mirror of
				https://github.com/NodeBB/NodeBB.git
				synced 2025-10-26 08:36:12 +01:00 
			
		
		
		
	
		
			
				
	
	
		
			1954 lines
		
	
	
		
			68 KiB
		
	
	
	
		
			JavaScript
		
	
	
	
	
	
			
		
		
	
	
			1954 lines
		
	
	
		
			68 KiB
		
	
	
	
		
			JavaScript
		
	
	
	
	
	
| 'use strict';
 | |
| 
 | |
| const assert = require('assert');
 | |
| const nconf = require('nconf');
 | |
| const fs = require('fs');
 | |
| const path = require('path');
 | |
| const util = require('util');
 | |
| 
 | |
| const db = require('./mocks/databasemock');
 | |
| const request = require('../src/request');
 | |
| const api = require('../src/api');
 | |
| const categories = require('../src/categories');
 | |
| const topics = require('../src/topics');
 | |
| const posts = require('../src/posts');
 | |
| const user = require('../src/user');
 | |
| const groups = require('../src/groups');
 | |
| const meta = require('../src/meta');
 | |
| const translator = require('../src/translator');
 | |
| const privileges = require('../src/privileges');
 | |
| const plugins = require('../src/plugins');
 | |
| const utils = require('../src/utils');
 | |
| const slugify = require('../src/slugify');
 | |
| const helpers = require('./helpers');
 | |
| 
 | |
| const sleep = util.promisify(setTimeout);
 | |
| 
 | |
| describe('Controllers', () => {
 | |
| 	let tid;
 | |
| 	let cid;
 | |
| 	let pid;
 | |
| 	let fooUid;
 | |
| 	let adminUid;
 | |
| 	let category;
 | |
| 
 | |
| 	before(async () => {
 | |
| 		category = await categories.create({
 | |
| 			name: 'Test Category',
 | |
| 			description: 'Test category created by testing script',
 | |
| 		});
 | |
| 		cid = category.cid;
 | |
| 
 | |
| 		fooUid = await user.create({ username: 'foo', password: 'barbar', gdpr_consent: true });
 | |
| 		await user.setUserField(fooUid, 'email', 'foo@test.com');
 | |
| 		await user.email.confirmByUid(fooUid);
 | |
| 
 | |
| 		adminUid = await user.create({ username: 'admin', password: 'barbar', gdpr_consent: true });
 | |
| 		await groups.join('administrators', adminUid);
 | |
| 
 | |
| 		const navigation = require('../src/navigation/admin');
 | |
| 		const data = require('../install/data/navigation.json');
 | |
| 
 | |
| 		await navigation.save(data);
 | |
| 
 | |
| 		const result = await topics.post({ uid: fooUid, title: 'test topic title', content: 'test topic content', cid: cid });
 | |
| 		tid = result.topicData.tid;
 | |
| 
 | |
| 		pid = result.postData.pid;
 | |
| 	});
 | |
| 
 | |
| 	it('should load /config with csrf_token', async () => {
 | |
| 		const { response, body } = await request.get(`${nconf.get('url')}/api/config`);
 | |
| 		assert.equal(response.statusCode, 200);
 | |
| 		assert(body.csrf_token);
 | |
| 	});
 | |
| 
 | |
| 	it('should load /config with no csrf_token as spider', async () => {
 | |
| 		const { response, body } = await request.get(`${nconf.get('url')}/api/config`, {
 | |
| 			headers: {
 | |
| 				'user-agent': 'yandex',
 | |
| 			},
 | |
| 		});
 | |
| 		assert.equal(response.statusCode, 200);
 | |
| 		assert.strictEqual(body.csrf_token, false);
 | |
| 		assert.strictEqual(body.uid, -1);
 | |
| 		assert.strictEqual(body.loggedIn, false);
 | |
| 	});
 | |
| 
 | |
| 	describe('homepage', () => {
 | |
| 		function hookMethod(hookData) {
 | |
| 			assert(hookData.req);
 | |
| 			assert(hookData.res);
 | |
| 			assert(hookData.next);
 | |
| 
 | |
| 			hookData.res.render('mycustompage', {
 | |
| 				works: true,
 | |
| 			});
 | |
| 		}
 | |
| 		const message = utils.generateUUID();
 | |
| 		const name = 'mycustompage.tpl';
 | |
| 		const tplPath = path.join(nconf.get('views_dir'), name);
 | |
| 
 | |
| 		before(async () => {
 | |
| 			plugins.hooks.register('myTestPlugin', {
 | |
| 				hook: 'action:homepage.get:mycustompage',
 | |
| 				method: hookMethod,
 | |
| 			});
 | |
| 
 | |
| 			fs.writeFileSync(tplPath, message);
 | |
| 			await meta.templates.compileTemplate(name, message);
 | |
| 		});
 | |
| 
 | |
| 		async function assertHomeUrl() {
 | |
| 			const { response, body } = await request.get(nconf.get('url'));
 | |
| 			assert.equal(response.statusCode, 200);
 | |
| 			assert(body);
 | |
| 		}
 | |
| 
 | |
| 		it('should load default', async () => {
 | |
| 			await assertHomeUrl();
 | |
| 		});
 | |
| 
 | |
| 		it('should load unread', async () => {
 | |
| 			await meta.configs.set('homePageRoute', 'unread');
 | |
| 			await assertHomeUrl();
 | |
| 		});
 | |
| 
 | |
| 		it('should load recent', async () => {
 | |
| 			await meta.configs.set('homePageRoute', 'recent');
 | |
| 			await assertHomeUrl();
 | |
| 		});
 | |
| 
 | |
| 		it('should load top', async () => {
 | |
| 			await meta.configs.set('homePageRoute', 'top');
 | |
| 			await assertHomeUrl();
 | |
| 		});
 | |
| 
 | |
| 		it('should load popular', async () => {
 | |
| 			await meta.configs.set('homePageRoute', 'popular');
 | |
| 			await assertHomeUrl();
 | |
| 		});
 | |
| 
 | |
| 		it('should load category', async () => {
 | |
| 			await meta.configs.set('homePageRoute', 'category/1/test-category');
 | |
| 			await assertHomeUrl();
 | |
| 		});
 | |
| 
 | |
| 		it('should not load breadcrumbs on home page route', async () => {
 | |
| 			const { response, body } = await request.get(`${nconf.get('url')}/api`);
 | |
| 			assert.equal(response.statusCode, 200);
 | |
| 			assert(body);
 | |
| 			assert(!body.breadcrumbs);
 | |
| 		});
 | |
| 
 | |
| 		it('should redirect to custom', async () => {
 | |
| 			await meta.configs.set('homePageRoute', 'groups');
 | |
| 			await assertHomeUrl();
 | |
| 		});
 | |
| 
 | |
| 		it('should 404 if custom does not exist', async () => {
 | |
| 			await meta.configs.set('homePageRoute', 'this-route-does-not-exist');
 | |
| 			const { response, body } = await request.get(nconf.get('url'));
 | |
| 			assert.equal(response.statusCode, 404);
 | |
| 			assert(body);
 | |
| 		});
 | |
| 
 | |
| 		it('api should work with hook', async () => {
 | |
| 			await meta.configs.set('homePageRoute', 'mycustompage');
 | |
| 			const { response, body } = await request.get(`${nconf.get('url')}/api`);
 | |
| 			assert.equal(response.statusCode, 200);
 | |
| 			assert.equal(body.works, true);
 | |
| 			assert.equal(body.template.mycustompage, true);
 | |
| 		});
 | |
| 
 | |
| 		it('should render with hook', async () => {
 | |
| 			await meta.configs.set('homePageRoute', 'mycustompage');
 | |
| 			const { response, body } = await request.get(nconf.get('url'));
 | |
| 			assert.equal(response.statusCode, 200);
 | |
| 			assert.ok(body);
 | |
| 			assert.ok(body.indexOf('<main id="panel"'));
 | |
| 			assert.ok(body.includes(message));
 | |
| 		});
 | |
| 
 | |
| 		after(() => {
 | |
| 			plugins.hooks.unregister('myTestPlugin', 'action:homepage.get:custom', hookMethod);
 | |
| 			fs.unlinkSync(tplPath);
 | |
| 			fs.unlinkSync(tplPath.replace(/\.tpl$/, '.js'));
 | |
| 		});
 | |
| 	});
 | |
| 
 | |
| 	describe('routes that should 200/404 etc.', () => {
 | |
| 		const baseUrl = nconf.get('url');
 | |
| 		const testRoutes = [
 | |
| 			{ it: 'should load /reset without code', url: '/reset' },
 | |
| 			{ it: 'should load /reset with invalid code', url: '/reset/123123' },
 | |
| 			{ it: 'should load /login', url: '/login' },
 | |
| 			{ it: 'should load /register', url: '/register' },
 | |
| 			{ it: 'should load /robots.txt', url: '/robots.txt' },
 | |
| 			{ it: 'should load /manifest.webmanifest', url: '/manifest.webmanifest' },
 | |
| 			{ it: 'should load /outgoing?url=<url>', url: '/outgoing?url=http://youtube.com' },
 | |
| 			{ it: 'should 404 on /outgoing with no url', url: '/outgoing', status: 404 },
 | |
| 			{ it: 'should 404 on /outgoing with javascript: protocol', url: '/outgoing?url=javascript:alert(1);', status: 404 },
 | |
| 			{ it: 'should 404 on /outgoing with invalid url', url: '/outgoing?url=derp', status: 404 },
 | |
| 			{ it: 'should load /sping', url: '/sping', body: 'healthy' },
 | |
| 			{ it: 'should load /ping', url: '/ping', body: '200' },
 | |
| 			{ it: 'should handle 404', url: '/arouteinthevoid', status: 404 },
 | |
| 			{ it: 'should load topic rss feed', url: `/topic/1.rss` },
 | |
| 			{ it: 'should load category rss feed', url: `/category/1.rss` },
 | |
| 			{ it: 'should load topics rss feed', url: `/topics.rss` },
 | |
| 			{ it: 'should load recent rss feed', url: `/recent.rss` },
 | |
| 			{ it: 'should load top rss feed', url: `/top.rss` },
 | |
| 			{ it: 'should load popular rss feed', url: `/popular.rss` },
 | |
| 			{ it: 'should load popular rss feed with term', url: `/popular/day.rss` },
 | |
| 			{ it: 'should load recent posts rss feed', url: `/recentposts.rss` },
 | |
| 			{ it: 'should load category recent posts rss feed', url: `/category/1/recentposts.rss` },
 | |
| 			{ it: 'should load user topics rss feed', url: `/user/foo/topics.rss` },
 | |
| 			{ it: 'should load tag rss feed', url: `/tags/nodebb.rss` },
 | |
| 			{ it: 'should load client.css', url: `/assets/client.css` },
 | |
| 			{ it: 'should load admin.css', url: `/assets/admin.css` },
 | |
| 			{ it: 'should load sitemap.xml', url: `/sitemap.xml` },
 | |
| 			{ it: 'should load sitemap/pages.xml', url: `/sitemap/pages.xml` },
 | |
| 			{ it: 'should load sitemap/categories.xml', url: `/sitemap/categories.xml` },
 | |
| 			{ it: 'should load sitemap/topics.1.xml', url: `/sitemap/topics.1.xml` },
 | |
| 			{ it: 'should load theme screenshot', url: `/css/previews/nodebb-theme-harmony` },
 | |
| 			{ it: 'should load users page', url: `/users` },
 | |
| 			{ it: 'should load users page section', url: `/users?section=online` },
 | |
| 			{ it: 'should load groups page', url: `/groups` },
 | |
| 			{ it: 'should get recent posts', url: `/api/recent/posts/month` },
 | |
| 			{ it: 'should get post data', url: `/api/v3/posts/1` },
 | |
| 			{ it: 'should get topic data', url: `/api/v3/topics/1` },
 | |
| 			{ it: 'should get category data', url: `/api/v3/categories/1` },
 | |
| 			{ it: 'should return osd data', url: `/osd.xml` },
 | |
| 			{ it: 'should load service worker', url: '/service-worker.js' },
 | |
| 		];
 | |
| 		testRoutes.forEach((route) => {
 | |
| 			it(route.it, async () => {
 | |
| 				const { response, body } = await request.get(`${baseUrl}/${route.url}`);
 | |
| 				assert.equal(response.statusCode, route.status || 200);
 | |
| 				if (route.body) {
 | |
| 					assert.strictEqual(String(body), route.body);
 | |
| 				} else {
 | |
| 					assert(body, `No body returned for ${route.url} ${response.statusCode}`);
