Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-10-26 08:36:12 +01:00
Code Issues Packages Projects Releases Wiki Activity

breaking: remove socket.io/flags.js

Browse Source 
refactor: helpers.loginUser returns a single object {jar, csrf_token}
This commit is contained in:
Barış Soner Uşaklı
2021-11-22 19:23:51 -05:00
parent f0d192fbfd
commit c5f08fdc81
16 changed files with 175 additions and 300 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/routes/write/flags.js
View File

@@ -11,7 +11,6 @@ module.exports = function () {
const middlewares = [middleware.ensureLoggedIn];
setupApiRoute(router, 'post', '/', [...middlewares], controllers.write.flags.create);
// setupApiRoute(router, 'delete', ...); // does not exist
setupApiRoute(router, 'get', '/:flagId', [...middlewares, middleware.assert.flag], controllers.write.flags.get);
setupApiRoute(router, 'put', '/:flagId', [...middlewares, middleware.assert.flag], controllers.write.flags.update);

52
src/socket.io/flags.js
View File

@@ -1,52 +0,0 @@
'use strict';
const sockets = require('.');
const api = require('../api');
const SocketFlags = module.exports;
SocketFlags.create = async function (socket, data) {
sockets.warnDeprecated(socket, 'POST /api/v3/flags');
const response = await api.flags.create(socket, data);
if (response) {
return response.flagId;
}
};
SocketFlags.update = async function (socket, data) {
sockets.warnDeprecated(socket, 'PUT /api/v3/flags/:flagId');
if (!data || !(data.flagId && data.data)) { // check only req'd in socket.io
throw new Error('[[error:invalid-data]]');
}
// Old socket method took input directly from .serializeArray(), v3 expects fully-formed obj.
let payload = {
flagId: data.flagId,
};
payload = data.data.reduce((memo, cur) => {
memo[cur.name] = cur.value;
return memo;
}, payload);
return await api.flags.update(socket, payload);
};
SocketFlags.appendNote = async function (socket, data) {
sockets.warnDeprecated(socket, 'POST /api/v3/flags/:flagId/notes');
if (!data || !(data.flagId && data.note)) {
throw new Error('[[error:invalid-data]]');
}
return await api.flags.appendNote(socket, data);
};
SocketFlags.deleteNote = async function (socket, data) {
sockets.warnDeprecated(socket, 'DELETE /api/v3/flags/:flagId/notes/:datetime');
if (!data || !(data.flagId && data.datetime)) {
throw new Error('[[error:invalid-data]]');
}
return await api.flags.deleteNote(socket, data);
};
require('../promisify')(SocketFlags);

7
src/socket.io/index.js
View File

@@ -171,9 +171,10 @@ async function onMessage(socket, payload) {
}
function requireModules() {
const modules = ['admin', 'categories', 'groups', 'meta', 'modules',
'notifications', 'plugins', 'posts', 'topics', 'user', 'blacklist',
'flags', 'uploads',
const modules = [
'admin', 'categories', 'groups', 'meta', 'modules',
'notifications', 'plugins', 'posts', 'topics', 'user',
'blacklist', 'uploads',
];
modules.forEach((module) => {

4
test/api.js
View File

@@ -208,7 +208,7 @@ describe('API', async () => {
});
// All tests run as admin user
jar = await helpers.loginUser('admin', '123456');
({ jar } = await helpers.loginUser('admin', '123456'));
// Retrieve CSRF token using cookie, to test Write API
const config = await request({
@@ -457,7 +457,7 @@ describe('API', async () => {
it('should successfully re-login if needed', async () => {
const reloginPaths = ['PUT /users/{uid}/password', 'DELETE /users/{uid}/sessions/{uuid}'];
if (reloginPaths.includes(`${method.toUpperCase()} ${path}`)) {
jar = await helpers.loginUser('admin', '123456');
({ jar } = await helpers.loginUser('admin', '123456'));
const sessionUUIDs = await db.getObject('uid:1:sessionUUID:sessionId');
mocks.delete['/users/{uid}/sessions/{uuid}'][1].example = Object.keys(sessionUUIDs).pop();

