'use strict'; var assert = require('assert'); var async = require('async'); var request = require('request'); var nconf = require('nconf'); var db = require('./mocks/databasemock'); var topics = require('../src/topics'); var categories = require('../src/categories'); var groups = require('../src/groups'); var user = require('../src/user'); var meta = require('../src/meta'); var privileges = require('../src/privileges'); var helpers = require('./helpers'); describe('feeds', function () { var tid; var pid; var fooUid; var cid; before(function (done) { meta.config['feeds:disableRSS'] = 1; async.series({ category: function (next) { categories.create({ name: 'Test Category', description: 'Test category created by testing script', }, next); }, user: function (next) { user.create({ username: 'foo', password: 'barbar', email: 'foo@test.com' }, next); }, }, function (err, results) { if (err) { return done(err); } cid = results.category.cid; fooUid = results.user; topics.post({ uid: results.user, title: 'test topic title', content: 'test topic content', cid: results.category.cid }, function (err, result) { tid = result.topicData.tid; pid = result.postData.pid; done(err); }); }); }); it('should 404', function (done) { var feedUrls = [ nconf.get('url') + '/topic/' + tid + '.rss', nconf.get('url') + '/category/' + cid + '.rss', nconf.get('url') + '/topics.rss', nconf.get('url') + '/recent.rss', nconf.get('url') + '/top.rss', nconf.get('url') + '/popular.rss', nconf.get('url') + '/popular/day.rss', nconf.get('url') + '/recentposts.rss', nconf.get('url') + '/category/' + cid + '/recentposts.rss', nconf.get('url') + '/user/foo/topics.rss', nconf.get('url') + '/tags/nodebb.rss', ]; async.eachSeries(feedUrls, function (url, next) { request(url, function (err, res) { assert.ifError(err); assert.equal(res.statusCode, 404); next(); }); }, function (err) { assert.ifError(err); meta.config['feeds:disableRSS'] = 0; done(); }); }); it('should 404 if topic does not exist', function (done) { request(nconf.get('url') + '/topic/' + 1000 + '.rss', function (err, res) { assert.ifError(err); assert.equal(res.statusCode, 404); done(); }); }); it('should 404 if category id is not a number', function (done) { request(nconf.get('url') + '/category/invalid.rss', function (err, res) { assert.ifError(err); assert.equal(res.statusCode, 404); done(); }); }); it('should redirect if we do not have read privilege', function (done) { privileges.categories.rescind(['topics:read'], cid, 'guests', function (err) { assert.ifError(err); request(nconf.get('url') + '/topic/' + tid + '.rss', function (err, res, body) { assert.ifError(err); assert.equal(res.statusCode, 200); assert(body); assert(body.includes('Login to your account')); privileges.categories.give(['topics:read'], cid, 'guests', done); }); }); }); it('should 404 if user is not found', function (done) { request(nconf.get('url') + '/user/doesnotexist/topics.rss', function (err, res) { assert.ifError(err); assert.equal(res.statusCode, 404); done(); }); }); it('should redirect if we do not have read privilege', function (done) { privileges.categories.rescind(['read'], cid, 'guests', function (err) { assert.ifError(err); request(nconf.get('url') + '/category/' + cid + '.rss', function (err, res, body) { assert.ifError(err); assert.equal(res.statusCode, 200); assert(body); assert(body.includes('Login to your account')); privileges.categories.give(['read'], cid, 'guests', done); }); }); }); describe('private feeds and tokens', function () { var jar; var rssToken; before(function (done) { helpers.loginUser('foo', 'barbar', function (err, _jar) { assert.ifError(err); jar = _jar; done(); }); }); it('should load feed if its not private', function (done) { request(nconf.get('url') + '/category/' + cid + '.rss', { }, function (err, res, body) { assert.ifError(err); assert.equal(res.statusCode, 200); assert(body); done(); }); }); it('should not allow access if uid or token is missing', function (done) { privileges.categories.rescind(['read'], cid, 'guests', function (err) { assert.ifError(err); async.parallel({ test1: function (next) { request(nconf.get('url') + '/category/' + cid + '.rss?uid=' + fooUid, { }, next); }, test2: function (next) { request(nconf.get('url') + '/category/' + cid + '.rss?token=sometoken', { }, next); }, }, function (err, results) { assert.ifError(err); assert.equal(results.test1[0].statusCode, 200); assert.equal(results.test2[0].statusCode, 200); assert(results.test1[0].body.includes('Login to your account')); assert(results.test2[0].body.includes('Login to your account')); done(); }); }); }); it('should not allow access if token is wrong', function (done) { request(nconf.get('url') + '/category/' + cid + '.rss?uid=' + fooUid + '&token=sometoken', { }, function (err, res, body) { assert.ifError(err); assert.equal(res.statusCode, 200); assert(body.includes('Login to your account')); done(); }); }); it('should allow access if token is correct', function (done) { request(nconf.get('url') + '/api/category/' + cid, { jar: jar, json: true }, function (err, res, body) { assert.ifError(err); rssToken = body.rssFeedUrl.split('token')[1].slice(1); request(nconf.get('url') + '/category/' + cid + '.rss?uid=' + fooUid + '&token=' + rssToken, { }, function (err, res, body) { assert.ifError(err); assert.equal(res.statusCode, 200); assert(body); done(); }); }); }); it('should not allow access if token is correct but has no privilege', function (done) { privileges.categories.rescind(['read'], cid, 'registered-users', function (err) { assert.ifError(err); request(nconf.get('url') + '/category/' + cid + '.rss?uid=' + fooUid + '&token=' + rssToken, { }, function (err, res, body) { assert.ifError(err); assert.equal(res.statusCode, 200); assert(body.includes('Login to your account')); done(); }); }); }); }); });