libretic/etherpad-lite
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

tests: readonly pastes must be readable+exportable with authentication

Browse source 
readonly paste links should be readable even if authentication is turned
on, as long as the user provides valid login data.
This test currently fails.

Also test that readonly paste IDs can be exported under the same
condition, which currently succeeds.
This commit is contained in:
pcworld 2021-04-11 04:00:14 +02:00 committed by Richard Hansen
parent 7d5cad6932
commit 0d33793908
2 changed files with 46 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
src/tests/backend/specs/api/importexportGetPost.js
View file

@ -109,22 +109,24 @@ describe(__filename, function () {
.expect((res) => assert.equal(res.body.data.text, padText.toString()));
});
it('gets read only pad Id and exports the html and text for this pad', async function () {
for (const authn of [false, true]) {
it(`can export from read-only pad ID, authn ${authn}`, async function () {
this.timeout(250);
const ro = await agent.get(`${endPoint('getReadOnlyID')}&padID=${testPadId}`)
.expect(200)
settings.requireAuthentication = authn;
const get = (ep) => {
let req = agent.get(ep);
if (authn) req = req.auth('user', 'user-password');
return req.expect(200);
};
const ro = await get(`${endPoint('getReadOnlyID')}&padID=${testPadId}`)
.expect((res) => assert.ok(JSON.parse(res.text).data.readOnlyID));
const readOnlyId = JSON.parse(ro.text).data.readOnlyID;
await agent.get(`/p/${readOnlyId}/export/html`)
.expect(200)
await get(`/p/${readOnlyId}/export/html`)
.expect((res) => assert(res.text.indexOf('This is the') !== -1));
await agent.get(`/p/${readOnlyId}/export/txt`)
.expect(200)
await get(`/p/${readOnlyId}/export/txt`)
.expect((res) => assert(res.text.indexOf('This is the') !== -1));
});
}
describe('Import/Export tests requiring AbiWord/LibreOffice', function () {
this.timeout(10000);

28
src/tests/backend/specs/socketio.js
View file

@ -5,6 +5,7 @@ const common = require('../common');
const io = require('socket.io-client');
const padManager = require('../../../node/db/PadManager');
const plugins = require('../../../static/js/pluginfw/plugin_defs');
const readOnlyManager = require('../../../node/db/ReadOnlyManager');
const setCookieParser = require('set-cookie-parser');
const settings = require('../../../node/utils/Settings');
@ -168,6 +169,33 @@ describe(__filename, function () {
const clientVars = await handshake(socket, 'pad');
assert.equal(clientVars.type, 'CLIENT_VARS');
});
for (const authn of [false, true]) {
const desc = authn ? 'authn user' : '!authn anonymous';
it(`${desc} read-only /p/pad -> 200, ok`, async function () {
this.timeout(400);
const get = (ep) => {
let res = agent.get(ep);
if (authn) res = res.auth('user', 'user-password');
return res.expect(200);
};
settings.requireAuthentication = authn;
let res = await get('/p/pad');
socket = await connect(res);
let clientVars = await handshake(socket, 'pad');
assert.equal(clientVars.type, 'CLIENT_VARS');
assert.equal(clientVars.data.readonly, false);
const readOnlyId = clientVars.data.readOnlyId;
assert(readOnlyManager.isReadOnlyId(readOnlyId));
socket.close();
res = await get(`/p/${readOnlyId}`);
socket = await connect(res);
clientVars = await handshake(socket, readOnlyId);
assert.equal(clientVars.type, 'CLIENT_VARS');
assert.equal(clientVars.data.readonly, true);
});
}
it('authz user /p/pad -> 200, ok', async function () {
this.timeout(400);
settings.requireAuthentication = true;