yuuza/outline
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
0c51bfb8998a08e5565a9e9cd5c4f19a3fcd0df6
outline/server/routes/api/attachments.test.ts
Apoorv Mishra 0c51bfb899 perf: reduce memory usage upon running server tests (#3949) 
* perf: reduce memory usage upon running server tests

* perf: plug leaks in server/routes

* perf: plug leaks in server/scripts

* perf: plug leaks in server/policies

* perf: plug leaks in server/models

* perf: plug leaks in server/middlewares

* perf: plug leaks in server/commands

* fix: missing await on db.flush

* perf: plug leaks in server/queues

* chore: remove unused legacy funcs

* fix: await on db.flush

* perf: await on GC to run in between tests

* fix: remove db refs

* fix: revert embeds

* perf: plug leaks in shared/i18n
2022-08-11 21:39:17 +05:30

269 lines
7.6 KiB
TypeScript
Raw Blame History

import Attachment from "@server/models/Attachment";
import {
buildUser,
buildAdmin,
buildCollection,
buildAttachment,
buildDocument,
} from "@server/test/factories";
import { getTestDatabase, getTestServer } from "@server/test/support";
jest.mock("@server/utils/s3");
const db = getTestDatabase();
const server = getTestServer();
afterAll(server.disconnect);
beforeEach(db.flush);
describe("#attachments.create", () => {
it("should require authentication", async () => {
const res = await server.post("/api/attachments.create");
expect(res.status).toEqual(401);
});
it("should allow simple image upload for public attachments", async () => {
const user = await buildUser();
const res = await server.post("/api/attachments.create", {
body: {
name: "test.png",
contentType: "image/png",
size: 1000,
public: true,
token: user.getJwtToken(),
},
});
expect(res.status).toEqual(200);
});
it("should not allow file upload for public attachments", async () => {
const user = await buildUser();
const res = await server.post("/api/attachments.create", {
body: {
name: "test.pdf",
contentType: "application/pdf",
size: 1000,
public: true,
token: user.getJwtToken(),
},
});
expect(res.status).toEqual(400);
});
});
describe("#attachments.delete", () => {
it("should require authentication", async () => {
const res = await server.post("/api/attachments.delete");
expect(res.status).toEqual(401);
});
it("should allow deleting an attachment belonging to a document user has access to", async () => {
const user = await buildUser();
const attachment = await buildAttachment({
teamId: user.teamId,
userId: user.id,
});
const res = await server.post("/api/attachments.delete", {
body: {
token: user.getJwtToken(),
id: attachment.id,
},
});
expect(res.status).toEqual(200);
expect(await Attachment.count()).toEqual(0);
});
it("should allow deleting an attachment without a document created by user", async () => {
const user = await buildUser();
const attachment = await buildAttachment({
teamId: user.teamId,
userId: user.id,
});
attachment.documentId = null;
await attachment.save();
const res = await server.post("/api/attachments.delete", {
body: {
token: user.getJwtToken(),
id: attachment.id,
},
});
expect(res.status).toEqual(200);
expect(await Attachment.count()).toEqual(0);
});
it("should allow deleting an attachment without a document if admin", async () => {
const user = await buildAdmin();
const attachment = await buildAttachment({
teamId: user.teamId,
});
attachment.documentId = null;
await attachment.save();
const res = await server.post("/api/attachments.delete", {
body: {
token: user.getJwtToken(),
id: attachment.id,
},
});
expect(res.status).toEqual(200);
expect(await Attachment.count()).toEqual(0);
});
it("should not allow deleting an attachment in another team", async () => {
const user = await buildAdmin();
const attachment = await buildAttachment();
attachment.documentId = null;
await attachment.save();
const res = await server.post("/api/attachments.delete", {
body: {
token: user.getJwtToken(),
id: attachment.id,
},
});
expect(res.status).toEqual(403);
});
it("should not allow deleting an attachment without a document", async () => {
const user = await buildUser();
const attachment = await buildAttachment({
teamId: user.teamId,
});
attachment.documentId = null;
await attachment.save();
const res = await server.post("/api/attachments.delete", {
body: {
token: user.getJwtToken(),
id: attachment.id,
},
});
expect(res.status).toEqual(403);
});
it("should not allow deleting an attachment belonging to a document user does not have access to", async () => {
const user = await buildUser();
const collection = await buildCollection({
permission: null,
});
const document = await buildDocument({
teamId: collection.teamId,
userId: collection.createdById,
collectionId: collection.id,
});
const attachment = await buildAttachment({
teamId: document.teamId,
userId: document.createdById,
documentId: document.id,
acl: "private",
});
const res = await server.post("/api/attachments.delete", {
body: {
token: user.getJwtToken(),
id: attachment.id,
},
});
expect(res.status).toEqual(403);
});
});
describe("#attachments.redirect", () => {
it("should require authentication", async () => {
const res = await server.post("/api/attachments.redirect");
expect(res.status).toEqual(401);
});
it("should return a redirect for an attachment belonging to a document user has access to", async () => {
const user = await buildUser();
const attachment = await buildAttachment({
teamId: user.teamId,
userId: user.id,
});
const res = await server.post("/api/attachments.redirect", {
body: {
token: user.getJwtToken(),
id: attachment.id,
},
redirect: "manual",
});
expect(res.status).toEqual(302);
});
it("should return a redirect for an attachment belonging to a trashed document user has access to", async () => {
const user = await buildUser();
const collection = await buildCollection({
teamId: user.teamId,
userId: user.id,
});
const document = await buildDocument({
teamId: user.teamId,
userId: user.id,
collectionId: collection.id,
deletedAt: new Date(),
});
const attachment = await buildAttachment({
documentId: document.id,
teamId: user.teamId,
userId: user.id,
});
const res = await server.post("/api/attachments.redirect", {
body: {
token: user.getJwtToken(),
id: attachment.id,
},
redirect: "manual",
});
expect(res.status).toEqual(302);
});
it("should always return a redirect for a public attachment", async () => {
const user = await buildUser();
const collection = await buildCollection({
teamId: user.teamId,
userId: user.id,
permission: null,
});
const document = await buildDocument({
teamId: user.teamId,
userId: user.id,
collectionId: collection.id,
});
const attachment = await buildAttachment({
teamId: user.teamId,
userId: user.id,
documentId: document.id,
});
const res = await server.post("/api/attachments.redirect", {
body: {
token: user.getJwtToken(),
id: attachment.id,
},
redirect: "manual",
});
expect(res.status).toEqual(302);
});
it("should not return a redirect for a private attachment belonging to a document user does not have access to", async () => {
const user = await buildUser();
const collection = await buildCollection({
permission: null,
});
const document = await buildDocument({
teamId: collection.teamId,
userId: collection.createdById,
collectionId: collection.id,
});
const attachment = await buildAttachment({
teamId: document.teamId,
userId: document.createdById,
documentId: document.id,
acl: "private",
});
const res = await server.post("/api/attachments.redirect", {
body: {
token: user.getJwtToken(),
id: attachment.id,
},
});
expect(res.status).toEqual(403);
});
});
Reference in New Issue View Git Blame Copy Permalink