libre-service.eu/pad.libre-service.eu-etherpad
libre-service.eu/pad.libre-service.eu-etherpad
1
0
Fork 0
mirror of https://github.com/ether/etherpad-lite.git synced 2025-02-08 11:12:01 +01:00
Code Issues Projects Releases Wiki Activity
pad.libre-service.eu-etherpad/src/tests/backend/specs/socketio.js

427 lines
18 KiB
JavaScript
Raw Normal View History

lint: Fix some straightforward ESLint errors
2020-12-08 09:20:59 +01:00
'use strict';
tests: Add authentication, authorization bypass tests
2020-09-14 06:39:10 +02:00
const assert = require('assert').strict;
tests: Factor out common server setup/teardown
2020-10-01 22:23:32 +02:00
const common = require('../common');
restructure: move bin/ and tests/ to src/ Also add symlinks from the old `bin/` and `tests/` locations to avoid breaking scripts and other tools. Motivations: * Scripts and tests no longer have to do dubious things like: require('ep_etherpad-lite/node_modules/foo') to access packages installed as dependencies in `src/package.json`. * Plugins can access the backend test helper library in a non-hacky way: require('ep_etherpad-lite/tests/backend/common') * We can delete the top-level `package.json` without breaking our ability to lint the files in `bin/` and `tests/`. Deleting the top-level `package.json` has downsides: It will cause `npm` to print warnings whenever plugins are installed, npm will no longer be able to enforce a plugin's peer dependency on ep_etherpad-lite, and npm will keep deleting the `node_modules/ep_etherpad-lite` symlink that points to `../src`. But there are significant upsides to deleting the top-level `package.json`: It will drastically speed up plugin installation because `npm` doesn't have to recursively walk the dependencies in `src/package.json`. Also, deleting the top-level `package.json` avoids npm's horrible dependency hoisting behavior (where it moves stuff from `src/node_modules/` to the top-level `node_modules/` directory). Dependency hoisting causes numerous mysterious problems such as silent failures in `npm outdated` and `npm update`. Dependency hoisting also breaks plugins that do: require('ep_etherpad-lite/node_modules/foo')
2021-02-03 13:08:43 +01:00
const padManager = require('../../../node/db/PadManager');
const plugins = require('../../../static/js/pluginfw/plugin_defs');
tests: readonly pastes must be readable+exportable with authentication readonly paste links should be readable even if authentication is turned on, as long as the user provides valid login data. This test currently fails. Also test that readonly paste IDs can be exported under the same condition, which currently succeeds.
2021-04-11 04:00:14 +02:00
const readOnlyManager = require('../../../node/db/ReadOnlyManager');
restructure: move bin/ and tests/ to src/ Also add symlinks from the old `bin/` and `tests/` locations to avoid breaking scripts and other tools. Motivations: * Scripts and tests no longer have to do dubious things like: require('ep_etherpad-lite/node_modules/foo') to access packages installed as dependencies in `src/package.json`. * Plugins can access the backend test helper library in a non-hacky way: require('ep_etherpad-lite/tests/backend/common') * We can delete the top-level `package.json` without breaking our ability to lint the files in `bin/` and `tests/`. Deleting the top-level `package.json` has downsides: It will cause `npm` to print warnings whenever plugins are installed, npm will no longer be able to enforce a plugin's peer dependency on ep_etherpad-lite, and npm will keep deleting the `node_modules/ep_etherpad-lite` symlink that points to `../src`. But there are significant upsides to deleting the top-level `package.json`: It will drastically speed up plugin installation because `npm` doesn't have to recursively walk the dependencies in `src/package.json`. Also, deleting the top-level `package.json` avoids npm's horrible dependency hoisting behavior (where it moves stuff from `src/node_modules/` to the top-level `node_modules/` directory). Dependency hoisting causes numerous mysterious problems such as silent failures in `npm outdated` and `npm update`. Dependency hoisting also breaks plugins that do: require('ep_etherpad-lite/node_modules/foo')
2021-02-03 13:08:43 +01:00
const settings = require('../../../node/utils/Settings');
SocketIORouter: Add unit tests
2021-09-06 10:11:30 +02:00
const socketIoRouter = require('../../../node/handler/SocketIORouter');
tests: Add authentication, authorization bypass tests
2020-09-14 06:39:10 +02:00
lint: Run `eslint --fix` on `bin/` and `tests/`
2020-11-23 19:21:51 +01:00
describe(__filename, function () {
tests: timeouts for tests (#4773)
2021-02-13 20:00:06 +01:00
this.timeout(30000);
tests: Include the filename in the test output Also some minor consistency cleanups.