 | |
| 				}
 | |
| 			});
 | |
| 		});
 | |
| 	});
 | |
| 
 | |
| 	it('should load /register/complete', async () => {
 | |
| 		const jar = request.jar();
 | |
| 		const csrf_token = await helpers.getCsrfToken(jar);
 | |
| 		const { response, body } = await request.post(`${nconf.get('url')}/register`, {
 | |
| 			body: {
 | |
| 				username: 'interstitial',
 | |
| 				password: '123456',
 | |
| 				'password-confirm': '123456',
 | |
| 				email: 'test@me.com',
 | |
| 			},
 | |
| 			jar,
 | |
| 			headers: {
 | |
| 				'x-csrf-token': csrf_token,
 | |
| 			},
 | |
| 		});
 | |
| 		assert.equal(response.statusCode, 200);
 | |
| 		assert.strictEqual(body.next, `${nconf.get('relative_path')}/register/complete`);
 | |
| 
 | |
| 		const { response: res2, body: body2 } = await request.get(`${nconf.get('url')}/api/register/complete`, {
 | |
| 			jar: jar,
 | |
| 			json: true,
 | |
| 		});
 | |
| 		assert.equal(res2.statusCode, 200);
 | |
| 		assert(body2.sections);
 | |
| 		assert(body2.errors);
 | |
| 		assert(body2.title);
 | |
| 	});
 | |
| 
 | |
| 	describe('registration interstitials', () => {
 | |
| 		describe('email update', () => {
 | |
| 			let jar;
 | |
| 			let token;
 | |
| 			const dummyEmailerHook = async (data) => {};
 | |
| 
 | |
| 			before(async () => {
 | |
| 				// Attach an emailer hook so related requests do not error
 | |
| 				plugins.hooks.register('emailer-test', {
 | |
| 					hook: 'static:email.send',
 | |
| 					method: dummyEmailerHook,
 | |
| 				});
 | |
| 
 | |
| 				jar = (await helpers.registerUser({
 | |
| 					username: utils.generateUUID().slice(0, 10),
 | |
| 					password: utils.generateUUID(),
 | |
| 				})).jar;
 | |
| 				token = await helpers.getCsrfToken(jar);
 | |
| 
 | |
| 				meta.config.requireEmailAddress = 1;
 | |
| 			});
 | |
| 
 | |
| 			after(() => {
 | |
| 				meta.config.requireEmailAddress = 0;
 | |
| 				plugins.hooks.unregister('emailer-test', 'static:email.send');
 | |
| 			});
 | |
| 
 | |
| 			it('email interstitial should still apply if empty email entered and requireEmailAddress is enabled', async () => {
 | |
| 				const { response: res } = await request.post(`${nconf.get('url')}/register/complete`, {
 | |
| 					jar,
 | |
| 					maxRedirect: 0,
 | |
| 					redirect: 'manual',
 | |
| 					headers: {
 | |
| 						'x-csrf-token': token,
 | |
| 					},
 | |
| 					body: {
 | |
| 						email: '',
 | |
| 					},
 | |
| 				});
 | |
| 
 | |
| 				assert.strictEqual(res.headers.location, `${nconf.get('relative_path')}/register/complete`);
 | |
| 
 | |
| 				const { response, body } = await request.get(`${nconf.get('url')}/api/register/complete`, {
 | |
| 					jar,
 | |
| 				});
 | |
| 				assert.strictEqual(response.statusCode, 200);
 | |
| 				assert(body.errors.length);
 | |
| 				assert(body.errors.includes('[[error:invalid-email]]'));
 | |
| 			});
 | |
| 
 | |
| 			it('gdpr interstitial should still apply if email requirement is disabled', async () => {
 | |
| 				meta.config.requireEmailAddress = 0;
 | |
| 
 | |
| 				const { body } = await request.get(`${nconf.get('url')}/api/register/complete`, {
 | |
| 					jar,
 | |
| 				});
 | |
| 
 | |
| 				assert(!body.errors.includes('[[error:invalid-email]]'));
 | |
| 				assert(!body.errors.includes('[[error:gdpr-consent-denied]]'));
 | |
| 
 | |
| 				meta.config.requireEmailAddress = 1;
 | |
| 			});
 | |
| 
 | |
| 			it('should error if userData is falsy', async () => {
 | |
| 				try {
 | |
| 					await user.interstitials.email({ userData: null });
 | |
| 					assert(false);
 | |
| 				} catch (err) {
 | |
| 					assert.strictEqual(err.message, '[[error:invalid-data]]');
 | |
| 				}
 | |
| 			});
 | |
| 
 | |
| 			it('should throw error if email is not valid', async () => {
 | |
| 				const uid = await user.create({ username: 'interstiuser1' });
 | |
| 				const result = await user.interstitials.email({
 | |
| 					userData: { uid: uid, updateEmail: true },
 | |
| 					req: { uid: uid },
 | |
| 					interstitials: [],
 | |
| 				});
 | |
| 				assert.strictEqual(result.interstitials[0].template, 'partials/email_update');
 | |
| 				await assert.rejects(result.interstitials[0].callback({ uid }, {
 | |
| 					email: 'invalidEmail',
 | |
| 				}), { message: '[[error:invalid-email]]' });
 | |
| 			});
 | |
| 
 | |
| 			it('should reject an email that comprises only whitespace', async () => {
 | |
| 				const uid = await user.create({ username: utils.generateUUID().slice(0, 10) });
 | |
| 				const result = await user.interstitials.email({
 | |
| 					userData: { uid: uid, updateEmail: true },
 | |
| 					req: { uid: uid },
 | |
| 					interstitials: [],
 | |
| 				});
 | |
| 				assert.strictEqual(result.interstitials[0].template, 'partials/email_update');
 | |
| 				await assert.rejects(result.interstitials[0].callback({ uid }, {
 | |
| 					email: '    ',
 | |
| 				}), { message: '[[error:invalid-email]]' });
 | |
| 			});
 | |
| 
 | |
| 			it('should set req.session.emailChanged to 1', async () => {
 | |
| 				const uid = await user.create({ username: 'interstiuser2' });
 | |
| 				const result = await user.interstitials.email({
 | |
| 					userData: { uid: uid, updateEmail: true },
 | |
| 					req: { uid: uid, session: {} },
 | |
| 					interstitials: [],
 | |
| 				});
 | |
| 
 | |
| 				await result.interstitials[0].callback({ uid: uid }, {
 | |
| 					email: 'interstiuser2@nodebb.org',
 | |
| 				});
 | |
| 				assert.strictEqual(result.req.session.emailChanged, 1);
 | |
| 			});
 | |
| 
 | |
| 			it('should throw error if user tries to edit other users email', async () => {
 | |
| 				const uid = await user.create({ username: 'interstiuser4' });
 | |
| 				try {
 | |
| 					const result = await user.interstitials.email({
 | |
| 						userData: { uid: uid, updateEmail: true },
 | |
| 						req: { uid: 1000 },
 | |
| 						interstitials: [],
 | |
| 					});
 | |
| 
 | |
| 					await result.interstitials[0].callback({ uid: uid }, {
 | |
| 						email: 'derp@derp.com',
 | |
| 					});
 | |
| 					assert(false);
 | |
| 				} catch (err) {
 | |
| 					assert.strictEqual(err.message, '[[error:no-privileges]]');
 | |
| 				}
 | |
| 			});
 | |
| 
 | |
| 			it('should remove current email (only allowed if email not required)', async () => {
 | |
| 				meta.config.requireEmailAddress = 0;
 | |
| 
 | |
| 				const uid = await user.create({ username: 'interstiuser5' });
 | |
| 				await user.setUserField(uid, 'email', 'interstiuser5@nodebb.org');
 | |
| 				await user.email.confirmByUid(uid);
 | |
| 
 | |
| 				const result = await user.interstitials.email({
 | |
| 					userData: { uid: uid, updateEmail: true },
 | |
| 					req: { uid: uid, session: { id: 0 } },
 | |
| 					interstitials: [],
 | |
| 				});
 | |
| 
 | |
| 				await result.interstitials[0].callback({ uid: uid }, {
 | |
| 					email: '',
 | |
| 				});
 | |
| 				const userData = await user.getUserData(uid);
 | |
| 				assert.strictEqual(userData.email, '');
 | |
| 				assert.strictEqual(userData['email:confirmed'], 0);
 | |
| 
 | |
| 				meta.config.requireEmailAddress = 1;
 | |
| 			});
 | |
| 
 | |
| 			it('should require a password (if one is set) for email change', async () => {
 | |
| 				try {
 | |
| 					const [username, password] = [utils.generateUUID().slice(0, 10), utils.generateUUID()];
 | |
| 					const uid = await user.create({ username, password });
 | |
| 					await user.setUserField(uid, 'email', `${username}@nodebb.org`);
 | |
| 					await user.email.confirmByUid(uid);
 | |
| 
 | |
| 					const result = await user.interstitials.email({
 | |
| 						userData: { uid: uid, updateEmail: true },
 | |
| 						req: { uid: uid, session: { id: 0 } },
 | |
| 						interstitials: [],
 | |
| 					});
 | |
| 
 | |
| 					await result.interstitials[0].callback({ uid: uid }, {
 | |
| 						email: `${username}@nodebb.com`,
 | |
| 					});
 | |
| 				} catch (err) {
 | |
| 					assert.strictEqual(err.message, '[[error:invalid-password]]');
 | |
| 				}
 | |
| 			});
 | |
| 
 | |
| 			it('should require a password (if one is set) for email clearing', async () => {
 | |
| 				meta.config.requireEmailAddress = 0;
 | |
| 
 | |
| 				try {
 | |
| 					const [username, password] = [utils.generateUUID().slice(0, 10), utils.generateUUID()];
 | |
| 					const uid = await user.create({ username, password });
 | |
| 					await user.setUserField(uid, 'email', `${username}@nodebb.org`);
 | |
| 					await user.email.confirmByUid(uid);
 | |
| 
 | |
| 					const result = await user.interstitials.email({
 | |
| 						userData: { uid: uid, updateEmail: true },
 | |
| 						req: { uid: uid, session: { id: 0 } },
 | |
| 						interstitials: [],
 | |
| 					});
 | |
| 
 | |
| 					await result.interstitials[0].callback({ uid: uid }, {
 | |
| 						email: '',
 | |
| 					});
 | |
| 				} catch (err) {
 | |
| 					assert.strictEqual(err.message, '[[error:invalid-password]]');
 | |
| 				}
 | |
| 
 | |
| 				meta.config.requireEmailAddress = 1;
 | |
| 			});
 | |
| 
 | |
| 			it('should successfully issue validation request if the correct password is passed in', async () => {
 | |
| 				const [username, password] = [utils.generateUUID().slice(0, 10), utils.generateUUID()];
 | |
| 				const uid = await user.create({ username, password });
 | |
| 				await user.setUserField(uid, 'email', `${username}@nodebb.org`);
 | |
| 				await user.email.confirmByUid(uid);
 | |
| 
 | |
| 				const result = await user.interstitials.email({
 | |
| 					userData: { uid: uid, updateEmail: true },
 | |
| 					req: { uid: uid, session: { id: 0 } },
 | |
| 					interstitials: [],
 | |
| 				});
 | |
| 
 | |
| 				await result.interstitials[0].callback({ uid }, {
 | |
| 					email: `${username}@nodebb.com`,
 | |
| 					password,
 | |
| 				});
 | |
| 
 | |
| 				const pending = await user.email.isValidationPending(uid, `${username}@nodebb.com`);
 | |
| 				assert.strictEqual(pending, true);
 | |
| 				await user.setUserField(uid, 'email', `${username}@nodebb.com`);
 | |
| 				await user.email.confirmByUid(uid);
 | |
| 				const userData = await user.getUserData(uid);
 | |
| 				assert.strictEqual(userData.email, `${username}@nodebb.com`);
 | |
| 				assert.strictEqual(userData['email:confirmed'], 1);
 | |
| 			});
 | |
| 
 | |
| 			describe('blocking access for unconfirmed emails', () => {
 | |
| 				let jar;
 | |
| 				let token;
 | |
| 				const username = utils.generateUUID().slice(0, 10);
 | |
| 
 | |
| 				before(async () => {
 | |
