NodeBB/test/feeds.js

'use strict';

const assert = require('assert');
const async = require('async');
const request = require('request');
const nconf = require('nconf');

const db = require('./mocks/databasemock');
const topics = require('../src/topics');
const categories = require('../src/categories');
const groups = require('../src/groups');
const user = require('../src/user');
const meta = require('../src/meta');
const privileges = require('../src/privileges');
const helpers = require('./helpers');

describe('feeds', () => {
	let tid;
	let pid;
	let fooUid;
	let cid;
	before((done) => {
		meta.config['feeds:disableRSS'] = 1;
		async.series({
			category: function (next) {
				categories.create({
					name: 'Test Category',
					description: 'Test category created by testing script',
				}, next);
			},
			user: function (next) {
				user.create({ username: 'foo', password: 'barbar', email: 'foo@test.com' }, next);
			},
		}, (err, results) => {
			if (err) {
				return done(err);
			}
			cid = results.category.cid;
			fooUid = results.user;

			topics.post({ uid: results.user, title: 'test topic title', content: 'test topic content', cid: results.category.cid }, (err, result) => {
				tid = result.topicData.tid;
				pid = result.postData.pid;
				done(err);
			});
		});
	});


	it('should 404', (done) => {
		const feedUrls = [
			`${nconf.get('url')}/topic/${tid}.rss`,
			`${nconf.get('url')}/category/${cid}.rss`,
			`${nconf.get('url')}/topics.rss`,
			`${nconf.get('url')}/recent.rss`,
			`${nconf.get('url')}/top.rss`,
			`${nconf.get('url')}/popular.rss`,
			`${nconf.get('url')}/popular/day.rss`,
			`${nconf.get('url')}/recentposts.rss`,
			`${nconf.get('url')}/category/${cid}/recentposts.rss`,
			`${nconf.get('url')}/user/foo/topics.rss`,
			`${nconf.get('url')}/tags/nodebb.rss`,
		];
		async.eachSeries(feedUrls, (url, next) => {
			request(url, (err, res) => {
				assert.ifError(err);
				assert.equal(res.statusCode, 404);
				next();
			});
		}, (err) => {
			assert.ifError(err);
			meta.config['feeds:disableRSS'] = 0;
			done();
		});
	});

	it('should 404 if topic does not exist', (done) => {
		request(`${nconf.get('url')}/topic/${1000}.rss`, (err, res) => {
			assert.ifError(err);
			assert.equal(res.statusCode, 404);
			done();
		});
	});

	it('should 404 if category id is not a number', (done) => {
		request(`${nconf.get('url')}/category/invalid.rss`, (err, res) => {
			assert.ifError(err);
			assert.equal(res.statusCode, 404);
			done();
		});
	});

	it('should redirect if we do not have read privilege', (done) => {
		privileges.categories.rescind(['groups:topics:read'], cid, 'guests', (err) => {
			assert.ifError(err);
			request(`${nconf.get('url')}/topic/${tid}.rss`, (err, res, body) => {
				assert.ifError(err);
				assert.equal(res.statusCode, 200);
				assert(body);
				assert(body.includes('Login to your account'));
				privileges.categories.give(['groups:topics:read'], cid, 'guests', done);
			});
		});
	});

	it('should 404 if user is not found', (done) => {
		request(`${nconf.get('url')}/user/doesnotexist/topics.rss`, (err, res) => {
			assert.ifError(err);
			assert.equal(res.statusCode, 404);
			done();
		});
	});

	it('should redirect if we do not have read privilege', (done) => {
		privileges.categories.rescind(['groups:read'], cid, 'guests', (err) => {
			assert.ifError(err);
			request(`${nconf.get('url')}/category/${cid}.rss`, (err, res, body) => {
				assert.ifError(err);
				assert.equal(res.statusCode, 200);
				assert(body);
				assert(body.includes('Login to your account'));
				privileges.categories.give(['groups:read'], cid, 'guests', done);
			});
		});
	});

	describe('private feeds and tokens', () => {
		let jar;
		let rssToken;
		before(async () => {
			({ jar } = await helpers.loginUser('foo', 'barbar'));
		});

