mirror of
https://github.com/hedgedoc/hedgedoc.git
synced 2025-01-04 12:41:32 +00:00
6269c7f7bc
In the e2e tests the global filter must be added via the special provider 'APP_FILTER' and not with useGlobalFilters, because if not the filter breaks, because of the way supertest handles the http-connection. See: https://github.com/nestjs/nest/issues/1160#issuecomment-468698640 Signed-off-by: Philip Molares <philip.molares@udo.edu>
244 lines
8.4 KiB
TypeScript
244 lines
8.4 KiB
TypeScript
/*
|
|
* SPDX-FileCopyrightText: 2022 The HedgeDoc developers (see AUTHORS file)
|
|
*
|
|
* SPDX-License-Identifier: AGPL-3.0-only
|
|
*/
|
|
import request from 'supertest';
|
|
|
|
import { AliasUpdateDto } from '../../src/notes/alias-update.dto';
|
|
import { TestSetup, TestSetupBuilder } from '../test-setup';
|
|
|
|
describe('Alias', () => {
|
|
let testSetup: TestSetup;
|
|
|
|
let forbiddenNoteId: string;
|
|
let testAlias: string;
|
|
let publicId: string;
|
|
|
|
beforeEach(async () => {
|
|
testSetup = await TestSetupBuilder.create().withUsers().withNotes().build();
|
|
forbiddenNoteId =
|
|
testSetup.configService.get('noteConfig').forbiddenNoteIds[0];
|
|
|
|
await testSetup.app.init();
|
|
|
|
testAlias = (await testSetup.ownedNotes[0].aliases)[0].name;
|
|
publicId = testSetup.ownedNotes[0].publicId;
|
|
});
|
|
|
|
afterEach(async () => {
|
|
await testSetup.app.close();
|
|
});
|
|
|
|
describe('POST /alias', () => {
|
|
it('create with normal alias', async () => {
|
|
const metadata = await request(testSetup.app.getHttpServer())
|
|
.post(`/api/v2/alias`)
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
|
|
.set('Content-Type', 'application/json')
|
|
.send({
|
|
noteIdOrAlias: testAlias,
|
|
newAlias: 'normalAlias',
|
|
})
|
|
.expect(201);
|
|
|
|
expect(metadata.body.name).toEqual('normalAlias');
|
|
expect(metadata.body.primaryAlias).toBeFalsy();
|
|
expect(metadata.body.noteId).toEqual(publicId);
|
|
|
|
const note = await request(testSetup.app.getHttpServer())
|
|
.get(`/api/v2/notes/normalAlias`)
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
|
|
.expect(200);
|
|
|
|
expect(note.body.metadata.aliases).toContain('normalAlias');
|
|
expect(note.body.metadata.primaryAlias).toBeTruthy();
|
|
expect(note.body.metadata.id).toEqual(publicId);
|
|
});
|
|
|
|
describe('does not create an alias', () => {
|
|
it('because because it is already used', async () => {
|
|
await request(testSetup.app.getHttpServer())
|
|
.post(`/api/v2/alias`)
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
|
|
.set('Content-Type', 'application/json')
|
|
.send({
|
|
noteIdOrAlias: testAlias,
|
|
newAlias: 'testAlias1',
|
|
})
|
|
.expect(409);
|
|
});
|
|
it('because of a forbidden alias', async () => {
|
|
await request(testSetup.app.getHttpServer())
|
|
.post(`/api/v2/alias`)
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
|
|
.set('Content-Type', 'application/json')
|
|
.send({
|
|
noteIdOrAlias: testAlias,
|
|
newAlias: forbiddenNoteId,
|
|
})
|
|
.expect(400);
|
|
});
|
|
it('because of a alias that is a public id', async () => {
|
|
await request(testSetup.app.getHttpServer())
|
|
.post(`/api/v2/alias`)
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
|
|
.set('Content-Type', 'application/json')
|
|
.send({
|
|
noteIdOrAlias: testAlias,
|
|
newAlias: publicId,
|
|
})
|
|
.expect(409);
|
|
});
|
|
it('because the user is not an owner', async () => {
|
|
await request(testSetup.app.getHttpServer())
|
|
.post(`/api/v2/alias`)
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[1].secret}`)
|
|
.set('Content-Type', 'application/json')
|
|
.send({
|
|
noteIdOrAlias: testAlias,
|
|
newAlias: '',
|
|
})
|
|
.expect(401);
|
|
});
|
|
});
|
|
});
|
|
|
|
describe('PUT /alias/{alias}', () => {
|
|
const changeAliasDto: AliasUpdateDto = {
|
|
primaryAlias: true,
|
|
};
|
|
|
|
it('updates a note with a normal alias', async () => {
|
|
const metadata = await request(testSetup.app.getHttpServer())
|
|
.put(`/api/v2/alias/${testAlias}`)
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
|
|
.set('Content-Type', 'application/json')
|
|
.send(changeAliasDto)
|
|
.expect(200);
