From 4c9bff478a978be7ba1f493173e6a278566c28da Mon Sep 17 00:00:00 2001 From: Jori Lallo Date: Mon, 15 Jan 2018 14:07:12 -0800 Subject: [PATCH 1/2] Revert auth changes --- server/api/apiKeys.js | 7 +++---- server/api/user.js | 7 +++---- server/api/views.js | 5 ++--- 3 files changed, 8 insertions(+), 11 deletions(-) diff --git a/server/api/apiKeys.js b/server/api/apiKeys.js index bfa41a110..4b6e5c841 100644 --- a/server/api/apiKeys.js +++ b/server/api/apiKeys.js @@ -8,9 +8,8 @@ import { presentApiKey } from '../presenters'; import { ApiKey } from '../models'; const router = new Router(); -router.use(auth()); -router.post('apiKeys.create', async ctx => { +router.post('apiKeys.create', auth(), async ctx => { const { name } = ctx.body; ctx.assertPresent(name, 'name is required'); @@ -26,7 +25,7 @@ router.post('apiKeys.create', async ctx => { }; }); -router.post('apiKeys.list', pagination(), async ctx => { +router.post('apiKeys.list', auth(), pagination(), async ctx => { const user = ctx.state.user; const keys = await ApiKey.findAll({ where: { @@ -47,7 +46,7 @@ router.post('apiKeys.list', pagination(), async ctx => { }; }); -router.post('apiKeys.delete', async ctx => { +router.post('apiKeys.delete', auth(), async ctx => { const { id } = ctx.body; ctx.assertPresent(id, 'id is required'); diff --git a/server/api/user.js b/server/api/user.js index e2052f13a..77fdf41af 100644 --- a/server/api/user.js +++ b/server/api/user.js @@ -7,13 +7,12 @@ import auth from './middlewares/authentication'; import { presentUser } from '../presenters'; const router = new Router(); -router.use(auth()); -router.post('user.info', async ctx => { +router.post('user.info', auth(), async ctx => { ctx.body = { data: await presentUser(ctx, ctx.state.user) }; }); -router.post('user.update', async ctx => { +router.post('user.update', auth(), async ctx => { const { user } = ctx.state; const { name, avatarUrl } = ctx.body; const endpoint = publicS3Endpoint(); @@ -29,7 +28,7 @@ router.post('user.update', async ctx => { ctx.body = { data: await presentUser(ctx, user) }; }); -router.post('user.s3Upload', async ctx => { +router.post('user.s3Upload', auth(), async ctx => { const { filename, kind, size } = ctx.body; ctx.assertPresent(filename, 'filename is required'); ctx.assertPresent(kind, 'kind is required'); diff --git a/server/api/views.js b/server/api/views.js index e26e3ec71..84a26b212 100644 --- a/server/api/views.js +++ b/server/api/views.js @@ -6,9 +6,8 @@ import { presentView } from '../presenters'; import { View, Document } from '../models'; const router = new Router(); -router.use(auth()); -router.post('views.list', async ctx => { +router.post('views.list', auth(), async ctx => { const { id } = ctx.body; ctx.assertPresent(id, 'id is required'); @@ -37,7 +36,7 @@ router.post('views.list', async ctx => { }; }); -router.post('views.create', async ctx => { +router.post('views.create', auth(), async ctx => { const { id } = ctx.body; ctx.assertPresent(id, 'id is required'); From bcbca3cf418b5b6fa7c8b91cbd867162546a6274 Mon Sep 17 00:00:00 2001 From: Jori Lallo Date: Mon, 15 Jan 2018 14:07:29 -0800 Subject: [PATCH 2/2] Added a simple test for unfurl enpoint --- server/api/hooks.test.js | 49 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) create mode 100644 server/api/hooks.test.js diff --git a/server/api/hooks.test.js b/server/api/hooks.test.js new file mode 100644 index 000000000..05263354e --- /dev/null +++ b/server/api/hooks.test.js @@ -0,0 +1,49 @@ +/* eslint-disable flowtype/require-valid-file-annotation */ +import TestServer from 'fetch-test-server'; +import app from '..'; +import Authentication from '../models/Authentication'; +import { flushdb, seed } from '../test/support'; +import * as Slack from '../slack'; + +const server = new TestServer(app.callback()); + +beforeEach(flushdb); +afterAll(server.close); + +jest.mock('../slack', () => ({ + post: jest.fn(), +})); + +describe('#hooks.unfurl', async () => { + it('should return documents', async () => { + const { user, document } = await seed(); + await Authentication.create({ + serviceId: 'slack', + userId: user.id, + teamId: user.teamId, + token: '', + }); + + const res = await server.post('/api/hooks.unfurl', { + body: { + token: process.env.SLACK_VERIFICATION_TOKEN, + team_id: 'TXXXXXXXX', + api_app_id: 'AXXXXXXXXX', + event: { + type: 'link_shared', + channel: 'Cxxxxxx', + user: user.slackId, + message_ts: '123456789.9875', + links: [ + { + domain: 'getoutline.com', + url: document.getUrl(), + }, + ], + }, + }, + }); + expect(res.status).toEqual(200); + expect(Slack.post).toHaveBeenCalled(); + }); +});