NodeBB/test/helpers/index.js

'use strict';

const request = require('request');
const requestAsync = require('request-promise-native');
const nconf = require('nconf');
const fs = require('fs');
const winston = require('winston');

const utils = require('../../public/src/utils');

const helpers = module.exports;

helpers.getCsrfToken = async (jar) => {
	const { csrf_token: token } = await requestAsync({
		url: `${nconf.get('url')}/api/config`,
		json: true,
		jar,
	});

	return token;
};

helpers.request = async function (method, uri, options) {
	const csrf_token = await helpers.getCsrfToken(options.jar);
	return new Promise((resolve, reject) => {
		options.headers = options.headers || {};
		options.headers['x-csrf-token'] = csrf_token;
		request[method](`${nconf.get('url')}${uri}`, options, (err, res, body) => {
			if (err) reject(err);
			else resolve({ res, body });
		});
	});
};

helpers.loginUser = function (username, password, callback) {
	const jar = request.jar();

	request({
		url: `${nconf.get('url')}/api/config`,
		json: true,
		jar: jar,
	}, (err, res, body) => {
		if (err || res.statusCode !== 200) {
			return callback(err || new Error('[[error:invalid-response]]'));
		}
		const { csrf_token } = body;
		request.post(`${nconf.get('url')}/login`, {
			form: {
				username: username,
				password: password,
			},
			json: true,
			jar: jar,
			headers: {
				'x-csrf-token': csrf_token,
			},
		}, (err, res, body) => {
			if (err) {
				return callback(err || new Error('[[error:invalid-response]]'));
			}
			callback(null, { jar, res, body, csrf_token: csrf_token });
		});
	});
};


helpers.logoutUser = function (jar, callback) {
	request({
		url: `${nconf.get('url')}/api/config`,
		json: true,
		jar: jar,
	}, (err, response, body) => {
		if (err) {
			return callback(err, response, body);
		}

		request.post(`${nconf.get('url')}/logout`, {
			form: {},
			json: true,
			jar: jar,
			headers: {
				'x-csrf-token': body.csrf_token,
			},
		}, (err, response, body) => {
			callback(err, response, body);
		});
	});
};

helpers.connectSocketIO = function (res, callback) {
	const io = require('socket.io-client');
	let cookies = res.headers['set-cookie'];
	cookies = cookies.filter(c => /express.sid=[^;]+;/.test(c));
	const cookie = cookies[0];
	const socket = io(nconf.get('base_url'), {
		path: `${nconf.get('relative_path')}/socket.io`,
		extraHeaders: {
			Origin: nconf.get('url'),
			Cookie: cookie,
		},
	});

	socket.on('connect', () => {
		callback(null, socket);
	});

	socket.on('error', (err) => {
		callback(err);
	});
};

helpers.uploadFile = function (uploadEndPoint, filePath, body, jar, csrf_token, callback) {
	let formData = {
		files: [
			fs.createReadStream(filePath),
			fs.createReadStream(filePath), // see https://github.com/request/request/issues/2445
		],
	};
	formData = utils.merge(formData, body);
	request.post({
		url: uploadEndPoint,
		formData: formData,
		json: true,
		jar: jar,
		headers: {
			'x-csrf-token': csrf_token,
		},
	}, (err, res, body) => {
		if (err) {
			return callback(err);
		}
		if (res.statusCode !== 200) {
			winston.error(JSON.stringify(body));
		}
		callback(null, res, body);
	});
};

helpers.registerUser = function (data, callback) {
	const jar = request.jar();
	request({
		url: `${nconf.get('url')}/api/config`,
		json: true,
		jar: jar,
	}, (err, response, body) => {
		if (err) {
			return callback(err);
		}

		if (!data.hasOwnProperty('password-confirm')) {
			data['password-confirm'] = data.password;
		}

		request.post(`${nconf.get('url')}/register`, {
			form: data,
			json: true,
			jar: jar,
			headers: {
				'x-csrf-token': body.csrf_token,
			},
		}, (err, response, body) => {
			callback(err, jar, response, body);
		});
	});
};

