mirror of
https://github.com/NodeBB/NodeBB.git
synced 2026-07-07 02:52:32 +02:00
uploads.js
This commit is contained in:
376
test/uploads.js
376
test/uploads.js
@@ -5,9 +5,6 @@ const assert = require('assert');
|
||||
const nconf = require('nconf');
|
||||
const path = require('path');
|
||||
const fs = require('fs').promises;
|
||||
const request = require('request');
|
||||
const requestAsync = require('request-promise-native');
|
||||
const util = require('util');
|
||||
|
||||
const db = require('./mocks/databasemock');
|
||||
const categories = require('../src/categories');
|
||||
@@ -21,6 +18,7 @@ const socketUser = require('../src/socket.io/user');
|
||||
const helpers = require('./helpers');
|
||||
const file = require('../src/file');
|
||||
const image = require('../src/image');
|
||||
const request = require('../src/request');
|
||||
|
||||
const emptyUploadsFolder = async () => {
|
||||
const files = await fs.readdir(`${nconf.get('upload_path')}/files`);
|
||||
@@ -83,31 +81,25 @@ describe('Upload Controllers', () => {
|
||||
await privileges.global.give(['groups:upload:post:file'], 'registered-users');
|
||||
});
|
||||
|
||||
it('should fail if the user exceeds the upload rate limit threshold', (done) => {
|
||||
it('should fail if the user exceeds the upload rate limit threshold', async () => {
|
||||
const oldValue = meta.config.allowedFileExtensions;
|
||||
meta.config.allowedFileExtensions = 'png,jpg,bmp,html';
|
||||
require('../src/middleware/uploads').clearCache();
|
||||
const times = meta.config.uploadRateLimitThreshold + 1;
|
||||
async.timesSeries(times, (i, next) => {
|
||||
helpers.uploadFile(`${nconf.get('url')}/api/post/upload`, path.join(__dirname, '../test/files/503.html'), {}, jar, csrf_token, (err, res, body) => {
|
||||
if (i + 1 >= times) {
|
||||
assert.strictEqual(res.statusCode, 500);
|
||||
assert.strictEqual(body.error, '[[error:upload-ratelimit-reached]]');
|
||||
} else {
|
||||
assert.ifError(err);
|
||||
assert.strictEqual(res.statusCode, 200);
|
||||
assert(body && body.status && body.response && body.response.images);
|
||||
assert(Array.isArray(body.response.images));
|
||||
assert(body.response.images[0].url);
|
||||
}
|
||||
|
||||
next(err);
|
||||
});
|
||||
}, (err) => {
|
||||
meta.config.allowedFileExtensions = oldValue;
|
||||
assert.ifError(err);
|
||||
done();
|
||||
});
|
||||
for (let i = 0; i < times; i++) {
|
||||
// eslint-disable-next-line no-await-in-loop
|
||||
const { response, body } = await helpers.uploadFile(`${nconf.get('url')}/api/post/upload`, path.join(__dirname, '../test/files/503.html'), {}, jar, csrf_token);
|
||||
if (i + 1 >= times) {
|
||||
assert.strictEqual(response.statusCode, 500);
|
||||
assert.strictEqual(body.error, '[[error:upload-ratelimit-reached]]');
|
||||
} else {
|
||||
assert.strictEqual(response.statusCode, 200);
|
||||
assert(body && body.status && body.response && body.response.images);
|
||||
assert(Array.isArray(body.response.images));
|
||||
assert(body.response.images[0].url);
|
||||
}
|
||||
}
|
||||
meta.config.allowedFileExtensions = oldValue;
|
||||
});
|
||||
});
|
||||
|
||||
@@ -121,34 +113,26 @@ describe('Upload Controllers', () => {
|
||||
await privileges.global.give(['groups:upload:post:file'], 'registered-users');
|
||||
});
|
||||
|
||||
