Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2026-03-06 12:31:33 +01:00
Code Issues Packages Projects Releases Wiki Activity

axios migration

Browse Source
This commit is contained in:
Barış Soner Uşaklı
2023-12-16 19:40:36 -05:00
parent 7b7bfdb762
commit db75571923
14 changed files with 716 additions and 1027 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
install/package.json
View File

@@ -38,6 +38,7 @@
"archiver": "6.0.1",
"async": "3.2.5",
"autoprefixer": "10.4.16",
"axios": "1.6.2",
"bcryptjs": "2.4.3",
"benchpressjs": "2.5.1",
"body-parser": "1.20.2",
@@ -68,6 +69,7 @@
"express-session": "1.17.3",
"express-useragent": "1.0.15",
"file-loader": "6.2.0",
"form-data": "4.0.0",
"fs-extra": "11.2.0",
"graceful-fs": "4.2.11",
"helmet": "7.1.0",
@@ -119,8 +121,6 @@
"progress-webpack-plugin": "1.0.16",
"prompt": "1.3.0",
"ioredis": "5.3.2",
"request": "2.88.2",
"request-promise-native": "1.0.9",
"rimraf": "5.0.5",
"rss": "1.2.2",
"rtlcss": "4.1.1",

42
src/admin/versions.js
View File

@@ -1,15 +1,16 @@
'use strict';
const request = require('request');
const request = require('../request');
const meta = require('../meta');
let versionCache = '';
let versionCacheLastModified = '';
const isPrerelease = /^v?\d+\.\d+\.\d+-.+$/;
const latestReleaseUrl = 'https://api.github.com/repos/NodeBB/NodeBB/releases/latest';
function getLatestVersion(callback) {
async function getLatestVersion() {
return '';
const headers = {
Accept: 'application/vnd.github.v3+json',
'User-Agent': encodeURIComponent(`NodeBB Admin Control Panel/${meta.config.title}`),
@@ -18,32 +19,25 @@ function getLatestVersion(callback) {
if (versionCacheLastModified) {
headers['If-Modified-Since'] = versionCacheLastModified;
}
request('https://api.github.com/repos/NodeBB/NodeBB/releases/latest', {
json: true,
headers: headers,
timeout: 2000,
}, (err, res, latestRelease) => {
if (err) {
return callback(err);
}
if (res.statusCode === 304) {
return callback(null, versionCache);
}
if (res.statusCode !== 200) {
return callback(new Error(res.statusMessage));
}
try {
const { body: latestRelease, response } = await request.get(latestReleaseUrl, {
headers: headers,
timeout: 2000,
});
if (!latestRelease || !latestRelease.tag_name) {
return callback(new Error('[[error:cant-get-latest-release]]'));
throw new Error('[[error:cant-get-latest-release]]');
}
const tagName = latestRelease.tag_name.replace(/^v/, '');
versionCache = tagName;
versionCacheLastModified = res.headers['last-modified'];
callback(null, versionCache);
});
versionCacheLastModified = response.headers['last-modified'];
return versionCache;
} catch (err) {
if (err.response && err.response.status === 304) {
return versionCache;
}
throw err;
}
}
exports.getLatestVersion = getLatestVersion;

8
src/cli/upgrade-plugins.js
View File

@@ -1,13 +1,13 @@
'use strict';
const prompt = require('prompt');
const request = require('request-promise-native');
const cproc = require('child_process');
const semver = require('semver');
const fs = require('fs');
const path = require('path');
const chalk = require('chalk');
const request = require('../request');
const { paths, pluginNamePattern } = require('../constants');
const pkgInstall = require('./package-install');
@@ -74,11 +74,7 @@ async function getCurrentVersion() {
}
async function getSuggestedModules(nbbVersion, toCheck) {
let body = await request({
method: 'GET',
url: `https://packages.nodebb.org/api/v1/suggest?version=${nbbVersion}&package[]=${toCheck.join('&package[]=')}`,
json: true,
});
let { body } = await request.get(`https://packages.nodebb.org/api/v1/suggest?version=${nbbVersion}&package[]=${toCheck.join('&package[]=')}`);
if (!Array.isArray(body) && toCheck.length === 1) {
body = [body];
}

2
src/middleware/maintenance.js
View File

@@ -39,7 +39,7 @@ module.exports = function (middleware) {
const data = {
site_title: meta.config.title || 'NodeBB',
message: meta.config.maintenanceModeMessage,
message: meta.config.maintenanceModeMessage || '',
};
if (res.locals.isAPI) {

15
src/plugins/index.js
View File

@@ -6,8 +6,8 @@ const winston = require('winston');
const semver = require('semver');
const nconf = require('nconf');
const chalk = require('chalk');
const request = require('request-promise-native');
const request = require('../request');
const user = require('../user');
const posts = require('../posts');
@@ -153,9 +153,7 @@ Plugins.reloadRoutes = async function (params) {
Plugins.get = async function (id) {
const url = `${nconf.get('registry') || 'https://packages.nodebb.org'}/api/v1/plugins/${id}`;
const body = await request(url, {
json: true,
});
const { body } = await request.get(url);
let normalised = await Plugins.normalise([body ? body.payload : {}]);
normalised = normalised.filter(plugin => plugin.id === id);
@@ -169,9 +167,7 @@ Plugins.list = async function (matching) {
const { version } = require(paths.currentPackage);
const url = `${nconf.get('registry') || 'https://packages.nodebb.org'}/api/v1/plugins${matching !== false ? `?version=${version}` : ''}`;
try {
const body = await request(url, {
json: true,
});
const { body } = await request.get(url);
return await Plugins.normalise(body);
} catch (err) {
winston.error(`Error loading ${url}`, err);
@@ -181,9 +177,8 @@ Plugins.list = async function (matching) {
Plugins.listTrending = async () => {
const url = `${nconf.get('registry') || 'https://packages.nodebb.org'}/api/v1/analytics/top/week`;
return await request(url, {
json: true,
});
const { body } = await request.get(url);
return body;
};
Plugins.normalise = async function (apiReturn) {