// http://stackoverflow.com/a/14387791/583363
helpers.copyFile = function (source, target, callback) {
	let cbCalled = false;

	const rd = fs.createReadStream(source);
	rd.on('error', (err) => {
		done(err);
	});
	const wr = fs.createWriteStream(target);
	wr.on('error', (err) => {
		done(err);
	});
	wr.on('close', () => {
		done();
	});
	rd.pipe(wr);

	function done(err) {
		if (!cbCalled) {
			callback(err);
			cbCalled = true;
		}
	}
};

helpers.invite = async function (body, uid, jar, csrf_token) {
	const res = await requestAsync.post(`${nconf.get('url')}/api/v3/users/${uid}/invites`, {
		jar: jar,
		// using "form" since client "api" module make requests with "application/x-www-form-urlencoded" content-type
		form: body,
		headers: {
			'x-csrf-token': csrf_token,
		},
		simple: false,
		resolveWithFullResponse: true,
	});

	res.body = JSON.parse(res.body);
	return { res, body };
};

helpers.createFolder = function (path, folderName, jar, csrf_token) {
	return requestAsync.put(`${nconf.get('url')}/api/v3/files/folder`, {
		jar,
		body: {
			path,
			folderName,
		},
		json: true,
		headers: {
			'x-csrf-token': csrf_token,
		},
		simple: false,
		resolveWithFullResponse: true,
	});
};

require('../../src/promisify')(helpers);
chat controller test 2016-10-25 17:56:32 +03:00			`'use strict';`

chore: eslint no-var, vars-on-top 2021-02-04 00:06:15 -07:00			`const request = require('request');`
feat: invites regardless of registration type, invite privilege, groups to join on acceptance (#8786) * feat: allow invites in normal registration mode + invite privilege * feat: select groups to join from an invite * test: check if groups from invitations have been joined * fix: remove unused variable * feat: write API versions of socket calls * docs: openapi specs for the new routes * test: iron out mongo redis difference * refactor: move inviteGroups endpoint into write API * refactor: use GET /api/v3/users/:uid/invites/groups Instead of GET /api/v3/users/:uid/inviteGroups * fix: no need for /api/v3 prefix when using api module * fix: tests * refactor: change POST /api/v3/users/invite To POST /api/v3/users/:uid/invites * refactor: make helpers.invite awaitable * fix: restrict invite API to self-use only * fix: move invite groups controller to write api, +tests * fix: tests Co-authored-by: Julian Lam <julian@nodebb.org> 2020-11-16 22:47:23 +03:00			`const requestAsync = require('request-promise-native');`
chore: eslint no-var, vars-on-top 2021-02-04 00:06:15 -07:00			`const nconf = require('nconf');`
			`const fs = require('fs');`
			`const winston = require('winston');`
chat controller test 2016-10-25 17:56:32 +03:00
chore: eslint no-var, vars-on-top 2021-02-04 00:06:15 -07:00			`const utils = require('../../public/src/utils');`
fix wrong error returns, more tests 2016-10-26 16:38:42 +03:00
chore: eslint no-var, vars-on-top 2021-02-04 00:06:15 -07:00			`const helpers = module.exports;`
chat controller test 2016-10-25 17:56:32 +03:00
test: added test for external image via new change picture API 2021-09-03 16:46:14 -04:00			`helpers.getCsrfToken = async (jar) => {`
			`const { csrf_token: token } = await requestAsync({`
			url: `${nconf.get('url')}/api/config`,
			`json: true,`
			`jar,`
			`});`

			`return token;`
			`};`

breaking: remove socket.io/flags.js refactor: helpers.loginUser returns a single object {jar, csrf_token} 2021-11-22 19:23:51 -05:00			`helpers.request = async function (method, uri, options) {`
			`const csrf_token = await helpers.getCsrfToken(options.jar);`
			`return new Promise((resolve, reject) => {`
			`options.headers = options.headers \|\| {};`
			`options.headers['x-csrf-token'] = csrf_token;`
			request[method](`${nconf.get('url')}${uri}`, options, (err, res, body) => {
			`if (err) reject(err);`
			`else resolve({ res, body });`
			`});`
			`});`
			`};`

chat controller test 2016-10-25 17:56:32 +03:00			`helpers.loginUser = function (username, password, callback) {`
chore: eslint no-var, vars-on-top 2021-02-04 00:06:15 -07:00			`const jar = request.jar();`
closes #5642 2017-05-27 23:32:55 -04:00
chat controller test 2016-10-25 17:56:32 +03:00			`request({`
chore: eslint prefer-template 2021-02-03 23:59:08 -07:00			url: `${nconf.get('url')}/api/config`,
chat controller test 2016-10-25 17:56:32 +03:00			`json: true,`
ESlint comma-dangle 2017-02-17 19:31:21 -07:00			`jar: jar,`
chore: eslint prefer-arrow-callback 2021-02-04 00:01:39 -07:00			`}, (err, res, body) => {`
fix wrong error returns, more tests 2016-10-26 16:38:42 +03:00			`if (err \|\| res.statusCode !== 200) {`
chat controller test 2016-10-25 17:56:32 +03:00			`return callback(err \|\| new Error('[[error:invalid-response]]'));`
			`}`
fix: #10027, properly auto confirm first user 2021-11-22 23:20:31 -05:00			`const { csrf_token } = body;`
chore: eslint prefer-template 2021-02-03 23:59:08 -07:00			request.post(`${nconf.get('url')}/login`, {
chat controller test 2016-10-25 17:56:32 +03:00			`form: {`
			`username: username,`
			`password: password,`
			`},`
			`json: true,`
			`jar: jar,`
			`headers: {`
fix: #10027, properly auto confirm first user 2021-11-22 23:20:31 -05:00			`'x-csrf-token': csrf_token,`
ESlint comma-dangle 2017-02-17 19:31:21 -07:00			`},`
fix: #10027, properly auto confirm first user 2021-11-22 23:20:31 -05:00			`}, (err, res, body) => {`
			`if (err) {`
chat controller test 2016-10-25 17:56:32 +03:00			`return callback(err \|\| new Error('[[error:invalid-response]]'));`
			`}`
fix: #10027, properly auto confirm first user 2021-11-22 23:20:31 -05:00			`callback(null, { jar, res, body, csrf_token: csrf_token });`
fix wrong error returns, more tests 2016-10-26 16:38:42 +03:00			`});`
			`});`
			`};`

closes #5642 2017-05-27 23:32:55 -04:00
			`helpers.logoutUser = function (jar, callback) {`
			`request({`
chore: eslint prefer-template 2021-02-03 23:59:08 -07:00			url: `${nconf.get('url')}/api/config`,
closes #5642 2017-05-27 23:32:55 -04:00			`json: true,`
			`jar: jar,`
chore: eslint prefer-arrow-callback 2021-02-04 00:01:39 -07:00			`}, (err, response, body) => {`
closes #5642 2017-05-27 23:32:55 -04:00			`if (err) {`
			`return callback(err, response, body);`
			`}`

chore: eslint prefer-template 2021-02-03 23:59:08 -07:00			request.post(`${nconf.get('url')}/logout`, {
closes #5642 2017-05-27 23:32:55 -04:00			`form: {},`
			`json: true,`
			`jar: jar,`
			`headers: {`
			`'x-csrf-token': body.csrf_token,`
			`},`
chore: eslint prefer-arrow-callback 2021-02-04 00:01:39 -07:00			`}, (err, response, body) => {`
closes #5642 2017-05-27 23:32:55 -04:00			`callback(err, response, body);`
			`});`
			`});`
			`};`

fix tests for subfolder installs 2017-02-25 16:04:04 +03:00			`helpers.connectSocketIO = function (res, callback) {`
chore: eslint no-var, vars-on-top 2021-02-04 00:06:15 -07:00			`const io = require('socket.io-client');`
fix: #8142, broken site if no server-side session (#8148) * fix: #8142, broken site if no server-side session During the `addHeader` middleware, a check is now done to see if `req.session.meta` is present. This value is only present if the user has a valid server-side session. If it is missing, then it is probably safe to assume that the server-side session was deleted (either intentionally or accidentally). In that scenario, the client-side cookie should be cleared. Also, there was an issue where the sessionRefresh flag was never cleared after a successful login, so that was fixed too. * feat: exported method to get cookie config * fix: don't clear cookie if cookie is being set * fix: socket.io tests Co-authored-by: Barış Soner Uşaklı <barisusakli@gmail.com> 2020-02-06 15:52:37 -05:00			`let cookies = res.headers['set-cookie'];`
			`cookies = cookies.filter(c => /express.sid=[^;]+;/.test(c));`
			`const cookie = cookies[0];`
chore: eslint no-var, vars-on-top 2021-02-04 00:06:15 -07:00			`const socket = io(nconf.get('base_url'), {`
chore: eslint prefer-template 2021-02-03 23:59:08 -07:00			path: `${nconf.get('relative_path')}/socket.io`,
testing new socket.io-client extraHeaders (#5985) * testing new socket.io-client extraHeaders * change mongodb installation 2017-10-13 13:57:30 -04:00			`extraHeaders: {`
			`Origin: nconf.get('url'),`
			`Cookie: cookie,`
			`},`
fix tests for subfolder installs 2017-02-25 16:04:04 +03:00			`});`
testing new socket.io-client extraHeaders (#5985) * testing new socket.io-client extraHeaders * change mongodb installation 2017-10-13 13:57:30 -04:00
chore: eslint prefer-arrow-callback 2021-02-04 00:01:39 -07:00			`socket.on('connect', () => {`
testing new socket.io-client extraHeaders (#5985) * testing new socket.io-client extraHeaders * change mongodb installation 2017-10-13 13:57:30 -04:00			`callback(null, socket);`
fix tests for subfolder installs 2017-02-25 16:04:04 +03:00			`});`