it('should upload an image to a post', (done) => {
|
||||
helpers.uploadFile(`${nconf.get('url')}/api/post/upload`, path.join(__dirname, '../test/files/test.png'), {}, jar, csrf_token, (err, res, body) => {
|
||||
assert.ifError(err);
|
||||
assert.equal(res.statusCode, 200);
|
||||
assert(body && body.status && body.response && body.response.images);
|
||||
assert(Array.isArray(body.response.images));
|
||||
assert(body.response.images[0].url);
|
||||
done();
|
||||
});
|
||||
it('should upload an image to a post', async () => {
|
||||
const { response, body } = await helpers.uploadFile(`${nconf.get('url')}/api/post/upload`, path.join(__dirname, '../test/files/test.png'), {}, jar, csrf_token);
|
||||
assert.equal(response.statusCode, 200);
|
||||
assert(body && body.status && body.response && body.response.images);
|
||||
assert(Array.isArray(body.response.images));
|
||||
assert(body.response.images[0].url);
|
||||
});
|
||||
|
||||
it('should upload an image to a post and then delete the upload', (done) => {
|
||||
helpers.uploadFile(`${nconf.get('url')}/api/post/upload`, path.join(__dirname, '../test/files/test.png'), {}, jar, csrf_token, (err, res, body) => {
|
||||
assert.ifError(err);
|
||||
assert.strictEqual(res.statusCode, 200);
|
||||
assert(body && body.status && body.response && body.response.images);
|
||||
assert(Array.isArray(body.response.images));
|
||||
assert(body.response.images[0].url);
|
||||
const name = body.response.images[0].url.replace(`${nconf.get('relative_path') + nconf.get('upload_url')}/`, '');
|
||||
socketUser.deleteUpload({ uid: regularUid }, { uid: regularUid, name: name }, (err) => {
|
||||
assert.ifError(err);
|
||||
db.getSortedSetRange(`uid:${regularUid}:uploads`, 0, -1, (err, uploads) => {
|
||||
assert.ifError(err);
|
||||
assert.equal(uploads.includes(name), false);
|
||||
done();
|
||||
});
|
||||
});
|
||||
});
|
||||
it('should upload an image to a post and then delete the upload', async () => {
|
||||
const { response, body } = await helpers.uploadFile(`${nconf.get('url')}/api/post/upload`, path.join(__dirname, '../test/files/test.png'), {}, jar, csrf_token);
|
||||
|
||||
assert.strictEqual(response.statusCode, 200);
|
||||
assert(body && body.status && body.response && body.response.images);
|
||||
assert(Array.isArray(body.response.images));
|
||||
assert(body.response.images[0].url);
|
||||
const name = body.response.images[0].url.replace(`${nconf.get('relative_path') + nconf.get('upload_url')}/`, '');
|
||||
await socketUser.deleteUpload({ uid: regularUid }, { uid: regularUid, name: name });
|
||||
|
||||
const uploads = await db.getSortedSetRange(`uid:${regularUid}:uploads`, 0, -1);
|
||||
assert.equal(uploads.includes(name), false);
|
||||
});
|
||||
|
||||
it('should not allow deleting if path is not correct', (done) => {
|
||||
@@ -165,55 +149,45 @@ describe('Upload Controllers', () => {
|
||||
});
|
||||
});
|
||||
|
||||
it('should resize and upload an image to a post', (done) => {
|
||||
it('should resize and upload an image to a post', async () => {
|
||||
const oldValue = meta.config.resizeImageWidth;
|
||||
meta.config.resizeImageWidth = 10;
|
||||
meta.config.resizeImageWidthThreshold = 10;
|
||||
helpers.uploadFile(`${nconf.get('url')}/api/post/upload`, path.join(__dirname, '../test/files/test.png'), {}, jar, csrf_token, (err, res, body) => {
