Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-10-31 19:15:58 +01:00
Code Issues Packages Projects Releases Wiki Activity

test: additional tests for #12034

Browse Source
This commit is contained in:
Julian Lam
2023-09-26 13:37:43 -04:00
parent bdc221eb37
commit d7e9f32412
2 changed files with 69 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/middleware/user.js
View File

@@ -289,17 +289,20 @@ module.exports = function (middleware) {
} }
let cid; let cid;
let privilege;
if (req.params.hasOwnProperty('category_id')) { if (req.params.hasOwnProperty('category_id')) {
cid = req.params.category_id; cid = req.params.category_id;
privilege = 'read';
} else if (req.params.hasOwnProperty('topic_id')) { } else if (req.params.hasOwnProperty('topic_id')) {
cid = await topics.getTopicField(req.params.topic_id, 'cid'); cid = await topics.getTopicField(req.params.topic_id, 'cid');
privilege = 'topics:read';
} else { } else {
return false; // not a category or topic url, no check required return false; // not a category or topic url, no check required
} }
const [registeredAllowed, verifiedAllowed] = await Promise.all([ const [registeredAllowed, verifiedAllowed] = await Promise.all([
privilegeHelpers.isAllowedTo(['read'], 'registered-users', cid), privilegeHelpers.isAllowedTo([privilege], 'registered-users', cid),
privilegeHelpers.isAllowedTo(['read'], 'verified-users', cid), privilegeHelpers.isAllowedTo([privilege], 'verified-users', cid),
]); ]);
return !registeredAllowed.pop() && verifiedAllowed.pop(); return !registeredAllowed.pop() && verifiedAllowed.pop();

66
test/controllers.js
View File

@@ -21,6 +21,7 @@ const translator = require('../src/translator');
const privileges = require('../src/privileges'); const privileges = require('../src/privileges');
const plugins = require('../src/plugins'); const plugins = require('../src/plugins');
const utils = require('../src/utils'); const utils = require('../src/utils');
const slugify = require('../src/slugify');
const helpers = require('./helpers'); const helpers = require('./helpers');
const sleep = util.promisify(setTimeout); const sleep = util.promisify(setTimeout);
@@ -571,15 +572,27 @@ describe('Controllers', () => {
describe('blocking access for unconfirmed emails', () => { describe('blocking access for unconfirmed emails', () => {
let jar; let jar;
let token; let token;
const username = utils.generateUUID().slice(0, 10);
before(async () => { before(async () => {
jar = await helpers.registerUser({ jar = await helpers.registerUser({
username: utils.generateUUID().slice(0, 10), username,
password: utils.generateUUID(), password: utils.generateUUID(),
}); });
token = await helpers.getCsrfToken(jar); token = await helpers.getCsrfToken(jar);
}); });
async function abortInterstitial() {
await requestAsync(`${nconf.get('url')}/register/abort`, {
method: 'post',
jar,
simple: false,
headers: {
'x-csrf-token': token,
},
});
}
it('should not apply if requireEmailAddress is not enabled', async () => { it('should not apply if requireEmailAddress is not enabled', async () => {
meta.config.requireEmailAddress = 0; meta.config.requireEmailAddress = 0;
@@ -600,11 +613,12 @@ describe('Controllers', () => {
}, },
}); });
console.log(res.headers.location);
assert.strictEqual(res.headers.location, `${nconf.get('relative_path')}/`); assert.strictEqual(res.headers.location, `${nconf.get('relative_path')}/`);
meta.config.requireEmailAddress = 1; meta.config.requireEmailAddress = 1;
}); });
it('should continue to redirect back to interstitial after an email is entered, as it is not confirmed', async () => { it('should allow access to regular resources after an email is entered, even if unconfirmed', async () => {
const res = await requestAsync(`${nconf.get('url')}/recent`, { const res = await requestAsync(`${nconf.get('url')}/recent`, {
jar, jar,
json: true, json: true,
@@ -613,8 +627,56 @@ describe('Controllers', () => {
simple: false, simple: false,
}); });
assert.strictEqual(res.statusCode, 200);
});
it('should redirect back to interstitial for categories requiring validated email', async () => {
const name = utils.generateUUID();
const { cid } = await categories.create({ name });
await privileges.categories.rescind(['groups:read'], cid, ['registered-users']);
await privileges.categories.give(['groups:read'], cid, ['verified-users']);
const res = await requestAsync(`${nconf.get('url')}/category/${cid}/${slugify(name)}`, {
jar,
json: true,
resolveWithFullResponse: true,
followRedirect: false,
simple: false,
});
assert.strictEqual(res.statusCode, 307); assert.strictEqual(res.statusCode, 307);
assert.strictEqual(res.headers.location, `${nconf.get('relative_path')}/register/complete`); assert.strictEqual(res.headers.location, `${nconf.get('relative_path')}/register/complete`);
await abortInterstitial();
});
it('should redirect back to interstitial for topics requiring validated email', async () => {
const name = utils.generateUUID();
const { cid } = await categories.create({ name });
await privileges.categories.rescind(['groups:topics:read'], cid, 'registered-users');
await privileges.categories.give(['groups:topics:read'], cid, 'verified-users');
const res = await requestAsync(`${nconf.get('url')}/category/${cid}/${slugify(name)}`, {
jar,
json: true,
resolveWithFullResponse: true,
followRedirect: false,
simple: false,
});
assert.strictEqual(res.statusCode, 200);
const title = utils.generateUUID();
const uid = await user.getUidByUsername(username);
const { topicData } = await topics.post({ uid, cid, title, content: utils.generateUUID() });
const res2 = await requestAsync(`${nconf.get('url')}/topic/${topicData.tid}/${slugify(title)}`, {
jar,
json: true,
resolveWithFullResponse: true,
followRedirect: false,
simple: false,
});
assert.strictEqual(res2.statusCode, 307);
assert.strictEqual(res2.headers.location, `${nconf.get('relative_path')}/register/complete`);
await abortInterstitial();
await topics.purge(topicData.tid, uid);
}); });
}); });
}); });