NodeBB/test/feeds.js

'use strict';

const assert = require('assert');
const nconf = require('nconf');

const db = require('./mocks/databasemock');
const request = require('../src/request');
const topics = require('../src/topics');
const categories = require('../src/categories');
const user = require('../src/user');
const meta = require('../src/meta');
const privileges = require('../src/privileges');
const helpers = require('./helpers');

describe('feeds', () => {
	let tid;
	let fooUid;
	let cid;
	before(async () => {
		meta.config['feeds:disableRSS'] = 1;
		const category = await categories.create({
			name: 'Test Category',
			description: 'Test category created by testing script',
		});
		cid = category.cid;
		fooUid = await user.create({ username: 'foo', password: 'barbar', email: 'foo@test.com' });

		const result = await topics.post({
			cid: cid,
			uid: fooUid,
			title: 'test topic title',
			content: 'test topic content',
		});
		tid = result.topicData.tid;
	});

	it('should 404', async () => {
		const feedUrls = [
			`${nconf.get('url')}/topic/${tid}.rss`,
			`${nconf.get('url')}/category/${cid}.rss`,
			`${nconf.get('url')}/topics.rss`,
			`${nconf.get('url')}/recent.rss`,
			`${nconf.get('url')}/top.rss`,
			`${nconf.get('url')}/popular.rss`,
			`${nconf.get('url')}/popular/day.rss`,
			`${nconf.get('url')}/recentposts.rss`,
			`${nconf.get('url')}/category/${cid}/recentposts.rss`,
			`${nconf.get('url')}/user/foo/topics.rss`,
			`${nconf.get('url')}/tags/nodebb.rss`,
		];
		for (const url of feedUrls) {
			// eslint-disable-next-line no-await-in-loop
			const { response } = await request.get(url);
			assert.equal(response.statusCode, 404);
		}
		meta.config['feeds:disableRSS'] = 0;
	});

	it('should 404 if topic does not exist', async () => {
		const { response } = await request.get(`${nconf.get('url')}/topic/${1000}.rss`);
		assert.equal(response.statusCode, 404);
	});

	it('should 404 if category id is not a number', async () => {
		const { response } = await request.get(`${nconf.get('url')}/category/invalid.rss`);
		assert.equal(response.statusCode, 404);
	});

	it('should redirect if we do not have read privilege', async () => {
		await privileges.categories.rescind(['groups:topics:read'], cid, 'guests');
		const { response, body } = await request.get(`${nconf.get('url')}/topic/${tid}.rss`);
		assert.equal(response.statusCode, 200);
		assert(body);
		assert(body.includes('Login to your account'));
		await privileges.categories.give(['groups:topics:read'], cid, 'guests');
	});

	it('should 404 if user is not found', async () => {
		const { response } = await request.get(`${nconf.get('url')}/user/doesnotexist/topics.rss`);
		assert.equal(response.statusCode, 404);
	});

	it('should redirect if we do not have read privilege', async () => {
		await privileges.categories.rescind(['groups:read'], cid, 'guests');
		const { response, body } = await request.get(`${nconf.get('url')}/category/${cid}.rss`);
		assert.equal(response.statusCode, 200);
		assert(body);
		assert(body.includes('Login to your account'));
		await privileges.categories.give(['groups:read'], cid, 'guests');
	});

	describe('private feeds and tokens', () => {
		let jar;
		let rssToken;
		before(async () => {
			({ jar } = await helpers.loginUser('foo', 'barbar'));
		});

		it('should load feed if its not private', async () => {
			const { response, body } = await request.get(`${nconf.get('url')}/category/${cid}.rss`);
			assert.equal(response.statusCode, 200);
			assert(body);
		});


		it('should not allow access if uid or token is missing', async () => {
			await privileges.categories.rescind(['groups:read'], cid, 'guests');
			const [test1, test2] = await Promise.all([
				request.get(`${nconf.get('url')}/category/${cid}.rss?uid=${fooUid}`, { }),
				request.get(`${nconf.get('url')}/category/${cid}.rss?token=sometoken`, { }),
			]);

			assert.equal(test1.response.statusCode, 200);
			assert.equal(test2.response.statusCode, 200);
			assert(test1.body.includes('Login to your account'));
			assert(test2.body.includes('Login to your account'));
		});

		it('should not allow access if token is wrong', async () => {
			const { response, body } = await request.get(`${nconf.get('url')}/category/${cid}.rss?uid=${fooUid}&token=sometoken`);
			assert.equal(response.statusCode, 200);
			assert(body.includes('Login to your account'));
		});

		it('should allow access if token is correct', async () => {
			const { body: body1 } = await request.get(`${nconf.get('url')}/api/category/${cid}`, { jar });
			rssToken = body1.rssFeedUrl.split('token')[1].slice(1);
			const { response, body: body2 } = await request.get(`${nconf.get('url')}/category/${cid}.rss?uid=${fooUid}&token=${rssToken}`);
			assert.equal(response.statusCode, 200);
			assert(body2.startsWith('<?xml version="1.0"'));
		});

		it('should not allow access if token is correct but has no privilege', async () => {
			await privileges.categories.rescind(['groups:read'], cid, 'registered-users');
			const { response, body } = await request.get(`${nconf.get('url')}/category/${cid}.rss?uid=${fooUid}&token=${rssToken}`);
			assert.equal(response.statusCode, 200);
			assert(body.includes('Login to your account'));
		});
	});
});
more feed tests 2017-05-21 19:45:25 -04:00			`'use strict';`

chore: eslint no-var, vars-on-top 2021-02-04 00:06:15 -07:00			`const assert = require('assert');`
			`const nconf = require('nconf');`
more feed tests 2017-05-21 19:45:25 -04:00
chore: eslint no-var, vars-on-top 2021-02-04 00:06:15 -07:00			`const db = require('./mocks/databasemock');`
👋Request, 🐶 Fetch, closes #10341 (#12236) * axios migration * controller tests * add missing deps * feeds * remove unused async * flags * locale-detect * messaging/middleware * remove log * meta * plugins * posts * search * topics/thumbs * user/emails * uploads.js * socket.io * cleaunup * test native fetch * cleanup * increase engine to 18 fix remaining tests * remove testing file * fix comments,typo * revert debug 2023-12-18 12:08:34 -05:00			`const request = require('../src/request');`
chore: eslint no-var, vars-on-top 2021-02-04 00:06:15 -07:00			`const topics = require('../src/topics');`
			`const categories = require('../src/categories');`
			`const user = require('../src/user');`
			`const meta = require('../src/meta');`
			`const privileges = require('../src/privileges');`
			`const helpers = require('./helpers');`
more feed tests 2017-05-21 19:45:25 -04:00
chore: eslint prefer-arrow-callback 2021-02-04 00:01:39 -07:00			`describe('feeds', () => {`
chore: eslint no-var, vars-on-top 2021-02-04 00:06:15 -07:00			`let tid;`
			`let fooUid;`
			`let cid;`
👋Request, 🐶 Fetch, closes #10341 (#12236) * axios migration * controller tests * add missing deps * feeds * remove unused async * flags * locale-detect * messaging/middleware * remove log * meta * plugins * posts * search * topics/thumbs * user/emails * uploads.js * socket.io * cleaunup * test native fetch * cleanup * increase engine to 18 fix remaining tests * remove testing file * fix comments,typo * revert debug 2023-12-18 12:08:34 -05:00			`before(async () => {`
more feed tests 2017-05-21 19:45:25 -04:00			`meta.config['feeds:disableRSS'] = 1;`
👋Request, 🐶 Fetch, closes #10341 (#12236) * axios migration * controller tests * add missing deps * feeds * remove unused async * flags * locale-detect * messaging/middleware * remove log * meta * plugins * posts * search * topics/thumbs * user/emails * uploads.js * socket.io * cleaunup * test native fetch * cleanup * increase engine to 18 fix remaining tests * remove testing file * fix comments,typo * revert debug 2023-12-18 12:08:34 -05:00			`const category = await categories.create({`
			`name: 'Test Category',`
			`description: 'Test category created by testing script',`
more feed tests 2017-05-21 19:45:25 -04:00			`});`
👋Request, 🐶 Fetch, closes #10341 (#12236) * axios migration * controller tests * add missing deps * feeds * remove unused async * flags * locale-detect * messaging/middleware * remove log * meta * plugins * posts * search * topics/thumbs * user/emails * uploads.js * socket.io * cleaunup * test native fetch * cleanup * increase engine to 18 fix remaining tests * remove testing file * fix comments,typo * revert debug 2023-12-18 12:08:34 -05:00			`cid = category.cid;`
			`fooUid = await user.create({ username: 'foo', password: 'barbar', email: 'foo@test.com' });`

			`const result = await topics.post({`
			`cid: cid,`
			`uid: fooUid,`
			`title: 'test topic title',`
			`content: 'test topic content',`
			`});`
			`tid = result.topicData.tid;`
more feed tests 2017-05-21 19:45:25 -04:00			`});`

👋Request, 🐶 Fetch, closes #10341 (#12236) * axios migration * controller tests * add missing deps * feeds * remove unused async * flags * locale-detect * messaging/middleware * remove log * meta * plugins * posts * search * topics/thumbs * user/emails * uploads.js * socket.io * cleaunup * test native fetch * cleanup * increase engine to 18 fix remaining tests * remove testing file * fix comments,typo * revert debug 2023-12-18 12:08:34 -05:00			`it('should 404', async () => {`
chore: eslint no-var, vars-on-top 2021-02-04 00:06:15 -07:00			`const feedUrls = [`
chore: eslint prefer-template 2021-02-03 23:59:08 -07:00			`${nconf.get('url')}/topic/${tid}.rss`,
			`${nconf.get('url')}/category/${cid}.rss`,
			`${nconf.get('url')}/topics.rss`,
			`${nconf.get('url')}/recent.rss`,
			`${nconf.get('url')}/top.rss`,
			`${nconf.get('url')}/popular.rss`,
			`${nconf.get('url')}/popular/day.rss`,
			`${nconf.get('url')}/recentposts.rss`,
			`${nconf.get('url')}/category/${cid}/recentposts.rss`,
			`${nconf.get('url')}/user/foo/topics.rss`,
			`${nconf.get('url')}/tags/nodebb.rss`,
more feed tests 2017-05-21 19:45:25 -04:00			`];`
👋Request, 🐶 Fetch, closes #10341 (#12236) * axios migration * controller tests * add missing deps * feeds * remove unused async * flags * locale-detect * messaging/middleware * remove log * meta * plugins * posts * search * topics/thumbs * user/emails * uploads.js * socket.io * cleaunup * test native fetch * cleanup * increase engine to 18 fix remaining tests * remove testing file * fix comments,typo * revert debug 2023-12-18 12:08:34 -05:00			`for (const url of feedUrls) {`
			`// eslint-disable-next-line no-await-in-loop`
			`const { response } = await request.get(url);`
			`assert.equal(response.statusCode, 404);`
			`}`
			`meta.config['feeds:disableRSS'] = 0;`
more feed tests 2017-05-21 19:45:25 -04:00			`});`

👋Request, 🐶 Fetch, closes #10341 (#12236) * axios migration * controller tests * add missing deps * feeds * remove unused async * flags * locale-detect * messaging/middleware * remove log * meta * plugins * posts * search * topics/thumbs * user/emails * uploads.js * socket.io * cleaunup * test native fetch * cleanup * increase engine to 18 fix remaining tests * remove testing file * fix comments,typo * revert debug 2023-12-18 12:08:34 -05:00			`it('should 404 if topic does not exist', async () => {`
			const { response } = await request.get(`${nconf.get('url')}/topic/${1000}.rss`);
			`assert.equal(response.statusCode, 404);`
more feed tests 2017-05-21 19:45:25 -04:00			`});`

👋Request, 🐶 Fetch, closes #10341 (#12236) * axios migration * controller tests * add missing deps * feeds * remove unused async * flags * locale-detect * messaging/middleware * remove log * meta * plugins * posts * search * topics/thumbs * user/emails * uploads.js * socket.io * cleaunup * test native fetch * cleanup * increase engine to 18 fix remaining tests * remove testing file * fix comments,typo * revert debug 2023-12-18 12:08:34 -05:00			`it('should 404 if category id is not a number', async () => {`
			const { response } = await request.get(`${nconf.get('url')}/category/invalid.rss`);
			`assert.equal(response.statusCode, 404);`
closes #6680 2018-07-31 14:26:12 -04:00			`});`

