hyperzlib
/
nodebb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

more tests

Browse Source
v1.18.x
Barış Soner Uşaklı 8 years ago
parent 6daeadb7e9
commit 01e2263c01
7 changed files with 225 additions and 166 deletions
Show Stats Download Patch File Download Diff File

17
src/controllers/helpers.js
Unescape Escape View File

@ -10,8 +10,9 @@ var privileges = require('../privileges');
var categories = require('../categories');
var plugins = require('../plugins');
var meta = require('../meta');
var middleware = require('../middleware');
var helpers = {};
var helpers = module.exports;
helpers.notAllowed = function (req, res, error) {
plugins.fireHook('filter:helpers.notAllowed', {
@ -31,11 +32,13 @@ helpers.notAllowed = function (req, res, error) {
title: '[[global:403.title]]',
});
} else {
res.status(403).render('403', {
path: req.path,
loggedIn: !!req.uid,
error: error,
title: '[[global:403.title]]',
middleware.buildHeader(req, res, function () {
res.status(403).render('403', {
path: req.path,
loggedIn: !!req.uid,
error: error,
title: '[[global:403.title]]',
});
});
}
} else if (res.locals.isAPI) {
@ -175,5 +178,3 @@ function recursive(category, categoriesData, level) {
recursive(child, categoriesData, '    ' + level);
});
}
module.exports = helpers;

8
src/groups/membership.js
Unescape Escape View File

@ -323,12 +323,12 @@ module.exports = function (Groups) {
Groups.isMember = function (uid, groupName, callback) {
if (!uid || parseInt(uid, 10) <= 0) {
return callback(null, false);
return setImmediate(callback, null, false);
}
var cacheKey = uid + ':' + groupName;
if (cache.has(cacheKey)) {
return process.nextTick(callback, null, cache.get(cacheKey));
return setImmediate(callback, null, cache.get(cacheKey));
}
async.waterfall([
@ -344,7 +344,7 @@ module.exports = function (Groups) {
Groups.isMembers = function (uids, groupName, callback) {
function getFromCache(next) {
process.nextTick(next, null, uids.map(function (uid) {
setImmediate(next, null, uids.map(function (uid) {
return cache.get(uid + ':' + groupName);
}));
}
@ -377,7 +377,7 @@ module.exports = function (Groups) {
Groups.isMemberOfGroups = function (uid, groups, callback) {
function getFromCache(next) {
process.nextTick(next, null, groups.map(function (groupName) {
setImmediate(next, null, groups.map(function (groupName) {
return cache.get(uid + ':' + groupName);
}));
}

22
src/middleware/admin.js
Unescape Escape View File

@ -16,17 +16,17 @@ module.exports = function (middleware) {
middleware.admin.isAdmin = function (req, res, next) {
winston.warn('[middleware.admin.isAdmin] deprecation warning, no need to use this from plugins!');
if (!req.user) {
return controllers.helpers.notAllowed(req, res);
}
user.isAdministrator(req.user.uid, function (err, isAdmin) {
if (err || isAdmin) {
return next(err);
}
controllers.helpers.notAllowed(req, res);
});
async.waterfall([
function (next) {
user.isAdministrator(req.uid, next);
},
function (isAdmin, next) {
if (!isAdmin) {
return controllers.helpers.notAllowed(req, res);
}
next();
},
], next);
};
middleware.admin.buildHeader = function (req, res, next) {

