mirror of
https://github.com/NodeBB/NodeBB.git
synced 2025-10-31 02:55:58 +01:00
refactor: helpers.loginUser to be fully async
This commit is contained in:
Julian Lam
@@ -6,6 +6,7 @@ const url = require('url');
|
||||
const async = require('async');
|
||||
const nconf = require('nconf');
|
||||
const request = require('request');
|
||||
const requestAsync = require('request-promise-native');
|
||||
const util = require('util');
|
||||
|
||||
const db = require('./mocks/databasemock');
|
||||
@@ -157,27 +158,20 @@ describe('authentication', () => {
|
||||
});
|
||||
});
|
||||
|
||||
it('should login a user', (done) => {
|
||||
helpers.loginUser('regular', 'regularpwd', (err, data) => {
|
||||
assert.ifError(err);
|
||||
assert(data.body);
|
||||
request({
|
||||
url: `${nconf.get('url')}/api/self`,
|
||||
json: true,
|
||||
jar: data.jar,
|
||||
}, (err, response, body) => {
|
||||
assert.ifError(err);
|
||||
assert(body);
|
||||
assert.equal(body.username, 'regular');
|
||||
assert.equal(body.email, 'regular@nodebb.org');
|
||||
db.getObject(`uid:${regularUid}:sessionUUID:sessionId`, (err, sessions) => {
|
||||
assert.ifError(err);
|
||||
assert(sessions);
|
||||
assert(Object.keys(sessions).length > 0);
|
||||
done();
|
||||
});
|
||||
});
|
||||
it('should login a user', async () => {
|
||||
const { jar, body: loginBody } = await helpers.loginUser('regular', 'regularpwd');
|
||||
assert(loginBody);
|
||||
const body = await requestAsync({
|
||||
url: `${nconf.get('url')}/api/self`,
|
||||
json: true,
|
||||
jar,
|
||||
});
|
||||
assert(body);
|
||||
assert.equal(body.username, 'regular');
|
||||
assert.equal(body.email, 'regular@nodebb.org');
|
||||
const sessions = await db.getObject(`uid:${regularUid}:sessionUUID:sessionId`);
|
||||
assert(sessions);
|
||||
assert(Object.keys(sessions).length > 0);
|
||||
});
|
||||
|
||||
it('should regenerate the session identifier on successful login', async () => {
|
||||
@@ -238,77 +232,53 @@ describe('authentication', () => {
|
||||
});
|
||||
});
|
||||
|
||||
it('should fail to login if user does not exist', (done) => {
|
||||
helpers.loginUser('doesnotexist', 'nopassword', (err, data) => {
|
||||
assert.ifError(err);
|
||||
assert.equal(data.res.statusCode, 403);
|
||||
assert.equal(data.body, '[[error:invalid-login-credentials]]');
|
||||
done();
|
||||
});
|
||||
it('should fail to login if user does not exist', async () => {
|
||||
const { res, body } = await helpers.loginUser('doesnotexist', 'nopassword');
|
||||
assert.equal(res.statusCode, 403);
|
||||
assert.equal(body, '[[error:invalid-login-credentials]]');
|
||||
});
|
||||
|
||||
it('should fail to login if username is empty', (done) => {
|
||||
helpers.loginUser('', 'some password', (err, data) => {
|
||||
assert.ifError(err);
|
||||
assert.equal(data.res.statusCode, 403);
|
||||
assert.equal(data.body, '[[error:invalid-username-or-password]]');
|
||||
done();
|
||||
});
|
||||
it('should fail to login if username is empty', async () => {
|
||||
const { res, body } = await helpers.loginUser('', 'some password');
|
||||
assert.equal(res.statusCode, 403);
|
||||
assert.equal(body, '[[error:invalid-username-or-password]]');
|
||||
});
|
||||
|
||||
it('should fail to login if password is empty', (done) => {
|
||||
helpers.loginUser('someuser', '', (err, data) => {
|
||||
assert.ifError(err);
|
||||
assert.equal(data.res.statusCode, 403);
|
||||
assert.equal(data.body, '[[error:invalid-username-or-password]]');
|
||||
done();
|
||||
});
|
||||
it('should fail to login if password is empty', async () => {
|
||||
const { res, body } = await helpers.loginUser('someuser', '');
|
||||
assert.equal(res.statusCode, 403);
|
||||
assert.equal(body, '[[error:invalid-username-or-password]]');
|
||||
});
|
||||
|
||||
it('should fail to login if username and password are empty', (done) => {
|
||||
helpers.loginUser('', '', (err, data) => {
|
||||
assert.ifError(err);
|
||||
assert.equal(data.res.statusCode, 403);
|
||||
assert.equal(data.body, '[[error:invalid-username-or-password]]');
