github/overleaf
1
0
Fork 0
mirror of https://github.com/overleaf/overleaf.git synced 2024-09-16 02:52:31 -04:00
Code Issues Projects Releases Packages Wiki Activity
overleaf/services/web/test/unit/coffee/TokenAccess/TokenAccessControllerTests.coffee

799 lines
30 KiB
CoffeeScript
Raw Normal View History

Unit test TokenAccessController
2017-10-03 09:04:59 -04:00
should = require('chai').should()
SandboxedModule = require('sandboxed-module')
assert = require('assert')
path = require('path')
sinon = require('sinon')
modulePath = path.join __dirname, "../../../../app/js/Features/TokenAccess/TokenAccessController"
expect = require("chai").expect
ObjectId = require("mongojs").ObjectId
MockRequest = require('../helpers/MockRequest')
MockResponse = require('../helpers/MockResponse')
Errors = require "../../../../app/js/Features/Errors/Errors.js"
describe "TokenAccessController", ->
beforeEach ->
@readOnlyToken = 'somereadonlytoken'
@readAndWriteToken = '42somereadandwritetoken'
@projectId = ObjectId()
If user is project owner, don't add them as a token user
2017-10-16 11:44:20 -04:00
@ownerId = 'owner'
Unit test TokenAccessController
2017-10-03 09:04:59 -04:00
@project =
_id: @projectId
publicAccesLevel: 'tokenBased'
tokens:
readOnly: @readOnlyToken
readAndWrite: @readAndWriteToken
If user is project owner, don't add them as a token user
2017-10-16 11:44:20 -04:00
owner_ref: @ownerId
Unit test TokenAccessController
2017-10-03 09:04:59 -04:00
@userId = ObjectId()
@TokenAccessController = SandboxedModule.require modulePath, requires:
'../Project/ProjectController': @ProjectController = {}
'../Authentication/AuthenticationController': @AuthenticationController = {}
'./TokenAccessHandler': @TokenAccessHandler = {}
'logger-sharelatex': {log: sinon.stub(), err: sinon.stub()}
Redirect directly from controller instead of via handler
2018-09-12 13:31:08 -04:00
'settings-sharelatex': {
overleaf:
host: 'http://overleaf.test:5000'
}
check access for doc on read only token
2018-09-24 18:03:28 -04:00
'../V1/V1Api': @V1Api = {
request: sinon.stub().callsArgWith(1, null, {}, { allow: true })
}
Unit test TokenAccessController
2017-10-03 09:04:59 -04:00
@AuthenticationController.getLoggedInUserId = sinon.stub().returns(@userId.toString())
describe 'readAndWriteToken', ->
beforeEach ->
describe 'when all goes well', ->
beforeEach ->
@req = new MockRequest()
@res = new MockResponse()
@next = sinon.stub()
@req.params['read_and_write_token'] = @readAndWriteToken
@TokenAccessHandler.findProjectWithReadAndWriteToken = sinon.stub()
If no project found for read/write token, redirect to v1
2018-09-24 13:16:30 -04:00
.callsArgWith(1, null, @project, true)
Unit test TokenAccessController
2017-10-03 09:04:59 -04:00
@TokenAccessHandler.addReadAndWriteUserToProject = sinon.stub()
.callsArgWith(2, null)
@ProjectController.loadEditor = sinon.stub()
Set redirect when bouncing away from token route This ensures that when the user logs in they will be redirected back to this token, the page they wanted to access in the first place.
2017-11-15 08:30:40 -05:00
@AuthenticationController._setRedirectInSession = sinon.stub()
Unit test TokenAccessController
2017-10-03 09:04:59 -04:00
@TokenAccessController.readAndWriteToken @req, @res, @next
it 'should try to find a project with this token', (done) ->
expect(@TokenAccessHandler.findProjectWithReadAndWriteToken.callCount)
.to.equal 1
expect(@TokenAccessHandler.findProjectWithReadAndWriteToken.calledWith(@readAndWriteToken))
.to.equal true
done()
it 'should add the user to the project with read-write access', (done) ->
expect(@TokenAccessHandler.addReadAndWriteUserToProject.callCount)
.to.equal 1
expect(@TokenAccessHandler.addReadAndWriteUserToProject.calledWith(
@userId.toString(), @projectId
))
.to.equal true
done()
it 'should pass control to loadEditor', (done) ->
expect(@req.params.Project_id).to.equal @projectId.toString()
expect(@ProjectController.loadEditor.callCount).to.equal 1
expect(@ProjectController.loadEditor.calledWith(@req, @res, @next)).to.equal true
done()
If user is project owner, don't add them as a token user
2017-10-16 11:44:20 -04:00
describe 'when the user is already the owner', ->
beforeEach ->
@req = new MockRequest()
@res = new MockResponse()
@next = sinon.stub()
@req.params['read_and_write_token'] = @readAndWriteToken
@project.owner_ref = @userId
@TokenAccessHandler.findProjectWithReadAndWriteToken = sinon.stub()
If no project found for read/write token, redirect to v1
2018-09-24 13:16:30 -04:00
.callsArgWith(1, null, @project, true)
If user is project owner, don't add them as a token user
2017-10-16 11:44:20 -04:00
@TokenAccessHandler.addReadAndWriteUserToProject = sinon.stub()
.callsArgWith(2, null)
@ProjectController.loadEditor = sinon.stub()
@TokenAccessController.readAndWriteToken @req, @res, @next
it 'should try to find a project with this token', (done) ->
expect(@TokenAccessHandler.findProjectWithReadAndWriteToken.callCount)
.to.equal 1
expect(@TokenAccessHandler.findProjectWithReadAndWriteToken.calledWith(@readAndWriteToken))