67
src/middleware/index.js
Unescape Escape View File

@ -21,7 +21,7 @@ var controllers = {
helpers: require('../controllers/helpers'),
};
var middleware = {};
var middleware = module.exports;
middleware.applyCSRF = csrf();
@ -34,68 +34,6 @@ require('./maintenance')(middleware);
require('./user')(middleware);
require('./headers')(middleware);
middleware.authenticate = function (req, res, next) {
if (req.user) {
return next();
} else if (plugins.hasListeners('action:middleware.authenticate')) {
return plugins.fireHook('action:middleware.authenticate', {
req: req,
res: res,
next: next,
});
}
controllers.helpers.notAllowed(req, res);
};
middleware.ensureSelfOrGlobalPrivilege = function (req, res, next) {
/*
The "self" part of this middleware hinges on you having used
middleware.exposeUid prior to invoking this middleware.
*/
async.waterfall([
function (next) {
if (!req.uid) {
return setImmediate(next, null, false);
}
if (req.uid === parseInt(res.locals.uid, 10)) {
return setImmediate(next, null, true);
}
user.isAdminOrGlobalMod(req.uid, next);
},
function (isAdminOrGlobalMod, next) {
if (!isAdminOrGlobalMod) {
return controllers.helpers.notAllowed(req, res);
}
next();
},
], next);
};
middleware.ensureSelfOrPrivileged = function (req, res, next) {
/*
The "self" part of this middleware hinges on you having used
middleware.exposeUid prior to invoking this middleware.
*/
if (req.user) {
if (parseInt(req.user.uid, 10) === parseInt(res.locals.uid, 10)) {
return next();
}
user.isPrivileged(req.uid, function (err, ok) {
if (err) {
return next(err);
} else if (ok) {
return next();
}
controllers.helpers.notAllowed(req, res);
});
} else {
controllers.helpers.notAllowed(req, res);
}
};
middleware.pageView = function (req, res, next) {
analytics.pageView({
ip: req.ip,
@ -226,6 +164,3 @@ middleware.processTimeagoLocales = function (req, res) {
});
}
};
module.exports = middleware;

181
src/middleware/user.js
Unescape Escape View File

@ -6,14 +6,65 @@ var nconf = require('nconf');
var meta = require('../meta');
var user = require('../user');
var privileges = require('../privileges');
var plugins = require('../plugins');
var controllers = {
helpers: require('../controllers/helpers'),
};
module.exports = function (middleware) {
middleware.authenticate = function (req, res, next) {
if (req.uid) {
return next();
}
if (plugins.hasListeners('action:middleware.authenticate')) {
return plugins.fireHook('action:middleware.authenticate', {
req: req,
res: res,
next: next,
});
}
controllers.helpers.notAllowed(req, res);
};
middleware.ensureSelfOrGlobalPrivilege = function (req, res, next) {
ensureSelfOrMethod(user.isAdminOrGlobalMod, req, res, next);
};
middleware.ensureSelfOrPrivileged = function (req, res, next) {
ensureSelfOrMethod(user.isPrivileged, req, res, next);
};
function ensureSelfOrMethod(method, req, res, next) {
/*
The "self" part of this middleware hinges on you having used
middleware.exposeUid prior to invoking this middleware.
*/
async.waterfall([
function (next) {
if (!req.uid) {
return setImmediate(next, null, false);
}
if (req.uid === parseInt(res.locals.uid, 10)) {
return setImmediate(next, null, true);
}
method(req.uid, next);
},
function (allowed, next) {
if (!allowed) {
return controllers.helpers.notAllowed(req, res);
}
next();
},
], next);
}
middleware.checkGlobalPrivacySettings = function (req, res, next) {
if (!req.user && !!parseInt(meta.config.privateUserInfo, 10)) {