chore: eslint prefer-arrow-callback 2021-02-04 00:01:39 -07:00			`socket.on('error', (err) => {`
fix tests for subfolder installs 2017-02-25 16:04:04 +03:00			`callback(err);`
			`});`
			`};`

some upload tests 2016-11-01 17:33:19 +03:00			`helpers.uploadFile = function (uploadEndPoint, filePath, body, jar, csrf_token, callback) {`
chore: eslint no-var, vars-on-top 2021-02-04 00:06:15 -07:00			`let formData = {`
some upload tests 2016-11-01 17:33:19 +03:00			`files: [`
			`fs.createReadStream(filePath),`
ESlint comma-dangle 2017-02-17 19:31:21 -07:00			`fs.createReadStream(filePath), // see https://github.com/request/request/issues/2445`
			`],`
some upload tests 2016-11-01 17:33:19 +03:00			`};`
			`formData = utils.merge(formData, body);`
			`request.post({`
			`url: uploadEndPoint,`
			`formData: formData,`
			`json: true,`
			`jar: jar,`
			`headers: {`
ESlint comma-dangle 2017-02-17 19:31:21 -07:00			`'x-csrf-token': csrf_token,`
			`},`
chore: eslint prefer-arrow-callback 2021-02-04 00:01:39 -07:00			`}, (err, res, body) => {`
some upload tests 2016-11-01 17:33:19 +03:00			`if (err) {`
			`return callback(err);`
			`}`
show output if upload fails 2017-05-10 22:05:23 -04:00			`if (res.statusCode !== 200) {`
fix: vulnerability in cover and admin uploads (#8419) * fix: vulnerability in cover and admin uploads * fix: remove old test * fix: update tests 2020-06-22 12:08:35 -04:00			`winston.error(JSON.stringify(body));`
show output if upload fails 2017-05-10 22:05:23 -04:00			`}`
			`callback(null, res, body);`
some upload tests 2016-11-01 17:33:19 +03:00			`});`
more tests group cover upload tests registration approval queue tests 2016-12-02 14:05:54 +03:00			`};`

			`helpers.registerUser = function (data, callback) {`
chore: eslint no-var, vars-on-top 2021-02-04 00:06:15 -07:00			`const jar = request.jar();`
more tests group cover upload tests registration approval queue tests 2016-12-02 14:05:54 +03:00			`request({`
chore: eslint prefer-template 2021-02-03 23:59:08 -07:00			url: `${nconf.get('url')}/api/config`,
more tests group cover upload tests registration approval queue tests 2016-12-02 14:05:54 +03:00			`json: true,`
ESlint comma-dangle 2017-02-17 19:31:21 -07:00			`jar: jar,`
chore: eslint prefer-arrow-callback 2021-02-04 00:01:39 -07:00			`}, (err, response, body) => {`
more tests group cover upload tests registration approval queue tests 2016-12-02 14:05:54 +03:00			`if (err) {`
			`return callback(err);`
			`}`

fix(emails): registration tests, email no longer passed-in, API tests (confirm email for test accounts) 2021-06-28 15:07:19 -04:00			`if (!data.hasOwnProperty('password-confirm')) {`
			`data['password-confirm'] = data.password;`
			`}`

chore: eslint prefer-template 2021-02-03 23:59:08 -07:00			request.post(`${nconf.get('url')}/register`, {
more tests group cover upload tests registration approval queue tests 2016-12-02 14:05:54 +03:00			`form: data,`
			`json: true,`
			`jar: jar,`
			`headers: {`
ESlint comma-dangle 2017-02-17 19:31:21 -07:00			`'x-csrf-token': body.csrf_token,`
			`},`
chore: eslint prefer-arrow-callback 2021-02-04 00:01:39 -07:00			`}, (err, response, body) => {`
closes #5907 2017-09-01 18:40:34 -04:00			`callback(err, jar, response, body);`
more tests group cover upload tests registration approval queue tests 2016-12-02 14:05:54 +03:00			`});`
			`});`
			`};`

