diff --git a/install/package.json b/install/package.json index 3f07a05609..455044938e 100644 --- a/install/package.json +++ b/install/package.json @@ -38,6 +38,7 @@ "archiver": "6.0.1", "async": "3.2.5", "autoprefixer": "10.4.16", + "axios": "1.6.2", "bcryptjs": "2.4.3", "benchpressjs": "2.5.1", "body-parser": "1.20.2", @@ -68,6 +69,7 @@ "express-session": "1.17.3", "express-useragent": "1.0.15", "file-loader": "6.2.0", + "form-data": "4.0.0", "fs-extra": "11.2.0", "graceful-fs": "4.2.11", "helmet": "7.1.0", @@ -119,8 +121,6 @@ "progress-webpack-plugin": "1.0.16", "prompt": "1.3.0", "ioredis": "5.3.2", - "request": "2.88.2", - "request-promise-native": "1.0.9", "rimraf": "5.0.5", "rss": "1.2.2", "rtlcss": "4.1.1", diff --git a/src/admin/versions.js b/src/admin/versions.js index aeb3e7e21c..327abade74 100644 --- a/src/admin/versions.js +++ b/src/admin/versions.js @@ -1,15 +1,16 @@ 'use strict'; -const request = require('request'); - +const request = require('../request'); const meta = require('../meta'); let versionCache = ''; let versionCacheLastModified = ''; const isPrerelease = /^v?\d+\.\d+\.\d+-.+$/; +const latestReleaseUrl = 'https://api.github.com/repos/NodeBB/NodeBB/releases/latest'; -function getLatestVersion(callback) { +async function getLatestVersion() { + return ''; const headers = { Accept: 'application/vnd.github.v3+json', 'User-Agent': encodeURIComponent(`NodeBB Admin Control Panel/${meta.config.title}`), @@ -18,32 +19,25 @@ function getLatestVersion(callback) { if (versionCacheLastModified) { headers['If-Modified-Since'] = versionCacheLastModified; } - - request('https://api.github.com/repos/NodeBB/NodeBB/releases/latest', { - json: true, - headers: headers, - timeout: 2000, - }, (err, res, latestRelease) => { - if (err) { - return callback(err); - } - - if (res.statusCode === 304) { - return callback(null, versionCache); - } - - if (res.statusCode !== 200) { - return callback(new Error(res.statusMessage)); - } + try { + const { body: latestRelease, response } = await request.get(latestReleaseUrl, { + headers: headers, + timeout: 2000, + }); if (!latestRelease || !latestRelease.tag_name) { - return callback(new Error('[[error:cant-get-latest-release]]')); + throw new Error('[[error:cant-get-latest-release]]'); } const tagName = latestRelease.tag_name.replace(/^v/, ''); versionCache = tagName; - versionCacheLastModified = res.headers['last-modified']; - callback(null, versionCache); - }); + versionCacheLastModified = response.headers['last-modified']; + return versionCache; + } catch (err) { + if (err.response && err.response.status === 304) { + return versionCache; + } + throw err; + } } exports.getLatestVersion = getLatestVersion; diff --git a/src/cli/upgrade-plugins.js b/src/cli/upgrade-plugins.js index 2c76a6c5b1..0d2c7281f8 100644 --- a/src/cli/upgrade-plugins.js +++ b/src/cli/upgrade-plugins.js @@ -1,13 +1,13 @@ 'use strict'; const prompt = require('prompt'); -const request = require('request-promise-native'); const cproc = require('child_process'); const semver = require('semver'); const fs = require('fs'); const path = require('path'); const chalk = require('chalk'); +const request = require('../request'); const { paths, pluginNamePattern } = require('../constants'); const pkgInstall = require('./package-install'); @@ -74,11 +74,7 @@ async function getCurrentVersion() { } async function getSuggestedModules(nbbVersion, toCheck) { - let body = await request({ - method: 'GET', - url: `https://packages.nodebb.org/api/v1/suggest?version=${nbbVersion}&package[]=${toCheck.join('&package[]=')}`, - json: true, - }); + let { body } = await request.get(`https://packages.nodebb.org/api/v1/suggest?version=${nbbVersion}&package[]=${toCheck.join('&package[]=')}`); if (!Array.isArray(body) && toCheck.length === 1) { body = [body]; } diff --git a/src/middleware/maintenance.js b/src/middleware/maintenance.js index 73d0c077d6..3bdc2a8940 100644 --- a/src/middleware/maintenance.js +++ b/src/middleware/maintenance.js @@ -39,7 +39,7 @@ module.exports = function (middleware) { const data = { site_title: meta.config.title || 'NodeBB', - message: meta.config.maintenanceModeMessage, + message: meta.config.maintenanceModeMessage || '', }; if (res.locals.isAPI) { diff --git a/src/plugins/index.js b/src/plugins/index.js index be634bb8fa..96cbdf47a9 100644 --- a/src/plugins/index.js +++ b/src/plugins/index.js @@ -6,8 +6,8 @@ const winston = require('winston'); const semver = require('semver'); const nconf = require('nconf'); const chalk = require('chalk'); -const request = require('request-promise-native'); +const request = require('../request'); const user = require('../user'); const posts = require('../posts'); @@ -153,9 +153,7 @@ Plugins.reloadRoutes = async function (params) { Plugins.get = async function (id) { const url = `${nconf.get('registry') || 'https://packages.nodebb.org'}/api/v1/plugins/${id}`; - const body = await request(url, { - json: true, - }); + const { body } = await request.get(url); let normalised = await Plugins.normalise([body ? body.payload : {}]); normalised = normalised.filter(plugin => plugin.id === id); @@ -169,9 +167,7 @@ Plugins.list = async function (matching) { const { version } = require(paths.currentPackage); const url = `${nconf.get('registry') || 'https://packages.nodebb.org'}/api/v1/plugins${matching !== false ? `?version=${version}` : ''}`; try { - const body = await request(url, { - json: true, - }); + const { body } = await request.get(url); return await Plugins.normalise(body); } catch (err) { winston.error(`Error loading ${url}`, err); @@ -181,9 +177,8 @@ Plugins.list = async function (matching) { Plugins.listTrending = async () => { const url = `${nconf.get('registry') || 'https://packages.nodebb.org'}/api/v1/analytics/top/week`; - return await request(url, { - json: true, - }); + const { body } = await request.get(url); + return body; }; Plugins.normalise = async function (apiReturn) { diff --git a/src/plugins/install.js b/src/plugins/install.js index 82b078403e..c9ebe88fc3 100644 --- a/src/plugins/install.js +++ b/src/plugins/install.js @@ -7,8 +7,8 @@ const nconf = require('nconf'); const os = require('os'); const cproc = require('child_process'); const util = require('util'); -const request = require('request-promise-native'); +const request = require('../request'); const db = require('../database'); const meta = require('../meta'); const pubsub = require('../pubsub'); @@ -74,11 +74,7 @@ module.exports = function (Plugins) { }; Plugins.checkWhitelist = async function (id, version) { - const body = await request({ - method: 'GET', - url: `https://packages.nodebb.org/api/v1/plugins/${encodeURIComponent(id)}`, - json: true, - }); + const { body } = await request.get(`https://packages.nodebb.org/api/v1/plugins/${encodeURIComponent(id)}`); if (body && body.code === 'ok' && (version === 'latest' || body.payload.valid.includes(version))) { return; @@ -88,11 +84,7 @@ module.exports = function (Plugins) { }; Plugins.suggest = async function (pluginId, nbbVersion) { - const body = await request({ - method: 'GET', - url: `https://packages.nodebb.org/api/v1/suggest?package=${encodeURIComponent(pluginId)}&version=${encodeURIComponent(nbbVersion)}`, - json: true, - }); + const { body } = await request.get(`https://packages.nodebb.org/api/v1/suggest?package=${encodeURIComponent(pluginId)}&version=${encodeURIComponent(nbbVersion)}`); return body; }; diff --git a/src/plugins/usage.js b/src/plugins/usage.js index 43a66f2b54..a5e990ce05 100644 --- a/src/plugins/usage.js +++ b/src/plugins/usage.js @@ -1,48 +1,45 @@ 'use strict'; const nconf = require('nconf'); -const request = require('request'); const winston = require('winston'); const crypto = require('crypto'); const cronJob = require('cron').CronJob; +const request = require('../request'); const pkg = require('../../package.json'); const meta = require('../meta'); module.exports = function (Plugins) { Plugins.startJobs = function () { - new cronJob('0 0 0 * * *', (() => { - Plugins.submitUsageData(); + new cronJob('0 0 0 * * *', (async () => { + await Plugins.submitUsageData(); }), null, true); }; - Plugins.submitUsageData = function (callback) { - callback = callback || function () {}; + Plugins.submitUsageData = async function () { if (!meta.config.submitPluginUsage || !Plugins.loadedPlugins.length || global.env !== 'production') { - return callback(); + return; } const hash = crypto.createHash('sha256'); hash.update(nconf.get('url')); - request.post(`${nconf.get('registry') || 'https://packages.nodebb.org'}/api/v1/plugin/usage`, { - form: { - id: hash.digest('hex'), - version: pkg.version, - plugins: Plugins.loadedPlugins, - }, - timeout: 5000, - }, (err, res, body) => { - if (err) { - winston.error(err.stack); - return callback(err); + const url = `${nconf.get('registry') || 'https://packages.nodebb.org'}/api/v1/plugin/usage`; + try { + const { response, body } = await request.post(url, { + data: { + id: hash.digest('hex'), + version: pkg.version, + plugins: Plugins.loadedPlugins, + }, + timeout: 5000, + }); + console.log(response, body); + if (response.status !== 200) { + winston.error(`[plugins.submitUsageData] received ${response.status} ${body}`); } - if (res.statusCode !== 200) { - winston.error(`[plugins.submitUsageData] received ${res.statusCode} ${body}`); - callback(new Error(`[[error:nbbpm-${res.statusCode}]]`)); - } else { - callback(); - } - }); + } catch (err) { + winston.error(err.stack); + } }; }; diff --git a/src/request.js b/src/request.js new file mode 100644 index 0000000000..4e90573bc9 --- /dev/null +++ b/src/request.js @@ -0,0 +1,50 @@ +'use strict'; + +const axios = require('axios').default; +const { CookieJar } = require('tough-cookie'); +const { wrapper } = require('axios-cookiejar-support'); + +wrapper(axios); + +exports.jar = function () { + return new CookieJar(); +}; + +async function call(url, method, config = {}) { + const result = await axios({ + ...config, + method, + url: url, + }); + + return { + body: result.data, + response: { + status: result.status, + statusCode: result.status, + statusText: result.statusText, + headers: result.headers, + }, + }; +} + +/* +const { body, response } = await request.get('someurl?foo=1&baz=2') +or +const { body, response } = await request.get('someurl', { params: { foo:1, baz: 2 } }) +*/ +exports.get = async (url, config) => call(url, 'get', config); + +exports.head = async (url, config) => call(url, 'head', config); +exports.del = async (url, config) => call(url, 'delete', config); +exports.delete = exports.del; +exports.options = async (url, config) => call(url, 'delete', config); + +/* +const { body, response } = await request.post('someurl', { data: { foo: 1, baz: 2}}) +*/ +exports.post = async (url, config) => call(url, 'post', config); +exports.put = async (url, config) => call(url, 'put', config); +exports.patch = async (url, config) => call(url, 'patch', config); + + diff --git a/src/socket.io/admin.js b/src/socket.io/admin.js index e5efe90482..6e5093d9a1 100644 --- a/src/socket.io/admin.js +++ b/src/socket.io/admin.js @@ -100,8 +100,8 @@ SocketAdmin.getSearchDict = async function (socket) { return await getAdminSearchDict(lang); }; -SocketAdmin.deleteAllSessions = function (socket, data, callback) { - user.auth.deleteAllSessions(callback); +SocketAdmin.deleteAllSessions = async function () { + await user.auth.deleteAllSessions(); }; SocketAdmin.reloadAllSessions = function (socket, data, callback) { diff --git a/test/api.js b/test/api.js index e3d420c83a..64e7d6910c 100644 --- a/test/api.js +++ b/test/api.js @@ -5,13 +5,13 @@ const assert = require('assert'); const path = require('path'); const fs = require('fs'); const SwaggerParser = require('@apidevtools/swagger-parser'); -const request = require('request-promise-native'); const nconf = require('nconf'); const jwt = require('jsonwebtoken'); const util = require('util'); const wait = util.promisify(setTimeout); +const request = require('../src/request'); const db = require('./mocks/databasemock'); const helpers = require('./helpers'); const meta = require('../src/meta'); @@ -314,12 +314,7 @@ describe('API', async () => { ({ jar } = await helpers.loginUser('admin', '123456')); // Retrieve CSRF token using cookie, to test Write API - const config = await request({ - url: `${nconf.get('url')}/api/config`, - json: true, - jar: jar, - }); - csrfToken = config.csrf_token; + csrfToken = await helpers.getCsrfToken(jar); setup = true; } @@ -409,7 +404,7 @@ describe('API', async () => { paths.forEach((path) => { const context = api.paths[path]; let schema; - let response; + let result; let url; let method; const headers = {}; @@ -498,26 +493,16 @@ describe('API', async () => { try { if (type === 'json') { - response = await request(url, { - method: method, + result = await request[method](url, { jar: !unauthenticatedRoutes.includes(path) ? jar : undefined, - json: true, - followRedirect: false, // all responses are significant (e.g. 302) - simple: false, // don't throw on non-200 (e.g. 302) - resolveWithFullResponse: true, // send full request back (to check statusCode) + maxRedirects: 0, + validateStatus: null, // don't throw on non-200 (e.g. 302) headers: headers, - qs: qs, - body: body, + params: qs, + data: body, }); } else if (type === 'form') { - response = await new Promise((resolve, reject) => { - helpers.uploadFile(url, pathLib.join(__dirname, './files/test.png'), {}, jar, csrfToken, (err, res) => { - if (err) { - return reject(err); - } - resolve(res); - }); - }); + result = await helpers.uploadFile(url, pathLib.join(__dirname, './files/test.png'), {}, jar, csrfToken); } } catch (e) { assert(!e, `${method.toUpperCase()} ${path} errored with: ${e.message}`); @@ -526,13 +511,18 @@ describe('API', async () => { it('response status code should match one of the schema defined responses', () => { // HACK: allow HTTP 418 I am a teapot, for now 👇 - assert(context[method].responses.hasOwnProperty('418') || Object.keys(context[method].responses).includes(String(response.statusCode)), `${method.toUpperCase()} ${path} sent back unexpected HTTP status code: ${response.statusCode}`); + const { responses } = context[method]; + assert( + responses.hasOwnProperty('418') || + Object.keys(responses).includes(String(result.response.statusCode)), + `${method.toUpperCase()} ${path} sent back unexpected HTTP status code: ${result.response.statusCode}` + ); }); // Recursively iterate through schema properties, comparing type it('response body should match schema definition', () => { const http302 = context[method].responses['302']; - if (http302 && response.statusCode === 302) { + if (http302 && result.response.statusCode === 302) { // Compare headers instead const expectedHeaders = Object.keys(http302.headers).reduce((memo, name) => { const value = http302.headers[name].schema.example; @@ -541,13 +531,13 @@ describe('API', async () => { }, {}); for (const header of Object.keys(expectedHeaders)) { - assert(response.headers[header.toLowerCase()]); - assert.strictEqual(response.headers[header.toLowerCase()], expectedHeaders[header]); + assert(result.response.headers[header.toLowerCase()]); + assert.strictEqual(result.response.headers[header.toLowerCase()], expectedHeaders[header]); } return; } - if (response.statusCode === 400 && context[method].responses['400']) { + if (result.response.statusCode === 400 && context[method].responses['400']) { // TODO: check 400 schema to response.body? return; } @@ -557,12 +547,12 @@ describe('API', async () => { return; } - assert.strictEqual(response.statusCode, 200, `HTTP 200 expected (path: ${method} ${path}`); + assert.strictEqual(result.response.statusCode, 200, `HTTP 200 expected (path: ${method} ${path}`); const hasJSON = http200.content && http200.content['application/json']; if (hasJSON) { schema = context[method].responses['200'].content['application/json'].schema; - compare(schema, response.body, method.toUpperCase(), path, 'root'); + compare(schema, result.body, method.toUpperCase(), path, 'root'); } // TODO someday: text/csv, binary file type checking? @@ -576,12 +566,7 @@ describe('API', async () => { mocks.delete['/users/{uid}/sessions/{uuid}'][1].example = Object.keys(sessionUUIDs).pop(); // Retrieve CSRF token using cookie, to test Write API - const config = await request({ - url: `${nconf.get('url')}/api/config`, - json: true, - jar: jar, - }); - csrfToken = config.csrf_token; + csrfToken = await helpers.getCsrfToken(jar); } }); }); diff --git a/test/authentication.js b/test/authentication.js index 8f0ba9389c..74ad9ce308 100644 --- a/test/authentication.js +++ b/test/authentication.js @@ -3,12 +3,9 @@ const assert = require('assert'); const url = require('url'); -const async = require('async'); const nconf = require('nconf'); -const request = require('request'); -const requestAsync = require('request-promise-native'); -const util = require('util'); +const request = require('../src/request'); const db = require('./mocks/databasemock'); const user = require('../src/user'); const utils = require('../src/utils'); @@ -45,8 +42,8 @@ describe('authentication', () => { it('should allow login with email for uid 1', async () => { const oldValue = meta.config.allowLoginWith; meta.config.allowLoginWith = 'username-email'; - const { res } = await helpers.loginUser('regular@nodebb.org', 'regularpwd'); - assert.strictEqual(res.statusCode, 200); + const { response } = await helpers.loginUser('regular@nodebb.org', 'regularpwd'); + assert.strictEqual(response.statusCode, 200); meta.config.allowLoginWith = oldValue; }); @@ -54,150 +51,113 @@ describe('authentication', () => { const oldValue = meta.config.allowLoginWith; meta.config.allowLoginWith = 'username-email'; const uid = await user.create({ username: '2nduser', password: '2ndpassword', email: '2nduser@nodebb.org' }); - const { res, body } = await helpers.loginUser('2nduser@nodebb.org', '2ndpassword'); - assert.strictEqual(res.statusCode, 403); + const { response, body } = await helpers.loginUser('2nduser@nodebb.org', '2ndpassword'); + assert.strictEqual(response.statusCode, 403); assert.strictEqual(body, '[[error:invalid-login-credentials]]'); meta.config.allowLoginWith = oldValue; }); - it('should fail to create user if username is too short', (done) => { - helpers.registerUser({ + it('should fail to create user if username is too short', async () => { + const { response, body } = await helpers.registerUser({ username: 'a', password: '123456', - }, (err, jar, response, body) => { - assert.ifError(err); - assert.equal(response.statusCode, 400); - assert.equal(body, '[[error:username-too-short]]'); - done(); }); + assert.equal(response.statusCode, 400); + assert.equal(body, '[[error:username-too-short]]'); }); - it('should fail to create user if userslug is too short', (done) => { - helpers.registerUser({ + it('should fail to create user if userslug is too short', async () => { + const { response, body } = await helpers.registerUser({ username: '----a-----', password: '123456', - }, (err, jar, response, body) => { - assert.ifError(err); - assert.equal(response.statusCode, 400); - assert.equal(body, '[[error:username-too-short]]'); - done(); }); + assert.equal(response.statusCode, 400); + assert.equal(body, '[[error:username-too-short]]'); }); - it('should fail to create user if userslug is too short', (done) => { - helpers.registerUser({ + it('should fail to create user if userslug is too short', async () => { + const { response, body } = await helpers.registerUser({ username: ' a', password: '123456', - }, (err, jar, response, body) => { - assert.ifError(err); - assert.equal(response.statusCode, 400); - assert.equal(body, '[[error:username-too-short]]'); - done(); }); + assert.equal(response.statusCode, 400); + assert.equal(body, '[[error:username-too-short]]'); }); - it('should fail to create user if userslug is too short', (done) => { - helpers.registerUser({ + it('should fail to create user if userslug is too short', async () => { + const { response, body } = await helpers.registerUser({ username: 'a ', password: '123456', - }, (err, jar, response, body) => { - assert.ifError(err); - assert.equal(response.statusCode, 400); - assert.equal(body, '[[error:username-too-short]]'); - done(); }); + assert.equal(response.statusCode, 400); + assert.equal(body, '[[error:username-too-short]]'); }); - it('should register and login a user', (done) => { - request({ - url: `${nconf.get('url')}/api/config`, - json: true, + it('should register and login a user', async () => { + const jar = request.jar(); + const csrf_token = await helpers.getCsrfToken(jar); + + const { body } = await request.post(`${nconf.get('url')}/register`, { + jar, + data: { + email: 'admin@nodebb.org', + username: 'admin', + password: 'adminpwd', + 'password-confirm': 'adminpwd', + userLang: 'it', + gdpr_consent: true, + }, + headers: { + 'x-csrf-token': csrf_token, + }, + }); + + const validationPending = await user.email.isValidationPending(body.uid, 'admin@nodebb.org'); + assert.strictEqual(validationPending, true); + + assert(body); + assert(body.hasOwnProperty('uid') && body.uid > 0); + const newUid = body.uid; + const { body: self } = await request.get(`${nconf.get('url')}/api/self`, { + jar, + }); + assert(self); + assert.equal(self.username, 'admin'); + assert.equal(self.uid, newUid); + const settings = await user.getSettings(body.uid); + assert.equal(settings.userLang, 'it'); + }); + + it('should logout a user', async () => { + await helpers.logoutUser(jar); + + const { response, body } = await request.get(`${nconf.get('url')}/api/me`, { jar: jar, - }, (err, response, body) => { - assert.ifError(err); - - request.post(`${nconf.get('url')}/register`, { - form: { - email: 'admin@nodebb.org', - username: 'admin', - password: 'adminpwd', - 'password-confirm': 'adminpwd', - userLang: 'it', - gdpr_consent: true, - }, - json: true, - jar: jar, - headers: { - 'x-csrf-token': body.csrf_token, - }, - }, async (err, response, body) => { - const validationPending = await user.email.isValidationPending(body.uid, 'admin@nodebb.org'); - assert.strictEqual(validationPending, true); - assert.ifError(err); - assert(body); - assert(body.hasOwnProperty('uid') && body.uid > 0); - const newUid = body.uid; - request({ - url: `${nconf.get('url')}/api/self`, - json: true, - jar: jar, - }, (err, response, body) => { - assert.ifError(err); - assert(body); - assert.equal(body.username, 'admin'); - assert.equal(body.uid, newUid); - user.getSettings(body.uid, (err, settings) => { - assert.ifError(err); - assert.equal(settings.userLang, 'it'); - done(); - }); - }); - }); - }); - }); - - it('should logout a user', (done) => { - helpers.logoutUser(jar, (err) => { - assert.ifError(err); - request({ - url: `${nconf.get('url')}/api/me`, - json: true, - jar: jar, - }, (err, res, body) => { - assert.ifError(err); - assert.equal(res.statusCode, 401); - assert.strictEqual(body.status.code, 'not-authorised'); - done(); - }); + validateStatus: null, }); + assert.equal(response.statusCode, 401); + assert.strictEqual(body.status.code, 'not-authorised'); }); it('should regenerate the session identifier on successful login', async () => { const matchRegexp = /express\.sid=s%3A(.