14
src/plugins/install.js
View File

@@ -7,8 +7,8 @@ const nconf = require('nconf');
const os = require('os');
const cproc = require('child_process');
const util = require('util');
const request = require('request-promise-native');
const request = require('../request');
const db = require('../database');
const meta = require('../meta');
const pubsub = require('../pubsub');
@@ -74,11 +74,7 @@ module.exports = function (Plugins) {
};
Plugins.checkWhitelist = async function (id, version) {
const body = await request({
method: 'GET',
url: `https://packages.nodebb.org/api/v1/plugins/${encodeURIComponent(id)}`,
json: true,
});
const { body } = await request.get(`https://packages.nodebb.org/api/v1/plugins/${encodeURIComponent(id)}`);
if (body && body.code === 'ok' && (version === 'latest' || body.payload.valid.includes(version))) {
return;
@@ -88,11 +84,7 @@ module.exports = function (Plugins) {
};
Plugins.suggest = async function (pluginId, nbbVersion) {
const body = await request({
method: 'GET',
url: `https://packages.nodebb.org/api/v1/suggest?package=${encodeURIComponent(pluginId)}&version=${encodeURIComponent(nbbVersion)}`,
json: true,
});
const { body } = await request.get(`https://packages.nodebb.org/api/v1/suggest?package=${encodeURIComponent(pluginId)}&version=${encodeURIComponent(nbbVersion)}`);
return body;
};

45
src/plugins/usage.js
View File

@@ -1,48 +1,45 @@
'use strict';
const nconf = require('nconf');
const request = require('request');
const winston = require('winston');
const crypto = require('crypto');
const cronJob = require('cron').CronJob;
const request = require('../request');
const pkg = require('../../package.json');
const meta = require('../meta');
module.exports = function (Plugins) {
Plugins.startJobs = function () {
new cronJob('0 0 0 * * *', (() => {
Plugins.submitUsageData();
new cronJob('0 0 0 * * *', (async () => {
await Plugins.submitUsageData();
}), null, true);
};
Plugins.submitUsageData = function (callback) {
callback = callback || function () {};
Plugins.submitUsageData = async function () {
if (!meta.config.submitPluginUsage || !Plugins.loadedPlugins.length || global.env !== 'production') {
return callback();
return;
}
const hash = crypto.createHash('sha256');
hash.update(nconf.get('url'));
request.post(`${nconf.get('registry') || 'https://packages.nodebb.org'}/api/v1/plugin/usage`, {
form: {
id: hash.digest('hex'),
version: pkg.version,
plugins: Plugins.loadedPlugins,
},
timeout: 5000,
}, (err, res, body) => {
if (err) {
winston.error(err.stack);
return callback(err);
const url = `${nconf.get('registry') || 'https://packages.nodebb.org'}/api/v1/plugin/usage`;
try {
const { response, body } = await request.post(url, {
data: {
id: hash.digest('hex'),
version: pkg.version,
plugins: Plugins.loadedPlugins,
},
timeout: 5000,
});
console.log(response, body);
if (response.status !== 200) {
winston.error(`[plugins.submitUsageData] received ${response.status} ${body}`);
}
if (res.statusCode !== 200) {
winston.error(`[plugins.submitUsageData] received ${res.statusCode} ${body}`);
callback(new Error(`[[error:nbbpm-${res.statusCode}]]`));
} else {
callback();
}
});
} catch (err) {
winston.error(err.stack);
}
};
};

50
src/request.js Normal file
View File

@@ -0,0 +1,50 @@
'use strict';
const axios = require('axios').default;
const { CookieJar } = require('tough-cookie');
const { wrapper } = require('axios-cookiejar-support');
wrapper(axios);
exports.jar = function () {
return new CookieJar();
};
async function call(url, method, config = {}) {
const result = await axios({
...config,
method,
url: url,
});
return {
body: result.data,
response: {
status: result.status,
statusCode: result.status,
statusText: result.statusText,
headers: result.headers,
},
};
}
/*
const { body, response } = await request.get('someurl?foo=1&baz=2')
or
const { body, response } = await request.get('someurl', { params: { foo:1, baz: 2 } })
*/
exports.get = async (url, config) => call(url, 'get', config);
exports.head = async (url, config) => call(url, 'head', config);
exports.del = async (url, config) => call(url, 'delete', config);
exports.delete = exports.del;
exports.options = async (url, config) => call(url, 'delete', config);
/*
const { body, response } = await request.post('someurl', { data: { foo: 1, baz: 2}})
*/
exports.post = async (url, config) => call(url, 'post', config);
exports.put = async (url, config) => call(url, 'put', config);
exports.patch = async (url, config) => call(url, 'patch', config);

4
src/socket.io/admin.js
View File

@@ -100,8 +100,8 @@ SocketAdmin.getSearchDict = async function (socket) {
return await getAdminSearchDict(lang);
};
SocketAdmin.deleteAllSessions = function (socket, data, callback) {
user.auth.deleteAllSessions(callback);
SocketAdmin.deleteAllSessions = async function () {
await user.auth.deleteAllSessions();
};
SocketAdmin.reloadAllSessions = function (socket, data, callback) {

