mirror of
https://github.com/ether/etherpad-lite.git
synced 2025-05-05 06:37:10 -04:00
Removed api key from existance.
This commit is contained in:
SamTV12345
parent
91b60e9e71
commit
22ccb5ac60
9 changed files with 33 additions and 18 deletions
|
|
@ -632,7 +632,6 @@ exports.expressPreSession = async (hookName:string, {app}:any) => {
|
|||
let data;
|
||||
try {
|
||||
data = await apiHandler.handle(version, funcName, fields, req, res);
|
||||
console.log(app._router.stack)
|
||||
} catch (err) {
|
||||
const errCaused = err as ErrorCaused
|
||||
// convert all errors to http errors
|
||||
|
|
|
|||
|
|
@ -45,10 +45,5 @@ for (let i = 0; i < argv.length; i++) {
|
|||
exports.argv.sessionkey = arg;
|
||||
}
|
||||
|
||||
// Override location of APIKEY.txt file
|
||||
if (prevArg === '--apikey') {
|
||||
exports.argv.apikey = arg;
|
||||
}
|
||||
|
||||
prevArg = arg;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -52,6 +52,19 @@ export const generateJWTToken = () => {
|
|||
return jwt.sign(privateKeyExported!)
|
||||
}
|
||||
|
||||
|
||||
export const generateJWTTokenUser = () => {
|
||||
const jwt = new SignJWT({
|
||||
sub: 'admin',
|
||||
jti: '123',
|
||||
exp: Math.floor(Date.now() / 1000) + 60 * 60,
|
||||
aud: 'account',
|
||||
iss: 'http://localhost:9001',
|
||||
})
|
||||
jwt.setProtectedHeader({alg: 'RS256'})
|
||||
return jwt.sign(privateKeyExported!)
|
||||
}
|
||||
|
||||
export const init = async function () {
|
||||
if (agentPromise != null) return await agentPromise;
|
||||
let agentResolve;
|
||||
|
|
|
|||
|
|
@ -7,13 +7,12 @@ const common = require('./common');
|
|||
const host = `http://${settings.ip}:${settings.port}`;
|
||||
const froth = require('mocha-froth');
|
||||
const axios = require('axios');
|
||||
const apiKey = common.apiKey;
|
||||
const apiVersion = 1;
|
||||
const testPadId = `TEST_fuzz${makeid()}`;
|
||||
|
||||
const endPoint = function (point: string, version?:number) {
|
||||
version = version || apiVersion;
|
||||
return `/api/${version}/${point}?apikey=${apiKey}`;
|
||||
return `/api/${version}/${point}}`;
|
||||
};
|
||||
|
||||
console.log('Testing against padID', testPadId);
|
||||
|
|
@ -29,7 +28,12 @@ setTimeout(() => {
|
|||
}, 5000); // wait 5 seconds
|
||||
|
||||
async function runTest(number: number) {
|
||||
await axios.get(`${host + endPoint('createPad')}&padID=${testPadId}`)
|
||||
await axios
|
||||
.get(`${host + endPoint('createPad')}?padID=${testPadId}`, {
|
||||
headers: {
|
||||
Authorization: await common.generateJWTToken(),
|
||||
}
|
||||
})
|
||||
.then(() => {
|
||||
const req = axios.post(`${host}/p/${testPadId}/import`)
|
||||
.then(() => {
|
||||
|
|
|
|||
|
|
@ -12,7 +12,6 @@ const common = require('../../common');
|
|||
const validateOpenAPI = require('openapi-schema-validation').validate;
|
||||
|
||||
let agent: any;
|
||||
const apiKey = common.apiKey;
|
||||
let apiVersion = 1;
|
||||
|
||||
const makeid = () => {
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@
|
|||
* TODO: maybe unify those two files and merge in a single one.
|
||||
*/
|
||||
|
||||
import {generateJWTToken} from "../../common";
|
||||
import {generateJWTToken, generateJWTTokenUser} from "../../common";
|
||||
|
||||
const assert = require('assert').strict;
|
||||
const common = require('../../common');
|
||||
|
|
@ -38,13 +38,19 @@ describe(__filename, function () {
|
|||
assert(apiVersion);
|
||||
});
|
||||
|
||||
it('errors with invalid APIKey', async function () {
|
||||
it('errors with invalid OAuth token', async function () {
|
||||
// This is broken because Etherpad doesn't handle HTTP codes properly see #2343
|
||||
// If your APIKey is password you deserve to fail all tests anyway
|
||||
await agent.get(`/api/${apiVersion}/createPad?padID=test`)
|
||||
.set("Authorization", (await generateJWTToken()).substring(0,10))
|
||||
.expect(401);
|
||||
});
|
||||
|
||||
it('errors with unprivileged OAuth token', async function () {
|
||||
// This is broken because Etherpad doesn't handle HTTP codes properly see #2343
|
||||
await agent.get(`/api/${apiVersion}/createPad?padID=test`)
|
||||
.set("Authorization", (await generateJWTTokenUser()).substring(0,10))
|
||||
.expect(401);
|
||||
});
|
||||
});
|
||||
|
||||
describe('Tests', function () {
|
||||
|
|
|
|||
|
|
@ -59,9 +59,8 @@ describe(__filename, function () {
|
|||
});
|
||||
|
||||
describe('Sanity checks', function () {
|
||||
it('errors with invalid APIKey', async function () {
|
||||
it('errors with invalid oauth token', async function () {
|
||||
// This is broken because Etherpad doesn't handle HTTP codes properly see #2343
|
||||
// If your APIKey is password you deserve to fail all tests anyway
|
||||
await agent.get(`/api/${apiVersion}/createPad?padID=test`)
|
||||
.set("Authorization", (await common.generateJWTToken()).substring(0, 10))
|
||||
.expect(401);
|
||||
|
|
|
|||
|
|
@ -14,8 +14,8 @@ describe(__filename, function () {
|
|||
let pad: PadType;
|
||||
|
||||
const restoreRevision = async (v:string, padId: string, rev: number, authorId:string|null = null) => {
|
||||
// @ts-ignore
|
||||
const p = new URLSearchParams(Object.entries({
|
||||
apikey: common.apiKey,
|
||||
padID: padId,
|
||||
rev,
|
||||
...(authorId == null ? {} : {authorId}),
|
||||
|
|
|
|||
|
|
@ -31,8 +31,8 @@ describe('API Versioning', function () {
|
|||
});
|
||||
|
||||
describe('Permission', function () {
|
||||
it('errors with invalid APIKey', function (done) {
|
||||
api.get(`/api/${apiVersion}/createPad?apikey=wrong_password&padID=test`)
|
||||
it('errors with invalid OAuth token', function (done) {
|
||||
api.get(`/api/${apiVersion}/createPad?padID=test`)
|
||||
.expect(401, done);
|
||||
});
|
||||
});
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue