tests: Add authentication, authorization bypass tests

src/node/hooks/express/socketio.js

@@ -51,6 +51,11 @@ exports.expressCreateServer = function (hook_name, args, cb) {
   var cookieParserFn = cookieParser(webaccess.secret, {});
   io.use((socket, next) => {
     var data = socket.request;
+    if (!data.headers.cookie) {
+      // socketio.js-client on node.js doesn't support cookies (see https://git.io/JU8u9), so the
+      // token and express_sid cookies have to be passed via a query parameter for unit tests.
+      data.headers.cookie = socket.handshake.query.cookie;
+    }
     if (!data.headers.cookie && settings.loadTest) {
       console.warn('bypassing socket.io authentication check due to settings.loadTest');
       return next(null, true);

src/package-lock.json

@@ -7781,6 +7781,12 @@
       "resolved": "https://registry.npmjs.org/set-blocking/-/set-blocking-2.0.0.tgz",
       "integrity": "sha1-BF+XgtARrppoA93TgrJDkrPYkPc="
     },
+    "set-cookie-parser": {
+      "version": "2.4.6",
+      "resolved": "https://registry.npmjs.org/set-cookie-parser/-/set-cookie-parser-2.4.6.tgz",
+      "integrity": "sha512-mNCnTUF0OYPwYzSHbdRdCfNNHqrne+HS5tS5xNb6yJbdP9wInV0q5xPLE0EyfV/Q3tImo3y/OXpD8Jn0Jtnjrg==",
+      "dev": true
+    },
     "setprototypeof": {
       "version": "1.1.1",
       "resolved": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.1.1.tgz",

src/package.json

@@ -78,6 +78,7 @@
     "mocha": "7.1.2",
     "mocha-froth": "^0.2.10",
     "nyc": "15.0.1",
+    "set-cookie-parser": "^2.4.6",
     "supertest": "4.0.2",
     "wd": "1.12.1"
   },
@@ -90,7 +91,7 @@
     "url": "https://github.com/ether/etherpad-lite.git"
   },
   "scripts": {
-    "test": "nyc mocha --timeout 5000 ../tests/backend/specs/api",
+    "test": "nyc mocha --timeout 5000 --recursive ../tests/backend/specs",
     "test-contentcollector": "nyc mocha --timeout 5000 ../tests/backend/specs",
     "test-container": "nyc mocha --timeout 5000 ../tests/container/specs/api"
   },