59
test/api.js
View File

@@ -5,13 +5,13 @@ const assert = require('assert');
const path = require('path');
const fs = require('fs');
const SwaggerParser = require('@apidevtools/swagger-parser');
const request = require('request-promise-native');
const nconf = require('nconf');
const jwt = require('jsonwebtoken');
const util = require('util');
const wait = util.promisify(setTimeout);
const request = require('../src/request');
const db = require('./mocks/databasemock');
const helpers = require('./helpers');
const meta = require('../src/meta');
@@ -314,12 +314,7 @@ describe('API', async () => {
({ jar } = await helpers.loginUser('admin', '123456'));
// Retrieve CSRF token using cookie, to test Write API
const config = await request({
url: `${nconf.get('url')}/api/config`,
json: true,
jar: jar,
});
csrfToken = config.csrf_token;
csrfToken = await helpers.getCsrfToken(jar);
setup = true;
}
@@ -409,7 +404,7 @@ describe('API', async () => {
paths.forEach((path) => {
const context = api.paths[path];
let schema;
let response;
let result;
let url;
let method;
const headers = {};
@@ -498,26 +493,16 @@ describe('API', async () => {
try {
if (type === 'json') {
response = await request(url, {
method: method,
result = await request[method](url, {
jar: !unauthenticatedRoutes.includes(path) ? jar : undefined,
json: true,
followRedirect: false, // all responses are significant (e.g. 302)
simple: false, // don't throw on non-200 (e.g. 302)
resolveWithFullResponse: true, // send full request back (to check statusCode)
maxRedirects: 0,
validateStatus: null, // don't throw on non-200 (e.g. 302)
headers: headers,
qs: qs,
body: body,
params: qs,
data: body,
});
} else if (type === 'form') {
response = await new Promise((resolve, reject) => {
helpers.uploadFile(url, pathLib.join(__dirname, './files/test.png'), {}, jar, csrfToken, (err, res) => {
if (err) {
return reject(err);
}
resolve(res);
});
});
result = await helpers.uploadFile(url, pathLib.join(__dirname, './files/test.png'), {}, jar, csrfToken);
}
} catch (e) {
assert(!e, `${method.toUpperCase()} ${path} errored with: ${e.message}`);
@@ -526,13 +511,18 @@ describe('API', async () => {
it('response status code should match one of the schema defined responses', () => {
// HACK: allow HTTP 418 I am a teapot, for now 👇
assert(context[method].responses.hasOwnProperty('418') || Object.keys(context[method].responses).includes(String(response.statusCode)), `${method.toUpperCase()} ${path} sent back unexpected HTTP status code: ${response.statusCode}`);
const { responses } = context[method];
assert(
responses.hasOwnProperty('418') ||
Object.keys(responses).includes(String(result.response.statusCode)),
`${method.toUpperCase()} ${path} sent back unexpected HTTP status code: ${result.response.statusCode}`
);
});
// Recursively iterate through schema properties, comparing type
it('response body should match schema definition', () => {
const http302 = context[method].responses['302'];
if (http302 && response.statusCode === 302) {
if (http302 && result.response.statusCode === 302) {
// Compare headers instead
const expectedHeaders = Object.keys(http302.headers).reduce((memo, name) => {
const value = http302.headers[name].schema.example;
@@ -541,13 +531,13 @@ describe('API', async () => {
}, {});
for (const header of Object.keys(expectedHeaders)) {
assert(response.headers[header.toLowerCase()]);
assert.strictEqual(response.headers[header.toLowerCase()], expectedHeaders[header]);
assert(result.response.headers[header.toLowerCase()]);
assert.strictEqual(result.response.headers[header.toLowerCase()], expectedHeaders[header]);
}
return;
}
if (response.statusCode === 400 && context[method].responses['400']) {
if (result.response.statusCode === 400 && context[method].responses['400']) {
// TODO: check 400 schema to response.body?
return;
}
@@ -557,12 +547,12 @@ describe('API', async () => {
return;
}
assert.strictEqual(response.statusCode, 200, `HTTP 200 expected (path: ${method} ${path}`);
assert.strictEqual(result.response.statusCode, 200, `HTTP 200 expected (path: ${method} ${path}`);
const hasJSON = http200.content && http200.content['application/json'];
if (hasJSON) {
schema = context[method].responses['200'].content['application/json'].schema;
compare(schema, response.body, method.toUpperCase(), path, 'root');
compare(schema, result.body, method.toUpperCase(), path, 'root');
}
// TODO someday: text/csv, binary file type checking?
@@ -576,12 +566,7 @@ describe('API', async () => {
mocks.delete['/users/{uid}/sessions/{uuid}'][1].example = Object.keys(sessionUUIDs).pop();
// Retrieve CSRF token using cookie, to test Write API
const config = await request({
url: `${nconf.get('url')}/api/config`,
json: true,
jar: jar,
});
csrfToken = config.csrf_token;
csrfToken = await helpers.getCsrfToken(jar);
}
});
});