2020-10-10 00:19:46 +02:00
let agent;
tests: Delete unnecessary `describe()` wrapper
2020-10-29 23:48:16 +01:00
let authorize;
tests: Clear auth hooks before running socket.io unit tests
2020-10-29 23:50:13 +01:00
const backups = {};
tests: Delete unnecessary `describe()` wrapper
2020-10-29 23:48:16 +01:00
const cleanUpPads = async () => {
const padIds = ['pad', 'other-pad', 'päd'];
await Promise.all(padIds.map(async (padId) => {
if (await padManager.doesPadExist(padId)) {
const pad = await padManager.getPad(padId);
await pad.remove();
}
}));
};
let socket;
lint: Run `eslint --fix` on `bin/` and `tests/`
2020-11-23 19:21:51 +01:00
before(async function () { agent = await common.init(); });
beforeEach(async function () {
tests: Clear auth hooks before running socket.io unit tests
2020-10-29 23:50:13 +01:00
backups.hooks = {};
for (const hookName of ['preAuthorize', 'authenticate', 'authorize']) {
backups.hooks[hookName] = plugins.hooks[hookName];
plugins.hooks[hookName] = [];
}
backups.settings = {};
for (const setting of ['editOnly', 'requireAuthentication', 'requireAuthorization', 'users']) {
backups.settings[setting] = settings[setting];
}
tests: Delete unnecessary `describe()` wrapper
2020-10-29 23:48:16 +01:00
settings.editOnly = false;
settings.requireAuthentication = false;
settings.requireAuthorization = false;
settings.users = {
admin: {password: 'admin-password', is_admin: true},
user: {password: 'user-password'},
Refactor startup/shutdown for tests * `src/node/server.js` can now be run as a script (for normal operation) or imported as a module (for tests). * Move shutdown actions to `src/node/server.js` to be close to the startup actions. * Put startup and shutdown in functions so that tests can call them. * Use `await` instead of callbacks. * Block until the HTTP server is listening to avoid races during test startup. * Add a new `shutdown` hook. * Use the `shutdown` hook to: * close the HTTP server * call `end()` on the stats collection to cancel its timers * call `terminate()` on the Threads.Pool to stop the workers * Exit with exit code 0 (instead of 1) on SIGTERM. * Export the HTTP server so that tests can get the HTTP server's port via `server.address().port` when `settings.port` is 0.
2020-09-21 06:42:29 +02:00
};
tests: Clear auth hooks before running socket.io unit tests
2020-10-29 23:50:13 +01:00
assert(socket == null);
tests: Delete unnecessary `describe()` wrapper
2020-10-29 23:48:16 +01:00
authorize = () => true;
lint: Run `eslint --fix` on `bin/` and `tests/`
2020-11-23 19:21:51 +01:00
plugins.hooks.authorize = [{hook_fn: (hookName, {req}, cb) => cb([authorize(req)])}];
tests: Delete unnecessary `describe()` wrapper
2020-10-29 23:48:16 +01:00
await cleanUpPads();
});
lint: Run `eslint --fix` on `bin/` and `tests/`
2020-11-23 19:21:51 +01:00
afterEach(async function () {
tests: Delete unnecessary `describe()` wrapper
2020-10-29 23:48:16 +01:00
if (socket) socket.close();
socket = null;
await cleanUpPads();
tests: Clear auth hooks before running socket.io unit tests
2020-10-29 23:50:13 +01:00
Object.assign(plugins.hooks, backups.hooks);
Object.assign(settings, backups.settings);
tests: Delete unnecessary `describe()` wrapper
2020-10-29 23:48:16 +01:00
});
tests: Add authentication, authorization bypass tests
2020-09-14 06:39:10 +02:00
lint: Run `eslint --fix` on `bin/` and `tests/`
2020-11-23 19:21:51 +01:00
describe('Normal accesses', function () {
it('!authn anonymous cookie /p/pad -> 200, ok', async function () {
tests: Delete unnecessary `describe()` wrapper
2020-10-29 23:48:16 +01:00
const res = await agent.get('/p/pad').expect(200);
tests: Move socket.io connection helpers to `common.js`
2021-10-31 03:23:13 +01:00
socket = await common.connect(res);
const clientVars = await common.handshake(socket, 'pad');
tests: Delete unnecessary `describe()` wrapper
2020-10-29 23:48:16 +01:00
assert.equal(clientVars.type, 'CLIENT_VARS');
feature: New user-specific `readOnly` and `canCreate` settings (#4370) Also: * Group the tests for readability. * Factor out some common test setup.
2020-09-28 12:22:06 +02:00
});
lint: Run `eslint --fix` on `bin/` and `tests/`
2020-11-23 19:21:51 +01:00
it('!authn !cookie -> ok', async function () {
tests: Move socket.io connection helpers to `common.js`
2021-10-31 03:23:13 +01:00
socket = await common.connect(null);
const clientVars = await common.handshake(socket, 'pad');
tests: Delete unnecessary `describe()` wrapper
2020-10-29 23:48:16 +01:00
assert.equal(clientVars.type, 'CLIENT_VARS');
feature: New user-specific `readOnly` and `canCreate` settings (#4370) Also: * Group the tests for readability. * Factor out some common test setup.