|
|
|
|
expect(metadata.body.name).toEqual(testAlias);
|
|
expect(metadata.body.primaryAlias).toBeTruthy();
|
|
expect(metadata.body.noteId).toEqual(publicId);
|
|
|
|
const note = await request(testSetup.app.getHttpServer())
|
|
.get(`/api/v2/notes/${testAlias}`)
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
|
|
.expect(200);
|
|
|
|
expect(note.body.metadata.aliases).toContain(testAlias);
|
|
expect(note.body.metadata.primaryAlias).toBeTruthy();
|
|
expect(note.body.metadata.id).toEqual(publicId);
|
|
});
|
|
|
|
describe('does not update', () => {
|
|
it('a note with unknown alias', async () => {
|
|
await request(testSetup.app.getHttpServer())
|
|
.put(`/api/v2/alias/i_dont_exist`)
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
|
|
.set('Content-Type', 'application/json')
|
|
.send(changeAliasDto)
|
|
.expect(404);
|
|
});
|
|
it('a note with a forbidden id', async () => {
|
|
await request(testSetup.app.getHttpServer())
|
|
.put(`/api/v2/alias/${forbiddenNoteId}`)
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
|
|
.set('Content-Type', 'application/json')
|
|
.send(changeAliasDto)
|
|
.expect(400);
|
|
});
|
|
it('if the user is not an owner', async () => {
|
|
await request(testSetup.app.getHttpServer())
|
|
.put(`/api/v2/alias/${testAlias}`)
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[1].secret}`)
|
|
.set('Content-Type', 'application/json')
|
|
.send(changeAliasDto)
|
|
.expect(401);
|
|
});
|
|
it('if the property primaryAlias is false', async () => {
|
|
changeAliasDto.primaryAlias = false;
|
|
|
|
await request(testSetup.app.getHttpServer())
|
|
.put(`/api/v2/alias/${testAlias}`)
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
|
|
.set('Content-Type', 'application/json')
|
|
.send(changeAliasDto)
|
|
.expect(400);
|
|
});
|
|
});
|
|
});
|
|
|
|
describe('DELETE /alias/{alias}', () => {
|
|
const secondAlias = 'secondAlias';
|
|
|
|
it('deletes a normal alias', async () => {
|
|
await request(testSetup.app.getHttpServer())
|
|
.delete(`/api/v2/alias/${testAlias}`)
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
|
|
.expect(204);
|
|
|
|
await request(testSetup.app.getHttpServer())
|
|
.get(`/api/v2/notes/${testAlias}`)
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
|
|
.expect(404);
|
|
});
|
|
|
|
it('does not delete an unknown alias', async () => {
|
|
await request(testSetup.app.getHttpServer())
|
|
.delete(`/api/v2/alias/i_dont_exist`)
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
|
|
.expect(404);
|
|
});
|
|
|
|
it('errors on forbidden notes', async () => {
|
|
await request(testSetup.app.getHttpServer())
|
|
.delete(`/api/v2/alias/${forbiddenNoteId}`)
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
|
|
.expect(400);
|
|
});
|
|
|
|
it('errors if the user is not the owner', async () => {
|
|
await request(testSetup.app.getHttpServer())
|
|
.delete(`/api/v2/alias/${testAlias}`)
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[1].secret}`)
|
|
.expect(401);
|
|
});
|
|
|
|
it('does not delete a primary alias (if it is not the only one)', async () => {
|
|
// add another alias
|
|
await testSetup.aliasService.addAlias(
|
|
testSetup.ownedNotes[0],
|
|
secondAlias,
|
|
);
|
|
|
|
// try to delete the primary alias
|
|
await request(testSetup.app.getHttpServer())
|
|
.delete(`/api/v2/alias/${testAlias}`)
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
|
|
.expect(400);
|
|
await request(testSetup.app.getHttpServer())
|
|
.get(`/api/v2/notes/${secondAlias}`)
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
|
|
.expect(200);
|
|
});
|
|
|
|
it('deletes a primary alias (if it is the only one)', async () => {
|
|
// add another alias
|
|
await testSetup.aliasService.addAlias(
|
|
testSetup.ownedNotes[0],
|
|
secondAlias,
|
|
);
|
|
|
|
await request(testSetup.app.getHttpServer())
|
|
.delete(`/api/v2/alias/${secondAlias}`)
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
|
|
.expect(204);
|
|
|
|
await request(testSetup.app.getHttpServer())
|
|
.delete(`/api/v2/alias/${testAlias}`)
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
|
|
.expect(204);
|
|
});
|
|
});
|
|
});
|