mirror of
https://github.com/hedgedoc/hedgedoc.git
synced 2024-12-29 18:33:30 +00:00
342efcd7b7
The primary address is never null. If no alias is set, the id is returned. To still easily get the primary alias, the complete Alias DTOs are now included in the metadata. Signed-off-by: David Mehren <git@herrmehren.de>
253 lines
8.6 KiB
TypeScript
253 lines
8.6 KiB
TypeScript
/*
|
|
* SPDX-FileCopyrightText: 2022 The HedgeDoc developers (see AUTHORS file)
|
|
*
|
|
* SPDX-License-Identifier: AGPL-3.0-only
|
|
*/
|
|
import request from 'supertest';
|
|
|
|
import { AliasUpdateDto } from '../../src/notes/alias-update.dto';
|
|
import { TestSetup, TestSetupBuilder } from '../test-setup';
|
|
|
|
describe('Alias', () => {
|
|
let testSetup: TestSetup;
|
|
|
|
let forbiddenNoteId: string;
|
|
let testAlias: string;
|
|
let publicId: string;
|
|
|
|
beforeEach(async () => {
|
|
testSetup = await TestSetupBuilder.create().withUsers().withNotes().build();
|
|
forbiddenNoteId =
|
|
testSetup.configService.get('noteConfig').forbiddenNoteIds[0];
|
|
|
|
await testSetup.app.init();
|
|
|
|
testAlias = (await testSetup.ownedNotes[0].aliases)[0].name;
|
|
publicId = testSetup.ownedNotes[0].publicId;
|
|
});
|
|
|
|
afterEach(async () => {
|
|
await testSetup.app.close();
|
|
await testSetup.cleanup();
|
|
});
|
|
|
|
describe('POST /alias', () => {
|
|
it('create with normal alias', async () => {
|
|
const metadata = await request(testSetup.app.getHttpServer())
|
|
.post(`/api/v2/alias`)
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
|
|
.set('Content-Type', 'application/json')
|
|
.send({
|
|
noteIdOrAlias: testAlias,
|
|
newAlias: 'normalAlias',
|
|
})
|
|
.expect(201);
|
|
|
|
expect(metadata.body.name).toEqual('normalAlias');
|
|
expect(metadata.body.primaryAlias).toBeFalsy();
|
|
expect(metadata.body.noteId).toEqual(publicId);
|
|
|
|
const note = await request(testSetup.app.getHttpServer())
|
|
.get(`/api/v2/notes/normalAlias`)
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
|
|
.expect(200);
|
|
|
|
expect(note.body.metadata.aliases).toContainEqual({
|
|
name: 'normalAlias',
|
|
primaryAlias: false,
|
|
noteId: publicId,
|
|
});
|
|
expect(note.body.metadata.primaryAddress).toEqual(testAlias);
|
|
expect(note.body.metadata.id).toEqual(publicId);
|
|
});
|
|
|
|
describe('does not create an alias', () => {
|
|
it('because because it is already used', async () => {
|
|
await request(testSetup.app.getHttpServer())
|
|
.post(`/api/v2/alias`)
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
|
|
.set('Content-Type', 'application/json')
|
|
.send({
|
|
noteIdOrAlias: testAlias,
|
|
newAlias: 'testAlias1',
|
|
})
|
|
.expect(409);
|
|
});
|
|
it('because of a forbidden alias', async () => {
|
|
await request(testSetup.app.getHttpServer())
|
|
.post(`/api/v2/alias`)
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
|
|
.set('Content-Type', 'application/json')
|
|
.send({
|
|
noteIdOrAlias: testAlias,
|
|
newAlias: forbiddenNoteId,
|
|
})
|
|
.expect(400);
|
|
});
|
|
it('because of a alias that is a public id', async () => {
|
|
await request(testSetup.app.getHttpServer())
|
|
.post(`/api/v2/alias`)
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
|
|
.set('Content-Type', 'application/json')
|
|
.send({
|
|
noteIdOrAlias: testAlias,
|
|
newAlias: publicId,
|
|
})
|
|
.expect(409);
|
|
});
|
|
it('because the user is not an owner', async () => {
|
|
await request(testSetup.app.getHttpServer())
|
|
.post(`/api/v2/alias`)
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[1].secret}`)
|
|
.set('Content-Type', 'application/json')
|
|
.send({
|
|
noteIdOrAlias: testAlias,
|
|
newAlias: '',
|
|
})
|
|
.expect(401);
|
|
});
|
|
});
|
|
});
|
|
|
|
describe('PUT /alias/{alias}', () => {
|
|
const changeAliasDto: AliasUpdateDto = {
|
|
primaryAlias: true,
|
|
};
|
|
|
|
it('updates a note with a normal alias', async () => {
|
|
const metadata = await request(testSetup.app.getHttpServer())
|
|
.put(`/api/v2/alias/${testAlias}`)
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
|
|
.set('Content-Type', 'application/json')
|
|
.send(changeAliasDto)
|
|
.expect(200);
|
|
|
|
expect(metadata.body.name).toEqual(testAlias);