2020-09-28 12:22:06 +02:00
});
lint: Run `eslint --fix` on `bin/` and `tests/`
2020-11-23 19:21:51 +01:00
it('!authn user /p/pad -> 200, ok', async function () {
tests: Delete unnecessary `describe()` wrapper
2020-10-29 23:48:16 +01:00
const res = await agent.get('/p/pad').auth('user', 'user-password').expect(200);
tests: Move socket.io connection helpers to `common.js`
2021-10-31 03:23:13 +01:00
socket = await common.connect(res);
const clientVars = await common.handshake(socket, 'pad');
tests: Delete unnecessary `describe()` wrapper
2020-10-29 23:48:16 +01:00
assert.equal(clientVars.type, 'CLIENT_VARS');
});
lint: Run `eslint --fix` on `bin/` and `tests/`
2020-11-23 19:21:51 +01:00
it('authn user /p/pad -> 200, ok', async function () {
tests: Delete unnecessary `describe()` wrapper
2020-10-29 23:48:16 +01:00
settings.requireAuthentication = true;
const res = await agent.get('/p/pad').auth('user', 'user-password').expect(200);
tests: Move socket.io connection helpers to `common.js`
2021-10-31 03:23:13 +01:00
socket = await common.connect(res);
const clientVars = await common.handshake(socket, 'pad');
tests: Delete unnecessary `describe()` wrapper
2020-10-29 23:48:16 +01:00
assert.equal(clientVars.type, 'CLIENT_VARS');
});
tests: readonly pastes must be readable+exportable with authentication readonly paste links should be readable even if authentication is turned on, as long as the user provides valid login data. This test currently fails. Also test that readonly paste IDs can be exported under the same condition, which currently succeeds.
2021-04-11 04:00:14 +02:00
for (const authn of [false, true]) {
const desc = authn ? 'authn user' : '!authn anonymous';
it(`${desc} read-only /p/pad -> 200, ok`, async function () {
const get = (ep) => {
let res = agent.get(ep);
if (authn) res = res.auth('user', 'user-password');
return res.expect(200);
};
settings.requireAuthentication = authn;
let res = await get('/p/pad');
tests: Move socket.io connection helpers to `common.js`
2021-10-31 03:23:13 +01:00
socket = await common.connect(res);
let clientVars = await common.handshake(socket, 'pad');
tests: readonly pastes must be readable+exportable with authentication readonly paste links should be readable even if authentication is turned on, as long as the user provides valid login data. This test currently fails. Also test that readonly paste IDs can be exported under the same condition, which currently succeeds.
2021-04-11 04:00:14 +02:00
assert.equal(clientVars.type, 'CLIENT_VARS');
assert.equal(clientVars.data.readonly, false);
const readOnlyId = clientVars.data.readOnlyId;
assert(readOnlyManager.isReadOnlyId(readOnlyId));
socket.close();
res = await get(`/p/${readOnlyId}`);
tests: Move socket.io connection helpers to `common.js`
2021-10-31 03:23:13 +01:00
socket = await common.connect(res);
clientVars = await common.handshake(socket, readOnlyId);
tests: readonly pastes must be readable+exportable with authentication readonly paste links should be readable even if authentication is turned on, as long as the user provides valid login data. This test currently fails. Also test that readonly paste IDs can be exported under the same condition, which currently succeeds.
2021-04-11 04:00:14 +02:00
assert.equal(clientVars.type, 'CLIENT_VARS');
assert.equal(clientVars.data.readonly, true);
});
}
lint: Run `eslint --fix` on `bin/` and `tests/`
2020-11-23 19:21:51 +01:00
it('authz user /p/pad -> 200, ok', async function () {
tests: Delete unnecessary `describe()` wrapper
2020-10-29 23:48:16 +01:00
settings.requireAuthentication = true;
settings.requireAuthorization = true;
const res = await agent.get('/p/pad').auth('user', 'user-password').expect(200);
tests: Move socket.io connection helpers to `common.js`
2021-10-31 03:23:13 +01:00
socket = await common.connect(res);
const clientVars = await common.handshake(socket, 'pad');
tests: Delete unnecessary `describe()` wrapper
2020-10-29 23:48:16 +01:00
assert.equal(clientVars.type, 'CLIENT_VARS');
feature: New user-specific `readOnly` and `canCreate` settings (#4370) Also: * Group the tests for readability. * Factor out some common test setup.