|
||||
done();
|
||||
});
|
||||
it('should fail to login if username and password are empty', async () => {
|
||||
const { res, body } = await helpers.loginUser('', '');
|
||||
assert.equal(res.statusCode, 403);
|
||||
assert.equal(body, '[[error:invalid-username-or-password]]');
|
||||
});
|
||||
|
||||
it('should fail to login if user does not have password field in db', (done) => {
|
||||
user.create({ username: 'hasnopassword', email: 'no@pass.org' }, (err, uid) => {
|
||||
assert.ifError(err);
|
||||
helpers.loginUser('hasnopassword', 'doesntmatter', (err, data) => {
|
||||
assert.ifError(err);
|
||||
assert.equal(data.res.statusCode, 403);
|
||||
assert.equal(data.body, '[[error:invalid-login-credentials]]');
|
||||
done();
|
||||
});
|
||||
});
|
||||
it('should fail to login if user does not have password field in db', async () => {
|
||||
await user.create({ username: 'hasnopassword', email: 'no@pass.org' });
|
||||
const { res, body } = await helpers.loginUser('hasnopassword', 'doesntmatter');
|
||||
assert.equal(res.statusCode, 403);
|
||||
assert.equal(body, '[[error:invalid-login-credentials]]');
|
||||
});
|
||||
|
||||
it('should fail to login if password is longer than 4096', (done) => {
|
||||
it('should fail to login if password is longer than 4096', async () => {
|
||||
let longPassword;
|
||||
for (let i = 0; i < 5000; i++) {
|
||||
longPassword += 'a';
|
||||
}
|
||||
helpers.loginUser('someuser', longPassword, (err, data) => {
|
||||
assert.ifError(err);
|
||||
assert.equal(data.res.statusCode, 403);
|
||||
assert.equal(data.body, '[[error:password-too-long]]');
|
||||
done();
|
||||
});
|
||||
const { res, body } = await helpers.loginUser('someuser', longPassword);
|
||||
assert.equal(res.statusCode, 403);
|
||||
assert.equal(body, '[[error:password-too-long]]');
|
||||
});
|
||||
|
||||
it('should fail to login if local login is disabled', (done) => {
|
||||
privileges.global.rescind(['groups:local:login'], 'registered-users', (err) => {
|
||||
assert.ifError(err);
|
||||
helpers.loginUser('regular', 'regularpwd', (err, data) => {
|
||||
assert.ifError(err);
|
||||
assert.equal(data.res.statusCode, 403);
|
||||
assert.equal(data.body, '[[error:local-login-disabled]]');
|
||||
privileges.global.give(['groups:local:login'], 'registered-users', done);
|
||||
});
|
||||
});
|
||||
it('should fail to login if local login is disabled', async () => {
|
||||
await privileges.global.rescind(['groups:local:login'], 'registered-users');
|
||||
const { res, body } = await helpers.loginUser('regular', 'regularpwd');
|
||||
assert.equal(res.statusCode, 403);
|
||||
assert.equal(body, '[[error:local-login-disabled]]');
|
||||
await privileges.global.give(['groups:local:login'], 'registered-users');
|
||||
});
|
||||
|
||||
it('should fail to register if registraton is disabled', (done) => {
|
||||
@@ -396,15 +366,12 @@ describe('authentication', () => {
|
||||
assert.equal(res.statusCode, 200);
|
||||
});
|
||||
|
||||
it('should fail to login if login type is username and an email is sent', (done) => {
|
||||
it('should fail to login if login type is username and an email is sent', async () => {
|
||||
meta.config.allowLoginWith = 'username';
|
||||
helpers.loginUser('ginger@nodebb.org', '123456', (err, data) => {
|
||||
meta.config.allowLoginWith = 'username-email';
|
||||
assert.ifError(err);
|
||||
assert.equal(data.res.statusCode, 400);
|
||||
assert.equal(data.body, '[[error:wrong-login-type-username]]');
|
||||
done();
|
||||
});
|
||||
const { res, body } = await helpers.loginUser('ginger@nodebb.org', '123456');
|
||||
meta.config.allowLoginWith = 'username-email';
|
||||
assert.equal(res.statusCode, 400);
|
||||
assert.equal(body, '[[error:wrong-login-type-username]]');
|
||||
});
|
||||
|
||||
it('should send 200 if not logged in', (done) => {
|
||||
@@ -443,37 +410,26 @@ describe('authentication', () => {
|
||||
bannedUser.uid = await user.create({ username: 'banme', password: '123456', email: 'ban@me.com' });
|
||||
});
|
||||
|
||||
