-
Notifications
You must be signed in to change notification settings - Fork 42
/
Copy pathbasic.js
115 lines (103 loc) · 2.68 KB
/
basic.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
// HACK: Prevent Oasis from opening the web browser.
process.argv.push("--no-open", "--offline");
process.env.OASIS_TEST = true;
const app = require("../src");
const supertest = require("supertest");
const tap = require("tap");
// TODO: Generate programmatically?
const paths = [
"/inbox",
"/mentions",
"/profile",
"/profile?gt=0",
"/profile?lt=100",
"/profile/edit",
"/public/latest",
"/public/latest/extended",
"/public/latest/summaries",
"/public/latest/threads",
"/public/latest/topics",
"/public/popular/day",
"/public/popular/week",
"/publish",
"/publish/custom",
"/search",
"/search?query=foo",
"/settings",
"/settings/readme",
];
tap.setTimeout(0);
tap.test("edit profile", (t) => {
supertest(app)
.post("/profile/edit")
.field("name", "allison-wonderland")
.field("description", "example description **published**")
.attach("image", __filename)
.set("Referer", "http://localhost:3000/")
.set("Host", "localhost")
.expect(302)
.end(t.end);
});
tap.test("preview", (t) => {
supertest(app)
.post("/publish/preview")
.field("text", "example message **previewed**")
.field("contentWarning", "")
.set("Referer", "http://localhost:3000/")
.set("Host", "localhost")
.expect(200)
.expect(({ text }) =>
text.includes("example message <strong>previewed</strong>")
)
.end(t.end);
});
tap.test("publish", (t) => {
supertest(app)
.post("/publish")
.field("text", "example message **published**")
.set("Referer", "http://localhost:3000/")
.set("Host", "localhost")
.expect(302)
.end(t.end);
});
tap.test("profile", (t) => {
supertest(app)
.get("/profile")
.set("Host", "localhost")
.expect(200)
.expect(({ text }) => text.includes("allison-wonderland"))
.expect(({ text }) =>
text.includes("example description <strong>published</strong>")
)
.expect(({ text }) =>
text.includes("example message <strong>published</strong>")
)
.end(t.end);
});
tap.test("DNS rebind attack fails", (t) => {
supertest(app)
.get("/inbox")
.set("Host", "example.com")
.expect(400)
.end(t.end);
});
tap.test("CSRF attack should fail with no referer", (t) => {
supertest(app).post("/conn/settings/stop").expect(400).end(t.end);
});
tap.test("CSRF attack should fail with wrong referer", (t) => {
supertest(app)
.post("/conn/settings/stop")
.set("Host", "example.com")
.expect(400)
.end(t.end);
});
paths.forEach((path) => {
tap.test(path, (t) => {
supertest(app).get(path).set("Host", "localhost").expect(200).end(t.end);
});
});
// HACK: This closes the database.
tap.teardown(() => {
app.close();
app._close();
});