|
|
expect(metadata.body.primaryAlias).toBeTruthy();
|
|
expect(metadata.body.noteId).toEqual(publicId);
|
|
|
|
const note = await request(testSetup.app.getHttpServer())
|
|
.get(`/api/v2/notes/${testAlias}`)
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
|
|
.expect(200);
|
|
|
|
expect(note.body.metadata.aliases).toContainEqual({
|
|
name: testAlias,
|
|
primaryAlias: true,
|
|
noteId: publicId,
|
|
});
|
|
expect(note.body.metadata.primaryAddress).toEqual(testAlias);
|
|
expect(note.body.metadata.id).toEqual(publicId);
|
|
});
|
|
|
|
describe('does not update', () => {
|
|
it('a note with unknown alias', async () => {
|
|
await request(testSetup.app.getHttpServer())
|
|
.put(`/api/v2/alias/i_dont_exist`)
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
|
|
.set('Content-Type', 'application/json')
|
|
.send(changeAliasDto)
|
|
.expect(404);
|
|
});
|
|
it('a note with a forbidden id', async () => {
|
|
await request(testSetup.app.getHttpServer())
|
|
.put(`/api/v2/alias/${forbiddenNoteId}`)
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
|
|
.set('Content-Type', 'application/json')
|
|
.send(changeAliasDto)
|
|
.expect(400);
|
|
});
|
|
it('if the user is not an owner', async () => {
|
|
await request(testSetup.app.getHttpServer())
|
|
.put(`/api/v2/alias/${testAlias}`)
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[1].secret}`)
|
|
.set('Content-Type', 'application/json')
|
|
.send(changeAliasDto)
|
|
.expect(401);
|
|
});
|
|
it('if the property primaryAlias is false', async () => {
|
|
changeAliasDto.primaryAlias = false;
|
|
|
|
await request(testSetup.app.getHttpServer())
|
|
.put(`/api/v2/alias/${testAlias}`)
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
|
|
.set('Content-Type', 'application/json')
|
|
.send(changeAliasDto)
|
|
.expect(400);
|
|
});
|
|
});
|
|
});
|
|
|
|
describe('DELETE /alias/{alias}', () => {
|
|
const secondAlias = 'secondAlias';
|
|
|
|
it('deletes a normal alias', async () => {
|
|
await request(testSetup.app.getHttpServer())
|
|
.delete(`/api/v2/alias/${testAlias}`)
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
|
|
.expect(204);
|
|
|
|
await request(testSetup.app.getHttpServer())
|
|
.get(`/api/v2/notes/${testAlias}`)
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
|
|
.expect(404);
|
|
});
|
|
|
|
it('does not delete an unknown alias', async () => {
|
|
await request(testSetup.app.getHttpServer())
|
|
.delete(`/api/v2/alias/i_dont_exist`)
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
|
|
.expect(404);
|
|
});
|
|
|
|
it('errors on forbidden notes', async () => {
|
|
await request(testSetup.app.getHttpServer())
|
|
.delete(`/api/v2/alias/${forbiddenNoteId}`)
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
|
|
.expect(400);
|
|
});
|
|
|
|
it('errors if the user is not the owner', async () => {
|
|
await request(testSetup.app.getHttpServer())
|
|
.delete(`/api/v2/alias/${testAlias}`)
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[1].secret}`)
|
|
.expect(401);
|
|
});
|
|
|
|
it('does not delete a primary alias (if it is not the only one)', async () => {
|
|
// add another alias
|
|
await testSetup.aliasService.addAlias(
|
|
testSetup.ownedNotes[0],
|
|
secondAlias,
|
|
);
|
|
|
|
// try to delete the primary alias
|
|
await request(testSetup.app.getHttpServer())
|
|
.delete(`/api/v2/alias/${testAlias}`)
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
|
|
.expect(400);
|
|
await request(testSetup.app.getHttpServer())
|
|
.get(`/api/v2/notes/${secondAlias}`)
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
|
|
.expect(200);
|
|
});
|
|
|
|
it('deletes a primary alias (if it is the only one)', async () => {
|
|
// add another alias
|
|
await testSetup.aliasService.addAlias(
|
|
testSetup.ownedNotes[0],
|
|
secondAlias,
|
|
);
|
|
|
|
await request(testSetup.app.getHttpServer())
|
|
.delete(`/api/v2/alias/${secondAlias}`)
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
|
|
.expect(204);
|
|
|
|
await request(testSetup.app.getHttpServer())
|
|
.delete(`/api/v2/alias/${testAlias}`)
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
|
|
.expect(204);
|
|
});
|
|
});
|
|
});
|