mirror of
https://github.com/ether/etherpad-lite.git
synced 2025-01-21 06:52:46 +01:00
66df0a572f
This will be a breaking change for some people. We removed all internal password control logic. If this affects you, you have two options: 1. Use a plugin for authentication and use session based pad access (recommended). 1. Use a plugin for password setting. The reasoning for removing this feature is to reduce the overall security footprint of Etherpad. It is unnecessary and cumbersome to keep this feature and with the thousands of available authentication methods available in the world our focus should be on supporting those and allowing more granual access based on their implementations (instead of half assed baking our own).
302 lines
9.2 KiB
JavaScript
302 lines
9.2 KiB
JavaScript
const assert = require('assert').strict;
|
|
const supertest = require(__dirname + '/../../../../src/node_modules/supertest');
|
|
const fs = require('fs');
|
|
const settings = require(__dirname + '/../../../../src/node/utils/Settings');
|
|
const api = supertest(`http://${settings.ip}:${settings.port}`);
|
|
const path = require('path');
|
|
|
|
const filePath = path.join(__dirname, '../../../../APIKEY.txt');
|
|
|
|
const apiKey = fs.readFileSync(filePath, {encoding: 'utf-8'}).replace(/\n$/, '');
|
|
let apiVersion = 1;
|
|
let groupID = '';
|
|
let authorID = '';
|
|
let sessionID = '';
|
|
let padID = makeid();
|
|
|
|
describe('API Versioning', function() {
|
|
it('errors if can not connect', async function() {
|
|
await api.get('/api/')
|
|
.expect(200)
|
|
.expect((res) => {
|
|
assert(res.body.currentVersion);
|
|
apiVersion = res.body.currentVersion;
|
|
});
|
|
});
|
|
});
|
|
|
|
// BEGIN GROUP AND AUTHOR TESTS
|
|
/////////////////////////////////////
|
|
/////////////////////////////////////
|
|
|
|
/* Tests performed
|
|
-> createGroup() -- should return a groupID
|
|
-> listSessionsOfGroup(groupID) -- should be 0
|
|
-> deleteGroup(groupID)
|
|
-> createGroupIfNotExistsFor(groupMapper) -- should return a groupID
|
|
|
|
-> createAuthor([name]) -- should return an authorID
|
|
-> createAuthorIfNotExistsFor(authorMapper [, name]) -- should return an authorID
|
|
-> getAuthorName(authorID) -- should return a name IE "john"
|
|
|
|
-> createSession(groupID, authorID, validUntil)
|
|
-> getSessionInfo(sessionID)
|
|
-> listSessionsOfGroup(groupID) -- should be 1
|
|
-> deleteSession(sessionID)
|
|
-> getSessionInfo(sessionID) -- should have author id etc in
|
|
|
|
-> listPads(groupID) -- should be empty array
|
|
-> createGroupPad(groupID, padName [, text])
|
|
-> listPads(groupID) -- should be empty array
|
|
-> getPublicStatus(padId)
|
|
-> setPublicStatus(padId, status)
|
|
-> getPublicStatus(padId)
|
|
|
|
-> listPadsOfAuthor(authorID)
|
|
*/
|
|
|
|
describe('API: Group creation and deletion', function() {
|
|
it('createGroup', async function() {
|
|
await api.get(endPoint('createGroup'))
|
|
.expect(200)
|
|
.expect('Content-Type', /json/)
|
|
.expect((res) => {
|
|
assert.equal(res.body.code, 0);
|
|
assert(res.body.data.groupID);
|
|
groupID = res.body.data.groupID;
|
|
});
|
|
});
|
|
|
|
it('listSessionsOfGroup for empty group', async function() {
|
|
await api.get(endPoint('listSessionsOfGroup') + `&groupID=${groupID}`)
|
|
.expect(200)
|
|