👋Request, 🐶 Fetch, closes #10341 (#12236) * axios migration * controller tests * add missing deps * feeds * remove unused async * flags * locale-detect * messaging/middleware * remove log * meta * plugins * posts * search * topics/thumbs * user/emails * uploads.js * socket.io * cleaunup * test native fetch * cleanup * increase engine to 18 fix remaining tests * remove testing file * fix comments,typo * revert debug 2023-12-18 12:08:34 -05:00			`it('should redirect if we do not have read privilege', async () => {`
			`await privileges.categories.rescind(['groups:topics:read'], cid, 'guests');`
			const { response, body } = await request.get(`${nconf.get('url')}/topic/${tid}.rss`);
			`assert.equal(response.statusCode, 200);`
			`assert(body);`
			`assert(body.includes('Login to your account'));`
			`await privileges.categories.give(['groups:topics:read'], cid, 'guests');`
more feed tests 2017-05-21 19:45:25 -04:00			`});`

👋Request, 🐶 Fetch, closes #10341 (#12236) * axios migration * controller tests * add missing deps * feeds * remove unused async * flags * locale-detect * messaging/middleware * remove log * meta * plugins * posts * search * topics/thumbs * user/emails * uploads.js * socket.io * cleaunup * test native fetch * cleanup * increase engine to 18 fix remaining tests * remove testing file * fix comments,typo * revert debug 2023-12-18 12:08:34 -05:00			`it('should 404 if user is not found', async () => {`
			const { response } = await request.get(`${nconf.get('url')}/user/doesnotexist/topics.rss`);
			`assert.equal(response.statusCode, 404);`
more feed tests 2017-05-21 19:45:25 -04:00			`});`

👋Request, 🐶 Fetch, closes #10341 (#12236) * axios migration * controller tests * add missing deps * feeds * remove unused async * flags * locale-detect * messaging/middleware * remove log * meta * plugins * posts * search * topics/thumbs * user/emails * uploads.js * socket.io * cleaunup * test native fetch * cleanup * increase engine to 18 fix remaining tests * remove testing file * fix comments,typo * revert debug 2023-12-18 12:08:34 -05:00			`it('should redirect if we do not have read privilege', async () => {`
			`await privileges.categories.rescind(['groups:read'], cid, 'guests');`
			const { response, body } = await request.get(`${nconf.get('url')}/category/${cid}.rss`);
			`assert.equal(response.statusCode, 200);`
			`assert(body);`
			`assert(body.includes('Login to your account'));`
			`await privileges.categories.give(['groups:read'], cid, 'guests');`
more feed tests 2017-05-21 19:45:25 -04:00			`});`
closes #5740 added token to topic page as well check privilege even if token is provided tests 2017-06-22 12:44:37 -04:00
chore: eslint prefer-arrow-callback 2021-02-04 00:01:39 -07:00			`describe('private feeds and tokens', () => {`
chore: eslint no-var, vars-on-top 2021-02-04 00:06:15 -07:00			`let jar;`
			`let rssToken;`
breaking: remove socket.io/flags.js refactor: helpers.loginUser returns a single object {jar, csrf_token} 2021-11-22 19:23:51 -05:00			`before(async () => {`
			`({ jar } = await helpers.loginUser('foo', 'barbar'));`
closes #5740 added token to topic page as well check privilege even if token is provided tests 2017-06-22 12:44:37 -04:00			`});`

👋Request, 🐶 Fetch, closes #10341 (#12236) * axios migration * controller tests * add missing deps * feeds * remove unused async * flags * locale-detect * messaging/middleware * remove log * meta * plugins * posts * search * topics/thumbs * user/emails * uploads.js * socket.io * cleaunup * test native fetch * cleanup * increase engine to 18 fix remaining tests * remove testing file * fix comments,typo * revert debug 2023-12-18 12:08:34 -05:00			`it('should load feed if its not private', async () => {`
			const { response, body } = await request.get(`${nconf.get('url')}/category/${cid}.rss`);
			`assert.equal(response.statusCode, 200);`
			`assert(body);`
closes #5740 added token to topic page as well check privilege even if token is provided tests 2017-06-22 12:44:37 -04:00			`});`