440
test/authentication.js
View File

@@ -3,12 +3,9 @@
const assert = require('assert');
const url = require('url');
const async = require('async');
const nconf = require('nconf');
const request = require('request');
const requestAsync = require('request-promise-native');
const util = require('util');
const request = require('../src/request');
const db = require('./mocks/databasemock');
const user = require('../src/user');
const utils = require('../src/utils');
@@ -45,8 +42,8 @@ describe('authentication', () => {
it('should allow login with email for uid 1', async () => {
const oldValue = meta.config.allowLoginWith;
meta.config.allowLoginWith = 'username-email';
const { res } = await helpers.loginUser('regular@nodebb.org', 'regularpwd');
assert.strictEqual(res.statusCode, 200);
const { response } = await helpers.loginUser('regular@nodebb.org', 'regularpwd');
assert.strictEqual(response.statusCode, 200);
meta.config.allowLoginWith = oldValue;
});
@@ -54,150 +51,113 @@ describe('authentication', () => {
const oldValue = meta.config.allowLoginWith;
meta.config.allowLoginWith = 'username-email';
const uid = await user.create({ username: '2nduser', password: '2ndpassword', email: '2nduser@nodebb.org' });
const { res, body } = await helpers.loginUser('2nduser@nodebb.org', '2ndpassword');
assert.strictEqual(res.statusCode, 403);
const { response, body } = await helpers.loginUser('2nduser@nodebb.org', '2ndpassword');
assert.strictEqual(response.statusCode, 403);
assert.strictEqual(body, '[[error:invalid-login-credentials]]');
meta.config.allowLoginWith = oldValue;
});
it('should fail to create user if username is too short', (done) => {
helpers.registerUser({
it('should fail to create user if username is too short', async () => {
const { response, body } = await helpers.registerUser({
username: 'a',
password: '123456',
}, (err, jar, response, body) => {
assert.ifError(err);
assert.equal(response.statusCode, 400);
assert.equal(body, '[[error:username-too-short]]');
done();
});
assert.equal(response.statusCode, 400);
assert.equal(body, '[[error:username-too-short]]');
});
it('should fail to create user if userslug is too short', (done) => {
helpers.registerUser({
it('should fail to create user if userslug is too short', async () => {
const { response, body } = await helpers.registerUser({
username: '----a-----',
password: '123456',
}, (err, jar, response, body) => {
assert.ifError(err);
assert.equal(response.statusCode, 400);
assert.equal(body, '[[error:username-too-short]]');
done();
});
assert.equal(response.statusCode, 400);
assert.equal(body, '[[error:username-too-short]]');
});
it('should fail to create user if userslug is too short', (done) => {
helpers.registerUser({
it('should fail to create user if userslug is too short', async () => {
const { response, body } = await helpers.registerUser({
username: ' a',
password: '123456',
}, (err, jar, response, body) => {
assert.ifError(err);
assert.equal(response.statusCode, 400);
assert.equal(body, '[[error:username-too-short]]');
done();
});
assert.equal(response.statusCode, 400);
assert.equal(body, '[[error:username-too-short]]');
});
it('should fail to create user if userslug is too short', (done) => {
helpers.registerUser({
it('should fail to create user if userslug is too short', async () => {
const { response, body } = await helpers.registerUser({
username: 'a ',
password: '123456',
}, (err, jar, response, body) => {
assert.ifError(err);
assert.equal(response.statusCode, 400);
assert.equal(body, '[[error:username-too-short]]');
done();
});
assert.equal(response.statusCode, 400);
assert.equal(body, '[[error:username-too-short]]');
});
it('should register and login a user', (done) => {
request({
url: `${nconf.get('url')}/api/config`,
json: true,
it('should register and login a user', async () => {
const jar = request.jar();
const csrf_token = await helpers.getCsrfToken(jar);
const { body } = await request.post(`${nconf.get('url')}/register`, {
jar,
data: {
email: 'admin@nodebb.org',
username: 'admin',
password: 'adminpwd',
'password-confirm': 'adminpwd',
userLang: 'it',
gdpr_consent: true,
},
headers: {
'x-csrf-token': csrf_token,
},
});
const validationPending = await user.email.isValidationPending(body.uid, 'admin@nodebb.org');
assert.strictEqual(validationPending, true);
assert(body);
assert(body.hasOwnProperty('uid') && body.uid > 0);
const newUid = body.uid;
const { body: self } = await request.get(`${nconf.get('url')}/api/self`, {
jar,
});
assert(self);
assert.equal(self.username, 'admin');
assert.equal(self.uid, newUid);
const settings = await user.getSettings(body.uid);
assert.equal(settings.userLang, 'it');
});
it('should logout a user', async () => {
await helpers.logoutUser(jar);
const { response, body } = await request.get(`${nconf.get('url')}/api/me`, {
jar: jar,
}, (err, response, body) => {
assert.ifError(err);
request.post(`${nconf.get('url')}/register`, {
form: {
email: 'admin@nodebb.org',
username: 'admin',
password: 'adminpwd',
'password-confirm': 'adminpwd',
userLang: 'it',
gdpr_consent: true,
},
json: true,
jar: jar,
headers: {
'x-csrf-token': body.csrf_token,
},
}, async (err, response, body) => {
const validationPending = await user.email.isValidationPending(body.uid, 'admin@nodebb.org');
assert.strictEqual(validationPending, true);
assert.ifError(err);
assert(body);
assert(body.hasOwnProperty('uid') && body.uid > 0);
const newUid = body.uid;
request({
url: `${nconf.get('url')}/api/self`,
json: true,
jar: jar,
}, (err, response, body) => {
assert.ifError(err);
assert(body);
assert.equal(body.username, 'admin');
assert.equal(body.uid, newUid);
user.getSettings(body.uid, (err, settings) => {
assert.ifError(err);
assert.equal(settings.userLang, 'it');
done();
});
});
});
});
});
it('should logout a user', (done) => {
helpers.logoutUser(jar, (err) => {
assert.ifError(err);
request({
url: `${nconf.get('url')}/api/me`,
json: true,
jar: jar,
}, (err, res, body) => {
assert.ifError(err);
assert.equal(res.statusCode, 401);
assert.strictEqual(body.status.code, 'not-authorised');