.expect('Content-Type', /json/)
|
|
.expect((res) => {
|
|
assert.equal(res.body.code, 0);
|
|
assert.equal(res.body.data, null);
|
|
});
|
|
});
|
|
|
|
it('deleteGroup', async function() {
|
|
await api.get(endPoint('deleteGroup') + `&groupID=${groupID}`)
|
|
.expect(200)
|
|
.expect('Content-Type', /json/)
|
|
.expect((res) => {
|
|
assert.equal(res.body.code, 0);
|
|
});
|
|
});
|
|
|
|
it('createGroupIfNotExistsFor', async function() {
|
|
await api.get(endPoint('createGroupIfNotExistsFor') + '&groupMapper=management')
|
|
.expect(200)
|
|
.expect('Content-Type', /json/)
|
|
.expect((res) => {
|
|
assert.equal(res.body.code, 0);
|
|
assert(res.body.data.groupID);
|
|
});
|
|
});
|
|
});
|
|
|
|
describe('API: Author creation', function() {
|
|
it('createGroup', async function() {
|
|
await api.get(endPoint('createGroup'))
|
|
.expect(200)
|
|
.expect('Content-Type', /json/)
|
|
.expect((res) => {
|
|
assert.equal(res.body.code, 0);
|
|
assert(res.body.data.groupID);
|
|
groupID = res.body.data.groupID;
|
|
});
|
|
});
|
|
|
|
it('createAuthor', async function() {
|
|
await api.get(endPoint('createAuthor'))
|
|
.expect(200)
|
|
.expect('Content-Type', /json/)
|
|
.expect((res) => {
|
|
assert.equal(res.body.code, 0);
|
|
assert(res.body.data.authorID);
|
|
});
|
|
});
|
|
|
|
it('createAuthor with name', async function() {
|
|
await api.get(endPoint('createAuthor') + '&name=john')
|
|
.expect(200)
|
|
.expect('Content-Type', /json/)
|
|
.expect((res) => {
|
|
assert.equal(res.body.code, 0);
|
|
assert(res.body.data.authorID);
|
|
authorID = res.body.data.authorID; // we will be this author for the rest of the tests
|
|
});
|
|
});
|
|
|
|
it('createAuthorIfNotExistsFor', async function() {
|
|
await api.get(endPoint('createAuthorIfNotExistsFor') + '&authorMapper=chris')
|
|
.expect(200)
|
|
.expect('Content-Type', /json/)
|
|
.expect((res) => {
|
|
assert.equal(res.body.code, 0);
|
|
assert(res.body.data.authorID);
|
|
});
|
|
});
|
|
|
|
it('getAuthorName', async function() {
|
|
await api.get(endPoint('getAuthorName') + `&authorID=${authorID}`)
|
|
.expect(200)
|
|
.expect('Content-Type', /json/)
|
|
.expect((res) => {
|
|
assert.equal(res.body.code, 0);
|
|
assert.equal(res.body.data, 'john');
|
|
});
|
|
});
|
|
});
|
|
|
|
describe('API: Sessions', function() {
|
|
it('createSession', async function() {
|
|
await api.get(endPoint('createSession') +
|
|
`&authorID=${authorID}&groupID=${groupID}&validUntil=999999999999`)
|
|
.expect(200)
|
|
.expect('Content-Type', /json/)
|
|
.expect((res) => {
|
|
assert.equal(res.body.code, 0);
|
|
assert(res.body.data.sessionID);
|
|
sessionID = res.body.data.sessionID;
|
|
});
|
|
});
|
|
|
|
it('getSessionInfo', async function() {
|
|
await api.get(endPoint('getSessionInfo') + `&sessionID=${sessionID}`)
|
|
.expect(200)
|
|
.expect('Content-Type', /json/)
|
|
.expect((res) => {
|
|
assert.equal(res.body.code, 0);
|
|
assert(res.body.data.groupID);
|
|
assert(res.body.data.authorID);
|
|
assert(res.body.data.validUntil);
|
|
});
|
|
});
|
|
|
|
it('listSessionsOfGroup', async function() {
|
|
await api.get(endPoint('listSessionsOfGroup') + `&groupID=${groupID}`)
|
|
.expect(200)
|
|
.expect('Content-Type', /json/)
|
|
.expect((res) => {
|
|
assert.equal(res.body.code, 0);
|
|
assert.equal(typeof res.body.data, 'object');