6
test/authentication.js
View File

@@ -187,14 +187,12 @@ describe('authentication', () => {
});
it('should regenerate the session identifier on successful login', async () => {
const login = util.promisify(helpers.loginUser);
const logout = util.promisify(helpers.logoutUser);
const matchRegexp = /express\.sid=s%3A(.+?);/;
const { hostname, path } = url.parse(nconf.get('url'));
const sid = String(jar._jar.store.idx[hostname][path]['express.sid']).match(matchRegexp)[1];
await logout(jar);
const newJar = await login('regular', 'regularpwd');
await helpers.logoutUser(jar);
const newJar = (await helpers.loginUser('regular', 'regularpwd')).jar;
const newSid = String(newJar._jar.store.idx[hostname][path]['express.sid']).match(matchRegexp)[1];
assert.notStrictEqual(newSid, sid);

105
test/controllers-admin.js
View File

@@ -36,7 +36,7 @@ describe('Admin Controllers', () => {
user.create({ username: 'admin', password: 'barbar' }, next);
},
regularUid: function (next) {
user.create({ username: 'regular' }, next);
user.create({ username: 'regular', password: 'regularpwd' }, next);
},
regular2Uid: function (next) {
user.create({ username: 'regular2' }, next);
@@ -66,9 +66,9 @@ describe('Admin Controllers', () => {
});
it('should 403 if user is not admin', (done) => {
helpers.loginUser('admin', 'barbar', (err, _jar) => {
helpers.loginUser('admin', 'barbar', (err, data) => {
assert.ifError(err);
jar = _jar;
jar = data.jar;
request(`${nconf.get('url')}/admin`, { jar: jar }, (err, res, body) => {
assert.ifError(err);
assert.equal(res.statusCode, 403);
@@ -602,14 +602,11 @@ describe('Admin Controllers', () => {
describe('mods page', () => {
let moderatorJar;
before((done) => {
helpers.loginUser('moderator', 'modmod', (err, _jar) => {
assert.ifError(err);
moderatorJar = _jar;
groups.join(`cid:${cid}:privileges:moderate`, moderatorUid, done);
});
let regularJar;
before(async () => {
moderatorJar = (await helpers.loginUser('moderator', 'modmod')).jar;
regularJar = (await helpers.loginUser('regular', 'regularpwd')).jar;
await groups.join(`cid:${cid}:privileges:moderate`, moderatorUid);
});
it('should error with no privileges', (done) => {
@@ -652,42 +649,69 @@ describe('Admin Controllers', () => {
});
it('should error when you attempt to flag a privileged user\'s post', async () => {
const socketFlags = require('../src/socket.io/flags');
const oldValue = meta.config['min:rep:flag'];
try {
await socketFlags.create({ uid: regularUid }, { id: pid, type: 'post', reason: 'spam' });
} catch (err) {
assert.strictEqual(err.message, '[[error:cant-flag-privileged]]');
}
const { res, body } = await helpers.request('post', '/api/v3/flags', {
json: true,
jar: regularJar,
form: {
id: pid,
type: 'post',
reason: 'spam',
},
});
assert.strictEqual(res.statusCode, 400);
assert.strictEqual(body.status.code, 'bad-request');
assert.strictEqual(body.status.message, 'You are not allowed to flag the profiles or content of privileged users (moderators/global moderators/admins)');
});
it('should error with not enough reputation to flag', (done) => {
const socketFlags = require('../src/socket.io/flags');
it('should error with not enough reputation to flag', async () => {
const oldValue = meta.config['min:rep:flag'];
meta.config['min:rep:flag'] = 1000;
socketFlags.create({ uid: regularUid }, { id: regularPid, type: 'post', reason: 'spam' }, (err) => {
assert.strictEqual(err.message, '[[error:not-enough-reputation-to-flag]]');
meta.config['min:rep:flag'] = oldValue;
done();
const { res, body } = await helpers.request('post', '/api/v3/flags', {
json: true,
jar: regularJar,
form: {
id: regularPid,
type: 'post',
reason: 'spam',
},
});
assert.strictEqual(res.statusCode, 400);
assert.strictEqual(body.status.code, 'bad-request');
assert.strictEqual(body.status.message, 'You do not have enough reputation to flag this post');
meta.config['min:rep:flag'] = oldValue;
});
it('should return flag details', (done) => {
const socketFlags = require('../src/socket.io/flags');
it('should return flag details', async () => {
const oldValue = meta.config['min:rep:flag'];
meta.config['min:rep:flag'] = 0;
socketFlags.create({ uid: regularUid }, { id: regularPid, type: 'post', reason: 'spam' }, (err, flagId) => {
const result = await helpers.request('post', '/api/v3/flags', {
json: true,
jar: regularJar,
form: {
id: regularPid,
type: 'post',
reason: 'spam',
},
});
meta.config['min:rep:flag'] = oldValue;
assert.ifError(err);
request(`${nconf.get('url')}/api/flags/${flagId}`, { jar: moderatorJar, json: true }, (err, res, body) => {
assert.ifError(err);
assert(body);
const flagsResult = await helpers.request('get', `/api/flags`, {
json: true,
jar: moderatorJar,
});
assert(flagsResult.body);
assert(Array.isArray(flagsResult.body.flags));
const { flagId } = flagsResult.body.flags[0];
const { body } = await helpers.request('get', `/api/flags/${flagId}`, {
json: true,
jar: moderatorJar,
});
assert(body.reports);
assert(Array.isArray(body.reports));
assert.strictEqual(body.reports[0].reporter.username, 'regular');
done();
});
});
});
});
@@ -724,16 +748,9 @@ describe('Admin Controllers', () => {
let userJar;
let uid;
const privileges = require('../src/privileges');
before((done) => {
user.create({ username: 'regularjoe', password: 'barbar' }, (err, _uid) => {
assert.ifError(err);
uid = _uid;
helpers.loginUser('regularjoe', 'barbar', (err, _jar) => {
assert.ifError(err);
userJar = _jar;
done();
});
});
before(async () => {
uid = await user.create({ username: 'regularjoe', password: 'barbar' });
userJar = (await helpers.loginUser('regularjoe', 'barbar')).jar;
});
it('should allow normal user access to admin pages', async function () {

