From 0d33793908e022347419d4f2e10e6e1edf31ce76 Mon Sep 17 00:00:00 2001
From: pcworld <0188801@gmail.com>
Date: Sun, 11 Apr 2021 04:00:14 +0200
Subject: [PATCH] tests: readonly pastes must be readable+exportable with
 authentication

readonly paste links should be readable even if authentication is turned
on, as long as the user provides valid login data.
This test currently fails.

Also test that readonly paste IDs can be exported under the same
condition, which currently succeeds.
---
 .../backend/specs/api/importexportGetPost.js  | 34 ++++++++++---------
 src/tests/backend/specs/socketio.js           | 28 +++++++++++++++
 2 files changed, 46 insertions(+), 16 deletions(-)

diff --git a/src/tests/backend/specs/api/importexportGetPost.js b/src/tests/backend/specs/api/importexportGetPost.js
index 9261aafa..a68ba401 100644
--- a/src/tests/backend/specs/api/importexportGetPost.js
+++ b/src/tests/backend/specs/api/importexportGetPost.js
@@ -109,22 +109,24 @@ describe(__filename, function () {
           .expect((res) => assert.equal(res.body.data.text, padText.toString()));
     });
 
-    it('gets read only pad Id and exports the html and text for this pad', async function () {
-      this.timeout(250);
-      const ro = await agent.get(`${endPoint('getReadOnlyID')}&padID=${testPadId}`)
-          .expect(200)
-          .expect((res) => assert.ok(JSON.parse(res.text).data.readOnlyID));
-      const readOnlyId = JSON.parse(ro.text).data.readOnlyID;
-
-      await agent.get(`/p/${readOnlyId}/export/html`)
-          .expect(200)
-          .expect((res) => assert(res.text.indexOf('This is the') !== -1));
-
-      await agent.get(`/p/${readOnlyId}/export/txt`)
-          .expect(200)
-          .expect((res) => assert(res.text.indexOf('This is the') !== -1));
-    });
-
+    for (const authn of [false, true]) {
+      it(`can export from read-only pad ID, authn ${authn}`, async function () {
+        this.timeout(250);
+        settings.requireAuthentication = authn;
+        const get = (ep) => {
+          let req = agent.get(ep);
+          if (authn) req = req.auth('user', 'user-password');
+          return req.expect(200);
+        };
+        const ro = await get(`${endPoint('getReadOnlyID')}&padID=${testPadId}`)
+            .expect((res) => assert.ok(JSON.parse(res.text).data.readOnlyID));
+        const readOnlyId = JSON.parse(ro.text).data.readOnlyID;
+        await get(`/p/${readOnlyId}/export/html`)
+            .expect((res) => assert(res.text.indexOf('This is the') !== -1));
+        await get(`/p/${readOnlyId}/export/txt`)
+            .expect((res) => assert(res.text.indexOf('This is the') !== -1));
+      });
+    }
 
     describe('Import/Export tests requiring AbiWord/LibreOffice', function () {
       this.timeout(10000);
diff --git a/src/tests/backend/specs/socketio.js b/src/tests/backend/specs/socketio.js
index 9899856e..e19250e9 100644
--- a/src/tests/backend/specs/socketio.js
+++ b/src/tests/backend/specs/socketio.js
@@ -5,6 +5,7 @@ const common = require('../common');
 const io = require('socket.io-client');
 const padManager = require('../../../node/db/PadManager');
 const plugins = require('../../../static/js/pluginfw/plugin_defs');
+const readOnlyManager = require('../../../node/db/ReadOnlyManager');
 const setCookieParser = require('set-cookie-parser');
 const settings = require('../../../node/utils/Settings');
 
@@ -168,6 +169,33 @@ describe(__filename, function () {
       const clientVars = await handshake(socket, 'pad');
       assert.equal(clientVars.type, 'CLIENT_VARS');
     });
+
+    for (const authn of [false, true]) {
+      const desc = authn ? 'authn user' : '!authn anonymous';
+      it(`${desc} read-only /p/pad -> 200, ok`, async function () {
+        this.timeout(400);
+        const get = (ep) => {
+          let res = agent.get(ep);
+          if (authn) res = res.auth('user', 'user-password');
+          return res.expect(200);
+        };
+        settings.requireAuthentication = authn;
+        let res = await get('/p/pad');
+        socket = await connect(res);
+        let clientVars = await handshake(socket, 'pad');
+        assert.equal(clientVars.type, 'CLIENT_VARS');
+        assert.equal(clientVars.data.readonly, false);
+        const readOnlyId = clientVars.data.readOnlyId;
+        assert(readOnlyManager.isReadOnlyId(readOnlyId));
+        socket.close();
+        res = await get(`/p/${readOnlyId}`);
+        socket = await connect(res);
+        clientVars = await handshake(socket, readOnlyId);
+        assert.equal(clientVars.type, 'CLIENT_VARS');
+        assert.equal(clientVars.data.readonly, true);
+      });
+    }
+
     it('authz user /p/pad -> 200, ok', async function () {
       this.timeout(400);
       settings.requireAuthentication = true;