Commit graph

49 commits

Author SHA1 Message Date
David Mehren
3e074d1879
fix(auth): use sha-512 for auth tokens
Bcrypt hashes are too slow to be validated on every request.
As our tokens are random and have a fixed length, it is reasonable
to use SHA-512 instead.

SHA-512 is recommended as cryptographically strong by the BSI:
https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/TechGuidelines/TG02102/BSI-TR-02102-1.pdf?__blob=publicationFile

Fixes https://github.com/hedgedoc/hedgedoc/issues/1881

Signed-off-by: David Mehren <git@herrmehren.de>
2021-12-13 22:44:38 +01:00
Philip Molares
40e8acb6bb test: fix note e2e test 'fails, when user can't read note'
Because the rejection now happens automatically in the permissions guard it now returns a 403 instead of 401

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-12-02 20:41:14 +01:00
David Mehren
9c08ff94fe
fix(note): fix type for owner param
To make the create method easier to use in conjunction
with the authentication framework, this commit changes the type of
the `owner` parameter from `User | undefined` to `User | null`.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-11-14 21:46:04 +01:00
Philip Molares
d5c77613bb test(private-api): fix aliases expect
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-11-11 22:07:20 +01:00
David Mehren
ef2e90da20
Add E2E tests for login and registration
Signed-off-by: David Mehren <git@herrmehren.de>
2021-10-28 10:19:48 +02:00
David Mehren
5a16047f50
AuthController: Return 409 Conflict when user already exists
The previously used HTTP error 400 'Bad Request' is not really
applicable here, as the client did not send a malformed message.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-10-28 10:18:05 +02:00
David Mehren
691152579b
Update API routes in private API E2E tests
Signed-off-by: David Mehren <git@herrmehren.de>
2021-10-21 20:17:03 +02:00
David Mehren
4428f3fb39
Separate private and public API in TestSetup
Including both PublicApiModule and PrivateApiModule in the test setup
lead to the API routes overwriting each other.
This adds a router to separate the APIs as they are in the normal app.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-10-21 20:17:03 +02:00
David Mehren
0bb333ca69
Migrate private history API E2E test to global TestSetup
Signed-off-by: David Mehren <git@herrmehren.de>
2021-10-21 20:17:03 +02:00
David Mehren
209a9b93a6
Migrate private me API E2E test to global TestSetup
Signed-off-by: David Mehren <git@herrmehren.de>
2021-10-21 20:17:03 +02:00
David Mehren
ddaeb4fc66
Migrate private media API E2E test to global TestSetup
Signed-off-by: David Mehren <git@herrmehren.de>
2021-10-21 20:17:02 +02:00
David Mehren
9489fbaa79
Migrate private notes API E2E test to global TestSetup
Signed-off-by: David Mehren <git@herrmehren.de>
2021-10-21 19:52:41 +02:00
Alexandru Văleanu
b3d3015ce7
Add delete media in private API (#1736)
Adds the missing API route of deleting media in the private API.
2021-10-18 20:00:28 +02:00
Yannick Bungers
d33cfa4541 fix username spelling from userName
Signed-off-by: Yannick Bungers <git@innay.de>
2021-10-13 22:54:00 +02:00
Yannick Bungers
276d423ee2 Fix tests with using sessions in e2e tests of private api
Signed-off-by: Yannick Bungers <git@innay.de>
2021-10-13 20:54:27 +02:00
Philip Molares
9f38b9036c test: fix e2e tests to handle the new aliases
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-09-22 20:43:45 +02:00
Philip Molares
67baa51b93 feat: add auth e2e tests
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-09-17 00:00:00 +02:00
Abhilasha Sinha
9d6aa10923 Add new API to purge note history #1064
Signed-off-by: Abhilasha Sinha <abhisinha662000@gmail.com>

Combine the describe block

Signed-off-by: Abhilasha Sinha <abhisinha662000@gmail.com>

Fix naming

Signed-off-by: Abhilasha Sinha <abhisinha662000@gmail.com>

Rename purgeRevision to purgeRevisions

Signed-off-by: Abhilasha Sinha <abhisinha662000@gmail.com>

Fix notes e2e test description

Signed-off-by: Abhilasha Sinha <abhisinha662000@gmail.com>

Add yarn.lock

Fix lint and format

Signed-off-by: Abhilasha Sinha <abhisinha662000@gmail.com>
2021-09-07 21:23:26 +05:30
David Mehren
5c7a787d7e
MediaService: Refactor saveFile
The function now expects a `Note` object instead of a noteId
and a `User` instead of a username to
make it more consistent with other functions.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-09-04 22:40:15 +02:00
David Mehren
b552fc10b6
HistoryService: Refactor deleteHistoryEntry
The function now expects a `Note` object instead of a noteId to
make it more consistent with other functions.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-09-04 22:40:15 +02:00
David Mehren
99db4bc336
UserService: Improve method naming
This renames `createOrUpdateHistoryEntry` to `updateHistoryEntryTimestamp`,
which reduces confusion with the similarly named
`updateHistoryEntry` function.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-09-04 22:40:15 +02:00
David Mehren
bcc9ec9c75
Enforce import order with prettier
Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-29 18:45:46 +02:00
David Mehren
392653607d
[E2E tests] Don't use hardcoded service tokens
The DI tokens for services seem to have changed with NestJS 8.
As we can also use the class object instead of a hardcoded token,
this commit replaces the tokens accordingly.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-07-15 20:30:51 +02:00
Philip Molares
fb79f44b1f chore(test): Change test to work with publicId
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-05-17 20:27:44 +02:00
David Mehren
b518583fd2
E2E Tests: Fix ESLint errors
Signed-off-by: David Mehren <git@herrmehren.de>
2021-05-09 20:59:31 +02:00
David Mehren
7adbc72a5f
Merge pull request #1130 from hedgedoc/history/transaction 2021-05-02 18:15:05 +02:00
Philip Molares
2ba1be6ea3 PrivateHistoryE2E: Extend POST /me/history
Test the correct behaviour in error cases