|
||||
assert.ifError(err);
|
||||
assert.equal(res.statusCode, 200);
|
||||
assert(body && body.status && body.response && body.response.images);
|
||||
assert(Array.isArray(body.response.images));
|
||||
assert(body.response.images[0].url);
|
||||
assert(body.response.images[0].url.match(/\/assets\/uploads\/files\/\d+-test-resized\.png/));
|
||||
meta.config.resizeImageWidth = oldValue;
|
||||
meta.config.resizeImageWidthThreshold = 1520;
|
||||
done();
|
||||
});
|
||||
const { response, body } = await helpers.uploadFile(`${nconf.get('url')}/api/post/upload`, path.join(__dirname, '../test/files/test.png'), {}, jar, csrf_token);
|
||||
|
||||
assert.equal(response.statusCode, 200);
|
||||
assert(body && body.status && body.response && body.response.images);
|
||||
assert(Array.isArray(body.response.images));
|
||||
assert(body.response.images[0].url);
|
||||
assert(body.response.images[0].url.match(/\/assets\/uploads\/files\/\d+-test-resized\.png/));
|
||||
meta.config.resizeImageWidth = oldValue;
|
||||
meta.config.resizeImageWidthThreshold = 1520;
|
||||
});
|
||||
|
||||
it('should upload a file to a post', (done) => {
|
||||
it('should upload a file to a post', async () => {
|
||||
const oldValue = meta.config.allowedFileExtensions;
|
||||
meta.config.allowedFileExtensions = 'png,jpg,bmp,html';
|
||||
helpers.uploadFile(`${nconf.get('url')}/api/post/upload`, path.join(__dirname, '../test/files/503.html'), {}, jar, csrf_token, (err, res, body) => {
|
||||
meta.config.allowedFileExtensions = oldValue;
|
||||
assert.ifError(err);
|
||||
assert.strictEqual(res.statusCode, 200);
|
||||
assert(body && body.status && body.response && body.response.images);
|
||||
assert(Array.isArray(body.response.images));
|
||||
assert(body.response.images[0].url);
|
||||
done();
|
||||
});
|
||||
const { response, body } = await helpers.uploadFile(`${nconf.get('url')}/api/post/upload`, path.join(__dirname, '../test/files/503.html'), {}, jar, csrf_token);
|
||||
meta.config.allowedFileExtensions = oldValue;
|
||||
|
||||
assert.strictEqual(response.statusCode, 200);
|
||||
assert(body && body.status && body.response && body.response.images);
|
||||
assert(Array.isArray(body.response.images));
|
||||
assert(body.response.images[0].url);
|
||||
});
|
||||
|
||||
it('should fail to upload image to post if image dimensions are too big', (done) => {
|
||||
helpers.uploadFile(`${nconf.get('url')}/api/post/upload`, path.join(__dirname, '../test/files/toobig.png'), {}, jar, csrf_token, (err, res, body) => {
|
||||
assert.ifError(err);
|
||||
assert.strictEqual(res.statusCode, 500);
|
||||
assert(body && body.status && body.status.message);
|
||||
assert.strictEqual(body.status.message, 'Image dimensions are too big');
|
||||
done();
|
||||
});
|
||||
it('should fail to upload image to post if image dimensions are too big', async () => {
|
||||
const { response, body } = await helpers.uploadFile(`${nconf.get('url')}/api/post/upload`, path.join(__dirname, '../test/files/toobig.png'), {}, jar, csrf_token);
|
||||
assert.strictEqual(response.statusCode, 500);
|
||||
assert(body && body.status && body.status.message);
|
||||
assert.strictEqual(body.status.message, 'Image dimensions are too big');
|
||||
});
|
||||
|
||||
