mirrors/etherpad-lite
1
0
Fork 0
mirror of https://github.com/ether/etherpad-lite.git synced 2025-04-22 00:16:15 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 26
etherpad-lite/src/tests/backend/specs/lowerCasePadIds.js
DanielHabenicht 675c0130b9
allow option to make pad names case-insensitive (#5501) by @DanielHabenicht 
* New option to make pad names case-insensitive

fixes #3844

* fix helper.gotoTimeslider()

* fix helper.aNewPad() return value

* Update src/node/utils/Settings.js

Co-authored-by: Richard Hansen <rhansen@rhansen.org>

* remove timeout

* rename enforceLowerCasePadIds to lowerCasePadIds

* use before and after hooks

* update with socket specific test

* enforce sanitizing padID for websocket connections

- only enforce for newly created pads, to combat case-sensitive pad name hijacking

* Added updated package.json file.

---------

Co-authored-by: Richard Hansen <rhansen@rhansen.org>
Co-authored-by: SamTV12345 <40429738+samtv12345@users.noreply.github.com>
2023-07-03 20:52:49 +02:00

90 lines
3 KiB
JavaScript
Raw Blame History

'use strict';
const assert = require('assert').strict;
const common = require('../common');
const padManager = require('../../../node/db/PadManager');
const settings = require('../../../node/utils/Settings');
describe(__filename, function () {
let agent;
const cleanUpPads = async () => {
const {padIDs} = await padManager.listAllPads();
await Promise.all(padIDs.map(async (padId) => {
if (await padManager.doesPadExist(padId)) {
const pad = await padManager.getPad(padId);
await pad.remove();
}
}));
};
let backup;
before(async function () {
backup = settings.lowerCasePadIds;
agent = await common.init();
});
beforeEach(async function () {
await cleanUpPads();
});
afterEach(async function () {
await cleanUpPads();
});
after(async function () {
settings.lowerCasePadIds = backup;
});
describe('not activated', function () {
beforeEach(async function () {
settings.lowerCasePadIds = false;
});
it('do nothing', async function () {
await agent.get('/p/UPPERCASEpad')
.expect(200);
});
});
describe('activated', function () {
beforeEach(async function () {
settings.lowerCasePadIds = true;
});
it('lowercase pad ids', async function () {
await agent.get('/p/UPPERCASEpad')
.expect(302)
.expect('location', 'uppercasepad');
});
it('keeps old pads accessible', async function () {
Object.assign(settings, {
lowerCasePadIds: false,
});
await padManager.getPad('ALREADYexistingPad', 'oldpad');
await padManager.getPad('alreadyexistingpad', 'newpad');
Object.assign(settings, {
lowerCasePadIds: true,
});
const oldPad = await agent.get('/p/ALREADYexistingPad').expect(200);
const oldPadSocket = await common.connect(oldPad);
const oldPadHandshake = await common.handshake(oldPadSocket, 'ALREADYexistingPad');
assert.equal(oldPadHandshake.data.padId, 'ALREADYexistingPad');
assert.equal(oldPadHandshake.data.collab_client_vars.initialAttributedText.text, 'oldpad\n');
const newPad = await agent.get('/p/alreadyexistingpad').expect(200);
const newPadSocket = await common.connect(newPad);
const newPadHandshake = await common.handshake(newPadSocket, 'alreadyexistingpad');
assert.equal(newPadHandshake.data.padId, 'alreadyexistingpad');
assert.equal(newPadHandshake.data.collab_client_vars.initialAttributedText.text, 'newpad\n');
});
it('disallow creation of different case pad-name via socket connection', async function () {
await padManager.getPad('maliciousattempt', 'attempt');
const newPad = await agent.get('/p/maliciousattempt').expect(200);
const newPadSocket = await common.connect(newPad);
const newPadHandshake = await common.handshake(newPadSocket, 'MaliciousAttempt');
assert.equal(newPadHandshake.data.collab_client_vars.initialAttributedText.text, 'attempt\n');
});
});
});
Reference in a new issue View git blame Copy permalink