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-05-02 18:09:16 +02:00
David Mehren
5e61de9bd5
Use node12 TypeScript base config
TypeScript recommends using a base config from https://github.com/tsconfig/bases.

Using this config reduces compile times by ~30%
and the size of the dist folder by ~45%.
It also enables the recommended `esModuleInterop` option,
which necessitated some changes to imports.
See also https://www.typescriptlang.org/docs/handbook/release-notes/typescript-2-7.html#support-for-import-d-from-cjs-from-commonjs-modules-with---esmoduleinterop

Signed-off-by: David Mehren <git@herrmehren.de>
2021-04-29 22:55:01 +02:00
Philip Molares
6ac267a226 PrivateApi: Add option to keep media to DELETE /notes/{note}
This adds a body to the route DELETE /notes/{note} of the private api to specify if the associated media uploads of the note should be kept or deleted.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-22 23:13:13 +02:00
David Mehren
a60b959a64
Media E2E tests: Add error handling for upload cleanup
Previously, `fs.rmdir` was called multiple times on the same path,
even when the path was already deleted.
This causes test failures in Node 16.

This commit extracts the cleanup code into a utility function
and ensures that no error is thrown when the given path is already deleted.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-04-22 21:29:23 +02:00
Philip Molares
c3047509aa PrivateE2EMe: Add E2E test for private api /me routes
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-19 23:04:15 +02:00
David Mehren
6699e4b0c8
Merge pull request #1131 from hedgedoc/improve/logging 2021-04-18 22:28:11 +02:00
David Mehren
0e5ce048a3
Merge pull request #1127 from hedgedoc/history/entryRename 2021-04-17 19:23:19 +02:00
Philip Molares
434bc55bab Tests: Removed all eslint-disable lines
As we now disable what we don't need in the eslint config, we don't need this anymore.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-16 10:14:05 +02:00
Philip Molares
0269b5e87a Logging: Remove NestConsoleLoggerService
This is not necessary anymore, because we can inject ConsoleLoggerService directly.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-13 23:58:17 +02:00
Philip Molares
adffd68e68 PrivateAPI: Add lastVisited to HistoryEntryImportDto
As the DTO is only for importing an existing history the lastVisited of those entries should also be posted.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-11 12:37:47 +02:00
Philip Molares
4f858c51d2 PrivateAPI: Add pinStatus to HistoryEntryImportDto
As the DTO is only for importing an existing history the pinStatus of those entries should also be posted.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-11 12:37:38 +02:00
Philip Molares
085241999b PrivateAPI: Rename HistoryEntryCreationDto to HistoryEntryImportDto
As the DTO is used to import a whole list of history entries rather than creating a single history entry (there is no way of doing that at the moment)

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-10 23:26:58 +02:00
Philip Molares
70e7318180 NotesE2EPrivate: Fix copy&paste error
Since large parts of this test were copied from the public api e2e test, somethings still used the public api e2e test files.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-01 00:18:24 +02:00
Philip Molares
dbbc73be02 MediaE2E: Fix typo in comments
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-01 00:18:24 +02:00
Philip Molares
a2e7616484 E2ETests: Use recursive for 'uploads/' deletion.
This ensures the folder is always deleted, even if there are still files (from previous broken tests) in it.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-01 00:18:24 +02:00
Philip Molares
5a3ddc28fc MediaE2E: Extract 'uploads' deletion
The deletion of upload was moved to beforeEach and afterEach block in the 'POST /media' > 'fails' tests.
The test if the folder was not created, because there was no file uploaded, now correctly expects the behaviour.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-01 00:18:21 +02:00
Philip Molares
d586b84d8b MediaE2E: Add app.close() to afterAll
This terminates the app after all test have finished.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-03-31 22:36:14 +02:00
Philip Molares
d44af9dd5e PrivateE2EMedia: Add E2E test for private api /media routes
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-03-25 22:26:43 +01:00
Philip Molares
406c8d620a PrivateE2E: Add test fixtures for private api
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-03-25 22:26:43 +01:00
Philip Molares
8f2cc55e5b PrivateE2ENotes: Add E2E test for private api /notes routes
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-03-25 21:29:51 +01:00
Philip Molares
de82b72b62 Config: Create new config mocks for tests
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-03-21 20:08:09 +01:00
Philip Molares
381718f0eb Config: Move config mocks in own folder
To clean up the config folder, all mocks are now in it's own folder.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-03-21 19:59:05 +01:00
Philip Molares
25126eb03f PrivateE2E: Add history test
Test the /me/history route in the private API.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-03-18 21:56:39 +01:00