if (!req.uid && !!parseInt(meta.config.privateUserInfo, 10)) {
return middleware.authenticate(req, res, next);
}
@ -44,28 +95,28 @@ module.exports = function (middleware) {
next(null, false);
}
},
], function (err, allowed) {
if (err || allowed) {
return next(err);
}
controllers.helpers.notAllowed(req, res);
});
function (allowed) {
if (allowed) {
return next();
}
controllers.helpers.notAllowed(req, res);
},
], next);
};
middleware.redirectToAccountIfLoggedIn = function (req, res, next) {
if (req.session.forceLogin) {
if (req.session.forceLogin || !req.uid) {
return next();
}
if (!req.user) {
return next();
}
user.getUserField(req.user.uid, 'userslug', function (err, userslug) {
if (err) {
return next(err);
}
controllers.helpers.redirect(res, '/user/' + userslug);
});
async.waterfall([
function (next) {
user.getUserField(req.uid, 'userslug', next);
},
function (userslug) {
controllers.helpers.redirect(res, '/user/' + userslug);
},
], next);
};
middleware.redirectUidToUserslug = function (req, res, next) {
@ -73,71 +124,61 @@ module.exports = function (middleware) {
if (!uid) {
return next();
}
user.getUserField(uid, 'userslug', function (err, userslug) {
if (err || !userslug) {
return next(err);
}
var path = req.path.replace(/^\/api/, '')
async.waterfall([
function (next) {
user.getUserField(uid, 'userslug', next);
},
function (userslug) {
if (!userslug) {
return next();
}
var path = req.path.replace(/^\/api/, '')
.replace('uid', 'user')
.replace(uid, function () { return userslug; });
controllers.helpers.redirect(res, path);
});
controllers.helpers.redirect(res, path);
},
], next);
};
middleware.isAdmin = function (req, res, next) {
if (!req.uid) {
return controllers.helpers.notAllowed(req, res);
}
user.isAdministrator(req.uid, function (err, isAdmin) {
if (err) {
return next(err);
}
if (isAdmin) {
user.hasPassword(req.uid, function (err, hasPassword) {
if (err) {
return next(err);
}
if (!hasPassword) {
return next();
}
var loginTime = req.session.meta ? req.session.meta.datetime : 0;
if (loginTime && parseInt(loginTime, 10) > Date.now() - 3600000) {
var timeLeft = parseInt(loginTime, 10) - (Date.now() - 3600000);
if (timeLeft < 300000) {
req.session.meta.datetime += 300000;
}
return next();
}
async.waterfall([
function (next) {
user.isAdministrator(req.uid, next);
},
function (isAdmin, next) {
if (!isAdmin) {
return controllers.helpers.notAllowed(req, res);
}
user.hasPassword(req.uid, next);
},
function (hasPassword, next) {
if (!hasPassword) {
return next();
}
req.session.returnTo = req.path.replace(/^\/api/, '');
req.session.forceLogin = 1;
if (res.locals.isAPI) {
res.status(401).json({});
} else {
res.redirect(nconf.get('relative_path') + '/login');
var loginTime = req.session.meta ? req.session.meta.datetime : 0;
if (loginTime && parseInt(loginTime, 10) > Date.now() - 3600000) {
var timeLeft = parseInt(loginTime, 10) - (Date.now() - 3600000);
if (timeLeft < 300000) {
req.session.meta.datetime += 300000;
}
});
return;
}
if (res.locals.isAPI) {
return controllers.helpers.notAllowed(req, res);
}
return next();
}
middleware.buildHeader(req, res, function () {
controllers.helpers.notAllowed(req, res);
});
});
req.session.returnTo = req.path.replace(/^\/api/, '');
req.session.forceLogin = 1;
if (res.locals.isAPI) {
res.status(401).json({});
} else {
res.redirect(nconf.get('relative_path') + '/login');
}
},
], next);
};
middleware.requireUser = function (req, res, next) {
if (req.user) {
if (req.uid) {
return next();
}

