mirrors/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2025-05-15 07:34:42 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

fix(repository): Move backend code into subdirectory

Browse source 
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
This commit is contained in:
Tilman Vatteroth 2022-10-02 20:10:32 +02:00 committed by David Mehren
parent 86584e705f
commit bf30cbcf48
272 changed files with 87 additions and 67 deletions
Download patch file Download diff file Expand all files Collapse all files

261
backend/test/private-api/alias.e2e-spec.ts Normal file
View file

@ -0,0 +1,261 @@
/*
* SPDX-FileCopyrightText: 2022 The HedgeDoc developers (see AUTHORS file)
*
* SPDX-License-Identifier: AGPL-3.0-only
*/
import request from 'supertest';
import { AliasCreateDto } from '../../src/notes/alias-create.dto';
import { AliasUpdateDto } from '../../src/notes/alias-update.dto';
import { User } from '../../src/users/user.entity';
import {
password1,
password2,
TestSetup,
TestSetupBuilder,
username1,
username2,
} from '../test-setup';
describe('Alias', () => {
let testSetup: TestSetup;
let users: User[];
const content = 'This is a test note.';
let forbiddenNoteId: string;
let agent1: request.SuperAgentTest;
let agent2: request.SuperAgentTest;
beforeAll(async () => {
testSetup = await TestSetupBuilder.create().withUsers().build();
await testSetup.app.init();
forbiddenNoteId =
testSetup.configService.get('noteConfig').forbiddenNoteIds[0];
users = testSetup.users;
agent1 = request.agent(testSetup.app.getHttpServer());
await agent1
.post('/api/private/auth/local/login')
.send({ username: username1, password: password1 })
.expect(201);
agent2 = request.agent(testSetup.app.getHttpServer());
await agent2
.post('/api/private/auth/local/login')
.send({ username: username2, password: password2 })
.expect(201);
});
afterAll(async () => {
await testSetup.cleanup();
});
describe('POST /alias', () => {
const testAlias = 'aliasTest';
const newAliasDto: AliasCreateDto = {
noteIdOrAlias: testAlias,
newAlias: '',
};
let publicId = '';
beforeAll(async () => {
const note = await testSetup.notesService.createNote(
content,
users[0],
testAlias,
);
publicId = note.publicId;
});
it('create with normal alias', async () => {
const newAlias = 'normalAlias';
newAliasDto.newAlias = newAlias;
const metadata = await agent1
.post(`/api/private/alias`)
.set('Content-Type', 'application/json')
.send(newAliasDto)
.expect(201);
expect(metadata.body.name).toEqual(newAlias);
expect(metadata.body.primaryAlias).toBeFalsy();
expect(metadata.body.noteId).toEqual(publicId);
const note = await agent1
.get(`/api/private/notes/${newAlias}`)
.expect(200);
expect(note.body.metadata.aliases).toContainEqual({
name: 'normalAlias',
primaryAlias: false,
noteId: publicId,
});
expect(note.body.metadata.primaryAddress).toEqual(testAlias);
expect(note.body.metadata.id).toEqual(publicId);
});
describe('does not create an alias', () => {
it('because of a forbidden alias', async () => {
newAliasDto.newAlias = forbiddenNoteId;
await agent1
.post(`/api/private/alias`)
.set('Content-Type', 'application/json')
.send(newAliasDto)
.expect(400)
.then((response) => {
expect(response.body.message).toContain(
'is forbidden by the administrator',
);
});
});
it('because of a alias that is a public id', async () => {
newAliasDto.newAlias = publicId;
await agent1
.post(`/api/private/alias`)
.set('Content-Type', 'application/json')
.send(newAliasDto)
.expect(409);
});
it('because the user is not an owner', async () => {
newAliasDto.newAlias = publicId;
await agent2
.post(`/api/private/alias`)
.set('Content-Type', 'application/json')
.send(newAliasDto)
.expect(401);
});
});
});
describe('PUT /alias/{alias}', () => {
const testAlias = 'aliasTest2';
const newAlias = 'normalAlias2';
const changeAliasDto: AliasUpdateDto = {
primaryAlias: true,
};
let publicId = '';
beforeAll(async () => {
const note = await testSetup.notesService.createNote(
content,
users[0],
testAlias,
);
publicId = note.publicId;
await testSetup.aliasService.addAlias(note, newAlias);
});
it('updates a note with a normal alias', async () => {
const metadata = await agent1
.put(`/api/private/alias/${newAlias}`)
.set('Content-Type', 'application/json')
.send(changeAliasDto)
.expect(200);
expect(metadata.body.name).toEqual(newAlias);
expect(metadata.body.primaryAlias).toBeTruthy();
expect(metadata.body.noteId).toEqual(publicId);
const note = await agent1
.get(`/api/private/notes/${newAlias}`)
.expect(200);
expect(note.body.metadata.aliases).toContainEqual({
name: newAlias,
primaryAlias: true,
noteId: publicId,
});
expect(note.body.metadata.primaryAddress).toEqual(newAlias);
expect(note.body.metadata.id).toEqual(publicId);
});
describe('does not update', () => {
it('a note with unknown alias', async () => {
await agent1
.put(`/api/private/alias/i_dont_exist`)
.set('Content-Type', 'application/json')
.send(changeAliasDto)
.expect(404);
});
it('a note with a forbidden ID', async () => {
await agent1
.put(`/api/private/alias/${forbiddenNoteId}`)
.set('Content-Type', 'application/json')
.send(changeAliasDto)
.expect(400)
.then((response) => {
expect(response.body.message).toContain(
'is forbidden by the administrator',
);
});
});
it('if the property primaryAlias is false', async () => {
changeAliasDto.primaryAlias = false;
await agent1
.put(`/api/private/alias/${newAlias}`)
.set('Content-Type', 'application/json')
.send(changeAliasDto)
.expect(400);
});
it('if the user is not an owner', async () => {
changeAliasDto.primaryAlias = true;
await agent2
.put(`/api/private/alias/${newAlias}`)
.set('Content-Type', 'application/json')
.send(changeAliasDto)
.expect(401);
});
});
});
describe('DELETE /alias/{alias}', () => {
const testAlias = 'aliasTest3';
const newAlias = 'normalAlias3';
let note;
beforeEach(async () => {
note = await testSetup.notesService.createNote(
content,
users[0],
testAlias,
);
await testSetup.aliasService.addAlias(note, newAlias);
});
afterEach(async () => {
try {
await testSetup.aliasService.removeAlias(note, newAlias);
// Ignore errors on removing alias
// eslint-disable-next-line no-empty
} catch (e) {}
await testSetup.notesService.deleteNote(note);
});
it('deletes a normal alias', async () => {
await agent1.delete(`/api/private/alias/${newAlias}`).expect(204);
await agent1.get(`/api/private/notes/${newAlias}`).expect(404);
});
it('does not delete an unknown alias', async () => {
await agent1.delete(`/api/private/alias/i_dont_exist`).expect(404);
});
it('does not delete an alias of a forbidden note', async () => {
await agent1
.delete(`/api/private/alias/${forbiddenNoteId}`)
.expect(400)
.then((response) => {
expect(response.body.message).toContain(
'is forbidden by the administrator',
);
});
});
it('fails if the user does not own the note', async () => {
await agent2.delete(`/api/private/alias/${newAlias}`).expect(401);
});
it('does not delete an primary alias (if it is not the only one)', async () => {
await agent1.delete(`/api/private/alias/${testAlias}`).expect(400);
await agent1.get(`/api/private/notes/${newAlias}`).expect(200);
});
it('deletes a primary alias (if it is the only one)', async () => {
await agent1.delete(`/api/private/alias/${newAlias}`).expect(204);
await agent1.delete(`/api/private/alias/${testAlias}`).expect(204);
});
});
});

