mirror of
https://github.com/overleaf/overleaf.git
synced 2024-11-07 20:31:06 -05:00
Flesh out acceptance tests for token access
This commit is contained in:
parent
d386f79a76
commit
29a584996f
1 changed files with 116 additions and 13 deletions
|
@ -30,7 +30,7 @@ try_read_only_token_access = (user, token, test, callback) ->
|
|||
try_read_and_write_token_access = (user, token, test, callback) ->
|
||||
async.series [
|
||||
(cb) ->
|
||||
user.request.get "/read/#{token}", (error, response, body) ->
|
||||
user.request.get "/#{token}", (error, response, body) ->
|
||||
return cb(error) if error?
|
||||
test(response, body)
|
||||
cb()
|
||||
|
@ -57,6 +57,29 @@ try_content_access = (user, project_id, test, callback) ->
|
|||
test(response, body)
|
||||
callback()
|
||||
|
||||
try_anon_content_access = (user, project_id, token, test, callback) ->
|
||||
# The real-time service calls this end point to determine the user's
|
||||
# permissions.
|
||||
if user.id?
|
||||
user_id = user.id
|
||||
else
|
||||
user_id = "anonymous-user"
|
||||
request.post {
|
||||
url: "/project/#{project_id}/join"
|
||||
qs: {user_id}
|
||||
auth:
|
||||
user: settings.apis.web.user
|
||||
pass: settings.apis.web.pass
|
||||
sendImmediately: true
|
||||
headers:
|
||||
'x-sl-anon-token': token
|
||||
json: true
|
||||
jar: false
|
||||
}, (error, response, body) ->
|
||||
return callback(error) if error?
|
||||
test(response, body)
|
||||
callback()
|
||||
|
||||
expect_content_write_access = (user, project_id, callback) ->
|
||||
try_content_access(user, project_id, (response, body) ->
|
||||
expect(body.privilegeLevel).to.be.oneOf ["readAndWrite"]
|
||||
|
@ -92,9 +115,6 @@ expect_read_and_write_access = (user, project_id, token, callback) ->
|
|||
], callback
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
describe 'TokenAccess', ->
|
||||
before (done) ->
|
||||
@timeout(90000)
|
||||
|
@ -119,7 +139,6 @@ describe 'TokenAccess', ->
|
|||
@owner.getProject @project_id, (err, project) =>
|
||||
return done(err) if err?
|
||||
@tokens = project.tokens
|
||||
console.log ">> ", @project_id, @tokens, project.publicAccesLevel
|
||||
done()
|
||||
|
||||
it 'should deny access before the token is used', (done) ->
|
||||
|
@ -158,15 +177,99 @@ describe 'TokenAccess', ->
|
|||
expect(body.privilegeLevel).to.equal false
|
||||
, done)
|
||||
|
||||
describe 'anonymous read-only token', ->
|
||||
before (done) ->
|
||||
@owner.createProject 'token-anon-ro-test#{Math.random()}', (err, project_id) =>
|
||||
return done(err) if err?
|
||||
@project_id = project_id
|
||||
@owner.makeTokenBased @project_id, (err) =>
|
||||
return done(err) if err?
|
||||
@owner.getProject @project_id, (err, project) =>
|
||||
return done(err) if err?