done();
});
validateStatus: null,
});
assert.equal(response.statusCode, 401);
assert.strictEqual(body.status.code, 'not-authorised');
});
it('should regenerate the session identifier on successful login', async () => {
const matchRegexp = /express\.sid=s%3A(.+?);/;
const { hostname, path } = url.parse(nconf.get('url'));
const sid = String(jar._jar.store.idx[hostname][path]['express.sid']).match(matchRegexp)[1];
const sid = String(jar.store.idx[hostname][path]['express.sid']).match(matchRegexp)[1];
await helpers.logoutUser(jar);
const newJar = (await helpers.loginUser('regular', 'regularpwd')).jar;
const newSid = String(newJar._jar.store.idx[hostname][path]['express.sid']).match(matchRegexp)[1];
const newSid = String(newJar.store.idx[hostname][path]['express.sid']).match(matchRegexp)[1];
assert.notStrictEqual(newSid, sid);
});
it('should revoke all sessions', (done) => {
it('should revoke all sessions', async () => {
const socketAdmin = require('../src/socket.io/admin');
db.sortedSetCard(`uid:${regularUid}:sessions`, (err, count) => {
assert.ifError(err);
assert(count);
socketAdmin.deleteAllSessions({ uid: 1 }, {}, (err) => {
assert.ifError(err);
db.sortedSetCard(`uid:${regularUid}:sessions`, (err, count) => {
assert.ifError(err);
assert(!count);
done();
});
});
});
let sessionCount = await db.sortedSetCard(`uid:${regularUid}:sessions`);
assert(sessionCount);
await socketAdmin.deleteAllSessions({ uid: 1 }, {});
sessionCount = await db.sortedSetCard(`uid:${regularUid}:sessions`);
assert(!sessionCount);
});
describe('login', () => {
@@ -205,11 +165,12 @@ describe('authentication', () => {
let password;
let uid;
function getCookieExpiry(res) {
assert(res.headers['set-cookie']);
assert.strictEqual(res.headers['set-cookie'][0].includes('Expires'), true);
function getCookieExpiry(response) {
const { headers } = response;
assert(headers['set-cookie']);
assert.strictEqual(headers['set-cookie'][0].includes('Expires'), true);
const values = res.headers['set-cookie'][0].split(';');
const values = headers['set-cookie'][0].split(';');
return values.reduce((memo, cur) => {
if (!memo) {
const [name, value] = cur.split('=');
@@ -230,9 +191,7 @@ describe('authentication', () => {
it('should login a user', async () => {
const { jar, body: loginBody } = await helpers.loginUser(username, password);
assert(loginBody);
const body = await requestAsync({
url: `${nconf.get('url')}/api/self`,
json: true,
const { body } = await request.get(`${nconf.get('url')}/api/self`, {
jar,
});
assert(body);
@@ -243,11 +202,11 @@ describe('authentication', () => {
});
it('should set a cookie that only lasts for the life of the browser session', async () => {
const { res } = await helpers.loginUser(username, password);
const { response } = await helpers.loginUser(username, password);
assert(res.headers);
assert(res.headers['set-cookie']);
assert.strictEqual(res.headers['set-cookie'][0].includes('Expires'), false);
assert(response.headers);
assert(response.headers['set-cookie']);
assert.strictEqual(response.headers['set-cookie'][0].includes('Expires'), false);
});
it('should set a different expiry if sessionDuration is set', async () => {
@@ -255,9 +214,9 @@ describe('authentication', () => {
const days = 1;
meta.config.sessionDuration = days * 24 * 60 * 60;
const { res } = await helpers.loginUser(username, password);
const { response } = await helpers.loginUser(username, password);
const expiry = getCookieExpiry(res);
const expiry = getCookieExpiry(response);
const expected = new Date();
expected.setUTCDate(expected.getUTCDate() + days);
@@ -267,9 +226,9 @@ describe('authentication', () => {
});
it('should set a cookie that lasts for x days where x is loginDays setting, if asked to remember', async () => {
const { res } = await helpers.loginUser(username, password, { remember: 'on' });
const { response } = await helpers.loginUser(username, password, { remember: 'on' });
const expiry = getCookieExpiry(res);
const expiry = getCookieExpiry(response);
const expected = new Date();
expected.setUTCDate(expected.getUTCDate() + meta.config.loginDays);
@@ -280,9 +239,9 @@ describe('authentication', () => {
const _loginDays = meta.config.loginDays;
meta.config.loginDays = 5;
const { res } = await helpers.loginUser(username, password, { remember: 'on' });
const { response } = await helpers.loginUser(username, password, { remember: 'on' });
const expiry = getCookieExpiry(res);
const expiry = getCookieExpiry(response);
const expected = new Date();
expected.setUTCDate(expected.getUTCDate() + meta.config.loginDays);
@@ -295,9 +254,9 @@ describe('authentication', () => {
const _loginSeconds = meta.config.loginSeconds;
meta.config.loginSeconds = 60;
const { res } = await helpers.loginUser(username, password, { remember: 'on' });
const { response } = await helpers.loginUser(username, password, { remember: 'on' });
const expiry = getCookieExpiry(res);
const expiry = getCookieExpiry(response);
const expected = new Date();
expected.setUTCSeconds(expected.getUTCSeconds() + meta.config.loginSeconds);
@@ -308,64 +267,53 @@ describe('authentication', () => {
});
});
it('should fail to login if ip address is invalid', (done) => {
it('should fail to login if ip address is invalid', async () => {
const jar = request.jar();
request({
url: `${nconf.get('url')}/api/config`,
json: true,
jar: jar,
}, (err, response, body) => {
if (err) {
return done(err);
}
const csrf_token = await helpers.getCsrfToken(jar);
request.post(`${nconf.get('url')}/login`, {
form: {
username: 'regular',
password: 'regularpwd',
},
json: true,
jar: jar,
headers: {
'x-csrf-token': body.csrf_token,
'x-forwarded-for': '<script>alert("xss")</script>',
},
}, (err, response, body) => {
assert.ifError(err);
assert.equal(response.statusCode, 500);
done();
});
const { response } = await request.post(`${nconf.get('url')}/login`, {
data: {
username: 'regular',
password: 'regularpwd',
},
jar: jar,
validateStatus: () => true,
headers: {
'x-csrf-token': csrf_token,
'x-forwarded-for': '<script>alert("xss")</script>',
},
});
assert.equal(response.status, 500);
