by: Abhilasha Sinha <abhisinha662000@gmail.com>

Add yarn.lock

Fix lint and format

Signed-off-by: Abhilasha Sinha <abhisinha662000@gmail.com>
2021-08-30 05:37:35 +05:30
Philip Molares
216baa42a1
refactor: move TokenAuthGuard in the same file as TokenStrategy
This should help to make clear why code is executed when the TokenAuthGuard is encountered by a request. Currently, one has to connect both files via the string 'token', which is a bit cryptic

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-09-04 18:03:41 +02:00
David Mehren
fe26f1689c
MediaService: Refactor saveFile
The function now expects a `Note` object instead of a noteId
and a `User` instead of a username to
make it more consistent with other functions.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-29 22:28:21 +02:00
David Mehren
d2b60a316f
HistoryService: Refactor deleteHistoryEntry
The function now expects a `Note` object instead of a noteId to
make it more consistent with other functions.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-29 21:42:46 +02:00
David Mehren
3396d3e47d
UserService: Improve method naming
This renames `createOrUpdateHistoryEntry` to `updateHistoryEntryTimestamp`,
which reduces confusion with the similarly named
`updateHistoryEntry` function.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-29 21:19:53 +02:00
David Mehren
e65c19ddd8
Public API: Test that forbidden notes can't be accessed
Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-29 17:36:03 +02:00
David Mehren
5ed2fae44e
Enforce import order with prettier
Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-29 18:45:46 +02:00
David Mehren
a8d6b33139
[E2E tests] Don't use hardcoded service tokens
The DI tokens for services seem to have changed with NestJS 8.
As we can also use the class object instead of a hardcoded token,
this commit replaces the tokens accordingly.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-07-15 20:30:51 +02:00
Philip Molares
0f58757858
chore(test): Change test to work with publicId
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-05-16 22:46:02 +02:00
David Mehren
eaf1852fe5
Format with Prettier 2.3
Signed-off-by: David Mehren <git@herrmehren.de>
2021-05-15 21:13:44 +02:00
David Mehren
2e5d40432e
E2E Tests: Fix ESLint errors
Signed-off-by: David Mehren <git@herrmehren.de>
2021-04-29 22:06:45 +02:00
Philip Molares
8186c96806
PrivateHistoryE2E: Extend POST /me/history
Test the correct behaviour in error cases

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-12 10:55:16 +02:00
David Mehren
6ee2ddead5
Use node12 TypeScript base config
TypeScript recommends using a base config from https://github.com/tsconfig/bases.

Using this config reduces compile times by ~30%
and the size of the dist folder by ~45%.
It also enables the recommended `esModuleInterop` option,
which necessitated some changes to imports.
See also https://www.typescriptlang.org/docs/handbook/release-notes/typescript-2-7.html#support-for-import-d-from-cjs-from-commonjs-modules-with---esmoduleinterop

Signed-off-by: David Mehren <git@herrmehren.de>
2021-04-29 22:47:18 +02:00
Philip Molares
64e016f181
NotesE2ETest: Changed test for title and description
They should not return null and that's correctly tested now.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-24 21:33:47 +02:00
Philip Molares
4640735d18
PublicApi: Add option to keep media to DELETE /notes/{note}
This adds a body to the route DELETE /notes/{note} of the public api to specify if the associated media uploads of the note should be kept or deleted.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-01 01:23:12 +02:00
Philip Molares
bd4231c1c5
PrivateApi: Add option to keep media to DELETE /notes/{note}
This adds a body to the route DELETE /notes/{note} of the private api to specify if the associated media uploads of the note should be kept or deleted.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-01 01:22:34 +02:00
David Mehren
79065b8d3f
Media E2E tests: Add error handling for upload cleanup
Previously, `fs.rmdir` was called multiple times on the same path,
even when the path was already deleted.
This causes test failures in Node 16.

This commit extracts the cleanup code into a utility function
and ensures that no error is thrown when the given path is already deleted.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-04-22 21:29:23 +02:00
Philip Molares
1ed22ba4bf
PrivateE2EMe: Add E2E test for private api /me routes
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-03-20 19:01:04 +01:00
Philip Molares
5c138e4115
PublicNotesE2E: Add extra test for note deletion
This test checks if permission are correctly set and no error is thrown if the note is deleted.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-03-17 10:30:37 +01:00
Philip Molares
697ca823d5
Logging: Remove NestConsoleLoggerService
This is not necessary anymore, because we can inject ConsoleLoggerService directly.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-02 19:08:30 +02:00
Philip Molares
c1d706b350
PrivateAPI: Add lastVisited to HistoryEntryImportDto
As the DTO is only for importing an existing history the lastVisited of those entries should also be posted.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-11 12:37:47 +02:00
Philip Molares
eeaa74b385
PrivateAPI: Add pinStatus to HistoryEntryImportDto
As the DTO is only for importing an existing history the pinStatus of those entries should also be posted.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-10 23:31:18 +02:00