.to.equal true
done()
it 'should not add the user to the project with read-write access', (done) ->
expect(@TokenAccessHandler.addReadAndWriteUserToProject.callCount)
.to.equal 0
done()
it 'should pass control to loadEditor', (done) ->
expect(@req.params.Project_id).to.equal @projectId.toString()
expect(@ProjectController.loadEditor.callCount).to.equal 1
expect(@ProjectController.loadEditor.calledWith(@req, @res, @next)).to.equal true
done()
Unit test TokenAccessController
2017-10-03 09:04:59 -04:00
Test the case of anonymous read-write token access being turned on
2017-11-01 12:22:23 -04:00
describe 'when there is no user', ->
Unit test TokenAccessController
2017-10-03 09:04:59 -04:00
beforeEach ->
Test the case of anonymous read-write token access being turned on
2017-11-01 12:22:23 -04:00
@AuthenticationController.getLoggedInUserId =
sinon.stub().returns(null)
Unit test TokenAccessController
2017-10-03 09:04:59 -04:00
Test the case of anonymous read-write token access being turned on
2017-11-01 12:22:23 -04:00
describe 'when anonymous read-write access is enabled', ->
If a token-based project not found, check private overleaf project
2017-10-16 08:20:15 -04:00
beforeEach ->
Test the case of anonymous read-write token access being turned on
2017-11-01 12:22:23 -04:00
@TokenAccessHandler.ANONYMOUS_READ_AND_WRITE_ENABLED = true
If a token-based project not found, check private overleaf project
2017-10-16 08:20:15 -04:00
@req = new MockRequest()
@res = new MockResponse()
@next = sinon.stub()
@req.params['read_and_write_token'] = @readAndWriteToken
@TokenAccessHandler.findProjectWithReadAndWriteToken = sinon.stub()
If no project found for read/write token, redirect to v1
2018-09-24 13:16:30 -04:00
.callsArgWith(1, null, @project, true)
If a token-based project not found, check private overleaf project
2017-10-16 08:20:15 -04:00
@TokenAccessHandler.addReadAndWriteUserToProject = sinon.stub()
.callsArgWith(2, null)
@ProjectController.loadEditor = sinon.stub()
Test the case of anonymous read-write token access being turned on
2017-11-01 12:22:23 -04:00
@TokenAccessHandler.grantSessionTokenAccess = sinon.stub()
If a token-based project not found, check private overleaf project
2017-10-16 08:20:15 -04:00
@TokenAccessController.readAndWriteToken @req, @res, @next
it 'should not add the user to the project with read-write access', (done) ->
expect(@TokenAccessHandler.addReadAndWriteUserToProject.callCount)
.to.equal 0
done()
Test the case of anonymous read-write token access being turned on
2017-11-01 12:22:23 -04:00
it 'should give the user session token access', (done) ->
expect(@TokenAccessHandler.grantSessionTokenAccess.callCount)
.to.equal 1
expect(@TokenAccessHandler.grantSessionTokenAccess.calledWith(
@req, @projectId, @readAndWriteToken
))
.to.equal true
If a token-based project not found, check private overleaf project
2017-10-16 08:20:15 -04:00
done()
Test the case of anonymous read-write token access being turned on
2017-11-01 12:22:23 -04:00
it 'should pass control to loadEditor', (done) ->
expect(@req.params.Project_id).to.equal @projectId.toString()
expect(@ProjectController.loadEditor.callCount).to.equal 1
expect(@ProjectController.loadEditor.calledWith(@req, @res, @next)).to.equal true
If a token-based project not found, check private overleaf project
2017-10-16 08:20:15 -04:00
done()
Test the case of anonymous read-write token access being turned on
2017-11-01 12:22:23 -04:00
describe 'when anonymous read-write access is not enabled', ->
If a token-based project not found, check private overleaf project
2017-10-16 08:20:15 -04:00
beforeEach ->
Test the case of anonymous read-write token access being turned on
2017-11-01 12:22:23 -04:00
@TokenAccessHandler.ANONYMOUS_READ_AND_WRITE_ENABLED = false
If a token-based project not found, check private overleaf project
2017-10-16 08:20:15 -04:00
@req = new MockRequest()
@res = new MockResponse()
When anon is denied access to read-write token, redirect to restricted
2017-11-06 11:46:42 -05:00
@res.redirect = sinon.stub()
If a token-based project not found, check private overleaf project
2017-10-16 08:20:15 -04:00
@next = sinon.stub()
@req.params['read_and_write_token'] = @readAndWriteToken
@TokenAccessHandler.findProjectWithReadAndWriteToken = sinon.stub()
If no project found for read/write token, redirect to v1
2018-09-24 13:16:30 -04:00
.callsArgWith(1, null, @project, true)
If a token-based project not found, check private overleaf project
2017-10-16 08:20:15 -04:00
@TokenAccessHandler.addReadAndWriteUserToProject = sinon.stub()
.callsArgWith(2, null)
@ProjectController.loadEditor = sinon.stub()
Test the case of anonymous read-write token access being turned on
2017-11-01 12:22:23 -04:00
@TokenAccessHandler.grantSessionTokenAccess = sinon.stub()
Set redirect when bouncing away from token route This ensures that when the user logs in they will be redirected back to this token, the page they wanted to access in the first place.