93
test/controllers.js
Unescape Escape View File

@ -9,6 +9,7 @@ var db = require('./mocks/databasemock');
var categories = require('../src/categories');
var topics = require('../src/topics');
var user = require('../src/user');
var groups = require('../src/groups');
var meta = require('../src/meta');
var translator = require('../src/translator');
@ -19,6 +20,7 @@ describe('Controllers', function () {
var fooUid;
before(function (done) {
groups.resetCache();
async.series({
category: function (next) {
categories.create({
@ -355,7 +357,7 @@ describe('Controllers', function () {
});
it('should load stylesheet.css', function (done) {
request(nconf.get('url') + '/stylesheet.css', function (err, res, body) {
request(nconf.get('url') + '/assets/stylesheet.css', function (err, res, body) {
assert.ifError(err);
assert.equal(res.statusCode, 200);
assert(body);
@ -364,7 +366,7 @@ describe('Controllers', function () {
});
it('should load admin.css', function (done) {
request(nconf.get('url') + '/admin.css', function (err, res, body) {
request(nconf.get('url') + '/assets/admin.css', function (err, res, body) {
assert.ifError(err);
assert.equal(res.statusCode, 200);
assert(body);
@ -374,7 +376,7 @@ describe('Controllers', function () {
it('should load nodebb.min.js', function (done) {
request(nconf.get('url') + '/nodebb.min.js', function (err, res, body) {
request(nconf.get('url') + '/assets/nodebb.min.js', function (err, res, body) {
assert.ifError(err);
assert.equal(res.statusCode, 200);
assert(body);
@ -383,7 +385,7 @@ describe('Controllers', function () {
});
it('should load acp.min.js', function (done) {
request(nconf.get('url') + '/acp.min.js', function (err, res, body) {
request(nconf.get('url') + '/assets/acp.min.js', function (err, res, body) {
assert.ifError(err);
assert.equal(res.statusCode, 200);
assert(body);
@ -491,7 +493,6 @@ describe('Controllers', function () {
});
it('should load group details page', function (done) {
var groups = require('../src/groups');
groups.create({
name: 'group-details',
description: 'Foobar!',
@ -800,6 +801,57 @@ describe('Controllers', function () {
});
});
it('should redirect to account page with logged in user', function (done) {
request(nconf.get('url') + '/api/login', { jar: jar, json: true }, function (err, res, body) {
assert.ifError(err);
assert.equal(res.statusCode, 308);
assert.equal(body, '/user/foo');
done();
});
});
it('should 404 if uid is not a number', function (done) {
request(nconf.get('url') + '/api/uid/test', { json: true }, function (err, res, body) {
assert.ifError(err);
assert.equal(res.statusCode, 404);
done();
});
});
it('should redirect to userslug', function (done) {
request(nconf.get('url') + '/api/uid/' + fooUid, { json: true }, function (err, res, body) {
assert.ifError(err);
assert.equal(res.statusCode, 308);
assert.equal(body, '/user/foo');
done();
});
});
it('should 404 if user does not exist', function (done) {
request(nconf.get('url') + '/api/uid/123123', { json: true }, function (err, res, body) {
assert.ifError(err);
assert.equal(res.statusCode, 404);
done();
});
});
it('should 401 if user is not logged in', function (done) {
request(nconf.get('url') + '/api/admin', { json: true }, function (err, res, body) {
assert.ifError(err);
assert.equal(res.statusCode, 401);
done();
});
});
it('should 403 if user is not admin', function (done) {
request(nconf.get('url') + '/api/admin', { jar: jar, json: true }, function (err, res, body) {
assert.ifError(err);
assert.equal(res.statusCode, 403);
done();
});
});
it('should load /user/foo/posts', function (done) {
request(nconf.get('url') + '/api/user/foo/posts', function (err, res, body) {
assert.ifError(err);
@ -947,6 +999,35 @@ describe('Controllers', function () {
done();
});
});
it('should return 401 if privateUserInfo is turned on', function (done) {
meta.config.privateUserInfo = 1;
request(nconf.get('url') + '/api/user/foo', { json: true }, function (err, res, body) {
meta.config.privateUserInfo = 0;
assert.ifError(err);
assert.equal(res.statusCode, 401);
assert.equal(body, 'not-authorized');
done();
});
});
it('should return false if user can not edit user', function (done) {
user.create({ username: 'regularJoe', password: 'barbar' }, function (err) {
assert.ifError(err);
helpers.loginUser('regularJoe', 'barbar', function (err, jar) {
assert.ifError(err);
request(nconf.get('url') + '/api/user/foo/info', { jar: jar, json: true }, function (err, res) {
assert.ifError(err);
assert.equal(res.statusCode, 403);
request(nconf.get('url') + '/api/user/foo/edit', { jar: jar, json: true }, function (err, res) {
assert.ifError(err);
assert.equal(res.statusCode, 403);
done();
});
});
});
});
});
});
describe('account follow page', function () {
@ -1120,7 +1201,7 @@ describe('Controllers', function () {
},
});
request(nconf.get('url') + '/users', { }, function (err, res, body) {
request(nconf.get('url') + '/users', { }, function (err, res) {
plugins.loadedHooks['filter:router.page'] = [];
assert.ifError(err);
assert.equal(res.statusCode, 403);

3
test/helpers/index.js
Unescape Escape View File

@ -3,6 +3,7 @@
var request = require('request');
var nconf = require('nconf');
var fs = require('fs');
var winston = require('winston');
var myXhr = require('../mocks/newXhr');
var utils = require('../../public/src/utils');
@ -105,7 +106,7 @@ helpers.uploadFile = function (uploadEndPoint, filePath, body, jar, csrf_token,
return callback(err);
}
if (res.statusCode !== 200) {
console.log(body);
winston.error(body);
}
callback(null, res, body);
});

Write Preview
Loading…
Cancel
Save