2020-09-28 12:22:06 +02:00
});
lint: Run `eslint --fix` on `bin/` and `tests/`
2020-11-23 19:21:51 +01:00
it('supports pad names with characters that must be percent-encoded', async function () {
tests: Delete unnecessary `describe()` wrapper
2020-10-29 23:48:16 +01:00
settings.requireAuthentication = true;
// requireAuthorization is set to true here to guarantee that the user's padAuthorizations
// object is populated. Technically this isn't necessary because the user's padAuthorizations
// is currently populated even if requireAuthorization is false, but setting this to true
// ensures the test remains useful if the implementation ever changes.
settings.requireAuthorization = true;
const encodedPadId = encodeURIComponent('päd');
const res = await agent.get(`/p/${encodedPadId}`).auth('user', 'user-password').expect(200);
tests: Move socket.io connection helpers to `common.js`
2021-10-31 03:23:13 +01:00
socket = await common.connect(res);
const clientVars = await common.handshake(socket, 'päd');
tests: Delete unnecessary `describe()` wrapper
2020-10-29 23:48:16 +01:00
assert.equal(clientVars.type, 'CLIENT_VARS');
});
});
security: Enable authorize plugins to grant modify-only access
2020-09-12 01:46:47 +02:00
lint: Run `eslint --fix` on `bin/` and `tests/`
2020-11-23 19:21:51 +01:00
describe('Abnormal access attempts', function () {
it('authn anonymous /p/pad -> 401, error', async function () {
tests: Delete unnecessary `describe()` wrapper
2020-10-29 23:48:16 +01:00
settings.requireAuthentication = true;
const res = await agent.get('/p/pad').expect(401);
// Despite the 401, try to create the pad via a socket.io connection anyway.
tests: Move socket.io connection helpers to `common.js`
2021-10-31 03:23:13 +01:00
socket = await common.connect(res);
const message = await common.handshake(socket, 'pad');
tests: Delete unnecessary `describe()` wrapper
2020-10-29 23:48:16 +01:00
assert.equal(message.accessStatus, 'deny');
});
tests: Test access bypass via read-only pad ID
2021-04-12 21:31:36 +02:00
it('authn anonymous read-only /p/pad -> 401, error', async function () {
settings.requireAuthentication = true;
let res = await agent.get('/p/pad').auth('user', 'user-password').expect(200);
tests: Move socket.io connection helpers to `common.js`
2021-10-31 03:23:13 +01:00
socket = await common.connect(res);
const clientVars = await common.handshake(socket, 'pad');
tests: Test access bypass via read-only pad ID
2021-04-12 21:31:36 +02:00
assert.equal(clientVars.type, 'CLIENT_VARS');
const readOnlyId = clientVars.data.readOnlyId;
assert(readOnlyManager.isReadOnlyId(readOnlyId));
socket.close();
res = await agent.get(`/p/${readOnlyId}`).expect(401);
// Despite the 401, try to read the pad via a socket.io connection anyway.
tests: Move socket.io connection helpers to `common.js`
2021-10-31 03:23:13 +01:00
socket = await common.connect(res);
const message = await common.handshake(socket, readOnlyId);
tests: Test access bypass via read-only pad ID
2021-04-12 21:31:36 +02:00
assert.equal(message.accessStatus, 'deny');
});
lint: Run `eslint --fix` on `bin/` and `tests/`
2020-11-23 19:21:51 +01:00
it('authn !cookie -> error', async function () {
tests: Delete unnecessary `describe()` wrapper
2020-10-29 23:48:16 +01:00
settings.requireAuthentication = true;
tests: Move socket.io connection helpers to `common.js`
2021-10-31 03:23:13 +01:00
socket = await common.connect(null);
const message = await common.handshake(socket, 'pad');
tests: Delete unnecessary `describe()` wrapper
2020-10-29 23:48:16 +01:00
assert.equal(message.accessStatus, 'deny');
feature: New user-specific `readOnly` and `canCreate` settings (#4370) Also: * Group the tests for readability. * Factor out some common test setup.
2020-09-28 12:22:06 +02:00
});
lint: Run `eslint --fix` on `bin/` and `tests/`
2020-11-23 19:21:51 +01:00
it('authorization bypass attempt -> error', async function () {
tests: Delete unnecessary `describe()` wrapper
2020-10-29 23:48:16 +01:00
// Only allowed to access /p/pad.
authorize = (req) => req.path === '/p/pad';
settings.requireAuthentication = true;
settings.requireAuthorization = true;
// First authenticate and establish a session.
const res = await agent.get('/p/pad').auth('user', 'user-password').expect(200);
tests: Move socket.io connection helpers to `common.js`
2021-10-31 03:23:13 +01:00
socket = await common.connect(res);
tests: Delete unnecessary `describe()` wrapper
2020-10-29 23:48:16 +01:00
// Accessing /p/other-pad should fail, despite the successful fetch of /p/pad.
tests: Move socket.io connection helpers to `common.js`
2021-10-31 03:23:13 +01:00
const message = await common.handshake(socket, 'other-pad');
tests: Delete unnecessary `describe()` wrapper
2020-10-29 23:48:16 +01:00
assert.equal(message.accessStatus, 'deny');
});
});
feature: New user-specific `readOnly` and `canCreate` settings (#4370) Also: * Group the tests for readability. * Factor out some common test setup.