73
test/controllers.js
View File

@@ -853,17 +853,11 @@ describe('Controllers', () => {
let jar;
let csrf_token;
before((done) => {
user.create({ username: 'revokeme', password: 'barbar' }, (err, _uid) => {
assert.ifError(err);
uid = _uid;
helpers.loginUser('revokeme', 'barbar', (err, _jar, _csrf_token) => {
assert.ifError(err);
jar = _jar;
csrf_token = _csrf_token;
done();
});
});
before(async () => {
uid = await user.create({ username: 'revokeme', password: 'barbar' });
const login = await helpers.loginUser('revokeme', 'barbar');
jar = login.jar;
csrf_token = login.csrf_token;
});
it('should fail to revoke session with missing uuid', (done) => {
@@ -1081,12 +1075,8 @@ describe('Controllers', () => {
describe('account pages', () => {
let jar;
before((done) => {
helpers.loginUser('foo', 'barbar', (err, _jar) => {
assert.ifError(err);
jar = _jar;
done();
});
before(async () => {
({ jar } = await helpers.loginUser('foo', 'barbar'));
});
it('should redirect to account page with logged in user', (done) => {
@@ -1449,8 +1439,9 @@ describe('Controllers', () => {
it('should return false if user can not edit user', (done) => {
user.create({ username: 'regularJoe', password: 'barbar' }, (err) => {
assert.ifError(err);
helpers.loginUser('regularJoe', 'barbar', (err, jar) => {
helpers.loginUser('regularJoe', 'barbar', (err, data) => {
assert.ifError(err);
const { jar } = data;
request(`${nconf.get('url')}/api/user/foo/info`, { jar: jar, json: true }, (err, res) => {
assert.ifError(err);
assert.equal(res.statusCode, 403);
@@ -1518,8 +1509,9 @@ describe('Controllers', () => {
});
it('should increase profile view', (done) => {
helpers.loginUser('regularJoe', 'barbar', (err, jar) => {
helpers.loginUser('regularJoe', 'barbar', (err, data) => {
assert.ifError(err);
const { jar } = data;
request(`${nconf.get('url')}/api/user/foo`, { jar: jar }, (err, res) => {
assert.ifError(err);
assert.equal(res.statusCode, 200);
@@ -1706,12 +1698,8 @@ describe('Controllers', () => {
describe('post redirect', () => {
let jar;
before((done) => {
helpers.loginUser('foo', 'barbar', (err, _jar) => {
assert.ifError(err);
jar = _jar;
done();
});
before(async () => {
({ jar } = await helpers.loginUser('foo', 'barbar'));
});
it('should 404 for invalid pid', (done) => {
@@ -1966,12 +1954,8 @@ describe('Controllers', () => {
describe('category', () => {
let jar;
before((done) => {
helpers.loginUser('foo', 'barbar', (err, _jar) => {
assert.ifError(err);
jar = _jar;
done();
});
before(async () => {
({ jar } = await helpers.loginUser('foo', 'barbar'));
});
it('should return 404 if cid is not a number', (done) => {
@@ -2238,12 +2222,8 @@ describe('Controllers', () => {
describe('unread', () => {
let jar;
before((done) => {
helpers.loginUser('foo', 'barbar', (err, _jar) => {
assert.ifError(err);
jar = _jar;
done();
});
before(async () => {
({ jar } = await helpers.loginUser('foo', 'barbar'));
});
it('should load unread page', (done) => {
@@ -2305,21 +2285,10 @@ describe('Controllers', () => {
let csrf_token;
let jar;
before((done) => {
helpers.loginUser('foo', 'barbar', (err, _jar) => {
assert.ifError(err);
jar = _jar;
request({
url: `${nconf.get('url')}/api/config`,
json: true,
jar: jar,
}, (err, response, body) => {
assert.ifError(err);
csrf_token = body.csrf_token;
done();
});
});
before(async () => {
const login = await helpers.loginUser('foo', 'barbar');
jar = login.jar;
csrf_token = login.csrf_token;
});
it('should load the composer route', (done) => {