2017-11-15 08:30:40 -05:00
@AuthenticationController._setRedirectInSession = sinon.stub()
If a token-based project not found, check private overleaf project
2017-10-16 08:20:15 -04:00
@TokenAccessController.readAndWriteToken @req, @res, @next
it 'should not add the user to the project with read-write access', (done) ->
expect(@TokenAccessHandler.addReadAndWriteUserToProject.callCount)
.to.equal 0
done()
Test the case of anonymous read-write token access being turned on
2017-11-01 12:22:23 -04:00
it 'should give the user session token access', (done) ->
expect(@TokenAccessHandler.grantSessionTokenAccess.callCount)
.to.equal 0
done()
If a token-based project not found, check private overleaf project
2017-10-16 08:20:15 -04:00
it 'should not pass control to loadEditor', (done) ->
expect(@ProjectController.loadEditor.callCount).to.equal 0
expect(@ProjectController.loadEditor.calledWith(@req, @res, @next)).to.equal false
done()
Set redirect when bouncing away from token route This ensures that when the user logs in they will be redirected back to this token, the page they wanted to access in the first place.
2017-11-15 08:30:40 -05:00
it 'should set redirect in session', (done) ->
expect(@AuthenticationController._setRedirectInSession.callCount).to.equal 1
expect(@AuthenticationController._setRedirectInSession.calledWith(@req)).to.equal true
done()
When anon is denied access to read-write token, redirect to restricted
2017-11-06 11:46:42 -05:00
it 'should redirect to restricted page', (done) ->
expect(@res.redirect.callCount).to.equal 1
expect(@res.redirect.calledWith('/restricted')).to.equal true
If a token-based project not found, check private overleaf project
2017-10-16 08:20:15 -04:00
done()
Unit test TokenAccessController
2017-10-03 09:04:59 -04:00
Test the case of anonymous read-write token access being turned on
2017-11-01 12:22:23 -04:00
describe 'when findProject produces an error', ->
beforeEach ->
@req = new MockRequest()
@res = new MockResponse()
@next = sinon.stub()
@req.params['read_and_write_token'] = @readAndWriteToken
@TokenAccessHandler.findProjectWithReadAndWriteToken = sinon.stub()
.callsArgWith(1, new Error('woops'))
@TokenAccessHandler.addReadAndWriteUserToProject = sinon.stub()
.callsArgWith(2, null)
@ProjectController.loadEditor = sinon.stub()
@TokenAccessController.readAndWriteToken @req, @res, @next
it 'should try to find a project with this token', (done) ->
expect(@TokenAccessHandler.findProjectWithReadAndWriteToken.callCount)
.to.equal 1
expect(@TokenAccessHandler.findProjectWithReadAndWriteToken.calledWith(@readAndWriteToken))
.to.equal true
done()
it 'should not add the user to the project with read-write access', (done) ->
expect(@TokenAccessHandler.addReadAndWriteUserToProject.callCount)
.to.equal 0
done()
it 'should not pass control to loadEditor', (done) ->
expect(@ProjectController.loadEditor.callCount).to.equal 0
expect(@ProjectController.loadEditor.calledWith(@req, @res, @next)).to.equal false
done()
it 'should call next with an error', (done) ->
expect(@next.callCount).to.equal 1
expect(@next.lastCall.args[0]).to.be.instanceof Error
done()
describe 'when findProject does not find a project', ->
beforeEach ->
describe 'when user is present', ->
beforeEach ->
@AuthenticationController.getLoggedInUserId =
sinon.stub().returns(@userId.toString())
Add tests for ProjectNotTokenAccessError
2018-09-12 07:48:13 -04:00
describe 'when project does not exist', ->
beforeEach ->
@req = new MockRequest()
Redirect directly from controller instead of via handler
2018-09-12 13:31:08 -04:00
@req.url = '/123abc'
Add tests for ProjectNotTokenAccessError
2018-09-12 07:48:13 -04:00
@res = new MockResponse()
@res.redirect = sinon.stub()
@next = sinon.stub()
@req.params['read_and_write_token'] = '123abc'
@TokenAccessHandler.findProjectWithReadAndWriteToken = sinon.stub()
If no project found for read/write token, redirect to v1
2018-09-24 13:16:30 -04:00
.callsArgWith(1, null, null, false)
Add tests for ProjectNotTokenAccessError
2018-09-12 07:48:13 -04:00
Check if v1 project was exported if not found This prevents a redirect loop for projects which were exported but then deleted on v2. v2 would not find the project, redirect to v1, which would find that it was exported and redirect back to v2.