2020-09-28 12:22:06 +02:00
lint: Run `eslint --fix` on `bin/` and `tests/`
2020-11-23 19:21:51 +01:00
describe('Authorization levels via authorize hook', function () {
beforeEach(async function () {
tests: Delete unnecessary `describe()` wrapper
2020-10-29 23:48:16 +01:00
settings.requireAuthentication = true;
settings.requireAuthorization = true;
});
feature: New user-specific `readOnly` and `canCreate` settings (#4370) Also: * Group the tests for readability. * Factor out some common test setup.
2020-09-28 12:22:06 +02:00
lint: Run `eslint --fix` on `bin/` and `tests/`
2020-11-23 19:21:51 +01:00
it("level='create' -> can create", async function () {
tests: Delete unnecessary `describe()` wrapper
2020-10-29 23:48:16 +01:00
authorize = () => 'create';
const res = await agent.get('/p/pad').auth('user', 'user-password').expect(200);
tests: Move socket.io connection helpers to `common.js`
2021-10-31 03:23:13 +01:00
socket = await common.connect(res);
const clientVars = await common.handshake(socket, 'pad');
tests: Delete unnecessary `describe()` wrapper
2020-10-29 23:48:16 +01:00
assert.equal(clientVars.type, 'CLIENT_VARS');
assert.equal(clientVars.data.readonly, false);
});
lint: Run `eslint --fix` on `bin/` and `tests/`
2020-11-23 19:21:51 +01:00
it('level=true -> can create', async function () {
tests: Delete unnecessary `describe()` wrapper
2020-10-29 23:48:16 +01:00
authorize = () => true;
const res = await agent.get('/p/pad').auth('user', 'user-password').expect(200);
tests: Move socket.io connection helpers to `common.js`
2021-10-31 03:23:13 +01:00
socket = await common.connect(res);
const clientVars = await common.handshake(socket, 'pad');
tests: Delete unnecessary `describe()` wrapper
2020-10-29 23:48:16 +01:00
assert.equal(clientVars.type, 'CLIENT_VARS');
assert.equal(clientVars.data.readonly, false);
feature: New user-specific `readOnly` and `canCreate` settings (#4370) Also: * Group the tests for readability. * Factor out some common test setup.
2020-09-28 12:22:06 +02:00
});
lint: Run `eslint --fix` on `bin/` and `tests/`
2020-11-23 19:21:51 +01:00
it("level='modify' -> can modify", async function () {
tests: Delete unnecessary `describe()` wrapper
2020-10-29 23:48:16 +01:00
await padManager.getPad('pad'); // Create the pad.
authorize = () => 'modify';
const res = await agent.get('/p/pad').auth('user', 'user-password').expect(200);
tests: Move socket.io connection helpers to `common.js`
2021-10-31 03:23:13 +01:00
socket = await common.connect(res);
const clientVars = await common.handshake(socket, 'pad');
tests: Delete unnecessary `describe()` wrapper
2020-10-29 23:48:16 +01:00
assert.equal(clientVars.type, 'CLIENT_VARS');
assert.equal(clientVars.data.readonly, false);
});
lint: Run `eslint --fix` on `bin/` and `tests/`
2020-11-23 19:21:51 +01:00
it("level='create' settings.editOnly=true -> unable to create", async function () {
tests: Delete unnecessary `describe()` wrapper
2020-10-29 23:48:16 +01:00
authorize = () => 'create';
settings.editOnly = true;
const res = await agent.get('/p/pad').auth('user', 'user-password').expect(200);
tests: Move socket.io connection helpers to `common.js`
2021-10-31 03:23:13 +01:00
socket = await common.connect(res);
const message = await common.handshake(socket, 'pad');
tests: Delete unnecessary `describe()` wrapper
2020-10-29 23:48:16 +01:00
assert.equal(message.accessStatus, 'deny');
});
lint: Run `eslint --fix` on `bin/` and `tests/`
2020-11-23 19:21:51 +01:00
it("level='modify' settings.editOnly=false -> unable to create", async function () {
tests: Delete unnecessary `describe()` wrapper
2020-10-29 23:48:16 +01:00
authorize = () => 'modify';
settings.editOnly = false;
const res = await agent.get('/p/pad').auth('user', 'user-password').expect(200);
tests: Move socket.io connection helpers to `common.js`
2021-10-31 03:23:13 +01:00
socket = await common.connect(res);
const message = await common.handshake(socket, 'pad');
tests: Delete unnecessary `describe()` wrapper
2020-10-29 23:48:16 +01:00
assert.equal(message.accessStatus, 'deny');
});
lint: Run `eslint --fix` on `bin/` and `tests/`
2020-11-23 19:21:51 +01:00
it("level='readOnly' -> unable to create", async function () {
tests: Delete unnecessary `describe()` wrapper
2020-10-29 23:48:16 +01:00
authorize = () => 'readOnly';
const res = await agent.get('/p/pad').auth('user', 'user-password').expect(200);
tests: Move socket.io connection helpers to `common.js`
2021-10-31 03:23:13 +01:00
socket = await common.connect(res);
const message = await common.handshake(socket, 'pad');
tests: Delete unnecessary `describe()` wrapper
2020-10-29 23:48:16 +01:00
assert.equal(message.accessStatus, 'deny');
});
lint: Run `eslint --fix` on `bin/` and `tests/`
2020-11-23 19:21:51 +01:00
it("level='readOnly' -> unable to modify", async function () {
tests: Delete unnecessary `describe()` wrapper
2020-10-29 23:48:16 +01:00
await padManager.getPad('pad'); // Create the pad.
