mirror of
https://github.com/hedgedoc/hedgedoc.git
synced 2025-05-28 14:04:43 -04:00
fix(realtime): Allow connections for guest users
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
This commit is contained in:
Tilman Vatteroth
parent
4ab66dfe2d
commit
a97f7e8fd1
8 changed files with 139 additions and 59 deletions
|
|
@ -52,7 +52,7 @@ export class RealtimeNote extends (EventEmitter as TypedEventEmitterConstructor<
|
|||
*/
|
||||
public addClient(client: WebsocketConnection): void {
|
||||
this.clients.add(client);
|
||||
this.logger.debug(`User '${client.getUser().username}' connected`);
|
||||
this.logger.debug(`User '${client.getUsername()}' connected`);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -63,7 +63,7 @@ export class RealtimeNote extends (EventEmitter as TypedEventEmitterConstructor<
|
|||
public removeClient(client: WebsocketConnection): void {
|
||||
this.clients.delete(client);
|
||||
this.logger.debug(
|
||||
`User '${client.getUser().username}' disconnected. ${
|
||||
`User '${client.getUsername()}' disconnected. ${
|
||||
this.clients.size
|
||||
} clients left.`,
|
||||
);
|
||||
|
|
|
|||
|
|
@ -18,5 +18,6 @@ export function mockConnection(synced: boolean): WebsocketConnection {
|
|||
isSynced: jest.fn(() => synced),
|
||||
send: jest.fn(),
|
||||
getUser: jest.fn(() => Mock.of<User>({ username: 'mockedUser' })),
|
||||
getUsername: jest.fn(() => 'mocked user'),
|
||||
});
|
||||
}
|
||||
|
|
|
|||
|
|
@ -192,4 +192,26 @@ describe('websocket connection', () => {
|
|||
|
||||
expect(sut.getUser()).toBe(mockedUser);
|
||||
});
|
||||
|
||||
it('returns the correct username', () => {
|
||||
const mockedUserWithUsername = Mock.of<User>({ username: 'MockUser' });
|
||||
|
||||
const sut = new WebsocketConnection(
|
||||
mockedWebsocket,
|
||||
mockedUserWithUsername,
|
||||
mockedRealtimeNote,
|
||||
);
|
||||
|
||||
expect(sut.getUsername()).toBe('MockUser');
|
||||
});
|
||||
|
||||
it('returns a fallback if no username has been set', () => {
|
||||
const sut = new WebsocketConnection(
|
||||
mockedWebsocket,
|
||||
mockedUser,
|
||||
mockedRealtimeNote,
|
||||
);
|
||||
|
||||
expect(sut.getUsername()).toBe('Guest');
|
||||
});
|
||||
});
|
||||
|
|
|
|||
|
|
@ -30,7 +30,7 @@ export class WebsocketConnection {
|
|||
*/
|
||||
constructor(
|
||||
websocket: WebSocket,
|
||||
private user: User,
|
||||
private user: User | null,
|
||||
realtimeNote: RealtimeNote,
|
||||
) {
|
||||
const awareness = realtimeNote.getAwareness();
|
||||
|
|
@ -94,7 +94,11 @@ export class WebsocketConnection {
|
|||
return this.controlledAwarenessIds;
|
||||
}
|
||||
|
||||
public getUser(): User {
|
||||
public getUser(): User | null {
|
||||
return this.user;
|
||||
}
|
||||
|
||||
public getUsername(): string {
|
||||
return this.getUser()?.username ?? 'Guest';
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,6 +3,7 @@
|
|||
*
|
||||
* SPDX-License-Identifier: AGPL-3.0-only
|
||||
*/
|
||||
import { Optional } from '@mrdrogdrog/optional';
|
||||
import { ConfigModule } from '@nestjs/config';
|
||||
import { EventEmitterModule } from '@nestjs/event-emitter';
|
||||
import { Test, TestingModule } from '@nestjs/testing';
|
||||
|
|
@ -64,7 +65,9 @@ describe('Websocket gateway', () => {
|
|||
const mockedValidSessionCookie = 'mockedValidSessionCookie';
|
||||
const mockedSessionIdWithUser = 'mockedSessionIdWithUser';
|
||||
const mockedValidUrl = 'mockedValidUrl';
|
||||
const mockedValidGuestUrl = 'mockedValidGuestUrl';
|
||||
const mockedValidNoteId = 'mockedValidNoteId';
|
||||
const mockedValidGuestNoteId = 'mockedValidGuestNoteId';
|
||||
|
||||
let sessionExistsForUser = true;
|
||||
let noteExistsForNoteId = true;
|
||||
|
|
@ -151,14 +154,15 @@ describe('Websocket gateway', () => {
|
|||
permissionsService = module.get<PermissionsService>(PermissionsService);
|
||||
|
||||
jest
|
||||
.spyOn(sessionService, 'extractVerifiedSessionIdFromRequest')
|
||||
.mockImplementation((request: IncomingMessage): string => {
|
||||
if (request.headers.cookie === mockedValidSessionCookie) {
|
||||
return mockedSessionIdWithUser;
|
||||
} else {
|
||||
throw new Error('no valid session cookie found');
|
||||
}
|
||||
});
|
||||
.spyOn(sessionService, 'extractSessionIdFromRequest')
|
||||
.mockImplementation(
|
||||