2018-09-27 12:38:35 -04:00
describe 'when project was not exported from v1', ->
beforeEach ->
@TokenAccessHandler.checkV1ProjectExported = sinon.stub()
.callsArgWith(1, null, false)
@TokenAccessController.readAndWriteToken @req, @res, @next
it 'should redirect to v1', (done) ->
expect(@res.redirect.callCount).to.equal 1
expect(@res.redirect.calledWith(
302,
'/sign_in_to_v1?return_to=/123abc'
)).to.equal true
done()
describe 'when project was exported from v1', ->
beforeEach ->
@TokenAccessHandler.checkV1ProjectExported = sinon.stub()
.callsArgWith(1, null, false)
@TokenAccessController.readAndWriteToken @req, @res, @next
it 'should call next with a not-found error', (done) ->
expect(@next.callCount).to.equal 0
done()
Add tests for ProjectNotTokenAccessError
2018-09-12 07:48:13 -04:00
Test the case of anonymous read-write token access being turned on
2017-11-01 12:22:23 -04:00
describe 'when token access is off, but user has higher access anyway', ->
beforeEach ->
@req = new MockRequest()
@res = new MockResponse()
@res.redirect = sinon.stub()
@next = sinon.stub()
@req.params['read_and_write_token'] = @readAndWriteToken
@TokenAccessHandler.findProjectWithReadAndWriteToken = sinon.stub()
If no project found for read/write token, redirect to v1
2018-09-24 13:16:30 -04:00
.callsArgWith(1, null, null, true)
Test the case of anonymous read-write token access being turned on
2017-11-01 12:22:23 -04:00
@TokenAccessHandler.findProjectWithHigherAccess =
sinon.stub()
Remove projectExists flag from higher access check Now that find project by read and read/write token methods check whether the project exists, it is not neccessary to check whether the project exists in the higher access check. Therefore it has been removed
2018-09-24 13:31:07 -04:00
.callsArgWith(2, null, @project)
Test the case of anonymous read-write token access being turned on
2017-11-01 12:22:23 -04:00
@TokenAccessHandler.addReadAndWriteUserToProject = sinon.stub()
.callsArgWith(2, null)
@ProjectController.loadEditor = sinon.stub()
@TokenAccessController.readAndWriteToken @req, @res, @next
it 'should try to find a project with this token', (done) ->
expect(@TokenAccessHandler.findProjectWithReadAndWriteToken.callCount)
.to.equal 1
expect(@TokenAccessHandler.findProjectWithReadAndWriteToken
.calledWith(@readAndWriteToken)
).to.equal true
done()
it 'should check if user has higher access to the token project', (done) ->
expect(
@TokenAccessHandler.findProjectWithHigherAccess.callCount
).to.equal 1
done()
it 'should not add the user to the project with read-write access', (done) ->
expect(@TokenAccessHandler.addReadAndWriteUserToProject.callCount)
.to.equal 0
done()
it 'should not pass control to loadEditor', (done) ->
expect(@ProjectController.loadEditor.callCount).to.equal 0
expect(@ProjectController.loadEditor.calledWith(@req, @res, @next)).to.equal false
done()
it 'should not call next with a not-found error', (done) ->
expect(@next.callCount).to.equal 0
done()
it 'should redirect to the canonical project url', (done) ->
expect(@res.redirect.callCount).to.equal 1
expect(@res.redirect.calledWith(302, "/project/#{@project._id}")).to.equal true
done()
describe 'when higher access is not available', ->
beforeEach ->
@req = new MockRequest()
@res = new MockResponse()
@next = sinon.stub()
@req.params['read_and_write_token'] = @readAndWriteToken
@TokenAccessHandler.findProjectWithReadAndWriteToken = sinon.stub()
If no project found for read/write token, redirect to v1
2018-09-24 13:16:30 -04:00
.callsArgWith(1, null, null, true)
Test the case of anonymous read-write token access being turned on
2017-11-01 12:22:23 -04:00
@TokenAccessHandler.findProjectWithHigherAccess =
sinon.stub()
Remove projectExists flag from higher access check Now that find project by read and read/write token methods check whether the project exists, it is not neccessary to check whether the project exists in the higher access check. Therefore it has been removed
2018-09-24 13:31:07 -04:00
.callsArgWith(2, null, null)
Test the case of anonymous read-write token access being turned on
2017-11-01 12:22:23 -04:00
@TokenAccessHandler.addReadAndWriteUserToProject = sinon.stub()
.callsArgWith(2, null)
@ProjectController.loadEditor = sinon.stub()
@TokenAccessController.readAndWriteToken @req, @res, @next
it 'should try to find a project with this token', (done) ->
expect(@TokenAccessHandler.findProjectWithReadAndWriteToken.callCount)
.to.equal 1
expect(@TokenAccessHandler.findProjectWithReadAndWriteToken.calledWith(
@readAndWriteToken
)).to.equal true
done()
it 'should check if user has higher access to the token project', (done) ->
expect(
@TokenAccessHandler.findProjectWithHigherAccess.callCount
).to.equal 1
done()
it 'should not add the user to the project with read-write access', (done) ->
expect(@TokenAccessHandler.addReadAndWriteUserToProject.callCount)
.to.equal 0
done()
it 'should not pass control to loadEditor', (done) ->
expect(@ProjectController.loadEditor.callCount).to.equal 0
expect(@ProjectController.loadEditor.calledWith(@req, @res, @next)).to.equal false
done()
it 'should call next with a not-found error', (done) ->
expect(@next.callCount).to.equal 1
expect(@next.lastCall.args[0]).to.be.instanceof Error
done()
Unit test TokenAccessController
2017-10-03 09:04:59 -04:00