authorize = () => 'readOnly';
const res = await agent.get('/p/pad').auth('user', 'user-password').expect(200);
tests: Move socket.io connection helpers to `common.js`
2021-10-31 03:23:13 +01:00
socket = await common.connect(res);
const clientVars = await common.handshake(socket, 'pad');
tests: Delete unnecessary `describe()` wrapper
2020-10-29 23:48:16 +01:00
assert.equal(clientVars.type, 'CLIENT_VARS');
assert.equal(clientVars.data.readonly, true);
});
});
feature: New user-specific `readOnly` and `canCreate` settings (#4370) Also: * Group the tests for readability. * Factor out some common test setup.
2020-09-28 12:22:06 +02:00
lint: Run `eslint --fix` on `bin/` and `tests/`
2020-11-23 19:21:51 +01:00
describe('Authorization levels via user settings', function () {
beforeEach(async function () {
tests: Delete unnecessary `describe()` wrapper
2020-10-29 23:48:16 +01:00
settings.requireAuthentication = true;
});
feature: New user-specific `readOnly` and `canCreate` settings (#4370) Also: * Group the tests for readability. * Factor out some common test setup.
2020-09-28 12:22:06 +02:00
lint: Run `eslint --fix` on `bin/` and `tests/`
2020-11-23 19:21:51 +01:00
it('user.canCreate = true -> can create and modify', async function () {
tests: Delete unnecessary `describe()` wrapper
2020-10-29 23:48:16 +01:00
settings.users.user.canCreate = true;
const res = await agent.get('/p/pad').auth('user', 'user-password').expect(200);
tests: Move socket.io connection helpers to `common.js`
2021-10-31 03:23:13 +01:00
socket = await common.connect(res);
const clientVars = await common.handshake(socket, 'pad');
tests: Delete unnecessary `describe()` wrapper
2020-10-29 23:48:16 +01:00
assert.equal(clientVars.type, 'CLIENT_VARS');
assert.equal(clientVars.data.readonly, false);
feature: New user-specific `readOnly` and `canCreate` settings (#4370) Also: * Group the tests for readability. * Factor out some common test setup.
2020-09-28 12:22:06 +02:00
});
lint: Run `eslint --fix` on `bin/` and `tests/`
2020-11-23 19:21:51 +01:00
it('user.canCreate = false -> unable to create', async function () {
tests: Delete unnecessary `describe()` wrapper
2020-10-29 23:48:16 +01:00
settings.users.user.canCreate = false;
const res = await agent.get('/p/pad').auth('user', 'user-password').expect(200);
tests: Move socket.io connection helpers to `common.js`
2021-10-31 03:23:13 +01:00
socket = await common.connect(res);
const message = await common.handshake(socket, 'pad');
tests: Delete unnecessary `describe()` wrapper
2020-10-29 23:48:16 +01:00
assert.equal(message.accessStatus, 'deny');
});
lint: Run `eslint --fix` on `bin/` and `tests/`
2020-11-23 19:21:51 +01:00
it('user.readOnly = true -> unable to create', async function () {
tests: Delete unnecessary `describe()` wrapper
2020-10-29 23:48:16 +01:00
settings.users.user.readOnly = true;
const res = await agent.get('/p/pad').auth('user', 'user-password').expect(200);
tests: Move socket.io connection helpers to `common.js`
2021-10-31 03:23:13 +01:00
socket = await common.connect(res);
const message = await common.handshake(socket, 'pad');
tests: Delete unnecessary `describe()` wrapper
2020-10-29 23:48:16 +01:00
assert.equal(message.accessStatus, 'deny');
});
lint: Run `eslint --fix` on `bin/` and `tests/`
2020-11-23 19:21:51 +01:00
it('user.readOnly = true -> unable to modify', async function () {
tests: Delete unnecessary `describe()` wrapper
2020-10-29 23:48:16 +01:00
await padManager.getPad('pad'); // Create the pad.