it('should fail to upload image to post if image is broken', (done) => {
|
||||
helpers.uploadFile(`${nconf.get('url')}/api/post/upload`, path.join(__dirname, '../test/files/brokenimage.png'), {}, jar, csrf_token, (err, res, body) => {
|
||||
assert.ifError(err);
|
||||
assert.strictEqual(res.statusCode, 500);
|
||||
assert(body && body.status && body.status.message);
|
||||
assert.strictEqual(body.status.message, 'Input file contains unsupported image format');
|
||||
done();
|
||||
});
|
||||
it('should fail to upload image to post if image is broken', async () => {
|
||||
const { response, body } = await helpers.uploadFile(`${nconf.get('url')}/api/post/upload`, path.join(__dirname, '../test/files/brokenimage.png'), {}, jar, csrf_token);
|
||||
assert.strictEqual(response.statusCode, 500);
|
||||
assert(body && body.status && body.status.message);
|
||||
assert.strictEqual(body.status.message, 'Input file contains unsupported image format');
|
||||
});
|
||||
|
||||
it('should fail if file is not an image', (done) => {
|
||||
@@ -286,39 +260,22 @@ describe('Upload Controllers', () => {
|
||||
});
|
||||
});
|
||||
|
||||
it('should delete users uploads if account is deleted', (done) => {
|
||||
let uid;
|
||||
let url;
|
||||
it('should delete users uploads if account is deleted', async () => {
|
||||
const uid = await user.create({ username: 'uploader', password: 'barbar' });
|
||||
const file = require('../src/file');
|
||||
const data = await helpers.loginUser('uploader', 'barbar');
|
||||
const { body } = await helpers.uploadFile(`${nconf.get('url')}/api/post/upload`, path.join(__dirname, '../test/files/test.png'), {}, data.jar, data.csrf_token);
|
||||
|
||||
async.waterfall([
|
||||
function (next) {
|
||||
user.create({ username: 'uploader', password: 'barbar' }, next);
|
||||
},
|
||||
function (_uid, next) {
|
||||
uid = _uid;
|
||||
helpers.loginUser('uploader', 'barbar', next);
|
||||
},
|
||||
function (data, next) {
|
||||
helpers.uploadFile(`${nconf.get('url')}/api/post/upload`, path.join(__dirname, '../test/files/test.png'), {}, data.jar, data.csrf_token, next);
|
||||
},
|
||||
function (res, body, next) {
|
||||
assert(body && body.status && body.response && body.response.images);
|
||||
assert(Array.isArray(body.response.images));
|
||||
assert(body.response.images[0].url);
|
||||
url = body.response.images[0].url;
|
||||
assert(body && body.status && body.response && body.response.images);
|
||||
assert(Array.isArray(body.response.images));
|
||||
assert(body.response.images[0].url);
|
||||
const { url } = body.response.images[0];
|
||||
|
||||
user.delete(1, uid, next);
|
||||
},
|
||||
function (userData, next) {
|
||||
const filePath = path.join(nconf.get('upload_path'), url.replace('/assets/uploads', ''));
|
||||
file.exists(filePath, next);
|
||||
},
|
||||
function (exists, next) {
|
||||
assert(!exists);
|
||||
done();
|
||||
},
|
||||
], done);
|
||||
await user.delete(1, uid);
|
||||
|
||||
const filePath = path.join(nconf.get('upload_path'), url.replace('/assets/uploads', ''));
|
||||
const exists = await file.exists(filePath);
|
||||
assert(!exists);
|
||||
});
|
||||
|
||||
after(emptyUploadsFolder);
|
||||
@@ -337,173 +294,148 @@ describe('Upload Controllers', () => {
|
||||
regular_csrf_token = regularLogin.csrf_token;