8
test/feeds.js
View File

@@ -127,12 +127,8 @@ describe('feeds', () => {
describe('private feeds and tokens', () => {
let jar;
let rssToken;
before((done) => {
helpers.loginUser('foo', 'barbar', (err, _jar) => {
assert.ifError(err);
jar = _jar;
done();
});
before(async () => {
({ jar } = await helpers.loginUser('foo', 'barbar'));
});
it('should load feed if its not private', (done) => {

57
test/flags.js
View File

@@ -451,20 +451,20 @@ describe('Flags', () => {
});
it('should rescind notification if flag is resolved', async () => {
const SocketFlags = require('../src/socket.io/flags');
const flagsAPI = require('../src/api/flags');
const result = await Topics.post({
cid: category.cid,
uid: uid3,
title: 'Topic to flag',
content: 'This is flaggable content',
});
const flagId = await SocketFlags.create({ uid: uid1 }, { type: 'post', id: result.postData.pid, reason: 'spam' });
const flagObj = await flagsAPI.create({ uid: uid1 }, { type: 'post', id: result.postData.pid, reason: 'spam' });
await sleep(2000);
let userNotifs = await User.notifications.getAll(adminUid);
assert(userNotifs.includes(`flag:post:${result.postData.pid}`));
await Flags.update(flagId, adminUid, {
await Flags.update(flagObj.flagId, adminUid, {
state: 'resolved',
});
@@ -554,34 +554,22 @@ describe('Flags', () => {
});
});
it('should not error if user blocked target', (done) => {
const SocketFlags = require('../src/socket.io/flags');
let reporterUid;
let reporteeUid;
async.waterfall([
function (next) {
User.create({ username: 'reporter' }, next);
},
function (uid, next) {
reporterUid = uid;
User.create({ username: 'reportee' }, next);
},
function (uid, next) {
reporteeUid = uid;
User.blocks.add(reporteeUid, reporterUid, next);
},
function (next) {
Topics.post({
it('should not error if user blocked target', async () => {
const apiFlags = require('../src/api/flags');
const reporterUid = await User.create({ username: 'reporter' });
const reporteeUid = await User.create({ username: 'reportee' });
await User.blocks.add(reporteeUid, reporterUid);
const data = await Topics.post({
cid: 1,
uid: reporteeUid,
title: 'Another topic',
content: 'This is flaggable content',
}, next);
},
function (data, next) {
SocketFlags.create({ uid: reporterUid }, { type: 'post', id: data.postData.pid, reason: 'spam' }, next);
},
], done);
});
await apiFlags.create({ uid: reporterUid }, {
type: 'post',
id: data.postData.pid,
reason: 'spam',
});
});
it('should send back error if reporter does not exist', (done) => {
@@ -704,20 +692,14 @@ describe('Flags', () => {
});
describe('(v3 API)', () => {
const SocketFlags = require('../src/socket.io/flags');
let pid;
let tid;
let jar;
let csrfToken;
before(async () => {
const login = util.promisify(helpers.loginUser);
jar = await login('testUser2', 'abcdef');
const config = await request({
url: `${nconf.get('url')}/api/config`,
json: true,
jar: jar,
});
csrfToken = config.csrf_token;
const login = await helpers.loginUser('testUser2', 'abcdef');
jar = login.jar;
csrfToken = login.csrf_token;
const result = await Topics.post({
cid: 1,
@@ -787,7 +769,8 @@ describe('Flags', () => {
title: 'private topic',
content: 'private post',
});
const jar3 = await util.promisify(helpers.loginUser)('unprivileged', 'abcdef');
const login = await helpers.loginUser('unprivileged', 'abcdef');
const jar3 = login.jar;
const config = await request({
url: `${nconf.get('url')}/api/config`,
json: true,