settings.users.user.readOnly = true;
const res = await agent.get('/p/pad').auth('user', 'user-password').expect(200);
tests: Move socket.io connection helpers to `common.js`
2021-10-31 03:23:13 +01:00
socket = await common.connect(res);
const clientVars = await common.handshake(socket, 'pad');
tests: Delete unnecessary `describe()` wrapper
2020-10-29 23:48:16 +01:00
assert.equal(clientVars.type, 'CLIENT_VARS');
assert.equal(clientVars.data.readonly, true);
});
lint: Run `eslint --fix` on `bin/` and `tests/`
2020-11-23 19:21:51 +01:00
it('user.readOnly = false -> can create and modify', async function () {
tests: Delete unnecessary `describe()` wrapper
2020-10-29 23:48:16 +01:00
settings.users.user.readOnly = false;
const res = await agent.get('/p/pad').auth('user', 'user-password').expect(200);
tests: Move socket.io connection helpers to `common.js`
2021-10-31 03:23:13 +01:00
socket = await common.connect(res);
const clientVars = await common.handshake(socket, 'pad');
tests: Delete unnecessary `describe()` wrapper
2020-10-29 23:48:16 +01:00
assert.equal(clientVars.type, 'CLIENT_VARS');
assert.equal(clientVars.data.readonly, false);
});
lint: Run `eslint --fix` on `bin/` and `tests/`
2020-11-23 19:21:51 +01:00
it('user.readOnly = true, user.canCreate = true -> unable to create', async function () {
tests: Delete unnecessary `describe()` wrapper
2020-10-29 23:48:16 +01:00
settings.users.user.canCreate = true;
settings.users.user.readOnly = true;
const res = await agent.get('/p/pad').auth('user', 'user-password').expect(200);
tests: Move socket.io connection helpers to `common.js`
2021-10-31 03:23:13 +01:00
socket = await common.connect(res);
const message = await common.handshake(socket, 'pad');
tests: Delete unnecessary `describe()` wrapper
2020-10-29 23:48:16 +01:00
assert.equal(message.accessStatus, 'deny');
});
});
feature: New user-specific `readOnly` and `canCreate` settings (#4370) Also: * Group the tests for readability. * Factor out some common test setup.
2020-09-28 12:22:06 +02:00
lint: Run `eslint --fix` on `bin/` and `tests/`
2020-11-23 19:21:51 +01:00
describe('Authorization level interaction between authorize hook and user settings', function () {
beforeEach(async function () {
tests: Delete unnecessary `describe()` wrapper
2020-10-29 23:48:16 +01:00
settings.requireAuthentication = true;
settings.requireAuthorization = true;
});
tests: Include the filename in the test output Also some minor consistency cleanups.
2020-10-10 00:19:46 +02:00
lint: Run `eslint --fix` on `bin/` and `tests/`
2020-11-23 19:21:51 +01:00
it('authorize hook does not elevate level from user settings', async function () {
tests: Delete unnecessary `describe()` wrapper
2020-10-29 23:48:16 +01:00
settings.users.user.readOnly = true;
authorize = () => 'create';
const res = await agent.get('/p/pad').auth('user', 'user-password').expect(200);
tests: Move socket.io connection helpers to `common.js`
2021-10-31 03:23:13 +01:00
socket = await common.connect(res);
const message = await common.handshake(socket, 'pad');
tests: Delete unnecessary `describe()` wrapper
2020-10-29 23:48:16 +01:00
assert.equal(message.accessStatus, 'deny');
});
lint: Run `eslint --fix` on `bin/` and `tests/`
2020-11-23 19:21:51 +01:00
it('user settings does not elevate level from authorize hook', async function () {
tests: Delete unnecessary `describe()` wrapper
2020-10-29 23:48:16 +01:00
settings.users.user.readOnly = false;
settings.users.user.canCreate = true;
authorize = () => 'readOnly';
const res = await agent.get('/p/pad').auth('user', 'user-password').expect(200);
tests: Move socket.io connection helpers to `common.js`
2021-10-31 03:23:13 +01:00
socket = await common.connect(res);
const message = await common.handshake(socket, 'pad');
tests: Delete unnecessary `describe()` wrapper
2020-10-29 23:48:16 +01:00
assert.equal(message.accessStatus, 'deny');
feature: New user-specific `readOnly` and `canCreate` settings (#4370) Also: * Group the tests for readability. * Factor out some common test setup.