|
||||
});
|
||||
|
||||
it('should upload site logo', (done) => {
|
||||
helpers.uploadFile(`${nconf.get('url')}/api/admin/uploadlogo`, path.join(__dirname, '../test/files/test.png'), {}, jar, csrf_token, (err, res, body) => {
|
||||
assert.ifError(err);
|
||||
assert.strictEqual(res.statusCode, 200);
|
||||
assert(Array.isArray(body));
|
||||
assert.equal(body[0].url, `${nconf.get('relative_path')}/assets/uploads/system/site-logo.png`);
|
||||
done();
|
||||
});
|
||||
it('should upload site logo', async () => {
|
||||
const { response, body } = await helpers.uploadFile(`${nconf.get('url')}/api/admin/uploadlogo`, path.join(__dirname, '../test/files/test.png'), {}, jar, csrf_token);
|
||||
assert.strictEqual(response.statusCode, 200);
|
||||
assert(Array.isArray(body));
|
||||
assert.equal(body[0].url, `${nconf.get('relative_path')}/assets/uploads/system/site-logo.png`);
|
||||
});
|
||||
|
||||
it('should fail to upload invalid file type', (done) => {
|
||||
helpers.uploadFile(`${nconf.get('url')}/api/admin/category/uploadpicture`, path.join(__dirname, '../test/files/503.html'), { params: JSON.stringify({ cid: cid }) }, jar, csrf_token, (err, res, body) => {
|
||||
assert.ifError(err);
|
||||
assert.strictEqual(res.statusCode, 500);
|
||||
assert.equal(body.error, '[[error:invalid-image-type, image/png&#44; image/jpeg&#44; image/pjpeg&#44; image/jpg&#44; image/gif&#44; image/svg+xml]]');
|
||||
done();
|
||||
});
|
||||
it('should fail to upload invalid file type', async () => {
|
||||
const { response, body } = await helpers.uploadFile(`${nconf.get('url')}/api/admin/category/uploadpicture`, path.join(__dirname, '../test/files/503.html'), { params: JSON.stringify({ cid: cid }) }, jar, csrf_token);
|
||||
assert.strictEqual(response.statusCode, 500);
|
||||
assert.equal(body.error, '[[error:invalid-image-type, image/png&#44; image/jpeg&#44; image/pjpeg&#44; image/jpg&#44; image/gif&#44; image/svg+xml]]');
|
||||
});
|
||||
|
||||
it('should fail to upload category image with invalid json params', (done) => {
|
||||
helpers.uploadFile(`${nconf.get('url')}/api/admin/category/uploadpicture`, path.join(__dirname, '../test/files/test.png'), { params: 'invalid json' }, jar, csrf_token, (err, res, body) => {
|
||||
assert.ifError(err);
|
||||
assert.strictEqual(res.statusCode, 500);
|
||||
assert.equal(body.error, '[[error:invalid-json]]');
|
||||
done();
|
||||
});
|
||||
it('should fail to upload category image with invalid json params', async () => {
|
||||
const { response, body } = await helpers.uploadFile(`${nconf.get('url')}/api/admin/category/uploadpicture`, path.join(__dirname, '../test/files/test.png'), { params: 'invalid json' }, jar, csrf_token);
|
||||
assert.strictEqual(response.statusCode, 500);
|
||||
assert.equal(body.error, '[[error:invalid-json]]');
|
||||
});
|
||||
|
||||
it('should upload category image', (done) => {
|
||||
helpers.uploadFile(`${nconf.get('url')}/api/admin/category/uploadpicture`, path.join(__dirname, '../test/files/test.png'), { params: JSON.stringify({ cid: cid }) }, jar, csrf_token, (err, res, body) => {
|
||||
assert.ifError(err);
|
||||
assert.equal(res.statusCode, 200);
|
||||
assert(Array.isArray(body));
|
||||
assert.equal(body[0].url, `${nconf.get('relative_path')}/assets/uploads/category/category-1.png`);