});
it('should fail to login if user does not exist', async () => {
const { res, body } = await helpers.loginUser('doesnotexist', 'nopassword');
assert.equal(res.statusCode, 403);
const { response, body } = await helpers.loginUser('doesnotexist', 'nopassword');
assert.equal(response.statusCode, 403);
assert.equal(body, '[[error:invalid-login-credentials]]');
});
it('should fail to login if username is empty', async () => {
const { res, body } = await helpers.loginUser('', 'some password');
assert.equal(res.statusCode, 403);
const { response, body } = await helpers.loginUser('', 'some password');
assert.equal(response.statusCode, 403);
assert.equal(body, '[[error:invalid-username-or-password]]');
});
it('should fail to login if password is empty', async () => {
const { res, body } = await helpers.loginUser('someuser', '');
assert.equal(res.statusCode, 403);
const { response, body } = await helpers.loginUser('someuser', '');
assert.equal(response.statusCode, 403);
assert.equal(body, '[[error:invalid-username-or-password]]');
});
it('should fail to login if username and password are empty', async () => {
const { res, body } = await helpers.loginUser('', '');
assert.equal(res.statusCode, 403);
const { response, body } = await helpers.loginUser('', '');
assert.equal(response.statusCode, 403);
assert.equal(body, '[[error:invalid-username-or-password]]');
});
it('should fail to login if user does not have password field in db', async () => {
await user.create({ username: 'hasnopassword', email: 'no@pass.org' });
const { res, body } = await helpers.loginUser('hasnopassword', 'doesntmatter');
assert.equal(res.statusCode, 403);
const { response, body } = await helpers.loginUser('hasnopassword', 'doesntmatter');
assert.equal(response.statusCode, 403);
assert.equal(body, '[[error:invalid-login-credentials]]');
});
@@ -374,92 +322,74 @@ describe('authentication', () => {
for (let i = 0; i < 5000; i++) {
longPassword += 'a';
}
const { res, body } = await helpers.loginUser('someuser', longPassword);
assert.equal(res.statusCode, 403);
const { response, body } = await helpers.loginUser('someuser', longPassword);
assert.equal(response.statusCode, 403);
assert.equal(body, '[[error:password-too-long]]');
});
it('should fail to login if local login is disabled', async () => {
await privileges.global.rescind(['groups:local:login'], 'registered-users');
const { res, body } = await helpers.loginUser('regular', 'regularpwd');
assert.equal(res.statusCode, 403);
const { response, body } = await helpers.loginUser('regular', 'regularpwd');
assert.equal(response.statusCode, 403);
assert.equal(body, '[[error:local-login-disabled]]');
await privileges.global.give(['groups:local:login'], 'registered-users');
});
it('should fail to register if registraton is disabled', (done) => {
it('should fail to register if registraton is disabled', async () => {
meta.config.registrationType = 'disabled';
helpers.registerUser({
const { response, body } = await helpers.registerUser({
username: 'someuser',
password: 'somepassword',
}, (err, jar, response, body) => {
assert.ifError(err);
assert.equal(response.statusCode, 403);
assert.equal(body, 'Forbidden');
done();
});
assert.equal(response.statusCode, 403);
assert.equal(body, 'Forbidden');
});
it('should return error if invitation is not valid', (done) => {
it('should return error if invitation is not valid', async () => {
meta.config.registrationType = 'invite-only';
helpers.registerUser({
const { response, body } = await helpers.registerUser({
username: 'someuser',
password: 'somepassword',
}, (err, jar, response, body) => {
meta.config.registrationType = 'normal';
assert.ifError(err);
assert.equal(response.statusCode, 400);
assert.equal(body, '[[register:invite.error-invite-only]]');
done();
});
meta.config.registrationType = 'normal';
assert.equal(response.statusCode, 400);
assert.equal(body, '[[register:invite.error-invite-only]]');
});
it('should fail to register if username is falsy or too short', (done) => {
helpers.registerUser({
username: '',
password: 'somepassword',
}, (err, jar, response, body) => {
assert.ifError(err);
it('should fail to register if username is falsy or too short', async () => {
const userData = [
{ username: '', password: 'somepassword' },
{ username: 'a', password: 'somepassword' },
];
for (const user of userData) {
// eslint-disable-next-line no-await-in-loop
const { response, body } = await helpers.registerUser(user);
assert.equal(response.statusCode, 400);
assert.equal(body, '[[error:username-too-short]]');
helpers.registerUser({
username: 'a',
password: 'somepassword',
}, (err, jar, response, body) => {
assert.ifError(err);
assert.equal(response.statusCode, 400);
assert.equal(body, '[[error:username-too-short]]');
done();
});
});
}
});
it('should fail to register if username is too long', (done) => {
helpers.registerUser({
it('should fail to register if username is too long', async () => {
const { response, body } = await helpers.registerUser({
username: 'thisisareallylongusername',
password: '123456',
}, (err, jar, response, body) => {
assert.ifError(err);
assert.equal(response.statusCode, 400);
assert.equal(body, '[[error:username-too-long]]');
done();
});
assert.equal(response.statusCode, 400);
assert.equal(body, '[[error:username-too-long]]');
});
it('should queue user if ip is used before', (done) => {
it('should queue user if ip is used before', async () => {
meta.config.registrationApprovalType = 'admin-approval-ip';
helpers.registerUser({
const { response, body } = await helpers.registerUser({
email: 'another@user.com',
username: 'anotheruser',
password: 'anotherpwd',
gdpr_consent: 1,
}, (err, jar, response, body) => {
meta.config.registrationApprovalType = 'normal';
assert.ifError(err);
assert.equal(response.statusCode, 200);
assert.equal(body.message, '[[register:registration-added-to-queue]]');
done();
});
meta.config.registrationApprovalType = 'normal';
assert.equal(response.statusCode, 200);
assert.equal(body.message, '[[register:registration-added-to-queue]]');
});