it('should prevent banned user from logging in', (done) => {
|
||||
user.bans.ban(bannedUser.uid, 0, 'spammer', (err) => {
|
||||
assert.ifError(err);
|
||||
helpers.loginUser(bannedUser.username, bannedUser.pw, (err, data) => {
|
||||
assert.ifError(err);
|
||||
assert.equal(data.res.statusCode, 403);
|
||||
delete data.body.timestamp;
|
||||
assert.deepStrictEqual(data.body, {
|
||||
banned_until: 0,
|
||||
banned_until_readable: '',
|
||||
expiry: 0,
|
||||
expiry_readable: '',
|
||||
reason: 'spammer',
|
||||
uid: bannedUser.uid,
|
||||
});
|
||||
user.bans.unban(bannedUser.uid, (err) => {
|
||||
assert.ifError(err);
|
||||
const expiry = Date.now() + 10000;
|
||||
user.bans.ban(bannedUser.uid, expiry, '', (err) => {
|
||||
assert.ifError(err);
|
||||
helpers.loginUser(bannedUser.username, bannedUser.pw, (err, data) => {
|
||||
assert.ifError(err);
|
||||
assert.equal(data.res.statusCode, 403);
|
||||
assert(data.body.banned_until);
|
||||
assert(data.body.reason, '[[user:info.banned-no-reason]]');
|
||||
done();
|
||||
});
|
||||
});
|
||||
});
|
||||
});
|
||||
it('should prevent banned user from logging in', async () => {
|
||||
await user.bans.ban(bannedUser.uid, 0, 'spammer');
|
||||
const { res: res1, body: body1 } = await helpers.loginUser(bannedUser.username, bannedUser.pw);
|
||||
assert.equal(res1.statusCode, 403);
|
||||
delete body1.timestamp;
|
||||
assert.deepStrictEqual(body1, {
|
||||
banned_until: 0,
|
||||
banned_until_readable: '',
|
||||
expiry: 0,
|
||||
expiry_readable: '',
|
||||
reason: 'spammer',
|
||||
uid: bannedUser.uid,
|
||||
});
|
||||
await user.bans.unban(bannedUser.uid);
|
||||
const expiry = Date.now() + 10000;
|
||||
await user.bans.ban(bannedUser.uid, expiry, '');
|
||||
const { res: res2, body: body2 } = await helpers.loginUser(bannedUser.username, bannedUser.pw);
|
||||
assert.equal(res2.statusCode, 403);
|
||||
assert(body2.banned_until);
|
||||
assert(body2.reason, '[[user:info.banned-no-reason]]');
|
||||
});
|
||||
|
||||
it('should allow banned user to log in if the "banned-users" group has "local-login" privilege', async () => {
|
||||
@@ -497,24 +453,18 @@ describe('authentication', () => {
|
||||
function (next) {
|
||||
user.create({ username: 'lockme', password: '123456' }, next);
|
||||
},
|
||||
function (_uid, next) {
|
||||
async (_uid) => {
|
||||
uid = _uid;
|
||||
helpers.loginUser('lockme', 'abcdef', next);
|
||||
return helpers.loginUser('lockme', 'abcdef');
|
||||
},
|
||||
function (data, next) {
|
||||
helpers.loginUser('lockme', 'abcdef', next);
|
||||
},
|
||||
function (data, next) {
|
||||
helpers.loginUser('lockme', 'abcdef', next);
|
||||
},
|
||||
function (data, next) {
|
||||
helpers.loginUser('lockme', 'abcdef', next);
|
||||
},
|
||||
function (data, next) {
|
||||
async data => helpers.loginUser('lockme', 'abcdef'),
|
||||
async data => helpers.loginUser('lockme', 'abcdef'),
|
||||
async data => helpers.loginUser('lockme', 'abcdef'),
|
||||
async (data) => {
|
||||
meta.config.loginAttempts = 5;
|
||||
assert.equal(data.res.statusCode, 403);
|
||||
assert.equal(data.body, '[[error:account-locked]]');
|
||||
helpers.loginUser('lockme', 'abcdef', next);
|
||||
return helpers.loginUser('lockme', 'abcdef');
|
||||
},
|
||||
function (data, next) {
|
||||
assert.equal(data.res.statusCode, 403);
|
||||
|
||||
@@ -4,6 +4,7 @@ const async = require('async');
|
||||
const assert = require('assert');
|
||||
const nconf = require('nconf');
|
||||
const request = require('request');
|
||||
const requestAsync = require('request-promise-native');
|
||||
|
||||
const db = require('./mocks/databasemock');
|
||||
const categories = require('../src/categories');
|
||||
@@ -65,17 +66,16 @@ describe('Admin Controllers', () => {
|
||||
});
|
||||
});
|
||||
|
||||
it('should 403 if user is not admin', (done) => {
|
||||
helpers.loginUser('admin', 'barbar', (err, data) => {
|
||||
assert.ifError(err);
|
||||
jar = data.jar;
|
||||
request(`${nconf.get('url')}/admin`, { jar: jar }, (err, res, body) => {
|
||||
assert.ifError(err);
|