| 					jar = (await helpers.registerUser({
 | |
| 						username,
 | |
| 						password: utils.generateUUID(),
 | |
| 					})).jar;
 | |
| 					token = await helpers.getCsrfToken(jar);
 | |
| 				});
 | |
| 
 | |
| 				async function abortInterstitial() {
 | |
| 					await request.post(`${nconf.get('url')}/register/abort`, {
 | |
| 						jar,
 | |
| 						headers: {
 | |
| 							'x-csrf-token': token,
 | |
| 						},
 | |
| 					});
 | |
| 				}
 | |
| 
 | |
| 				it('should not apply if requireEmailAddress is not enabled', async () => {
 | |
| 					meta.config.requireEmailAddress = 0;
 | |
| 
 | |
| 					const { response } = await request.post(`${nconf.get('url')}/register/complete`, {
 | |
| 						jar,
 | |
| 						maxRedirect: 0,
 | |
| 						redirect: 'manual',
 | |
| 						headers: {
 | |
| 							'x-csrf-token': token,
 | |
| 						},
 | |
| 						body: {
 | |
| 							email: `${utils.generateUUID().slice(0, 10)}@example.org`,
 | |
| 							gdpr_agree_data: 'on',
 | |
| 							gdpr_agree_email: 'on',
 | |
| 						},
 | |
| 					});
 | |
| 
 | |
| 
 | |
| 					assert.strictEqual(response.headers.location, `${nconf.get('relative_path')}/`);
 | |
| 					meta.config.requireEmailAddress = 1;
 | |
| 				});
 | |
| 
 | |
| 				it('should allow access to regular resources after an email is entered, even if unconfirmed', async () => {
 | |
| 					const { response } = await request.get(`${nconf.get('url')}/recent`, {
 | |
| 						jar,
 | |
| 						maxRedirect: 0,
 | |
| 					});
 | |
| 
 | |
| 					assert.strictEqual(response.statusCode, 200);
 | |
| 				});
 | |
| 
 | |
| 				it('should redirect back to interstitial for categories requiring validated email', async () => {
 | |
| 					const name = utils.generateUUID();
 | |
| 					const { cid } = await categories.create({ name });
 | |
| 					await privileges.categories.rescind(['groups:read'], cid, ['registered-users']);
 | |
| 					await privileges.categories.give(['groups:read'], cid, ['verified-users']);
 | |
| 					const { response } = await request.get(`${nconf.get('url')}/category/${cid}/${slugify(name)}`, {
 | |
| 						jar,
 | |
| 						maxRedirect: 0,
 | |
| 						redirect: 'manual',
 | |
| 					});
 | |
| 
 | |
| 					assert.strictEqual(response.statusCode, 307);
 | |
| 					assert.strictEqual(response.headers.location, `${nconf.get('relative_path')}/register/complete`);
 | |
| 					await abortInterstitial();
 | |
| 				});
 | |
| 
 | |
| 				it('should redirect back to interstitial for topics requiring validated email', async () => {
 | |
| 					const name = utils.generateUUID();
 | |
| 					const { cid } = await categories.create({ name });
 | |
| 					await privileges.categories.rescind(['groups:topics:read'], cid, 'registered-users');
 | |
| 					await privileges.categories.give(['groups:topics:read'], cid, 'verified-users');
 | |
| 					const { response } = await request.get(`${nconf.get('url')}/category/${cid}/${slugify(name)}`, {
 | |
| 						jar,
 | |
| 						maxRedirect: 0,
 | |
| 						redirect: 'manual',
 | |
| 					});
 | |
| 
 | |
| 					assert.strictEqual(response.statusCode, 200);
 | |
| 
 | |
| 					const title = utils.generateUUID();
 | |
| 					const uid = await user.getUidByUsername(username);
 | |
| 					const { topicData } = await topics.post({ uid, cid, title, content: utils.generateUUID() });
 | |
| 					const { response: res2 } = await request.get(`${nconf.get('url')}/topic/${topicData.tid}/${slugify(title)}`, {
 | |
| 						jar,
 | |
| 						maxRedirect: 0,
 | |
| 						redirect: 'manual',
 | |
| 					});
 | |
| 					assert.strictEqual(res2.statusCode, 307);
 | |
| 					assert.strictEqual(res2.headers.location, `${nconf.get('relative_path')}/register/complete`);
 | |
| 					await abortInterstitial();
 | |
| 					await topics.purge(topicData.tid, uid);
 | |
| 				});
 | |
| 			});
 | |
| 		});
 | |
| 
 | |
| 		describe('gdpr', () => {
 | |
| 			let jar;
 | |
| 			let token;
 | |
| 
 | |
| 			before(async () => {
 | |
| 				jar = (await helpers.registerUser({
 | |
| 					username: utils.generateUUID().slice(0, 10),
 | |
| 					password: utils.generateUUID(),
 | |
| 				})).jar;
 | |
| 				token = await helpers.getCsrfToken(jar);
 | |
| 			});
 | |
| 
 | |
| 			it('registration should succeed once gdpr prompts are agreed to', async () => {
 | |
| 				const { response } = await request.post(`${nconf.get('url')}/register/complete`, {
 | |
| 					jar,
 | |
| 					maxRedirect: 0,
 | |
| 					redirect: 'manual',
 | |
| 					headers: {
 | |
| 						'x-csrf-token': token,
 | |
| 					},
 | |
| 					body: {
 | |
| 						gdpr_agree_data: 'on',
 | |
| 						gdpr_agree_email: 'on',
 | |
| 					},
 | |
| 				});
 | |
| 
 | |
| 				assert.strictEqual(response.statusCode, 302);
 | |
| 				assert.strictEqual(response.headers.location, `${nconf.get('relative_path')}/`);
 | |
| 			});
 | |
| 		});
 | |
| 
 | |
| 		describe('abort behaviour', () => {
 | |
| 			let jar;
 | |
| 			let token;
 | |
| 
 | |
| 			beforeEach(async () => {
 | |
| 				jar = (await helpers.registerUser({
 | |
| 					username: utils.generateUUID().slice(0, 10),
 | |
| 					password: utils.generateUUID(),
 | |
| 				})).jar;
 | |
| 				token = await helpers.getCsrfToken(jar);
 | |
| 			});
 | |
| 
 | |
| 			it('should terminate the session and send user back to index if interstitials remain', async () => {
 | |
| 				const { response } = await request.post(`${nconf.get('url')}/register/abort`, {
 | |
| 					jar,
 | |
| 					maxRedirect: 0,
 | |
| 					redirect: 'manual',
 | |
| 					headers: {
 | |
| 						'x-csrf-token': token,
 | |
| 					},
 | |
| 				});
 | |
| 
 | |
| 				assert.strictEqual(response.statusCode, 302);
 | |
| 				assert.strictEqual(response.headers['set-cookie'], `express.sid=; Path=${nconf.get('relative_path') || '/'}; Expires=Thu, 01 Jan 1970 00:00:00 GMT; SameSite=Lax`);
 | |
| 				assert.strictEqual(response.headers.location, `${nconf.get('relative_path')}/`);
 | |
| 			});
 | |
| 
 | |
| 			it('should preserve the session and send user back to user profile if no interstitials remain (e.g. GDPR OK + email change cancellation)', async () => {
 | |
| 				// Submit GDPR consent
 | |
| 				await request.post(`${nconf.get('url')}/register/complete`, {
 | |
| 					jar,
 | |
| 					maxRedirect: 0,
 | |
| 					redirect: 'manual',
 | |
| 					headers: {
 | |
| 						'x-csrf-token': token,
 | |
| 					},
 | |
| 					body: {
 | |
| 						gdpr_agree_data: 'on',
 | |
| 						gdpr_agree_email: 'on',
 | |
| 					},
 | |
| 				});
 | |
| 
 | |
| 				// Start email change flow
 | |
| 				await request.get(`${nconf.get('url')}/me/edit/email`, { jar });
 | |
| 
 | |
| 				const { response } = await request.post(`${nconf.get('url')}/register/abort`, {
 | |
| 					jar,
 | |
| 					maxRedirect: 0,
 | |
| 					redirect: 'manual',
 | |
| 					headers: {
 | |
| 						'x-csrf-token': token,
 | |
| 					},
 | |
| 				});
 | |
| 
 | |
| 				assert.strictEqual(response.statusCode, 302);
 | |
| 				assert(response.headers.location.match(/\/uid\/\d+$/));
 | |
| 			});
 | |
| 		});
 | |
| 	});
 | |
| 
 | |
| 
 | |
| 	it('should load /tos', async () => {
 | |
| 		meta.config.termsOfUse = 'please accept our tos';
 | |
| 		const { response, body } = await request.get(`${nconf.get('url')}/tos`);
 | |
| 		assert.equal(response.statusCode, 200);
 | |
| 		assert(body);
 | |
| 	});
 | |
| 
 | |
| 
 | |
| 	it('should return 404 if meta.config.termsOfUse is empty', async () => {
 | |
| 		meta.config.termsOfUse = '';
 | |
| 		const { response, body } = await request.get(`${nconf.get('url')}/tos`);
 | |
| 		assert.equal(response.statusCode, 404);
 | |
| 		assert(body);
 | |
| 	});
 | |
| 
 | |
| 	it('should 404 if brand:touchIcon is not valid', async () => {
 | |
| 		const oldValue = meta.config['brand:touchIcon'];
 | |
| 		meta.config['brand:touchIcon'] = '../../not/valid';
 | |
| 
 | |
| 		const { response, body } = await request.get(`${nconf.get('url')}/apple-touch-icon`);
 | |
| 		assert.strictEqual(response.statusCode, 404);
 | |
| 		assert.strictEqual(body, 'Not found');
 | |
| 		meta.config['brand:touchIcon'] = oldValue;
 | |
| 	});
 | |
| 
 | |
| 
 | |
| 	it('should error if guests do not have search privilege', async () => {
 | |
| 		const { response, body } = await request.get(`${nconf.get('url')}/api/users?query=bar§ion=sort-posts`);
 | |
| 		assert.equal(response.statusCode, 500);
 | |
| 		assert(body);
 | |
| 		assert.equal(body.error, '[[error:no-privileges]]');
 | |
| 	});
 | |
| 
 | |
| 	it('should load users search page', async () => {
 | |
| 		await privileges.global.give(['groups:search:users'], 'guests');
 | |
| 		const { response, body } = await request.get(`${nconf.get('url')}/users?query=bar§ion=sort-posts`);
 | |
| 		assert.equal(response.statusCode, 200);
 | |
| 		assert(body);
 | |
| 		await privileges.global.rescind(['groups:search:users'], 'guests');
 | |
| 	});
 | |
| 
 | |
| 	it('should load group details page', async () => {
 | |
| 		await groups.create({
 | |
| 			name: 'group-details',
 | |
| 			description: 'Foobar!',
 | |
| 			hidden: 0,
 | |
| 		});
 | |
| 		await groups.join('group-details', fooUid);
 | |
| 
 | |
| 		await topics.post({
 | |
| 			uid: fooUid,
 | |
| 			title: 'topic title',
 | |
| 			content: 'test topic content',
 | |
| 			cid: cid,
 | |
| 		});
 | |
| 
 | |
| 		const { response, body } = await request.get(`${nconf.get('url')}/api/groups/group-details`);
 | |
| 		assert.equal(response.statusCode, 200);
 | |
| 		assert(body);
 | |
| 		assert.equal(body.posts[0].content, 'test topic content');
 | |
| 	});
 | |
| 
 | |
| 	it('should load group members page', async () => {
 | |
| 		const { response, body } = await request.get(`${nconf.get('url')}/groups/group-details/members`);
 | |
| 		assert.equal(response.statusCode, 200);
 | |
| 		assert(body);
 | |
| 	});
 | |
| 
 | |
| 	it('should 404 when trying to load group members of hidden group', async () => {
 | |
| 		const groups = require('../src/groups');
 | |
| 		await groups.create({
 | |
| 			name: 'hidden-group',
 | |
| 			description: 'Foobar!',
 | |
| 			hidden: 1,
 | |
| 		});
 | |
| 		const { response } = await request.get(`${nconf.get('url')}/groups/hidden-group/members`);
 | |
| 		assert.equal(response.statusCode, 404);
 | |
| 	});
 | |
| 
 | |
| 
 | |
| 
 | |
| 	describe('revoke session', () => {
 | |
| 		let uid;
 | |
| 		let jar;
 | |
| 		let csrf_token;
 | |
| 
 | |
| 		before(async () => {
 | |
| 			uid = await user.create({ username: 'revokeme', password: 'barbar' });