describe 'when adding user to project produces an error', ->
beforeEach ->
@req = new MockRequest()
@res = new MockResponse()
@next = sinon.stub()
@req.params['read_and_write_token'] = @readAndWriteToken
@TokenAccessHandler.findProjectWithReadAndWriteToken = sinon.stub()
If no project found for read/write token, redirect to v1
2018-09-24 13:16:30 -04:00
.callsArgWith(1, null, @project, true)
Unit test TokenAccessController
2017-10-03 09:04:59 -04:00
@TokenAccessHandler.addReadAndWriteUserToProject = sinon.stub()
.callsArgWith(2, new Error('woops'))
@ProjectController.loadEditor = sinon.stub()
@TokenAccessController.readAndWriteToken @req, @res, @next
it 'should try to find a project with this token', (done) ->
expect(@TokenAccessHandler.findProjectWithReadAndWriteToken.callCount)
.to.equal 1
expect(@TokenAccessHandler.findProjectWithReadAndWriteToken.calledWith(@readAndWriteToken))
.to.equal true
done()
it 'should add the user to the project with read-write access', (done) ->
expect(@TokenAccessHandler.addReadAndWriteUserToProject.callCount)
.to.equal 1
expect(@TokenAccessHandler.addReadAndWriteUserToProject.calledWith(
@userId.toString(), @projectId
))
.to.equal true
done()
it 'should not pass control to loadEditor', (done) ->
expect(@ProjectController.loadEditor.callCount).to.equal 0
expect(@ProjectController.loadEditor.calledWith(@req, @res, @next)).to.equal false
done()
it 'should call next with an error', (done) ->
expect(@next.callCount).to.equal 1
expect(@next.lastCall.args[0]).to.be.instanceof Error
done()
describe 'readOnlyToken', ->
beforeEach ->
only do v1 access check when api config present
2018-09-25 05:42:04 -04:00
@TokenAccessHandler.checkV1Access = sinon.stub().callsArgWith(1, null, true)
Unit test TokenAccessController
2017-10-03 09:04:59 -04:00
check access for doc on read only token
2018-09-24 18:03:28 -04:00
describe 'when access not allowed by v1 api', ->
beforeEach ->
@req = new MockRequest()
@res = new MockResponse()
@res.redirect = sinon.stub()
@next = sinon.stub()
@TokenAccessHandler.findProjectWithReadOnlyToken = sinon.stub()
fix test failure from merge
2018-09-25 08:54:01 -04:00
.callsArgWith(1, null, @project, true)
only do v1 access check when api config present
2018-09-25 05:42:04 -04:00
@TokenAccessHandler.checkV1Access = sinon.stub().callsArgWith(1, null, false, 'doc-url')
check access for doc on read only token
2018-09-24 18:03:28 -04:00
@TokenAccessController.readOnlyToken @req, @res, @next
it 'should redirect to doc-url', ->
expect(@res.redirect.calledWith('doc-url')).to.equal true
Unit test TokenAccessController
2017-10-03 09:04:59 -04:00
describe 'with a user', ->
beforeEach ->
@AuthenticationController.getLoggedInUserId = sinon.stub().returns(@userId.toString())
describe 'when all goes well', ->
beforeEach ->
@req = new MockRequest()
@res = new MockResponse()
@next = sinon.stub()
@req.params['read_only_token'] = @readOnlyToken
@TokenAccessHandler.findProjectWithReadOnlyToken = sinon.stub()
If no project found for read token, redirect to v1
2018-09-24 12:06:11 -04:00
.callsArgWith(1, null, @project, true)
Unit test TokenAccessController
2017-10-03 09:04:59 -04:00
@TokenAccessHandler.addReadOnlyUserToProject = sinon.stub()
.callsArgWith(2, null)
@ProjectController.loadEditor = sinon.stub()
@TokenAccessController.readOnlyToken @req, @res, @next
it 'should try to find a project with this token', (done) ->
expect(@TokenAccessHandler.findProjectWithReadOnlyToken.callCount)
.to.equal 1
expect(@TokenAccessHandler.findProjectWithReadOnlyToken.calledWith(@readOnlyToken))
.to.equal true
done()
it 'should add the user to the project with read-only access', (done) ->
expect(@TokenAccessHandler.addReadOnlyUserToProject.callCount)
.to.equal 1
expect(@TokenAccessHandler.addReadOnlyUserToProject.calledWith(
@userId.toString(), @projectId
))
.to.equal true
done()
it 'should pass control to loadEditor', (done) ->
expect(@req.params.Project_id).to.equal @projectId.toString()
expect(@ProjectController.loadEditor.callCount).to.equal 1
expect(@ProjectController.loadEditor.calledWith(@req, @res, @next)).to.equal true
done()
If user is project owner, don't add them as a token user
2017-10-16 11:44:20 -04:00
describe 'when the user is already the owner', ->
beforeEach ->
@req = new MockRequest()
@res = new MockResponse()
@next = sinon.stub()
@req.params['read_only_token'] = @readOnlyToken
@project.owner_ref = @userId
@TokenAccessHandler.findProjectWithReadOnlyToken = sinon.stub()
If no project found for read token, redirect to v1
2018-09-24 12:06:11 -04:00
.callsArgWith(1, null, @project, true)
If user is project owner, don't add them as a token user
2017-10-16 11:44:20 -04:00
@TokenAccessHandler.addReadOnlyUserToProject = sinon.stub()
.callsArgWith(2, null)
@ProjectController.loadEditor = sinon.stub()
@TokenAccessController.readOnlyToken @req, @res, @next
it 'should try to find a project with this token', (done) ->
expect(@TokenAccessHandler.findProjectWithReadOnlyToken.callCount)
.to.equal 1
expect(@TokenAccessHandler.findProjectWithReadOnlyToken.calledWith(@readOnlyToken))
.to.equal true
done()
it 'should not add the user to the project with read-only access', (done) ->
expect(@TokenAccessHandler.addReadOnlyUserToProject.callCount)
.to.equal 0
done()