@@ -468,41 +398,32 @@ describe('authentication', () => {
const uid = await user.create({ username: 'ginger', password: '123456', email });
await user.setUserField(uid, 'email', email);
await user.email.confirmByUid(uid);
const { res } = await helpers.loginUser('ginger@nodebb.org', '123456');
assert.equal(res.statusCode, 200);
const { response } = await helpers.loginUser('ginger@nodebb.org', '123456');
assert.equal(response.statusCode, 200);
});
it('should fail to login if login type is username and an email is sent', async () => {
meta.config.allowLoginWith = 'username';
const { res, body } = await helpers.loginUser('ginger@nodebb.org', '123456');
const { response, body } = await helpers.loginUser('ginger@nodebb.org', '123456');
meta.config.allowLoginWith = 'username-email';
assert.equal(res.statusCode, 400);
assert.equal(response.statusCode, 400);
assert.equal(body, '[[error:wrong-login-type-username]]');
});
it('should send 200 if not logged in', (done) => {
it('should send 200 if not logged in', async () => {
const jar = request.jar();
request({
url: `${nconf.get('url')}/api/config`,
json: true,
jar: jar,
}, (err, response, body) => {
assert.ifError(err);
const csrf_token = await helpers.getCsrfToken(jar);
request.post(`${nconf.get('url')}/logout`, {
form: {},
json: true,
jar: jar,
headers: {
'x-csrf-token': body.csrf_token,
},
}, (err, res, body) => {
assert.ifError(err);
assert.equal(res.statusCode, 200);
assert.equal(body, 'not-logged-in');
done();
});
const { response, body } = await request.post(`${nconf.get('url')}/logout`, {
data: {},
jar: jar,
headers: {
'x-csrf-token': csrf_token,
},
});
assert.equal(response.statusCode, 200);
assert.equal(body, 'not-logged-in');
});
describe('banned user authentication', () => {
@@ -518,7 +439,7 @@ describe('authentication', () => {
it('should prevent banned user from logging in', async () => {
await user.bans.ban(bannedUser.uid, 0, 'spammer');
const { res: res1, body: body1 } = await helpers.loginUser(bannedUser.username, bannedUser.pw);
const { response: res1, body: body1 } = await helpers.loginUser(bannedUser.username, bannedUser.pw);
assert.equal(res1.statusCode, 403);
delete body1.timestamp;
assert.deepStrictEqual(body1, {
@@ -532,7 +453,7 @@ describe('authentication', () => {
await user.bans.unban(bannedUser.uid);
const expiry = Date.now() + 10000;
await user.bans.ban(bannedUser.uid, expiry, '');
const { res: res2, body: body2 } = await helpers.loginUser(bannedUser.username, bannedUser.pw);
const { response: res2, body: body2 } = await helpers.loginUser(bannedUser.username, bannedUser.pw);
assert.equal(res2.statusCode, 403);
assert(body2.banned_until);
assert(body2.reason, '[[user:info.banned-no-reason]]');
@@ -540,15 +461,15 @@ describe('authentication', () => {
it('should allow banned user to log in if the "banned-users" group has "local-login" privilege', async () => {
await privileges.global.give(['groups:local:login'], 'banned-users');
const { res } = await helpers.loginUser(bannedUser.username, bannedUser.pw);
assert.strictEqual(res.statusCode, 200);
const { response } = await helpers.loginUser(bannedUser.username, bannedUser.pw);
assert.strictEqual(response.statusCode, 200);
});
it('should allow banned user to log in if the user herself has "local-login" privilege', async () => {
await privileges.global.rescind(['groups:local:login'], 'banned-users');
await privileges.categories.give(['local:login'], 0, bannedUser.uid);
const { res } = await helpers.loginUser(bannedUser.username, bannedUser.pw);
assert.strictEqual(res.statusCode, 200);
const { response } = await helpers.loginUser(bannedUser.username, bannedUser.pw);
assert.strictEqual(response.statusCode, 200);
});
});
@@ -561,10 +482,10 @@ describe('authentication', () => {
let data = await helpers.loginUser('lockme', 'abcdef');
meta.config.loginAttempts = 5;
assert.equal(data.res.statusCode, 403);
assert.equal(data.response.statusCode, 403);
assert.equal(data.body, '[[error:account-locked]]');
data = await helpers.loginUser('lockme', 'abcdef');
assert.equal(data.res.statusCode, 403);
assert.equal(data.response.statusCode, 403);
assert.equal(data.body, '[[error:account-locked]]');
const locked = await db.exists(`lockout:${uid}`);
assert(locked);
@@ -594,48 +515,47 @@ describe('authentication', () => {
});
it('should fail with invalid token', async () => {
const { res, body } = await helpers.request('get', `/api/self`, {
form: {
const { response, body } = await helpers.request('get', `/api/self`, {
data: {
_uid: newUid,
},
json: true,
jar: jar,
headers: {
Authorization: `Bearer sdfhaskfdja-jahfdaksdf`,
},
});
assert.strictEqual(res.statusCode, 401);
assert.strictEqual(response.statusCode, 401);
assert.strictEqual(body, 'not-authorized');
});
it('should use a token tied to an uid', async () => {
const { res, body } = await helpers.request('get', `/api/self`, {
const { response, body } = await helpers.request('get', `/api/self`, {
json: true,
headers: {
Authorization: `Bearer ${userToken}`,
},
});
assert.strictEqual(res.statusCode, 200);
assert.strictEqual(response.statusCode, 200);
assert.strictEqual(body.username, 'apiUserTarget');
});
it('should fail if _uid is not passed in with master token', async () => {
const { res, body } = await helpers.request('get', `/api/self`, {
form: {},
const { response, body } = await helpers.request('get', `/api/self`, {
data: {},
json: true,
headers: {
Authorization: `Bearer ${masterToken}`,
},
});
assert.strictEqual(res.statusCode, 500);
assert.strictEqual(response.statusCode, 500);
assert.strictEqual(body.error, '[[error:api.master-token-no-uid]]');
});
it('should use master api token and _uid', async () => {
const { res, body } = await helpers.request('get', `/api/self`, {
form: {
const { response, body } = await helpers.request('get', `/api/self`, {
data: {
_uid: newUid,
},
json: true,
@@ -644,7 +564,7 @@ describe('authentication', () => {
},
});
assert.strictEqual(res.statusCode, 200);
assert.strictEqual(response.statusCode, 200);
assert.strictEqual(body.username, 'apiUserTarget');
});
});