||||
assert.equal(res.statusCode, 403);
|
||||
assert(body);
|
||||
done();
|
||||
});
|
||||
it('should 403 if user is not admin', async () => {
|
||||
({ jar } = await helpers.loginUser('admin', 'barbar'));
|
||||
const { statusCode, body } = await requestAsync(`${nconf.get('url')}/admin`, {
|
||||
jar: jar,
|
||||
simple: false,
|
||||
resolveWithFullResponse: true,
|
||||
});
|
||||
|
||||
assert.equal(statusCode, 403);
|
||||
assert(body);
|
||||
});
|
||||
|
||||
it('should load admin dashboard', (done) => {
|
||||
|
||||
@@ -7,6 +7,9 @@ const request = require('request');
|
||||
const requestAsync = require('request-promise-native');
|
||||
const fs = require('fs');
|
||||
const path = require('path');
|
||||
const util = require('util');
|
||||
|
||||
const sleep = util.promisify(setTimeout);
|
||||
|
||||
const db = require('./mocks/databasemock');
|
||||
const categories = require('../src/categories');
|
||||
@@ -1621,23 +1624,13 @@ describe('Controllers', () => {
|
||||
});
|
||||
});
|
||||
|
||||
it('should return false if user can not edit user', (done) => {
|
||||
user.create({ username: 'regularJoe', password: 'barbar' }, (err) => {
|
||||
assert.ifError(err);
|
||||
helpers.loginUser('regularJoe', 'barbar', (err, data) => {
|
||||
assert.ifError(err);
|
||||
const { jar } = data;
|
||||
request(`${nconf.get('url')}/api/user/foo/info`, { jar: jar, json: true }, (err, res) => {
|
||||
assert.ifError(err);
|
||||
assert.equal(res.statusCode, 403);
|
||||
request(`${nconf.get('url')}/api/user/foo/edit`, { jar: jar, json: true }, (err, res) => {
|
||||
assert.ifError(err);
|
||||
assert.equal(res.statusCode, 403);
|
||||
done();
|
||||
});
|
||||
});
|
||||
});
|
||||
});
|
||||
it('should return false if user can not edit user', async () => {
|
||||
await user.create({ username: 'regularJoe', password: 'barbar' });
|
||||
const { jar } = await helpers.loginUser('regularJoe', 'barbar');
|
||||
let { statusCode } = await requestAsync(`${nconf.get('url')}/api/user/foo/info`, { jar: jar, json: true, simple: false, resolveWithFullResponse: true });
|
||||
assert.equal(statusCode, 403);
|
||||
({ statusCode } = await requestAsync(`${nconf.get('url')}/api/user/foo/edit`, { jar: jar, json: true, simple: false, resolveWithFullResponse: true }));
|
||||
assert.equal(statusCode, 403);
|
||||
});
|
||||
|
||||
it('should load correct user', (done) => {
|
||||
@@ -1693,22 +1686,18 @@ describe('Controllers', () => {
|
||||
});
|
||||
});
|
||||
|
||||
it('should increase profile view', (done) => {
|
||||
helpers.loginUser('regularJoe', 'barbar', (err, data) => {
|
||||
assert.ifError(err);
|
||||
const { jar } = data;
|
||||
request(`${nconf.get('url')}/api/user/foo`, { jar: jar }, (err, res) => {
|
||||
assert.ifError(err);
|
||||
assert.equal(res.statusCode, 200);
|
||||
setTimeout(() => {
|
||||
user.getUserField(fooUid, 'profileviews', (err, viewcount) => {
|
||||
assert.ifError(err);
|
||||
assert(viewcount > 0);
|
||||
done();
|
||||
});
|
||||
}, 500);
|
||||
});
|
||||
it('should increase profile view', async () => {
|
||||
const { jar } = await helpers.loginUser('regularJoe', 'barbar');
|
||||
const { statusCode } = await requestAsync(`${nconf.get('url')}/api/user/foo`, {
|
||||
jar: jar,
|
||||
simple: false,
|
||||
resolveWithFullResponse: true,
|
||||
});
|
||||
assert.equal(statusCode, 200);
|
||||
|
||||
await sleep(500);
|
||||
const viewcount = await user.getUserField(fooUid, 'profileviews');
|
||||
assert(viewcount > 0);
|
||||
});
|
||||
|
||||
it('should parse about me', (done) => {
|
||||
|
||||
@@ -40,37 +40,38 @@ helpers.request = async function (method, uri, options) {
|
||||
});
|
||||
};
|
||||
|
||||
helpers.loginUser = function (username, password, callback) {
|
||||
helpers.loginUser = async (username, password, payload = {}) => {
|
||||
const jar = request.jar();
|
||||
const form = { username, password, ...payload };
|
||||
|
||||
request({
|
||||
const { statusCode, body: configBody } = await requestAsync({
|
||||
url: `${nconf.get('url')}/api/config`,
