diff --git a/test/api/v3/integration/groups/GET-groups.test.js b/test/api/v3/integration/groups/GET-groups.test.js index 10821a7dcb..c0feea5851 100644 --- a/test/api/v3/integration/groups/GET-groups.test.js +++ b/test/api/v3/integration/groups/GET-groups.test.js @@ -201,8 +201,8 @@ describe('GET /groups', () => { await expect(user.get('/groups?type=publicGuilds&paginate=true&page=1')) .to.eventually.have.a.lengthOf(GUILD_PER_PAGE); let page2 = await expect(user.get('/groups?type=publicGuilds&paginate=true&page=2')) - .to.eventually.have.a.lengthOf(1 + 3); // 1 created now, 3 by other tests - expect(page2[3].name).to.equal('guild with less members'); + .to.eventually.have.a.lengthOf(1 + 4); // 1 created now, 4 by other tests + expect(page2[4].name).to.equal('guild with less members'); }); }); @@ -220,4 +220,18 @@ describe('GET /groups', () => { await expect(user.get('/groups?type=privateGuilds,publicGuilds,party,tavern')) .to.eventually.have.lengthOf(NUMBER_OF_GROUPS_USER_CAN_VIEW); }); + + it('returns a list of groups user has access to', async () => { + let group = await generateGroup(user, { + name: 'c++ coders', + type: 'guild', + privacy: 'public', + }); + + // search for 'c++ coders' + await expect(user.get('/groups?type=publicGuilds&paginate=true&page=0&search=c%2B%2B+coders')) + .to.eventually.have.lengthOf(1) + .and.to.have.nested.property('[0]') + .and.to.have.property('_id', group._id); + }); }); diff --git a/website/server/controllers/api-v3/groups.js b/website/server/controllers/api-v3/groups.js index 64a5591c38..d3f135dcf8 100644 --- a/website/server/controllers/api-v3/groups.js +++ b/website/server/controllers/api-v3/groups.js @@ -336,7 +336,7 @@ api.getGroups = { if (req.query.search) { filters.$or = []; - const searchWords = req.query.search.split(' ').join('|'); + const searchWords = _.escapeRegExp(req.query.search).split(' ').join('|'); const searchQuery = { $regex: new RegExp(`${searchWords}`, 'i') }; filters.$or.push({name: searchQuery}); filters.$or.push({description: searchQuery});