Mirroristas/CommunitySolidServer
2
0
Fork 0
mirror of https://github.com/CommunitySolidServer/CommunitySolidServer.git synced 2024-10-03 14:55:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

Correctly handle slugs in POST requests

Browse Source 
* bug: correctly handle slug in POST request

* bug: disallow slashes in slug + modified tests

* fix: fixed tests to work with PUT instead of POST+slug

* fix: fixed tests failing in ci

* fix: adapted to reviews

* fix: adapted to review
This commit is contained in:
Arthur Joppart
2021-02-24 12:03:41 +01:00
committed by GitHub
parent 894d4589d9
commit 28c0eb7e88
6 changed files with 154 additions and 103 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
test/integration/LdpHandlerWithAuth.test.ts
View File

@@ -64,22 +64,23 @@ describe.each(stores)('An LDP handler with auth using %s', (name, { storeUrn, te
await aclHelper.setSimpleAcl({ read: true, write: true, append: true, control: false }, 'agent');
// Create file
const filePath = 'testfile2.txt';
const fileUrl = `${BASE}/${filePath}`;
let response = await resourceHelper.createResource(
'../assets/testfile2.txt', 'testfile2.txt', 'text/plain',
'../assets/testfile2.txt', filePath, 'text/plain',
);
const id = response._getHeaders().location;
// Get file
response = await resourceHelper.getResource(id);
response = await resourceHelper.getResource(fileUrl);
expect(response.statusCode).toBe(200);
expect(response._getBuffer().toString()).toContain('TESTFILE2');
expect(response.getHeaders().link).toContain(`<${LDP.Resource}>; rel="type"`);
expect(response.getHeaders().link).toContain(`<${id}.acl>; rel="acl"`);
expect(response.getHeaders().link).toContain(`<${fileUrl}.acl>; rel="acl"`);
expect(response.getHeaders()['wac-allow']).toBe('user="read write append",public="read write append"');
// DELETE file
await resourceHelper.deleteResource(id);
await resourceHelper.shouldNotExist(id);
await resourceHelper.deleteResource(fileUrl);
await resourceHelper.shouldNotExist(fileUrl);
});
it('can not add a file to the store if not allowed.', async(): Promise<void> => {
@@ -87,8 +88,9 @@ describe.each(stores)('An LDP handler with auth using %s', (name, { storeUrn, te
await aclHelper.setSimpleAcl({ read: true, write: true, append: true, control: false }, 'authenticated');
// Try to create file
const filePath = 'testfile2.txt';
const response = await resourceHelper.createResource(
'../assets/testfile2.txt', 'testfile2.txt', 'text/plain', true,
'../assets/testfile2.txt', filePath, 'text/plain', true,
);
expect(response.statusCode).toBe(401);
});
@@ -98,8 +100,9 @@ describe.each(stores)('An LDP handler with auth using %s', (name, { storeUrn, te
await aclHelper.setSimpleAcl({ read: true, write: false, append: false, control: false }, 'agent');
// Try to create file
const filePath = 'testfile2.txt';
let response = await resourceHelper.createResource(
'../assets/testfile2.txt', 'testfile2.txt', 'text/plain', true,
'../assets/testfile2.txt', filePath, 'text/plain', true,
);
expect(response.statusCode).toBe(401);
@@ -120,17 +123,21 @@ describe.each(stores)('An LDP handler with auth using %s', (name, { storeUrn, te
await aclHelper.setSimpleAcl({ read: true, write: false, append: true, control: false }, 'agent');
// Add a file
let response = await resourceHelper.createResource(
'../assets/testfile2.txt', 'testfile2.txt', 'text/plain', true,
const filePath = 'testfile2.txt';
let response = await resourceHelper.performRequestWithBody(
new URL(`${BASE}/`),
'POST',
{
'content-type': 'text/plain',
'transfer-encoding': 'chunked',
slug: filePath,
},
Buffer.from('data'),
);
expect(response.statusCode).toBe(201);
const id = response._getHeaders().location;
response = await resourceHelper.performRequestWithBody(
new URL(id),
'PUT',
{ 'content-type': 'text/plain', 'transfer-encoding': 'chunked' },
Buffer.from('data'),
response = await resourceHelper.createResource(
'../assets/testfile2.txt', filePath, 'text/plain', true,
);
expect(response.statusCode).toBe(401);
});