From b3b926474204ad736ec434aafc8afc6bc55079f6 Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Fri, 13 May 2016 16:31:14 +0200 Subject: [PATCH] Authenticate before make/quit friends (server + tests) --- server/controllers/api/v1/pods.js | 13 ++++---- server/controllers/api/v1/remoteVideos.js | 6 ++-- server/controllers/api/v1/users.js | 2 +- server/controllers/api/v1/videos.js | 6 ++-- server/middlewares/index.js | 2 ++ server/tests/api/friendsAdvanced.js | 9 ++++-- server/tests/api/friendsBasic.js | 39 +++++++++++++---------- server/tests/api/multiplePods.js | 6 ++-- server/tests/api/users.js | 10 ++++++ server/tests/api/utils.js | 13 ++++++-- 10 files changed, 68 insertions(+), 38 deletions(-) diff --git a/server/controllers/api/v1/pods.js b/server/controllers/api/v1/pods.js index fd13034a2..cec51f272 100644 --- a/server/controllers/api/v1/pods.js +++ b/server/controllers/api/v1/pods.js @@ -4,11 +4,12 @@ const express = require('express') const logger = require('../../../helpers/logger') const friends = require('../../../lib/friends') -const middleware = require('../../../middlewares') +const middlewares = require('../../../middlewares') const Pods = require('../../../models/pods') -const reqValidator = middleware.reqValidators.pods -const secureMiddleware = middleware.secure -const secureRequest = middleware.reqValidators.remote.secureRequest +const oAuth2 = middlewares.oauth2 +const reqValidator = middlewares.reqValidators.pods +const secureMiddleware = middlewares.secure +const secureRequest = middlewares.reqValidators.remote.secureRequest const videos = require('../../../lib/videos') const Videos = require('../../../models/videos') @@ -16,8 +17,8 @@ const router = express.Router() router.get('/', listPods) router.post('/', reqValidator.podsAdd, addPods) -router.get('/makefriends', reqValidator.makeFriends, makeFriends) -router.get('/quitfriends', quitFriends) +router.get('/makefriends', oAuth2.authenticate, reqValidator.makeFriends, makeFriends) +router.get('/quitfriends', oAuth2.authenticate, quitFriends) // Post because this is a secured request router.post('/remove', secureRequest, secureMiddleware.decryptBody, removePods) diff --git a/server/controllers/api/v1/remoteVideos.js b/server/controllers/api/v1/remoteVideos.js index cc4bc41e2..2f41c0411 100644 --- a/server/controllers/api/v1/remoteVideos.js +++ b/server/controllers/api/v1/remoteVideos.js @@ -3,9 +3,9 @@ const express = require('express') const map = require('lodash/map') -const middleware = require('../../../middlewares') -const secureMiddleware = middleware.secure -const reqValidator = middleware.reqValidators.remote +const middlewares = require('../../../middlewares') +const secureMiddleware = middlewares.secure +const reqValidator = middlewares.reqValidators.remote const logger = require('../../../helpers/logger') const Videos = require('../../../models/videos') const videos = require('../../../lib/videos') diff --git a/server/controllers/api/v1/users.js b/server/controllers/api/v1/users.js index 54ff0d743..7ce0b9c6a 100644 --- a/server/controllers/api/v1/users.js +++ b/server/controllers/api/v1/users.js @@ -2,7 +2,7 @@ const config = require('config') const express = require('express') -const oAuth2 = require('../../../middlewares/oauth2') +const oAuth2 = require('../../../middlewares').oauth2 const Users = require('../../../models/users') diff --git a/server/controllers/api/v1/videos.js b/server/controllers/api/v1/videos.js index 9891bf4c6..b6e3de08f 100644 --- a/server/controllers/api/v1/videos.js +++ b/server/controllers/api/v1/videos.js @@ -9,9 +9,9 @@ const multer = require('multer') const constants = require('../../../initializers/constants') const logger = require('../../../helpers/logger') const friends = require('../../../lib/friends') -const middleware = require('../../../middlewares') -const oAuth2 = require('../../../middlewares/oauth2') -const reqValidator = middleware.reqValidators.videos +const middlewares = require('../../../middlewares') +const oAuth2 = middlewares.oauth2 +const reqValidator = middlewares.reqValidators.videos const utils = require('../../../helpers/utils') const Videos = require('../../../models/videos') // model const videos = require('../../../lib/videos') diff --git a/server/middlewares/index.js b/server/middlewares/index.js index a0b07705d..ffd19337c 100644 --- a/server/middlewares/index.js +++ b/server/middlewares/index.js @@ -1,9 +1,11 @@ 'use strict' +const oauth2 = require('./oauth2') const reqValidatorsMiddleware = require('./reqValidators') const secureMiddleware = require('./secure') const middlewares = { + oauth2: oauth2, reqValidators: reqValidatorsMiddleware, secure: secureMiddleware } diff --git a/server/tests/api/friendsAdvanced.js b/server/tests/api/friendsAdvanced.js index 9bd202a05..f3d5cd4a0 100644 --- a/server/tests/api/friendsAdvanced.js +++ b/server/tests/api/friendsAdvanced.js @@ -10,15 +10,18 @@ describe('Test advanced friends', function () { let servers = [] function makeFriends (podNumber, callback) { - return utils.makeFriends(servers[podNumber - 1].url, callback) + const server = servers[podNumber - 1] + return utils.makeFriends(server.url, server.accessToken, callback) } function quitFriends (podNumber, callback) { - return utils.quitFriends(servers[podNumber - 1].url, callback) + const server = servers[podNumber - 1] + return utils.quitFriends(server.url, server.accessToken, callback) } function getFriendsList (podNumber, end) { - return utils.getFriendsList(servers[podNumber - 1].url, end) + const server = servers[podNumber - 1] + return utils.getFriendsList(server.url, end) } function uploadVideo (podNumber, callback) { diff --git a/server/tests/api/friendsBasic.js b/server/tests/api/friendsBasic.js index c9e3bc9ad..68817e852 100644 --- a/server/tests/api/friendsBasic.js +++ b/server/tests/api/friendsBasic.js @@ -3,13 +3,17 @@ const async = require('async') const chai = require('chai') const expect = chai.expect -const request = require('supertest') const utils = require('./utils') describe('Test basic friends', function () { let servers = [] + function makeFriends (podNumber, callback) { + const server = servers[podNumber - 1] + return utils.makeFriends(server.url, server.accessToken, callback) + } + function testMadeFriends (servers, serverToTest, callback) { const friends = [] for (let i = 0; i < servers.length; i++) { @@ -39,7 +43,15 @@ describe('Test basic friends', function () { this.timeout(20000) utils.flushAndRunMultipleServers(3, function (serversRun, urlsRun) { servers = serversRun - done() + + async.each(servers, function (server, callbackEach) { + utils.loginAndGetAccessToken(server, function (err, accessToken) { + if (err) return callbackEach(err) + + server.accessToken = accessToken + callbackEach() + }) + }, done) }) }) @@ -59,16 +71,10 @@ describe('Test basic friends', function () { it('Should make friends', function (done) { this.timeout(10000) - const path = '/api/v1/pods/makefriends' - async.series([ // The second pod make friend with the third function (next) { - request(servers[1].url) - .get(path) - .set('Accept', 'application/json') - .expect(204) - .end(next) + makeFriends(2, next) }, // Wait for the request between pods function (next) { @@ -102,11 +108,7 @@ describe('Test basic friends', function () { }, // Finally the first pod make friend with the second pod function (next) { - request(servers[0].url) - .get(path) - .set('Accept', 'application/json') - .expect(204) - .end(next) + makeFriends(1, next) }, // Wait for the request between pods function (next) { @@ -123,14 +125,16 @@ describe('Test basic friends', function () { }) it('Should not be allowed to make friend again', function (done) { - utils.makeFriends(servers[1].url, 409, done) + const server = servers[1] + utils.makeFriends(server.url, server.accessToken, 409, done) }) it('Should quit friends of pod 2', function (done) { async.series([ // Pod 1 quit friends function (next) { - utils.quitFriends(servers[1].url, next) + const server = servers[1] + utils.quitFriends(server.url, server.accessToken, next) }, // Pod 1 should not have friends anymore function (next) { @@ -162,7 +166,8 @@ describe('Test basic friends', function () { }) it('Should allow pod 2 to make friend again', function (done) { - utils.makeFriends(servers[1].url, function () { + const server = servers[1] + utils.makeFriends(server.url, server.accessToken, function () { async.each(servers, function (server, callback) { testMadeFriends(servers, server, callback) }, done) diff --git a/server/tests/api/multiplePods.js b/server/tests/api/multiplePods.js index 1a61034fc..486457347 100644 --- a/server/tests/api/multiplePods.js +++ b/server/tests/api/multiplePods.js @@ -37,7 +37,8 @@ describe('Test multiple pods', function () { }, // The second pod make friend with the third function (next) { - utils.makeFriends(servers[1].url, next) + const server = servers[1] + utils.makeFriends(server.url, server.accessToken, next) }, // Wait for the request between pods function (next) { @@ -45,7 +46,8 @@ describe('Test multiple pods', function () { }, // Pod 1 make friends too function (next) { - utils.makeFriends(servers[0].url, next) + const server = servers[0] + utils.makeFriends(server.url, server.accessToken, next) }, function (next) { webtorrent.create({ host: 'client', port: '1' }, next) diff --git a/server/tests/api/users.js b/server/tests/api/users.js index 57417a69e..cb44d2611 100644 --- a/server/tests/api/users.js +++ b/server/tests/api/users.js @@ -82,6 +82,16 @@ describe('Test users', function () { utils.uploadVideo(server.url, accessToken, 'my super name', 'my super description', 'video_short.webm', 401, done) }) + it('Should not be able to make friends', function (done) { + accessToken = 'mysupertoken' + utils.makeFriends(server.url, accessToken, 401, done) + }) + + it('Should not be able to quit friends', function (done) { + accessToken = 'mysupertoken' + utils.quitFriends(server.url, accessToken, 401, done) + }) + it('Should be able to login', function (done) { utils.login(server.url, server.client, server.user, 200, function (err, res) { if (err) throw err diff --git a/server/tests/api/utils.js b/server/tests/api/utils.js index 45f11ac8f..9c5e4ee61 100644 --- a/server/tests/api/utils.js +++ b/server/tests/api/utils.js @@ -97,7 +97,7 @@ function loginAndGetAccessToken (server, callback) { }) } -function makeFriends (url, expectedStatus, callback) { +function makeFriends (url, accessToken, expectedStatus, callback) { if (!callback) { callback = expectedStatus expectedStatus = 204 @@ -109,6 +109,7 @@ function makeFriends (url, expectedStatus, callback) { request(url) .get(path) .set('Accept', 'application/json') + .set('Authorization', 'Bearer ' + accessToken) .expect(expectedStatus) .end(function (err, res) { if (err) throw err @@ -118,14 +119,20 @@ function makeFriends (url, expectedStatus, callback) { }) } -function quitFriends (url, callback) { +function quitFriends (url, accessToken, expectedStatus, callback) { + if (!callback) { + callback = expectedStatus + expectedStatus = 204 + } + const path = '/api/v1/pods/quitfriends' // The first pod make friend with the third request(url) .get(path) .set('Accept', 'application/json') - .expect(204) + .set('Authorization', 'Bearer ' + accessToken) + .expect(expectedStatus) .end(function (err, res) { if (err) throw err