krikkert/habitica
1
0
Fork 0
mirror of https://github.com/HabitRPG/habitica.git synced 2025-12-16 22:27:26 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix(chat): validate group membership, by @phillipthelen

Browse Source
This commit is contained in:
Sabe Jones
2024-06-11 13:14:47 -05:00
parent 758b6138c2
commit 5719e5e996
6 changed files with 68 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
test/api/v3/integration/chat/POST-chat.flag.test.js
View File

@@ -223,4 +223,23 @@ describe('POST /chat/:chatId/flag', () => {
expect(auMessageToCheck).to.not.exist;
});
it('validates that the message belongs to the passed group', async () => {
const { group: anotherGroup, groupLeader: anotherLeader } = await createAndPopulateGroup({
groupDetails: {
name: 'Another Guild',
type: 'guild',
privacy: 'private',
},
upgradeToGroupPlan: true,
});
const message = await anotherUser.post(`/groups/${group._id}/chat`, { message: TEST_MESSAGE });
await expect(anotherLeader.post(`/groups/${anotherGroup._id}/chat/${message.message.id}/flag`))
.to.eventually.be.rejected.and.eql({
code: 404,
error: 'NotFound',
message: t('messageGroupChatNotFound'),
});
});
});

32
test/api/v3/integration/chat/POST-chat.like.test.js
View File

@@ -1,5 +1,6 @@
import { find } from 'lodash';
import {
generateUser,
createAndPopulateGroup,
translate as t,
} from '../../../../helpers/api-integration/v3';
@@ -79,4 +80,35 @@ describe('POST /chat/:chatId/like', () => {
const messageToCheck = find(groupWithoutChatLikes.chat, { id: message.message.id });
expect(messageToCheck.likes[user._id]).to.equal(false);
});
it('validates that the message belongs to the passed group', async () => {
const { group: anotherGroup, groupLeader: anotherLeader } = await createAndPopulateGroup({
groupDetails: {
name: 'Another Guild',
type: 'guild',
privacy: 'private',
},
upgradeToGroupPlan: true,
});
const message = await anotherUser.post(`/groups/${groupWithChat._id}/chat`, { message: testMessage });
await expect(anotherLeader.post(`/groups/${anotherGroup._id}/chat/${message.message.id}/like`))
.to.eventually.be.rejected.and.eql({
code: 404,
error: 'NotFound',
message: t('messageGroupChatNotFound'),
});
});
it('does not like a message if the user is not in the group', async () => {
const thirdUser = await generateUser();
const message = await user.post(`/groups/${groupWithChat._id}/chat`, { message: testMessage });
await expect(thirdUser.post(`/groups/${groupWithChat._id}/chat/${message.message.id}/like`))
.to.eventually.be.rejected.and.eql({
code: 404,
error: 'NotFound',
message: t('groupNotFound'),
});
});
});