From b8b0a5ea18e288616a11110158a544edd22569e8 Mon Sep 17 00:00:00 2001 From: Naz Gargol Date: Wed, 11 Sep 2019 11:28:55 +0200 Subject: [PATCH] =?UTF-8?q?=F0=9F=92=A1Migrated=20session=20controllers=20?= =?UTF-8?q?for=20compatibility=20with=20"frame"=20(#11101)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit no issue - Session controllers were using API v1 http method which bypassed "frame" introduced with API v2. - Changes here are just a long-awaited cleanup to allow completely remove v0.1 code --- core/server/api/canary/session.js | 8 +++++--- core/server/api/v2/session.js | 8 +++++--- core/server/web/api/canary/admin/routes.js | 6 +++--- core/server/web/api/v2/admin/routes.js | 6 +++--- core/test/unit/api/canary/session_spec.js | 14 ++++++++------ core/test/unit/api/v2/session_spec.js | 14 ++++++++------ core/test/unit/api/v3/session_spec.js | 18 ++++++++++-------- core/test/utils/api.js | 2 +- 8 files changed, 43 insertions(+), 33 deletions(-) diff --git a/core/server/api/canary/session.js b/core/server/api/canary/session.js index 63b0405d7f..f57ee94167 100644 --- a/core/server/api/canary/session.js +++ b/core/server/api/canary/session.js @@ -4,16 +4,18 @@ const models = require('../../models'); const auth = require('../../services/auth'); const session = { - read(options) { + read(frame) { /* * TODO * Don't query db for user, when new api http wrapper is in we can * have direct access to req.user, we can also get access to some session * inofrmation too and send it back */ - return models.User.findOne({id: options.context.user}); + return models.User.findOne({id: frame.options.context.user}); }, - add(object) { + add(frame) { + const object = frame.data; + if (!object || !object.username || !object.password) { return Promise.reject(new common.errors.UnauthorizedError({ message: common.i18n.t('errors.middleware.auth.accessDenied') diff --git a/core/server/api/v2/session.js b/core/server/api/v2/session.js index 63b0405d7f..f57ee94167 100644 --- a/core/server/api/v2/session.js +++ b/core/server/api/v2/session.js @@ -4,16 +4,18 @@ const models = require('../../models'); const auth = require('../../services/auth'); const session = { - read(options) { + read(frame) { /* * TODO * Don't query db for user, when new api http wrapper is in we can * have direct access to req.user, we can also get access to some session * inofrmation too and send it back */ - return models.User.findOne({id: options.context.user}); + return models.User.findOne({id: frame.options.context.user}); }, - add(object) { + add(frame) { + const object = frame.data; + if (!object || !object.username || !object.password) { return Promise.reject(new common.errors.UnauthorizedError({ message: common.i18n.t('errors.middleware.auth.accessDenied') diff --git a/core/server/web/api/canary/admin/routes.js b/core/server/web/api/canary/admin/routes.js index 7b109a1fe8..dfdfd4aa5d 100644 --- a/core/server/web/api/canary/admin/routes.js +++ b/core/server/web/api/canary/admin/routes.js @@ -167,14 +167,14 @@ module.exports = function apiRoutes() { router.post('/slack/test', mw.authAdminApi, http(apiCanary.slack.sendTest)); // ## Sessions - router.get('/session', mw.authAdminApi, api.http(apiCanary.session.read)); + router.get('/session', mw.authAdminApi, http(apiCanary.session.read)); // We don't need auth when creating a new session (logging in) router.post('/session', shared.middlewares.brute.globalBlock, shared.middlewares.brute.userLogin, - api.http(apiCanary.session.add) + http(apiCanary.session.add) ); - router.del('/session', mw.authAdminApi, api.http(apiCanary.session.delete)); + router.del('/session', mw.authAdminApi, http(apiCanary.session.delete)); // ## Authentication router.post('/authentication/passwordreset', diff --git a/core/server/web/api/v2/admin/routes.js b/core/server/web/api/v2/admin/routes.js index b2a18eeec7..1e12be0184 100644 --- a/core/server/web/api/v2/admin/routes.js +++ b/core/server/web/api/v2/admin/routes.js @@ -167,14 +167,14 @@ module.exports = function apiRoutes() { router.post('/slack/test', mw.authAdminApi, http(apiv2.slack.sendTest)); // ## Sessions - router.get('/session', mw.authAdminApi, api.http(apiv2.session.read)); + router.get('/session', mw.authAdminApi, http(apiv2.session.read)); // We don't need auth when creating a new session (logging in) router.post('/session', shared.middlewares.brute.globalBlock, shared.middlewares.brute.userLogin, - api.http(apiv2.session.add) + http(apiv2.session.add) ); - router.del('/session', mw.authAdminApi, api.http(apiv2.session.delete)); + router.del('/session', mw.authAdminApi, http(apiv2.session.delete)); // ## Authentication router.post('/authentication/passwordreset', diff --git a/core/test/unit/api/canary/session_spec.js b/core/test/unit/api/canary/session_spec.js index 2eb6e9552d..dc1624f57c 100644 --- a/core/test/unit/api/canary/session_spec.js +++ b/core/test/unit/api/canary/session_spec.js @@ -60,10 +60,10 @@ describe('Session controller', function () { const createSessionStub = sinon.stub(sessionServiceMiddleware, 'createSession'); - return sessionController.add({ + return sessionController.add({data: { username: 'freddy@vodafone.com', password: 'qu33nRul35' - }, {}).then((fn) => { + }}).then((fn) => { fn(fakeReq, fakeRes, fakeNext); }).then(function () { should.equal(fakeReq.brute.reset.callCount, 1); @@ -91,10 +91,10 @@ describe('Session controller', function () { const createSessionStub = sinon.stub(sessionServiceMiddleware, 'createSession'); - return sessionController.add({ + return sessionController.add({data: { username: 'freddy@vodafone.com', password: 'qu33nRul35' - }, {}).then((fn) => { + }}).then((fn) => { fn(fakeReq, fakeRes, fakeNext); }).then(function () { should.equal(fakeReq.brute.reset.callCount, 1); @@ -129,8 +129,10 @@ describe('Session controller', function () { .returns(findOneReturnVal); const result = sessionController.read({ - context: { - user: 108 + options: { + context: { + user: 108 + } } }); should.equal(result, findOneReturnVal); diff --git a/core/test/unit/api/v2/session_spec.js b/core/test/unit/api/v2/session_spec.js index 88ad14c926..df2eb4f156 100644 --- a/core/test/unit/api/v2/session_spec.js +++ b/core/test/unit/api/v2/session_spec.js @@ -60,10 +60,10 @@ describe('Session controller', function () { const createSessionStub = sinon.stub(sessionServiceMiddleware, 'createSession'); - return sessionController.add({ + return sessionController.add({data: { username: 'freddy@vodafone.com', password: 'qu33nRul35' - }, {}).then((fn) => { + }}).then((fn) => { fn(fakeReq, fakeRes, fakeNext); }).then(function () { should.equal(fakeReq.brute.reset.callCount, 1); @@ -91,10 +91,10 @@ describe('Session controller', function () { const createSessionStub = sinon.stub(sessionServiceMiddleware, 'createSession'); - return sessionController.add({ + return sessionController.add({data: { username: 'freddy@vodafone.com', password: 'qu33nRul35' - }, {}).then((fn) => { + }}).then((fn) => { fn(fakeReq, fakeRes, fakeNext); }).then(function () { should.equal(fakeReq.brute.reset.callCount, 1); @@ -129,8 +129,10 @@ describe('Session controller', function () { .returns(findOneReturnVal); const result = sessionController.read({ - context: { - user: 108 + options: { + context: { + user: 108 + } } }); should.equal(result, findOneReturnVal); diff --git a/core/test/unit/api/v3/session_spec.js b/core/test/unit/api/v3/session_spec.js index 2eb6e9552d..b338b12c94 100644 --- a/core/test/unit/api/v3/session_spec.js +++ b/core/test/unit/api/v3/session_spec.js @@ -36,10 +36,10 @@ describe('Session controller', function () { const userCheckStub = sinon.stub(models.User, 'check') .rejects(new Error()); - return sessionController.add({ + return sessionController.add({data: { username: 'freddy@vodafone.com', password: 'qu33nRul35' - }, {}).then(() => { + }}).then(() => { should.fail('session.add did not throw'); },(err) => { should.equal(err instanceof UnauthorizedError, true); @@ -60,10 +60,10 @@ describe('Session controller', function () { const createSessionStub = sinon.stub(sessionServiceMiddleware, 'createSession'); - return sessionController.add({ + return sessionController.add({data: { username: 'freddy@vodafone.com', password: 'qu33nRul35' - }, {}).then((fn) => { + }}).then((fn) => { fn(fakeReq, fakeRes, fakeNext); }).then(function () { should.equal(fakeReq.brute.reset.callCount, 1); @@ -91,10 +91,10 @@ describe('Session controller', function () { const createSessionStub = sinon.stub(sessionServiceMiddleware, 'createSession'); - return sessionController.add({ + return sessionController.add({data: { username: 'freddy@vodafone.com', password: 'qu33nRul35' - }, {}).then((fn) => { + }}).then((fn) => { fn(fakeReq, fakeRes, fakeNext); }).then(function () { should.equal(fakeReq.brute.reset.callCount, 1); @@ -129,8 +129,10 @@ describe('Session controller', function () { .returns(findOneReturnVal); const result = sessionController.read({ - context: { - user: 108 + options: { + context: { + user: 108 + } } }); should.equal(result, findOneReturnVal); diff --git a/core/test/utils/api.js b/core/test/utils/api.js index d9868c5bb4..50ed51496f 100644 --- a/core/test/utils/api.js +++ b/core/test/utils/api.js @@ -106,7 +106,7 @@ const login = (request, API_URL) => { })); } - resolve(res.headers['set-cookie'] || res.body.access_token); + resolve(res.headers['set-cookie']); }, reject); }); };