14
test/helpers/index.js
View File

@@ -20,6 +20,18 @@ helpers.getCsrfToken = async (jar) => {
return token;
};
helpers.request = async function (method, uri, options) {
const csrf_token = await helpers.getCsrfToken(options.jar);
return new Promise((resolve, reject) => {
options.headers = options.headers || {};
options.headers['x-csrf-token'] = csrf_token;
request[method](`${nconf.get('url')}${uri}`, options, (err, res, body) => {
if (err) reject(err);
else resolve({ res, body });
});
});
};
helpers.loginUser = function (username, password, callback) {
const jar = request.jar();
@@ -46,7 +58,7 @@ helpers.loginUser = function (username, password, callback) {
if (err || res.statusCode !== 200) {
return callback(err || new Error('[[error:invalid-response]]'));
}
callback(null, jar, body.csrf_token);
callback(null, { jar, csrf_token: body.csrf_token });
});
});
};

12
test/messaging.js
View File

@@ -793,12 +793,8 @@ describe('Messaging Library', () => {
describe('logged in chat controller', () => {
let jar;
before((done) => {
helpers.loginUser('herp', 'derpderp', (err, _jar) => {
assert.ifError(err);
jar = _jar;
done();
});
before(async () => {
({ jar } = await helpers.loginUser('herp', 'derpderp'));
});
it('should return chats page data', (done) => {
@@ -833,9 +829,9 @@ describe('Messaging Library', () => {
});
it('should return 404 if user is not in room', (done) => {
helpers.loginUser('baz', 'quuxquux', (err, jar) => {
helpers.loginUser('baz', 'quuxquux', (err, data) => {
assert.ifError(err);
request(`${nconf.get('url')}/api/user/baz/chats/${roomId}`, { json: true, jar: jar }, (err, response) => {
request(`${nconf.get('url')}/api/user/baz/chats/${roomId}`, { json: true, jar: data.jar }, (err, response) => {
assert.ifError(err);
assert.equal(response.statusCode, 404);
done();

10
test/posts.js
View File

@@ -390,11 +390,9 @@ describe('Post\'s', () => {
privileges.categories.rescind(['groups:posts:view_deleted'], cid, 'Global Moderators', next);
},
function (next) {
helpers.loginUser('global mod', '123456', (err, _jar) => {
helpers.loginUser('global mod', '123456', (err, data) => {
assert.ifError(err);
const jar = _jar;
request(`${nconf.get('url')}/api/topic/${tid}`, { jar: jar, json: true }, (err, res, body) => {
request(`${nconf.get('url')}/api/topic/${tid}`, { jar: data.jar, json: true }, (err, res, body) => {
assert.ifError(err);
assert.equal(body.posts[1].content, '[[topic:post_is_deleted]]');
privileges.categories.give(['groups:posts:view_deleted'], cid, 'Global Moderators', next);
@@ -1050,8 +1048,8 @@ describe('Post\'s', () => {
});
it('should load queued posts', (done) => {
helpers.loginUser('globalmod', 'globalmodpwd', (err, _jar) => {
jar = _jar;
helpers.loginUser('globalmod', 'globalmodpwd', (err, data) => {
jar = data.jar;
assert.ifError(err);
request(`${nconf.get('url')}/api/post-queue`, { jar: jar, json: true }, (err, res, body) => {
assert.ifError(err);

