diff --git a/src/tests/backend/specs/api/importexportGetPost.js b/src/tests/backend/specs/api/importexportGetPost.js index 9261aafa..a68ba401 100644 --- a/src/tests/backend/specs/api/importexportGetPost.js +++ b/src/tests/backend/specs/api/importexportGetPost.js @@ -109,22 +109,24 @@ describe(__filename, function () { .expect((res) => assert.equal(res.body.data.text, padText.toString())); }); - it('gets read only pad Id and exports the html and text for this pad', async function () { - this.timeout(250); - const ro = await agent.get(`${endPoint('getReadOnlyID')}&padID=${testPadId}`) - .expect(200) - .expect((res) => assert.ok(JSON.parse(res.text).data.readOnlyID)); - const readOnlyId = JSON.parse(ro.text).data.readOnlyID; - - await agent.get(`/p/${readOnlyId}/export/html`) - .expect(200) - .expect((res) => assert(res.text.indexOf('This is the') !== -1)); - - await agent.get(`/p/${readOnlyId}/export/txt`) - .expect(200) - .expect((res) => assert(res.text.indexOf('This is the') !== -1)); - }); - + for (const authn of [false, true]) { + it(`can export from read-only pad ID, authn ${authn}`, async function () { + this.timeout(250); + settings.requireAuthentication = authn; + const get = (ep) => { + let req = agent.get(ep); + if (authn) req = req.auth('user', 'user-password'); + return req.expect(200); + }; + const ro = await get(`${endPoint('getReadOnlyID')}&padID=${testPadId}`) + .expect((res) => assert.ok(JSON.parse(res.text).data.readOnlyID)); + const readOnlyId = JSON.parse(ro.text).data.readOnlyID; + await get(`/p/${readOnlyId}/export/html`) + .expect((res) => assert(res.text.indexOf('This is the') !== -1)); + await get(`/p/${readOnlyId}/export/txt`) + .expect((res) => assert(res.text.indexOf('This is the') !== -1)); + }); + } describe('Import/Export tests requiring AbiWord/LibreOffice', function () { this.timeout(10000); diff --git a/src/tests/backend/specs/socketio.js b/src/tests/backend/specs/socketio.js index 9899856e..e19250e9 100644 --- a/src/tests/backend/specs/socketio.js +++ b/src/tests/backend/specs/socketio.js @@ -5,6 +5,7 @@ const common = require('../common'); const io = require('socket.io-client'); const padManager = require('../../../node/db/PadManager'); const plugins = require('../../../static/js/pluginfw/plugin_defs'); +const readOnlyManager = require('../../../node/db/ReadOnlyManager'); const setCookieParser = require('set-cookie-parser'); const settings = require('../../../node/utils/Settings'); @@ -168,6 +169,33 @@ describe(__filename, function () { const clientVars = await handshake(socket, 'pad'); assert.equal(clientVars.type, 'CLIENT_VARS'); }); + + for (const authn of [false, true]) { + const desc = authn ? 'authn user' : '!authn anonymous'; + it(`${desc} read-only /p/pad -> 200, ok`, async function () { + this.timeout(400); + const get = (ep) => { + let res = agent.get(ep); + if (authn) res = res.auth('user', 'user-password'); + return res.expect(200); + }; + settings.requireAuthentication = authn; + let res = await get('/p/pad'); + socket = await connect(res); + let clientVars = await handshake(socket, 'pad'); + assert.equal(clientVars.type, 'CLIENT_VARS'); + assert.equal(clientVars.data.readonly, false); + const readOnlyId = clientVars.data.readOnlyId; + assert(readOnlyManager.isReadOnlyId(readOnlyId)); + socket.close(); + res = await get(`/p/${readOnlyId}`); + socket = await connect(res); + clientVars = await handshake(socket, readOnlyId); + assert.equal(clientVars.type, 'CLIENT_VARS'); + assert.equal(clientVars.data.readonly, true); + }); + } + it('authz user /p/pad -> 200, ok', async function () { this.timeout(400); settings.requireAuthentication = true;