		it('should load feed if its not private', (done) => {
			request(`${nconf.get('url')}/category/${cid}.rss`, { }, (err, res, body) => {
				assert.ifError(err);
				assert.equal(res.statusCode, 200);
				assert(body);
				done();
			});
		});


		it('should not allow access if uid or token is missing', (done) => {
			privileges.categories.rescind(['groups:read'], cid, 'guests', (err) => {
				assert.ifError(err);
				async.parallel({
					test1: function (next) {
						request(`${nconf.get('url')}/category/${cid}.rss?uid=${fooUid}`, { }, next);
					},
					test2: function (next) {
						request(`${nconf.get('url')}/category/${cid}.rss?token=sometoken`, { }, next);
					},
				}, (err, results) => {
					assert.ifError(err);
					assert.equal(results.test1[0].statusCode, 200);
					assert.equal(results.test2[0].statusCode, 200);
					assert(results.test1[0].body.includes('Login to your account'));
					assert(results.test2[0].body.includes('Login to your account'));
					done();
				});
			});
		});

		it('should not allow access if token is wrong', (done) => {
			request(`${nconf.get('url')}/category/${cid}.rss?uid=${fooUid}&token=sometoken`, { }, (err, res, body) => {
				assert.ifError(err);
				assert.equal(res.statusCode, 200);
				assert(body.includes('Login to your account'));
				done();
			});
		});

		it('should allow access if token is correct', (done) => {
			request(`${nconf.get('url')}/api/category/${cid}`, { jar: jar, json: true }, (err, res, body) => {
				assert.ifError(err);
				rssToken = body.rssFeedUrl.split('token')[1].slice(1);
				request(`${nconf.get('url')}/category/${cid}.rss?uid=${fooUid}&token=${rssToken}`, { }, (err, res, body) => {
					assert.ifError(err);
					assert.equal(res.statusCode, 200);
					assert(body.startsWith('<?xml version="1.0"'));
					done();
				});
			});
		});

		it('should not allow access if token is correct but has no privilege', (done) => {
			privileges.categories.rescind(['groups:read'], cid, 'registered-users', (err) => {
				assert.ifError(err);
				request(`${nconf.get('url')}/category/${cid}.rss?uid=${fooUid}&token=${rssToken}`, { }, (err, res, body) => {
					assert.ifError(err);
					assert.equal(res.statusCode, 200);
					assert(body.includes('Login to your account'));
					done();
				});
			});
		});
	});
});
more feed tests 2017-05-21 19:45:25 -04:00			`'use strict';`

chore: eslint no-var, vars-on-top 2021-02-04 00:06:15 -07:00			`const assert = require('assert');`
			`const async = require('async');`
			`const request = require('request');`
			`const nconf = require('nconf');`
more feed tests 2017-05-21 19:45:25 -04:00
chore: eslint no-var, vars-on-top 2021-02-04 00:06:15 -07:00			`const db = require('./mocks/databasemock');`
			`const topics = require('../src/topics');`
			`const categories = require('../src/categories');`
			`const groups = require('../src/groups');`
			`const user = require('../src/user');`
			`const meta = require('../src/meta');`
			`const privileges = require('../src/privileges');`
			`const helpers = require('./helpers');`
more feed tests 2017-05-21 19:45:25 -04:00
chore: eslint prefer-arrow-callback 2021-02-04 00:01:39 -07:00			`describe('feeds', () => {`
chore: eslint no-var, vars-on-top 2021-02-04 00:06:15 -07:00			`let tid;`
			`let pid;`
			`let fooUid;`
			`let cid;`
chore: eslint prefer-arrow-callback 2021-02-04 00:01:39 -07:00			`before((done) => {`
more feed tests 2017-05-21 19:45:25 -04:00			`meta.config['feeds:disableRSS'] = 1;`
			`async.series({`
			`category: function (next) {`
			`categories.create({`
			`name: 'Test Category',`
			`description: 'Test category created by testing script',`
			`}, next);`
			`},`
			`user: function (next) {`
			`user.create({ username: 'foo', password: 'barbar', email: 'foo@test.com' }, next);`
			`},`
chore: eslint prefer-arrow-callback 2021-02-04 00:01:39 -07:00			`}, (err, results) => {`
more feed tests 2017-05-21 19:45:25 -04:00			`if (err) {`
			`return done(err);`
			`}`
			`cid = results.category.cid;`
			`fooUid = results.user;`