it 'should pass control to loadEditor', (done) ->
expect(@req.params.Project_id).to.equal @projectId.toString()
expect(@ProjectController.loadEditor.callCount).to.equal 1
expect(@ProjectController.loadEditor.calledWith(@req, @res, @next)).to.equal true
done()
Unit test TokenAccessController
2017-10-03 09:04:59 -04:00
describe 'when findProject produces an error', ->
beforeEach ->
@req = new MockRequest()
@res = new MockResponse()
@next = sinon.stub()
@req.params['read_only_token'] = @readOnlyToken
@TokenAccessHandler.findProjectWithReadOnlyToken = sinon.stub()
.callsArgWith(1, new Error('woops'))
@TokenAccessHandler.addReadOnlyUserToProject = sinon.stub()
.callsArgWith(2, null)
@ProjectController.loadEditor = sinon.stub()
@TokenAccessController.readOnlyToken @req, @res, @next
it 'should try to find a project with this token', (done) ->
expect(@TokenAccessHandler.findProjectWithReadOnlyToken.callCount)
.to.equal 1
expect(@TokenAccessHandler.findProjectWithReadOnlyToken.calledWith(@readOnlyToken))
.to.equal true
done()
it 'should not add the user to the project with read-only access', (done) ->
expect(@TokenAccessHandler.addReadOnlyUserToProject.callCount)
.to.equal 0
done()
it 'should not pass control to loadEditor', (done) ->
expect(@ProjectController.loadEditor.callCount).to.equal 0
expect(@ProjectController.loadEditor.calledWith(@req, @res, @next)).to.equal false
done()
it 'should call next with an error', (done) ->
expect(@next.callCount).to.equal 1
expect(@next.lastCall.args[0]).to.be.instanceof Error
done()
Account for higher-access in the token read-only path too
2017-11-01 10:01:00 -04:00
describe 'when findProject does not find a project', ->
describe 'when token access is off, but user has higher access anyway', ->
Unit test TokenAccessController
2017-10-03 09:04:59 -04:00
beforeEach ->
@req = new MockRequest()
@res = new MockResponse()
Account for higher-access in the token read-only path too
2017-11-01 10:01:00 -04:00
@res.redirect = sinon.stub()
Unit test TokenAccessController
2017-10-03 09:04:59 -04:00
@next = sinon.stub()
Account for higher-access in the token read-only path too
2017-11-01 10:01:00 -04:00
@req.params['read_and_write_token'] = @readAndWriteToken
@TokenAccessHandler.findProjectWithReadAndWriteToken = sinon.stub()
If no project found for read/write token, redirect to v1
2018-09-24 13:16:30 -04:00
.callsArgWith(1, null, null, true)
Account for higher-access in the token read-only path too
2017-11-01 10:01:00 -04:00
@TokenAccessHandler.findProjectWithHigherAccess =
sinon.stub()
Remove projectExists flag from higher access check Now that find project by read and read/write token methods check whether the project exists, it is not neccessary to check whether the project exists in the higher access check. Therefore it has been removed
2018-09-24 13:31:07 -04:00
.callsArgWith(2, null, @project)
Account for higher-access in the token read-only path too
2017-11-01 10:01:00 -04:00
@TokenAccessHandler.addReadAndWriteUserToProject = sinon.stub()
Unit test TokenAccessController
2017-10-03 09:04:59 -04:00
.callsArgWith(2, null)
@ProjectController.loadEditor = sinon.stub()
Account for higher-access in the token read-only path too
2017-11-01 10:01:00 -04:00
@TokenAccessController.readAndWriteToken @req, @res, @next
Unit test TokenAccessController
2017-10-03 09:04:59 -04:00
it 'should try to find a project with this token', (done) ->
Account for higher-access in the token read-only path too
2017-11-01 10:01:00 -04:00
expect(@TokenAccessHandler.findProjectWithReadAndWriteToken.callCount)
Unit test TokenAccessController
2017-10-03 09:04:59 -04:00
.to.equal 1
Account for higher-access in the token read-only path too
2017-11-01 10:01:00 -04:00
expect(@TokenAccessHandler.findProjectWithReadAndWriteToken.calledWith(@readAndWriteToken))
Unit test TokenAccessController
2017-10-03 09:04:59 -04:00
.to.equal true
done()
Account for higher-access in the token read-only path too
2017-11-01 10:01:00 -04:00
it 'should check if user has higher access to the token project', (done) ->
expect(
@TokenAccessHandler.findProjectWithHigherAccess.callCount
).to.equal 1
done()
it 'should not add the user to the project with read-write access', (done) ->
expect(@TokenAccessHandler.addReadAndWriteUserToProject.callCount)
Unit test TokenAccessController
2017-10-03 09:04:59 -04:00
.to.equal 0
done()
it 'should not pass control to loadEditor', (done) ->
expect(@ProjectController.loadEditor.callCount).to.equal 0
expect(@ProjectController.loadEditor.calledWith(@req, @res, @next)).to.equal false
done()
Account for higher-access in the token read-only path too
2017-11-01 10:01:00 -04:00
it 'should not call next with a not-found error', (done) ->
expect(@next.callCount).to.equal 0
done()
it 'should redirect to the canonical project url', (done) ->
expect(@res.redirect.callCount).to.equal 1
expect(@res.redirect.calledWith(302, "/project/#{@project._id}")).to.equal true
Unit test TokenAccessController
2017-10-03 09:04:59 -04:00
done()
Account for higher-access in the token read-only path too
2017-11-01 10:01:00 -04:00
describe 'when higher access is not available', ->
Unit test TokenAccessController
2017-10-03 09:04:59 -04:00
beforeEach ->
@req = new MockRequest()
@res = new MockResponse()
@next = sinon.stub()
Account for higher-access in the token read-only path too