 | |
| 			const login = await helpers.loginUser('revokeme', 'barbar');
 | |
| 			jar = login.jar;
 | |
| 			csrf_token = login.csrf_token;
 | |
| 		});
 | |
| 
 | |
| 		it('should fail to revoke session with missing uuid', async () => {
 | |
| 			const { response } = await request.del(`${nconf.get('url')}/api/user/revokeme/session`, {
 | |
| 				jar: jar,
 | |
| 				headers: {
 | |
| 					'x-csrf-token': csrf_token,
 | |
| 				},
 | |
| 			});
 | |
| 			assert.equal(response.statusCode, 404);
 | |
| 		});
 | |
| 
 | |
| 		it('should fail if user doesn\'t exist', async () => {
 | |
| 			const { response, body } = await request.del(`${nconf.get('url')}/api/v3/users/doesnotexist/sessions/1112233`, {
 | |
| 				jar: jar,
 | |
| 				headers: {
 | |
| 					'x-csrf-token': csrf_token,
 | |
| 				},
 | |
| 			});
 | |
| 
 | |
| 			assert.strictEqual(response.statusCode, 404);
 | |
| 			// const parsedResponse = JSON.parse(body);
 | |
| 			assert.deepStrictEqual(body.response, {});
 | |
| 			assert.deepStrictEqual(body.status, {
 | |
| 				code: 'not-found',
 | |
| 				message: 'User does not exist',
 | |
| 			});
 | |
| 		});
 | |
| 
 | |
| 		it('should revoke user session', async () => {
 | |
| 			const sids = await db.getSortedSetRange(`uid:${uid}:sessions`, 0, -1);
 | |
| 			const sid = sids[0];
 | |
| 			const sessionObj = await db.sessionStoreGet(sid);
 | |
| 
 | |
| 			const { response, body } = await request.del(`${nconf.get('url')}/api/v3/users/${uid}/sessions/${sessionObj.meta.uuid}`, {
 | |
| 				jar: jar,
 | |
| 				headers: {
 | |
| 					'x-csrf-token': csrf_token,
 | |
| 				},
 | |
| 			});
 | |
| 
 | |
| 			assert.strictEqual(response.statusCode, 200);
 | |
| 			assert.deepStrictEqual(body, {
 | |
| 				status: {
 | |
| 					code: 'ok',
 | |
| 					message: 'OK',
 | |
| 				},
 | |
| 				response: {},
 | |
| 			});
 | |
| 		});
 | |
| 	});
 | |
| 
 | |
| 	describe('widgets', () => {
 | |
| 		const widgets = require('../src/widgets');
 | |
| 
 | |
| 		before(async () => {
 | |
| 			await widgets.reset();
 | |
| 			const data = {
 | |
| 				template: 'categories.tpl',
 | |
| 				location: 'sidebar',
 | |
| 				widgets: [
 | |
| 					{
 | |
| 						widget: 'html',
 | |
| 						data: {
 | |
| 							html: 'test',
 | |
| 							title: '',
 | |
| 							container: '',
 | |
| 						},
 | |
| 					},
 | |
| 				],
 | |
| 			};
 | |
| 
 | |
| 			await widgets.setArea(data);
 | |
| 		});
 | |
| 
 | |
| 		it('should return {} if there are no widgets', async () => {
 | |
| 			const { response, body } = await request.get(`${nconf.get('url')}/api/category/${cid}`);
 | |
| 			assert.equal(response.statusCode, 200);
 | |
| 			assert(body.widgets);
 | |
| 			assert.equal(Object.keys(body.widgets).length, 0);
 | |
| 		});
 | |
| 
 | |
| 		it('should render templates', async () => {
 | |
| 			const url = `${nconf.get('url')}/api/categories`;
 | |
| 			const { response, body } = await request.get(url);
 | |
| 			assert.equal(response.statusCode, 200);
 | |
| 			assert(body.widgets);
 | |
| 			assert(body.widgets.sidebar);
 | |
| 			assert.equal(body.widgets.sidebar[0].html, 'test');
 | |
| 		});
 | |
| 
 | |
| 		it('should reset templates', async () => {
 | |
| 			await widgets.resetTemplates(['categories', 'category']);
 | |
| 			const { response, body } = await request.get(`${nconf.get('url')}/api/categories`);
 | |
| 			assert.equal(response.statusCode, 200);
 | |
| 			assert(body.widgets);
 | |
| 			assert.equal(Object.keys(body.widgets).length, 0);
 | |
| 		});
 | |
| 	});
 | |
| 
 | |
| 	describe('tags', () => {
 | |
| 		before(async () => {
 | |
| 			await topics.post({
 | |
| 				uid: fooUid,
 | |
| 				title: 'topic title',
 | |
| 				content: 'test topic content',
 | |
| 				cid: cid,
 | |
| 				tags: ['nodebb', 'bug', 'test'],
 | |
| 			});
 | |
| 		});
 | |
| 
 | |
| 		it('should render tags page', async () => {
 | |
| 			const { response, body } = await request.get(`${nconf.get('url')}/api/tags`);
 | |
| 			assert.equal(response.statusCode, 200);
 | |
| 			assert(body);
 | |
| 			assert(Array.isArray(body.tags));
 | |
| 		});
 | |
| 
 | |
| 		it('should render tag page with no topics', async () => {
 | |
| 			const { response, body } = await request.get(`${nconf.get('url')}/api/tags/notag`);
 | |
| 			assert.equal(response.statusCode, 200);
 | |
| 			assert(body);
 | |
| 			assert(Array.isArray(body.topics));
 | |
| 			assert.equal(body.topics.length, 0);
 | |
| 		});
 | |
| 
 | |
| 		it('should render tag page with 1 topic', async () => {
 | |
| 			const { response, body } = await request.get(`${nconf.get('url')}/api/tags/nodebb`);
 | |
| 			assert.equal(response.statusCode, 200);
 | |
| 			assert(body);
 | |
| 			assert(Array.isArray(body.topics));
 | |
| 			assert.equal(body.topics.length, 1);
 | |
| 		});
 | |
| 	});
 | |
| 
 | |
| 
 | |
| 	describe('maintenance mode', () => {
 | |
| 		before((done) => {
 | |
| 			meta.config.maintenanceMode = 1;
 | |
| 			done();
 | |
| 		});
 | |
| 		after((done) => {
 | |
| 			meta.config.maintenanceMode = 0;
 | |
| 			done();
 | |
| 		});
 | |
| 
 | |
| 		it('should return 503 in maintenance mode', async () => {
 | |
| 			const { response } = await request.get(`${nconf.get('url')}/recent`);
 | |
| 			assert.equal(response.statusCode, 503);
 | |
| 		});
 | |
| 
 | |
| 		it('should return 503 in maintenance mode', async () => {
 | |
| 			const { response, body } = await request.get(`${nconf.get('url')}/api/recent`);
 | |
| 			assert.equal(response.statusCode, 503);
 | |
| 			assert(body);
 | |
| 		});
 | |
| 
 | |
| 		it('should return 200 in maintenance mode', async () => {
 | |
| 			const { response, body } = await request.get(`${nconf.get('url')}/api/login`);
 | |
| 			assert.equal(response.statusCode, 200);
 | |
| 			assert(body);
 | |
| 		});
 | |
| 
 | |
| 		it('should return 200 if guests are allowed', async () => {
 | |
| 			const oldValue = meta.config.groupsExemptFromMaintenanceMode;
 | |
| 			meta.config.groupsExemptFromMaintenanceMode.push('guests');
 | |
| 			const { response, body } = await request.get(`${nconf.get('url')}/api/recent`);
 | |
| 			assert.strictEqual(response.statusCode, 200);
 | |
| 			assert(body);
 | |
| 			meta.config.groupsExemptFromMaintenanceMode = oldValue;
 | |
| 		});
 | |
| 	});
 | |
| 
 | |
| 	describe('account pages', () => {
 | |
| 		let jar;
 | |
| 		let csrf_token;
 | |
| 
 | |
| 		before(async () => {
 | |
| 			({ jar, csrf_token } = await helpers.loginUser('foo', 'barbar'));
 | |
| 		});
 | |
| 
 | |
| 		it('should redirect to account page with logged in user', async () => {
 | |
| 			const { response, body } = await request.get(`${nconf.get('url')}/api/login`, { jar });
 | |
| 			assert.equal(response.statusCode, 200);
 | |
| 			assert.equal(response.headers['x-redirect'], encodeURIComponent('/user/foo'));
 | |
| 			assert.equal(body, '/user/foo');
 | |
| 		});
 | |
| 
 | |
| 		it('should 404 if uid is not a number', async () => {
 | |
| 			const { response } = await request.get(`${nconf.get('url')}/api/uid/test`, { jar });
 | |
| 			assert.equal(response.statusCode, 404);
 | |
| 		});
 | |
| 
 | |
| 		it('should redirect to userslug', async () => {
 | |
| 			const { response, body } = await request.get(`${nconf.get('url')}/api/uid/${fooUid}`);
 | |
| 			assert.equal(response.statusCode, 200);
 | |
| 			assert.equal(response.headers['x-redirect'], encodeURIComponent('/user/foo'));
 | |
| 			assert.equal(body, '/user/foo');
 | |
| 		});
 | |
| 
 | |
| 		it('should redirect to userslug and keep query params', async () => {
 | |
| 			const { response, body } = await request.get(`${nconf.get('url')}/api/uid/${fooUid}/topics?foo=bar`);
 | |
| 			assert.equal(response.statusCode, 200);
 | |
| 			assert.equal(response.headers['x-redirect'], encodeURIComponent('/user/foo/topics?foo=bar'));
 | |
| 			assert.equal(body, '/user/foo/topics?foo=bar');
 | |
| 		});
 | |
| 
 | |
| 		it('should 404 if user does not exist', async () => {
 | |
| 			const { response } = await request.get(`${nconf.get('url')}/api/uid/123123`);
 | |
| 			assert.equal(response.statusCode, 404);
 | |
| 		});
 | |
| 
 | |
| 		describe('/me/*', () => {
 | |
| 			it('should redirect to user profile', async () => {
 | |
| 				const { response, body } = await request.get(`${nconf.get('url')}/me`, { jar });
 | |
| 				assert.equal(response.statusCode, 200);
 | |
| 				assert(body.includes('"template":{"name":"account/profile","account/profile":true}'));
 | |
| 				assert(body.includes('"username":"foo"'));
 | |
| 			});
 | |
| 
 | |
| 			it('api should redirect to /user/[userslug]/bookmarks', async () => {
 | |
| 				const { response, body } = await request.get(`${nconf.get('url')}/api/me/bookmarks`, { jar });
 | |
| 				assert.equal(response.statusCode, 200);
 | |
| 				assert.equal(response.headers['x-redirect'], encodeURIComponent('/user/foo/bookmarks'));
 | |
| 				assert.equal(body, '/user/foo/bookmarks');
 | |
| 			});
 | |
| 
 | |
| 			it('api should redirect to /user/[userslug]/edit/username', async () => {
 | |
| 				const { response, body } = await request.get(`${nconf.get('url')}/api/me/edit/username`, { jar });
 | |
| 				assert.equal(response.statusCode, 200);
 | |
| 				assert.equal(response.headers['x-redirect'], encodeURIComponent('/user/foo/edit/username'));
 | |
| 				assert.equal(body, '/user/foo/edit/username');
 | |
| 			});
 | |
| 
 | |
| 			it('should redirect to login if user is not logged in', async () => {
 | |
| 				const { response, body } = await request.get(`${nconf.get('url')}/me/bookmarks`);
 | |
| 				assert.equal(response.statusCode, 200);
 | |
| 				assert(body.includes('Login to your account'), body.slice(0, 500));
 | |
| 			});
 | |
| 		});
 | |
| 
 | |
| 		it('should 401 if user is not logged in', async () => {
 | |
| 			const { response } = await request.get(`${nconf.get('url')}/api/admin`);
 | |
| 			assert.equal(response.statusCode, 401);
 | |
| 		});
 | |
| 
 | |
| 		it('should 403 if user is not admin', async () => {
 | |
| 			const { response } = await request.get(`${nconf.get('url')}/api/admin`, { jar });
 | |
| 			assert.equal(response.statusCode, 403);
 | |
| 		});
 | |
| 
 | |
| 		it('should load /user/foo/posts', async () => {
 | |
| 			const { response, body } = await request.get(`${nconf.get('url')}/api/user/foo/posts`, { jar });
 | |
| 			assert.equal(response.statusCode, 200);
 | |
| 			assert(body);
 | |
| 		});
 | |
| 
 | |
| 		it('should 401 if not logged in', async () => {
 | |