👋Request, 🐶 Fetch, closes #10341 (#12236) * axios migration * controller tests * add missing deps * feeds * remove unused async * flags * locale-detect * messaging/middleware * remove log * meta * plugins * posts * search * topics/thumbs * user/emails * uploads.js * socket.io * cleaunup * test native fetch * cleanup * increase engine to 18 fix remaining tests * remove testing file * fix comments,typo * revert debug 2023-12-18 12:08:34 -05:00			`it('should not allow access if uid or token is missing', async () => {`
			`await privileges.categories.rescind(['groups:read'], cid, 'guests');`
			`const [test1, test2] = await Promise.all([`
			request.get(`${nconf.get('url')}/category/${cid}.rss?uid=${fooUid}`, { }),
			request.get(`${nconf.get('url')}/category/${cid}.rss?token=sometoken`, { }),
			`]);`

			`assert.equal(test1.response.statusCode, 200);`
			`assert.equal(test2.response.statusCode, 200);`
			`assert(test1.body.includes('Login to your account'));`
			`assert(test2.body.includes('Login to your account'));`
closes #5740 added token to topic page as well check privilege even if token is provided tests 2017-06-22 12:44:37 -04:00			`});`

👋Request, 🐶 Fetch, closes #10341 (#12236) * axios migration * controller tests * add missing deps * feeds * remove unused async * flags * locale-detect * messaging/middleware * remove log * meta * plugins * posts * search * topics/thumbs * user/emails * uploads.js * socket.io * cleaunup * test native fetch * cleanup * increase engine to 18 fix remaining tests * remove testing file * fix comments,typo * revert debug 2023-12-18 12:08:34 -05:00			`it('should not allow access if token is wrong', async () => {`
			const { response, body } = await request.get(`${nconf.get('url')}/category/${cid}.rss?uid=${fooUid}&token=sometoken`);
			`assert.equal(response.statusCode, 200);`
			`assert(body.includes('Login to your account'));`
closes #5740 added token to topic page as well check privilege even if token is provided tests 2017-06-22 12:44:37 -04:00			`});`

👋Request, 🐶 Fetch, closes #10341 (#12236) * axios migration * controller tests * add missing deps * feeds * remove unused async * flags * locale-detect * messaging/middleware * remove log * meta * plugins * posts * search * topics/thumbs * user/emails * uploads.js * socket.io * cleaunup * test native fetch * cleanup * increase engine to 18 fix remaining tests * remove testing file * fix comments,typo * revert debug 2023-12-18 12:08:34 -05:00			`it('should allow access if token is correct', async () => {`
			const { body: body1 } = await request.get(`${nconf.get('url')}/api/category/${cid}`, { jar });
			`rssToken = body1.rssFeedUrl.split('token')[1].slice(1);`
			const { response, body: body2 } = await request.get(`${nconf.get('url')}/category/${cid}.rss?uid=${fooUid}&token=${rssToken}`);
			`assert.equal(response.statusCode, 200);`
			`assert(body2.startsWith('<?xml version="1.0"'));`
closes #5740 added token to topic page as well check privilege even if token is provided tests 2017-06-22 12:44:37 -04:00			`});`

👋Request, 🐶 Fetch, closes #10341 (#12236) * axios migration * controller tests * add missing deps * feeds * remove unused async * flags * locale-detect * messaging/middleware * remove log * meta * plugins * posts * search * topics/thumbs * user/emails * uploads.js * socket.io * cleaunup * test native fetch * cleanup * increase engine to 18 fix remaining tests * remove testing file * fix comments,typo * revert debug 2023-12-18 12:08:34 -05:00			`it('should not allow access if token is correct but has no privilege', async () => {`
			`await privileges.categories.rescind(['groups:read'], cid, 'registered-users');`
			const { response, body } = await request.get(`${nconf.get('url')}/category/${cid}.rss?uid=${fooUid}&token=${rssToken}`);
			`assert.equal(response.statusCode, 200);`
			`assert(body.includes('Login to your account'));`
closes #5740 added token to topic page as well check privilege even if token is provided tests 2017-06-22 12:44:37 -04:00			`});`
			`});`
more feed tests 2017-05-21 19:45:25 -04:00			`});`