2020-09-28 12:22:06 +02:00
});
security: Enable authorize plugins to grant read-only access
2020-09-19 21:30:04 +02:00
});
SocketIORouter: Add unit tests
2021-09-06 10:11:30 +02:00
describe('SocketIORouter.js', function () {
const Module = class {
setSocketIO(io) {}
handleConnect(socket) {}
handleDisconnect(socket) {}
handleMessage(socket, message) {}
};
afterEach(async function () {
socketIoRouter.deleteComponent(this.test.fullTitle());
socketIoRouter.deleteComponent(`${this.test.fullTitle()} #2`);
});
it('setSocketIO', async function () {
let ioServer;
socketIoRouter.addComponent(this.test.fullTitle(), new class extends Module {
setSocketIO(io) { ioServer = io; }
}());
assert(ioServer != null);
});
it('handleConnect', async function () {
let serverSocket;
socketIoRouter.addComponent(this.test.fullTitle(), new class extends Module {
handleConnect(socket) { serverSocket = socket; }
}());
tests: Move socket.io connection helpers to `common.js`
2021-10-31 03:23:13 +01:00
socket = await common.connect();
SocketIORouter: Add unit tests
2021-09-06 10:11:30 +02:00
assert(serverSocket != null);
});
it('handleDisconnect', async function () {
let resolveConnected;
const connected = new Promise((resolve) => resolveConnected = resolve);
let resolveDisconnected;
const disconnected = new Promise((resolve) => resolveDisconnected = resolve);
socketIoRouter.addComponent(this.test.fullTitle(), new class extends Module {
handleConnect(socket) {
this._socket = socket;
resolveConnected();
}
handleDisconnect(socket) {
assert(socket != null);
// There might be lingering disconnect events from sockets created by other tests.
if (this._socket == null || socket.id !== this._socket.id) return;
assert.equal(socket, this._socket);
resolveDisconnected();
}
}());
tests: Move socket.io connection helpers to `common.js`
2021-10-31 03:23:13 +01:00
socket = await common.connect();
SocketIORouter: Add unit tests
2021-09-06 10:11:30 +02:00
await connected;
socket.close();
socket = null;
await disconnected;
});
SocketIORouter: Don't crash if message handler throws
2021-09-06 11:51:57 +02:00
it('handleMessage (success)', async function () {
SocketIORouter: Add unit tests
2021-09-06 10:11:30 +02:00
let serverSocket;
const want = {
component: this.test.fullTitle(),
foo: {bar: 'asdf'},
};
let rx;
const got = new Promise((resolve) => { rx = resolve; });
socketIoRouter.addComponent(this.test.fullTitle(), new class extends Module {
handleConnect(socket) { serverSocket = socket; }
handleMessage(socket, message) { assert.equal(socket, serverSocket); rx(message); }
}());
socketIoRouter.addComponent(`${this.test.fullTitle()} #2`, new class extends Module {
handleMessage(socket, message) { assert.fail('wrong handler called'); }
}());
tests: Move socket.io connection helpers to `common.js`
2021-10-31 03:23:13 +01:00
socket = await common.connect();
SocketIORouter: Add unit tests
2021-09-06 10:11:30 +02:00
socket.send(want);
assert.deepEqual(await got, want);
});
SocketIORouter: Don't crash if message handler throws
2021-09-06 11:51:57 +02:00
SocketIORouter: Add acknowledgement support
2021-09-06 11:42:47 +02:00
const tx = async (socket, message = {}) => await new Promise((resolve, reject) => {
const AckErr = class extends Error {
constructor(name, ...args) { super(...args); this.name = name; }
};
socket.send(message,
(errj, val) => errj != null ? reject(new AckErr(errj.name, errj.message)) : resolve(val));
});
it('handleMessage with ack (success)', async function () {
const want = 'value';
SocketIORouter: Don't crash if message handler throws
2021-09-06 11:51:57 +02:00
socketIoRouter.addComponent(this.test.fullTitle(), new class extends Module {
SocketIORouter: Add acknowledgement support
2021-09-06 11:42:47 +02:00
handleMessage(socket, msg) { return want; }
SocketIORouter: Don't crash if message handler throws
2021-09-06 11:51:57 +02:00
}());
tests: Move socket.io connection helpers to `common.js`
2021-10-31 03:23:13 +01:00
socket = await common.connect();
SocketIORouter: Add acknowledgement support
2021-09-06 11:42:47 +02:00
const got = await tx(socket, {component: this.test.fullTitle()});
assert.equal(got, want);
});
it('handleMessage with ack (error)', async function () {
const InjectedError = class extends Error {
constructor() { super('injected test error'); this.name = 'InjectedError'; }
SocketIORouter: Don't crash if message handler throws
2021-09-06 11:51:57 +02:00
};
SocketIORouter: Add acknowledgement support
2021-09-06 11:42:47 +02:00
socketIoRouter.addComponent(this.test.fullTitle(), new class extends Module {
handleMessage(socket, msg) { throw new InjectedError(); }
}());
tests: Move socket.io connection helpers to `common.js`
2021-10-31 03:23:13 +01:00
socket = await common.connect();
SocketIORouter: Add acknowledgement support
2021-09-06 11:42:47 +02:00
await assert.rejects(tx(socket, {component: this.test.fullTitle()}), new InjectedError());
SocketIORouter: Don't crash if message handler throws
2021-09-06 11:51:57 +02:00
});
SocketIORouter: Add unit tests
2021-09-06 10:11:30 +02:00
});
tests: Add authentication, authorization bypass tests
2020-09-14 06:39:10 +02:00
});
Reference in a new issue Copy permalink