| 			const { response, body } = await request.get(`${nconf.get('url')}/api/admin`);
 | |
| 			assert.equal(response.statusCode, 401);
 | |
| 			assert(body);
 | |
| 		});
 | |
| 
 | |
| 		it('should load /user/foo/bookmarks', async () => {
 | |
| 			const { response, body } = await request.get(`${nconf.get('url')}/api/user/foo/bookmarks`, { jar });
 | |
| 			assert.equal(response.statusCode, 200);
 | |
| 			assert(body);
 | |
| 		});
 | |
| 
 | |
| 		it('should load /user/foo/upvoted', async () => {
 | |
| 			const { response, body } = await request.get(`${nconf.get('url')}/api/user/foo/upvoted`, { jar });
 | |
| 			assert.equal(response.statusCode, 200);
 | |
| 			assert(body);
 | |
| 		});
 | |
| 
 | |
| 		it('should load /user/foo/downvoted', async () => {
 | |
| 			const { response, body } = await request.get(`${nconf.get('url')}/api/user/foo/downvoted`, { jar });
 | |
| 			assert.equal(response.statusCode, 200);
 | |
| 			assert(body);
 | |
| 		});
 | |
| 
 | |
| 		it('should load /user/foo/best', async () => {
 | |
| 			const { response, body } = await request.get(`${nconf.get('url')}/api/user/foo/best`, { jar });
 | |
| 			assert.equal(response.statusCode, 200);
 | |
| 			assert(body);
 | |
| 		});
 | |
| 
 | |
| 		it('should load /user/foo/controversial', async () => {
 | |
| 			const { response, body } = await request.get(`${nconf.get('url')}/api/user/foo/controversial`, { jar });
 | |
| 			assert.equal(response.statusCode, 200);
 | |
| 			assert(body);
 | |
| 		});
 | |
| 
 | |
| 		it('should load /user/foo/watched', async () => {
 | |
| 			const { response, body } = await request.get(`${nconf.get('url')}/api/user/foo/watched`, { jar });
 | |
| 			assert.equal(response.statusCode, 200);
 | |
| 			assert(body);
 | |
| 		});
 | |
| 
 | |
| 		it('should load /user/foo/ignored', async () => {
 | |
| 			const { response, body } = await request.get(`${nconf.get('url')}/api/user/foo/ignored`, { jar });
 | |
| 			assert.equal(response.statusCode, 200);
 | |
| 			assert(body);
 | |
| 		});
 | |
| 
 | |
| 		it('should load /user/foo/topics', async () => {
 | |
| 			const { response, body } = await request.get(`${nconf.get('url')}/api/user/foo/topics`, { jar });
 | |
| 			assert.equal(response.statusCode, 200);
 | |
| 			assert(body);
 | |
| 		});
 | |
| 
 | |
| 		it('should load /user/foo/blocks', async () => {
 | |
| 			const { response, body } = await request.get(`${nconf.get('url')}/api/user/foo/blocks`, { jar });
 | |
| 			assert.equal(response.statusCode, 200);
 | |
| 			assert(body);
 | |
| 		});
 | |
| 
 | |
| 		it('should load /user/foo/consent', async () => {
 | |
| 			const { response, body } = await request.get(`${nconf.get('url')}/api/user/foo/consent`, { jar });
 | |
| 			assert.equal(response.statusCode, 200);
 | |
| 			assert(body);
 | |
| 		});
 | |
| 
 | |
| 		it('should load /user/foo/sessions', async () => {
 | |
| 			const { response, body } = await request.get(`${nconf.get('url')}/api/user/foo/sessions`, { jar });
 | |
| 			assert.equal(response.statusCode, 200);
 | |
| 			assert(body);
 | |
| 		});
 | |
| 
 | |
| 		it('should load /user/foo/categories', async () => {
 | |
| 			const { response, body } = await request.get(`${nconf.get('url')}/api/user/foo/categories`, { jar });
 | |
| 			assert.equal(response.statusCode, 200);
 | |
| 			assert(body);
 | |
| 		});
 | |
| 
 | |
| 		it('should load /user/foo/tags', async () => {
 | |
| 			const { response, body } = await request.get(`${nconf.get('url')}/api/user/foo/tags`, { jar });
 | |
| 			assert.equal(response.statusCode, 200);
 | |
| 			assert(body);
 | |
| 		});
 | |
| 
 | |
| 		it('should load /user/foo/uploads', async () => {
 | |
| 			const { response, body } = await request.get(`${nconf.get('url')}/api/user/foo/uploads`, { jar });
 | |
| 			assert.equal(response.statusCode, 200);
 | |
| 			assert(body);
 | |
| 		});
 | |
| 
 | |
| 		describe('user data export routes', () => {
 | |
| 			before(async () => {
 | |
| 				const types = ['profile', 'uploads', 'posts'];
 | |
| 				await Promise.all(types.map(async (type) => {
 | |
| 					await api.users.generateExport({ uid: fooUid, ip: '127.0.0.1' }, { uid: fooUid, type });
 | |
| 				}));
 | |
| 				await sleep(10000);
 | |
| 			});
 | |
| 
 | |
| 			it('should export users posts', async () => {
 | |
| 				const { response, body } = await request.get(`${nconf.get('url')}/api/v3/users/${fooUid}/exports/posts`, { jar: jar });
 | |
| 				assert.equal(response.statusCode, 200);
 | |
| 				assert(body);
 | |
| 			});
 | |
| 
 | |
| 			it('should export users uploads', async () => {
 | |
| 				const { response, body } = await request.get(`${nconf.get('url')}/api/v3/users/${fooUid}/exports/uploads`, { jar: jar });
 | |
| 				assert.equal(response.statusCode, 200);
 | |
| 				assert(body);
 | |
| 			});
 | |
| 
 | |
| 			it('should export users profile', async () => {
 | |
| 				const { response, body } = await request.get(`${nconf.get('url')}/api/v3/users/${fooUid}/exports/profile`, { jar: jar });
 | |
| 				assert.equal(response.statusCode, 200);
 | |
| 				assert(body);
 | |
| 			});
 | |
| 		});
 | |
| 
 | |
| 		it('should load notifications page', async () => {
 | |
| 			const notifications = require('../src/notifications');
 | |
| 			const notifData = {
 | |
| 				bodyShort: '[[notifications:user-posted-to, test1, test2]]',
 | |
| 				bodyLong: 'some post content',
 | |
| 				pid: 1,
 | |
| 				path: `/post/${1}`,
 | |
| 				nid: `new_post:tid:${1}:pid:${1}:uid:${fooUid}`,
 | |
| 				tid: 1,
 | |
| 				from: fooUid,
 | |
| 				mergeId: `notifications:user-posted-to|${1}`,
 | |
| 				topicTitle: 'topic title',
 | |
| 			};
 | |
| 			const notification = await notifications.create(notifData);
 | |
| 			await notifications.push(notification, fooUid);
 | |
| 			await sleep(2500);
 | |
| 			const { response, body } = await request.get(`${nconf.get('url')}/api/notifications`, {
 | |
| 				jar,
 | |
| 			});
 | |
| 			assert.equal(response.statusCode, 200);
 | |
| 			assert(body);
 | |
| 			const notif = body.notifications[0];
 | |
| 			assert.equal(notif.bodyShort, '<strong>test1</strong> has posted a reply to: <strong>test2</strong>');
 | |
| 			assert.equal(notif.bodyLong, notifData.bodyLong);
 | |
| 			assert.equal(notif.pid, notifData.pid);
 | |
| 			assert.equal(notif.path, nconf.get('relative_path') + notifData.path);
 | |
| 			assert.equal(notif.nid, notifData.nid);
 | |
| 		});
 | |
| 
 | |
| 		it('should 404 if user does not exist', async () => {
 | |
| 			const { response, body } = await request.get(`${nconf.get('url')}/api/user/email/doesnotexist`);
 | |
| 			assert.equal(response.statusCode, 404);
 | |
| 			assert(body);
 | |
| 		});
 | |
| 
 | |
| 		it('should load user by uid', async () => {
 | |
| 			const { response, body } = await request.get(`${nconf.get('url')}/api/user/uid/${fooUid}`);
 | |
| 			assert.equal(response.statusCode, 200);
 | |
| 			assert(body);
 | |
| 		});
 | |
| 
 | |
| 		it('should load user by username', async () => {
 | |
| 			const { response, body } = await request.get(`${nconf.get('url')}/api/user/username/foo`);
 | |
| 			assert.equal(response.statusCode, 200);
 | |
| 			assert(body);
 | |
| 		});
 | |
| 
 | |
| 		it('should NOT load user by email (by default)', async () => {
 | |
| 			const { response } = await request.get(`${nconf.get('url')}/api/user/email/foo@test.com`);
 | |
| 
 | |
| 			assert.strictEqual(response.statusCode, 404);
 | |
| 		});
 | |
| 
 | |
| 		it('should load user by email if user has elected to show their email', async () => {
 | |
| 			await user.setSetting(fooUid, 'showemail', 1);
 | |
| 			const { response, body } = await request.get(`${nconf.get('url')}/api/user/email/foo@test.com`);
 | |
| 			assert.strictEqual(response.statusCode, 200);
 | |
| 			assert(body);
 | |
| 			await user.setSetting(fooUid, 'showemail', 0);
 | |
| 		});
 | |
| 
 | |
| 		it('should return 401 if user does not have view:users privilege', async () => {
 | |
| 			await privileges.global.rescind(['groups:view:users'], 'guests');
 | |
| 
 | |
| 			const { response, body } = await request.get(`${nconf.get('url')}/api/user/foo`);
 | |
| 			assert.equal(response.statusCode, 401);
 | |
| 			assert.deepEqual(body, {
 | |
| 				response: {},
 | |
| 				status: {
 | |
| 					code: 'not-authorised',
 | |
| 					message: 'A valid login session was not found. Please log in and try again.',
 | |
| 				},
 | |
| 			});
 | |
| 			await privileges.global.give(['groups:view:users'], 'guests');
 | |
| 		});
 | |
| 
 | |
| 		it('should return false if user can not edit user', async () => {
 | |
| 			await user.create({ username: 'regularJoe', password: 'barbar' });
 | |
| 			const { jar } = await helpers.loginUser('regularJoe', 'barbar');
 | |
| 			let { response } = await request.get(`${nconf.get('url')}/api/user/foo/info`, { jar });
 | |
| 			assert.equal(response.statusCode, 403);
 | |
| 			({ response } = await request.get(`${nconf.get('url')}/api/user/foo/edit`, { jar }));
 | |
| 			assert.equal(response.statusCode, 403);
 | |
| 		});
 | |
| 
 | |
| 		it('should load correct user', async () => {
 | |
| 			const { response } = await request.get(`${nconf.get('url')}/api/user/FOO`, { jar: jar });
 | |
| 			assert.equal(response.statusCode, 200);
 | |
| 		});
 | |
| 
 | |
| 		it('should redirect', async () => {
 | |
| 			const { response, body } = await request.get(`${nconf.get('url')}/user/FOO`, { jar: jar });
 | |
| 			assert.equal(response.statusCode, 200);
 | |
| 			assert(body);
 | |
| 		});
 | |
| 
 | |
| 		it('should 404 if user does not exist', async () => {
 | |
| 			const { response, body } = await request.get(`${nconf.get('url')}/api/user/doesnotexist`, { jar });
 | |
| 			assert.equal(response.statusCode, 404);
 | |
| 		});
 | |
| 
 | |
| 		it('should not increase profile view if you visit your own profile', async () => {
 | |
| 			const { response } = await request.get(`${nconf.get('url')}/api/user/foo`, { jar });
 | |
| 			assert.equal(response.statusCode, 200);
 | |
| 			await sleep(500);
 | |
| 			const viewcount = await user.getUserField(fooUid, 'profileviews');
 | |
| 			assert(viewcount === 0);
 | |
| 		});
 | |
| 
 | |
| 		it('should not increase profile view if a guest visits a profile', async () => {
 | |
| 			const { response } = await request.get(`${nconf.get('url')}/api/user/foo`, {});
 | |
| 			assert.equal(response.statusCode, 200);
 | |
| 			await sleep(500);
 | |
| 			const viewcount = await user.getUserField(fooUid, 'profileviews');
