Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-10-26 08:36:12 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: tests

Browse Source
This commit is contained in:
psychobunny
2021-04-18 19:41:00 -04:00
committed by Andrew Rodrigues
parent fa0c92a7c4
commit eb240c905f
1 changed files with 52 additions and 51 deletions
Download Patch File Download Diff File Expand all files Collapse all files

103
test/uploads.js
View File

@@ -63,11 +63,53 @@ describe('Upload Controllers', () => {
});
});
describe('regular user uploads rate limits', () => {
let jar;
let csrf_token;
before((done) => {
helpers.loginUser('malicioususer', 'herpderp', (err, _jar, _csrf_token) => {
assert.ifError(err);
jar = _jar;
csrf_token = _csrf_token;
privileges.global.give(['groups:upload:post:file'], 'registered-users', done);
});
});
it('should fail if the user exceeds the upload rate limit threshold', (done) => {
const oldValue = meta.config.allowedFileExtensions;
meta.config.allowedFileExtensions = 'png,jpg,bmp,html';
// why / 2? see: helpers.uploadFile for a weird quirk where we actually upload 2 files per upload in our tests.
async.times(meta.config.uploadRateLimitThreshold / 2, (i, next) => {
helpers.uploadFile(`${nconf.get('url')}/api/post/upload`, path.join(__dirname, '../test/files/503.html'), {}, jar, csrf_token, (err, res, body) => {
if (i + 1 > meta.config.uploadRateLimitThreshold / 2) {
assert.strictEqual(res.statusCode, 500);
assert.strictEqual(body.error, '[[error:upload-ratelimit-reached]]');
} else {
assert.ifError(err);
assert.strictEqual(res.statusCode, 200);
assert(body && body.status && body.response && body.response.images);
assert(Array.isArray(body.response.images));
assert(body.response.images[0].url);
}
next(err);
});
}, (err) => {
meta.config.allowedFileExtensions = oldValue;
assert.ifError(err);
done();
});
});
});
describe('regular user uploads', () => {
let jar;
let csrf_token;
before((done) => {
meta.config.uploadRateLimitThreshold = 1000;
helpers.loginUser('regular', 'zugzug', (err, _jar, _csrf_token) => {
assert.ifError(err);
jar = _jar;
@@ -151,16 +193,6 @@ describe('Upload Controllers', () => {
});
});
it('should fail to upload image to post if image is broken', (done) => {
helpers.uploadFile(`${nconf.get('url')}/api/post/upload`, path.join(__dirname, '../test/files/brokenimage.png'), {}, jar, csrf_token, (err, res, body) => {
assert.ifError(err);
assert.strictEqual(res.statusCode, 500);
assert(body && body.status && body.status.message);
assert(body.status.message.startsWith('Input file has corrupt header: pngload: end of stream'));
done();
});
});
it('should fail to upload image to post if image dimensions are too big', (done) => {
helpers.uploadFile(`${nconf.get('url')}/api/post/upload`, path.join(__dirname, '../test/files/toobig.jpg'), {}, jar, csrf_token, (err, res, body) => {
assert.ifError(err);
@@ -171,6 +203,16 @@ describe('Upload Controllers', () => {
});
});
it('should fail to upload image to post if image is broken', (done) => {
helpers.uploadFile(`${nconf.get('url')}/api/post/upload`, path.join(__dirname, '../test/files/brokenimage.png'), {}, jar, csrf_token, (err, res, body) => {
assert.ifError(err);
assert.strictEqual(res.statusCode, 500);
assert(body && body.status && body.status.message);
assert(body.status.message.startsWith('pngload_buffer: non-recoverable state'));
done();
});
});
it('should fail if file is not an image', (done) => {
image.isFileTypeAllowed(path.join(__dirname, '../test/files/notanimage.png'), (err) => {
assert.strictEqual(err.message, 'Input file contains unsupported image format');
@@ -326,47 +368,6 @@ describe('Upload Controllers', () => {
});
});
describe('regular user uploads rate limits', () => {
let jar;
let csrf_token;
before((done) => {
helpers.loginUser('malicioususer', 'herpderp', (err, _jar, _csrf_token) => {
assert.ifError(err);
jar = _jar;
csrf_token = _csrf_token;
privileges.global.give(['groups:upload:post:file'], 'registered-users', done);
});
});
it('should fail if the user exceeds the upload rate limit threshold', (done) => {
const oldValue = meta.config.allowedFileExtensions;
meta.config.allowedFileExtensions = 'png,jpg,bmp,html';
// why / 2? see: helpers.uploadFile for a weird quirk where we actually upload 2 files per upload in our tests.
async.times(meta.config.uploadRateLimitThreshold / 2, (i, next) => {
helpers.uploadFile(`${nconf.get('url')}/api/post/upload`, path.join(__dirname, '../test/files/503.html'), {}, jar, csrf_token, (err, res, body) => {
if (i + 1 > meta.config.uploadRateLimitThreshold / 2) {
assert.strictEqual(res.statusCode, 500);
assert.strictEqual(body.error, '[[error:upload-ratelimit-reached]]');
} else {
assert.ifError(err);
assert.strictEqual(res.statusCode, 200);
assert(body && body.status && body.response && body.response.images);
assert(Array.isArray(body.response.images));
assert(body.response.images[0].url);
}
next(err);
});
}, (err) => {
meta.config.allowedFileExtensions = oldValue;
assert.ifError(err);
done();
});
});
});
describe('admin uploads', () => {
let jar;
let csrf_token;