mirror of
https://github.com/hedgedoc/hedgedoc.git
synced 2024-11-22 09:46:30 -05:00
342efcd7b7
The primary address is never null. If no alias is set, the id is returned. To still easily get the primary alias, the complete Alias DTOs are now included in the metadata. Signed-off-by: David Mehren <git@herrmehren.de>
254 lines
7.9 KiB
TypeScript
254 lines
7.9 KiB
TypeScript
/*
|
|
* SPDX-FileCopyrightText: 2022 The HedgeDoc developers (see AUTHORS file)
|
|
*
|
|
* SPDX-License-Identifier: AGPL-3.0-only
|
|
*/
|
|
import request from 'supertest';
|
|
|
|
import { AliasCreateDto } from '../../src/notes/alias-create.dto';
|
|
import { AliasUpdateDto } from '../../src/notes/alias-update.dto';
|
|
import { User } from '../../src/users/user.entity';
|
|
import { TestSetup, TestSetupBuilder } from '../test-setup';
|
|
|
|
describe('Alias', () => {
|
|
let testSetup: TestSetup;
|
|
|
|
let users: User[];
|
|
const content = 'This is a test note.';
|
|
let forbiddenNoteId: string;
|
|
|
|
let agent1: request.SuperAgentTest;
|
|
let agent2: request.SuperAgentTest;
|
|
|
|
beforeAll(async () => {
|
|
testSetup = await TestSetupBuilder.create().withUsers().build();
|
|
await testSetup.app.init();
|
|
|
|
forbiddenNoteId =
|
|
testSetup.configService.get('noteConfig').forbiddenNoteIds[0];
|
|
users = testSetup.users;
|
|
|
|
agent1 = request.agent(testSetup.app.getHttpServer());
|
|
await agent1
|
|
.post('/api/private/auth/local/login')
|
|
.send({ username: 'testuser1', password: 'testuser1' })
|
|
.expect(201);
|
|
|
|
agent2 = request.agent(testSetup.app.getHttpServer());
|
|
await agent2
|
|
.post('/api/private/auth/local/login')
|
|
.send({ username: 'testuser2', password: 'testuser2' })
|
|
.expect(201);
|
|
});
|
|
|
|
afterAll(async () => {
|
|
await testSetup.cleanup();
|
|
});
|
|
|
|
describe('POST /alias', () => {
|
|
const testAlias = 'aliasTest';
|
|
const newAliasDto: AliasCreateDto = {
|
|
noteIdOrAlias: testAlias,
|
|
newAlias: '',
|
|
};
|
|
let publicId = '';
|
|
beforeAll(async () => {
|
|
const note = await testSetup.notesService.createNote(
|
|
content,
|
|
users[0],
|
|
testAlias,
|
|
);
|
|
publicId = note.publicId;
|
|
});
|
|
|
|
it('create with normal alias', async () => {
|
|
const newAlias = 'normalAlias';
|
|
newAliasDto.newAlias = newAlias;
|
|
const metadata = await agent1
|
|
.post(`/api/private/alias`)
|
|
.set('Content-Type', 'application/json')
|
|
.send(newAliasDto)
|
|
.expect(201);
|
|
expect(metadata.body.name).toEqual(newAlias);
|
|
expect(metadata.body.primaryAlias).toBeFalsy();
|
|
expect(metadata.body.noteId).toEqual(publicId);
|
|
const note = await agent1
|
|
.get(`/api/private/notes/${newAlias}`)
|
|
.expect(200);
|
|
expect(note.body.metadata.aliases).toContainEqual({
|
|
name: 'normalAlias',
|
|
primaryAlias: false,
|
|
noteId: publicId,
|
|
});
|
|
expect(note.body.metadata.primaryAddress).toEqual(testAlias);
|
|
expect(note.body.metadata.id).toEqual(publicId);
|
|
});
|
|
|
|
describe('does not create an alias', () => {
|
|
it('because of a forbidden alias', async () => {
|
|
newAliasDto.newAlias = forbiddenNoteId;
|
|
await agent1
|
|
.post(`/api/private/alias`)
|
|
.set('Content-Type', 'application/json')
|
|
.send(newAliasDto)
|
|
.expect(400)
|
|
.then((response) => {
|
|
expect(response.body.message).toContain(
|
|
'is forbidden by the administrator',
|
|
);
|
|
});
|
|
});
|
|
it('because of a alias that is a public id', async () => {
|
|
newAliasDto.newAlias = publicId;
|
|
await agent1
|
|
.post(`/api/private/alias`)
|
|
.set('Content-Type', 'application/json')
|
|
.send(newAliasDto)
|
|
.expect(409);
|
|
});
|
|
it('because the user is not an owner', async () => {
|
|
newAliasDto.newAlias = publicId;
|
|
await agent2
|
|
.post(`/api/private/alias`)
|
|
.set('Content-Type', 'application/json')
|
|
.send(newAliasDto)
|
|
.expect(401);
|
|
});
|
|
});
|
|
});
|
|
|
|
describe('PUT /alias/{alias}', () => {
|
|
const testAlias = 'aliasTest2';
|
|
const newAlias = 'normalAlias2';
|
|
