mirrors/etherpad-lite
1
0
Fork 0
mirror of https://github.com/ether/etherpad-lite.git synced 2025-05-05 14:47:12 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 52

Removed api key from existance.

Browse source
This commit is contained in:
SamTV12345 2024-03-25 23:13:10 +01:00
parent 91b60e9e71
commit 22ccb5ac60
9 changed files with 33 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

1
src/node/hooks/express/openapi.ts
View file

@ -632,7 +632,6 @@ exports.expressPreSession = async (hookName:string, {app}:any) => {
let data; let data;
try { try {
data = await apiHandler.handle(version, funcName, fields, req, res); data = await apiHandler.handle(version, funcName, fields, req, res);
console.log(app._router.stack)
} catch (err) { } catch (err) {
const errCaused = err as ErrorCaused const errCaused = err as ErrorCaused
// convert all errors to http errors // convert all errors to http errors

5
src/node/utils/Cli.ts
View file

@ -45,10 +45,5 @@ for (let i = 0; i < argv.length; i++) {
exports.argv.sessionkey = arg; exports.argv.sessionkey = arg;
} }
// Override location of APIKEY.txt file
if (prevArg === '--apikey') {
exports.argv.apikey = arg;
}
prevArg = arg; prevArg = arg;
} }

13
src/tests/backend/common.ts
View file

@ -52,6 +52,19 @@ export const generateJWTToken = () => {
return jwt.sign(privateKeyExported!) return jwt.sign(privateKeyExported!)
} }
export const generateJWTTokenUser = () => {
const jwt = new SignJWT({
sub: 'admin',
jti: '123',
exp: Math.floor(Date.now() / 1000) + 60 * 60,
aud: 'account',
iss: 'http://localhost:9001',
})
jwt.setProtectedHeader({alg: 'RS256'})
return jwt.sign(privateKeyExported!)
}
export const init = async function () { export const init = async function () {
if (agentPromise != null) return await agentPromise; if (agentPromise != null) return await agentPromise;
let agentResolve; let agentResolve;

10
src/tests/backend/fuzzImportTest.ts
View file

@ -7,13 +7,12 @@ const common = require('./common');
const host = `http://${settings.ip}:${settings.port}`; const host = `http://${settings.ip}:${settings.port}`;
const froth = require('mocha-froth'); const froth = require('mocha-froth');
const axios = require('axios'); const axios = require('axios');
const apiKey = common.apiKey;
const apiVersion = 1; const apiVersion = 1;
const testPadId = `TEST_fuzz${makeid()}`; const testPadId = `TEST_fuzz${makeid()}`;
const endPoint = function (point: string, version?:number) { const endPoint = function (point: string, version?:number) {
version = version || apiVersion; version = version || apiVersion;
return `/api/${version}/${point}?apikey=${apiKey}`; return `/api/${version}/${point}}`;
}; };
console.log('Testing against padID', testPadId); console.log('Testing against padID', testPadId);
@ -29,7 +28,12 @@ setTimeout(() => {
}, 5000); // wait 5 seconds }, 5000); // wait 5 seconds
async function runTest(number: number) { async function runTest(number: number) {
await axios.get(`${host + endPoint('createPad')}&padID=${testPadId}`) await axios
.get(`${host + endPoint('createPad')}?padID=${testPadId}`, {
headers: {
Authorization: await common.generateJWTToken(),
}
})
.then(() => { .then(() => {
const req = axios.post(`${host}/p/${testPadId}/import`) const req = axios.post(`${host}/p/${testPadId}/import`)
.then(() => { .then(() => {

1
src/tests/backend/specs/api/api.ts
View file

@ -12,7 +12,6 @@ const common = require('../../common');
const validateOpenAPI = require('openapi-schema-validation').validate; const validateOpenAPI = require('openapi-schema-validation').validate;
let agent: any; let agent: any;
const apiKey = common.apiKey;
let apiVersion = 1; let apiVersion = 1;
const makeid = () => { const makeid = () => {

12
src/tests/backend/specs/api/characterEncoding.ts
View file

@ -6,7 +6,7 @@
* TODO: maybe unify those two files and merge in a single one. * TODO: maybe unify those two files and merge in a single one.
*/ */
import {generateJWTToken} from "../../common"; import {generateJWTToken, generateJWTTokenUser} from "../../common";
const assert = require('assert').strict; const assert = require('assert').strict;
const common = require('../../common'); const common = require('../../common');
@ -38,13 +38,19 @@ describe(__filename, function () {
assert(apiVersion); assert(apiVersion);
}); });
it('errors with invalid APIKey', async function () { it('errors with invalid OAuth token', async function () {
// This is broken because Etherpad doesn't handle HTTP codes properly see #2343 // This is broken because Etherpad doesn't handle HTTP codes properly see #2343
// If your APIKey is password you deserve to fail all tests anyway
await agent.get(`/api/${apiVersion}/createPad?padID=test`) await agent.get(`/api/${apiVersion}/createPad?padID=test`)
.set("Authorization", (await generateJWTToken()).substring(0,10)) .set("Authorization", (await generateJWTToken()).substring(0,10))
.expect(401); .expect(401);
}); });
it('errors with unprivileged OAuth token', async function () {
// This is broken because Etherpad doesn't handle HTTP codes properly see #2343
await agent.get(`/api/${apiVersion}/createPad?padID=test`)
.set("Authorization", (await generateJWTTokenUser()).substring(0,10))
.expect(401);
});
}); });
describe('Tests', function () { describe('Tests', function () {

3
src/tests/backend/specs/api/pad.ts
View file

@ -59,9 +59,8 @@ describe(__filename, function () {
}); });
describe('Sanity checks', function () { describe('Sanity checks', function () {
it('errors with invalid APIKey', async function () { it('errors with invalid oauth token', async function () {
// This is broken because Etherpad doesn't handle HTTP codes properly see #2343 // This is broken because Etherpad doesn't handle HTTP codes properly see #2343
// If your APIKey is password you deserve to fail all tests anyway
await agent.get(`/api/${apiVersion}/createPad?padID=test`) await agent.get(`/api/${apiVersion}/createPad?padID=test`)
.set("Authorization", (await common.generateJWTToken()).substring(0, 10)) .set("Authorization", (await common.generateJWTToken()).substring(0, 10))
.expect(401); .expect(401);

2
src/tests/backend/specs/api/restoreRevision.ts
View file

@ -14,8 +14,8 @@ describe(__filename, function () {
let pad: PadType; let pad: PadType;
const restoreRevision = async (v:string, padId: string, rev: number, authorId:string|null = null) => { const restoreRevision = async (v:string, padId: string, rev: number, authorId:string|null = null) => {
// @ts-ignore
const p = new URLSearchParams(Object.entries({ const p = new URLSearchParams(Object.entries({
apikey: common.apiKey,
padID: padId, padID: padId,
rev, rev,
...(authorId == null ? {} : {authorId}), ...(authorId == null ? {} : {authorId}),

4
src/tests/container/specs/api/pad.js
View file

@ -31,8 +31,8 @@ describe('API Versioning', function () {
}); });
describe('Permission', function () { describe('Permission', function () {
it('errors with invalid APIKey', function (done) { it('errors with invalid OAuth token', function (done) {
api.get(`/api/${apiVersion}/createPad?apikey=wrong_password&padID=test`) api.get(`/api/${apiVersion}/createPad?padID=test`)
.expect(401, done); .expect(401, done);
}); });
}); });