mirrors/etherpad-lite
1
0
Fork 0
mirror of https://github.com/ether/etherpad-lite.git synced 2025-04-21 07:56:16 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

tests: readonly pastes must be readable+exportable with authentication

Browse source 
readonly paste links should be readable even if authentication is turned
on, as long as the user provides valid login data.
This test currently fails.

Also test that readonly paste IDs can be exported under the same
condition, which currently succeeds.
This commit is contained in:
pcworld 2021-04-11 04:00:14 +02:00 committed by Richard Hansen
parent 7d5cad6932
commit 0d33793908
2 changed files with 46 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

28
src/tests/backend/specs/socketio.js
View file

@ -5,6 +5,7 @@ const common = require('../common');
const io = require('socket.io-client');
const padManager = require('../../../node/db/PadManager');
const plugins = require('../../../static/js/pluginfw/plugin_defs');
const readOnlyManager = require('../../../node/db/ReadOnlyManager');
const setCookieParser = require('set-cookie-parser');
const settings = require('../../../node/utils/Settings');
@ -168,6 +169,33 @@ describe(__filename, function () {
const clientVars = await handshake(socket, 'pad');
assert.equal(clientVars.type, 'CLIENT_VARS');
});
for (const authn of [false, true]) {
const desc = authn ? 'authn user' : '!authn anonymous';
it(`${desc} read-only /p/pad -> 200, ok`, async function () {
this.timeout(400);
const get = (ep) => {
let res = agent.get(ep);
if (authn) res = res.auth('user', 'user-password');
return res.expect(200);
};
settings.requireAuthentication = authn;
let res = await get('/p/pad');
socket = await connect(res);
let clientVars = await handshake(socket, 'pad');
assert.equal(clientVars.type, 'CLIENT_VARS');
assert.equal(clientVars.data.readonly, false);
const readOnlyId = clientVars.data.readOnlyId;
assert(readOnlyManager.isReadOnlyId(readOnlyId));
socket.close();
res = await get(`/p/${readOnlyId}`);
socket = await connect(res);
clientVars = await handshake(socket, readOnlyId);
assert.equal(clientVars.type, 'CLIENT_VARS');
assert.equal(clientVars.data.readonly, true);
});
}
it('authz user /p/pad -> 200, ok', async function () {
this.timeout(400);
settings.requireAuthentication = true;