 | |
| 			assert(viewcount === 0);
 | |
| 		});
 | |
| 
 | |
| 		it('should increase profile view', async () => {
 | |
| 			const { jar } = await helpers.loginUser('regularJoe', 'barbar');
 | |
| 			const { response } = await request.get(`${nconf.get('url')}/api/user/foo`, {
 | |
| 				jar,
 | |
| 			});
 | |
| 			assert.equal(response.statusCode, 200);
 | |
| 			await sleep(500);
 | |
| 			const viewcount = await user.getUserField(fooUid, 'profileviews');
 | |
| 			assert(viewcount > 0);
 | |
| 		});
 | |
| 
 | |
| 		it('should parse about me', async () => {
 | |
| 			await user.setUserFields(fooUid, { picture: '/path/to/picture', aboutme: 'hi i am a bot' });
 | |
| 			const { response, body } = await request.get(`${nconf.get('url')}/api/user/foo`);
 | |
| 			assert.equal(response.statusCode, 200);
 | |
| 			assert.equal(body.aboutme, 'hi i am a bot');
 | |
| 			assert.equal(body.picture, '/path/to/picture');
 | |
| 		});
 | |
| 
 | |
| 		it('should not return reputation if reputation is disabled', async () => {
 | |
| 			meta.config['reputation:disabled'] = 1;
 | |
| 			const { response, body } = await request.get(`${nconf.get('url')}/api/user/foo`);
 | |
| 			meta.config['reputation:disabled'] = 0;
 | |
| 			assert.equal(response.statusCode, 200);
 | |
| 			assert(!body.hasOwnProperty('reputation'));
 | |
| 		});
 | |
| 
 | |
| 		it('should only return posts that are not deleted', async () => {
 | |
| 			const { topicData } = await topics.post({ uid: fooUid, title: 'visible', content: 'some content', cid: cid });
 | |
| 			const { pid: pidToDelete } = await topics.reply({ uid: fooUid, content: '1st reply', tid: topicData.tid });
 | |
| 			await topics.reply({ uid: fooUid, content: '2nd reply', tid: topicData.tid });
 | |
| 			await posts.delete(pidToDelete, fooUid);
 | |
| 
 | |
| 			const { response, body } = await request.get(`${nconf.get('url')}/api/user/foo`);
 | |
| 			assert.equal(response.statusCode, 200);
 | |
| 			const contents = body.posts.map(p => p.content);
 | |
| 			assert(!contents.includes('1st reply'));
 | |
| 		});
 | |
| 
 | |
| 		it('should return selected group title', async () => {
 | |
| 			await groups.create({
 | |
| 				name: 'selectedGroup',
 | |
| 			});
 | |
| 			const uid = await user.create({ username: 'groupie' });
 | |
| 			await groups.join('selectedGroup', uid);
 | |
| 
 | |
| 			const { response, body } = await request.get(`${nconf.get('url')}/api/user/groupie`);
 | |
| 			assert.equal(response.statusCode, 200);
 | |
| 			assert(Array.isArray(body.selectedGroup));
 | |
| 			assert.equal(body.selectedGroup[0].name, 'selectedGroup');
 | |
| 		});
 | |
| 
 | |
| 		it('should 404 if user does not exist', async () => {
 | |
| 			await groups.join('administrators', fooUid);
 | |
| 
 | |
| 			const { response } = await request.get(`${nconf.get('url')}/api/user/doesnotexist/edit`, { jar });
 | |
| 			assert.equal(response.statusCode, 404);
 | |
| 			await groups.leave('administrators', fooUid);
 | |
| 		});
 | |
| 
 | |
| 		it('should render edit/password', async () => {
 | |
| 			const { response } = await request.get(`${nconf.get('url')}/api/user/foo/edit/password`, { jar });
 | |
| 			assert.equal(response.statusCode, 200);
 | |
| 		});
 | |
| 
 | |
| 		it('should render edit/email', async () => {
 | |
| 			const { response, body } = await request.get(`${nconf.get('url')}/api/user/foo/edit/email`, { jar });
 | |
| 
 | |
| 			assert.strictEqual(response.statusCode, 200);
 | |
| 			assert.strictEqual(body, '/register/complete');
 | |
| 
 | |
| 			await request.post(`${nconf.get('url')}/register/abort`, {
 | |
| 				jar,
 | |
| 				headers: {
 | |
| 					'x-csrf-token': csrf_token,
 | |
| 				},
 | |
| 			});
 | |
| 		});
 | |
| 
 | |
| 		it('should render edit/username', async () => {
 | |
| 			const { response } = await request.get(`${nconf.get('url')}/api/user/foo/edit/username`, { jar });
 | |
| 			assert.equal(response.statusCode, 200);
 | |
| 		});
 | |
| 	});
 | |
| 
 | |
| 	describe('account follow page', () => {
 | |
| 		const socketUser = require('../src/socket.io/user');
 | |
| 		const apiUser = require('../src/api/users');
 | |
| 		let uid;
 | |
| 		before(async () => {
 | |
| 			uid = await user.create({ username: 'follower' });
 | |
| 			await apiUser.follow({ uid: uid }, { uid: fooUid });
 | |
| 			const isFollowing = await socketUser.isFollowing({ uid: uid }, { uid: fooUid });
 | |
| 			assert(isFollowing);
 | |
| 		});
 | |
| 
 | |
| 		it('should get followers page', async () => {
 | |
| 			const { response, body } = await request.get(`${nconf.get('url')}/api/user/foo/followers`);
 | |
| 			assert.equal(response.statusCode, 200);
 | |
| 			assert.equal(body.users[0].username, 'follower');
 | |
| 		});
 | |
| 
 | |
| 		it('should get following page', async () => {
 | |
| 			const { response, body } = await request.get(`${nconf.get('url')}/api/user/follower/following`);
 | |
| 			assert.equal(response.statusCode, 200);
 | |
| 			assert.equal(body.users[0].username, 'foo');
 | |
| 		});
 | |
| 
 | |
| 		it('should return empty after unfollow', async () => {
 | |
| 			await apiUser.unfollow({ uid: uid }, { uid: fooUid });
 | |
| 			const { response, body } = await request.get(`${nconf.get('url')}/api/user/foo/followers`);
 | |
| 			assert.equal(response.statusCode, 200);
 | |
| 			assert.equal(body.users.length, 0);
 | |
| 		});
 | |
| 	});
 | |
| 
 | |
| 	describe('post redirect', () => {
 | |
| 		let jar;
 | |
| 		before(async () => {
 | |
| 			({ jar } = await helpers.loginUser('foo', 'barbar'));
 | |
| 		});
 | |
| 
 | |
| 		it('should 404 for invalid pid', async () => {
 | |
| 			const { response } = await request.get(`${nconf.get('url')}/api/post/fail`);
 | |
| 			assert.equal(response.statusCode, 404);
 | |
| 		});
 | |
| 
 | |
| 		it('should 403 if user does not have read privilege', async () => {
 | |
| 			await privileges.categories.rescind(['groups:topics:read'], category.cid, 'registered-users');
 | |
| 			const { response } = await request.get(`${nconf.get('url')}/api/post/${pid}`, { jar });
 | |
| 			assert.equal(response.statusCode, 403);
 | |
| 			await privileges.categories.give(['groups:topics:read'], category.cid, 'registered-users');
 | |
| 		});
 | |
| 
 | |
| 		it('should return correct post path', async () => {
 | |
| 			const { response, body } = await request.get(`${nconf.get('url')}/api/post/${pid}`);
 | |
| 			assert.equal(response.statusCode, 200);
 | |
| 			assert.equal(response.headers['x-redirect'], encodeURIComponent('/topic/1/test-topic-title'));
 | |
| 			assert.equal(body, '/topic/1/test-topic-title');
 | |
| 		});
 | |
| 	});
 | |
| 
 | |
| 	describe('cookie consent', () => {
 | |
| 		it('should return relevant data in configs API route', async () => {
 | |
| 			const { response, body } = await request.get(`${nconf.get('url')}/api/config`);
 | |
| 			assert.equal(response.statusCode, 200);
 | |
| 			assert.ok(body.cookies);
 | |
| 			assert.equal(translator.escape('[[global:cookies.message]]'), body.cookies.message);
 | |
| 			assert.equal(translator.escape('[[global:cookies.accept]]'), body.cookies.dismiss);
 | |
| 			assert.equal(translator.escape('[[global:cookies.learn-more]]'), body.cookies.link);
 | |
| 		});
 | |
| 
 | |
| 		it('response should be parseable when entries have apostrophes', async () => {
 | |
| 			await meta.configs.set('cookieConsentMessage', 'Julian\'s Message');
 | |
| 			const { response, body } = await request.get(`${nconf.get('url')}/api/config`);
 | |
| 			assert.equal(response.statusCode, 200);
 | |
| 			assert.equal('Julian's Message', body.cookies.message);
 | |
| 		});
 | |
| 	});
 | |
| 
 | |
| 	describe('handle errors', () => {
 | |
| 		const plugins = require('../src/plugins');
 | |
| 		after((done) => {
 | |
| 			plugins.loadedHooks['filter:router.page'] = undefined;
 | |
| 			done();
 | |
| 		});
 | |
| 
 | |
| 		it('should handle topic malformed uri', async () => {
 | |
| 			const { response, body } = await request.get(`${nconf.get('url')}/topic/1/a%AFc`);
 | |
| 			assert.equal(response.statusCode, 200);
 | |
| 			assert(body);
 | |
| 		});
 | |
| 
 | |
| 		it('should handle category malformed uri', async () => {
 | |
| 			const { response, body } = await request.get(`${nconf.get('url')}/category/1/a%AFc`);
 | |
| 			assert.equal(response.statusCode, 200);
 | |
| 			assert(body);
 | |
| 		});
 | |
| 
 | |
| 		it('should handle malformed uri ', async () => {
 | |
| 			const { response, body } = await request.get(`${nconf.get('url')}/user/a%AFc`);
 | |
| 			assert(body);
 | |
| 			assert.equal(response.statusCode, 400);
 | |
| 		});
 | |
| 
 | |
| 		it('should handle malformed uri in api', async () => {
 | |
| 			const { response, body } = await request.get(`${nconf.get('url')}/api/user/a%AFc`);
 | |
| 			assert.equal(response.statusCode, 400);
 | |
| 			assert.equal(body.error, '[[global:400.title]]');
 | |
| 		});
 | |
| 
 | |
| 		it('should handle CSRF error', async () => {
 | |
| 			plugins.loadedHooks['response:router.page'] = plugins.loadedHooks['response:router.page'] || [];
 | |
| 			plugins.loadedHooks['response:router.page'].push({
 | |
| 				method: function () {
 | |
| 					const err = new Error('csrf-error');
 | |
| 					err.code = 'EBADCSRFTOKEN';
 | |
| 					throw err;
 | |
| 				},
 | |
| 			});
 | |
| 
 | |
| 			const { response } = await request.get(`${nconf.get('url')}/users`);
 | |
| 			plugins.loadedHooks['response:router.page'] = [];
 | |
| 			assert.equal(response.statusCode, 403);
 | |
| 		});
 | |
| 
 | |
| 		it('should handle black-list error', async () => {
 | |
| 			plugins.loadedHooks['response:router.page'] = plugins.loadedHooks['response:router.page'] || [];
 | |
| 			plugins.loadedHooks['response:router.page'].push({
 | |
| 				method: function () {
 | |
| 					const err = new Error('blacklist error message');
 | |
| 					err.code = 'blacklisted-ip';
 | |
| 					throw err;
 | |
| 				},
 | |
| 			});
 | |
| 			const { response, body } = await request.get(`${nconf.get('url')}/users`);
 | |
| 			plugins.loadedHooks['response:router.page'] = [];
 | |
| 			assert.equal(response.statusCode, 403);
 | |
| 			assert.equal(body, 'blacklist error message');
 | |
| 		});
 | |
| 
 | |
| 		it('should handle page redirect through error', async () => {
 | |
| 			plugins.loadedHooks['response:router.page'] = plugins.loadedHooks['response:router.page'] || [];
 | |
| 			plugins.loadedHooks['response:router.page'].push({
 | |