2017-11-01 10:01:00 -04:00
@req.params['read_and_write_token'] = @readAndWriteToken
@TokenAccessHandler.findProjectWithReadAndWriteToken = sinon.stub()
If no project found for read/write token, redirect to v1
2018-09-24 13:16:30 -04:00
.callsArgWith(1, null, null, true)
Account for higher-access in the token read-only path too
2017-11-01 10:01:00 -04:00
@TokenAccessHandler.findProjectWithHigherAccess =
sinon.stub()
Remove projectExists flag from higher access check Now that find project by read and read/write token methods check whether the project exists, it is not neccessary to check whether the project exists in the higher access check. Therefore it has been removed
2018-09-24 13:31:07 -04:00
.callsArgWith(2, null, null)
Unit test TokenAccessController
2017-10-03 09:04:59 -04:00
@TokenAccessHandler.addReadOnlyUserToProject = sinon.stub()
Account for higher-access in the token read-only path too
2017-11-01 10:01:00 -04:00
.callsArgWith(2, null)
Unit test TokenAccessController
2017-10-03 09:04:59 -04:00
@ProjectController.loadEditor = sinon.stub()
Account for higher-access in the token read-only path too
2017-11-01 10:01:00 -04:00
@TokenAccessController.readAndWriteToken @req, @res, @next
Unit test TokenAccessController
2017-10-03 09:04:59 -04:00
it 'should try to find a project with this token', (done) ->
Account for higher-access in the token read-only path too
2017-11-01 10:01:00 -04:00
expect(@TokenAccessHandler.findProjectWithReadAndWriteToken.callCount)
Unit test TokenAccessController
2017-10-03 09:04:59 -04:00
.to.equal 1
Account for higher-access in the token read-only path too
2017-11-01 10:01:00 -04:00
expect(@TokenAccessHandler.findProjectWithReadAndWriteToken.calledWith(
@readAndWriteToken
)).to.equal true
Unit test TokenAccessController
2017-10-03 09:04:59 -04:00
done()
Account for higher-access in the token read-only path too
2017-11-01 10:01:00 -04:00
it 'should check if user has higher access to the token project', (done) ->
expect(
@TokenAccessHandler.findProjectWithHigherAccess.callCount
).to.equal 1
done()
it 'should not add the user to the project with read-write access', (done) ->
Unit test TokenAccessController
2017-10-03 09:04:59 -04:00
expect(@TokenAccessHandler.addReadOnlyUserToProject.callCount)
Account for higher-access in the token read-only path too
2017-11-01 10:01:00 -04:00
.to.equal 0
Unit test TokenAccessController
2017-10-03 09:04:59 -04:00
done()
it 'should not pass control to loadEditor', (done) ->
expect(@ProjectController.loadEditor.callCount).to.equal 0
expect(@ProjectController.loadEditor.calledWith(@req, @res, @next)).to.equal false
done()
Account for higher-access in the token read-only path too
2017-11-01 10:01:00 -04:00
it 'should call next with a not-found error', (done) ->
Unit test TokenAccessController
2017-10-03 09:04:59 -04:00
expect(@next.callCount).to.equal 1
expect(@next.lastCall.args[0]).to.be.instanceof Error
done()
Account for higher-access in the token read-only path too
2017-11-01 10:01:00 -04:00
describe 'when adding user to project produces an error', ->
beforeEach ->
@req = new MockRequest()
@res = new MockResponse()
@next = sinon.stub()
@req.params['read_only_token'] = @readOnlyToken
@TokenAccessHandler.findProjectWithReadOnlyToken = sinon.stub()
If no project found for read token, redirect to v1
2018-09-24 12:06:11 -04:00
.callsArgWith(1, null, @project, true)
Account for higher-access in the token read-only path too
2017-11-01 10:01:00 -04:00
@TokenAccessHandler.addReadOnlyUserToProject = sinon.stub()
.callsArgWith(2, new Error('woops'))
@ProjectController.loadEditor = sinon.stub()
@TokenAccessController.readOnlyToken @req, @res, @next
it 'should try to find a project with this token', (done) ->
expect(@TokenAccessHandler.findProjectWithReadOnlyToken.callCount)
.to.equal 1
expect(@TokenAccessHandler.findProjectWithReadOnlyToken.calledWith(@readOnlyToken))
.to.equal true
done()
it 'should add the user to the project with read-only access', (done) ->
expect(@TokenAccessHandler.addReadOnlyUserToProject.callCount)
.to.equal 1
expect(@TokenAccessHandler.addReadOnlyUserToProject.calledWith(
@userId.toString(), @projectId
))
.to.equal true
done()
it 'should not pass control to loadEditor', (done) ->
expect(@ProjectController.loadEditor.callCount).to.equal 0
expect(@ProjectController.loadEditor.calledWith(@req, @res, @next)).to.equal false
done()
Unit test TokenAccessController
2017-10-03 09:04:59 -04:00
Account for higher-access in the token read-only path too
2017-11-01 10:01:00 -04:00
it 'should call next with an error', (done) ->
expect(@next.callCount).to.equal 1
expect(@next.lastCall.args[0]).to.be.instanceof Error
done()
Unit test TokenAccessController
2017-10-03 09:04:59 -04:00
describe 'anonymous', ->
beforeEach ->
@AuthenticationController.getLoggedInUserId = sinon.stub().returns(null)
Add a setting to enable anonymous read-and-write link sharing
2017-10-18 08:04:37 -04:00
@TokenAccessHandler.grantSessionTokenAccess = sinon.stub()
Unit test TokenAccessController
2017-10-03 09:04:59 -04:00
describe 'when all goes well', ->
beforeEach ->
@req = new MockRequest()
@res = new MockResponse()
@next = sinon.stub()
@req.params['read_only_token'] = @readOnlyToken
@TokenAccessHandler.findProjectWithReadOnlyToken = sinon.stub()