+?);/; const { hostname, path } = url.parse(nconf.get('url')); - - const sid = String(jar._jar.store.idx[hostname][path]['express.sid']).match(matchRegexp)[1]; + const sid = String(jar.store.idx[hostname][path]['express.sid']).match(matchRegexp)[1]; await helpers.logoutUser(jar); const newJar = (await helpers.loginUser('regular', 'regularpwd')).jar; - const newSid = String(newJar._jar.store.idx[hostname][path]['express.sid']).match(matchRegexp)[1]; + const newSid = String(newJar.store.idx[hostname][path]['express.sid']).match(matchRegexp)[1]; assert.notStrictEqual(newSid, sid); }); - it('should revoke all sessions', (done) => { + + it('should revoke all sessions', async () => { const socketAdmin = require('../src/socket.io/admin'); - db.sortedSetCard(`uid:${regularUid}:sessions`, (err, count) => { - assert.ifError(err); - assert(count); - socketAdmin.deleteAllSessions({ uid: 1 }, {}, (err) => { - assert.ifError(err); - db.sortedSetCard(`uid:${regularUid}:sessions`, (err, count) => { - assert.ifError(err); - assert(!count); - done(); - }); - }); - }); + let sessionCount = await db.sortedSetCard(`uid:${regularUid}:sessions`); + assert(sessionCount); + await socketAdmin.deleteAllSessions({ uid: 1 }, {}); + sessionCount = await db.sortedSetCard(`uid:${regularUid}:sessions`); + assert(!sessionCount); }); describe('login', () => { @@ -205,11 +165,12 @@ describe('authentication', () => { let password; let uid; - function getCookieExpiry(res) { - assert(res.headers['set-cookie']); - assert.strictEqual(res.headers['set-cookie'][0].includes('Expires'), true); + function getCookieExpiry(response) { + const { headers } = response; + assert(headers['set-cookie']); + assert.strictEqual(headers['set-cookie'][0].includes('Expires'), true); - const values = res.headers['set-cookie'][0].split(';'); + const values = headers['set-cookie'][0].split(';'); return values.reduce((memo, cur) => { if (!memo) { const [name, value] = cur.split('='); @@ -230,9 +191,7 @@ describe('authentication', () => { it('should login a user', async () => { const { jar, body: loginBody } = await helpers.loginUser(username, password); assert(loginBody); - const body = await requestAsync({ - url: `${nconf.get('url')}/api/self`, - json: true, + const { body } = await request.get(`${nconf.get('url')}/api/self`, { jar, }); assert(body); @@ -243,11 +202,11 @@ describe('authentication', () => { }); it('should set a cookie that only lasts for the life of the browser session', async () => { - const { res } = await helpers.loginUser(username, password); + const { response } = await helpers.loginUser(username, password); - assert(res.headers); - assert(res.headers['set-cookie']); - assert.strictEqual(res.headers['set-cookie'][0].includes('Expires'), false); + assert(response.headers); + assert(response.headers['set-cookie']); + assert.strictEqual(response.headers['set-cookie'][0].includes('Expires'), false); }); it('should set a different expiry if sessionDuration is set', async () => { @@ -255,9 +214,9 @@ describe('authentication', () => { const days = 1; meta.config.sessionDuration = days * 24 * 60 * 60; - const { res } = await helpers.loginUser(username, password); + const { response } = await helpers.loginUser(username, password); - const expiry = getCookieExpiry(res); + const expiry = getCookieExpiry(response); const expected = new Date(); expected.setUTCDate(expected.getUTCDate() + days); @@ -267,9 +226,9 @@ describe('authentication', () => { }); it('should set a cookie that lasts for x days where x is loginDays setting, if asked to remember', async () => { - const { res } = await helpers.loginUser(username, password, { remember: 'on' }); + const { response } = await helpers.loginUser(username, password, { remember: 'on' }); - const expiry = getCookieExpiry(res); + const expiry = getCookieExpiry(response); const expected = new Date(); expected.setUTCDate(expected.getUTCDate() + meta.config.loginDays); @@ -280,9 +239,9 @@ describe('authentication', () => { const _loginDays = meta.config.loginDays; meta.config.loginDays = 5; - const { res } = await helpers.loginUser(username, password, { remember: 'on' }); + const { response } = await helpers.loginUser(username, password, { remember: 'on' }); - const expiry = getCookieExpiry(res); + const expiry = getCookieExpiry(response); const expected = new Date(); expected.setUTCDate(expected.getUTCDate() + meta.config.loginDays); @@ -295,9 +254,9 @@ describe('authentication', () => { const _loginSeconds = meta.config.loginSeconds; meta.config.loginSeconds = 60; - const { res } = await helpers.loginUser(username, password, { remember: 'on' }); + const { response } = await helpers.loginUser(username, password, { remember: 'on' }); - const expiry = getCookieExpiry(res); + const expiry = getCookieExpiry(response); const expected = new Date(); expected.setUTCSeconds(expected.getUTCSeconds() + meta.config.loginSeconds); @@ -308,64 +267,53 @@ describe('authentication', () => { }); }); - it('should fail to login if ip address is invalid', (done) => { + it('should fail to login if ip address is invalid', async () => { const jar = request.jar(); - request({ - url: `${nconf.get('url')}/api/config`, - json: true, - jar: jar, - }, (err, response, body) => { - if (err) { - return done(err); - } + const csrf_token = await helpers.getCsrfToken(jar); - request.post(`${nconf.get('url')}/login`, { - form: { - username: 'regular', - password: 'regularpwd', - }, - json: true, - jar: jar, - headers: { - 'x-csrf-token': body.csrf_token, - 'x-forwarded-for': '', - }, - }, (err, response, body) => { - assert.ifError(err); - assert.equal(response.statusCode, 500); - done(); - }); + const { response } = await request.post(`${nconf.get('url')}/login`, { + data: { + username: 'regular', + password: 'regularpwd', + }, + jar: jar, + validateStatus: () => true, + headers: { + 'x-csrf-token': csrf_token, + 'x-forwarded-for': '', + }, }); + assert.equal(response.status, 500); }); it('should fail to login if user does not exist', async () => { - const { res, body } = await helpers.loginUser('doesnotexist', 'nopassword'); - assert.equal(res.statusCode, 403); + const { response, body } = await helpers.loginUser('doesnotexist', 'nopassword'); + assert.equal(response.statusCode, 403); assert.equal(body, '[[error:invalid-login-credentials]]'); }); it('should fail to login if username is empty', async () => { - const { res, body } = await helpers.loginUser('', 'some password'); - assert.equal(res.statusCode, 403); + const { response, body } = await helpers.loginUser('', 'some password'); + assert.equal(response.statusCode, 403); assert.equal(body, '[[error:invalid-username-or-password]]'); }); it('should fail to login if password is empty', async () => { - const { res, body } = await helpers.loginUser('someuser', ''); - assert.equal(res.statusCode, 403); + const { response, body } = await helpers.loginUser('someuser', ''); + assert.equal(response.statusCode, 403); assert.equal(body, '[[error:invalid-username-or-password]]'); }); it('should fail to login if username and password are empty', async () => { - const { res, body } = await helpers.loginUser('', ''); - assert.equal(res.statusCode, 403); + const { response, body } = await helpers.loginUser('', ''); + assert.equal(response.statusCode, 403); assert.equal(body, '[[error:invalid-username-or-password]]'); }); it('should fail to login if user does not have password field in db', async () => { await user.create({ username: 'hasnopassword', email: 'no@pass.org' }); - const { res, body } = await helpers.loginUser('hasnopassword', 'doesntmatter'); - assert.equal(res.statusCode, 403); + const { response, body } = await helpers.loginUser('hasnopassword', 'doesntmatter'); + assert.equal(response.statusCode, 403); assert.equal(body, '[[error:invalid-login-credentials]]'); }); @@ -374,92 +322,74 @@ describe('authentication', () => { for (let i = 0; i < 5000; i++) { longPassword += 'a'; } - const { res, body } = await helpers.loginUser('someuser', longPassword); - assert.equal(res.statusCode, 403); + const { response, body } = await helpers.loginUser('someuser', longPassword); + assert.equal(response.statusCode, 403); assert.equal(body, '[[error:password-too-long]]'); }); it('should fail to login if local login is disabled', async () => { await privileges.global.rescind(['groups:local:login'], 'registered-users'); - const { res, body } = await helpers.loginUser('regular', 'regularpwd'); - assert.equal(res.statusCode, 403); + const { response, body } = await helpers.loginUser('regular', 'regularpwd'); + assert.equal(response.statusCode, 403); assert.equal(body, '[[error:local-login-disabled]]'); await privileges.global.give(['groups:local:login'], 'registered-users'); }); - it('should fail to register if registraton is disabled', (done) => { + it('should fail to register if registraton is disabled', async () => { meta.config.registrationType = 'disabled'; - helpers.registerUser({ + const { response, body } = await helpers.registerUser({ username: 'someuser', password: 'somepassword', - }, (err, jar, response, body) => { - assert.ifError(err); - assert.equal(response.statusCode, 403); - assert.equal(body, 'Forbidden'); - done(); }); + assert.equal(response.statusCode, 403); + assert.equal(body, 'Forbidden'); }); - it('should return error if invitation is not valid', (done) => { + it('should return error if invitation is not valid', async () => { meta.config.registrationType = 'invite-only'; - helpers.registerUser({ + const { response, body } = await helpers.registerUser({ username: 'someuser', password: 'somepassword', - }, (err, jar, response, body) => { - meta.config.registrationType = 'normal'; - assert.ifError(err); - assert.equal(response.statusCode, 400); - assert.equal(body, '[[register:invite.error-invite-only]]'); - done(); }); + meta.config.registrationType = 'normal'; + assert.equal(response.statusCode, 400); + assert.equal(body, '[[register:invite.error-invite-only]]'); }); - it('should fail to register if username is falsy or too short', (done) => { - helpers.registerUser({ - username: '', - password: 'somepassword', - }, (err, jar, response, body) => { - assert.ifError(err); + it('should fail to register if username is falsy or too short', async () => { + const userData = [ + { username: '', password: 'somepassword' }, + { username: 'a', password: 'somepassword' }, + ]; + for (const user of userData) { + // eslint-disable-next-line no-await-in-loop + const { response, body } = await helpers.registerUser(user); assert.equal(response.statusCode, 400); assert.equal(body, '[[error:username-too-short]]'); - helpers.registerUser({ - username: 'a', - password: 'somepassword', - }, (err, jar, response, body) => { - assert.ifError(err); - assert.equal(response.statusCode, 400); - assert.equal(body, '[[error:username-too-short]]'); - done(); - }); - }); + } }); - it('should fail to register if username is too long', (done) => { - helpers.registerUser({ + it('should fail to register if username is too long', async () => { + const { response, body } = await helpers.registerUser({ username: 'thisisareallylongusername', password: '123456', - }, (err, jar, response, body) => { - assert.ifError(err); - assert.equal(response.statusCode, 