chore: eslint prefer-arrow-callback 2021-02-04 00:01:39 -07:00			`topics.post({ uid: results.user, title: 'test topic title', content: 'test topic content', cid: results.category.cid }, (err, result) => {`
more feed tests 2017-05-21 19:45:25 -04:00			`tid = result.topicData.tid;`
			`pid = result.postData.pid;`
			`done(err);`
			`});`
			`});`
			`});`


chore: eslint prefer-arrow-callback 2021-02-04 00:01:39 -07:00			`it('should 404', (done) => {`
chore: eslint no-var, vars-on-top 2021-02-04 00:06:15 -07:00			`const feedUrls = [`
chore: eslint prefer-template 2021-02-03 23:59:08 -07:00			`${nconf.get('url')}/topic/${tid}.rss`,
			`${nconf.get('url')}/category/${cid}.rss`,
			`${nconf.get('url')}/topics.rss`,
			`${nconf.get('url')}/recent.rss`,
			`${nconf.get('url')}/top.rss`,
			`${nconf.get('url')}/popular.rss`,
			`${nconf.get('url')}/popular/day.rss`,
			`${nconf.get('url')}/recentposts.rss`,
			`${nconf.get('url')}/category/${cid}/recentposts.rss`,
			`${nconf.get('url')}/user/foo/topics.rss`,
			`${nconf.get('url')}/tags/nodebb.rss`,
more feed tests 2017-05-21 19:45:25 -04:00			`];`
chore: eslint prefer-arrow-callback 2021-02-04 00:01:39 -07:00			`async.eachSeries(feedUrls, (url, next) => {`
			`request(url, (err, res) => {`
more feed tests 2017-05-21 19:45:25 -04:00			`assert.ifError(err);`
			`assert.equal(res.statusCode, 404);`
			`next();`
			`});`
chore: eslint prefer-arrow-callback 2021-02-04 00:01:39 -07:00			`}, (err) => {`
more feed tests 2017-05-21 19:45:25 -04:00			`assert.ifError(err);`
			`meta.config['feeds:disableRSS'] = 0;`
			`done();`
			`});`
			`});`

chore: eslint prefer-arrow-callback 2021-02-04 00:01:39 -07:00			`it('should 404 if topic does not exist', (done) => {`
			request(`${nconf.get('url')}/topic/${1000}.rss`, (err, res) => {
more feed tests 2017-05-21 19:45:25 -04:00			`assert.ifError(err);`
			`assert.equal(res.statusCode, 404);`
			`done();`
			`});`
			`});`

chore: eslint prefer-arrow-callback 2021-02-04 00:01:39 -07:00			`it('should 404 if category id is not a number', (done) => {`
			request(`${nconf.get('url')}/category/invalid.rss`, (err, res) => {
closes #6680 2018-07-31 14:26:12 -04:00			`assert.ifError(err);`
			`assert.equal(res.statusCode, 404);`
			`done();`
			`});`
			`});`

chore: eslint prefer-arrow-callback 2021-02-04 00:01:39 -07:00			`it('should redirect if we do not have read privilege', (done) => {`
			`privileges.categories.rescind(['groups:topics:read'], cid, 'guests', (err) => {`
more feed tests 2017-05-21 19:45:25 -04:00			`assert.ifError(err);`
chore: eslint prefer-arrow-callback 2021-02-04 00:01:39 -07:00			request(`${nconf.get('url')}/topic/${tid}.rss`, (err, res, body) => {
more feed tests 2017-05-21 19:45:25 -04:00			`assert.ifError(err);`
			`assert.equal(res.statusCode, 200);`
			`assert(body);`
use includes instead of indexOf use _.uniq instead of filter&indexOf 2018-10-20 14:40:48 -04:00			`assert(body.includes('Login to your account'));`
feat: add privilege give/rescind hooks (#8336) * feat: add privilege give/rescind hooks action:privileges.categories.give/rescind action:privileges.global.give/rescind breaking change, privileges.categories.give/rescind and privileges.global.give/rescind use full privilege name for groups ie `groups:find` instead of `find` * fix: tests, privileges renamed 2020-05-26 21:57:38 -04:00			`privileges.categories.give(['groups:topics:read'], cid, 'guests', done);`
more feed tests 2017-05-21 19:45:25 -04:00			`});`
			`});`
			`});`

chore: eslint prefer-arrow-callback 2021-02-04 00:01:39 -07:00			`it('should 404 if user is not found', (done) => {`
			request(`${nconf.get('url')}/user/doesnotexist/topics.rss`, (err, res) => {
more feed tests 2017-05-21 19:45:25 -04:00			`assert.ifError(err);`
			`assert.equal(res.statusCode, 404);`
			`done();`
			`});`
			`});`

chore: eslint prefer-arrow-callback 2021-02-04 00:01:39 -07:00			`it('should redirect if we do not have read privilege', (done) => {`
			`privileges.categories.rescind(['groups:read'], cid, 'guests', (err) => {`
more feed tests 2017-05-21 19:45:25 -04:00			`assert.ifError(err);`
chore: eslint prefer-arrow-callback 2021-02-04 00:01:39 -07:00			request(`${nconf.get('url')}/category/${cid}.rss`, (err, res, body) => {
more feed tests 2017-05-21 19:45:25 -04:00			`assert.ifError(err);`
			`assert.equal(res.statusCode, 200);`
			`assert(body);`
use includes instead of indexOf use _.uniq instead of filter&indexOf 2018-10-20 14:40:48 -04:00			`assert(body.includes('Login to your account'));`
feat: add privilege give/rescind hooks (#8336) * feat: add privilege give/rescind hooks action:privileges.categories.give/rescind action:privileges.global.give/rescind breaking change, privileges.categories.give/rescind and privileges.global.give/rescind use full privilege name for groups ie `groups:find` instead of `find` * fix: tests, privileges renamed 2020-05-26 21:57:38 -04:00			`privileges.categories.give(['groups:read'], cid, 'guests', done);`
more feed tests 2017-05-21 19:45:25 -04:00			`});`
			`});`
			`});`
closes #5740 added token to topic page as well check privilege even if token is provided tests 2017-06-22 12:44:37 -04:00
chore: eslint prefer-arrow-callback 2021-02-04 00:01:39 -07:00			`describe('private feeds and tokens', () => {`
chore: eslint no-var, vars-on-top 2021-02-04 00:06:15 -07:00			`let jar;`
			`let rssToken;`
breaking: remove socket.io/flags.js refactor: helpers.loginUser returns a single object {jar, csrf_token} 2021-11-22 19:23:51 -05:00			`before(async () => {`
			`({ jar } = await helpers.loginUser('foo', 'barbar'));`
closes #5740 added token to topic page as well check privilege even if token is provided tests 2017-06-22 12:44:37 -04:00			`});`

chore: eslint prefer-arrow-callback 2021-02-04 00:01:39 -07:00			`it('should load feed if its not private', (done) => {`
			request(`${nconf.get('url')}/category/${cid}.rss`, { }, (err, res, body) => {
closes #5740 added token to topic page as well check privilege even if token is provided tests 2017-06-22 12:44:37 -04:00			`assert.ifError(err);`
			`assert.equal(res.statusCode, 200);`
			`assert(body);`
			`done();`
			`});`
			`});`


chore: eslint prefer-arrow-callback 2021-02-04 00:01:39 -07:00			`it('should not allow access if uid or token is missing', (done) => {`
			`privileges.categories.rescind(['groups:read'], cid, 'guests', (err) => {`
closes #5740 added token to topic page as well check privilege even if token is provided tests 2017-06-22 12:44:37 -04:00			`assert.ifError(err);`
			`async.parallel({`
			`test1: function (next) {`
chore: eslint prefer-template 2021-02-03 23:59:08 -07:00			request(`${nconf.get('url')}/category/${cid}.rss?uid=${fooUid}`, { }, next);
closes #5740 added token to topic page as well check privilege even if token is provided tests 2017-06-22 12:44:37 -04:00			`},`
			`test2: function (next) {`
chore: eslint prefer-template 2021-02-03 23:59:08 -07:00			request(`${nconf.get('url')}/category/${cid}.rss?token=sometoken`, { }, next);
closes #5740 added token to topic page as well check privilege even if token is provided tests 2017-06-22 12:44:37 -04:00			`},`
chore: eslint prefer-arrow-callback 2021-02-04 00:01:39 -07:00			`}, (err, results) => {`
closes #5740 added token to topic page as well check privilege even if token is provided tests 2017-06-22 12:44:37 -04:00			`assert.ifError(err);`
			`assert.equal(results.test1[0].statusCode, 200);`
			`assert.equal(results.test2[0].statusCode, 200);`
use includes instead of indexOf use _.uniq instead of filter&indexOf 2018-10-20 14:40:48 -04:00			`assert(results.test1[0].body.includes('Login to your account'));`
			`assert(results.test2[0].body.includes('Login to your account'));`
closes #5740 added token to topic page as well check privilege even if token is provided tests 2017-06-22 12:44:37 -04:00			`done();`
			`});`
			`});`
			`});`

