Commit graph

129 commits

Author SHA1 Message Date
Hayden Faulds
28bcf83d87 better error when project creation fails 2017-12-04 09:25:22 +00:00
Hayden Faulds
eacb19fac9 create user in db and use login endpoint instead of register 2017-12-04 09:25:22 +00:00
Hayden Faulds
938d22da3f get csrf token from /dev/csrf not /register 2017-12-04 09:25:22 +00:00
James Allen
3e90103d9c No need to bind to 0.0.0.0 when running in same container 2017-11-27 17:10:58 +00:00
James Allen
fbf8cc2d03 Run acceptance tests via docker compose 2017-11-27 17:10:58 +00:00
Hayden Faulds
e54e2c8328 fix acceptance tests 2017-11-23 10:39:30 +00:00
Shane Kilkelly
2b4d516353 When anon is denied access to read-write token, redirect to restricted 2017-11-06 16:46:42 +00:00
Shane Kilkelly
9cd6b4e6ad Test for when anon write access is disabled 2017-11-02 15:16:04 +00:00
Shane Kilkelly
1cedfed1e4 Merge branch 'master' into sk-unlisted-projects 2017-11-02 10:10:09 +00:00
Shane Kilkelly
d8486afe5d Account for higher-access in the token read-only path too 2017-11-01 14:01:00 +00:00
Shane Kilkelly
9984ab081e Generalise the higher-access logic for read-write token path 2017-11-01 11:50:04 +00:00
Brian Gough
dcdcbd8388 exit if mock servers fail to start 2017-10-20 16:00:52 +01:00
Shane Kilkelly
0e44b319db Change anonToken and such to anonymousAccessToken 2017-10-20 10:10:21 +01:00
Shane Kilkelly
22795981b9 Add tests to check when tokens are never activated 2017-10-19 15:22:44 +01:00
Shane Kilkelly
7d2bde85ff Add a setting to enable anonymous read-and-write link sharing 2017-10-18 13:04:37 +01:00
Shane Kilkelly
5fb86441f6 Add acceptance tests for private-overleaf-project
... when accessed via the read-write token by the owner
2017-10-16 14:15:50 +01:00
Shane Kilkelly
29a584996f Flesh out acceptance tests for token access 2017-10-06 16:26:47 +01:00
Shane Kilkelly
b5bed1837e Start acceptance tests for token-based access 2017-10-06 15:58:03 +01:00
James Allen
23bd840796 Fix MockDocStoreApi name 2017-09-27 10:53:00 +02:00
James Allen
1502da85cf Set up acceptance tests to run in docker container 2017-09-27 10:37:20 +02:00
Shane Kilkelly
7dc759482c Fix how adding user to project works in acceptance tests 2017-09-21 11:43:16 +01:00
Henry Oswald
a7217f1d37 Merge branch 'ho-csrf-acceptence-tests' 2017-09-15 13:50:17 +01:00
Tim Alby
a04adbf132 remove extra security headers 2017-09-13 11:53:11 +02:00
Tim Alby
d6834ff417 add security headers using Helmet
- use all Helmet's default headers except `X-DNS-Prefetch-Control`
- use `Referrer-Policy`
- use cache headers when:
  - a user is logged in, OR
  - a project is displayed
2017-09-12 11:17:59 +02:00
Shane Kilkelly
7bb4638186 Restore user features to default after acceptance test.
Fixes an issue that could come up when running the tests
several times.
2017-09-01 14:45:54 +01:00
Shane Kilkelly
c170de7a4f Add unit test to cover project features. 2017-09-01 13:28:11 +01:00
Henry Oswald
d4b0c740c2 added csrf acceptence tests 2017-08-29 17:45:16 +01:00
Shane Kilkelly
25e0a19350 Make confirm-password routes more restful 2017-05-16 11:51:06 +01:00
Shane Kilkelly
b09a41c557 Fix acceptance tests 2017-05-10 13:45:53 +01:00
Shane Kilkelly
635b935acc Add an acceptance test for login rate limits, cleanup 2017-01-16 11:46:59 +00:00
Shane Kilkelly
22101d0305 If user is sent to login page with explicit redirect, obey 2016-11-24 11:38:13 +00:00
Shane Kilkelly
8089bb55a4 use session for the post-login redirect, remove redir query string. 2016-11-22 14:24:36 +00:00
Shane Kilkelly
b212c00311 Fix acceptance tests, use the correct method of getting redis key. 2016-11-14 16:33:54 +00:00
Shane Kilkelly
5f3098df38 Replace multi-ops with Async.series, tests passing 2016-11-09 11:03:03 +00:00
Shane Kilkelly
0f65e98566 add acceptance test for clearing sessions 2016-10-10 10:55:45 +01:00
Shane Kilkelly
b497182557 Add an acceptance test for registration and login 2016-09-27 11:55:51 +01:00
Shane Kilkelly