246
backend/test/private-api/auth.e2e-spec.ts Normal file
View file

@ -0,0 +1,246 @@
/*
* SPDX-FileCopyrightText: 2022 The HedgeDoc developers (see AUTHORS file)
*
* SPDX-License-Identifier: AGPL-3.0-only
*/
/* eslint-disable
@typescript-eslint/no-unsafe-assignment,
@typescript-eslint/no-unsafe-member-access
*/
import request from 'supertest';
import { LoginDto } from '../../src/identity/local/login.dto';
import { RegisterDto } from '../../src/identity/local/register.dto';
import { UpdatePasswordDto } from '../../src/identity/local/update-password.dto';
import { UserRelationEnum } from '../../src/users/user-relation.enum';
import { checkPassword } from '../../src/utils/password';
import { TestSetup, TestSetupBuilder } from '../test-setup';
describe('Auth', () => {
let testSetup: TestSetup;
let username: string;
let displayName: string;
let password: string;
beforeAll(async () => {
testSetup = await TestSetupBuilder.create().build();
await testSetup.app.init();
username = 'hardcoded';
displayName = 'Testy';
password = 'test_password';
});
afterAll(async () => {
// Yes, this is a bad hack, but there is a race somewhere and I have
// no idea how to fix it.
await new Promise((resolve) => {
setTimeout(resolve, 1000);
});
await testSetup.cleanup();
});
describe('POST /auth/local', () => {
it('works', async () => {
const registrationDto: RegisterDto = {
displayName: displayName,
password: password,
username: username,
};
await request(testSetup.app.getHttpServer())
.post('/api/private/auth/local')
.set('Content-Type', 'application/json')
.send(JSON.stringify(registrationDto))
.expect(201);
const newUser = await testSetup.userService.getUserByUsername(username, [
UserRelationEnum.IDENTITIES,
]);
expect(newUser.displayName).toEqual(displayName);
await expect(newUser.identities).resolves.toHaveLength(1);
await expect(
checkPassword(
password,
(await newUser.identities)[0].passwordHash ?? '',
),
).resolves.toBeTruthy();
});
describe('fails', () => {
it('when the user already exits', async () => {
const username2 = 'already_existing';
await testSetup.userService.createUser(username2, displayName);
const registrationDto: RegisterDto = {
displayName: displayName,
password: password,
username: username2,
};
await request(testSetup.app.getHttpServer())
.post('/api/private/auth/local')
.set('Content-Type', 'application/json')
.send(JSON.stringify(registrationDto))
.expect(409);
});
it('when registration is disabled', async () => {
testSetup.configService.get('authConfig').local.enableRegister = false;
const registrationDto: RegisterDto = {
displayName: displayName,
password: password,
username: username,
};
await request(testSetup.app.getHttpServer())
.post('/api/private/auth/local')
.set('Content-Type', 'application/json')
.send(JSON.stringify(registrationDto))
.expect(400);
testSetup.configService.get('authConfig').local.enableRegister = true;
});
});
});
describe('PUT /auth/local', () => {
const newPassword = 'new_password';
let cookie = '';
beforeEach(async () => {
const loginDto: LoginDto = {
password: password,
username: username,
};
const response = await request(testSetup.app.getHttpServer())
.post('/api/private/auth/local/login')
.set('Content-Type', 'application/json')
.send(JSON.stringify(loginDto))
.expect(201);
cookie = response.get('Set-Cookie')[0];
});
it('works', async () => {
// Change password
const changePasswordDto: UpdatePasswordDto = {
currentPassword: password,
newPassword: newPassword,
};
await request(testSetup.app.getHttpServer())
.put('/api/private/auth/local')
.set('Content-Type', 'application/json')
.set('Cookie', cookie)
.send(JSON.stringify(changePasswordDto))
.expect(200);
// Successfully login with new password
const loginDto: LoginDto = {
password: newPassword,
username: username,
};
const response = await request(testSetup.app.getHttpServer())
.post('/api/private/auth/local/login')
.set('Content-Type', 'application/json')
.send(JSON.stringify(loginDto))
.expect(201);
cookie = response.get('Set-Cookie')[0];
// Reset password
const changePasswordBackDto: UpdatePasswordDto = {
currentPassword: newPassword,
newPassword: password,
};
await request(testSetup.app.getHttpServer())
.put('/api/private/auth/local')
.set('Content-Type', 'application/json')
.set('Cookie', cookie)
.send(JSON.stringify(changePasswordBackDto))
.expect(200);
});
it('fails, when registration is disabled', async () => {
testSetup.configService.get('authConfig').local.enableLogin = false;
// Try to change password
const changePasswordDto: UpdatePasswordDto = {
currentPassword: password,
newPassword: newPassword,
};
await request(testSetup.app.getHttpServer())
.put('/api/private/auth/local')
.set('Content-Type', 'application/json')
.set('Cookie', cookie)
.send(JSON.stringify(changePasswordDto))
.expect(400);
// enable login again
testSetup.configService.get('authConfig').local.enableLogin = true;
// new password doesn't work for login
const loginNewPasswordDto: LoginDto = {
password: newPassword,
username: username,
};
await request(testSetup.app.getHttpServer())
.post('/api/private/auth/local/login')
.set('Content-Type', 'application/json')
.send(JSON.stringify(loginNewPasswordDto))
.expect(401);
// old password does work for login
const loginOldPasswordDto: LoginDto = {
password: password,
username: username,
};
await request(testSetup.app.getHttpServer())
.post('/api/private/auth/local/login')
.set('Content-Type', 'application/json')
.send(JSON.stringify(loginOldPasswordDto))
.expect(201);
});
it('fails, when old password is wrong', async () => {
// Try to change password
const changePasswordDto: UpdatePasswordDto = {
currentPassword: 'wrong',
newPassword: newPassword,
};
await request(testSetup.app.getHttpServer())
.put('/api/private/auth/local')
.set('Content-Type', 'application/json')
.set('Cookie', cookie)
.send(JSON.stringify(changePasswordDto))
.expect(401);
// old password still does work for login
const loginOldPasswordDto: LoginDto = {
password: password,
username: username,
};
await request(testSetup.app.getHttpServer())
.post('/api/private/auth/local/login')
.set('Content-Type', 'application/json')
.send(JSON.stringify(loginOldPasswordDto))
.expect(201);
});
});
describe('POST /auth/local/login', () => {
it('works', async () => {
testSetup.configService.get('authConfig').local.enableLogin = true;
const loginDto: LoginDto = {
password: password,
username: username,
};
await request(testSetup.app.getHttpServer())
.post('/api/private/auth/local/login')
.set('Content-Type', 'application/json')
.send(JSON.stringify(loginDto))
.expect(201);
});
});
describe('DELETE /auth/logout', () => {
it('works', async () => {
testSetup.configService.get('authConfig').local.enableLogin = true;
const loginDto: LoginDto = {
password: password,
username: username,
};
const response = await request(testSetup.app.getHttpServer())
.post('/api/private/auth/local/login')
.set('Content-Type', 'application/json')
.send(JSON.stringify(loginDto))
.expect(201);
const cookie = response.get('Set-Cookie')[0];
await request(testSetup.app.getHttpServer())
.delete('/api/private/auth/logout')
.set('Cookie', cookie)
.expect(204);
});
});
});

1
backend/test/private-api/fixtures/hedgedoc.pem Normal file
View file

@ -0,0 +1 @@
test-cert

3
backend/test/private-api/fixtures/hedgedoc.pem.license Normal file
View file

@ -0,0 +1,3 @@
SPDX-FileCopyrightText: 2022 The HedgeDoc developers (see AUTHORS file)
SPDX-License-Identifier: CC0-1.0

BIN
backend/test/private-api/fixtures/test.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 7.7 KiB

3
backend/test/private-api/fixtures/test.png.license Normal file
View file

@ -0,0 +1,3 @@
SPDX-FileCopyrightText: 2021 The HedgeDoc developers (see AUTHORS file)
SPDX-License-Identifier: CC0-1.0

BIN
backend/test/private-api/fixtures/test.zip Normal file
View file

Binary file not shown.

3
backend/test/private-api/fixtures/test.zip.license Normal file
View file

@ -0,0 +1,3 @@
SPDX-FileCopyrightText: 2021 The HedgeDoc developers (see AUTHORS file)
SPDX-License-Identifier: CC0-1.0

79
backend/test/private-api/groups.e2e-spec.ts Normal file
View file

@ -0,0 +1,79 @@
/*
* SPDX-FileCopyrightText: 2022 The HedgeDoc developers (see AUTHORS file)
*
* SPDX-License-Identifier: AGPL-3.0-only
*/
import request from 'supertest';
import { GuestAccess } from '../../src/config/guest_access.enum';
import { createDefaultMockNoteConfig } from '../../src/config/mock/note.config.mock';
import { NoteConfig } from '../../src/config/note.config';
import { LoginDto } from '../../src/identity/local/login.dto';
import {
password1,
TestSetup,
TestSetupBuilder,
username1,
} from '../test-setup';
describe('Groups', () => {
let testSetup: TestSetup;
let testuser1Session: request.SuperAgentTest;
const noteConfigMock: NoteConfig = createDefaultMockNoteConfig();
beforeEach(async () => {
testSetup = await TestSetupBuilder.create({
noteConfigMock: noteConfigMock,
})
.withUsers()
.build();
await testSetup.app.init();
// create a test group
await testSetup.groupService.createGroup('testgroup1', 'testgroup1', false);
// log in to create a session
const loginDto: LoginDto = {
password: password1,
username: username1,
};
testuser1Session = request.agent(testSetup.app.getHttpServer());
await testuser1Session
.post('/api/private/auth/local/login')
.set('Content-Type', 'application/json')
.send(JSON.stringify(loginDto))
.expect(201);
});
afterEach(async () => {
await testSetup.app.close();
await testSetup.cleanup();
});
test('details for existing groups can be retrieved', async () => {
const response = await testuser1Session.get(
'/api/private/groups/testgroup1',
);
expect(response.status).toBe(200);
expect(response.body.name).toBe('testgroup1');
});
test('details for non-existing groups cannot be retrieved', async () => {
const response = await testuser1Session.get(
'/api/private/groups/i_dont_exist',
);
expect(response.status).toBe(404);
});
describe('API requires authentication', () => {
beforeAll(() => {
noteConfigMock.guestAccess = GuestAccess.DENY;
});
test('get group', async () => {
const response = await request(testSetup.app.getHttpServer()).get(
'/api/private/groups/testgroup1',
);
expect(response.status).toBe(401);
});
});
});