|
||||
json: true,
|
||||
jar: jar,
|
||||
}, (err, res, body) => {
|
||||
if (err || res.statusCode !== 200) {
|
||||
return callback(err || new Error('[[error:invalid-response]]'));
|
||||
}
|
||||
const { csrf_token } = body;
|
||||
request.post(`${nconf.get('url')}/login`, {
|
||||
form: {
|
||||
username: username,
|
||||
password: password,
|
||||
},
|
||||
json: true,
|
||||
jar: jar,
|
||||
headers: {
|
||||
'x-csrf-token': csrf_token,
|
||||
},
|
||||
}, (err, res, body) => {
|
||||
if (err) {
|
||||
return callback(err || new Error('[[error:invalid-response]]'));
|
||||
}
|
||||
callback(null, { jar, res, body, csrf_token: csrf_token });
|
||||
});
|
||||
followRedirect: false,
|
||||
simple: false,
|
||||
resolveWithFullResponse: true,
|
||||
});
|
||||
};
|
||||
|
||||
if (statusCode !== 200) {
|
||||
throw new Error('[[error:invalid-response]]');
|
||||
}
|
||||
|
||||
const { csrf_token } = configBody;
|
||||
const res = await requestAsync.post(`${nconf.get('url')}/login`, {
|
||||
form,
|
||||
json: true,
|
||||
jar: jar,
|
||||
followRedirect: false,
|
||||
simple: false,
|
||||
resolveWithFullResponse: true,
|
||||
headers: {
|
||||
'x-csrf-token': csrf_token,
|
||||
},
|
||||
});
|
||||
|
||||
return { jar, res, body: res.body, csrf_token: csrf_token };
|
||||
};
|
||||
|
||||
helpers.logoutUser = function (jar, callback) {
|
||||
request({
|
||||
|
||||
@@ -67,10 +67,10 @@ describe('Messaging Library', () => {
|
||||
await Groups.join('administrators', mocks.users.foo.uid);
|
||||
await User.setSetting(mocks.users.baz.uid, 'restrictChat', '1');
|
||||
|
||||
({ jar: mocks.users.foo.jar, csrf_token: mocks.users.foo.csrf } = await util.promisify(helpers.loginUser)('foo', 'barbar'));
|
||||
({ jar: mocks.users.bar.jar, csrf_token: mocks.users.bar.csrf } = await util.promisify(helpers.loginUser)('bar', 'bazbaz'));
|
||||
({ jar: mocks.users.baz.jar, csrf_token: mocks.users.baz.csrf } = await util.promisify(helpers.loginUser)('baz', 'quuxquux'));
|
||||
({ jar: mocks.users.herp.jar, csrf_token: mocks.users.herp.csrf } = await util.promisify(helpers.loginUser)('herp', 'derpderp'));
|
||||
({ jar: mocks.users.foo.jar, csrf_token: mocks.users.foo.csrf } = await helpers.loginUser('foo', 'barbar'));
|
||||
({ jar: mocks.users.bar.jar, csrf_token: mocks.users.bar.csrf } = await helpers.loginUser('bar', 'bazbaz'));
|
||||
({ jar: mocks.users.baz.jar, csrf_token: mocks.users.baz.csrf } = await helpers.loginUser('baz', 'quuxquux'));
|
||||
({ jar: mocks.users.herp.jar, csrf_token: mocks.users.herp.csrf } = await helpers.loginUser('herp', 'derpderp'));
|
||||
|
||||
chatMessageDelay = meta.config.chatMessageDelay;
|
||||
meta.config.chatMessageDelay = 0;
|
||||
@@ -277,7 +277,7 @@ describe('Messaging Library', () => {
|
||||
|
||||
it('should change owner if owner is deleted', async () => {
|
||||
const sender = await User.create({ username: 'deleted_chat_user', password: 'barbar' });
|
||||
const { jar: senderJar, csrf_token: senderCsrf } = await util.promisify(helpers.loginUser)('deleted_chat_user', 'barbar');
|
||||
const { jar: senderJar, csrf_token: senderCsrf } = await helpers.loginUser('deleted_chat_user', 'barbar');
|
||||
|
||||
const receiver = await User.create({ username: 'receiver' });
|
||||
const { response } = await request(`${nconf.get('url')}/api/v3/chats`, {
|
||||
@@ -851,7 +851,7 @@ describe('Messaging Library', () => {
|
||||
});
|
||||
|
||||
it('should return 404 if user is not in room', async () => {
|
||||
const data = await util.promisify(helpers.loginUser)('baz', 'quuxquux');
|
||||
const data = await helpers.loginUser('baz', 'quuxquux');
|
||||
const response = await request(`${nconf.get('url')}/api/user/baz/chats/${roomId}`, {
|
||||
resolveWithFullResponse: true,
|
||||
simple: false,
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
|
||||
const assert = require('assert');
|
||||
const async = require('async');
|
||||
const request = require('request');
|
||||
const request = require('request-promise-native');
|
||||