|
||||
done();
|
||||
});
|
||||
it('should upload category image', async () => {
|
||||
const { response, body } = await helpers.uploadFile(`${nconf.get('url')}/api/admin/category/uploadpicture`, path.join(__dirname, '../test/files/test.png'), { params: JSON.stringify({ cid: cid }) }, jar, csrf_token);
|
||||
assert.equal(response.statusCode, 200);
|
||||
assert(Array.isArray(body));
|
||||
assert.equal(body[0].url, `${nconf.get('relative_path')}/assets/uploads/category/category-1.png`);
|
||||
});
|
||||
|
||||
it('should upload default avatar', (done) => {
|
||||
helpers.uploadFile(`${nconf.get('url')}/api/admin/uploadDefaultAvatar`, path.join(__dirname, '../test/files/test.png'), { }, jar, csrf_token, (err, res, body) => {
|
||||
assert.ifError(err);
|
||||
assert.equal(res.statusCode, 200);
|
||||
assert.equal(body[0].url, `${nconf.get('relative_path')}/assets/uploads/system/avatar-default.png`);
|
||||
done();
|
||||
});
|
||||
it('should upload default avatar', async () => {
|
||||
const { response, body } = await helpers.uploadFile(`${nconf.get('url')}/api/admin/uploadDefaultAvatar`, path.join(__dirname, '../test/files/test.png'), { }, jar, csrf_token);
|
||||
assert.equal(response.statusCode, 200);
|
||||
assert.equal(body[0].url, `${nconf.get('relative_path')}/assets/uploads/system/avatar-default.png`);
|
||||
});
|
||||
|
||||
it('should upload og image', (done) => {
|
||||
helpers.uploadFile(`${nconf.get('url')}/api/admin/uploadOgImage`, path.join(__dirname, '../test/files/test.png'), { }, jar, csrf_token, (err, res, body) => {
|
||||
assert.ifError(err);
|
||||
assert.equal(res.statusCode, 200);
|
||||
assert.equal(body[0].url, `${nconf.get('relative_path')}/assets/uploads/system/og-image.png`);
|
||||
done();
|
||||
});
|
||||
it('should upload og image', async () => {
|
||||
const { response, body } = await helpers.uploadFile(`${nconf.get('url')}/api/admin/uploadOgImage`, path.join(__dirname, '../test/files/test.png'), { }, jar, csrf_token);
|
||||
assert.equal(response.statusCode, 200);
|
||||
assert.equal(body[0].url, `${nconf.get('relative_path')}/assets/uploads/system/og-image.png`);
|
||||
});
|
||||
|
||||
it('should upload favicon', (done) => {
|
||||
helpers.uploadFile(`${nconf.get('url')}/api/admin/uploadfavicon`, path.join(__dirname, '../test/files/favicon.ico'), {}, jar, csrf_token, (err, res, body) => {
|
||||
assert.ifError(err);
|
||||
assert.equal(res.statusCode, 200);
|
||||
assert(Array.isArray(body));
|
||||
assert.equal(body[0].url, '/assets/uploads/system/favicon.ico');
|
||||
done();
|
||||
});
|
||||
it('should upload favicon', async () => {
|
||||
const { response, body } = await helpers.uploadFile(`${nconf.get('url')}/api/admin/uploadfavicon`, path.join(__dirname, '../test/files/favicon.ico'), {}, jar, csrf_token);
|
||||
assert.equal(response.statusCode, 200);
|
||||
assert(Array.isArray(body));
|
||||
assert.equal(body[0].url, '/assets/uploads/system/favicon.ico');
|
||||
});
|
||||
|
||||
it('should upload touch icon', (done) => {
|
||||
it('should upload touch icon', async () => {
|
||||
const touchiconAssetPath = '/assets/uploads/system/touchicon-orig.png';
|
||||
helpers.uploadFile(`${nconf.get('url')}/api/admin/uploadTouchIcon`, path.join(__dirname, '../test/files/test.png'), {}, jar, csrf_token, (err, res, body) => {