228
backend/test/private-api/history.e2e-spec.ts Normal file
View file

@ -0,0 +1,228 @@
/*
* SPDX-FileCopyrightText: 2022 The HedgeDoc developers (see AUTHORS file)
*
* SPDX-License-Identifier: AGPL-3.0-only
*/
import request from 'supertest';
import { HistoryEntryImportDto } from '../../src/history/history-entry-import.dto';
import { HistoryEntry } from '../../src/history/history-entry.entity';
import { HistoryService } from '../../src/history/history.service';
import { IdentityService } from '../../src/identity/identity.service';
import { Note } from '../../src/notes/note.entity';
import { NotesService } from '../../src/notes/notes.service';
import { User } from '../../src/users/user.entity';
import { UsersService } from '../../src/users/users.service';
import { TestSetup, TestSetupBuilder } from '../test-setup';
describe('History', () => {
let testSetup: TestSetup;
let historyService: HistoryService;
let identityService: IdentityService;
let user: User;
let note: Note;
let note2: Note;
let forbiddenNoteId: string;
let content: string;
let agent: request.SuperAgentTest;
beforeAll(async () => {
testSetup = await TestSetupBuilder.create().build();
forbiddenNoteId =
testSetup.configService.get('noteConfig').forbiddenNoteIds[0];
const moduleRef = testSetup.moduleRef;
const username = 'hardcoded';
const password = 'AHardcodedStrongP@ssword123';
await testSetup.app.init();
content = 'This is a test note.';
historyService = moduleRef.get(HistoryService);
const userService = moduleRef.get(UsersService);
identityService = moduleRef.get(IdentityService);
user = await userService.createUser(username, 'Testy');
await identityService.createLocalIdentity(user, password);
const notesService = moduleRef.get(NotesService);
note = await notesService.createNote(content, user, 'note');
note2 = await notesService.createNote(content, user, 'note2');
agent = request.agent(testSetup.app.getHttpServer());
await agent
.post('/api/private/auth/local/login')
.send({ username: username, password: password })
.expect(201);
});
afterAll(async () => {
await testSetup.app.close();
await testSetup.cleanup();
});
it('GET /me/history', async () => {
const emptyResponse = await agent
.get('/api/private/me/history')
.expect('Content-Type', /json/)
.expect(200);
expect(emptyResponse.body.length).toEqual(0);
const entry = await testSetup.historyService.updateHistoryEntryTimestamp(
note,
user,
);
const entryDto = await testSetup.historyService.toHistoryEntryDto(entry);
const response = await agent
.get('/api/private/me/history')
.expect('Content-Type', /json/)
.expect(200);
expect(response.body.length).toEqual(1);
expect(response.body[0].identifier).toEqual(entryDto.identifier);
expect(response.body[0].title).toEqual(entryDto.title);
expect(response.body[0].tags).toEqual(entryDto.tags);
expect(response.body[0].pinStatus).toEqual(entryDto.pinStatus);
expect(response.body[0].lastVisitedAt).toEqual(
entryDto.lastVisitedAt.toISOString(),
);
});
describe('POST /me/history', () => {
it('works', async () => {
expect(
await testSetup.historyService.getEntriesByUser(user),
).toHaveLength(1);
const pinStatus = true;
const lastVisited = new Date('2020-12-01 12:23:34');
const postEntryDto = new HistoryEntryImportDto();
postEntryDto.note = (await note2.aliases).filter(
(alias) => alias.primary,
)[0].name;
postEntryDto.pinStatus = pinStatus;
postEntryDto.lastVisitedAt = lastVisited;
await agent
.post('/api/private/me/history')
.set('Content-Type', 'application/json')
.send(JSON.stringify({ history: [postEntryDto] }))
.expect(201);
const userEntries = await testSetup.historyService.getEntriesByUser(user);
expect(userEntries.length).toEqual(1);
expect((await (await userEntries[0].note).aliases)[0].name).toEqual(
(await note2.aliases)[0].name,
);
expect((await (await userEntries[0].note).aliases)[0].primary).toEqual(
(await note2.aliases)[0].primary,
);
expect((await (await userEntries[0].note).aliases)[0].id).toEqual(
(await note2.aliases)[0].id,
);
expect((await userEntries[0].user).username).toEqual(user.username);
expect(userEntries[0].pinStatus).toEqual(pinStatus);
expect(userEntries[0].updatedAt).toEqual(lastVisited);
});
describe('fails', () => {
let pinStatus: boolean;
let lastVisited: Date;
let postEntryDto: HistoryEntryImportDto;
let prevEntry: HistoryEntry;
beforeAll(async () => {
const previousHistory = await testSetup.historyService.getEntriesByUser(
user,
);
expect(previousHistory).toHaveLength(1);
prevEntry = previousHistory[0];
pinStatus = !previousHistory[0].pinStatus;
lastVisited = new Date('2020-12-01 23:34:45');
postEntryDto = new HistoryEntryImportDto();
postEntryDto.note = (await note2.aliases).filter(
(alias) => alias.primary,
)[0].name;
postEntryDto.pinStatus = pinStatus;
postEntryDto.lastVisitedAt = lastVisited;
});
it('with forbiddenId', async () => {
const brokenEntryDto = new HistoryEntryImportDto();
brokenEntryDto.note = forbiddenNoteId;
brokenEntryDto.pinStatus = pinStatus;
brokenEntryDto.lastVisitedAt = lastVisited;
await agent
.post('/api/private/me/history')
.set('Content-Type', 'application/json')
.send(JSON.stringify({ history: [brokenEntryDto] }))
.expect(400);
});
it('with non-existing note', async () => {
const brokenEntryDto = new HistoryEntryImportDto();
brokenEntryDto.note = 'i_dont_exist';
brokenEntryDto.pinStatus = pinStatus;
brokenEntryDto.lastVisitedAt = lastVisited;
await agent
.post('/api/private/me/history')
.set('Content-Type', 'application/json')
.send(JSON.stringify({ history: [brokenEntryDto] }))
.expect(404);
});
afterEach(async () => {
const historyEntries = await testSetup.historyService.getEntriesByUser(
user,
);
expect(historyEntries).toHaveLength(1);
expect(await (await historyEntries[0].note).aliases).toEqual(
await (
await prevEntry.note
).aliases,
);
expect((await historyEntries[0].user).username).toEqual(
(await prevEntry.user).username,
);
expect(historyEntries[0].pinStatus).toEqual(prevEntry.pinStatus);
expect(historyEntries[0].updatedAt).toEqual(prevEntry.updatedAt);
});
});
});
it('DELETE /me/history', async () => {
expect(
(await testSetup.historyService.getEntriesByUser(user)).length,
).toEqual(1);
await agent.delete('/api/private/me/history').expect(204);
expect(
(await testSetup.historyService.getEntriesByUser(user)).length,
).toEqual(0);
});
it('PUT /me/history/:note', async () => {
const entry = await testSetup.historyService.updateHistoryEntryTimestamp(
note2,
user,
);
expect(entry.pinStatus).toBeFalsy();
const alias = (await (await entry.note).aliases).filter(
(alias) => alias.primary,
)[0].name;
await agent
.put(`/api/private/me/history/${alias || 'null'}`)
.send({ pinStatus: true })
.expect(200);
const userEntries = await testSetup.historyService.getEntriesByUser(user);
expect(userEntries.length).toEqual(1);
expect(userEntries[0].pinStatus).toBeTruthy();
await testSetup.historyService.deleteHistoryEntry(note2, user);
});
it('DELETE /me/history/:note', async () => {
const entry = await historyService.updateHistoryEntryTimestamp(note2, user);
const alias = (await (await entry.note).aliases).filter(
(alias) => alias.primary,
)[0].name;
const entry2 = await historyService.updateHistoryEntryTimestamp(note, user);
const entryDto = await historyService.toHistoryEntryDto(entry2);
await agent
.delete(`/api/private/me/history/${alias || 'null'}`)
.expect(204);
const userEntries = await historyService.getEntriesByUser(user);
expect(userEntries.length).toEqual(1);
const userEntryDto = await historyService.toHistoryEntryDto(userEntries[0]);
expect(userEntryDto.identifier).toEqual(entryDto.identifier);
expect(userEntryDto.title).toEqual(entryDto.title);
expect(userEntryDto.tags).toEqual(entryDto.tags);
expect(userEntryDto.pinStatus).toEqual(entryDto.pinStatus);
expect(userEntryDto.lastVisitedAt).toEqual(entryDto.lastVisitedAt);
});
});

135
backend/test/private-api/me.e2e-spec.ts Normal file
View file

@ -0,0 +1,135 @@
/*
* SPDX-FileCopyrightText: 2022 The HedgeDoc developers (see AUTHORS file)
*
* SPDX-License-Identifier: AGPL-3.0-only
*/
import { promises as fs } from 'fs';
import request from 'supertest';
import { NotInDBError } from '../../src/errors/errors';
import { Note } from '../../src/notes/note.entity';
import { UserLoginInfoDto } from '../../src/users/user-info.dto';
import { User } from '../../src/users/user.entity';
import { TestSetup, TestSetupBuilder } from '../test-setup';
describe('Me', () => {
let testSetup: TestSetup;
let uploadPath: string;
let user: User;
let content: string;
let note1: Note;
let alias2: string;
let note2: Note;
let agent: request.SuperAgentTest;
beforeAll(async () => {
testSetup = await TestSetupBuilder.create().build();
uploadPath =
testSetup.configService.get('mediaConfig').backend.filesystem.uploadPath;
const username = 'hardcoded';
const password = 'AHardcodedStrongP@ssword123';
await testSetup.app.init();
user = await testSetup.userService.createUser(username, 'Testy');
await testSetup.identityService.createLocalIdentity(user, password);
content = 'This is a test note.';
alias2 = 'note2';
note1 = await testSetup.notesService.createNote(content, user);
note2 = await testSetup.notesService.createNote(content, user, alias2);
agent = request.agent(testSetup.app.getHttpServer());
await agent
.post('/api/private/auth/local/login')
.send({ username: username, password: password })
.expect(201);
});
afterAll(async () => {
await testSetup.cleanup();
});
it('GET /me', async () => {
const userInfo = testSetup.userService.toUserLoginInfoDto(user, 'local');
const response = await agent
.get('/api/private/me')
.expect('Content-Type', /json/)
.expect(200);
const gotUser = response.body as UserLoginInfoDto;
expect(gotUser).toEqual(userInfo);
});
it('GET /me/media', async () => {
const responseBefore = await agent
.get('/api/private/me/media/')
.expect('Content-Type', /json/)
.expect(200);
expect(responseBefore.body).toHaveLength(0);
const testImage = await fs.readFile('test/public-api/fixtures/test.png');
const imageUrls = [];
imageUrls.push(
(await testSetup.mediaService.saveFile(testImage, user, note1)).fileUrl,
);
imageUrls.push(
(await testSetup.mediaService.saveFile(testImage, user, note1)).fileUrl,
);
imageUrls.push(
(await testSetup.mediaService.saveFile(testImage, user, note2)).fileUrl,
);
imageUrls.push(
(await testSetup.mediaService.saveFile(testImage, user, note2)).fileUrl,
);
const response = await agent
.get('/api/private/me/media/')
.expect('Content-Type', /json/)
.expect(200);
expect(response.body).toHaveLength(4);
expect(imageUrls).toContain(response.body[0].url);
expect(imageUrls).toContain(response.body[1].url);
expect(imageUrls).toContain(response.body[2].url);
expect(imageUrls).toContain(response.body[3].url);
const mediaUploads = await testSetup.mediaService.listUploadsByUser(user);
for (const upload of mediaUploads) {
await testSetup.mediaService.deleteFile(upload);
}
await fs.rmdir(uploadPath);
});
it('POST /me/profile', async () => {
const newDisplayName = 'Another name';
expect(user.displayName).not.toEqual(newDisplayName);
await agent
.post('/api/private/me/profile')
.send({
displayName: newDisplayName,
})
.expect(201);
const dbUser = await testSetup.userService.getUserByUsername('hardcoded');
expect(dbUser.displayName).toEqual(newDisplayName);
});
it('DELETE /me', async () => {
const testImage = await fs.readFile('test/public-api/fixtures/test.png');
const upload = await testSetup.mediaService.saveFile(
testImage,
user,
note1,
);
const dbUser = await testSetup.userService.getUserByUsername('hardcoded');
expect(dbUser).toBeInstanceOf(User);
const mediaUploads = await testSetup.mediaService.listUploadsByUser(dbUser);
expect(mediaUploads).toHaveLength(1);
expect(mediaUploads[0].fileUrl).toEqual(upload.fileUrl);
await agent.delete('/api/private/me').expect(204);
await expect(
testSetup.userService.getUserByUsername('hardcoded'),
).rejects.toThrow(NotInDBError);
const mediaUploadsAfter = await testSetup.mediaService.listUploadsByNote(
note1,
);
expect(mediaUploadsAfter).toHaveLength(0);
});
});

130
backend/test/private-api/media.e2e-spec.ts Normal file
View file

@ -0,0 +1,130 @@
/*
* SPDX-FileCopyrightText: 2022 The HedgeDoc developers (see AUTHORS file)
*
* SPDX-License-Identifier: AGPL-3.0-only
*/
import { promises as fs } from 'fs';
import { join } from 'path';
import { User } from 'src/users/user.entity';
import request from 'supertest';
import { ConsoleLoggerService } from '../../src/logger/console-logger.service';
import { TestSetup, TestSetupBuilder } from '../test-setup';
import { ensureDeleted } from '../utils';
describe('Media', () => {
let testSetup: TestSetup;
let uploadPath: string;
let agent: request.SuperAgentTest;
let user: User;
beforeAll(async () => {
const username = 'hardcoded';
const password = 'AHardcodedStrongP@ssword123';
testSetup = await TestSetupBuilder.create().build();
uploadPath =
testSetup.configService.get('mediaConfig').backend.filesystem.uploadPath;
testSetup.app.useStaticAssets(uploadPath, {
prefix: '/uploads',
});
await testSetup.app.init();
const logger = await testSetup.app.resolve(ConsoleLoggerService);
logger.log('Switching logger', 'AppBootstrap');
testSetup.app.useLogger(logger);
await testSetup.notesService.createNote(
'test content',
null,
'test_upload_media',
);
user = await testSetup.userService.createUser(username, 'Testy');
await testSetup.identityService.createLocalIdentity(user, password);
agent = request.agent(testSetup.app.getHttpServer());
await agent
.post('/api/private/auth/local/login')
.send({ username: username, password: password })
.expect(201);
});
afterAll(async () => {
// Delete the upload folder
await ensureDeleted(uploadPath);
await testSetup.app.close();
await testSetup.cleanup();
});
describe('POST /media', () => {
it('works', async () => {
const uploadResponse = await agent
.post('/api/private/media')
.attach('file', 'test/private-api/fixtures/test.png')
.set('HedgeDoc-Note', 'test_upload_media')
.expect('Content-Type', /json/)
.expect(201);
const path: string = uploadResponse.body.url;
const testImage = await fs.readFile('test/private-api/fixtures/test.png');
const downloadResponse = await agent.get(path);
expect(downloadResponse.body).toEqual(testImage);
// Remove /uploads/ from path as we just need the filename.
const fileName = path.replace('/uploads/', '');
// delete the file afterwards
await fs.unlink(join(uploadPath, fileName));
});
describe('fails:', () => {
beforeEach(async () => {
await ensureDeleted(uploadPath);
});
it('MIME type not supported', async () => {
await agent
.post('/api/private/media')
.attach('file', 'test/private-api/fixtures/test.zip')
.set('HedgeDoc-Note', 'test_upload_media')
.expect(400);
await expect(fs.access(uploadPath)).rejects.toBeDefined();
});
it('note does not exist', async () => {
await agent
.post('/api/private/media')
.attach('file', 'test/private-api/fixtures/test.zip')
.set('HedgeDoc-Note', 'i_dont_exist')
.expect(404);
await expect(fs.access(uploadPath)).rejects.toBeDefined();
});
it('mediaBackend error', async () => {
await fs.mkdir(uploadPath, {
mode: '444',
});
await agent
.post('/api/private/media')
.attach('file', 'test/private-api/fixtures/test.png')
.set('HedgeDoc-Note', 'test_upload_media')
.expect('Content-Type', /json/)
.expect(500);
});
afterEach(async () => {
await ensureDeleted(uploadPath);
});
});
});
it('DELETE /media/{filename}', async () => {
const testNote = await testSetup.notesService.createNote(
'test content',
null,
'test_delete_media',
);
const testImage = await fs.readFile('test/private-api/fixtures/test.png');
const upload = await testSetup.mediaService.saveFile(
testImage,
user,
testNote,
);
const filename = upload.fileUrl.split('/').pop() || '';
await agent.delete('/api/private/media/' + filename).expect(204);
});
});

443
backend/test/private-api/notes.e2e-spec.ts Normal file
View file

@ -0,0 +1,443 @@
/*
* SPDX-FileCopyrightText: 2022 The HedgeDoc developers (see AUTHORS file)
*
* SPDX-License-Identifier: AGPL-3.0-only
*/
import { promises as fs } from 'fs';
import { join } from 'path';
import request from 'supertest';
import { NotInDBError } from '../../src/errors/errors';
import { User } from '../../src/users/user.entity';
import { TestSetup, TestSetupBuilder } from '../test-setup';
describe('Notes', () => {
let testSetup: TestSetup;
let user: User;
let user2: User;
let content: string;
let forbiddenNoteId: string;
let uploadPath: string;
let testImage: Buffer;
let agent: request.SuperAgentTest;
beforeAll(async () => {
testSetup = await TestSetupBuilder.create().build();
forbiddenNoteId =
testSetup.configService.get('noteConfig').forbiddenNoteIds[0];
uploadPath =
testSetup.configService.get('mediaConfig').backend.filesystem.uploadPath;
await testSetup.app.init();
const username1 = 'hardcoded';
const password1 = 'AHardcodedStrongP@ssword123';
const username2 = 'hardcoded2';
const password2 = 'AHardcodedStrongP@ssword12';
user = await testSetup.userService.createUser(username1, 'Testy');
await testSetup.identityService.createLocalIdentity(user, password1);
user2 = await testSetup.userService.createUser(username2, 'Max Mustermann');
await testSetup.identityService.createLocalIdentity(user2, password2);
content = 'This is a test note.';
testImage = await fs.readFile('test/public-api/fixtures/test.png');
agent = request.agent(testSetup.app.getHttpServer());
await agent
.post('/api/private/auth/local/login')
.send({ username: username1, password: password1 })
.expect(201);
});
afterAll(async () => {
await testSetup.app.close();
await testSetup.cleanup();
});
it('POST /notes', async () => {
const response = await agent
.post('/api/private/notes')
.set('Content-Type', 'text/markdown')
.send(content)
.expect('Content-Type', /json/)
.expect(201);
expect(response.body.metadata?.id).toBeDefined();
expect(
await testSetup.notesService.getNoteContent(
await testSetup.notesService.getNoteByIdOrAlias(
response.body.metadata.id,
),
),
).toEqual(content);
});
describe('GET /notes/{note}', () => {
it('works with an existing note', async () => {
// check if we can succefully get a note that exists
await testSetup.notesService.createNote(content, user, 'test1');
const response = await agent
.get('/api/private/notes/test1')
.expect('Content-Type', /json/)
.expect(200);
expect(response.body.content).toEqual(content);
});
it('fails with an non-existing note', async () => {
// check if a missing note correctly returns 404
await agent
.get('/api/private/notes/i_dont_exist')
.expect('Content-Type', /json/)
.expect(404);
});
});
describe('POST /notes/{note}', () => {
it('works with a non-existing alias', async () => {
const response = await agent
.post('/api/private/notes/test2')
.set('Content-Type', 'text/markdown')
.send(content)
.expect('Content-Type', /json/)
.expect(201);
expect(response.body.metadata?.id).toBeDefined();
return expect(
await testSetup.notesService.getNoteContent(
await testSetup.notesService.getNoteByIdOrAlias(
response.body.metadata?.id,
),
),
).toEqual(content);
});
it('fails with a forbidden alias', async () => {
await agent
.post(`/api/private/notes/${forbiddenNoteId}`)
.set('Content-Type', 'text/markdown')
.send(content)
.expect('Content-Type', /json/)
.expect(400);
});
it('fails with a existing alias', async () => {
await agent
.post('/api/private/notes/test2')
.set('Content-Type', 'text/markdown')
.send(content)
.expect('Content-Type', /json/)
.expect(409);
});
it('fails with a content, that is too long', async () => {
const content = 'x'.repeat(
(testSetup.configService.get('noteConfig')
.maxDocumentLength as number) + 1,
);
await agent
.post('/api/private/notes/test2')
.set('Content-Type', 'text/markdown')
.send(content)
.expect('Content-Type', /json/)
.expect(413);
});
});
describe('DELETE /notes/{note}', () => {
describe('works', () => {
it('with an existing alias and keepMedia false', async () => {
const noteId = 'test3';
const note = await testSetup.notesService.createNote(
content,
user,
noteId,
);
await testSetup.mediaService.saveFile(testImage, user, note);
await agent
.delete(`/api/private/notes/${noteId}`)
.set('Content-Type', 'application/json')
.send({
keepMedia: false,
})
.expect(204);
await expect(
testSetup.notesService.getNoteByIdOrAlias(noteId),
).rejects.toEqual(
new NotInDBError(`Note with id/alias '${noteId}' not found.`),
);
expect(
await testSetup.mediaService.listUploadsByUser(user),
).toHaveLength(0);
await fs.rmdir(uploadPath);
});
it('with an existing alias and keepMedia true', async () => {
const noteId = 'test3a';
const note = await testSetup.notesService.createNote(
content,
user,
noteId,
);
const upload = await testSetup.mediaService.saveFile(
testImage,
user,
note,
);
await agent
.delete(`/api/private/notes/${noteId}`)
.set('Content-Type', 'application/json')
.send({
keepMedia: true,
})
.expect(204);
await expect(
testSetup.notesService.getNoteByIdOrAlias(noteId),
).rejects.toEqual(
new NotInDBError(`Note with id/alias '${noteId}' not found.`),
);
expect(
await testSetup.mediaService.listUploadsByUser(user),
).toHaveLength(1);
// Remove /upload/ from path as we just need the filename.
const fileName = upload.fileUrl.replace('/uploads/', '');
// delete the file afterwards
await fs.unlink(join(uploadPath, fileName));
await fs.rmdir(uploadPath);
});
});
it('fails with a forbidden alias', async () => {
await agent.delete(`/api/private/notes/${forbiddenNoteId}`).expect(400);
});
it('fails with a non-existing alias', async () => {
await agent.delete('/api/private/notes/i_dont_exist').expect(404);
});
});
describe('GET /notes/{note}/metadata', () => {
it('returns complete metadata object', async () => {
const noteAlias = 'metadata_test_note';
await testSetup.notesService.createNote(content, user, noteAlias);
const metadata = await agent
.get(`/api/private/notes/${noteAlias}/metadata`)
.expect('Content-Type', /json/)
.expect(200);
expect(typeof metadata.body.id).toEqual('string');
expect(metadata.body.aliases[0].name).toEqual(noteAlias);
expect(metadata.body.primaryAddress).toEqual(noteAlias);
expect(metadata.body.title).toEqual('');
expect(metadata.body.description).toEqual('');
expect(typeof metadata.body.createdAt).toEqual('string');
expect(metadata.body.editedBy).toEqual([]);
expect(metadata.body.permissions.owner).toEqual('hardcoded');
expect(metadata.body.permissions.sharedToUsers).toEqual([]);
expect(metadata.body.permissions.sharedToUsers).toEqual([]);
expect(metadata.body.tags).toEqual([]);
expect(typeof metadata.body.updatedAt).toEqual('string');
expect(typeof metadata.body.updateUsername).toEqual('string');
expect(typeof metadata.body.viewCount).toEqual('number');
expect(metadata.body.editedBy).toEqual([]);
});
it('fails with a forbidden alias', async () => {
await agent
.get(`/api/private/notes/${forbiddenNoteId}/metadata`)
.expect('Content-Type', /json/)
.expect(400);
});
it('fails with non-existing alias', async () => {
// check if a missing note correctly returns 404
await agent
.get('/api/private/notes/i_dont_exist/metadata')
.expect('Content-Type', /json/)
.expect(404);
});
it('has the correct update/create dates', async () => {
const noteAlias = 'metadata_test_note_date';
// create a note
const note = await testSetup.notesService.createNote(
content,
user,
noteAlias,
);
// save the creation time
const createDate = note.createdAt;
const revisions = await note.revisions;
const updatedDate = revisions[revisions.length - 1].createdAt;
// wait one second
await new Promise((r) => setTimeout(r, 1000));
// update the note
await testSetup.notesService.updateNote(note, 'More test content');
const metadata = await agent
.get(`/api/private/notes/${noteAlias}/metadata`)
.expect('Content-Type', /json/)
.expect(200);
expect(metadata.body.createdAt).toEqual(createDate.toISOString());
expect(metadata.body.updatedAt).not.toEqual(updatedDate.toISOString());
});
});
describe('GET /notes/{note}/revisions', () => {
it('works with existing alias', async () => {
await testSetup.notesService.createNote(content, user, 'test4');
// create a second note to check for a regression, where typeorm always returned
// all revisions in the database
await testSetup.notesService.createNote(content, user, 'test4a');
const response = await agent
.get('/api/private/notes/test4/revisions')
.expect('Content-Type', /json/)
.expect(200);
expect(response.body).toHaveLength(1);
});
it('fails with a forbidden alias', async () => {
await agent
.get(`/api/private/notes/${forbiddenNoteId}/revisions`)
.expect(400);
});
it('fails with non-existing alias', async () => {
// check if a missing note correctly returns 404
await agent
.get('/api/private/notes/i_dont_exist/revisions')
.expect('Content-Type', /json/)
.expect(404);
});
});
describe('DELETE /notes/{note}/revisions', () => {
it('works with an existing alias', async () => {
const noteId = 'test8';
const note = await testSetup.notesService.createNote(
content,
user,
noteId,
);
await testSetup.notesService.updateNote(note, 'update');
const responseBeforeDeleting = await agent
.get('/api/private/notes/test8/revisions')
.expect('Content-Type', /json/)
.expect(200);
expect(responseBeforeDeleting.body).toHaveLength(2);
await agent
.delete(`/api/private/notes/${noteId}/revisions`)
.set('Content-Type', 'application/json')
.expect(204);
const responseAfterDeleting = await agent
.get('/api/private/notes/test8/revisions')
.expect('Content-Type', /json/)
.expect(200);
expect(responseAfterDeleting.body).toHaveLength(1);
});
it('fails with a forbidden alias', async () => {
await agent
.delete(`/api/private/notes/${forbiddenNoteId}/revisions`)
.expect(400);
});
it('fails with non-existing alias', async () => {
// check if a missing note correctly returns 404
await agent
.delete('/api/private/notes/i_dont_exist/revisions')
.expect('Content-Type', /json/)
.expect(404);
});
});
describe('GET /notes/{note}/revisions/{revision-id}', () => {
it('works with an existing alias', async () => {
const note = await testSetup.notesService.createNote(
content,
user,
'test5',
);
const revision = await testSetup.revisionsService.getLatestRevision(note);
const response = await agent
.get(`/api/private/notes/test5/revisions/${revision.id}`)
.expect('Content-Type', /json/)
.expect(200);
expect(response.body.content).toEqual(content);
});
it('fails with a forbidden alias', async () => {
await agent
.get(`/api/private/notes/${forbiddenNoteId}/revisions/1`)
.expect(400);
});
it('fails with non-existing alias', async () => {
// check if a missing note correctly returns 404
await agent
.get('/api/private/notes/i_dont_exist/revisions/1')
.expect('Content-Type', /json/)
.expect(404);
});
});
describe('GET /notes/{note}/media', () => {
it('works', async () => {
const alias = 'test6';
const extraAlias = 'test7';
const note1 = await testSetup.notesService.createNote(
content,
user,
alias,
);
const note2 = await testSetup.notesService.createNote(
content,
user,
extraAlias,
);
const response = await agent
.get(`/api/private/notes/${alias}/media/`)
.expect('Content-Type', /json/)
.expect(200);
expect(response.body).toHaveLength(0);
const testImage = await fs.readFile('test/private-api/fixtures/test.png');
const upload0 = await testSetup.mediaService.saveFile(
testImage,
user,
note1,
);
const upload1 = await testSetup.mediaService.saveFile(
testImage,
user,
note2,
);
const responseAfter = await agent
.get(`/api/private/notes/${alias}/media/`)
.expect('Content-Type', /json/)
.expect(200);
expect(responseAfter.body).toHaveLength(1);
expect(responseAfter.body[0].url).toEqual(upload0.fileUrl);
expect(responseAfter.body[0].url).not.toEqual(upload1.fileUrl);
for (const upload of [upload0, upload1]) {
const fileName = upload.fileUrl.replace('/uploads/', '');
// delete the file afterwards
await fs.unlink(join(uploadPath, fileName));
}
await fs.rm(uploadPath, { recursive: true });
});
it('fails, when note does not exist', async () => {
await agent
.get(`/api/private/notes/i_dont_exist/media/`)
.expect('Content-Type', /json/)
.expect(404);
});
it("fails, when user can't read note", async () => {
const alias = 'test11';
await testSetup.notesService.createNote(
'This is a test note.',
user2,
alias,
);
// Redact default read permissions
const note = await testSetup.notesService.getNoteByIdOrAlias(alias);
const everyone = await testSetup.groupService.getEveryoneGroup();
const loggedin = await testSetup.groupService.getLoggedInGroup();
await testSetup.permissionsService.removeGroupPermission(note, everyone);
await testSetup.permissionsService.removeGroupPermission(note, loggedin);
await agent
.get(`/api/private/notes/${alias}/media/`)
.expect('Content-Type', /json/)
.expect(403);
});
});
});