const nconf = require('nconf');
|
||||
const path = require('path');
|
||||
const util = require('util');
|
||||
@@ -77,13 +77,7 @@ describe('Post\'s', () => {
|
||||
});
|
||||
|
||||
it('should update category teaser properly', async () => {
|
||||
const util = require('util');
|
||||
const getCategoriesAsync = util.promisify(async (callback) => {
|
||||
request(`${nconf.get('url')}/api/categories`, { json: true }, (err, res, body) => {
|
||||
callback(err, body);
|
||||
});
|
||||
});
|
||||
|
||||
const getCategoriesAsync = async () => await request(`${nconf.get('url')}/api/categories`, { json: true });
|
||||
const postResult = await topics.post({ uid: globalModUid, cid: cid, title: 'topic title', content: '123456789' });
|
||||
|
||||
let data = await getCategoriesAsync();
|
||||
@@ -378,15 +372,11 @@ describe('Post\'s', () => {
|
||||
function (next) {
|
||||
privileges.categories.rescind(['groups:posts:view_deleted'], cid, 'Global Moderators', next);
|
||||
},
|
||||
function (next) {
|
||||
helpers.loginUser('global mod', '123456', (err, data) => {
|
||||
assert.ifError(err);
|
||||
request(`${nconf.get('url')}/api/topic/${tid}`, { jar: data.jar, json: true }, (err, res, body) => {
|
||||
assert.ifError(err);
|
||||
assert.equal(body.posts[1].content, '[[topic:post_is_deleted]]');
|
||||
privileges.categories.give(['groups:posts:view_deleted'], cid, 'Global Moderators', next);
|
||||
});
|
||||
});
|
||||
async () => {
|
||||
const { jar } = await helpers.loginUser('global mod', '123456');
|
||||
const { posts } = await request(`${nconf.get('url')}/api/topic/${tid}`, { jar, json: true });
|
||||
assert.equal(posts[1].content, '[[topic:post_is_deleted]]');
|
||||
await privileges.categories.give(['groups:posts:view_deleted'], cid, 'Global Moderators');
|
||||
},
|
||||
], done);
|
||||
});
|
||||
@@ -996,19 +986,13 @@ describe('Post\'s', () => {
|
||||
queueId = result.id;
|
||||
});
|
||||
|
||||
it('should load queued posts', (done) => {
|
||||
helpers.loginUser('globalmod', 'globalmodpwd', (err, data) => {
|
||||
jar = data.jar;
|
||||
assert.ifError(err);
|
||||
request(`${nconf.get('url')}/api/post-queue`, { jar: jar, json: true }, (err, res, body) => {
|
||||
assert.ifError(err);
|
||||
assert.equal(body.posts[0].type, 'topic');
|
||||
assert.equal(body.posts[0].data.content, 'queued topic content');
|
||||
assert.equal(body.posts[1].type, 'reply');
|
||||
assert.equal(body.posts[1].data.content, 'this is a queued reply');
|
||||
done();
|
||||
});
|
||||
});
|
||||
it('should load queued posts', async () => {
|
||||
({ jar } = await helpers.loginUser('globalmod', 'globalmodpwd'));
|
||||
const { posts } = await request(`${nconf.get('url')}/api/post-queue`, { jar: jar, json: true });
|
||||
assert.equal(posts[0].type, 'topic');
|
||||
assert.equal(posts[0].data.content, 'queued topic content');
|
||||
assert.equal(posts[1].type, 'reply');
|
||||
assert.equal(posts[1].data.content, 'this is a queued reply');
|
||||
});
|
||||
|
||||
it('should error if data is invalid', (done) => {
|
||||
@@ -1018,43 +1002,26 @@ describe('Post\'s', () => {
|
||||
});
|
||||
});
|
||||
|
||||
it('should edit post in queue', (done) => {
|
||||
socketPosts.editQueuedContent({ uid: globalModUid }, { id: queueId, content: 'newContent' }, (err) => {
|
||||
assert.ifError(err);
|
||||
request(`${nconf.get('url')}/api/post-queue`, { jar: jar, json: true }, (err, res, body) => {
|
||||
assert.ifError(err);
|
||||
assert.equal(body.posts[1].type, 'reply');
|
||||
assert.equal(body.posts[1].data.content, 'newContent');
|
||||
done();
|
||||
});
|
||||
});
|
||||
it('should edit post in queue', async () => {
|
||||
await socketPosts.editQueuedContent({ uid: globalModUid }, { id: queueId, content: 'newContent' });
|
||||
const { posts } = await request(`${nconf.get('url')}/api/post-queue`, { jar: jar, json: true });
|
||||
assert.equal(posts[1].type, 'reply');
|
||||
assert.equal(posts[1].data.content, 'newContent');
|
||||
});
|
||||
|
||||
it('should edit topic title in queue', (done) => {
|
||||