6e8185aeaf Merge branch 'master' into sk-passport 2016-09-23 10:28:35 +01:00
Shane Kilkelly
6c716ca252 Fix acceptance tests by updating invite-accept url 2016-09-23 10:28:17 +01:00
Shane Kilkelly
a3ace1fccd Increase timeout because slow tests 2016-09-22 11:33:54 +01:00
Shane Kilkelly
3a5b3a8e8d wip: acceptance tests working 2016-09-06 15:55:34 +01:00
Shane Kilkelly
b0a10c948c wip refactor 2016-09-06 15:22:13 +01:00
Shane Kilkelly
da40f54d55 Improve logging, add acceptance tests for joinProject json 2016-08-16 11:17:45 +01:00
Shane Kilkelly
3cec6affab Test creating two invites at once 2016-08-10 15:24:09 +01:00
Shane Kilkelly
5351e79c7a Test creating, listing and revoking invites as owner 2016-08-10 14:39:27 +01:00
Shane Kilkelly
9787edd716 Add more assertions about project access 2016-08-01 15:55:56 +01:00
Shane Kilkelly
9e0ff3f628 test when the token is invalid 2016-08-01 15:21:06 +01:00
Shane Kilkelly
495bc1bcd3 Refactor 2016-08-01 15:16:10 +01:00
Shane Kilkelly
8af1a7b17a Test login workflow 2016-08-01 15:16:03 +01:00
Shane Kilkelly
263822d665 Also parse out login url 2016-08-01 13:54:49 +01:00
Shane Kilkelly
5f1aa4cc58 test registration with invalid token 2016-08-01 13:30:43 +01:00
Shane Kilkelly
69bd954001 test the registration workflow 2016-08-01 12:14:34 +01:00
Shane Kilkelly
5159cdd0e9 Test when the user recieves second invite to project 2016-08-01 10:57:20 +01:00
Shane Kilkelly
545ce79c71 Test clicking the invite after already accepting 2016-08-01 10:14:08 +01:00
Shane Kilkelly
9c530e1bb6 rename test case 2016-08-01 10:04:42 +01:00
Shane Kilkelly
74c824edde Test redirect to /register when user not logged in 2016-08-01 09:59:30 +01:00
Shane Kilkelly
7a8142a43c remove extraneous body parameter 2016-08-01 09:06:02 +01:00
Shane Kilkelly
39fc611964 Revoke invite after each test 2016-07-29 13:55:08 +01:00
Shane Kilkelly
e7c1f7f0fc Refactor, deduplicate tests 2016-07-29 13:39:18 +01:00
Shane Kilkelly
f3a1f32bb1 Test the invalid-invite page 2016-07-29 11:54:08 +01:00
Shane Kilkelly
b33d4e103d Test when the user does not accept the invite 2016-07-29 11:08:24 +01:00
Shane Kilkelly
f33d01f375 Test acceptance of invite 2016-07-29 11:04:07 +01:00
Shane Kilkelly
563247044b Start testing the invite page 2016-07-29 09:52:55 +01:00
Shane Kilkelly
23c94c9599 get invite and link for test 2016-07-28 16:00:18 +01:00
Shane Kilkelly
748851b51e start ProjectInvite acceptance test module 2016-07-28 14:53:22 +01:00
Shane Kilkelly
9f724d0a04 Add tests to check if users can access a restricted page. 2016-07-06 12:14:01 +01:00
Shane Kilkelly
a1c662b9d8 Test session revocation on password change. 2016-07-05 14:55:08 +01:00
Shane Kilkelly
2caa80bbcb acceptance test for logging in two sessions. 2016-07-05 14:21:38 +01:00
Shane Kilkelly
bec3d2ad42 start acceptance tests for sessions 2016-07-05 10:24:24 +01:00
James Allen
f182fbf396 Convert 'anonymous-user' from real-time api in 'null' internally 2016-03-22 09:53:47 +00:00
James Allen
7791805949 Allow admin access to projects 2016-03-21 17:03:41 +00:00
James Allen
e7d67668e9 Improve error reporting and show 404 when project ids are malformed 2016-03-18 15:59:12 +00:00
James Allen
88b8ce1f80 Enable working settings acceptance tests 2016-03-18 15:59:12 +00:00
James Allen
71ef045728 Implement authorization guards in Authorization{Manager,Controller} 2016-03-14 17:06:57 +00:00
James Allen
e36be96ec9 Move public access setting to its own end point 2016-03-10 11:13:57 +00:00
James Allen
d235ab22ed Add in tests for public read-only projects 2016-03-09 16:28:46 +00:00
James Allen
c46c083b31 Check write access to documents via real-time end point 2016-03-09 16:26:18 +00:00
James Allen
2116d0271c Update acceptance tests for public projects 2016-03-09 15:30:23 +00:00
James Allen
4f9f255153 Extend acceptance tests to include shared projects 2016-03-09 12:31:46 +00:00
James Allen
e1fa77dd72 Add beginnings of acceptance tests 2016-03-08 15:59:04 +00:00