|
||||
assert.ifError(err);
|
||||
assert.equal(res.statusCode, 200);
|
||||
assert(Array.isArray(body));
|
||||
assert.equal(body[0].url, touchiconAssetPath);
|
||||
meta.config['brand:touchIcon'] = touchiconAssetPath;
|
||||
request(`${nconf.get('url')}/apple-touch-icon`, (err, res, body) => {
|
||||
assert.ifError(err);
|
||||
assert.equal(res.statusCode, 200);
|
||||
assert(body);
|
||||
done();
|
||||
});
|
||||
});
|
||||
const { response, body } = await helpers.uploadFile(
|
||||
`${nconf.get('url')}/api/admin/uploadTouchIcon`,
|
||||
path.join(__dirname, '../test/files/test.png'),
|
||||
{},
|
||||
jar,
|
||||
csrf_token
|
||||
);
|
||||
|
||||
assert.equal(response.statusCode, 200);
|
||||
assert(Array.isArray(body));
|
||||
assert.equal(body[0].url, touchiconAssetPath);
|
||||
meta.config['brand:touchIcon'] = touchiconAssetPath;
|
||||
const { response: res1, body: body1 } = await request.get(`${nconf.get('url')}/apple-touch-icon`);
|
||||
assert.equal(res1.statusCode, 200);
|
||||
assert(body1);
|
||||
});
|
||||
|
||||
it('should upload regular file', (done) => {
|
||||
helpers.uploadFile(`${nconf.get('url')}/api/admin/upload/file`, path.join(__dirname, '../test/files/test.png'), {
|
||||
it('should upload regular file', async () => {
|
||||
const { response, body } = await helpers.uploadFile(`${nconf.get('url')}/api/admin/upload/file`, path.join(__dirname, '../test/files/test.png'), {
|
||||
params: JSON.stringify({
|
||||
folder: 'system',
|
||||
}),
|
||||
}, jar, csrf_token, (err, res, body) => {
|
||||
assert.ifError(err);
|
||||
assert.equal(res.statusCode, 200);
|
||||
assert(Array.isArray(body));
|
||||
assert.equal(body[0].url, '/assets/uploads/system/test.png');
|
||||
assert(file.existsSync(path.join(nconf.get('upload_path'), 'system', 'test.png')));
|
||||
done();
|
||||
});
|
||||
}, jar, csrf_token);
|
||||
|
||||
assert.equal(response.statusCode, 200);
|
||||
assert(Array.isArray(body));
|
||||
assert.equal(body[0].url, '/assets/uploads/system/test.png');
|
||||
assert(file.existsSync(path.join(nconf.get('upload_path'), 'system', 'test.png')));
|
||||
});
|
||||
|
||||
it('should fail to upload regular file in wrong directory', (done) => {
|
||||
helpers.uploadFile(`${nconf.get('url')}/api/admin/upload/file`, path.join(__dirname, '../test/files/test.png'), {
|
||||
it('should fail to upload regular file in wrong directory', async () => {
|
||||
const { response, body } = await helpers.uploadFile(`${nconf.get('url')}/api/admin/upload/file`, path.join(__dirname, '../test/files/test.png'), {
|
||||
params: JSON.stringify({
|
||||
folder: '../../system',
|
||||
}),
|
||||
}, jar, csrf_token, (err, res, body) => {
|
||||
assert.ifError(err);
|
||||
assert.equal(res.statusCode, 500);
|
||||
assert.strictEqual(body.error, '[[error:invalid-path]]');
|
||||
done();
|
||||
});
|
||||
}, jar, csrf_token);
|
||||
|
||||
assert.equal(response.statusCode, 500);
|
||||
assert.strictEqual(body.error, '[[error:invalid-path]]');
|
||||
});
|
||||
|
||||
describe('ACP uploads screen', () => {
|
||||
it('should create a folder', async () => {
|
||||
const res = await helpers.createFolder('', 'myfolder', jar, csrf_token);
|
||||
assert.strictEqual(res.statusCode, 200);
|
||||
const { response } = await helpers.createFolder('', 'myfolder', jar, csrf_token);
