Start adding apub security checks.

This commit is contained in:
Dessalines 2020-08-06 14:30:01 -04:00
parent cc2c7db9fe
commit 7bb546c7c2

View file

@ -16,6 +16,9 @@ import {
getMentions, getMentions,
searchPost, searchPost,
unfollowRemotes, unfollowRemotes,
createCommunity,
registerUser,
API,
} from './shared'; } from './shared';
import { PostResponse } from '../interfaces'; import { PostResponse } from '../interfaces';
@ -104,29 +107,49 @@ test('Delete a comment', async () => {
test('Remove a comment', async () => { test('Remove a comment', async () => {
let commentRes = await createComment(alpha, postRes.post.id); let commentRes = await createComment(alpha, postRes.post.id);
let removeCommentRes = await removeComment(
alpha, // Get the id for beta
true, let betaCommentId = (await searchComment(beta, commentRes.comment))
commentRes.comment.id .comments[0].id;
);
// The beta admin removes it (the community lives on beta)
let removeCommentRes = await removeComment(beta, true, betaCommentId);
expect(removeCommentRes.comment.removed).toBe(true); expect(removeCommentRes.comment.removed).toBe(true);
// Make sure that comment is removed on beta // Make sure that comment is removed on alpha (it gets pushed since an admin from beta removed it)
let searchBeta = await searchComment(beta, commentRes.comment); let refetchedPost = await getPost(alpha, postRes.post.id);
let betaComment = searchBeta.comments[0]; expect(refetchedPost.comments[0].removed).toBe(true);
expect(betaComment.removed).toBe(true);
let unremoveCommentRes = await removeComment( let unremoveCommentRes = await removeComment(beta, false, betaCommentId);
alpha,
false,
commentRes.comment.id
);
expect(unremoveCommentRes.comment.removed).toBe(false); expect(unremoveCommentRes.comment.removed).toBe(false);
// Make sure that comment is unremoved on beta // Make sure that comment is unremoved on beta
let searchBeta2 = await searchComment(beta, commentRes.comment); let refetchedPost2 = await getPost(alpha, postRes.post.id);
let betaComment2 = searchBeta2.comments[0]; expect(refetchedPost2.comments[0].removed).toBe(false);
expect(betaComment2.removed).toBe(false); });
test('Remove a comment from an admin on a different instance, make sure its not removed on the original', async () => {
let alphaUser = await registerUser(alpha);
let newAlphaApi: API = {
url: alpha.url,
auth: alphaUser.jwt,
};
// New alpha user creates a community, post, and comment.
let newCommunity = await createCommunity(newAlphaApi);
let newPost = await createPost(newAlphaApi, newCommunity.community.id);
let commentRes = await createComment(newAlphaApi, newPost.post.id);
expect(commentRes.comment.content).toBeDefined();
// Beta searches that to cache it, then removes it
let searchBeta = await searchComment(beta, commentRes.comment);
let betaComment = searchBeta.comments[0];
let removeCommentRes = await removeComment(beta, true, betaComment.id);
expect(removeCommentRes.comment.removed).toBe(true);
// Make sure its not removed on alpha
let refetchedPost = await getPost(newAlphaApi, newPost.post.id);
expect(refetchedPost.comments[0].removed).toBe(false);
}); });
test('Unlike a comment', async () => { test('Unlike a comment', async () => {