const changeAliasDto: AliasUpdateDto = {
|
|
primaryAlias: true,
|
|
};
|
|
let publicId = '';
|
|
beforeAll(async () => {
|
|
const note = await testSetup.notesService.createNote(
|
|
content,
|
|
users[0],
|
|
testAlias,
|
|
);
|
|
publicId = note.publicId;
|
|
await testSetup.aliasService.addAlias(note, newAlias);
|
|
});
|
|
|
|
it('updates a note with a normal alias', async () => {
|
|
const metadata = await agent1
|
|
.put(`/api/private/alias/${newAlias}`)
|
|
.set('Content-Type', 'application/json')
|
|
.send(changeAliasDto)
|
|
.expect(200);
|
|
expect(metadata.body.name).toEqual(newAlias);
|
|
expect(metadata.body.primaryAlias).toBeTruthy();
|
|
expect(metadata.body.noteId).toEqual(publicId);
|
|
const note = await agent1
|
|
.get(`/api/private/notes/${newAlias}`)
|
|
.expect(200);
|
|
expect(note.body.metadata.aliases).toContainEqual({
|
|
name: newAlias,
|
|
primaryAlias: true,
|
|
noteId: publicId,
|
|
});
|
|
expect(note.body.metadata.primaryAddress).toEqual(newAlias);
|
|
expect(note.body.metadata.id).toEqual(publicId);
|
|
});
|
|
|
|
describe('does not update', () => {
|
|
it('a note with unknown alias', async () => {
|
|
await agent1
|
|
.put(`/api/private/alias/i_dont_exist`)
|
|
.set('Content-Type', 'application/json')
|
|
.send(changeAliasDto)
|
|
.expect(404);
|
|
});
|
|
it('a note with a forbidden ID', async () => {
|
|
await agent1
|
|
.put(`/api/private/alias/${forbiddenNoteId}`)
|
|
.set('Content-Type', 'application/json')
|
|
.send(changeAliasDto)
|
|
.expect(400)
|
|
.then((response) => {
|
|
expect(response.body.message).toContain(
|
|
'is forbidden by the administrator',
|
|
);
|
|
});
|
|
});
|
|
it('if the property primaryAlias is false', async () => {
|
|
changeAliasDto.primaryAlias = false;
|
|
await agent1
|
|
.put(`/api/private/alias/${newAlias}`)
|
|
.set('Content-Type', 'application/json')
|
|
.send(changeAliasDto)
|
|
.expect(400);
|
|
});
|
|
it('if the user is not an owner', async () => {
|
|
changeAliasDto.primaryAlias = true;
|
|
await agent2
|
|
.put(`/api/private/alias/${newAlias}`)
|
|
.set('Content-Type', 'application/json')
|
|
.send(changeAliasDto)
|
|
.expect(401);
|
|
});
|
|
});
|
|
});
|
|
|
|
describe('DELETE /alias/{alias}', () => {
|
|
const testAlias = 'aliasTest3';
|
|
const newAlias = 'normalAlias3';
|
|
let note;
|
|
|
|
beforeEach(async () => {
|
|
note = await testSetup.notesService.createNote(
|
|
content,
|
|
users[0],
|
|
testAlias,
|
|
);
|
|
await testSetup.aliasService.addAlias(note, newAlias);
|
|
});
|
|
|
|
afterEach(async () => {
|
|
try {
|
|
await testSetup.aliasService.removeAlias(note, newAlias);
|
|
// Ignore errors on removing alias
|
|
// eslint-disable-next-line no-empty
|
|
} catch (e) {}
|
|
await testSetup.notesService.deleteNote(note);
|
|
});
|
|
|
|
it('deletes a normal alias', async () => {
|
|
await agent1.delete(`/api/private/alias/${newAlias}`).expect(204);
|
|
await agent1.get(`/api/private/notes/${newAlias}`).expect(404);
|
|
});
|
|
|
|
it('does not delete an unknown alias', async () => {
|
|
await agent1.delete(`/api/private/alias/i_dont_exist`).expect(404);
|
|
});
|
|
|
|
it('does not delete an alias of a forbidden note', async () => {
|
|
await agent1
|
|
.delete(`/api/private/alias/${forbiddenNoteId}`)
|
|
.expect(400)
|
|
.then((response) => {
|
|
expect(response.body.message).toContain(
|
|
'is forbidden by the administrator',
|
|
);
|
|
});
|
|
});
|
|
|
|
it('fails if the user does not own the note', async () => {
|
|
await agent2.delete(`/api/private/alias/${newAlias}`).expect(401);
|
|
});
|
|
|
|
it('does not delete an primary alias (if it is not the only one)', async () => {
|
|
await agent1.delete(`/api/private/alias/${testAlias}`).expect(400);
|
|
await agent1.get(`/api/private/notes/${newAlias}`).expect(200);
|
|
});
|
|
|
|
it('deletes a primary alias (if it is the only one)', async () => {
|
|
await agent1.delete(`/api/private/alias/${newAlias}`).expect(204);
|
|
await agent1.delete(`/api/private/alias/${testAlias}`).expect(204);
|
|
});
|
|
});
|
|
});
|