frodovdr
/
node-red
mirror of https://github.com/node-red/node-red.git
1
0
Fork 0
Code Issues Releases Wiki Activity
node-red/test/unit/@node-red/runtime/lib/api/library_spec.js

540 lines
19 KiB
JavaScript
Raw Normal View History

Initial projects implementation
2017-09-20 11:30:07 +02:00
/**
* Copyright JS Foundation and other contributors, http://js.foundation
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
Increase test coverage
2018-04-24 23:13:35 +02:00
var should = require("should");
var sinon = require("sinon");
Fixup all the tests
2018-08-20 17:17:24 +02:00
var NR_TEST_UTILS = require("nr-test-utils");
var library = NR_TEST_UTILS.require("@node-red/runtime/lib/api/library")
Increase test coverage
2018-04-24 23:13:35 +02:00
var mockLog = {
log: sinon.stub(),
debug: sinon.stub(),
trace: sinon.stub(),
warn: sinon.stub(),
info: sinon.stub(),
metric: sinon.stub(),
audit: sinon.stub(),
_: function() { return "abc"}
}
Start bringing the tests back from the brink
2018-04-23 13:35:21 +02:00
describe("runtime-api/library", function() {
Increase test coverage
2018-04-24 23:13:35 +02:00
describe("getEntry", function() {
before(function() {
library.init({
log: mockLog,
library: {
getEntry: function(type,path) {
if (type === "known") {
return Promise.resolve("known");
} else if (type === "forbidden") {
var err = new Error("forbidden");
err.code = "forbidden";
var p = Promise.reject(err);
p.catch(()=>{});
return p;
} else if (type === "not_found") {
var err = new Error("forbidden");
err.code = "not_found";
var p = Promise.reject(err);
p.catch(()=>{});
return p;
} else if (type === "error") {
var err = new Error("error");
err.code = "unknown_error";
var p = Promise.reject(err);
p.catch(()=>{});
return p;
} else if (type === "blank") {
return Promise.reject();
}
}
}
})
})
it("returns a known entry", function(done) {
library.getEntry({type: "known", path: "/abc"}).then(function(result) {
result.should.eql("known")
done();
}).catch(done)
})
it("rejects a forbidden entry", function(done) {
library.getEntry({type: "forbidden", path: "/abc"}).then(function(result) {
done(new Error("did not reject"));
}).catch(function(err) {
err.should.have.property("code","forbidden");
err.should.have.property("status",403);
done();
}).catch(done)
})
it("rejects an unknown entry", function(done) {
library.getEntry({type: "not_found", path: "/abc"}).then(function(result) {
done(new Error("did not reject"));
}).catch(function(err) {
err.should.have.property("code","not_found");
err.should.have.property("status",404);
done();
}).catch(done)
})
it("rejects a blank (unknown) entry", function(done) {
library.getEntry({type: "blank", path: "/abc"}).then(function(result) {
done(new Error("did not reject"));
}).catch(function(err) {
err.should.have.property("code","not_found");
err.should.have.property("status",404);
done();
}).catch(done)
})
it("rejects unexpected error", function(done) {
library.getEntry({type: "error", path: "/abc"}).then(function(result) {
done(new Error("did not reject"));
}).catch(function(err) {
err.should.have.property("status",400);
done();
}).catch(done)
})
})
describe("saveEntry", function() {
var opts;
before(function() {
library.init({
log: mockLog,
library: {
saveEntry: function(type,path,meta,body) {
opts = {type,path,meta,body};
if (type === "known") {
return Promise.resolve();
} else if (type === "forbidden") {
var err = new Error("forbidden");
err.code = "forbidden";
var p = Promise.reject(err);
p.catch(()=>{});
return p;
} else if (type === "not_found") {
var err = new Error("forbidden");
err.code = "not_found";
var p = Promise.reject(err);
p.catch(()=>{});
return p;
}
}
}
})
})
it("saves an entry", function(done) {
library.saveEntry({type: "known", path: "/abc", meta: {a:1}, body:"123"}).then(function() {
opts.should.have.property("type","known");
opts.should.have.property("path","/abc");
opts.should.have.property("meta",{a:1});
opts.should.have.property("body","123");
done();
}).catch(done)
})
it("rejects a forbidden entry", function(done) {
library.saveEntry({type: "forbidden", path: "/abc", meta: {a:1}, body:"123"}).then(function() {
done(new Error("did not reject"));
}).catch(function(err) {
err.should.have.property("code","forbidden");
err.should.have.property("status",403);
done();
}).catch(done)
})
it("rejects an unknown entry", function(done) {
library.saveEntry({type: "not_found", path: "/abc", meta: {a:1}, body:"123"}).then(function() {
done(new Error("did not reject"));
}).catch(function(err) {
err.should.have.property("status",400);
done();
}).catch(done)
})
})
describe("getEntries", function() {
var opts;
before(function() {
library.init({
log: mockLog,
storage: {
getAllFlows: function() {
return Promise.resolve({a:1});
}
},
nodes: {
getNodeExampleFlows: function() {
return {b:2};
}
}
});
});
it("returns all flows", function(done) {
library.getEntries({type:"flows"}).then(function(result) {
result.should.eql({a:1,d:{_examples_:{b:2}}});
done();
}).catch(done)
});
it("fails for non-flows (currently)", function(done) {
library.getEntries({type:"functions"}).then(function(result) {
done(new Error("did not reject"));
}).catch(function(err) {
done();
}).catch(done)
})
})
Initial projects implementation
2017-09-20 11:30:07 +02:00
});
Fixup all the tests
2018-04-24 16:01:49 +02:00
/*
var should = require("should");
var sinon = require("sinon");
var fs = require("fs");
var fspath = require('path');
var request = require('supertest');
var express = require('express');
var bodyParser = require('body-parser');
var when = require('when');
var app;
var library = require("../../../../red/api/editor/library");
var auth = require("../../../../red/api/auth");
describe("api/editor/library", function() {
function initLibrary(_flows,_libraryEntries,_examples,_exampleFlowPathFunction) {
var flows = _flows;
var libraryEntries = _libraryEntries;
library.init(app,{
log:{audit:function(){},_:function(){},warn:function(){}},
storage: {
init: function() {
return when.resolve();
},
getAllFlows: function() {
return when.resolve(flows);
},
getFlow: function(fn) {
if (flows[fn]) {
return when.resolve(flows[fn]);
} else if (fn.indexOf("..")!==-1) {
var err = new Error();
err.code = 'forbidden';
return when.reject(err);
} else {
return when.reject();
}
},
saveFlow: function(fn,data) {
if (fn.indexOf("..")!==-1) {
var err = new Error();
err.code = 'forbidden';
return when.reject(err);
}
flows[fn] = data;
return when.resolve();
},
getLibraryEntry: function(type,path) {
if (path.indexOf("..")!==-1) {
var err = new Error();
err.code = 'forbidden';
return when.reject(err);
}
if (libraryEntries[type] && libraryEntries[type][path]) {
return when.resolve(libraryEntries[type][path]);
} else {
return when.reject();
}
},
saveLibraryEntry: function(type,path,meta,body) {
if (path.indexOf("..")!==-1) {
var err = new Error();
err.code = 'forbidden';
return when.reject(err);
}
libraryEntries[type][path] = body;
return when.resolve();
}
},
events: {
on: function(){},
removeListener: function(){}
},
nodes: {
getNodeExampleFlows: function() {
return _examples;
},
getNodeExampleFlowPath: _exampleFlowPathFunction
}
});
}
describe("flows", function() {
before(function() {
app = express();
app.use(bodyParser.json());
app.get("/library/flows",library.getAll);
app.post(new RegExp("/library/flows\/(.*)"),library.post);
app.get(new RegExp("/library/flows\/(.*)"),library.get);
app.response.sendFile = function (path) {
app.response.json.call(this, {sendFile: path});
};
sinon.stub(fs,"statSync",function() { return true; });
});
after(function() {
fs.statSync.restore();
});
it('returns empty result', function(done) {
initLibrary({},{flows:{}});
request(app)
.get('/library/flows')
.expect(200)
.end(function(err,res) {
if (err) {
throw err;
}
res.body.should.not.have.property('f');
res.body.should.not.have.property('d');
done();
});
});
it('returns 404 for non-existent entry', function(done) {
initLibrary({},{flows:{}});
request(app)
.get('/library/flows/foo')
.expect(404)
.end(done);
});
it('can store and retrieve item', function(done) {
initLibrary({},{flows:{}});
var flow = '[]';
request(app)
.post('/library/flows/foo')
.set('Content-Type', 'application/json')
.send(flow)
.expect(204).end(function (err, res) {
if (err) {
throw err;
}
request(app)
.get('/library/flows/foo')
.expect(200)
.end(function(err,res) {
if (err) {
throw err;
}
res.text.should.equal(flow);
done();
});
});
});
it('lists a stored item', function(done) {
initLibrary({f:["bar"]});
request(app)
.get('/library/flows')
.expect(200)
.end(function(err,res) {
if (err) {
throw err;
}
res.body.should.have.property('f');
should.deepEqual(res.body.f,['bar']);
done();
});
});
it('returns 403 for malicious get attempt', function(done) {
initLibrary({});
// without the userDir override the malicious url would be
// http://127.0.0.1:1880/library/flows/../../package to
// obtain package.json from the node-red root.
request(app)
.get('/library/flows/../../../../../package')
.expect(403)
.end(done);
});
it('returns 403 for malicious post attempt', function(done) {
initLibrary({});
// without the userDir override the malicious url would be
// http://127.0.0.1:1880/library/flows/../../package to
// obtain package.json from the node-red root.
request(app)
.post('/library/flows/../../../../../package')
.expect(403)
.end(done);
});
it('includes examples flows if set', function(done) {
var examples = {"d":{"node-module":{"f":["example-one"]}}};
initLibrary({},{},examples);
request(app)
.get('/library/flows')
.expect(200)
.end(function(err,res) {
if (err) {
throw err;
}
res.body.should.have.property('d');
res.body.d.should.have.property('_examples_');
should.deepEqual(res.body.d._examples_,examples);
done();
});
});
it('can retrieve an example flow', function(done) {
var examples = {"d":{"node-module":{"f":["example-one"]}}};
initLibrary({},{},examples,function(module,path) {
return module + ':' + path
});
request(app)
.get('/library/flows/_examples_/node-module/example-one')
.expect(200)
.end(function(err,res) {
if (err) {
throw err;
}
res.body.should.have.property('sendFile',
Resolve path when sending example file for Windows support Previously, when trying to import an example into the flow editor on Windows, the load attempt would fail with an HTTP 404 error in the browser client, with a `TypeError: path must be absolute or specify root to res.sendFile` error being written to the Node-RED log. This was due to the path being passed to the `res.sendFile` function not being fully-qualified (for example, `\Users\myuser\...\example.json`). With the changes in this commit, the path to the example file is resolved to a fully-qualified path before being passed into the `res.sendFile` call. For example, a path on Windows of `\Users\myuser\...\example.json` would be transformed to `C:\\Users\\myuser\\...\\example.json` before being passed along to the `sendFile` function. This change allows the file to be loaded and sent properly to the browser client and for the embedded flows in the example to be loaded in the flow editor.
2018-09-19 17:44:26 +02:00
fspath.resolve('node-module') + ':example-one');
Fixup all the tests
2018-04-24 16:01:49 +02:00
done();
});
});
it('can retrieve an example flow in an org scoped package', function(done) {
var examples = {"d":{"@org_scope/node_package":{"f":["example-one"]}}};
initLibrary({},{},examples,function(module,path) {
return module + ':' + path
});
request(app)
.get('/library/flows/_examples_/@org_scope/node_package/example-one')
.expect(200)
.end(function(err,res) {
if (err) {
throw err;
}
res.body.should.have.property('sendFile',
Resolve path when sending example file for Windows support Previously, when trying to import an example into the flow editor on Windows, the load attempt would fail with an HTTP 404 error in the browser client, with a `TypeError: path must be absolute or specify root to res.sendFile` error being written to the Node-RED log. This was due to the path being passed to the `res.sendFile` function not being fully-qualified (for example, `\Users\myuser\...\example.json`). With the changes in this commit, the path to the example file is resolved to a fully-qualified path before being passed into the `res.sendFile` call. For example, a path on Windows of `\Users\myuser\...\example.json` would be transformed to `C:\\Users\\myuser\\...\\example.json` before being passed along to the `sendFile` function. This change allows the file to be loaded and sent properly to the browser client and for the embedded flows in the example to be loaded in the flow editor.
2018-09-19 17:44:26 +02:00
fspath.resolve('@org_scope/node_package') +
':example-one');
Fixup all the tests
2018-04-24 16:01:49 +02:00
done();
});
});
});
describe("type", function() {
before(function() {
app = express();
app.use(bodyParser.json());
initLibrary({},{});
auth.init({settings:{}});
library.register("test");
});
it('returns empty result', function(done) {
initLibrary({},{'test':{"":[]}});
request(app)
.get('/library/test')
.expect(200)
.end(function(err,res) {
if (err) {
throw err;
}
res.body.should.not.have.property('f');
done();
});
});
it('returns 404 for non-existent entry', function(done) {
initLibrary({},{});
request(app)
.get('/library/test/foo')
.expect(404)
.end(done);
});
it('can store and retrieve item', function(done) {
initLibrary({},{'test':{}});
var flow = {text:"test content"};
request(app)
.post('/library/test/foo')
.set('Content-Type', 'application/json')
.send(flow)
.expect(204).end(function (err, res) {
if (err) {
throw err;
}
request(app)
.get('/library/test/foo')
.expect(200)
.end(function(err,res) {
if (err) {
throw err;
}
res.text.should.equal(flow.text);
done();
});
});
});
it('lists a stored item', function(done) {
initLibrary({},{'test':{'a':['abc','def']}});
request(app)
.get('/library/test/a')
.expect(200)
.end(function(err,res) {
if (err) {
throw err;
}
// This response isn't strictly accurate - but it
// verifies the api returns what storage gave it
should.deepEqual(res.body,['abc','def']);
done();
});
});
it('returns 403 for malicious access attempt', function(done) {
request(app)
.get('/library/test/../../../../../../../../../../etc/passwd')
.expect(403)
.end(done);
});
it('returns 403 for malicious access attempt', function(done) {
request(app)
.get('/library/test/..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\etc\\passwd')
.expect(403)
.end(done);
});
it('returns 403 for malicious access attempt', function(done) {
request(app)
.post('/library/test/../../../../../../../../../../etc/passwd')
.set('Content-Type', 'text/plain')
.send('root:x:0:0:root:/root:/usr/bin/tclsh')
.expect(403)
.end(done);
});
});
});
*/