| 				method: function () {
 | |
| 					const err = new Error('redirect');
 | |
| 					err.status = 302;
 | |
| 					err.path = '/popular';
 | |
| 					plugins.loadedHooks['response:router.page'] = [];
 | |
| 					throw err;
 | |
| 				},
 | |
| 			});
 | |
| 			const { response, body } = await request.get(`${nconf.get('url')}/users`);
 | |
| 			assert.equal(response.statusCode, 200);
 | |
| 			assert(body);
 | |
| 		});
 | |
| 
 | |
| 		it('should handle api page redirect through error', async () => {
 | |
| 			plugins.loadedHooks['response:router.page'] = plugins.loadedHooks['response:router.page'] || [];
 | |
| 			plugins.loadedHooks['response:router.page'].push({
 | |
| 				method: function () {
 | |
| 					const err = new Error('redirect');
 | |
| 					err.status = 308;
 | |
| 					err.path = '/api/popular';
 | |
| 					plugins.loadedHooks['response:router.page'] = [];
 | |
| 					throw err;
 | |
| 				},
 | |
| 			});
 | |
| 			const { response, body } = await request.get(`${nconf.get('url')}/api/users`);
 | |
| 			assert.equal(response.statusCode, 200);
 | |
| 			assert.equal(response.headers['x-redirect'], encodeURIComponent('/api/popular'));
 | |
| 			assert(body, '/api/popular');
 | |
| 		});
 | |
| 
 | |
| 		it('should handle error page', async () => {
 | |
| 			plugins.loadedHooks['response:router.page'] = plugins.loadedHooks['response:router.page'] || [];
 | |
| 			plugins.loadedHooks['response:router.page'].push({
 | |
| 				method: function () {
 | |
| 					const err = new Error('regular error');
 | |
| 					throw err;
 | |
| 				},
 | |
| 			});
 | |
| 			const { response, body } = await request.get(`${nconf.get('url')}/users`);
 | |
| 			plugins.loadedHooks['response:router.page'] = [];
 | |
| 			assert.equal(response.statusCode, 500);
 | |
| 			assert(body);
 | |
| 		});
 | |
| 	});
 | |
| 
 | |
| 	describe('category', () => {
 | |
| 		let jar;
 | |
| 		before(async () => {
 | |
| 			({ jar } = await helpers.loginUser('foo', 'barbar'));
 | |
| 		});
 | |
| 
 | |
| 		it('should return 404 if cid is not a number', async () => {
 | |
| 			const { response, body } = await request.get(`${nconf.get('url')}/api/category/fail`);
 | |
| 			assert.equal(response.statusCode, 404);
 | |
| 		});
 | |
| 
 | |
| 		it('should return 404 if topic index is not a number', async () => {
 | |
| 			const { response, body } = await request.get(`${nconf.get('url')}/api/category/${category.slug}/invalidtopicindex`);
 | |
| 			assert.equal(response.statusCode, 404);
 | |
| 		});
 | |
| 
 | |
| 		it('should 404 if category does not exist', async () => {
 | |
| 			const { response, body } = await request.get(`${nconf.get('url')}/api/category/123123`);
 | |
| 			assert.equal(response.statusCode, 404);
 | |
| 		});
 | |
| 
 | |
| 		it('should 404 if category is disabled', async () => {
 | |
| 			const category = await categories.create({ name: 'disabled' });
 | |
| 			await categories.setCategoryField(category.cid, 'disabled', 1);
 | |
| 			const { response } = await request.get(`${nconf.get('url')}/api/category/${category.slug}`);
 | |
| 			assert.equal(response.statusCode, 404);
 | |
| 		});
 | |
| 
 | |
| 		it('should return 401 if not allowed to read', async () => {
 | |
| 			const category = await categories.create({ name: 'hidden' });
 | |
| 			await privileges.categories.rescind(['groups:read'], category.cid, 'guests');
 | |
| 			const { response } = await request.get(`${nconf.get('url')}/api/category/${category.slug}`);
 | |
| 			assert.equal(response.statusCode, 401);
 | |
| 			await privileges.categories.give(['groups:read'], category.cid, 'guests');
 | |
| 		});
 | |
| 
 | |
| 		it('should redirect if topic index is negative', async () => {
 | |
| 			const { response } = await request.get(`${nconf.get('url')}/api/category/${category.slug}/-10`);
 | |
| 			assert.equal(response.statusCode, 200);
 | |
| 			assert.ok(response.headers['x-redirect']);
 | |
| 		});
 | |
| 
 | |
| 		it('should 404 if page is not found', async () => {
 | |
| 			await user.setSetting(fooUid, 'usePagination', 1);
 | |
| 			const { response } = await request.get(`${nconf.get('url')}/api/category/${category.slug}?page=100`, { jar });
 | |
| 			assert.equal(response.statusCode, 404);
 | |
| 		});
 | |
| 
 | |
| 		it('should load page 1 if req.query.page is not sent', async () => {
 | |
| 			const { response, body } = await request.get(`${nconf.get('url')}/api/category/${category.slug}`, { jar });
 | |
| 			assert.equal(response.statusCode, 200);
 | |
| 			assert.equal(body.pagination.currentPage, 1);
 | |
| 		});
 | |
| 
 | |
| 		it('should sort topics by most posts', async () => {
 | |
| 			const category = await categories.create({ name: 'most-posts-category' });
 | |
| 			await topics.post({ uid: fooUid, cid: category.cid, title: 'topic 1', content: 'topic 1 OP' });
 | |
| 			const t2 = await topics.post({ uid: fooUid, cid: category.cid, title: 'topic 2', content: 'topic 2 OP' });
 | |
| 			await topics.reply({ uid: fooUid, content: 'topic 2 reply', tid: t2.topicData.tid });
 | |
| 
 | |
| 			const { response, body } = await request.get(`${nconf.get('url')}/api/category/${category.slug}?sort=most_posts`, { jar });
 | |
| 			assert.equal(response.statusCode, 200);
 | |
| 			assert.equal(body.topics[0].title, 'topic 2');
 | |
| 			assert.equal(body.topics[0].postcount, 2);
 | |
| 			assert.equal(body.topics[1].postcount, 1);
 | |
| 		});
 | |
| 
 | |
| 		it('should load a specific users topics from a category with tags', async () => {
 | |
| 			const category = await categories.create({ name: 'filtered-category' });
 | |
| 			await topics.post({ uid: fooUid, cid: category.cid, title: 'topic 1', content: 'topic 1 OP', tags: ['java', 'cpp'] });
 | |
| 			await topics.post({ uid: fooUid, cid: category.cid, title: 'topic 2', content: 'topic 2 OP', tags: ['node', 'javascript'] });
 | |
| 			await topics.post({ uid: fooUid, cid: category.cid, title: 'topic 3', content: 'topic 3 OP', tags: ['java', 'cpp', 'best'] });
 | |
| 
 | |
| 			let { body } = await request.get(`${nconf.get('url')}/api/category/${category.slug}?tag=node&author=foo`, { jar });
 | |
| 			assert.equal(body.topics[0].title, 'topic 2');
 | |
| 
 | |
| 			({ body } = await request.get(`${nconf.get('url')}/api/category/${category.slug}?tag[]=java&tag[]=cpp`, { jar }));
 | |
| 			assert.equal(body.topics[0].title, 'topic 3');
 | |
| 			assert.equal(body.topics[1].title, 'topic 1');
 | |
| 		});
 | |
| 
 | |
| 		it('should redirect if category is a link', async () => {
 | |
| 			const category = await categories.create({ name: 'redirect', link: 'https://nodebb.org' });
 | |
| 			const { cid } = category;
 | |
| 
 | |
| 			let result = await request.get(`${nconf.get('url')}/api/category/${category.slug}`, { jar });
 | |
| 			assert.equal(result.response.headers['x-redirect'], encodeURIComponent('https://nodebb.org'));
 | |
| 			assert.equal(result.body, 'https://nodebb.org');
 | |
| 			await categories.setCategoryField(cid, 'link', '/recent');
 | |
| 
 | |
| 			result = await request.get(`${nconf.get('url')}/api/category/${category.slug}`, { jar });
 | |
| 			assert.equal(result.response.headers['x-redirect'], encodeURIComponent('/recent'));
 | |
| 			assert.equal(result.body, '/recent');
 | |
| 		});
 | |
| 
 | |
| 		it('should get recent topic replies from children categories', async () => {
 | |
| 			const parentCategory = await categories.create({ name: 'parent category', backgroundImage: 'path/to/some/image' });
 | |
| 			const childCategory1 = await categories.create({ name: 'child category 1', parentCid: category.cid });
 | |
| 			const childCategory2 = await categories.create({ name: 'child category 2', parentCid: parentCategory.cid });
 | |
| 			await topics.post({ uid: fooUid, cid: childCategory2.cid, title: 'topic 1', content: 'topic 1 OP' });
 | |
| 
 | |
| 			const { body } = await request.get(`${nconf.get('url')}/api/category/${parentCategory.slug}`, { jar });
 | |
| 			assert.equal(body.children[0].posts[0].content, 'topic 1 OP');
 | |
| 		});
 | |
| 
 | |
| 		it('should create 2 pages of topics', async () => {
 | |
| 			const category = await categories.create({ name: 'category with 2 pages' });
 | |
| 			for (let i = 0; i < 30; i++) {
 | |
| 				// eslint-disable-next-line no-await-in-loop
 | |
| 				await topics.post({ uid: fooUid, cid: category.cid, title: `topic title ${i}`, content: 'does not really matter' });
 | |
| 			}
 | |
| 			const userSettings = await user.getSettings(fooUid);
 | |
| 
 | |
| 			const { body } = await request.get(`${nconf.get('url')}/api/category/${category.slug}`, { jar });
 | |
| 			assert.equal(body.topics.length, userSettings.topicsPerPage);
 | |
| 			assert.equal(body.pagination.pageCount, 2);
 | |
| 		});
 | |
| 
 | |
| 		it('should load categories', async () => {
 | |
| 			const helpers = require('../src/controllers/helpers');
 | |
| 			const data = await helpers.getCategories('cid:0:children', 1, 'topics:read', 0);
 | |
| 			assert(data.categories.length > 0);
 | |
| 			assert.strictEqual(data.selectedCategory, null);
 | |
| 			assert.deepStrictEqual(data.selectedCids, []);
 | |
| 		});
 | |
| 
 | |
| 		it('should load categories by states', async () => {
 | |
| 			const helpers = require('../src/controllers/helpers');
 | |
| 			const data = await helpers.getCategoriesByStates(1, 1, Object.values(categories.watchStates), 'topics:read');
 | |
| 			assert.deepStrictEqual(data.selectedCategory.cid, 1);
 | |
| 			assert.deepStrictEqual(data.selectedCids, [1]);
 | |
| 		});
 | |
| 
 | |
| 		it('should load categories by states', async () => {
 | |
| 			const helpers = require('../src/controllers/helpers');
 | |
| 			const data = await helpers.getCategoriesByStates(1, 0, [categories.watchStates.ignoring], 'topics:read');
 | |
| 			assert(data.categories.length === 0);
 | |
| 			assert.deepStrictEqual(data.selectedCategory, null);
 | |
| 			assert.deepStrictEqual(data.selectedCids, []);
 | |
| 		});
 | |
| 	});
 | |
| 
 | |
| 	describe('unread', () => {
 | |
| 		let jar;
 | |
| 		before(async () => {
 | |
| 			({ jar } = await helpers.loginUser('foo', 'barbar'));
 | |
| 		});
 | |
| 
 | |
| 		it('should load unread page', async () => {
 | |
| 			const { response } = await request.get(`${nconf.get('url')}/api/unread`, { jar });
 | |
| 			assert.equal(response.statusCode, 200);
 | |
| 		});
 | |
| 
 | |
| 		it('should 404 if filter is invalid', async () => {
 | |
| 			const { response } = await request.get(`${nconf.get('url')}/api/unread/doesnotexist`, { jar });