If no project found for read token, redirect to v1
2018-09-24 12:06:11 -04:00
.callsArgWith(1, null, @project, true)
Unit test TokenAccessController
2017-10-03 09:04:59 -04:00
@TokenAccessHandler.addReadOnlyUserToProject = sinon.stub()
.callsArgWith(2, null)
@ProjectController.loadEditor = sinon.stub()
@TokenAccessController.readOnlyToken @req, @res, @next
it 'should try to find a project with this token', (done) ->
expect(@TokenAccessHandler.findProjectWithReadOnlyToken.callCount)
.to.equal 1
expect(@TokenAccessHandler.findProjectWithReadOnlyToken.calledWith(@readOnlyToken))
.to.equal true
done()
it 'should give the user session read-only access', (done) ->
Add a setting to enable anonymous read-and-write link sharing
2017-10-18 08:04:37 -04:00
expect(@TokenAccessHandler.grantSessionTokenAccess.callCount)
Unit test TokenAccessController
2017-10-03 09:04:59 -04:00
.to.equal 1
Add a setting to enable anonymous read-and-write link sharing
2017-10-18 08:04:37 -04:00
expect(@TokenAccessHandler.grantSessionTokenAccess.calledWith(
Unit test TokenAccessController
2017-10-03 09:04:59 -04:00
@req, @projectId, @readOnlyToken
))
.to.equal true
done()
it 'should not add the user to the project with read-only access', (done) ->
expect(@TokenAccessHandler.addReadOnlyUserToProject.callCount)
.to.equal 0
done()
it 'should pass control to loadEditor', (done) ->
expect(@req.params.Project_id).to.equal @projectId.toString()
Change `anonToken` and such to `anonymousAccessToken`
2017-10-20 05:10:21 -04:00
expect(@req._anonymousAccessToken).to.equal @readOnlyToken
Unit test TokenAccessController
2017-10-03 09:04:59 -04:00
expect(@ProjectController.loadEditor.callCount).to.equal 1
expect(@ProjectController.loadEditor.calledWith(@req, @res, @next)).to.equal true
done()
describe 'when findProject produces an error', ->
beforeEach ->
@req = new MockRequest()
@res = new MockResponse()
@next = sinon.stub()
@req.params['read_only_token'] = @readOnlyToken
@TokenAccessHandler.findProjectWithReadOnlyToken = sinon.stub()
.callsArgWith(1, new Error('woops'))
@TokenAccessHandler.addReadOnlyUserToProject = sinon.stub()
.callsArgWith(2, null)
@ProjectController.loadEditor = sinon.stub()
@TokenAccessController.readOnlyToken @req, @res, @next
it 'should try to find a project with this token', (done) ->
expect(@TokenAccessHandler.findProjectWithReadOnlyToken.callCount)
.to.equal 1
expect(@TokenAccessHandler.findProjectWithReadOnlyToken.calledWith(@readOnlyToken))
.to.equal true
done()
it 'should not give the user session read-only access', (done) ->
Add a setting to enable anonymous read-and-write link sharing
2017-10-18 08:04:37 -04:00
expect(@TokenAccessHandler.grantSessionTokenAccess.callCount)
Unit test TokenAccessController
2017-10-03 09:04:59 -04:00
.to.equal 0
done()
it 'should not add the user to the project with read-only access', (done) ->
expect(@TokenAccessHandler.addReadOnlyUserToProject.callCount)
.to.equal 0
done()
it 'should not pass control to loadEditor', (done) ->
expect(@ProjectController.loadEditor.callCount).to.equal 0
expect(@ProjectController.loadEditor.calledWith(@req, @res, @next)).to.equal false
done()
it 'should call next with an error', (done) ->
expect(@next.callCount).to.equal 1
expect(@next.lastCall.args[0]).to.be.instanceof Error
done()
describe 'when findProject does not find a project', ->
beforeEach ->
@req = new MockRequest()
@res = new MockResponse()
If no project found for read token, redirect to v1
2018-09-24 12:06:11 -04:00
@res.redirect = sinon.stub()
Unit test TokenAccessController
2017-10-03 09:04:59 -04:00
@next = sinon.stub()
@req.params['read_only_token'] = @readOnlyToken
@TokenAccessHandler.findProjectWithReadOnlyToken = sinon.stub()
.callsArgWith(1, null, null)
@TokenAccessHandler.addReadOnlyUserToProject = sinon.stub()
.callsArgWith(2, null)
@ProjectController.loadEditor = sinon.stub()
@TokenAccessController.readOnlyToken @req, @res, @next
it 'should try to find a project with this token', (done) ->
expect(@TokenAccessHandler.findProjectWithReadOnlyToken.callCount)
.to.equal 1
expect(@TokenAccessHandler.findProjectWithReadOnlyToken.calledWith(@readOnlyToken))
.to.equal true
done()
it 'should not give the user session read-only access', (done) ->
Add a setting to enable anonymous read-and-write link sharing
2017-10-18 08:04:37 -04:00
expect(@TokenAccessHandler.grantSessionTokenAccess.callCount)
Unit test TokenAccessController
2017-10-03 09:04:59 -04:00
.to.equal 0
done()
it 'should not pass control to loadEditor', (done) ->
expect(@ProjectController.loadEditor.callCount).to.equal 0
expect(@ProjectController.loadEditor.calledWith(@req, @res, @next)).to.equal false
done()
it 'should not add the user to the project with read-only access', (done) ->
expect(@TokenAccessHandler.addReadOnlyUserToProject.callCount)
.to.equal 0
done()
If no project found for read/write token, redirect to v1
2018-09-24 13:16:30 -04:00
it 'should redirect to v1', (done) ->
If no project found for read token, redirect to v1
2018-09-24 12:06:11 -04:00
expect(@res.redirect.callCount).to.equal 1
expect(@res.redirect.calledWith(
302,
"http://overleaf.test:5000/read/#{@readOnlyToken}"
)).to.equal true
Unit test TokenAccessController
2017-10-03 09:04:59 -04:00
done()
Reference in a new issue Copy permalink