196
backend/test/private-api/register-and-login.e2e-spec.ts Normal file
View file

@ -0,0 +1,196 @@
/*
* SPDX-FileCopyrightText: 2022 The HedgeDoc developers (see AUTHORS file)
*
* SPDX-License-Identifier: AGPL-3.0-only
*/
import request from 'supertest';
import { LoginDto } from '../../src/identity/local/login.dto';
import { RegisterDto } from '../../src/identity/local/register.dto';
import { TestSetup, TestSetupBuilder } from '../test-setup';
describe('Register and Login', () => {
let testSetup: TestSetup;
const USERNAME = 'testuser';
const DISPLAYNAME = 'A Test User';
const PASSWORD = 'AVerySecurePassword';
beforeEach(async () => {
testSetup = await TestSetupBuilder.create().build();
await testSetup.app.init();
});
afterEach(async () => {
await testSetup.app.close();
await testSetup.cleanup();
});
test('a user can successfully create a local account and log in', async () => {
// register a new user
const registrationDto: RegisterDto = {
displayName: DISPLAYNAME,
password: PASSWORD,
username: USERNAME,
};
await request(testSetup.app.getHttpServer())
.post('/api/private/auth/local')
.set('Content-Type', 'application/json')
.send(JSON.stringify(registrationDto))
.expect(201);
// log in with the new user and create a session
const loginDto: LoginDto = {
password: PASSWORD,
username: USERNAME,
};
const session = request.agent(testSetup.app.getHttpServer());
await session
.post('/api/private/auth/local/login')
.set('Content-Type', 'application/json')
.send(JSON.stringify(loginDto))
.expect(201);
// request user profile
const profile = await session.get('/api/private/me').expect(200);
expect(profile.body.username).toEqual(USERNAME);
expect(profile.body.displayName).toEqual(DISPLAYNAME);
expect(profile.body.authProvider).toEqual('local');
// logout again
await session.delete('/api/private/auth/logout').expect(204);
// not allowed to request profile now
await session.get('/api/private/me').expect(401);
});
test('a username cannot be used twice', async () => {
// register a new user
const registrationDto: RegisterDto = {
displayName: DISPLAYNAME,
password: PASSWORD,
username: USERNAME,
};
await request(testSetup.app.getHttpServer())
.post('/api/private/auth/local')
.set('Content-Type', 'application/json')
.send(JSON.stringify(registrationDto))
.expect(201);
// try to use the same username again
await request(testSetup.app.getHttpServer())
.post('/api/private/auth/local')
.set('Content-Type', 'application/json')
.send(JSON.stringify(registrationDto))
.expect(409);
});
test('a user cannot create a local account with a weak password', async () => {
// register a new user
const registrationDto: RegisterDto = {
displayName: DISPLAYNAME,
password: 'test123',
username: USERNAME,
};
await request(testSetup.app.getHttpServer())
.post('/api/private/auth/local')
.set('Content-Type', 'application/json')
.send(JSON.stringify(registrationDto))
.expect(400);
});
test('a user can create a local account and change the password', async () => {
// register a new user
const registrationDto: RegisterDto = {
displayName: DISPLAYNAME,
password: PASSWORD,
username: USERNAME,
};
await request(testSetup.app.getHttpServer())
.post('/api/private/auth/local')
.set('Content-Type', 'application/json')
.send(JSON.stringify(registrationDto))
.expect(201);
// log in with the new user and create a session
const loginDto: LoginDto = {
password: PASSWORD,
username: USERNAME,
};
const newPassword = 'ASecureNewPassword';
let session = request.agent(testSetup.app.getHttpServer());
await session
.post('/api/private/auth/local/login')
.set('Content-Type', 'application/json')
.send(JSON.stringify(loginDto))
.expect(201);
// change the password
await session
.put('/api/private/auth/local')
.set('Content-Type', 'application/json')
.send(
JSON.stringify({
currentPassword: PASSWORD,
newPassword: newPassword,
}),
)
.expect(200);
// get new session
session = request.agent(testSetup.app.getHttpServer());
// not allowed to request profile now
await session.get('/api/private/me').expect(401);
// login with new password
loginDto.password = newPassword;
await session
.post('/api/private/auth/local/login')
.set('Content-Type', 'application/json')
.send(JSON.stringify(loginDto))
.expect(201);
// allowed to request profile now
await session.get('/api/private/me').expect(200);
});
test('a user can create a local account and cannot change the password to a weak one', async () => {
// register a new user
const registrationDto: RegisterDto = {
displayName: DISPLAYNAME,
password: PASSWORD,
username: USERNAME,
};
await request(testSetup.app.getHttpServer())
.post('/api/private/auth/local')
.set('Content-Type', 'application/json')
.send(JSON.stringify(registrationDto))
.expect(201);
// log in with the new user and create a session
const loginDto: LoginDto = {
password: PASSWORD,
username: USERNAME,
};
const newPassword = 'pasword1';
const session = request.agent(testSetup.app.getHttpServer());
await session
.post('/api/private/auth/local/login')
.set('Content-Type', 'application/json')
.send(JSON.stringify(loginDto))
.expect(201);
// change the password
await session
.put('/api/private/auth/local')
.set('Content-Type', 'application/json')
.send(
JSON.stringify({
currentPassword: PASSWORD,
newPassword: newPassword,
}),
)
.expect(400);
});
});

83
backend/test/private-api/tokens.e2e-spec.ts Normal file
View file

@ -0,0 +1,83 @@
/*
* SPDX-FileCopyrightText: 2022 The HedgeDoc developers (see AUTHORS file)
*
* SPDX-License-Identifier: AGPL-3.0-only
*/
import request from 'supertest';
import { User } from '../../src/users/user.entity';
import { TestSetup, TestSetupBuilder } from '../test-setup';
describe('Tokens', () => {
let testSetup: TestSetup;
let agent: request.SuperAgentTest;
let user: User;
let keyId: string;
beforeAll(async () => {
testSetup = await TestSetupBuilder.create().build();
const username = 'hardcoded';
const password = 'AHardcodedStrongP@ssword123';
user = await testSetup.userService.createUser(username, 'Testy');
await testSetup.identityService.createLocalIdentity(user, password);
await testSetup.app.init();
agent = request.agent(testSetup.app.getHttpServer());
await agent
.post('/api/private/auth/local/login')
.send({ username: username, password: password })
.expect(201);
});
afterAll(async () => {
await testSetup.cleanup();
});
it(`POST /tokens`, async () => {
const tokenName = 'testToken';
const response = await agent
.post('/api/private/tokens')
.send({
label: tokenName,
validUntil: 0,
})
.expect('Content-Type', /json/)
.expect(201);
keyId = response.body.keyId;
expect(response.body.label).toBe(tokenName);
expect(new Date(response.body.validUntil).getTime()).toBeGreaterThan(
Date.now(),
);
expect(response.body.lastUsedAt).toBe(null);
expect(response.body.secret.length).toBe(98);
});
it(`GET /tokens`, async () => {
const tokenName = 'testToken';
const response = await agent
.get('/api/private/tokens/')
.expect('Content-Type', /json/)
.expect(200);
expect(response.body[0].label).toBe(tokenName);
expect(new Date(response.body[0].validUntil).getTime()).toBeGreaterThan(
Date.now(),
);
expect(response.body[0].lastUsedAt).toBe(null);
expect(response.body[0].secret).not.toBeDefined();
});
it(`DELETE /tokens/:keyid`, async () => {
const response = await agent
.delete('/api/private/tokens/' + keyId)
.expect(204);
expect(response.body).toStrictEqual({});
});
it(`GET /tokens 2`, async () => {
const response = await agent
.get('/api/private/tokens/')
.expect('Content-Type', /json/)
.expect(200);
expect(response.body).toStrictEqual([]);
});
});

43
backend/test/private-api/users.e2e-spec.ts Normal file
View file

@ -0,0 +1,43 @@
/*
* SPDX-FileCopyrightText: 2022 The HedgeDoc developers (see AUTHORS file)
*
* SPDX-License-Identifier: AGPL-3.0-only
*/
import request from 'supertest';
import { TestSetup, TestSetupBuilder } from '../test-setup';
describe('Users', () => {
let testSetup: TestSetup;
beforeEach(async () => {
testSetup = await TestSetupBuilder.create().withUsers().build();
await testSetup.app.init();
});
afterEach(async () => {
await testSetup.app.close();
await testSetup.cleanup();
});
test('details for existing users can be retrieved', async () => {
let response = await request
.agent(testSetup.app.getHttpServer())
.get('/api/private/users/testuser1');
expect(response.status).toBe(200);
expect(response.body.username).toBe('testuser1');
response = await request
.agent(testSetup.app.getHttpServer())
.get('/api/private/users/testuser2');
expect(response.status).toBe(200);
expect(response.body.username).toBe('testuser2');
});
test('details for non-existing users cannot be retrieved', async () => {
const response = await request
.agent(testSetup.app.getHttpServer())
.get('/api/private/users/i_dont_exist');
expect(response.status).toBe(404);
});
});