socketPosts.editQueuedContent({ uid: globalModUid }, { id: topicQueueId, title: 'new topic title' }, (err) => {
|
||||
assert.ifError(err);
|
||||
request(`${nconf.get('url')}/api/post-queue`, { jar: jar, json: true }, (err, res, body) => {
|
||||
assert.ifError(err);
|
||||
assert.equal(body.posts[0].type, 'topic');
|
||||
assert.equal(body.posts[0].data.title, 'new topic title');
|
||||
done();
|
||||
});
|
||||
});
|
||||
it('should edit topic title in queue', async () => {
|
||||
await socketPosts.editQueuedContent({ uid: globalModUid }, { id: topicQueueId, title: 'new topic title' });
|
||||
const { posts } = await request(`${nconf.get('url')}/api/post-queue`, { jar: jar, json: true });
|
||||
assert.equal(posts[0].type, 'topic');
|
||||
assert.equal(posts[0].data.title, 'new topic title');
|
||||
});
|
||||
|
||||
it('should edit topic category in queue', (done) => {
|
||||
socketPosts.editQueuedContent({ uid: globalModUid }, { id: topicQueueId, cid: 2 }, (err) => {
|
||||
assert.ifError(err);
|
||||
request(`${nconf.get('url')}/api/post-queue`, { jar: jar, json: true }, (err, res, body) => {
|
||||
assert.ifError(err);
|
||||
assert.equal(body.posts[0].type, 'topic');
|
||||
assert.equal(body.posts[0].data.cid, 2);
|
||||
socketPosts.editQueuedContent({ uid: globalModUid }, { id: topicQueueId, cid: cid }, (err) => {
|
||||
assert.ifError(err);
|
||||
done();
|
||||
});
|
||||
});
|
||||
});
|
||||
it('should edit topic category in queue', async () => {
|
||||
await socketPosts.editQueuedContent({ uid: globalModUid }, { id: topicQueueId, cid: 2 });
|
||||
const { posts } = await request(`${nconf.get('url')}/api/post-queue`, { jar: jar, json: true });
|
||||
assert.equal(posts[0].type, 'topic');
|
||||
assert.equal(posts[0].data.cid, 2);
|
||||
await socketPosts.editQueuedContent({ uid: globalModUid }, { id: topicQueueId, cid: cid });
|
||||
});
|
||||
|
||||
it('should prevent regular users from approving posts', (done) => {
|
||||
|
||||
104
test/user.js
104
test/user.js
@@ -1925,25 +1925,18 @@ describe('User', () => {
|
||||
done();
|
||||
});
|
||||
|
||||
it('should add user to approval queue', (done) => {
|
||||
helpers.registerUser({
|
||||
it('should add user to approval queue', async () => {
|
||||
await helpers.registerUser({
|
||||
username: 'rejectme',
|
||||
password: '123456',
|
||||
'password-confirm': '123456',
|
||||
email: '<script>alert("ok")<script>reject@me.com',
|
||||
gdpr_consent: true,
|
||||
}, (err) => {
|
||||
assert.ifError(err);
|
||||
helpers.loginUser('admin', '123456', (err, data) => {
|
||||
assert.ifError(err);
|
||||
request(`${nconf.get('url')}/api/admin/manage/registration`, { jar: data.jar, json: true }, (err, res, body) => {
|
||||
assert.ifError(err);
|
||||
assert.equal(body.users[0].username, 'rejectme');
|
||||
assert.equal(body.users[0].email, '<script>alert("ok")<script>reject@me.com');
|
||||
done();
|
||||
});
|
||||
});
|
||||
});
|
||||
const { jar } = await helpers.loginUser('admin', '123456');
|
||||
const { users } = await requestAsync(`${nconf.get('url')}/api/admin/manage/registration`, { jar, json: true });
|
||||
assert.equal(users[0].username, 'rejectme');
|
||||
assert.equal(users[0].email, '<script>alert("ok")<script>reject@me.com');
|
||||
});
|
||||
|
||||
it('should fail to add user to queue if username is taken', (done) => {
|
||||
@@ -2066,21 +2059,8 @@ describe('User', () => {
|
||||
let csrf_token;
|
||||
let jar;
|
||||
|
||||
before((done) => {
|
||||
helpers.loginUser('notAnInviter', COMMON_PW, (err, data) => {
|
||||
assert.ifError(err);
|
||||
jar = data.jar;
|
||||
|
||||
request({
|
||||
url: `${nconf.get('url')}/api/config`,
|
||||
json: true,
|
||||
jar: jar,
|
||||
}, (err, response, body) => {
|
||||
assert.ifError(err);
|
||||
csrf_token = body.csrf_token;
|
||||
done();
|
||||
});
|
||||
});
|
||||
before(async () => {
|
||||
({ jar, csrf_token } = await helpers.loginUser('notAnInviter', COMMON_PW));
|
||||
});
|
||||
|
||||
it('should error if user does not have invite privilege', async () => {
|
||||
@@ -2102,21 +2082,8 @@ describe('User', () => {
|
||||
let csrf_token;
|
||||
let jar;
|
||||
|
||||
before((done) => {
|
||||
helpers.loginUser('inviter', COMMON_PW, (err, data) => {
|
||||
assert.ifError(err);
|
||||
jar = data.jar;
|
||||
|
||||
request({
|
||||
url: `${nconf.get('url')}/api/config`,
|
||||
json: true,
|
||||
jar: jar,
|
||||
}, (err, response, body) => {
|
||||
assert.ifError(err);
|
||||
csrf_token = body.csrf_token;
|
||||
done();
|
||||
});
|
||||
});
|
||||
before(async () => {
|
||||
({ jar, csrf_token } = await helpers.loginUser('inviter', COMMON_PW));
|
||||
});
|
||||
|
||||
it('should error with invalid data', async () => {
|
||||
@@ -2204,21 +2171,8 @@ describe('User', () => {
|
||||
let csrf_token;
|
||||
let jar;
|
||||
|
||||
before((done) => {
|
||||
helpers.loginUser('adminInvite', COMMON_PW, (err, data) => {
|
||||
assert.ifError(err);
|
||||
jar = data.jar;
|
||||
|
||||
request({
|
||||
url: `${nconf.get('url')}/api/config`,
|
||||
json: true,
|
||||
jar: jar,
|
||||
}, (err, response, body) => {
|
||||
assert.ifError(err);
|
||||
csrf_token = body.csrf_token;
|
||||
done();
|
||||
});
|
||||
});
|
||||
before(async () => {
|
||||
({ jar, csrf_token } = await helpers.loginUser('adminInvite', COMMON_PW));
|
||||
});
|
||||
|
||||
it('should escape email', async () => {
|
||||
@@ -2355,21 +2309,8 @@ describe('User', () => {
|
||||
let csrf_token;
|
||||
let jar;
|
||||
|
||||
before((done) => {
|
||||
helpers.loginUser('inviter', COMMON_PW, (err, data) => {
|
||||
assert.ifError(err);
|
||||
jar = data.jar;
|
||||
|
||||
request({
|
||||
url: `${nconf.get('url')}/api/config`,
|
||||
json: true,
|
||||
jar: jar,
|
||||
}, (err, response, body) => {
|
||||
assert.ifError(err);
|
||||
csrf_token = body.csrf_token;
|
||||
done();
|
||||
});
|
||||
});
|
||||
before(async () => {
|
||||
({ jar, csrf_token } = await helpers.loginUser('inviter', COMMON_PW));
|
||||
});
|
||||
|
||||
it('should show a list of groups for adding to an invite', async () => {
|
||||
@@ -2948,17 +2889,12 @@ describe('User', () => {
|
||||
});
|
||||
});
|
||||
|
||||
it('should allow user to login even if password is weak', (done) => {
|
||||
User.create({ username: 'weakpwd', password: '123456' }, (err) => {
|
||||
assert.ifError(err);
|
||||
const oldValue = meta.config.minimumPasswordStrength;
|
||||
meta.config.minimumPasswordStrength = 3;
|
||||
helpers.loginUser('weakpwd', '123456', (err) => {
|
||||
assert.ifError(err);
|
||||
meta.config.minimumPasswordStrength = oldValue;
|
||||
done();
|
||||
});
|
||||
});
|
||||
it('should allow user to login even if password is weak', async () => {
|
||||
await User.create({ username: 'weakpwd', password: '123456' });
|
||||
const oldValue = meta.config.minimumPasswordStrength;
|
||||
meta.config.minimumPasswordStrength = 3;
|
||||
await helpers.loginUser('weakpwd', '123456');
|
||||
meta.config.minimumPasswordStrength = oldValue;
|
||||
});
|
||||
|
||||
describe('User\'s', async () => {
|
||||
|
||||
@@ -150,7 +150,6 @@ describe('email confirmation (v3 api)', () => {
|
||||
resolve({ jar, response, body });
|
||||
});
|
||||
});
|
||||
const login = util.promisify(helpers.loginUser);
|
||||
|
||||
before(async () => {
|
||||
// If you're running this file directly, uncomment these lines
|
||||
@@ -219,7 +218,7 @@ describe('email confirmation (v3 api)', () => {
|
||||
it('should still confirm the email (as email is set in user hash)', async () => {
|
||||
await user.email.remove(userObj.uid);
|
||||
await user.setUserField(userObj.uid, 'email', 'test@example.org');
|
||||
({ jar } = await login('email-test', 'abcdef')); // email removal logs out everybody
|
||||
({ jar } = await helpers.loginUser('email-test', 'abcdef')); // email removal logs out everybody
|
||||
await groups.join('administrators', userObj.uid);
|
||||
|
||||
const { res, body } = await helpers.request('post', `/api/v3/users/${userObj.uid}/emails/${encodeURIComponent('test@example.org')}/confirm`, {
|
||||
|
||||
Reference in New Issue
Block a user