|
||||
@tokens = project.tokens
|
||||
done()
|
||||
|
||||
# describe 'anonymous read-only token', ->
|
||||
# beforeEach ->
|
||||
it 'should deny access before the token is used', (done) ->
|
||||
try_read_access(@anon, @project_id, (response, body) =>
|
||||
expect(response.statusCode).to.equal 302
|
||||
expect(body).to.match /.*\/restricted.*/
|
||||
, done)
|
||||
|
||||
# describe 'made private again', ->
|
||||
# beforeEach ->
|
||||
it 'should allow the user to access project via read-only token url', (done) ->
|
||||
try_read_only_token_access(@anon, @tokens.readOnly, (response, body) =>
|
||||
expect(response.statusCode).to.equal 200
|
||||
, done)
|
||||
|
||||
# describe 'read-and-write token', ->
|
||||
# beforeEach ->
|
||||
it 'should allow the user to anonymously join the project with read-only access', (done) ->
|
||||
try_anon_content_access(@anon, @project_id, @tokens.readOnly, (response, body) =>
|
||||
expect(body.privilegeLevel).to.equal 'readOnly'
|
||||
, done)
|
||||
|
||||
describe 'made private again', ->
|
||||
before (done) ->
|
||||
@owner.makePrivate @project_id, () -> setTimeout(done, 1000)
|
||||
|
||||
it 'should deny access to project', (done) ->
|
||||
try_read_access(@anon, @project_id, (response, body) =>
|
||||
expect(response.statusCode).to.equal 302
|
||||
expect(body).to.match /.*\/restricted.*/
|
||||
, done)
|
||||
|
||||
it 'should not allow the user to access read-only token', (done) ->
|
||||
try_read_only_token_access(@anon, @tokens.readOnly, (response, body) =>
|
||||
expect(response.statusCode).to.equal 404
|
||||
, done)
|
||||
|
||||
it 'should not allow the user to join the project', (done) ->
|
||||
try_anon_content_access(@anon, @project_id, @tokens.readOnly, (response, body) =>
|
||||
expect(body.privilegeLevel).to.equal false
|
||||
, done)
|
||||
|
||||
describe 'read-and-write token', ->
|
||||
before (done) ->
|
||||
@owner.createProject 'token-rw-test#{Math.random()}', (err, project_id) =>
|
||||
return done(err) if err?
|
||||
@project_id = project_id
|
||||
@owner.makeTokenBased @project_id, (err) =>
|
||||
return done(err) if err?
|
||||
@owner.getProject @project_id, (err, project) =>
|
||||
return done(err) if err?
|
||||
@tokens = project.tokens
|
||||
done()
|
||||
|
||||
it 'should deny access before the token is used', (done) ->
|
||||
try_read_access(@other1, @project_id, (response, body) =>
|
||||
expect(response.statusCode).to.equal 302
|
||||
expect(body).to.match /.*\/restricted.*/
|
||||
, done)
|
||||
|
||||
it 'should allow the user to access project via read-and-write token url', (done) ->
|
||||
try_read_and_write_token_access(@other1, @tokens.readAndWrite, (response, body) =>
|
||||
expect(response.statusCode).to.equal 200
|
||||
, done)
|
||||
|
||||
it 'should allow the user to join the project with read-and-write access', (done) ->
|
||||
try_content_access(@other1, @project_id, (response, body) =>
|
||||
expect(body.privilegeLevel).to.equal 'readAndWrite'
|
||||
, done)
|
||||
|
||||
describe 'made private again', ->
|
||||
before (done) ->
|
||||
@owner.makePrivate @project_id, () -> setTimeout(done, 1000)
|
||||
|
||||
it 'should deny access to project', (done) ->
|
||||
try_read_access(@other1, @project_id, (response, body) =>
|
||||
expect(response.statusCode).to.equal 302
|
||||
expect(body).to.match /.*\/restricted.*/
|
||||
, done)
|
||||
|
||||
it 'should not allow the user to access read-and-write token', (done) ->
|
||||
try_read_and_write_token_access(@other1, @tokens.readAndWrite, (response, body) =>
|
||||
expect(response.statusCode).to.equal 404
|
||||
, done)
|
||||
|
||||
it 'should not allow the user to join the project', (done) ->
|
||||
try_content_access(@other1, @project_id, (response, body) =>
|
||||
expect(body.privilegeLevel).to.equal false
|
||||
, done)
|
||||
|
||||
# describe 'made private again', ->
|
||||
# beforeEach ->
|
||||
|
|
Loading…
Reference in a new issue