Skip to content
This repository was archived by the owner on Dec 13, 2021. It is now read-only.

Commit e4a3ba1

Browse files
MattIPv4MattIPv4
committed
Add a load more auth tests to Authentication.js & Index.js
1 parent 8ccef5b commit e4a3ba1

File tree

8 files changed

+463
-111
lines changed

8 files changed

+463
-111
lines changed

src/Routes/Authentication.js

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -68,7 +68,6 @@ class AuthenticationRoute extends BaseRoute {
6868
req.session = null;
6969
res.redirect('/');
7070
});
71-
7271
}
7372

7473
get getRouter() {

src/Routes/Index.js

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -133,7 +133,6 @@ class IndexRoute extends BaseRoute {
133133
});
134134
});
135135

136-
137136
this.router.get('/sitemap', (req, res) => {
138137
sitemap.get(this.db).then(data => {
139138
sitemap.save(data).then(() => {

test/Routes/API.js

Lines changed: 94 additions & 94 deletions
Original file line numberDiff line numberDiff line change
@@ -535,6 +535,100 @@ describe('/api/lists/:id', () => {
535535
});
536536
});
537537

538+
describe('/api/legacy-ids', () => {
539+
describe('GET', () => {
540+
const test = () => ratelimitBypass(request().get('/api/legacy-ids'));
541+
it('returns an OK status code', done => {
542+
test().end((err, res) => {
543+
expect(res).to.have.status(200);
544+
done();
545+
});
546+
});
547+
it('has a permissive CORS header', done => {
548+
test().end((err, res) => {
549+
expect(res).to.have.header('Access-Control-Allow-Origin', '*');
550+
done();
551+
});
552+
});
553+
it('returns a valid JSON body', done => {
554+
test().end((err, res) => {
555+
expect(res).to.be.json;
556+
done();
557+
});
558+
});
559+
it('contains an object of strings', done => {
560+
test().end((err, res) => {
561+
expect(res.body).to.be.a('object');
562+
const entries = Object.values(res.body);
563+
entries.forEach(entry => {
564+
expect(entry).to.be.a('string');
565+
});
566+
done();
567+
});
568+
});
569+
});
570+
571+
describe('GET (Ratelimited)', () => {
572+
const test = () => request().get('/api/legacy-ids');
573+
it('ratelimits spam requests', done => {
574+
resetRatelimits().end(() => {
575+
test().end(() => {
576+
});
577+
setTimeout(() => {
578+
test().end((err, res) => {
579+
expect(res).to.have.status(429);
580+
expect(res).to.be.json;
581+
582+
expect(res.body).to.have.property('error', true);
583+
expect(res.body).to.have.property('status', 429);
584+
585+
expect(res.body).to.have.property('retry_after');
586+
expect(res.body.retry_after).to.be.a('number');
587+
588+
expect(res.body).to.have.property('ratelimit_reset');
589+
expect(res.body.ratelimit_reset).to.be.a('number');
590+
591+
expect(res.body).to.have.property('ratelimit_ip');
592+
expect(res.body.ratelimit_ip).to.be.a('string');
593+
594+
expect(res.body).to.have.property('ratelimit_route', '/api/legacy-ids');
595+
expect(res.body).to.have.property('ratelimit_bot_id', '');
596+
done();
597+
});
598+
}, 200);
599+
});
600+
});
601+
it('does not ratelimit requests spaced correctly', function (done) {
602+
checks.ratelimit(this, 1, test, done);
603+
});
604+
});
605+
606+
describe('POST', () => {
607+
const test = () => ratelimitBypass(request().post('/api/legacy-ids'));
608+
it('returns a Not Found status code', done => {
609+
test().end((err, res) => {
610+
expect(res).to.have.status(404);
611+
done();
612+
});
613+
});
614+
it('has a permissive CORS header', done => {
615+
test().end((err, res) => {
616+
expect(res).to.have.header('Access-Control-Allow-Origin', '*');
617+
done();
618+
});
619+
});
620+
it('returns an error JSON body', done => {
621+
test().end((err, res) => {
622+
expect(res).to.be.json;
623+
expect(res.body).to.have.property('error', true);
624+
expect(res.body).to.have.property('status', 404);
625+
expect(res.body).to.have.property('message', 'Endpoint not found');
626+
done();
627+
});
628+
});
629+
});
630+
});
631+
538632
describe('/api/count', () => {
539633
describe('GET', () => {
540634
const test = () => ratelimitBypass(request().get('/api/count'));
@@ -1332,97 +1426,3 @@ describe('/api/bots/:id', () => {
13321426
});
13331427
});
13341428
});
1335-
1336-
describe('/api/legacy-ids', () => {
1337-
describe('GET', () => {
1338-
const test = () => ratelimitBypass(request().get('/api/legacy-ids'));
1339-
it('returns an OK status code', done => {
1340-
test().end((err, res) => {
1341-
expect(res).to.have.status(200);
1342-
done();
1343-
});
1344-
});
1345-
it('has a permissive CORS header', done => {
1346-
test().end((err, res) => {
1347-
expect(res).to.have.header('Access-Control-Allow-Origin', '*');
1348-
done();
1349-
});
1350-
});
1351-
it('returns a valid JSON body', done => {
1352-
test().end((err, res) => {
1353-
expect(res).to.be.json;
1354-
done();
1355-
});
1356-
});
1357-
it('contains an object of strings', done => {
1358-
test().end((err, res) => {
1359-
expect(res.body).to.be.a('object');
1360-
const entries = Object.values(res.body);
1361-
entries.forEach(entry => {
1362-
expect(entry).to.be.a('string');
1363-
});
1364-
done();
1365-
});
1366-
});
1367-
});
1368-
1369-
describe('GET (Ratelimited)', () => {
1370-
const test = () => request().get('/api/legacy-ids');
1371-
it('ratelimits spam requests', done => {
1372-
resetRatelimits().end(() => {
1373-
test().end(() => {
1374-
});
1375-
setTimeout(() => {
1376-
test().end((err, res) => {
1377-
expect(res).to.have.status(429);
1378-
expect(res).to.be.json;
1379-
1380-
expect(res.body).to.have.property('error', true);
1381-
expect(res.body).to.have.property('status', 429);
1382-
1383-
expect(res.body).to.have.property('retry_after');
1384-
expect(res.body.retry_after).to.be.a('number');
1385-
1386-
expect(res.body).to.have.property('ratelimit_reset');
1387-
expect(res.body.ratelimit_reset).to.be.a('number');
1388-
1389-
expect(res.body).to.have.property('ratelimit_ip');
1390-
expect(res.body.ratelimit_ip).to.be.a('string');
1391-
1392-
expect(res.body).to.have.property('ratelimit_route', '/api/legacy-ids');
1393-
expect(res.body).to.have.property('ratelimit_bot_id', '');
1394-
done();
1395-
});
1396-
}, 200);
1397-
});
1398-
});
1399-
it('does not ratelimit requests spaced correctly', function (done) {
1400-
checks.ratelimit(this, 1, test, done);
1401-
});
1402-
});
1403-
1404-
describe('POST', () => {
1405-
const test = () => ratelimitBypass(request().post('/api/legacy-ids'));
1406-
it('returns a Not Found status code', done => {
1407-
test().end((err, res) => {
1408-
expect(res).to.have.status(404);
1409-
done();
1410-
});
1411-
});
1412-
it('has a permissive CORS header', done => {
1413-
test().end((err, res) => {
1414-
expect(res).to.have.header('Access-Control-Allow-Origin', '*');
1415-
done();
1416-
});
1417-
});
1418-
it('returns an error JSON body', done => {
1419-
test().end((err, res) => {
1420-
expect(res).to.be.json;
1421-
expect(res.body).to.have.property('error', true);
1422-
expect(res.body).to.have.property('status', 404);
1423-
expect(res.body).to.have.property('message', 'Endpoint not found');
1424-
done();
1425-
});
1426-
});
1427-
});
1428-
});

test/Routes/Authentication.js

Lines changed: 40 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
const { describe, it, expect, request } = require('../base');
1+
const { describe, it, expect, request, auth } = require('../base');
22

33
describe('/auth', () => {
44
describe('GET', () => {
@@ -24,11 +24,45 @@ describe('/auth', () => {
2424

2525
describe('/auth/logout', () => {
2626
describe('GET', () => {
27-
const test = () => request().get('/auth/logout').redirects(0);
28-
it('redirects to back to the homepage', done => {
29-
test().end((err, res) => {
30-
expect(res).to.redirectTo('/');
31-
done();
27+
describe('As an anonymous user', () => {
28+
it('redirects to back to the homepage', done => {
29+
auth.asAnon(request().get('/')).end((err1, res1) => {
30+
expect(res1.text).to.include('<a href="/auth">Sign in with Discord</a>');
31+
32+
auth.asPrevious(request().get('/')).end((err2, res2) => {
33+
expect(res2.text).to.include('<a href="/auth">Sign in with Discord</a>');
34+
35+
auth.asPrevious(request().get('/auth/logout')).redirects(0).end((err3, res3) => {
36+
expect(res3).to.redirectTo('/');
37+
38+
auth.asPrevious(request().get('/')).end((err4, res4) => {
39+
expect(res4.text).to.include('<a href="/auth">Sign in with Discord</a>');
40+
done();
41+
});
42+
});
43+
});
44+
});
45+
});
46+
});
47+
48+
describe('As a logged in user', () => {
49+
it('redirects to back to the homepage', done => {
50+
auth.asUser(request().get('/')).end((err1, res1) => {
51+
expect(res1.text).to.include('<p class="menu-label">User#1234</p>');
52+
53+
auth.asPrevious(request().get('/')).end((err2, res2) => {
54+
expect(res2.text).to.include('<p class="menu-label">User#1234</p>');
55+
56+
auth.asPrevious(request().get('/auth/logout')).redirects(0).end((err3, res3) => {
57+
expect(res3).to.redirectTo('/');
58+
59+
auth.asPrevious(request().get('/')).end((err4, res4) => {
60+
expect(res4.text).to.include('<a href="/auth">Sign in with Discord</a>');
61+
done();
62+
});
63+
});
64+
});
65+
});
3266
});
3367
});
3468
});

0 commit comments

Comments
 (0)