chore: eslint prefer-arrow-callback 2021-02-04 00:01:39 -07:00			`it('should not allow access if token is wrong', (done) => {`
			request(`${nconf.get('url')}/category/${cid}.rss?uid=${fooUid}&token=sometoken`, { }, (err, res, body) => {
closes #5740 added token to topic page as well check privilege even if token is provided tests 2017-06-22 12:44:37 -04:00			`assert.ifError(err);`
			`assert.equal(res.statusCode, 200);`
use includes instead of indexOf use _.uniq instead of filter&indexOf 2018-10-20 14:40:48 -04:00			`assert(body.includes('Login to your account'));`
closes #5740 added token to topic page as well check privilege even if token is provided tests 2017-06-22 12:44:37 -04:00			`done();`
			`});`
			`});`

chore: eslint prefer-arrow-callback 2021-02-04 00:01:39 -07:00			`it('should allow access if token is correct', (done) => {`
			request(`${nconf.get('url')}/api/category/${cid}`, { jar: jar, json: true }, (err, res, body) => {
closes #5740 added token to topic page as well check privilege even if token is provided tests 2017-06-22 12:44:37 -04:00			`assert.ifError(err);`
			`rssToken = body.rssFeedUrl.split('token')[1].slice(1);`
chore: eslint prefer-arrow-callback 2021-02-04 00:01:39 -07:00			request(`${nconf.get('url')}/category/${cid}.rss?uid=${fooUid}&token=${rssToken}`, { }, (err, res, body) => {
closes #5740 added token to topic page as well check privilege even if token is provided tests 2017-06-22 12:44:37 -04:00			`assert.ifError(err);`
			`assert.equal(res.statusCode, 200);`
fix: #6407, fix feeds display latest posts instead of oldest in topic rss feed fix missing await that was causing rss_tokens to not function fix feed test more tests for getTopicWithPosts 2020-11-18 14:25:39 -05:00			`assert(body.startsWith('<?xml version="1.0"'));`
closes #5740 added token to topic page as well check privilege even if token is provided tests 2017-06-22 12:44:37 -04:00			`done();`
			`});`
			`});`
			`});`

chore: eslint prefer-arrow-callback 2021-02-04 00:01:39 -07:00			`it('should not allow access if token is correct but has no privilege', (done) => {`
			`privileges.categories.rescind(['groups:read'], cid, 'registered-users', (err) => {`
fix link tag url 2017-06-22 13:04:24 -04:00			`assert.ifError(err);`
chore: eslint prefer-arrow-callback 2021-02-04 00:01:39 -07:00			request(`${nconf.get('url')}/category/${cid}.rss?uid=${fooUid}&token=${rssToken}`, { }, (err, res, body) => {
closes #5740 added token to topic page as well check privilege even if token is provided tests 2017-06-22 12:44:37 -04:00			`assert.ifError(err);`
			`assert.equal(res.statusCode, 200);`
use includes instead of indexOf use _.uniq instead of filter&indexOf 2018-10-20 14:40:48 -04:00			`assert(body.includes('Login to your account'));`
closes #5740 added token to topic page as well check privilege even if token is provided tests 2017-06-22 12:44:37 -04:00			`done();`
			`});`
			`});`
			`});`
			`});`
more feed tests 2017-05-21 19:45:25 -04:00			`});`