1
0
mirror of https://github.com/bpatrik/pigallery2.git synced 2025-01-12 04:23:09 +02:00
pigallery2/test/backend/integration/routers/UserRouter.ts

194 lines
6.6 KiB
TypeScript
Raw Normal View History

import {Config} from '../../../../src/common/config/private/Config';
2020-01-07 23:17:54 +02:00
import {Server} from '../../../../src/backend/server';
import {LoginCredential} from '../../../../src/common/entities/LoginCredential';
import {UserDTO, UserRoles} from '../../../../src/common/entities/UserDTO';
import * as path from 'path';
2021-01-04 11:32:19 +02:00
import * as fs from 'fs';
2023-01-06 00:11:58 +02:00
import {SQLConnection} from '../../../../src/backend/model/database/SQLConnection';
2020-01-07 23:17:54 +02:00
import {ObjectManagers} from '../../../../src/backend/model/ObjectManagers';
import {QueryParams} from '../../../../src/common/QueryParams';
import {Utils} from '../../../../src/common/Utils';
import {SuperAgentStatic} from 'superagent';
import {RouteTestingHelper} from './RouteTestingHelper';
import {ErrorCodes} from '../../../../src/common/entities/Error';
import {DatabaseType} from '../../../../src/common/config/private/PrivateConfig';
2020-12-28 23:08:57 +02:00
import {ProjectPath} from '../../../../src/backend/ProjectPath';
2020-01-07 23:17:54 +02:00
process.env.NODE_ENV = 'test';
const chai: any = require('chai');
const chaiHttp = require('chai-http');
const should = chai.should();
chai.use(chaiHttp);
describe('UserRouter', () => {
2020-01-07 23:17:54 +02:00
const testUser: UserDTO = {
id: 1,
name: 'test',
password: 'test',
role: UserRoles.User,
permissions: null
};
const {password, ...expectedUser} = testUser;
const tempDir = path.join(__dirname, '../../tmp');
2020-01-07 23:17:54 +02:00
let server: Server;
const setUp = async () => {
await fs.promises.rm(tempDir, {recursive: true, force: true});
2022-12-28 20:12:18 +02:00
Config.Database.type = DatabaseType.sqlite;
Config.Database.dbFolder = tempDir;
2020-12-28 23:08:57 +02:00
ProjectPath.reset();
server = new Server(false);
2020-01-07 23:17:54 +02:00
await server.onStarted.wait();
await ObjectManagers.getInstance().init();
2020-01-07 23:17:54 +02:00
await ObjectManagers.getInstance().UserManager.createUser(Utils.clone(testUser));
await SQLConnection.close();
};
const tearDown = async () => {
await ObjectManagers.reset();
await fs.promises.rm(tempDir, {recursive: true, force: true});
2020-01-07 23:17:54 +02:00
};
const checkUserResult = (result: any, user: any) => {
result.should.have.status(200);
result.body.should.be.a('object');
should.equal(result.body.error, null);
result.body.result.csrfToken.should.be.a('string');
const {csrfToken, ...u} = result.body.result;
u.should.deep.equal(user);
};
const login = async (srv: Server): Promise<any> => {
const result = await (chai.request(srv.Server) as SuperAgentStatic)
2022-12-28 20:12:18 +02:00
.post(Config.Server.apiPath + '/user/login')
2020-01-07 23:17:54 +02:00
.send({
loginCredential: {
2020-01-07 23:17:54 +02:00
password: testUser.password,
username: testUser.name,
rememberMe: false
} as LoginCredential
2020-01-07 23:17:54 +02:00
});
checkUserResult(result, expectedUser);
return result;
};
describe('/POST user/login', () => {
beforeEach(setUp);
afterEach(tearDown);
it('it should login', async () => {
2022-12-28 20:12:18 +02:00
Config.Users.authenticationRequired = true;
2020-01-07 23:17:54 +02:00
await login(server);
});
it('it skip login', async () => {
2022-12-28 20:12:18 +02:00
Config.Users.authenticationRequired = false;
const result = await chai.request(server.Server)
2022-12-28 20:12:18 +02:00
.post(Config.Server.apiPath + '/user/login');
2020-01-07 23:17:54 +02:00
result.res.should.have.status(404);
});
});
2020-01-07 23:17:54 +02:00
describe('/GET user/me', () => {
beforeEach(setUp);
afterEach(tearDown);
it('it should GET the authenticated user', async () => {
2022-12-28 20:12:18 +02:00
Config.Users.authenticationRequired = true;
2020-01-07 23:17:54 +02:00
const loginRes = await login(server);
const result = await chai.request(server.Server)
2022-12-28 20:12:18 +02:00
.get(Config.Server.apiPath + '/user/me')
2020-01-07 23:17:54 +02:00
.set('Cookie', loginRes.res.headers['set-cookie'])
.set('CSRF-Token', loginRes.body.result.csrfToken);
checkUserResult(result, expectedUser);
});
it('it should not authenticate', async () => {
2022-12-28 20:12:18 +02:00
Config.Users.authenticationRequired = true;
2020-01-07 23:17:54 +02:00
const result = await chai.request(server.Server)
2022-12-28 20:12:18 +02:00
.get(Config.Server.apiPath + '/user/me');
2020-01-07 23:17:54 +02:00
result.res.should.have.status(401);
});
it('it should authenticate as user with sharing key', async () => {
2022-12-28 20:12:18 +02:00
Config.Users.authenticationRequired = true;
Config.Sharing.enabled = true;
2023-12-01 20:33:39 +02:00
Config.Sharing.passwordRequired = true;
2020-01-07 23:17:54 +02:00
2023-12-01 20:33:39 +02:00
const sharingKey = (await RouteTestingHelper.createSharing(testUser, 'pass')).sharingKey;
2020-01-07 23:17:54 +02:00
const loginRes = await login(server);
const q: Record<string, string> = {};
2020-01-07 23:17:54 +02:00
q[QueryParams.gallery.sharingKey_query] = sharingKey;
const result = await chai.request(server.Server)
2022-12-28 20:12:18 +02:00
.get(Config.Server.apiPath + '/user/me?' + QueryParams.gallery.sharingKey_query + '=' + sharingKey)
2020-01-07 23:17:54 +02:00
.set('Cookie', loginRes.res.headers['set-cookie'])
.set('CSRF-Token', loginRes.body.result.csrfToken);
// should return with logged in user, not limited sharing one
checkUserResult(result, expectedUser);
});
it('it should authenticate with sharing key', async () => {
2022-12-28 20:12:18 +02:00
Config.Users.authenticationRequired = true;
Config.Sharing.enabled = true;
2023-12-01 20:33:39 +02:00
Config.Sharing.passwordRequired = false;
2020-01-07 23:17:54 +02:00
const sharing = (await RouteTestingHelper.createSharing(testUser));
const q: Record<string, string> = {};
2020-01-07 23:17:54 +02:00
q[QueryParams.gallery.sharingKey_query] = sharing.sharingKey;
const result = await chai.request(server.Server)
2022-12-28 20:12:18 +02:00
.get(Config.Server.apiPath + '/user/me?' + QueryParams.gallery.sharingKey_query + '=' + sharing.sharingKey);
2020-01-07 23:17:54 +02:00
checkUserResult(result, RouteTestingHelper.getExpectedSharingUser(sharing));
});
2020-01-07 23:17:54 +02:00
it('it should not authenticate with sharing key without password', async () => {
2022-12-28 20:12:18 +02:00
Config.Users.authenticationRequired = true;
Config.Sharing.enabled = true;
2023-12-01 20:33:39 +02:00
Config.Sharing.passwordRequired = true;
2020-01-07 23:17:54 +02:00
const sharing = (await RouteTestingHelper.createSharing(testUser, 'pass_secret'));
const q: Record<string, string> = {};
2020-01-07 23:17:54 +02:00
q[QueryParams.gallery.sharingKey_query] = sharing.sharingKey;
const result = await chai.request(server.Server)
2022-12-28 20:12:18 +02:00
.get(Config.Server.apiPath + '/user/me?' + QueryParams.gallery.sharingKey_query + '=' + sharing.sharingKey);
2020-01-07 23:17:54 +02:00
result.should.have.status(401);
result.body.should.be.a('object');
2020-01-07 23:17:54 +02:00
result.body.error.should.be.a('object');
should.equal(result.body.error.code, ErrorCodes.NOT_AUTHENTICATED);
});
it('it should authenticate as guest', async () => {
2022-12-28 20:12:18 +02:00
Config.Users.authenticationRequired = false;
2020-01-07 23:17:54 +02:00
const result = await chai.request(server.Server)
2022-12-28 20:12:18 +02:00
.get(Config.Server.apiPath + '/user/me');
2020-01-07 23:17:54 +02:00
const expectedGuestUser = {
2022-12-28 20:12:18 +02:00
name: UserRoles[Config.Users.unAuthenticatedUserRole],
role: Config.Users.unAuthenticatedUserRole
} as UserDTO;
2020-01-07 23:17:54 +02:00
2020-01-07 23:17:54 +02:00
checkUserResult(result, expectedGuestUser);
});
});
});