5
test/topics.js
View File

@@ -38,8 +38,9 @@ describe('Topic\'s', () => {
adminUid = await User.create({ username: 'admin', password: '123456' });
fooUid = await User.create({ username: 'foo' });
await groups.join('administrators', adminUid);
adminJar = await helpers.loginUser('admin', '123456');
csrf_token = (await requestType('get', `${nconf.get('url')}/api/config`, { json: true, jar: adminJar })).body.csrf_token;
const adminLogin = await helpers.loginUser('admin', '123456');
adminJar = adminLogin.jar;
csrf_token = adminLogin.csrf_token;
categoryObj = await categories.create({
name: 'Test Category',

24
test/topics/thumbs.js
View File

@@ -47,24 +47,12 @@ describe('Topic thumbs', () => {
adminUid = await user.create({ username: 'admin', password: '123456' });
fooUid = await user.create({ username: 'foo', password: '123456' });
await groups.join('administrators', adminUid);
({ adminJar, adminCSRF } = await new Promise((resolve, reject) => {
helpers.loginUser('admin', '123456', (err, adminJar, adminCSRF) => {
if (err) {
return reject(err);
}
resolve({ adminJar, adminCSRF });
});
}));
({ fooJar, fooCSRF } = await new Promise((resolve, reject) => {
helpers.loginUser('foo', '123456', (err, fooJar, fooCSRF) => {
if (err) {
return reject(err);
}
resolve({ fooJar, fooCSRF });
});
}));
const adminLogin = await helpers.loginUser('admin', '123456');
adminJar = adminLogin.jar;
adminCSRF = adminLogin.csrf_token;
const fooLogin = await helpers.loginUser('foo', '123456');
fooJar = fooLogin.jar;
fooCSRF = fooLogin.csrf_token;
categoryObj = await categories.create({
name: 'Test Category',

49
test/uploads.js
View File

@@ -68,13 +68,9 @@ describe('Upload Controllers', () => {
let jar;
let csrf_token;
before((done) => {
helpers.loginUser('malicioususer', 'herpderp', (err, _jar, _csrf_token) => {
assert.ifError(err);
jar = _jar;
csrf_token = _csrf_token;
privileges.global.give(['groups:upload:post:file'], 'registered-users', done);
});
before(async () => {
({ jar, csrf_token } = await helpers.loginUser('malicioususer', 'herpderp'));
await privileges.global.give(['groups:upload:post:file'], 'registered-users');
});
it('should fail if the user exceeds the upload rate limit threshold', (done) => {
@@ -110,14 +106,10 @@ describe('Upload Controllers', () => {
let jar;
let csrf_token;
before((done) => {
before(async () => {
meta.config.uploadRateLimitThreshold = 1000;
helpers.loginUser('regular', 'zugzug', (err, _jar, _csrf_token) => {
assert.ifError(err);
jar = _jar;
csrf_token = _csrf_token;
privileges.global.give(['groups:upload:post:file'], 'registered-users', done);
});
({ jar, csrf_token } = await helpers.loginUser('regular', 'zugzug'));
await privileges.global.give(['groups:upload:post:file'], 'registered-users');
});
it('should upload an image to a post', (done) => {
@@ -286,7 +278,6 @@ describe('Upload Controllers', () => {
});
it('should delete users uploads if account is deleted', (done) => {
let jar;
let uid;
let url;
const file = require('../src/file');
@@ -299,8 +290,8 @@ describe('Upload Controllers', () => {
uid = _uid;
helpers.loginUser('uploader', 'barbar', next);
},
function (jar, csrf_token, next) {
helpers.uploadFile(`${nconf.get('url')}/api/post/upload`, path.join(__dirname, '../test/files/test.png'), {}, jar, csrf_token, next);
function (data, next) {
helpers.uploadFile(`${nconf.get('url')}/api/post/upload`, path.join(__dirname, '../test/files/test.png'), {}, data.jar, data.csrf_token, next);
},
function (res, body, next) {
assert(body && body.status && body.response && body.response.images);
@@ -328,25 +319,11 @@ describe('Upload Controllers', () => {
let regularJar;
let regular_csrf_token;
before((done) => {
async.parallel([
function (next) {
helpers.loginUser('admin', 'barbar', (err, _jar, _csrf_token) => {
assert.ifError(err);
jar = _jar;
csrf_token = _csrf_token;
next();
});
},
function (next) {
helpers.loginUser('regular', 'zugzug', (err, _jar, _csrf_token) => {
assert.ifError(err);
regularJar = _jar;
regular_csrf_token = _csrf_token;
next();
});
},
], done);
before(async () => {
({ jar, csrf_token} = await helpers.loginUser('admin', 'barbar'));
const regularLogin = await helpers.loginUser('regular', 'zugzug');
regularJar = regularLogin.jar;
regular_csrf_token = regularLogin.csrf_token;
});
it('should upload site logo', (done) => {

