From 65ce042278ea2b90acbad7cedf5748df2239c892 Mon Sep 17 00:00:00 2001 From: "Patrik J. Braun" Date: Fri, 13 Jan 2023 11:22:49 +0100 Subject: [PATCH] Adding public router tests to sharing link #591 --- test/backend/DBTestHelper.ts | 1 - .../integration/routers/GalleryRouter.ts | 11 +- .../integration/routers/PublicRouter.ts | 112 ++++++++++++++++++ .../integration/routers/SharingRouter.ts | 28 ++--- .../backend/integration/routers/UserRouter.ts | 14 ++- .../routers/admin/SettingsRouter.ts | 3 +- 6 files changed, 137 insertions(+), 32 deletions(-) create mode 100644 test/backend/integration/routers/PublicRouter.ts diff --git a/test/backend/DBTestHelper.ts b/test/backend/DBTestHelper.ts index 5b7d7e3e..0f296933 100644 --- a/test/backend/DBTestHelper.ts +++ b/test/backend/DBTestHelper.ts @@ -84,7 +84,6 @@ export class DBTestHelper { } static describe(settingsOverride: { - memory?: boolean; sqlite?: boolean; mysql?: boolean; } = {}): (name: string, tests: (helper?: DBTestHelper) => void) => void { diff --git a/test/backend/integration/routers/GalleryRouter.ts b/test/backend/integration/routers/GalleryRouter.ts index 1ea001f6..927e3c02 100644 --- a/test/backend/integration/routers/GalleryRouter.ts +++ b/test/backend/integration/routers/GalleryRouter.ts @@ -20,28 +20,23 @@ declare let describe: any; declare const after: any; declare const it: any; const tmpDescribe = describe; -describe = DBTestHelper.describe({memory: true}); +describe = DBTestHelper.describe({sqlite: true}); describe('GalleryRouter', (sqlHelper: DBTestHelper) => { describe = tmpDescribe; - const tempDir = path.join(__dirname, '../../tmp'); + const tempDir = sqlHelper.tempDir; let server: Server; const setUp = async () => { await sqlHelper.initDB(); - await fs.promises.rm(tempDir, {recursive: true, force: true}); Config.Users.authenticationRequired = false; Config.Server.Threading.enabled = false; Config.Media.Video.enabled = true; Config.Media.folder = path.join(__dirname, '../../assets'); - Config.Media.tempFolder = path.join(__dirname, '../../tmp'); + Config.Media.tempFolder = tempDir; ProjectPath.reset(); - // ProjectPath.ImageFolder = path.join(__dirname, '../../assets'); - // ProjectPath.TempFolder = tempDir; - server = new Server(); await server.onStarted.wait(); - }; const tearDown = async () => { await sqlHelper.clearDB(); diff --git a/test/backend/integration/routers/PublicRouter.ts b/test/backend/integration/routers/PublicRouter.ts new file mode 100644 index 00000000..b3210cfc --- /dev/null +++ b/test/backend/integration/routers/PublicRouter.ts @@ -0,0 +1,112 @@ +import {Config} from '../../../../src/common/config/private/Config'; +import {Server} from '../../../../src/backend/server'; +import {UserDTO, UserRoles} from '../../../../src/common/entities/UserDTO'; +import * as path from 'path'; +import * as fs from 'fs'; +import {SQLConnection} from '../../../../src/backend/model/database/SQLConnection'; +import {ObjectManagers} from '../../../../src/backend/model/ObjectManagers'; +import {Utils} from '../../../../src/common/Utils'; +import {SuperAgentStatic} from 'superagent'; +import {RouteTestingHelper} from './RouteTestingHelper'; +import {QueryParams} from '../../../../src/common/QueryParams'; +import {DatabaseType} from '../../../../src/common/config/private/PrivateConfig'; + + +process.env.NODE_ENV = 'test'; +const chai: any = require('chai'); +const chaiHttp = require('chai-http'); +const should = chai.should(); +const {expect} = chai; +chai.use(chaiHttp); + +describe('PublicRouter', () => { + + const testUser: UserDTO = { + id: 1, + name: 'test', + password: 'test', + role: UserRoles.User, + permissions: null + }; + const {password: pass, ...expectedUser} = testUser; + const tempDir = path.join(__dirname, '../../tmp'); + let server: Server; + const setUp = async () => { + await fs.promises.rm(tempDir, {recursive: true, force: true}); + Config.Users.authenticationRequired = true; + Config.Server.Threading.enabled = false; + Config.Sharing.enabled = true; + Config.Database.type = DatabaseType.sqlite; + Config.Database.dbFolder = tempDir; + + server = new Server(); + await server.onStarted.wait(); + + await ObjectManagers.InitSQLManagers(); + await ObjectManagers.getInstance().UserManager.createUser(Utils.clone(testUser)); + await SQLConnection.close(); + }; + const tearDown = async () => { + await ObjectManagers.reset(); + await fs.promises.rm(tempDir, {recursive: true, force: true}); + }; + + const shouldHaveInjectedUser = (result: any, user: any) => { + + result.should.have.status(200); + result.text.should.be.a('string'); + result.body.should.deep.equal({}); + const startToken = 'ServerInject = {user:'; + const endToken = ', ConfigInject'; + + const u = JSON.parse(result.text.substring(result.text.indexOf(startToken) + startToken.length, result.text.indexOf(endToken))); + + delete u?.csrfToken; + expect(u).to.deep.equal(user); + }; + + + describe('/Get share/:' + QueryParams.gallery.sharingKey_params, () => { + + beforeEach(setUp); + afterEach(tearDown); + + const fistLoad = async (srv: Server, sharingKey: string): Promise => { + return (chai.request(srv.App) as SuperAgentStatic) + .get('/share/' + sharingKey); + }; + + it('should not get default user with passworded share share without password', async () => { + Config.Sharing.passwordProtected = true; + const sharing = await RouteTestingHelper.createSharing(testUser, 'secret_pass'); + const res = await fistLoad(server, sharing.sharingKey); + shouldHaveInjectedUser(res, null); + }); + + + it('should get default user with no-password share', async () => { + Config.Sharing.passwordProtected = true; + const sharing = await RouteTestingHelper.createSharing(testUser); + const res = await fistLoad(server, sharing.sharingKey); + shouldHaveInjectedUser(res, RouteTestingHelper.getExpectedSharingUser(sharing)); + }); + + it('should get default user for no-password share when password protection disabled', async () => { + Config.Sharing.passwordProtected = false; + const sharing = await RouteTestingHelper.createSharing(testUser); + const res = await fistLoad(server, sharing.sharingKey); + shouldHaveInjectedUser(res, RouteTestingHelper.getExpectedSharingUser(sharing)); + }); + + it('should get default user for passworded share when password protection disabled', async () => { + Config.Sharing.passwordProtected = false; + const sharing = await RouteTestingHelper.createSharing(testUser, 'secret_pass'); + const res = await fistLoad(server, sharing.sharingKey); + shouldHaveInjectedUser(res, RouteTestingHelper.getExpectedSharingUser(sharing)); + }); + + + }); + + +}); diff --git a/test/backend/integration/routers/SharingRouter.ts b/test/backend/integration/routers/SharingRouter.ts index b81b1e6a..d77d9896 100644 --- a/test/backend/integration/routers/SharingRouter.ts +++ b/test/backend/integration/routers/SharingRouter.ts @@ -48,7 +48,7 @@ describe('SharingRouter', () => { await SQLConnection.close(); }; const tearDown = async () => { - await SQLConnection.close(); + await ObjectManagers.reset(); await fs.promises.rm(tempDir, {recursive: true, force: true}); }; @@ -69,21 +69,6 @@ describe('SharingRouter', () => { }; - const login = async (srv: Server): Promise => { - const result = await (chai.request(srv.App) as SuperAgentStatic) - .post(Config.Server.apiPath + '/user/login') - .send({ - loginCredential: { - password: testUser.password, - username: testUser.name, - rememberMe: false - } as LoginCredential - }); - - shouldBeValidUser(result, expectedUser); - return result; - }; - describe('/POST share/login', () => { @@ -91,12 +76,14 @@ describe('SharingRouter', () => { afterEach(tearDown); it('should login with passworded share', async () => { + Config.Sharing.passwordProtected = true; const sharing = await RouteTestingHelper.createSharing(testUser, 'secret_pass'); const res = await shareLogin(server, sharing.sharingKey, sharing.password); shouldBeValidUser(res, RouteTestingHelper.getExpectedSharingUser(sharing)); }); it('should not login with passworded share without password', async () => { + Config.Sharing.passwordProtected = true; const sharing = await RouteTestingHelper.createSharing(testUser, 'secret_pass'); const result = await shareLogin(server, sharing.sharingKey); @@ -106,7 +93,16 @@ describe('SharingRouter', () => { should.equal(result.body.error.code, ErrorCodes.CREDENTIAL_NOT_FOUND); }); + it('should not login with passworded share but password protection disabled', async () => { + Config.Sharing.passwordProtected = false; + const sharing = await RouteTestingHelper.createSharing(testUser, 'secret_pass'); + const res = await shareLogin(server, sharing.sharingKey); + + shouldBeValidUser(res, RouteTestingHelper.getExpectedSharingUser(sharing)); + }); + it('should login with no-password share', async () => { + Config.Sharing.passwordProtected = true; const sharing = await RouteTestingHelper.createSharing(testUser); const res = await shareLogin(server, sharing.sharingKey, sharing.password); shouldBeValidUser(res, RouteTestingHelper.getExpectedSharingUser(sharing)); diff --git a/test/backend/integration/routers/UserRouter.ts b/test/backend/integration/routers/UserRouter.ts index 3cebd39f..9b9227e0 100644 --- a/test/backend/integration/routers/UserRouter.ts +++ b/test/backend/integration/routers/UserRouter.ts @@ -48,7 +48,7 @@ describe('UserRouter', () => { await SQLConnection.close(); }; const tearDown = async () => { - await SQLConnection.close(); + await ObjectManagers.reset(); await fs.promises.rm(tempDir, {recursive: true, force: true}); }; @@ -126,12 +126,13 @@ describe('UserRouter', () => { it('it should authenticate as user with sharing key', async () => { Config.Users.authenticationRequired = true; Config.Sharing.enabled = true; + Config.Sharing.passwordProtected = true; const sharingKey = (await RouteTestingHelper.createSharing(testUser)).sharingKey; const loginRes = await login(server); - const q: any = {}; + const q: Record = {}; q[QueryParams.gallery.sharingKey_query] = sharingKey; const result = await chai.request(server.App) .get(Config.Server.apiPath + '/user/me?' + QueryParams.gallery.sharingKey_query + '=' + sharingKey) @@ -146,29 +147,30 @@ describe('UserRouter', () => { it('it should authenticate with sharing key', async () => { Config.Users.authenticationRequired = true; Config.Sharing.enabled = true; + Config.Sharing.passwordProtected = true; const sharing = (await RouteTestingHelper.createSharing(testUser)); - const q: any = {}; + const q: Record = {}; q[QueryParams.gallery.sharingKey_query] = sharing.sharingKey; const result = await chai.request(server.App) .get(Config.Server.apiPath + '/user/me?' + QueryParams.gallery.sharingKey_query + '=' + sharing.sharingKey); - checkUserResult(result, RouteTestingHelper.getExpectedSharingUser(sharing)); }); + it('it should not authenticate with sharing key without password', async () => { Config.Users.authenticationRequired = true; Config.Sharing.enabled = true; + Config.Sharing.passwordProtected = true; const sharing = (await RouteTestingHelper.createSharing(testUser, 'pass_secret')); - const q: any = {}; + const q: Record = {}; q[QueryParams.gallery.sharingKey_query] = sharing.sharingKey; const result = await chai.request(server.App) .get(Config.Server.apiPath + '/user/me?' + QueryParams.gallery.sharingKey_query + '=' + sharing.sharingKey); - result.should.have.status(401); result.body.should.be.a('object'); result.body.error.should.be.a('object'); diff --git a/test/backend/integration/routers/admin/SettingsRouter.ts b/test/backend/integration/routers/admin/SettingsRouter.ts index 7ce94bf3..649e5e7d 100644 --- a/test/backend/integration/routers/admin/SettingsRouter.ts +++ b/test/backend/integration/routers/admin/SettingsRouter.ts @@ -6,6 +6,7 @@ import {Server} from '../../../../../src/backend/server'; import {DatabaseType, ServerConfig} from '../../../../../src/common/config/private/PrivateConfig'; import {ProjectPath} from '../../../../../src/backend/ProjectPath'; import {TAGS} from '../../../../../src/common/config/public/ClientConfig'; +import {ObjectManagers} from '../../../../../src/backend/model/ObjectManagers'; process.env.NODE_ENV = 'test'; const chai: any = require('chai'); @@ -26,7 +27,7 @@ describe('SettingsRouter', () => { afterEach(async () => { - await SQLConnection.close(); + await ObjectManagers.reset(); await fs.promises.rm(tempDir, {recursive: true, force: true}); });