(request: IncomingMessage): Optional<string> =>
|
||||
Optional.ofNullable(
|
||||
request.headers?.cookie === mockedValidSessionCookie
|
||||
? mockedSessionIdWithUser
|
||||
: null,
|
||||
),
|
||||
);
|
||||
|
||||
const mockUsername = 'mockUsername';
|
||||
jest
|
||||
|
|
@ -184,26 +188,37 @@ describe('Websocket gateway', () => {
|
|||
.mockImplementation((request: IncomingMessage): string => {
|
||||
if (request.url === mockedValidUrl) {
|
||||
return mockedValidNoteId;
|
||||
} else if (request.url === mockedValidGuestUrl) {
|
||||
return mockedValidGuestNoteId;
|
||||
} else {
|
||||
throw new Error('no valid note id found');
|
||||
}
|
||||
});
|
||||
|
||||
const mockedNote = Mock.of<Note>({ id: 4711 });
|
||||
const mockedGuestNote = Mock.of<Note>({ id: 1235 });
|
||||
jest
|
||||
.spyOn(notesService, 'getNoteByIdOrAlias')
|
||||
.mockImplementation((noteId: string) =>
|
||||
noteExistsForNoteId && noteId === mockedValidNoteId
|
||||
? Promise.resolve(mockedNote)
|
||||
: Promise.reject('no note found'),
|
||||
);
|
||||
.mockImplementation((noteId: string) => {
|
||||
if (noteExistsForNoteId && noteId === mockedValidNoteId) {
|
||||
return Promise.resolve(mockedNote);
|
||||
}
|
||||
if (noteId === mockedValidGuestNoteId) {
|
||||
return Promise.resolve(mockedGuestNote);
|
||||
} else {
|
||||
return Promise.reject('no note found');
|
||||
}
|
||||
});
|
||||
|
||||
jest
|
||||
.spyOn(permissionsService, 'mayRead')
|
||||
.mockImplementation(
|
||||
(user: User | null, note: Note): Promise<boolean> =>
|
||||
Promise.resolve(
|
||||
user === mockUser && note === mockedNote && userHasReadPermissions,
|
||||
(user === mockUser &&
|
||||
note === mockedNote &&
|
||||
userHasReadPermissions) ||
|
||||
(user === null && note === mockedGuestNote),
|
||||
),
|
||||
);
|
||||
|
||||
|
|
@ -231,6 +246,22 @@ describe('Websocket gateway', () => {
|
|||
addClientSpy = jest.spyOn(mockedRealtimeNote, 'addClient');
|
||||
});
|
||||
|
||||
it('adds a valid connection request without a session', async () => {
|
||||
const request = Mock.of<IncomingMessage>({
|
||||
socket: {
|
||||
remoteAddress: 'mockHost',
|
||||
},
|
||||
url: mockedValidGuestUrl,
|
||||
headers: {},
|
||||
});
|
||||
|
||||
await expect(
|
||||
gateway.handleConnection(mockedWebsocket, request),
|
||||
).resolves.not.toThrow();
|
||||
expect(addClientSpy).toHaveBeenCalledWith(mockedWebsocketConnection);
|
||||
expect(mockedWebsocketCloseSpy).not.toHaveBeenCalled();
|
||||
});
|
||||
|
||||
it('adds a valid connection request', async () => {
|
||||
const request = Mock.of<IncomingMessage>({
|
||||
socket: {
|
||||
|
|
|
|||
|
|
@ -52,10 +52,12 @@ export class WebsocketGateway implements OnGatewayConnection {
|
|||
extractNoteIdFromRequestUrl(request),
|
||||
);
|
||||
|
||||
const username = user?.username ?? 'guest';
|
||||
|
||||
if (!(await this.permissionsService.mayRead(user, note))) {
|
||||
//TODO: [mrdrogdrog] inform client about reason of disconnect.
|
||||
this.logger.log(
|
||||
`Access denied to note '${note.id}' for user '${user.username}'`,
|
||||
`Access denied to note '${note.id}' for user '${username}'`,
|
||||
'handleConnection',
|
||||
);
|
||||
clientSocket.close();
|
||||
|
|
@ -65,7 +67,7 @@ export class WebsocketGateway implements OnGatewayConnection {
|
|||
this.logger.debug(
|
||||
`New realtime connection to note '${note.id}' (${
|
||||
note.publicId
|
||||
}) by user '${user.username}' from ${
|
||||
}) by user '${username}' from ${
|
||||
request.socket.remoteAddress ?? 'unknown'
|
||||
}`,
|
||||
);
|
||||
|
|
@ -98,11 +100,15 @@ export class WebsocketGateway implements OnGatewayConnection {
|
|||
*/
|
||||
private async findUserByRequestSession(
|
||||
request: IncomingMessage,
|
||||
): Promise<User> {
|
||||
const sessionId =
|
||||
this.sessionService.extractVerifiedSessionIdFromRequest(request);
|
||||
): Promise<User | null> {
|
||||
const sessionId = this.sessionService.extractSessionIdFromRequest(request);
|
||||
|
||||
if (sessionId.isEmpty()) {
|
||||
return null;
|
||||
}
|
||||
|
||||
const username = await this.sessionService.fetchUsernameForSessionId(
|
||||
sessionId,
|
||||
sessionId.get(),
|
||||
);
|
||||
return await this.userService.getUserByUsername(username);
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue