Skip to content
This repository has been archived by the owner on Dec 13, 2021. It is now read-only.

Commit

Permalink
Add a load more auth tests to Authentication.js & Index.js
Browse files Browse the repository at this point in the history
  • Loading branch information
@MattIPv4
MattIPv4 committed Mar 6, 2020
1 parent 8ccef5b commit e4a3ba1
Show file tree
Hide file tree
Showing 8 changed files with 463 additions and 111 deletions.
1 change: 0 additions & 1 deletion src/Routes/Authentication.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,6 @@ class AuthenticationRoute extends BaseRoute {
req.session = null;
res.redirect('/');
});

}

get getRouter() {
Expand Down
1 change: 0 additions & 1 deletion src/Routes/Index.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -133,7 +133,6 @@ class IndexRoute extends BaseRoute {
});
});


this.router.get('/sitemap', (req, res) => {
sitemap.get(this.db).then(data => {
sitemap.save(data).then(() => {
Expand Down
188 changes: 94 additions & 94 deletions test/Routes/API.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -535,6 +535,100 @@ describe('/api/lists/:id', () => {
});
});

describe('/api/legacy-ids', () => {
describe('GET', () => {
const test = () => ratelimitBypass(request().get('/api/legacy-ids'));
it('returns an OK status code', done => {
test().end((err, res) => {
expect(res).to.have.status(200);
done();
});
});
it('has a permissive CORS header', done => {
test().end((err, res) => {
expect(res).to.have.header('Access-Control-Allow-Origin', '*');
done();
});
});
it('returns a valid JSON body', done => {
test().end((err, res) => {
expect(res).to.be.json;
done();
});
});
it('contains an object of strings', done => {
test().end((err, res) => {
expect(res.body).to.be.a('object');
const entries = Object.values(res.body);
entries.forEach(entry => {
expect(entry).to.be.a('string');
});
done();
});
});
});

describe('GET (Ratelimited)', () => {
const test = () => request().get('/api/legacy-ids');
it('ratelimits spam requests', done => {
resetRatelimits().end(() => {
test().end(() => {
});
setTimeout(() => {
test().end((err, res) => {
expect(res).to.have.status(429);
expect(res).to.be.json;

expect(res.body).to.have.property('error', true);
expect(res.body).to.have.property('status', 429);

expect(res.body).to.have.property('retry_after');
expect(res.body.retry_after).to.be.a('number');

expect(res.body).to.have.property('ratelimit_reset');
expect(res.body.ratelimit_reset).to.be.a('number');

expect(res.body).to.have.property('ratelimit_ip');
expect(res.body.ratelimit_ip).to.be.a('string');

expect(res.body).to.have.property('ratelimit_route', '/api/legacy-ids');
expect(res.body).to.have.property('ratelimit_bot_id', '');
done();
});
}, 200);
});
});
it('does not ratelimit requests spaced correctly', function (done) {
checks.ratelimit(this, 1, test, done);
});
});

describe('POST', () => {
const test = () => ratelimitBypass(request().post('/api/legacy-ids'));
it('returns a Not Found status code', done => {
test().end((err, res) => {
expect(res).to.have.status(404);
done();
});
});
it('has a permissive CORS header', done => {
test().end((err, res) => {
expect(res).to.have.header('Access-Control-Allow-Origin', '*');
done();
});
});
it('returns an error JSON body', done => {
test().end((err, res) => {
expect(res).to.be.json;
expect(res.body).to.have.property('error', true);
expect(res.body).to.have.property('status', 404);
expect(res.body).to.have.property('message', 'Endpoint not found');
done();
});
});
});
});

describe('/api/count', () => {
describe('GET', () => {
const test = () => ratelimitBypass(request().get('/api/count'));
Expand Down Expand Up @@ -1332,97 +1426,3 @@ describe('/api/bots/:id', () => {
});
});
});

describe('/api/legacy-ids', () => {
describe('GET', () => {
const test = () => ratelimitBypass(request().get('/api/legacy-ids'));
it('returns an OK status code', done => {
test().end((err, res) => {
expect(res).to.have.status(200);
done();
});
});
it('has a permissive CORS header', done => {
test().end((err, res) => {
expect(res).to.have.header('Access-Control-Allow-Origin', '*');
done();
});
});
it('returns a valid JSON body', done => {
test().end((err, res) => {
expect(res).to.be.json;
done();
});
});
it('contains an object of strings', done => {
test().end((err, res) => {
expect(res.body).to.be.a('object');
const entries = Object.values(res.body);
entries.forEach(entry => {
expect(entry).to.be.a('string');
});
done();
});
});
});

describe('GET (Ratelimited)', () => {
const test = () => request().get('/api/legacy-ids');
it('ratelimits spam requests', done => {
resetRatelimits().end(() => {
test().end(() => {
});
setTimeout(() => {
test().end((err, res) => {
expect(res).to.have.status(429);
expect(res).to.be.json;

expect(res.body).to.have.property('error', true);
expect(res.body).to.have.property('status', 429);

expect(res.body).to.have.property('retry_after');
expect(res.body.retry_after).to.be.a('number');

expect(res.body).to.have.property('ratelimit_reset');
expect(res.body.ratelimit_reset).to.be.a('number');

expect(res.body).to.have.property('ratelimit_ip');
expect(res.body.ratelimit_ip).to.be.a('string');

expect(res.body).to.have.property('ratelimit_route', '/api/legacy-ids');
expect(res.body).to.have.property('ratelimit_bot_id', '');
done();
});
}, 200);
});
});
it('does not ratelimit requests spaced correctly', function (done) {
checks.ratelimit(this, 1, test, done);
});
});

describe('POST', () => {
const test = () => ratelimitBypass(request().post('/api/legacy-ids'));
it('returns a Not Found status code', done => {
test().end((err, res) => {
expect(res).to.have.status(404);
done();
});
});
it('has a permissive CORS header', done => {
test().end((err, res) => {
expect(res).to.have.header('Access-Control-Allow-Origin', '*');
done();
});
});
it('returns an error JSON body', done => {
test().end((err, res) => {
expect(res).to.be.json;
expect(res.body).to.have.property('error', true);
expect(res.body).to.have.property('status', 404);
expect(res.body).to.have.property('message', 'Endpoint not found');
done();
});
});
});
});
46 changes: 40 additions & 6 deletions test/Routes/Authentication.js
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
const { describe, it, expect, request } = require('../base');
const { describe, it, expect, request, auth } = require('../base');

describe('/auth', () => {
describe('GET', () => {
Expand All @@ -24,11 +24,45 @@ describe('/auth', () => {

describe('/auth/logout', () => {
describe('GET', () => {
const test = () => request().get('/auth/logout').redirects(0);
it('redirects to back to the homepage', done => {
test().end((err, res) => {
expect(res).to.redirectTo('/');
done();
describe('As an anonymous user', () => {
it('redirects to back to the homepage', done => {
auth.asAnon(request().get('/')).end((err1, res1) => {
expect(res1.text).to.include('<a href="/auth">Sign in with Discord</a>');

auth.asPrevious(request().get('/')).end((err2, res2) => {
expect(res2.text).to.include('<a href="/auth">Sign in with Discord</a>');

auth.asPrevious(request().get('/auth/logout')).redirects(0).end((err3, res3) => {
expect(res3).to.redirectTo('/');

auth.asPrevious(request().get('/')).end((err4, res4) => {
expect(res4.text).to.include('<a href="/auth">Sign in with Discord</a>');
done();
});
});
});
});
});
});

describe('As a logged in user', () => {
it('redirects to back to the homepage', done => {
auth.asUser(request().get('/')).end((err1, res1) => {
expect(res1.text).to.include('<p class="menu-label">User#1234</p>');

auth.asPrevious(request().get('/')).end((err2, res2) => {
expect(res2.text).to.include('<p class="menu-label">User#1234</p>');

auth.asPrevious(request().get('/auth/logout')).redirects(0).end((err3, res3) => {
expect(res3).to.redirectTo('/');

auth.asPrevious(request().get('/')).end((err4, res4) => {
expect(res4.text).to.include('<a href="/auth">Sign in with Discord</a>');
done();
});
});
});
});
});
});
});
Expand Down
Loading

0 comments on commit e4a3ba1

Please sign in to comment.