15
test/categories.js
View File

@@ -2,8 +2,8 @@
const assert = require('assert');
const nconf = require('nconf');
const request = require('request');
const request = require('../src/request');
const db = require('./mocks/databasemock');
const Categories = require('../src/categories');
const Topics = require('../src/topics');
@@ -76,14 +76,11 @@ describe('Categories', () => {
});
});
it('should load a category route', (done) => {
request(`${nconf.get('url')}/api/category/${categoryObj.cid}/test-category`, { json: true }, (err, response, body) => {
assert.ifError(err);
assert.equal(response.statusCode, 200);
assert.equal(body.name, 'Test Category &amp; NodeBB');
assert(body);
done();
});
it('should load a category route', async () => {
const { response, body } = await request.get(`${nconf.get('url')}/api/category/${categoryObj.cid}/test-category`, { json: true });
assert.equal(response.statusCode, 200);
assert.equal(body.name, 'Test Category &amp; NodeBB');
assert(body);
});
describe('Categories.getRecentTopicReplies', () => {

849
test/controllers-admin.js
View File

File diff suppressed because it is too large Load Diff

196
test/helpers/index.js
View File

@@ -1,23 +1,19 @@
'use strict';
const request = require('request');
const requestAsync = require('request-promise-native');
const nconf = require('nconf');
const fs = require('fs');
const path = require('path');
const winston = require('winston');
const utils = require('../../src/utils');
const request = require('../../src/request');
const helpers = module.exports;
helpers.getCsrfToken = async (jar) => {
const { csrf_token: token } = await requestAsync({
url: `${nconf.get('url')}/api/config`,
json: true,
const { body } = await request.get(`${nconf.get('url')}/api/config`, {
jar,
});
return token;
return body.csrf_token;
};
helpers.request = async function (method, uri, options) {
@@ -28,72 +24,43 @@ helpers.request = async function (method, uri, options) {
csrf_token = await helpers.getCsrfToken(options.jar);
}
return new Promise((resolve, reject) => {
options.headers = options.headers || {};
if (csrf_token) {
options.headers['x-csrf-token'] = csrf_token;
}
request[lowercaseMethod](`${nconf.get('url')}${uri}`, options, (err, res, body) => {
if (err) reject(err);
else resolve({ res, body });
});
});
options.headers = options.headers || {};
if (csrf_token) {
options.headers['x-csrf-token'] = csrf_token;
}
options.validateStatus = null;
const { response, body } = await request[lowercaseMethod](`${nconf.get('url')}${uri}`, options);
return { response, body };
};
helpers.loginUser = async (username, password, payload = {}) => {
const jar = request.jar();
const form = { username, password, ...payload };
const data = { username, password, ...payload };
const { statusCode, body: configBody } = await requestAsync({
url: `${nconf.get('url')}/api/config`,
json: true,
const csrf_token = await helpers.getCsrfToken(jar);
const { response, body } = await request.post(`${nconf.get('url')}/login`, {
data,
jar: jar,
followRedirect: false,
simple: false,
resolveWithFullResponse: true,
});
if (statusCode !== 200) {
throw new Error('[[error:invalid-response]]');
}
const { csrf_token } = configBody;
const res = await requestAsync.post(`${nconf.get('url')}/login`, {
form,
json: true,
jar: jar,
followRedirect: false,
simple: false,
resolveWithFullResponse: true,
validateStatus: () => true,
headers: {
'x-csrf-token': csrf_token,
},
});
return { jar, res, body: res.body, csrf_token: csrf_token };
return { jar, response, body, csrf_token };
};
helpers.logoutUser = function (jar, callback) {
request({
url: `${nconf.get('url')}/api/config`,
json: true,
jar: jar,
}, (err, response, body) => {
if (err) {
return callback(err, response, body);
}
request.post(`${nconf.get('url')}/logout`, {
form: {},
json: true,
jar: jar,
headers: {
'x-csrf-token': body.csrf_token,
},
}, (err, response, body) => {
callback(err, response, body);
});
helpers.logoutUser = async function (jar) {
const csrf_token = await helpers.getCsrfToken(jar);
const { response, body } = await request.post(`${nconf.get('url')}/logout`, {
data: {},
jar,
validateStatus: () => true,
headers: {
'x-csrf-token': csrf_token,
},
});
return { response, body };
};
helpers.connectSocketIO = function (res, csrf_token, callback) {
@@ -126,58 +93,46 @@ helpers.connectSocketIO = function (res, csrf_token, callback) {
});
};
helpers.uploadFile = function (uploadEndPoint, filePath, body, jar, csrf_token, callback) {
let formData = {
files: [
fs.createReadStream(filePath),
],
};
formData = utils.merge(formData, body);
request.post({
url: uploadEndPoint,
formData: formData,
json: true,
helpers.uploadFile = async function (uploadEndPoint, filePath, data, jar, csrf_token) {
const FormData = require('form-data');
const form = new FormData();
form.append('files', fs.createReadStream(filePath), path.basename(filePath));
if (data && data.params) {
form.append('params', data.params);
}
const { response, body } = await request.post(uploadEndPoint, {
data: form,
jar: jar,
validateStatus: null,
headers: {
'x-csrf-token': csrf_token,
...form.getHeaders(),
},
});
if (response.status !== 200) {
winston.error(JSON.stringify(data));
}
return { response, body };
};
helpers.registerUser = async function (data) {
const jar = request.jar();
const csrf_token = await helpers.getCsrfToken(jar);
if (!data.hasOwnProperty('password-confirm')) {
data['password-confirm'] = data.password;
}
const { response, body } = await request.post(`${nconf.get('url')}/register`, {
data,
jar,
validateStatus: () => true,
headers: {
'x-csrf-token': csrf_token,
},
}, (err, res, body) => {
if (err) {
return callback(err);
}
if (res.statusCode !== 200) {
winston.error(JSON.stringify(body));
}
callback(null, res, body);
});
};
helpers.registerUser = function (data, callback) {
const jar = request.jar();
request({
url: `${nconf.get('url')}/api/config`,
json: true,
jar: jar,
}, (err, response, body) => {
if (err) {
return callback(err);
}
if (!data.hasOwnProperty('password-confirm')) {
data['password-confirm'] = data.password;
}
request.post(`${nconf.get('url')}/register`, {
form: data,
json: true,
jar: jar,
headers: {
'x-csrf-token': body.csrf_token,
},
}, (err, response, body) => {
callback(err, jar, response, body);
});
});
return { jar, response, body };
};
// http://stackoverflow.com/a/14387791/583363
@@ -205,37 +160,34 @@ helpers.copyFile = function (source, target, callback) {
}
};
helpers.invite = async function (body, uid, jar, csrf_token) {
console.log('making call');
const res = await requestAsync.post(`${nconf.get('url')}/api/v3/users/${uid}/invites`, {
helpers.invite = async function (data, uid, jar, csrf_token) {
const { response, body } = await request.post(`${nconf.get('url')}/api/v3/users/${uid}/invites`, {
jar: jar,
// using "form" since client "api" module make requests with "application/x-www-form-urlencoded" content-type
form: body,
// form: body,
data: data,
headers: {
'x-csrf-token': csrf_token,
},
simple: false,
resolveWithFullResponse: true,
validateStatus: null,
});
console.log(res.statusCode, res.body);
console.log(response.status, body);
res.body = JSON.parse(res.body);
return { res, body };
// res.body = JSON.parse(res.body);
return { response, body };
};
helpers.createFolder = function (path, folderName, jar, csrf_token) {
return requestAsync.put(`${nconf.get('url')}/api/v3/files/folder`, {
helpers.createFolder = async function (path, folderName, jar, csrf_token) {
return await request.put(`${nconf.get('url')}/api/v3/files/folder`, {
jar,
body: {
data: {
path,
folderName,
},
json: true,
headers: {
'x-csrf-token': csrf_token,
},
simple: false,
resolveWithFullResponse: true,
validateStatus: null,
});
};