|
|
});
|
|
});
|
|
|
|
it('deleteSession', async function() {
|
|
await api.get(endPoint('deleteSession') + `&sessionID=${sessionID}`)
|
|
.expect(200)
|
|
.expect('Content-Type', /json/)
|
|
.expect((res) => {
|
|
assert.equal(res.body.code, 0);
|
|
});
|
|
});
|
|
|
|
it('getSessionInfo of deleted session', async function() {
|
|
await api.get(endPoint('getSessionInfo') + `&sessionID=${sessionID}`)
|
|
.expect(200)
|
|
.expect('Content-Type', /json/)
|
|
.expect((res) => {
|
|
assert.equal(res.body.code, 1);
|
|
});
|
|
});
|
|
});
|
|
|
|
describe('API: Group pad management', function() {
|
|
it('listPads', async function() {
|
|
await api.get(endPoint('listPads') + `&groupID=${groupID}`)
|
|
.expect(200)
|
|
.expect('Content-Type', /json/)
|
|
.expect((res) => {
|
|
assert.equal(res.body.code, 0);
|
|
assert.equal(res.body.data.padIDs.length, 0);
|
|
});
|
|
});
|
|
|
|
it('createGroupPad', async function() {
|
|
await api.get(endPoint('createGroupPad') + `&groupID=${groupID}&padName=${padID}`)
|
|
.expect(200)
|
|
.expect('Content-Type', /json/)
|
|
.expect((res) => {
|
|
assert.equal(res.body.code, 0);
|
|
padID = res.body.data.padID;
|
|
});
|
|
});
|
|
|
|
it('listPads after creating a group pad', async function() {
|
|
await api.get(endPoint('listPads') + `&groupID=${groupID}`)
|
|
.expect(200)
|
|
.expect('Content-Type', /json/)
|
|
.expect((res) => {
|
|
assert.equal(res.body.code, 0);
|
|
assert.equal(res.body.data.padIDs.length, 1);
|
|
});
|
|
});
|
|
});
|
|
|
|
describe('API: Pad security', function() {
|
|
it('getPublicStatus', async function() {
|
|
await api.get(endPoint('getPublicStatus') + `&padID=${padID}`)
|
|
.expect(200)
|
|
.expect('Content-Type', /json/)
|
|
.expect((res) => {
|
|
assert.equal(res.body.code, 0);
|
|
assert.equal(res.body.data.publicStatus, false);
|
|
});
|
|
});
|
|
|
|
it('setPublicStatus', async function() {
|
|
await api.get(endPoint('setPublicStatus') + `&padID=${padID}&publicStatus=true`)
|
|
.expect(200)
|
|
.expect('Content-Type', /json/)
|
|
.expect((res) => {
|
|
assert.equal(res.body.code, 0);
|
|
});
|
|
});
|
|
|
|
it('getPublicStatus after changing public status', async function() {
|
|
await api.get(endPoint('getPublicStatus') + `&padID=${padID}`)
|
|
.expect(200)
|
|
.expect('Content-Type', /json/)
|
|
.expect((res) => {
|
|
assert.equal(res.body.code, 0);
|
|
assert.equal(res.body.data.publicStatus, true);
|
|
});
|
|
});
|
|
});
|
|
|
|
// NOT SURE HOW TO POPULAT THIS /-_-\
|
|
///////////////////////////////////////
|
|
///////////////////////////////////////
|
|
|
|
describe('API: Misc', function() {
|
|
it('listPadsOfAuthor', async function() {
|
|
await api.get(endPoint('listPadsOfAuthor') + `&authorID=${authorID}`)
|
|
.expect(200)
|
|
.expect('Content-Type', /json/)
|
|
.expect((res) => {
|
|
assert.equal(res.body.code, 0);
|
|
assert.equal(res.body.data.padIDs.length, 0);
|
|
});
|
|
});
|
|
});
|
|
|
|
|
|
|
|
const endPoint = function(point) {
|
|
return `/api/${apiVersion}/${point}?apikey=${apiKey}`;
|
|
};
|
|
|
|
function makeid()
|
|
{
|
|
let text = '';
|
|
const possible = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
|
|
|
|
for (let i = 0; i < 5; i++) {
|
|
text += possible.charAt(Math.floor(Math.random() * possible.length));
|
|
}
|
|
return text;
|
|
}
|