34
test/user.js
View File

@@ -820,8 +820,7 @@ describe('User', () => {
await User.email.confirmByUid(uid);
const _jar = await helpers.loginUser('updateprofile', '123456');
jar = _jar;
({ jar } = await helpers.loginUser('updateprofile', '123456'));
});
it('should return error if data is invalid', (done) => {
@@ -1948,9 +1947,9 @@ describe('User', () => {
gdpr_consent: true,
}, (err) => {
assert.ifError(err);
helpers.loginUser('admin', '123456', (err, jar) => {
helpers.loginUser('admin', '123456', (err, data) => {
assert.ifError(err);
request(`${nconf.get('url')}/api/admin/manage/registration`, { jar: jar, json: true }, (err, res, body) => {
request(`${nconf.get('url')}/api/admin/manage/registration`, { jar: data.jar, json: true }, (err, res, body) => {
assert.ifError(err);
assert.equal(body.users[0].username, 'rejectme');
assert.equal(body.users[0].email, '<script>alert("ok")<script>reject@me.com');
@@ -2080,9 +2079,9 @@ describe('User', () => {
let jar;
before((done) => {
helpers.loginUser('notAnInviter', COMMON_PW, (err, _jar) => {
helpers.loginUser('notAnInviter', COMMON_PW, (err, data) => {
assert.ifError(err);
jar = _jar;
jar = data.jar;
request({
url: `${nconf.get('url')}/api/config`,
@@ -2116,9 +2115,9 @@ describe('User', () => {
let jar;
before((done) => {
helpers.loginUser('inviter', COMMON_PW, (err, _jar) => {
helpers.loginUser('inviter', COMMON_PW, (err, data) => {
assert.ifError(err);
jar = _jar;
jar = data.jar;
request({
url: `${nconf.get('url')}/api/config`,
@@ -2218,9 +2217,9 @@ describe('User', () => {
let jar;
before((done) => {
helpers.loginUser('adminInvite', COMMON_PW, (err, _jar) => {
helpers.loginUser('adminInvite', COMMON_PW, (err, data) => {
assert.ifError(err);
jar = _jar;
jar = data.jar;
request({
url: `${nconf.get('url')}/api/config`,
@@ -2369,9 +2368,9 @@ describe('User', () => {
let jar;
before((done) => {
helpers.loginUser('inviter', COMMON_PW, (err, _jar) => {
helpers.loginUser('inviter', COMMON_PW, (err, data) => {
assert.ifError(err);
jar = _jar;
jar = data.jar;
request({
url: `${nconf.get('url')}/api/config`,
@@ -2518,14 +2517,7 @@ describe('User', () => {
username: 'regularUser',
password: COMMON_PW,
});
jar = await new Promise((resolve, reject) => {
helpers.loginUser('regularUser', COMMON_PW, async (err, _jar) => {
if (err) {
reject(err);
}
resolve(_jar);
});
});
({ jar } = await helpers.loginUser('regularUser', COMMON_PW));
});
after((done) => {
@@ -2818,7 +2810,7 @@ describe('User', () => {
assert.ifError(err);
const oldValue = meta.config.minimumPasswordStrength;
meta.config.minimumPasswordStrength = 3;
helpers.loginUser('weakpwd', '123456', (err, jar, csrfs_token) => {
helpers.loginUser('weakpwd', '123456', (err) => {
assert.ifError(err);
meta.config.minimumPasswordStrength = oldValue;
done();