Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-10-31 11:05:54 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
69373fded7ab1b51b9fc70e7bf12ab817dd95a2e
NodeBB/test/helpers/index.js
Barış Soner Uşaklı 48b41debe6 fix: vulnerability in cover and admin uploads (#8419) 
* fix: vulnerability in cover and admin uploads

* fix: remove old test

* fix: update tests
2020-06-22 12:08:35 -04:00

166 lines
3.4 KiB
JavaScript
Raw Blame History

'use strict';
var request = require('request');
var nconf = require('nconf');
var fs = require('fs');
var winston = require('winston');
var utils = require('../../public/src/utils');
var helpers = module.exports;
helpers.loginUser = function (username, password, callback) {
var jar = request.jar();
request({
url: nconf.get('url') + '/api/config',
json: true,
jar: jar,
}, function (err, res, body) {
if (err || res.statusCode !== 200) {
return callback(err || new Error('[[error:invalid-response]]'));
}
request.post(nconf.get('url') + '/login', {
form: {
username: username,
password: password,
},
json: true,
jar: jar,
headers: {
'x-csrf-token': body.csrf_token,
},
}, function (err, res) {
if (err || res.statusCode !== 200) {
return callback(err || new Error('[[error:invalid-response]]'));
}
callback(null, jar, body.csrf_token);
});
});
};
helpers.logoutUser = function (jar, callback) {
request({
url: nconf.get('url') + '/api/config',
json: true,
jar: jar,
}, function (err, response, body) {
if (err) {
return callback(err, response, body);
}
request.post(nconf.get('url') + '/logout', {
form: {},
json: true,
jar: jar,
headers: {
'x-csrf-token': body.csrf_token,
},
}, function (err, response, body) {
callback(err, response, body);
});
});
};
helpers.connectSocketIO = function (res, callback) {
var io = require('socket.io-client');
let cookies = res.headers['set-cookie'];
cookies = cookies.filter(c => /express.sid=[^;]+;/.test(c));
const cookie = cookies[0];
var socket = io(nconf.get('base_url'), {
path: nconf.get('relative_path') + '/socket.io',
extraHeaders: {
Origin: nconf.get('url'),
Cookie: cookie,
},
});
socket.on('connect', function () {
callback(null, socket);
});
socket.on('error', function (err) {
callback(err);
});
};
helpers.uploadFile = function (uploadEndPoint, filePath, body, jar, csrf_token, callback) {
var formData = {
files: [
fs.createReadStream(filePath),
fs.createReadStream(filePath), // see https://github.com/request/request/issues/2445
],
};
formData = utils.merge(formData, body);
request.post({
url: uploadEndPoint,
formData: formData,
json: true,
jar: jar,
headers: {
'x-csrf-token': csrf_token,
},
}, function (err, res, body) {
if (err) {
return callback(err);
}
if (res.statusCode !== 200) {
winston.error(JSON.stringify(body));
}
callback(null, res, body);
});
};
helpers.registerUser = function (data, callback) {
var jar = request.jar();
request({
url: nconf.get('url') + '/api/config',
json: true,
jar: jar,
}, function (err, response, body) {
if (err) {
return callback(err);
}
request.post(nconf.get('url') + '/register', {
form: data,
json: true,
jar: jar,
headers: {
'x-csrf-token': body.csrf_token,
},
}, function (err, response, body) {
callback(err, jar, response, body);
});
});
};
// http://stackoverflow.com/a/14387791/583363
helpers.copyFile = function (source, target, callback) {
var cbCalled = false;
var rd = fs.createReadStream(source);
rd.on('error', function (err) {
done(err);
});
var wr = fs.createWriteStream(target);
wr.on('error', function (err) {
done(err);
});
wr.on('close', function () {
done();
});
rd.pipe(wr);
function done(err) {
if (!cbCalled) {
callback(err);
cbCalled = true;
}
}
};
require('../../src/promisify')(helpers);
Reference in New Issue View Git Blame Copy Permalink