1
0
mirror of https://github.com/immich-app/immich.git synced 2024-12-23 02:06:15 +02:00
immich/server/test/e2e/shared-link.e2e-spec.ts
jarvis2f 8a6889529c
feat(server,web,mobile): Add optional password option for share links. (#4655)
* feat(server,web,mobile): Add optional password option for share links.

Signed-off-by: jarvis2f <137974272+jarvis2f@users.noreply.github.com>

* feat(server,web): Update shared-link.controller and page.svelte for improved cookie handling and metadata updates.

Signed-off-by: jarvis2f <137974272+jarvis2f@users.noreply.github.com>

---------

Signed-off-by: jarvis2f <137974272+jarvis2f@users.noreply.github.com>
2023-10-28 20:35:38 -05:00

357 lines
13 KiB
TypeScript

import { AlbumResponseDto, LoginResponseDto, SharedLinkResponseDto } from '@app/domain';
import { PartnerController } from '@app/immich';
import { LibraryType, SharedLinkType } from '@app/infra/entities';
import { api } from '@test/api';
import { db } from '@test/db';
import { errorStub, uuidStub } from '@test/fixtures';
import { IMMICH_TEST_ASSET_PATH, IMMICH_TEST_ASSET_TEMP_PATH, restoreTempFolder, testApp } from '@test/test-utils';
import { cp } from 'fs/promises';
import request from 'supertest';
const user1Dto = {
email: 'user1@immich.app',
password: 'Password123',
firstName: 'User 1',
lastName: 'Test',
};
describe(`${PartnerController.name} (e2e)`, () => {
let server: any;
let admin: LoginResponseDto;
let user1: LoginResponseDto;
let album: AlbumResponseDto;
let sharedLink: SharedLinkResponseDto;
beforeAll(async () => {
[server] = await testApp.create({ jobs: true });
});
afterAll(async () => {
await testApp.teardown();
await restoreTempFolder();
});
beforeEach(async () => {
await db.reset();
await api.authApi.adminSignUp(server);
admin = await api.authApi.adminLogin(server);
await api.userApi.create(server, admin.accessToken, user1Dto);
user1 = await api.authApi.login(server, { email: user1Dto.email, password: user1Dto.password });
album = await api.albumApi.create(server, user1.accessToken, { albumName: 'shared with link' });
sharedLink = await api.sharedLinkApi.create(server, user1.accessToken, {
type: SharedLinkType.ALBUM,
albumId: album.id,
});
});
describe('GET /shared-link', () => {
it('should require authentication', async () => {
const { status, body } = await request(server).get('/shared-link');
expect(status).toBe(401);
expect(body).toEqual(errorStub.unauthorized);
});
it('should get all shared links created by user', async () => {
const { status, body } = await request(server)
.get('/shared-link')
.set('Authorization', `Bearer ${user1.accessToken}`);
expect(status).toBe(200);
expect(body).toEqual([expect.objectContaining({ album, userId: user1.userId, type: SharedLinkType.ALBUM })]);
});
it('should not get shared links created by other users', async () => {
const { status, body } = await request(server)
.get('/shared-link')
.set('Authorization', `Bearer ${admin.accessToken}`);
expect(status).toBe(200);
expect(body).toEqual([]);
});
});
describe('GET /shared-link/me', () => {
it('should not require admin authentication', async () => {
const { status } = await request(server)
.get('/shared-link/me')
.set('Authorization', `Bearer ${admin.accessToken}`);
expect(status).toBe(403);
});
it('should get data for correct shared link', async () => {
const { status, body } = await request(server).get('/shared-link/me').query({ key: sharedLink.key });
expect(status).toBe(200);
expect(body).toEqual(expect.objectContaining({ album, userId: user1.userId, type: SharedLinkType.ALBUM }));
});
it('should return unauthorized for incorrect shared link', async () => {
const { status, body } = await request(server)
.get('/shared-link/me')
.query({ key: sharedLink.key + 'foo' });
expect(status).toBe(401);
expect(body).toEqual(errorStub.invalidShareKey);
});
it('should return unauthorized if target has been soft deleted', async () => {
const softDeletedAlbum = await api.albumApi.create(server, user1.accessToken, { albumName: 'shared with link' });
const softDeletedAlbumLink = await api.sharedLinkApi.create(server, user1.accessToken, {
type: SharedLinkType.ALBUM,
albumId: softDeletedAlbum.id,
});
await api.userApi.delete(server, admin.accessToken, user1.userId);
const { status, body } = await request(server).get('/shared-link/me').query({ key: softDeletedAlbumLink.key });
expect(status).toBe(401);
expect(body).toEqual(errorStub.invalidShareKey);
});
it('should return unauthorized for password protected link', async () => {
const passwordProtectedLink = await api.sharedLinkApi.create(server, user1.accessToken, {
type: SharedLinkType.ALBUM,
albumId: album.id,
password: 'foo',
});
const { status, body } = await request(server).get('/shared-link/me').query({ key: passwordProtectedLink.key });
expect(status).toBe(401);
expect(body).toEqual(errorStub.invalidSharePassword);
});
it('should get data for correct password protected link', async () => {
const passwordProtectedLink = await api.sharedLinkApi.create(server, user1.accessToken, {
type: SharedLinkType.ALBUM,
albumId: album.id,
password: 'foo',
});
const { status, body } = await request(server)
.get('/shared-link/me')
.query({ key: passwordProtectedLink.key, password: 'foo' });
expect(status).toBe(200);
expect(body).toEqual(expect.objectContaining({ album, userId: user1.userId, type: SharedLinkType.ALBUM }));
});
});
describe('GET /shared-link/:id', () => {
it('should require authentication', async () => {
const { status, body } = await request(server).get(`/shared-link/${sharedLink.id}`);
expect(status).toBe(401);
expect(body).toEqual(errorStub.unauthorized);
});
it('should get shared link by id', async () => {
const { status, body } = await request(server)
.get(`/shared-link/${sharedLink.id}`)
.set('Authorization', `Bearer ${user1.accessToken}`);
expect(status).toBe(200);
expect(body).toEqual(expect.objectContaining({ album, userId: user1.userId, type: SharedLinkType.ALBUM }));
});
it('should not get shared link by id if user has not created the link or it does not exist', async () => {
const { status, body } = await request(server)
.get(`/shared-link/${sharedLink.id}`)
.set('Authorization', `Bearer ${admin.accessToken}`);
expect(status).toBe(400);
expect(body).toEqual(expect.objectContaining({ message: 'Shared link not found' }));
});
});
describe('POST /shared-link', () => {
it('should require authentication', async () => {
const { status, body } = await request(server)
.post('/shared-link')
.send({ type: SharedLinkType.ALBUM, albumId: uuidStub.notFound });
expect(status).toBe(401);
expect(body).toEqual(errorStub.unauthorized);
});
it('should require a type and the correspondent asset/album id', async () => {
const { status, body } = await request(server)
.post('/shared-link')
.set('Authorization', `Bearer ${user1.accessToken}`);
expect(status).toBe(400);
expect(body).toEqual(errorStub.badRequest());
});
it('should require an asset/album id', async () => {
const { status, body } = await request(server)
.post('/shared-link')
.set('Authorization', `Bearer ${user1.accessToken}`)
.send({ type: SharedLinkType.ALBUM });
expect(status).toBe(400);
expect(body).toEqual(expect.objectContaining({ message: 'Invalid albumId' }));
});
it('should require a valid asset id', async () => {
const { status, body } = await request(server)
.post('/shared-link')
.set('Authorization', `Bearer ${user1.accessToken}`)
.send({ type: SharedLinkType.INDIVIDUAL, assetId: uuidStub.notFound });
expect(status).toBe(400);
expect(body).toEqual(expect.objectContaining({ message: 'Invalid assetIds' }));
});
it('should create a shared link', async () => {
const { status, body } = await request(server)
.post('/shared-link')
.set('Authorization', `Bearer ${user1.accessToken}`)
.send({ type: SharedLinkType.ALBUM, albumId: album.id });
expect(status).toBe(201);
expect(body).toEqual(expect.objectContaining({ type: SharedLinkType.ALBUM, userId: user1.userId }));
});
});
describe('PATCH /shared-link/:id', () => {
it('should require authentication', async () => {
const { status, body } = await request(server)
.patch(`/shared-link/${sharedLink.id}`)
.send({ description: 'foo' });
expect(status).toBe(401);
expect(body).toEqual(errorStub.unauthorized);
});
it('should fail if invalid link', async () => {
const { status, body } = await request(server)
.patch(`/shared-link/${uuidStub.notFound}`)
.set('Authorization', `Bearer ${user1.accessToken}`)
.send({ description: 'foo' });
expect(status).toBe(400);
expect(body).toEqual(errorStub.badRequest());
});
it('should update shared link', async () => {
const { status, body } = await request(server)
.patch(`/shared-link/${sharedLink.id}`)
.set('Authorization', `Bearer ${user1.accessToken}`)
.send({ description: 'foo' });
expect(status).toBe(200);
expect(body).toEqual(
expect.objectContaining({ type: SharedLinkType.ALBUM, userId: user1.userId, description: 'foo' }),
);
});
});
describe('DELETE /shared-link/:id', () => {
it('should require authentication', async () => {
const { status, body } = await request(server).delete(`/shared-link/${sharedLink.id}`);
expect(status).toBe(401);
expect(body).toEqual(errorStub.unauthorized);
});
it('should fail if invalid link', async () => {
const { status, body } = await request(server)
.delete(`/shared-link/${uuidStub.notFound}`)
.set('Authorization', `Bearer ${user1.accessToken}`);
expect(status).toBe(400);
expect(body).toEqual(errorStub.badRequest());
});
it('should update shared link', async () => {
const { status } = await request(server)
.delete(`/shared-link/${sharedLink.id}`)
.set('Authorization', `Bearer ${user1.accessToken}`);
expect(status).toBe(200);
});
});
describe('Shared link metadata', () => {
beforeEach(async () => {
await restoreTempFolder();
await cp(
`${IMMICH_TEST_ASSET_PATH}/metadata/gps-position/thompson-springs.jpg`,
`${IMMICH_TEST_ASSET_TEMP_PATH}/thompson-springs.jpg`,
);
await api.userApi.setExternalPath(server, admin.accessToken, admin.userId, '/');
const library = await api.libraryApi.create(server, admin.accessToken, {
type: LibraryType.EXTERNAL,
importPaths: [`${IMMICH_TEST_ASSET_TEMP_PATH}`],
});
await api.libraryApi.scanLibrary(server, admin.accessToken, library.id);
const assets = await api.assetApi.getAllAssets(server, admin.accessToken);
expect(assets).toHaveLength(1);
album = await api.albumApi.create(server, admin.accessToken, { albumName: 'New album' });
await api.albumApi.addAssets(server, admin.accessToken, album.id, { ids: [assets[0].id] });
});
it('should return metadata for album shared link', async () => {
const sharedLink = await api.sharedLinkApi.create(server, admin.accessToken, {
type: SharedLinkType.ALBUM,
albumId: album.id,
});
const returnedLink = await api.sharedLinkApi.getMySharedLink(server, sharedLink.key);
expect(returnedLink.assets).toHaveLength(1);
expect(returnedLink.album).toBeDefined();
const returnedAsset = returnedLink.assets[0];
expect(returnedAsset).toEqual(
expect.objectContaining({
originalFileName: 'thompson-springs',
resized: true,
localDateTime: '2022-01-10T15:15:44.310Z',
fileCreatedAt: '2022-01-10T19:15:44.310Z',
exifInfo: expect.objectContaining({
longitude: -108.400968333333,
latitude: 39.115,
orientation: '1',
dateTimeOriginal: '2022-01-10T19:15:44.310Z',
timeZone: 'UTC-4',
state: 'Mesa County, Colorado',
country: 'United States of America',
}),
}),
);
});
it('should not return metadata for album shared link without metadata', async () => {
const sharedLink = await api.sharedLinkApi.create(server, admin.accessToken, {
type: SharedLinkType.ALBUM,
albumId: album.id,
showMetadata: false,
});
const returnedLink = await api.sharedLinkApi.getMySharedLink(server, sharedLink.key);
expect(returnedLink.assets).toHaveLength(1);
expect(returnedLink.album).toBeDefined();
const returnedAsset = returnedLink.assets[0];
expect(returnedAsset).not.toHaveProperty('exifInfo');
expect(returnedAsset).not.toHaveProperty('fileCreatedAt');
expect(returnedAsset).not.toHaveProperty('originalFilename');
expect(returnedAsset).not.toHaveProperty('originalPath');
});
});
});