|
||||
assert.strictEqual(response.statusCode, 200);
|
||||
assert(file.existsSync(path.join(nconf.get('upload_path'), 'myfolder')));
|
||||
});
|
||||
|
||||
it('should fail to create a folder if it already exists', async () => {
|
||||
const res = await helpers.createFolder('', 'myfolder', jar, csrf_token);
|
||||
assert.strictEqual(res.statusCode, 403);
|
||||
assert.deepStrictEqual(res.body.status, {
|
||||
const { response, body } = await helpers.createFolder('', 'myfolder', jar, csrf_token);
|
||||
assert.strictEqual(response.statusCode, 403);
|
||||
assert.deepStrictEqual(body.status, {
|
||||
code: 'forbidden',
|
||||
message: 'Folder exists',
|
||||
});
|
||||
});
|
||||
|
||||
it('should fail to create a folder as a non-admin', async () => {
|
||||
const res = await helpers.createFolder('', 'hisfolder', regularJar, regular_csrf_token);
|
||||
assert.strictEqual(res.statusCode, 403);
|
||||
assert.deepStrictEqual(res.body.status, {
|
||||
const { response, body } = await helpers.createFolder('', 'hisfolder', regularJar, regular_csrf_token);
|
||||
assert.strictEqual(response.statusCode, 403);
|
||||
assert.deepStrictEqual(body.status, {
|
||||
code: 'forbidden',
|
||||
message: 'You are not authorised to make this call',
|
||||
});
|
||||
});
|
||||
|
||||
it('should fail to create a folder in wrong directory', async () => {
|
||||
const res = await helpers.createFolder('../traversing', 'unexpectedfolder', jar, csrf_token);
|
||||
assert.strictEqual(res.statusCode, 403);
|
||||
assert.deepStrictEqual(res.body.status, {
|
||||
const { response, body } = await helpers.createFolder('../traversing', 'unexpectedfolder', jar, csrf_token);
|
||||
assert.strictEqual(response.statusCode, 403);
|
||||
assert.deepStrictEqual(body.status, {
|
||||
code: 'forbidden',
|
||||
message: 'Invalid path',
|
||||
});
|
||||
});
|
||||
|
||||
it('should use basename of given folderName to create new folder', async () => {
|
||||
const res = await helpers.createFolder('/myfolder', '../another folder', jar, csrf_token);
|
||||
assert.strictEqual(res.statusCode, 200);
|
||||
const { response } = await helpers.createFolder('/myfolder', '../another folder', jar, csrf_token);
|
||||
assert.strictEqual(response.statusCode, 200);
|
||||
const slugifiedName = 'another-folder';
|
||||
assert(file.existsSync(path.join(nconf.get('upload_path'), 'myfolder', slugifiedName)));
|
||||
});
|
||||
|
||||
it('should fail to delete a file as a non-admin', async () => {
|
||||
const res = await requestAsync.delete(`${nconf.get('url')}/api/v3/files`, {
|
||||
body: {
|
||||
const { response, body } = await request.delete(`${nconf.get('url')}/api/v3/files`, {
|
||||
data: {
|
||||
path: '/system/test.png',
|
||||
},
|
||||
jar: regularJar,
|
||||
json: true,
|
||||
headers: {
|
||||
'x-csrf-token': regular_csrf_token,
|
||||
},
|
||||
simple: false,
|
||||
resolveWithFullResponse: true,
|
||||
validateStatus: null,
|
||||
});
|
||||
assert.strictEqual(res.statusCode, 403);
|
||||
assert.deepStrictEqual(res.body.status, {
|
||||
assert.strictEqual(response.statusCode, 403);
|
||||
assert.deepStrictEqual(body.status, {
|
||||
code: 'forbidden',
|
||||
message: 'You are not authorised to make this call',
|
||||
});
|
||||
|
||||
Reference in New Issue
Block a user