 | |
| 			assert.equal(response.statusCode, 404);
 | |
| 		});
 | |
| 
 | |
| 		it('should return total unread count', async () => {
 | |
| 			const { response, body } = await request.get(`${nconf.get('url')}/api/unread/total?filter=new`, { jar });
 | |
| 			assert.equal(response.statusCode, 200);
 | |
| 			assert.equal(body, 0);
 | |
| 		});
 | |
| 
 | |
| 		it('should redirect if page is out of bounds', async () => {
 | |
| 			const { response, body } = await request.get(`${nconf.get('url')}/api/unread?page=-1`, { jar });
 | |
| 			assert.equal(response.statusCode, 200);
 | |
| 			assert.equal(response.headers['x-redirect'], encodeURIComponent('/unread?page=1'));
 | |
| 			assert.equal(body, '/unread?page=1');
 | |
| 		});
 | |
| 	});
 | |
| 
 | |
| 	describe('admin middlewares', () => {
 | |
| 		it('should redirect to login', async () => {
 | |
| 			const { response } = await request.get(`${nconf.get('url')}/api/admin/advanced/database`);
 | |
| 			assert.equal(response.statusCode, 401);
 | |
| 		});
 | |
| 
 | |
| 		it('should redirect to login', async () => {
 | |
| 			const { response, body } = await request.get(`${nconf.get('url')}/admin/advanced/database`);
 | |
| 			assert.equal(response.statusCode, 200);
 | |
| 			assert(body.includes('Login to your account'));
 | |
| 		});
 | |
| 	});
 | |
| 
 | |
| 	describe('composer', () => {
 | |
| 		let csrf_token;
 | |
| 		let jar;
 | |
| 
 | |
| 		before(async () => {
 | |
| 			const login = await helpers.loginUser('foo', 'barbar');
 | |
| 			jar = login.jar;
 | |
| 			csrf_token = login.csrf_token;
 | |
| 		});
 | |
| 
 | |
| 		it('should load the composer route', async () => {
 | |
| 			const { response, body } = await request.get(`${nconf.get('url')}/api/compose?cid=${cid}`, {
 | |
| 				jar,
 | |
| 			});
 | |
| 			assert.equal(response.statusCode, 200);
 | |
| 			assert(body.title);
 | |
| 			assert(body.template);
 | |
| 			assert.equal(body.url, `${nconf.get('relative_path')}/compose`);
 | |
| 		});
 | |
| 
 | |
| 		it('should load the composer route if disabled by plugin', async () => {
 | |
| 			function hookMethod(hookData, callback) {
 | |
| 				hookData.templateData.disabled = true;
 | |
| 				callback(null, hookData);
 | |
| 			}
 | |
| 
 | |
| 			plugins.hooks.register('myTestPlugin', {
 | |
| 				hook: 'filter:composer.build',
 | |
| 				method: hookMethod,
 | |
| 			});
 | |
| 
 | |
| 			const { response, body } = await request.get(`${nconf.get('url')}/api/compose?cid=${cid}`, {
 | |
| 				jar,
 | |
| 			});
 | |
| 			assert.equal(response.statusCode, 200);
 | |
| 			assert(body.title);
 | |
| 			assert.strictEqual(body.template.name, '');
 | |
| 			assert.strictEqual(body.url, `${nconf.get('relative_path')}/compose`);
 | |
| 
 | |
| 			plugins.hooks.unregister('myTestPlugin', 'filter:composer.build', hookMethod);
 | |
| 		});
 | |
| 
 | |
| 		it('should error with invalid data', async () => {
 | |
| 			let result = await request.post(`${nconf.get('url')}/compose`, {
 | |
| 				data: {
 | |
| 					content: 'a new reply',
 | |
| 				},
 | |
| 				jar: jar,
 | |
| 				headers: {
 | |
| 					'x-csrf-token': csrf_token,
 | |
| 				},
 | |
| 			});
 | |
| 
 | |
| 			assert.equal(result.response.statusCode, 400);
 | |
| 			result = await request.post(`${nconf.get('url')}/compose`, {
 | |
| 				body: {
 | |
| 					tid: tid,
 | |
| 				},
 | |
| 				jar: jar,
 | |
| 				headers: {
 | |
| 					'x-csrf-token': csrf_token,
 | |
| 				},
 | |
| 			});
 | |
| 			assert.equal(result.response.statusCode, 400);
 | |
| 		});
 | |
| 
 | |
| 		it('should create a new topic and reply by composer route', async () => {
 | |
| 			let result = await request.post(`${nconf.get('url')}/compose`, {
 | |
| 				body: {
 | |
| 					cid: cid,
 | |
| 					title: 'no js is good',
 | |
| 					content: 'a topic with noscript',
 | |
| 				},
 | |
| 				jar: jar,
 | |
| 				maxRedirect: 0,
 | |
| 				redirect: 'manual',
 | |
| 				headers: {
 | |
| 					'x-csrf-token': csrf_token,
 | |
| 				},
 | |
| 			});
 | |
| 
 | |
| 			assert.equal(result.response.statusCode, 302);
 | |
| 			result = await request.post(`${nconf.get('url')}/compose`, {
 | |
| 				body: {
 | |
| 					tid: tid,
 | |
| 					content: 'a new reply',
 | |
| 				},
 | |
| 				jar: jar,
 | |
| 				maxRedirect: 0,
 | |
| 				redirect: 'manual',
 | |
| 				headers: {
 | |
| 					'x-csrf-token': csrf_token,
 | |
| 				},
 | |
| 			});
 | |
| 			assert.equal(result.response.statusCode, 302);
 | |
| 		});
 | |
| 
 | |
| 		it('should create a new topic and reply by composer route as a guest', async () => {
 | |
| 			const jar = request.jar();
 | |
| 			const csrf_token = await helpers.getCsrfToken(jar);
 | |
| 
 | |
| 			await privileges.categories.give(['groups:topics:create', 'groups:topics:reply'], cid, 'guests');
 | |
| 
 | |
| 			const result = await helpers.request('post', `/compose`, {
 | |
| 				body: {
 | |
| 					cid: cid,
 | |
| 					title: 'no js is good',
 | |
| 					content: 'a topic with noscript',
 | |
| 					handle: 'guest1',
 | |
| 				},
 | |
| 				jar,
 | |
| 				maxRedirect: 0,
 | |
| 				redirect: 'manual',
 | |
| 				headers: {
 | |
| 					'x-csrf-token': csrf_token,
 | |
| 				},
 | |
| 			});
 | |
| 			assert.strictEqual(result.response.statusCode, 302);
 | |
| 
 | |
| 			const replyResult = await helpers.request('post', `/compose`, {
 | |
| 				body: {
 | |
| 					tid: tid,
 | |
| 					content: 'a new reply',
 | |
| 					handle: 'guest2',
 | |
| 				},
 | |
| 				jar,
 | |
| 				maxRedirect: 0,
 | |
| 				redirect: 'manual',
 | |
| 				headers: {
 | |
| 					'x-csrf-token': csrf_token,
 | |
| 				},
 | |
| 			});
 | |
| 			assert.equal(replyResult.response.statusCode, 302);
 | |
| 			await privileges.categories.rescind(['groups:topics:post', 'groups:topics:reply'], cid, 'guests');
 | |
| 		});
 | |
| 
 | |
| 		it('should not load a topic data that is in private category', async () => {
 | |
| 			const { cid } = await categories.create({
 | |
| 				name: 'private',
 | |
| 				description: 'private',
 | |
| 			});
 | |
| 
 | |
| 			const result = await topics.post({ uid: fooUid, title: 'hidden title', content: 'hidden content', cid: cid });
 | |
| 
 | |
| 			await privileges.categories.rescind(['groups:topics:read'], category.cid, 'guests');
 | |
| 			let { response, body } = await request.get(`${nconf.get('url')}/api/compose?tid=${result.topicData.tid}`);
 | |
| 			assert.equal(response.statusCode, 401);
 | |
| 			assert(!body.title);
 | |
| 
 | |
| 			({ response, body } = await request.get(`${nconf.get('url')}/api/compose?cid=${cid}`));
 | |
| 			assert.equal(response.statusCode, 401);
 | |
| 			assert(!body.title);
 | |
| 
 | |
| 			({ response, body } = await request.get(`${nconf.get('url')}/api/compose?pid=${result.postData.pid}`));
 | |
| 			assert.equal(response.statusCode, 401);
 | |
| 			assert(!body.title);
 | |
| 
 | |
| 			await privileges.categories.give(['groups:topics:read'], category.cid, 'guests');
 | |
| 		});
 | |
| 	});
 | |
| 
 | |
| 	describe('test routes', () => {
 | |
| 		if (process.env.NODE_ENV === 'development') {
 | |
| 			it('should load debug route', async () => {
 | |
| 				const { response, body } = await request.get(`${nconf.get('url')}/debug/test`);
 | |
| 				assert.equal(response.statusCode, 404);
 | |
| 				assert(body);
 | |
| 			});
 | |
| 
 | |
| 			it('should load redoc read route', async () => {
 | |
| 				const { response, body } = await request.get(`${nconf.get('url')}/debug/spec/read`);
 | |
| 				assert.equal(response.statusCode, 200);
 | |
| 				assert(body);
 | |
| 			});
 | |
| 
 | |
| 			it('should load redoc write route', async () => {
 | |
| 				const { response, body } = await request.get(`${nconf.get('url')}/debug/spec/write`);
 | |
| 				assert.equal(response.statusCode, 200);
 | |
| 				assert(body);
 | |
| 			});
 | |
| 
 | |
| 			it('should load 404 for invalid type', async () => {
 | |
| 				const { response, body } = await request.get(`${nconf.get('url')}/debug/spec/doesnotexist`);
 | |
| 				assert.equal(response.statusCode, 404);
 | |
| 				assert(body);
 | |
| 			});
 | |
| 		}
 | |
| 	});
 | |
| 
 | |
| 	describe('.well-known', () => {
 | |
| 		describe('webfinger', () => {
 | |
| 			let uid;
 | |
| 			let username;
 | |
| 
 | |
| 			before(async () => {
 | |
| 				username = utils.generateUUID().slice(0, 10);
 | |
| 				uid = await user.create({ username });
 | |
| 			});
 | |
| 
 | |
| 			it('should error if resource parameter is missing', async () => {
 | |
| 				const { response } = await request.get(`${nconf.get('url')}/.well-known/webfinger`);
 | |
| 				assert.strictEqual(response.statusCode, 400);
 | |
| 			});
 | |
| 
 | |
| 			it('should error if resource parameter is malformed', async () => {
 | |
| 				const { response } = await request.get(`${nconf.get('url')}/.well-known/webfinger?resource=foobar`);
 | |
| 				assert.strictEqual(response.statusCode, 400);
 | |
| 			});
 | |
| 
 | |
| 			it('should deny access if view:users privilege is not enabled for guests', async () => {
 | |
| 				await privileges.global.rescind(['groups:view:users'], 'fediverse');
 | |
| 
 | |
| 				const { response } = await request.get(`${nconf.get('url')}/.well-known/webfinger?resource=acct:${username}@${nconf.get('url_parsed').host}`);
 | |
| 				assert.strictEqual(response.statusCode, 404);
 | |
| 
 | |
| 				await privileges.global.give(['groups:view:users'], 'fediverse');
 | |
| 			});
 | |
| 
 | |
| 			it('should respond appropriately if the user requested does not exist locally', async () => {
 | |
| 				const { response } = await request.get(`${nconf.get('url')}/.well-known/webfinger?resource=acct:foobar@${nconf.get('url_parsed').host}`);
 | |
| 				assert.strictEqual(response.statusCode, 404);
 | |
| 			});
 | |
| 
 | |
| 			it('should return a valid webfinger response if the user exists', async () => {
 | |
| 				const { response, body } = await request.get(`${nconf.get('url')}/.well-known/webfinger?resource=acct:${username}@${nconf.get('url_parsed').host}`);
 | |
| 				assert.strictEqual(response.statusCode, 200);
 | |
| 				assert(['subject', 'aliases', 'links'].every(prop => body.hasOwnProperty(prop)));
 | |
| 				assert(body.subject, `acct:${username}@${nconf.get('url_parsed').host}`);
 | |
| 			});
 | |
| 		});
 | |
| 	});
 | |
| 
 | |
| 	after((done) => {
 | |
| 		const analytics = require('../src/analytics');
 | |
| 		analytics.writeData(done);
 | |
| 	});
 | |
| });
 |