400); - assert.equal(body, '[[error:username-too-long]]'); - done(); }); + + assert.equal(response.statusCode, 400); + assert.equal(body, '[[error:username-too-long]]'); }); - it('should queue user if ip is used before', (done) => { + it('should queue user if ip is used before', async () => { meta.config.registrationApprovalType = 'admin-approval-ip'; - helpers.registerUser({ + const { response, body } = await helpers.registerUser({ email: 'another@user.com', username: 'anotheruser', password: 'anotherpwd', gdpr_consent: 1, - }, (err, jar, response, body) => { - meta.config.registrationApprovalType = 'normal'; - assert.ifError(err); - assert.equal(response.statusCode, 200); - assert.equal(body.message, '[[register:registration-added-to-queue]]'); - done(); }); + meta.config.registrationApprovalType = 'normal'; + assert.equal(response.statusCode, 200); + assert.equal(body.message, '[[register:registration-added-to-queue]]'); }); @@ -468,41 +398,32 @@ describe('authentication', () => { const uid = await user.create({ username: 'ginger', password: '123456', email }); await user.setUserField(uid, 'email', email); await user.email.confirmByUid(uid); - const { res } = await helpers.loginUser('ginger@nodebb.org', '123456'); - assert.equal(res.statusCode, 200); + const { response } = await helpers.loginUser('ginger@nodebb.org', '123456'); + assert.equal(response.statusCode, 200); }); it('should fail to login if login type is username and an email is sent', async () => { meta.config.allowLoginWith = 'username'; - const { res, body } = await helpers.loginUser('ginger@nodebb.org', '123456'); + const { response, body } = await helpers.loginUser('ginger@nodebb.org', '123456'); meta.config.allowLoginWith = 'username-email'; - assert.equal(res.statusCode, 400); + assert.equal(response.statusCode, 400); assert.equal(body, '[[error:wrong-login-type-username]]'); }); - it('should send 200 if not logged in', (done) => { + it('should send 200 if not logged in', async () => { const jar = request.jar(); - request({ - url: `${nconf.get('url')}/api/config`, - json: true, - jar: jar, - }, (err, response, body) => { - assert.ifError(err); + const csrf_token = await helpers.getCsrfToken(jar); - request.post(`${nconf.get('url')}/logout`, { - form: {}, - json: true, - jar: jar, - headers: { - 'x-csrf-token': body.csrf_token, - }, - }, (err, res, body) => { - assert.ifError(err); - assert.equal(res.statusCode, 200); - assert.equal(body, 'not-logged-in'); - done(); - }); + const { response, body } = await request.post(`${nconf.get('url')}/logout`, { + data: {}, + jar: jar, + headers: { + 'x-csrf-token': csrf_token, + }, }); + + assert.equal(response.statusCode, 200); + assert.equal(body, 'not-logged-in'); }); describe('banned user authentication', () => { @@ -518,7 +439,7 @@ describe('authentication', () => { it('should prevent banned user from logging in', async () => { await user.bans.ban(bannedUser.uid, 0, 'spammer'); - const { res: res1, body: body1 } = await helpers.loginUser(bannedUser.username, bannedUser.pw); + const { response: res1, body: body1 } = await helpers.loginUser(bannedUser.username, bannedUser.pw); assert.equal(res1.statusCode, 403); delete body1.timestamp; assert.deepStrictEqual(body1, { @@ -532,7 +453,7 @@ describe('authentication', () => { await user.bans.unban(bannedUser.uid); const expiry = Date.now() + 10000; await user.bans.ban(bannedUser.uid, expiry, ''); - const { res: res2, body: body2 } = await helpers.loginUser(bannedUser.username, bannedUser.pw); + const { response: res2, body: body2 } = await helpers.loginUser(bannedUser.username, bannedUser.pw); assert.equal(res2.statusCode, 403); assert(body2.banned_until); assert(body2.reason, '[[user:info.banned-no-reason]]'); @@ -540,15 +461,15 @@ describe('authentication', () => { it('should allow banned user to log in if the "banned-users" group has "local-login" privilege', async () => { await privileges.global.give(['groups:local:login'], 'banned-users'); - const { res } = await helpers.loginUser(bannedUser.username, bannedUser.pw); - assert.strictEqual(res.statusCode, 200); + const { response } = await helpers.loginUser(bannedUser.username, bannedUser.pw); + assert.strictEqual(response.statusCode, 200); }); it('should allow banned user to log in if the user herself has "local-login" privilege', async () => { await privileges.global.rescind(['groups:local:login'], 'banned-users'); await privileges.categories.give(['local:login'], 0, bannedUser.uid); - const { res } = await helpers.loginUser(bannedUser.username, bannedUser.pw); - assert.strictEqual(res.statusCode, 200); + const { response } = await helpers.loginUser(bannedUser.username, bannedUser.pw); + assert.strictEqual(response.statusCode, 200); }); }); @@ -561,10 +482,10 @@ describe('authentication', () => { let data = await helpers.loginUser('lockme', 'abcdef'); meta.config.loginAttempts = 5; - assert.equal(data.res.statusCode, 403); + assert.equal(data.response.statusCode, 403); assert.equal(data.body, '[[error:account-locked]]'); data = await helpers.loginUser('lockme', 'abcdef'); - assert.equal(data.res.statusCode, 403); + assert.equal(data.response.statusCode, 403); assert.equal(data.body, '[[error:account-locked]]'); const locked = await db.exists(`lockout:${uid}`); assert(locked); @@ -594,48 +515,47 @@ describe('authentication', () => { }); it('should fail with invalid token', async () => { - const { res, body } = await helpers.request('get', `/api/self`, { - form: { + const { response, body } = await helpers.request('get', `/api/self`, { + data: { _uid: newUid, }, - json: true, jar: jar, headers: { Authorization: `Bearer sdfhaskfdja-jahfdaksdf`, }, }); - assert.strictEqual(res.statusCode, 401); + assert.strictEqual(response.statusCode, 401); assert.strictEqual(body, 'not-authorized'); }); it('should use a token tied to an uid', async () => { - const { res, body } = await helpers.request('get', `/api/self`, { + const { response, body } = await helpers.request('get', `/api/self`, { json: true, headers: { Authorization: `Bearer ${userToken}`, }, }); - assert.strictEqual(res.statusCode, 200); + assert.strictEqual(response.statusCode, 200); assert.strictEqual(body.username, 'apiUserTarget'); }); it('should fail if _uid is not passed in with master token', async () => { - const { res, body } = await helpers.request('get', `/api/self`, { - form: {}, + const { response, body } = await helpers.request('get', `/api/self`, { + data: {}, json: true, headers: { Authorization: `Bearer ${masterToken}`, }, }); - assert.strictEqual(res.statusCode, 500); + assert.strictEqual(response.statusCode, 500); assert.strictEqual(body.error, '[[error:api.master-token-no-uid]]'); }); it('should use master api token and _uid', async () => { - const { res, body } = await helpers.request('get', `/api/self`, { - form: { + const { response, body } = await helpers.request('get', `/api/self`, { + data: { _uid: newUid, }, json: true, @@ -644,7 +564,7 @@ describe('authentication', () => { }, }); - assert.strictEqual(res.statusCode, 200); + assert.strictEqual(response.statusCode, 200); assert.strictEqual(body.username, 'apiUserTarget'); }); }); diff --git a/test/categories.js b/test/categories.js index 7ce3fd41c4..2b9b6db565 100644 --- a/test/categories.js +++ b/test/categories.js @@ -2,8 +2,8 @@ const assert = require('assert'); const nconf = require('nconf'); -const request = require('request'); +const request = require('../src/request'); const db = require('./mocks/databasemock'); const Categories = require('../src/categories'); const Topics = require('../src/topics'); @@ -76,14 +76,11 @@ describe('Categories', () => { }); }); - it('should load a category route', (done) => { - request(`${nconf.get('url')}/api/category/${categoryObj.cid}/test-category`, { json: true }, (err, response, body) => { - assert.ifError(err); - assert.equal(response.statusCode, 200); - assert.equal(body.name, 'Test Category & NodeBB'); - assert(body); - done(); - }); + it('should load a category route', async () => { + const { response, body } = await request.get(`${nconf.get('url')}/api/category/${categoryObj.cid}/test-category`, { json: true }); + assert.equal(response.statusCode, 200); + assert.equal(body.name, 'Test Category & NodeBB'); + assert(body); }); describe('Categories.getRecentTopicReplies', () => { diff --git a/test/controllers-admin.js b/test/controllers-admin.js index 8578f0c52a..b3f78af7a4 100644 --- a/test/controllers-admin.js +++ b/test/controllers-admin.js @@ -3,9 +3,8 @@ const async = require('async'); const assert = require('assert'); const nconf = require('nconf'); -const request = require('request'); -const requestAsync = require('request-promise-native'); +const request = require('../src/request'); const db = require('./mocks/databasemock'); const categories = require('../src/categories'); const topics = require('../src/topics'); @@ -68,600 +67,441 @@ describe('Admin Controllers', () => { it('should 403 if user is not admin', async () => { ({ jar } = await helpers.loginUser('admin', 'barbar')); - const { statusCode, body } = await requestAsync(`${nconf.get('url')}/admin`, { + const { response, body } = await request.get(`${nconf.get('url')}/admin`, { jar: jar, - simple: false, - resolveWithFullResponse: true, + validateStatus: null, }); - assert.equal(statusCode, 403); + assert.equal(response.statusCode, 403); assert(body); }); - it('should load admin dashboard', (done) => { - groups.join('administrators', adminUid, (err) => { - assert.ifError(err); - const dashboards = [ - '/admin', '/admin/dashboard/logins', '/admin/dashboard/users', '/admin/dashboard/topics', '/admin/dashboard/searches', - ]; - async.each(dashboards, (url, next) => { - request(`${nconf.get('url')}${url}`, { jar: jar }, (err, res, body) => { - assert.ifError(err); - assert.equal(res.statusCode, 200, url); - assert(body); - - next(); - }); - }, done); - }); - }); - - it('should load admin analytics', (done) => { - request(`${nconf.get('url')}/api/admin/analytics?units=hours`, { jar: jar, json: true }, (err, res, body) => { - assert.ifError(err); - assert.equal(res.statusCode, 200); + it('should load admin dashboard', async () => { + await groups.join('administrators', adminUid); + const dashboards = [ + '/admin', '/admin/dashboard/logins', '/admin/dashboard/users', '/admin/dashboard/topics', '/admin/dashboard/searches', + ]; + await async.each(dashboards, async (url) => { + const { response, body } = await request.get(`${nconf.get('url')}${url}`, { jar: jar }); + assert.equal(response.statusCode, 200, url); assert(body); - assert(body.query); - assert(body.result); - done(); }); }); - it('should load groups page', (done) => { - request(`${nconf.get('url')}/admin/manage/groups`, { jar: jar }, (err, res, body) => { - assert.ifError(err); - assert.equal(res.statusCode, 200); - assert(body); - done(); - }); + it('should load admin analytics', async () => { + const { response, body } = await request.get(`${nconf.get('url')}/api/admin/analytics?units=hours`, { jar: jar }); + assert.equal(response.statusCode, 200); + assert(body); + assert(body.query); + assert(body.result); }); - it('should load groups detail page', (done) => { - request(`${nconf.get('url')}/admin/manage/groups/administrators`, { jar: jar }, (err, res, body) => { - assert.ifError(err); - assert.equal(res.statusCode, 200); - assert(body); - done(); - }); + it('should load groups page', async () => { + const { response, body } = await request.get(`${nconf.get('url')}/admin/manage/groups`, { jar: jar }); + assert.equal(response.statusCode, 200); + assert(body); }); - it('should load global privileges page', (done) => { - request(`${nconf.get('url')}/admin/manage/privileges`, { jar: jar }, (err, res, body) => { - assert.ifError(err); - assert.equal(res.statusCode, 200); - assert(body); - done(); - }); + it('should load groups detail page', async () => { + const { response, body } = await request.get(`${nconf.get('url')}/admin/manage/groups/administrators`, { jar: jar }); + assert.equal(response.statusCode, 200); + assert(body); }); - it('should load admin privileges page', (done) => { - request(`${nconf.get('url')}/admin/manage/privileges/admin`, { jar: jar }, (err, res, body) => { - assert.ifError(err); - assert.equal(res.statusCode, 200); - assert(body); - done(); - }); + it('should load global privileges page', async () => { + const { response, body } = await request.get(`${nconf.get('url')}/admin/manage/privileges`, { jar: jar }); + assert.equal(response.statusCode, 200); + assert(body); }); - it('should load privileges page for category 1', (done) => { - request(`${nconf.get('url')}/admin/manage/privileges/1`, { jar: jar }, (err, res, body) => { - assert.ifError(err); - assert.equal(res.statusCode, 200); - assert(body); - done(); - }); + it('should load admin privileges page', async () => { + const { response, body } = await request.get(`${nconf.get('url')}/admin/manage/privileges/admin`, { jar: jar }); + assert.equal(response.statusCode, 200); + assert(body); }); - it('should load manage digests', (done) => { - request(`${nconf.get('url')}/admin/manage/digest`, { jar: jar }, (err, res, body) => { - assert.ifError(err); - assert.equal(res.statusCode, 200); - assert(body); - done(); - }); + it('should load privileges page for category 1', async () => { + const { response, body } = await request.get(`${nconf.get('url')}/admin/manage/privileges/1`, { jar: jar }); + assert.equal(response.statusCode, 200); + assert(body); }); - it('should load manage uploads', (done) => { - request(`${nconf.get('url')}/admin/manage/uploads`, { jar: jar }, (err, res, body) => { - assert.ifError(err); - assert.equal(res.statusCode, 200); - assert(body); - done(); - }); + it('should load manage digests', async () => { + const { response, body } = await request.get(`${nconf.get('url')}/admin/manage/digest`, { jar: jar }); + assert.equal(response.statusCode, 200); + assert(body); }); - it('should load general settings page', (done) => { - request(`${nconf.get('url')}/admin/settings`, { jar: jar }, (err, res, body) => { - assert.ifError(err); - assert.equal(res.statusCode, 200); - assert(body); - done(); - }); + it('should load manage uploads', async () => { + const { response, body } = await request.get(`${nconf.get('url')}/admin/manage/uploads`, { jar: jar }); + assert.equal(response.statusCode, 200); + assert(body); }); - it('should load email settings page', (done) => { - request(`${nconf.get('url')}/admin/settings/email`, { jar: jar }, (err, res, body) => { - assert.ifError(err); - assert.equal(res.statusCode, 200); - assert(body); - done(); - }); + it('should load general settings page', async () => { + const { response, body } = await request.get(`${nconf.get('url')}/admin/settings`, { jar: jar }); + assert.equal(response.statusCode, 200); + assert(body); }); - it('should load user settings page', (done) => { - request(`${nconf.get('url')}/admin/settings/user`, { jar: jar }, (err, res, body) => { - assert.ifError(err); - assert.equal(res.statusCode, 200); - assert(body); - done(); - }); + it('should load email settings page', async () => { + const { response, body } = await request.get(`${nconf.get('url')}/admin/settings/email`, { jar: jar }); + assert.equal(response.statusCode, 200); + assert(body); }); - it('should load info page for a user', (done) => { - request(`${nconf.get('url')}/api/user/regular/info`, { jar: jar, json: true }, (err, res, body) => { - assert.ifError(err); - assert.equal(res.statusCode, 200); - assert(body.history); - assert(Array.isArray(body.history.flags)); - assert(Array.isArray(body.history.bans)); - assert(Array.isArray(body.sessions)); - done(); - }); + it('should load user settings page', async () => { + const { response, body } = await request.get(`${nconf.get('url')}/admin/settings/user`, { jar: jar }); + assert.equal(response.statusCode, 200); + assert(body); }); - it('should 404 for edit/email page if user does not exist', (done) => { - request(`${nconf.get('url')}/api/user/doesnotexist/edit/email`, { jar: jar, json: true }, (err, res) => { - assert.ifError(err); - assert.equal(res.statusCode, 404); - done(); - }); + it('should load info page for a user', async () => { + const { response, body } = await request.get(`${nconf.get('url')}/api/user/regular/info`, { jar: jar }); + assert.equal(response.statusCode, 200); + assert(body.history); + assert(Array.isArray(body.history.flags)); + assert(Array.isArray(body.history.bans)); + assert(Array.isArray(body.sessions)); }); - it('should load /admin/settings/homepage', (done) => { - request(`${nconf.get('url')}/api/admin/settings/general`, { jar: jar, json: true }, (err, res, body) => { - assert.ifError(err); - assert.equal(res.statusCode, 200); - assert(body.routes); - done(); - }); + it('should 404 for edit/email page if user does not exist', async () => { + const { response } = await request.get(`${nconf.get('url')}/api/user/doesnotexist/edit/email`, { jar: jar, validateStatus: null }); + assert.equal(response.statusCode, 404); }); - it('should load /admin/advanced/database', (done) => { - request(`${nconf.get('url')}/api/admin/advanced/database`, { jar: jar, json: true }, (err, res, body) => { - assert.ifError(err); - assert.equal(res.statusCode, 200); - - if (nconf.get('redis')) { - assert(body.redis); - } else if (nconf.get('mongo')) { - assert(body.mongo); - } else if (nconf.get('postgres')) { - assert(body.postgres); - } - done(); - }); + it('should load /admin/settings/homepage', async () => { + const { response, body } = await request.get(`${nconf.get('url')}/api/admin/settings/general`, { jar: jar, json: true }); + assert.equal(response.statusCode, 200); + assert(body.routes); }); - it('should load /admin/extend/plugins', function (done) { + it('should load /admin/advanced/database', async () => { + const { response, body } = await request.get(`${nconf.get('url')}/api/admin/advanced/database`, { jar: jar, json: true }); + + assert.equal(response.statusCode, 200); + + if (nconf.get('redis')) { + assert(body.redis); + } else if (nconf.get('mongo')) { + assert(body.mongo); + } else if (nconf.get('postgres')) { + assert(body.postgres); + } + }); + + it('should load /admin/extend/plugins', async function () { this.timeout(50000); - request(`${nconf.get('url')}/api/admin/extend/plugins`, { jar: jar, json: true }, (err, res, body) => { - assert.ifError(err); - assert(body.hasOwnProperty('installed')); - assert(body.hasOwnProperty('upgradeCount')); - assert(body.hasOwnProperty('download')); - assert(body.hasOwnProperty('incompatible')); - done(); - }); + const { body } = await request.get(`${nconf.get('url')}/api/admin/extend/plugins`, { jar: jar }); + + assert(body.hasOwnProperty('installed')); + assert(body.hasOwnProperty('upgradeCount')); + assert(body.hasOwnProperty('download')); + assert(body.hasOwnProperty('incompatible')); }); - it('should load /admin/manage/users', (done) => { - request(`${nconf.get('url')}/api/admin/manage/users`, { jar: jar, json: true }, (err, res, body) => { - assert.ifError(err); - assert.strictEqual(res.statusCode, 200); - assert(body); - assert(body.users.length > 0); - done(); - }); + it('should load /admin/manage/users', async () => { + const { response, body } = await request.get(`${nconf.get('url')}/api/admin/manage/users`, { jar: jar, json: true }); + assert.strictEqual(response.statusCode, 200); + assert(body); + assert(body.users.length > 0); }); - it('should load /admin/manage/users?filters=banned', (done) => { - request(`${nconf.get('url')}/api/admin/manage/users?filters=banned`, { jar: jar, json: true }, (err, res, body) => { - assert.ifError(err); - assert.strictEqual(res.statusCode, 200); - assert(body); - assert.strictEqual(body.users.length, 0); - done(); - }); + it('should load /admin/manage/users?filters=banned', async () => { + const { response, body } = await request.get(`${nconf.get('url')}/api/admin/manage/users?filters=banned`, { jar: jar, json: true }); + assert.strictEqual(response.statusCode, 200); + assert(body); + assert.strictEqual(body.users.length, 0); }); - it('should load /admin/manage/users?filters=banned&filters=verified', (done) => { - request(`${nconf.get('url')}/api/admin/manage/users?filters=banned&filters=verified`, { jar: jar, json: true }, (err, res, body) => { - assert.ifError(err); - assert.strictEqual(res.statusCode, 200); - assert(body); - assert.strictEqual(body.users.length, 0); - done(); - }); + it('should load /admin/manage/users?filters=banned&filters=verified', async () => { + const { response, body } = await request.get(`${nconf.get('url')}/api/admin/manage/users?filters=banned&filters=verified`, { jar: jar, json: true }); + assert.strictEqual(response.statusCode, 200); + assert(body); + assert.strictEqual(body.users.length, 0); }); - it('should load /admin/manage/users?query=admin', (done) => { - request(`${nconf.get('url')}/api/admin/manage/users?query=admin`, { jar: jar, json: true }, (err, res, body) => { - assert.ifError(err); - assert.strictEqual(res.statusCode, 200); - assert(body); - assert.strictEqual(body.users[0].username, 'admin'); - done(); - }); + it('should load /admin/manage/users?query=admin', async () => { + const { response, body } = await request.get(`${nconf.get('url')}/api/admin/manage/users?query=admin`, { jar: jar, json: true }); + assert.strictEqual(response.statusCode, 200); + assert(body); + assert.strictEqual(body.users[0].username, 'admin'); }); - it('should return empty results if query is too short', (done) => { - request(`${nconf.get('url')}/api/admin/manage/users?query=a`, { jar: jar, json: true }, (err, res, body) => { - assert.ifError(err); - assert.strictEqual(res.statusCode, 200); - assert(body); - assert.strictEqual(body.users.length, 0); - done(); - }); + it('should return empty results if query is too short', async () => { + const { response, body } = await request.get(`${nconf.get('url')}/api/admin/manage/users?query=a`, { jar: jar }); + assert.strictEqual(response.statusCode, 200); + assert(body); + assert.strictEqual(body.users.length, 0); }); - it('should load /admin/manage/registration', (done) => { - request(`${nconf.get('url')}/api/admin/manage/registration`, { jar: jar, json: true }, (err, res, body) => { - assert.ifError(err); - assert.equal(res.statusCode, 200); - assert(body); - done(); - }); + it('should load /admin/manage/registration', async () => { + const { response, body } = await request.get(`${nconf.get('url')}/api/admin/manage/registration`, { jar: jar }); + assert.equal(response.statusCode, 200); + assert(body); }); - it('should 404 if users is not privileged', (done) => { - request(`${nconf.get('url')}/api/registration-queue`, { json: true }, (err, res, body) => { - assert.ifError(err); - assert.equal(res.statusCode, 404); - assert(body); - done(); + it('should 404 if users is not privileged', async () => { + const { response, body } = await request.get(`${nconf.get('url')}/api/registration-queue`, { + validateStatus: null, }); + assert.equal(response.statusCode, 404); + assert(body); }); - it('should load /api/registration-queue', (done) => { - request(`${nconf.get('url')}/api/registration-queue`, { jar: jar, json: true }, (err, res, body) => { - assert.ifError(err); - assert.equal(res.statusCode, 200); - assert(body); - done(); - }); + it('should load /api/registration-queue', async () => { + const { response, body } = await request.get(`${nconf.get('url')}/api/registration-queue`, { jar: jar, json: true }); + assert.equal(response.statusCode, 200); + assert(body); }); - it('should load /admin/manage/admins-mods', (done) => { - request(`${nconf.get('url')}/api/admin/manage/admins-mods`, { jar: jar, json: true }, (err, res, body) => { - assert.ifError(err); - assert.equal(res.statusCode, 200); - assert(body); - done(); - }); + it('should load /admin/manage/admins-mods', async () => { + const { response, body } = await request.get(`${nconf.get('url')}/api/admin/manage/admins-mods`, { jar: jar, json: true }); + assert.equal(response.statusCode, 200); + assert(body); }); it('should load /admin/users/csv', (done) => { const socketAdmin = require('../src/socket.io/admin'); socketAdmin.user.exportUsersCSV({ uid: adminUid }, {}, (err) => { assert.ifError(err); - setTimeout(() => { - request(`${nconf.get('url')}/api/admin/users/csv`, { + setTimeout(async () => { + const { response, body } = await request.get(`${nconf.get('url')}/api/admin/users/csv`, { jar: jar, headers: { referer: `${nconf.get('url')}/admin/manage/users`, }, - }, (err, res, body) => { - assert.ifError(err); - assert.equal(res.statusCode, 200); - assert(body); - done(); }); + assert.equal(response.statusCode, 200); + assert(body); + done(); }, 2000); }); }); - it('should return 403 if no referer', (done) => { - request(`${nconf.get('url')}/api/admin/groups/administrators/csv`, { jar: jar }, (err, res, body) => { - assert.ifError(err); - assert.equal(res.statusCode, 403); - assert.equal(body, '[[error:invalid-origin]]'); - done(); + it('should return 403 if no referer', async () => { + const { response, body } = await request.get(`${nconf.get('url')}/api/admin/groups/administrators/csv`, { + jar, + validateStatus: null, }); + assert.equal(response.statusCode, 403); + assert.equal(body, '[[error:invalid-origin]]'); }); - it('should return 403 if referer is not /api/admin/groups/administrators/csv', (done) => { - request(`${nconf.get('url')}/api/admin/groups/administrators/csv`, { + it('should return 403 if referer is not /api/admin/groups/administrators/csv', async () => { + const { response, body } = await request.get(`${nconf.get('url')}/api/admin/groups/administrators/csv`, { jar: jar, + validateStatus: null, headers: { referer: '/topic/1/test', }, - }, (err, res, body) => { - assert.ifError(err); - assert.equal(res.statusCode, 403); - assert.equal(body, '[[error:invalid-origin]]'); - done(); }); + assert.equal(response.statusCode, 403); + assert.equal(body, '[[error:invalid-origin]]'); }); - it('should load /api/admin/groups/administrators/csv', (done) => { - request(`${nconf.get('url')}/api/admin/groups/administrators/csv`, { + it('should load /api/admin/groups/administrators/csv', async () => { + const { response, body } = await request.get(`${nconf.get('url')}/api/admin/groups/administrators/csv`, { jar: jar, headers: { referer: `${nconf.get('url')}/admin/manage/groups`, }, - }, (err, res, body) => { - assert.ifError(err); - assert.equal(res.statusCode, 200); - assert(body); - done(); }); + assert.equal(response.statusCode, 200); + assert(body); }); - it('should load /admin/advanced/hooks', (done) => { - request(`${nconf.get('url')}/api/admin/advanced/hooks`, { jar: jar, json: true }, (err, res, body) => { - assert.ifError(err); - assert.equal(res.statusCode, 200); - assert(body); - done(); - }); + it('should load /admin/advanced/hooks', async () => { + const { response, body } = await request.get(`${nconf.get('url')}/api/admin/advanced/hooks`, { jar }); + assert.equal(response.statusCode, 200); + assert(body); }); - it('should load /admin/advanced/cache', (done) => { - request(`${nconf.get('url')}/api/admin/advanced/cache`, { jar: jar, json: true }, (err, res, body) => { - assert.ifError(err); - assert.equal(res.statusCode, 200); - assert(body); - done(); - }); + it('should load /admin/advanced/cache', async () => { + const { response, body } = await request.get(`${nconf.get('url')}/api/admin/advanced/cache`, { jar }); + assert.equal(response.statusCode, 200); + assert(body); }); - it('should load /api/admin/advanced/cache/dump and 404 with no query param', (done) => { - request(`${nconf.get('url')}/api/admin/advanced/cache/dump`, { jar: jar, json: true }, (err, res, body) => { - assert.ifError(err); - assert.equal(res.statusCode, 404); - assert(body); - done(); + it('should load /api/admin/advanced/cache/dump and 404 with no query param', async () => { + const { response, body } = await request.get(`${nconf.get('url')}/api/admin/advanced/cache/dump`, { + jar, + validateStatus: null, }); + assert.equal(response.statusCode, 404); + assert(body); }); - it('should load /api/admin/advanced/cache/dump', (done) => { - request(`${nconf.get('url')}/api/admin/advanced/cache/dump?name=post`, { jar: jar }, (err, res, body) => { - assert.ifError(err); - assert.equal(res.statusCode, 200); - assert(body); - done(); - }); + it('should load /api/admin/advanced/cache/dump', async () => { + const { response, body } = await request.get(`${nconf.get('url')}/api/admin/advanced/cache/dump?name=post`, { jar: jar }); + assert.equal(response.statusCode, 200); + assert(body); }); - it('should load /admin/advanced/errors', (done) => { - request(`${nconf.get('url')}/api/admin/advanced/errors`, { jar: jar, json: true }, (err, res, body) => { - assert.ifError(err); - assert.equal(res.statusCode, 200); - assert(body); - done(); - }); + it('should load /admin/advanced/errors', async () => { + const { response, body } = await request.get(`${nconf.get('url')}/api/admin/advanced/errors`, { jar: jar, json: true }); + assert.equal(response.statusCode, 200); + assert(body); }); - it('should load /admin/advanced/errors/export', (done) => { - meta.errors.clear((err) => { - assert.ifError(err); - request(`${nconf.get('url')}/api/admin/advanced/errors/export`, { jar: jar }, (err, res, body) => { - assert.ifError(err); - assert.equal(res.statusCode, 200); - assert.strictEqual(body, ''); - done(); - }); - }); + it('should load /admin/advanced/errors/export', async () => { + await meta.errors.clear(); + const { response, body } = await request.get(`${nconf.get('url')}/api/admin/advanced/errors/export`, { jar: jar }); + assert.equal(response.statusCode, 200); + assert.strictEqual(body, ''); }); - it('should load /admin/advanced/logs', (done) => { + it('should load /admin/advanced/logs', async () => { const fs = require('fs'); - fs.appendFile(meta.logs.path, 'dummy log', (err) => { - assert.ifError(err); - request(`${nconf.get('url')}/api/admin/advanced/logs`, { jar: jar, json: true }, (err, res, body) => { - assert.ifError(err); - assert.equal(res.statusCode, 200); - assert(body); - done(); - }); - }); + await fs.promises.appendFile(meta.logs.path, 'dummy log'); + const { response, body } = await request.get(`${nconf.get('url')}/api/admin/advanced/logs`, { jar }); + assert.equal(response.statusCode, 200); + assert(body); }); - it('should load /admin/settings/navigation', (done) => { + it('should load /admin/settings/navigation', async () => { const navigation = require('../src/navigation/admin'); const data = require('../install/data/navigation.json'); + await navigation.save(data); - navigation.save(data, (err) => { - assert.ifError(err); - request(`${nconf.get('url')}/api/admin/settings/navigation`, { jar: jar, json: true }, (err, res, body) => { - assert.ifError(err); - assert(body); - assert(body.available); - assert(body.enabled); - done(); - }); - }); + const { body } = await request.get(`${nconf.get('url')}/api/admin/settings/navigation`, { jar }); + assert(body); + assert(body.available); + assert(body.enabled); }); - it('should load /admin/development/info', (done) => { - request(`${nconf.get('url')}/api/admin/development/info`, { jar: jar, json: true }, (err, res, body) => { - assert.ifError(err); - assert.equal(res.statusCode, 200); - assert(body); - done(); - }); + it('should load /admin/development/info', async () => { + const { response, body } = await request.get(`${nconf.get('url')}/api/admin/development/info`, { jar }); + assert.equal(response.statusCode, 200); + assert(body); }); - it('should load /admin/development/logger', (done) => { - request(`${nconf.get('url')}/api/admin/development/logger`, { jar: jar, json: true }, (err, res, body) => { - assert.ifError(err); - assert.equal(res.statusCode, 200); - assert(body); - done(); - }); + it('should load /admin/development/logger', async () => { + const { response, body } = await request.get(`${nconf.get('url')}/api/admin/development/logger`, { jar }); + assert.equal(response.statusCode, 200); + assert(body); }); - it('should load /admin/advanced/events', (done) => { - request(`${nconf.get('url')}/api/admin/advanced/events`, { jar: jar, json: true }, (err, res, body) => { - assert.ifError(err); - assert.equal(res.statusCode, 200); - assert(body); - done(); - }); + it('should load /admin/advanced/events', async () => { + const { response, body } = await request.get(`${nconf.get('url')}/api/admin/advanced/events`, { jar }); + assert.equal(response.statusCode, 200); + assert(body); }); - it('should load /admin/manage/categories', (done) => { - request(`${nconf.get('url')}/api/admin/manage/categories`, { jar: jar, json: true }, (err, res, body) => { - assert.ifError(err); - assert.equal(res.statusCode, 200); - assert(body); - done(); - }); + it('should load /admin/manage/categories', async () => { + const { response, body } = await request.get(`${nconf.get('url')}/api/admin/manage/categories`, { jar }); + assert.equal(response.statusCode, 200); + assert(body); }); - it('should load /admin/manage/categories/1', (done) => { - request(`${nconf.get('url')}/api/admin/manage/categories/1`, { jar: jar, json: true }, (err, res, body) => { - assert.ifError(err); - assert.equal(res.statusCode, 200); - assert(body); - done(); - }); + it('should load /admin/manage/categories/1', async () => { + const { response, body } = await request.get(`${nconf.get('url')}/api/admin/manage/categories/1`, { jar }); + assert.equal(response.statusCode, 200); + assert(body); }); it('should load /admin/manage/catgories?cid=', async () => { const { cid: rootCid } = await categories.create({ name: 'parent category' }); const { cid: childCid } = await categories.create({ name: 'child category', parentCid: rootCid }); - const { res, body } = await helpers.request('get', `/api/admin/manage/categories?cid=${rootCid}`, { + const { response, body } = await helpers.request('get', `/api/admin/manage/categories?cid=${rootCid}`, { jar: jar, json: true, }); - assert.strictEqual(res.statusCode, 200); + assert.strictEqual(response.statusCode, 200); assert.strictEqual(body.categoriesTree[0].cid, rootCid); assert.strictEqual(body.categoriesTree[0].children[0].cid, childCid); assert.strictEqual(body.breadcrumbs[0].text, '[[admin/manage/categories:top-level]]'); assert.strictEqual(body.breadcrumbs[1].text, 'parent category'); }); - it('should load /admin/manage/categories/1/analytics', (done) => { - request(`${nconf.get('url')}/api/admin/manage/categories/1/analytics`, { jar: jar, json: true }, (err, res, body) => { - assert.ifError(err); - assert.equal(res.statusCode, 200); - assert(body); - done(); - }); + it('should load /admin/manage/categories/1/analytics', async () => { + const { response, body } = await request.get(`${nconf.get('url')}/api/admin/manage/categories/1/analytics`, { jar }); + assert.equal(response.statusCode, 200); + assert(body); }); - it('should load /admin/extend/rewards', (done) => { - request(`${nconf.get('url')}/api/admin/extend/rewards`, { jar: jar, json: true }, (err, res, body) => { - assert.ifError(err); - assert.equal(res.statusCode, 200); - assert(body); - done(); - }); + it('should load /admin/extend/rewards', async () => { + const { response, body } = await request.get(`${nconf.get('url')}/api/admin/extend/rewards`, { jar }); + assert.equal(response.statusCode, 200); + assert(body); }); - it('should load /admin/extend/widgets', (done) => { - request(`${nconf.get('url')}/api/admin/extend/widgets`, { jar: jar, json: true }, (err, res, body) => { - assert.ifError(err); - assert.equal(res.statusCode, 200); - assert(body); - done(); - }); + it('should load /admin/extend/widgets', async () => { + const { response, body } = await request.get(`${nconf.get('url')}/api/admin/extend/widgets`, { jar }); + assert.equal(response.statusCode, 200); + assert(body); }); - it('should load /admin/settings/languages', (done) => { - request(`${nconf.get('url')}/api/admin/settings/languages`, { jar: jar, json: true }, (err, res, body) => { - assert.ifError(err); - assert.equal(res.statusCode, 200); - assert(body); - done(); - }); + it('should load /admin/settings/languages', async () => { + const { response, body } = await request.get(`${nconf.get('url')}/api/admin/settings/languages`, { jar }); + assert.equal(response.statusCode, 200); + assert(body); }); - it('should load /admin/settings/social', (done) => { - request(`${nconf.get('url')}/api/admin/settings/general`, { jar: jar, json: true }, (err, res, body) => { - assert.ifError(err); - assert(body); - body = body.postSharing.map(network => network && network.id); - assert(body.includes('facebook')); - assert(body.includes('twitter')); - done(); - }); + it('should load /admin/settings/social', async () => { + const { body } = await request.get(`${nconf.get('url')}/api/admin/settings/general`, { jar }); + assert(body); + const sharing = body.postSharing.map(network => network && network.id); + assert(sharing.includes('facebook')); + assert(sharing.includes('twitter')); + assert(sharing.includes('linkedin')); + assert(sharing.includes('whatsapp')); + assert(sharing.includes('telegram')); }); - it('should load /admin/manage/tags', (done) => { - request(`${nconf.get('url')}/api/admin/manage/tags`, { jar: jar, json: true }, (err, res, body) => { - assert.ifError(err); - assert.equal(res.statusCode, 200); - assert(body); - done(); - }); + it('should load /admin/manage/tags', async () => { + const { response, body } = await request.get(`${nconf.get('url')}/api/admin/manage/tags`, { jar }); + assert.equal(response.statusCode, 200); + assert(body); }); - it('/post-queue should 404 for regular user', (done) => { - request(`${nconf.get('url')}/api/post-queue`, { json: true }, (err, res, body) => { - assert.ifError(err); - assert(body); - assert.equal(res.statusCode, 404); - done(); - }); + it('/post-queue should 404 for regular user', async () => { + const { response, body } = await request.get(`${nconf.get('url')}/api/post-queue`, { + validateStatus: null, + }); + assert(body); + assert.equal(response.statusCode, 404); }); - it('should load /post-queue', (done) => { - request(`${nconf.get('url')}/api/post-queue`, { jar: jar, json: true }, (err, res, body) => { - assert.ifError(err); - assert.equal(res.statusCode, 200); - assert(body); - done(); - }); + it('should load /post-queue', async () => { + const { response, body } = await request.get(`${nconf.get('url')}/api/post-queue`, { jar: jar }); + assert.equal(response.statusCode, 200); + assert(body); }); - it('/ip-blacklist should 404 for regular user', (done) => { - request(`${nconf.get('url')}/api/ip-blacklist`, { json: true }, (err, res, body) => { - assert.ifError(err); - assert(body); - assert.equal(res.statusCode, 404); - done(); + it('/ip-blacklist should 404 for regular user', async () => { + const { response, body } = await request.get(`${nconf.get('url')}/api/ip-blacklist`, { + validateStatus: null, }); + assert(body); + assert.equal(response.statusCode, 404); }); - it('should load /ip-blacklist', (done) => { - request(`${nconf.get('url')}/api/ip-blacklist`, { jar: jar, json: true }, (err, res, body) => { - assert.ifError(err); - assert.equal(res.statusCode, 200); - assert(body); - done(); - }); + it('should load /ip-blacklist', async () => { + const { response, body } = await request.get(`${nconf.get('url')}/api/ip-blacklist`, { jar }); + assert.equal(response.statusCode, 200); + assert(body); }); - it('should load /admin/appearance/themes', (done) => { - request(`${nconf.get('url')}/api/admin/appearance/themes`, { jar: jar, json: true }, (err, res, body) => { - assert.ifError(err); - assert.equal(res.statusCode, 200); - assert(body); - done(); - }); + it('should load /admin/appearance/themes', async () => { + const { response, body } = await request.get(`${nconf.get('url')}/api/admin/appearance/themes`, { jar }); + assert.equal(response.statusCode, 200); + assert(body); }); - it('should load /admin/appearance/customise', (done) => { - request(`${nconf.get('url')}/api/admin/appearance/customise`, { jar: jar, json: true }, (err, res, body) => { - assert.ifError(err); - assert.equal(res.statusCode, 200); - assert(body); - done(); - }); + it('should load /admin/appearance/customise', async () => { + const { response, body } = await request.get(`${nconf.get('url')}/api/admin/appearance/customise`, { jar }); + assert.equal(response.statusCode, 200); + assert(body); }); - it('should load /recent in maintenance mode', (done) => { + it('should load /recent in maintenance mode', async () => { meta.config.maintenanceMode = 1; - request(`${nconf.get('url')}/api/recent`, { jar: jar, json: true }, (err, res, body) => { - assert.ifError(err); - assert.equal(res.statusCode, 200); - assert(body); - meta.config.maintenanceMode = 0; - done(); - }); + const { response, body } = await request.get(`${nconf.get('url')}/api/recent`, { jar }); + assert.equal(response.statusCode, 200); + meta.config.maintenanceMode = 0; + assert(body); }); describe('mods page', () => { @@ -673,56 +513,49 @@ describe('Admin Controllers', () => { await groups.join(`cid:${cid}:privileges:moderate`, moderatorUid); }); - it('should error with no privileges', (done) => { - request(`${nconf.get('url')}/api/flags`, { json: true }, (err, res, body) => { - assert.ifError(err); - assert.deepStrictEqual(body, { - status: { - code: 'not-authorised', - message: 'A valid login session was not found. Please log in and try again.', - }, - response: {}, - }); - done(); + it('should error with no privileges', async () => { + const { body } = await request.get(`${nconf.get('url')}/api/flags`, { + validateStatus: null, + }); + + assert.deepStrictEqual(body, { + status: { + code: 'not-authorised', + message: 'A valid login session was not found. Please log in and try again.', + }, + response: {}, }); }); - it('should load flags page data', (done) => { - request(`${nconf.get('url')}/api/flags`, { jar: moderatorJar, json: true }, (err, res, body) => { - assert.ifError(err); - assert(body); - assert(body.flags); - assert(body.filters); - assert.equal(body.filters.cid.indexOf(cid), -1); - done(); - }); + it('should load flags page data', async () => { + const { body } = await request.get(`${nconf.get('url')}/api/flags`, { jar: moderatorJar }); + assert(body); + assert(body.flags); + assert(body.filters); + assert.equal(body.filters.cid.indexOf(cid), -1); }); - it('should return a 404 if flag does not exist', (done) => { - request(`${nconf.get('url')}/api/flags/123123123`, { + it('should return a 404 if flag does not exist', async () => { + const { response } = await request.get(`${nconf.get('url')}/api/flags/123123123`, { jar: moderatorJar, - json: true, headers: { Accept: 'text/html, application/json', }, - }, (err, res, body) => { - assert.ifError(err); - assert.strictEqual(res.statusCode, 404); - done(); + validateStatus: null, }); + assert.strictEqual(response.statusCode, 404); }); it('should error when you attempt to flag a privileged user\'s post', async () => { - const { res, body } = await helpers.request('post', '/api/v3/flags', { - json: true, + const { response, body } = await helpers.request('post', '/api/v3/flags', { jar: regularJar, - form: { + data: { id: pid, type: 'post', reason: 'spam', }, }); - assert.strictEqual(res.statusCode, 400); + assert.strictEqual(response.statusCode, 400); assert.strictEqual(body.status.code, 'bad-request'); assert.strictEqual(body.status.message, 'You are not allowed to flag the profiles or content of privileged users (moderators/global moderators/admins)'); }); @@ -730,16 +563,15 @@ describe('Admin Controllers', () => { it('should error with not enough reputation to flag', async () => { const oldValue = meta.config['min:rep:flag']; meta.config['min:rep:flag'] = 1000; - const { res, body } = await helpers.request('post', '/api/v3/flags', { - json: true, + const { response, body } = await helpers.request('post', '/api/v3/flags', { jar: regularJar, - form: { + data: { id: regularPid, type: 'post', reason: 'spam', }, }); - assert.strictEqual(res.statusCode, 400); + assert.strictEqual(response.statusCode, 400); assert.strictEqual(body.status.code, 'bad-request'); assert.strictEqual(body.status.message, 'You need 1000 reputation to flag this post'); @@ -749,10 +581,9 @@ describe('Admin Controllers', () => { it('should return flag details', async () => { const oldValue = meta.config['min:rep:flag']; meta.config['min:rep:flag'] = 0; - const result = await helpers.request('post', '/api/v3/flags', { - json: true, + await helpers.request('post', '/api/v3/flags', { jar: regularJar, - form: { + data: { id: regularPid, type: 'post', reason: 'spam', @@ -770,7 +601,6 @@ describe('Admin Controllers', () => { const { flagId } = flagsResult.body.flags[0]; const { body } = await helpers.request('get', `/api/flags/${flagId}`, { - json: true, jar: moderatorJar, }); assert(body.reports); @@ -779,7 +609,7 @@ describe('Admin Controllers', () => { }); }); - it('should escape special characters in config', (done) => { + it('should escape special characters in config', async () => { const plugins = require('../src/plugins'); function onConfigGet(config, callback) { config.someValue = '"foo"'; @@ -788,46 +618,36 @@ describe('Admin Controllers', () => { callback(null, config); } plugins.hooks.register('somePlugin', { hook: 'filter:config.get', method: onConfigGet }); - request(`${nconf.get('url')}/admin`, { jar: jar }, (err, res, body) => { - assert.ifError(err); - assert.equal(res.statusCode, 200); - assert(body); - assert(body.includes('"someValue":"\\\\"foo\\\\""')); - assert(body.includes('"otherValue":"\\\'123\\\'"')); - assert(body.includes('"script":"<\\/script>"')); - request(nconf.get('url'), { jar: jar }, (err, res, body) => { - assert.ifError(err); - assert.equal(res.statusCode, 200); - assert(body); - assert(body.includes('"someValue":"\\\\"foo\\\\""')); - assert(body.includes('"otherValue":"\\\'123\\\'"')); - assert(body.includes('"script":"<\\/script>"')); - plugins.hooks.unregister('somePlugin', 'filter:config.get', onConfigGet); - done(); - }); - }); + const { response, body } = await request.get(`${nconf.get('url')}/admin`, { jar }); + assert.equal(response.statusCode, 200); + assert(body); + assert(body.includes('"someValue":"\\\\"foo\\\\""')); + assert(body.includes('"otherValue":"\\\'123\\\'"')); + assert(body.includes('"script":"<\\/script>"')); + const { response: res2, body: body2 } = await request.get(nconf.get('url'), { jar }); + assert.equal(res2.statusCode, 200); + assert(body2); + assert(body2.includes('"someValue":"\\\\"foo\\\\""')); + assert(body2.includes('"otherValue":"\\\'123\\\'"')); + assert(body2.includes('"script":"<\\/script>"')); + plugins.hooks.unregister('somePlugin', 'filter:config.get', onConfigGet); }); describe('admin page privileges', () => { - let userJar; let uid; const privileges = require('../src/privileges'); + const requestOpts = { + validateStatus: null, + }; before(async () => { uid = await user.create({ username: 'regularjoe', password: 'barbar' }); - userJar = (await helpers.loginUser('regularjoe', 'barbar')).jar; + requestOpts.jar = (await helpers.loginUser('regularjoe', 'barbar')).jar; }); describe('routeMap parsing', () => { it('should allow normal user access to admin pages', async function () { this.timeout(50000); - function makeRequest(url) { - return new Promise((resolve, reject) => { - request(url, { jar: userJar, json: true }, (err, res, body) => { - if (err) reject(err); - else resolve(res); - }); - }); - } + const uploadRoutes = [ 'category/uploadpicture', 'uploadfavicon', @@ -842,11 +662,11 @@ describe('Admin Controllers', () => { for (const route of adminRoutes) { /* eslint-disable no-await-in-loop */ await privileges.admin.rescind([privileges.admin.routeMap[route]], uid); - let res = await makeRequest(`${nconf.get('url')}/api/admin/${route}`); + let { response: res } = await request.get(`${nconf.get('url')}/api/admin/${route}`, requestOpts); assert.strictEqual(res.statusCode, 403); await privileges.admin.give([privileges.admin.routeMap[route]], uid); - res = await makeRequest(`${nconf.get('url')}/api/admin/${route}`); + ({ response: res } = await request.get(`${nconf.get('url')}/api/admin/${route}`, requestOpts)); assert.strictEqual(res.statusCode, 200); await privileges.admin.rescind([privileges.admin.routeMap[route]], uid); @@ -855,11 +675,11 @@ describe('Admin Controllers', () => { for (const route of adminRoutes) { /* eslint-disable no-await-in-loop */ await privileges.admin.rescind([privileges.admin.routeMap[route]], uid); - let res = await makeRequest(`${nconf.get('url')}/api/admin`); + let { response: res } = await await request.get(`${nconf.get('url')}/api/admin`, requestOpts); assert.strictEqual(res.statusCode, 403); await privileges.admin.give([privileges.admin.routeMap[route]], uid); - res = await makeRequest(`${nconf.get('url')}/api/admin`); + ({ response: res } = await await request.get(`${nconf.get('url')}/api/admin`, requestOpts)); assert.strictEqual(res.statusCode, 200); await privileges.admin.rescind([privileges.admin.routeMap[route]], uid); @@ -869,23 +689,14 @@ describe('Admin Controllers', () => { describe('routePrefixMap parsing', () => { it('should allow normal user access to admin pages', async () => { - // this.timeout(50000); - function makeRequest(url) { - return new Promise((resolve, reject) => { - request(url, { jar: userJar, json: true }, (err, res, body) => { - if (err) reject(err); - else resolve(res); - }); - }); - } for (const route of Object.keys(privileges.admin.routePrefixMap)) { /* eslint-disable no-await-in-loop */ await privileges.admin.rescind([privileges.admin.routePrefixMap[route]], uid); - let res = await makeRequest(`${nconf.get('url')}/api/admin/${route}foobar/derp`); + let { response: res } = await request.get(`${nconf.get('url')}/api/admin/${route}foobar/derp`, requestOpts); assert.strictEqual(res.statusCode, 403); await privileges.admin.give([privileges.admin.routePrefixMap[route]], uid); - res = await makeRequest(`${nconf.get('url')}/api/admin/${route}foobar/derp`); + ({ response: res } = await request.get(`${nconf.get('url')}/api/admin/${route}foobar/derp`, requestOpts)); assert.strictEqual(res.statusCode, 404); await privileges.admin.rescind([privileges.admin.routePrefixMap[route]], uid); diff --git a/test/helpers/index.js b/test/helpers/index.js index aea7761e17..2a120e195c 100644 --- a/test/helpers/index.js +++ b/test/helpers/index.js @@ -1,23 +1,19 @@ 'use strict'; -const request = require('request'); -const requestAsync = require('request-promise-native'); const nconf = require('nconf'); const fs = require('fs'); +const path = require('path'); const winston = require('winston'); -const utils = require('../../src/utils'); +const request = require('../../src/request'); const helpers = module.exports; helpers.getCsrfToken = async (jar) => { - const { csrf_token: token } = await requestAsync({ - url: `${nconf.get('url')}/api/config`, - json: true, + const { body } = await request.get(`${nconf.get('url')}/api/config`, { jar, }); - - return token; + return body.csrf_token; }; helpers.request = async function (method, uri, options) { @@ -28,72 +24,43 @@ helpers.request = async function (method, uri, options) { csrf_token = await helpers.getCsrfToken(options.jar); } - return new Promise((resolve, reject) => { - options.headers = options.headers || {}; - if (csrf_token) { - options.headers['x-csrf-token'] = csrf_token; - } - request[lowercaseMethod](`${nconf.get('url')}${uri}`, options, (err, res, body) => { - if (err) reject(err); - else resolve({ res, body }); - }); - }); + options.headers = options.headers || {}; + if (csrf_token) { + options.headers['x-csrf-token'] = csrf_token; + } + options.validateStatus = null; + const { response, body } = await request[lowercaseMethod](`${nconf.get('url')}${uri}`, options); + return { response, body }; }; helpers.loginUser = async (username, password, payload = {}) => { const jar = request.jar(); - const form = { username, password, ...payload }; + const data = { username, password, ...payload }; - const { statusCode, body: configBody } = await requestAsync({ - url: `${nconf.get('url')}/api/config`, - json: true, + const csrf_token = await helpers.getCsrfToken(jar); + const { response, body } = await request.post(`${nconf.get('url')}/login`, { + data, jar: jar, - followRedirect: false, - simple: false, - resolveWithFullResponse: true, - }); - - if (statusCode !== 200) { - throw new Error('[[error:invalid-response]]'); - } - - const { csrf_token } = configBody; - const res = await requestAsync.post(`${nconf.get('url')}/login`, { - form, - json: true, - jar: jar, - followRedirect: false, - simple: false, - resolveWithFullResponse: true, + validateStatus: () => true, headers: { 'x-csrf-token': csrf_token, }, }); - return { jar, res, body: res.body, csrf_token: csrf_token }; + return { jar, response, body, csrf_token }; }; -helpers.logoutUser = function (jar, callback) { - request({ - url: `${nconf.get('url')}/api/config`, - json: true, - jar: jar, - }, (err, response, body) => { - if (err) { - return callback(err, response, body); - } - - request.post(`${nconf.get('url')}/logout`, { - form: {}, - json: true, - jar: jar, - headers: { - 'x-csrf-token': body.csrf_token, - }, - }, (err, response, body) => { - callback(err, response, body); - }); +helpers.logoutUser = async function (jar) { + const csrf_token = await helpers.getCsrfToken(jar); + const { response, body } = await request.post(`${nconf.get('url')}/logout`, { + data: {}, + jar, + validateStatus: () => true, + headers: { + 'x-csrf-token': csrf_token, + }, }); + return { response, body }; }; helpers.connectSocketIO = function (res, csrf_token, callback) { @@ -126,58 +93,46 @@ helpers.connectSocketIO = function (res, csrf_token, callback) { }); }; -helpers.uploadFile = function (uploadEndPoint, filePath, body, jar, csrf_token, callback) { - let formData = { - files: [ - fs.createReadStream(filePath), - ], - }; - formData = utils.merge(formData, body); - request.post({ - url: uploadEndPoint, - formData: formData, - json: true, +helpers.uploadFile = async function (uploadEndPoint, filePath, data, jar, csrf_token) { + const FormData = require('form-data'); + const form = new FormData(); + form.append('files', fs.createReadStream(filePath), path.basename(filePath)); + if (data && data.params) { + form.append('params', data.params); + } + + const { response, body } = await request.post(uploadEndPoint, { + data: form, jar: jar, + validateStatus: null, + headers: { + 'x-csrf-token': csrf_token, + ...form.getHeaders(), + }, + }); + if (response.status !== 200) { + winston.error(JSON.stringify(data)); + } + return { response, body }; +}; + +helpers.registerUser = async function (data) { + const jar = request.jar(); + const csrf_token = await helpers.getCsrfToken(jar); + + if (!data.hasOwnProperty('password-confirm')) { + data['password-confirm'] = data.password; + } + + const { response, body } = await request.post(`${nconf.get('url')}/register`, { + data, + jar, + validateStatus: () => true, headers: { 'x-csrf-token': csrf_token, }, - }, (err, res, body) => { - if (err) { - return callback(err); - } - if (res.statusCode !== 200) { - winston.error(JSON.stringify(body)); - } - callback(null, res, body); - }); -}; - -helpers.registerUser = function (data, callback) { - const jar = request.jar(); - request({ - url: `${nconf.get('url')}/api/config`, - json: true, - jar: jar, - }, (err, response, body) => { - if (err) { - return callback(err); - } - - if (!data.hasOwnProperty('password-confirm')) { - data['password-confirm'] = data.password; - } - - request.post(`${nconf.get('url')}/register`, { - form: data, - json: true, - jar: jar, - headers: { - 'x-csrf-token': body.csrf_token, - }, - }, (err, response, body) => { - callback(err, jar, response, body); - }); }); + return { jar, response, body }; }; // http://stackoverflow.com/a/14387791/583363 @@ -205,37 +160,34 @@ helpers.copyFile = function (source, target, callback) { } }; -helpers.invite = async function (body, uid, jar, csrf_token) { - console.log('making call'); - const res = await requestAsync.post(`${nconf.get('url')}/api/v3/users/${uid}/invites`, { +helpers.invite = async function (data, uid, jar, csrf_token) { + const { response, body } = await request.post(`${nconf.get('url')}/api/v3/users/${uid}/invites`, { jar: jar, // using "form" since client "api" module make requests with "application/x-www-form-urlencoded" content-type - form: body, + // form: body, + data: data, headers: { 'x-csrf-token': csrf_token, }, - simple: false, - resolveWithFullResponse: true, + validateStatus: null, }); - console.log(res.statusCode, res.body); + console.log(response.status, body); - res.body = JSON.parse(res.body); - return { res, body }; + // res.body = JSON.parse(res.body); + return { response, body }; }; -helpers.createFolder = function (path, folderName, jar, csrf_token) { - return requestAsync.put(`${nconf.get('url')}/api/v3/files/folder`, { +helpers.createFolder = async function (path, folderName, jar, csrf_token) { + return await request.put(`${nconf.get('url')}/api/v3/files/folder`, { jar, - body: { + data: { path, folderName, }, - json: true, headers: { 'x-csrf-token': csrf_token, }, - simple: false, - resolveWithFullResponse: true, + validateStatus: null, }); };