ESlint spaced-comment 2017-02-18 01:25:46 -07:00			`// http://stackoverflow.com/a/14387791/583363`
more tests group cover upload tests registration approval queue tests 2016-12-02 14:05:54 +03:00			`helpers.copyFile = function (source, target, callback) {`
chore: eslint no-var, vars-on-top 2021-02-04 00:06:15 -07:00			`let cbCalled = false;`
more tests group cover upload tests registration approval queue tests 2016-12-02 14:05:54 +03:00
chore: eslint no-var, vars-on-top 2021-02-04 00:06:15 -07:00			`const rd = fs.createReadStream(source);`
chore: eslint prefer-arrow-callback 2021-02-04 00:01:39 -07:00			`rd.on('error', (err) => {`
more tests group cover upload tests registration approval queue tests 2016-12-02 14:05:54 +03:00			`done(err);`
			`});`
chore: eslint no-var, vars-on-top 2021-02-04 00:06:15 -07:00			`const wr = fs.createWriteStream(target);`
chore: eslint prefer-arrow-callback 2021-02-04 00:01:39 -07:00			`wr.on('error', (err) => {`
more tests group cover upload tests registration approval queue tests 2016-12-02 14:05:54 +03:00			`done(err);`
			`});`
chore: eslint prefer-arrow-callback 2021-02-04 00:01:39 -07:00			`wr.on('close', () => {`
more tests group cover upload tests registration approval queue tests 2016-12-02 14:05:54 +03:00			`done();`
			`});`
			`rd.pipe(wr);`

			`function done(err) {`
			`if (!cbCalled) {`
			`callback(err);`
			`cbCalled = true;`
			`}`
			`}`
ESlint eol-last 2017-02-18 02:30:48 -07:00			`};`
fix: #7912 2019-09-20 11:44:49 -04:00
feat: invites regardless of registration type, invite privilege, groups to join on acceptance (#8786) * feat: allow invites in normal registration mode + invite privilege * feat: select groups to join from an invite * test: check if groups from invitations have been joined * fix: remove unused variable * feat: write API versions of socket calls * docs: openapi specs for the new routes * test: iron out mongo redis difference * refactor: move inviteGroups endpoint into write API * refactor: use GET /api/v3/users/:uid/invites/groups Instead of GET /api/v3/users/:uid/inviteGroups * fix: no need for /api/v3 prefix when using api module * fix: tests * refactor: change POST /api/v3/users/invite To POST /api/v3/users/:uid/invites * refactor: make helpers.invite awaitable * fix: restrict invite API to self-use only * fix: move invite groups controller to write api, +tests * fix: tests Co-authored-by: Julian Lam <julian@nodebb.org> 2020-11-16 22:47:23 +03:00			`helpers.invite = async function (body, uid, jar, csrf_token) {`
			const res = await requestAsync.post(`${nconf.get('url')}/api/v3/users/${uid}/invites`, {
			`jar: jar,`
			`// using "form" since client "api" module make requests with "application/x-www-form-urlencoded" content-type`
			`form: body,`
			`headers: {`
			`'x-csrf-token': csrf_token,`
			`},`
			`simple: false,`
			`resolveWithFullResponse: true,`
			`});`

			`res.body = JSON.parse(res.body);`
			`return { res, body };`
			`};`

feat: create folders in ACP uploads #9638 (#9750) * feat: create folders in ACP uploads #9638 * fix: openapi * test: missing tests * fix: eslint * fix: tests 2021-08-31 16:27:00 +03:00			`helpers.createFolder = function (path, folderName, jar, csrf_token) {`
			return requestAsync.put(`${nconf.get('url')}/api/v3/files/folder`, {
			`jar,`
			`body: {`
			`path,`
			`folderName,`
			`},`
			`json: true,`
			`headers: {`
			`'x-csrf-token': csrf_token,`
			`},`
			`simple: false,`
			`resolveWithFullResponse: true,`
			`});`
			`};`

fix: #7912 2019-09-20 11:44:49 -04:00			`require('../../src/promisify')(helpers);`