codeninjasllc/codecombat
1
0
Fork 0
mirror of https://github.com/codeninjasllc/codecombat.git synced 2025-04-26 05:53:39 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Require req.user in all /db routes

Browse source
This commit is contained in:
Scott Erickson 2016-06-01 09:53:16 -07:00
parent c08d426c6b
commit ee0195ab21
8 changed files with 34 additions and 18 deletions

6
server/handlers/subscription_handler.coffee
View file

@ -433,9 +433,9 @@ class SubscriptionHandler extends Handler
productName = "#{user.get('country')}_basic_subscription"
Product.findOne({name: productName}).exec (err, product) =>
return @sendDatabaseError(res, err) if err
return @sendNotFoundError(res, 'basic_subscription product not found') if not product
return done({res: 'Database error.', code: 500}) if err
return done({res: 'basic_subscription product not found.', code: 404}) if not product
if increment
purchased = _.clone(user.get('purchased'))
purchased ?= {}

10
server/routes/index.coffee
View file

@ -1,7 +1,7 @@
mw = require '../middleware'
module.exports.setup = (app) ->
passport = require('passport')
app.post('/auth/login', passport.authenticate('local'), mw.auth.afterLogin)
app.post('/auth/login-facebook', mw.auth.loginByFacebook, mw.auth.afterLogin)
@ -14,6 +14,8 @@ module.exports.setup = (app) ->
app.get('/auth/unsubscribe', mw.auth.unsubscribe)
app.get('/auth/whoami', mw.auth.whoAmI)
app.all('/db/*', mw.auth.checkHasUser())
Achievement = require '../models/Achievement'
app.get('/db/achievement', mw.achievements.fetchByRelated, mw.rest.get(Achievement))
app.post('/db/achievement', mw.auth.checkHasPermission(['admin', 'artisan']), mw.rest.post(Achievement))
@ -28,7 +30,7 @@ module.exports.setup = (app) ->
Article = require '../models/Article'
app.get('/db/article', mw.rest.get(Article))
app.post('/db/article', mw.auth.checkHasPermission(['admin', 'artisan']), mw.rest.post(Article))
app.post('/db/article', mw.auth.checkLoggedIn(), mw.auth.checkHasPermission(['admin', 'artisan']), mw.rest.post(Article))
app.get('/db/article/names', mw.named.names(Article))
app.post('/db/article/names', mw.named.names(Article))
app.get('/db/article/:handle', mw.rest.getByHandle(Article))
@ -65,7 +67,7 @@ module.exports.setup = (app) ->
app.get('/db/classroom/:handle', mw.auth.checkLoggedIn()) # TODO: Finish migrating route, adding now so 401 is returned
CodeLog = require ('../models/CodeLog')
app.post('/db/codelogs', mw.auth.checkHasUser(), mw.codelogs.post)
app.post('/db/codelogs', mw.codelogs.post)
app.get('/db/codelogs', mw.auth.checkHasPermission(['admin']), mw.rest.get(CodeLog))
Course = require '../models/Course'
@ -86,7 +88,7 @@ module.exports.setup = (app) ->
app.post('/db/user/:userID/request-verify-email', mw.users.sendVerificationEmail)
app.post('/db/user/:userID/verify/:verificationCode', mw.users.verifyEmailAddress) # TODO: Finalize URL scheme
app.get('/db/level/:handle/session', mw.auth.checkHasUser(), mw.levels.upsertSession)
app.get('/db/level/:handle/session', mw.levels.upsertSession)
app.get('/db/prepaid', mw.auth.checkLoggedIn(), mw.prepaids.fetchByCreator)
app.post('/db/prepaid', mw.auth.checkHasPermission(['admin']), mw.prepaids.post)

12
spec/helpers/helper.js
View file

@ -76,6 +76,18 @@ beforeEach(function(done) {
cb(err);
});
},
function(cb) {
// Initialize products
var utils = require('../server/utils');
request = require('../server/request');
utils.initUser()
.then(function (user) {
return utils.loginUser(user, {request: request})
})
.then(function () {
cb()
});
},
function(cb) {
// Initialize products
request = require('../server/request');

10
spec/server/functional/article.spec.coffee
View file

@ -17,7 +17,7 @@ describe 'GET /db/article', ->
yield utils.loginUser(@admin)
yield request.postAsync(getURL('/db/article'), { json: articleData1 })
yield request.postAsync(getURL('/db/article'), { json: articleData2 })
yield utils.logout()
yield utils.becomeAnonymous()
done()
@ -194,7 +194,7 @@ describe 'POST /db/article', ->
it 'does not allow anonymous users to create Articles', utils.wrap (done) ->
yield utils.clearModels([Article])
yield utils.logout()
yield utils.becomeAnonymous()
[res, body] = yield request.postAsync({uri: getURL('/db/article'), json: articleData })
expect(res.statusCode).toBe(401)
done()
@ -451,7 +451,7 @@ describe 'POST /db/article/:handle/new-version', ->
it 'does not work for anonymous users', utils.wrap (done) ->
yield utils.logout()
yield utils.becomeAnonymous()
yield postNewVersion({ name: 'Article name', body: 'New body' }, 401)
articles = yield Article.find()
expect(articles.length).toBe(1)
@ -580,7 +580,7 @@ describe 'GET and POST /db/article/:handle/names', ->
yield utils.loginUser(admin)
[res, article1] = yield request.postAsync(getURL('/db/article'), { json: articleData1 })
[res, article2] = yield request.postAsync(getURL('/db/article'), { json: articleData2 })
yield utils.logout()
yield utils.becomeAnonymous()
[res, body] = yield request.getAsync { uri: getURL('/db/article/names?ids='+[article1._id, article2._id].join(',')), json: true }
expect(body.length).toBe(2)
expect(body[0].name).toBe('Article 1')
@ -679,4 +679,4 @@ describe 'DELETE /db/article/:handle/watchers', ->
article = yield Article.findById(article._id)
ids = (id.toString() for id in article.get('watchers'))
expect(_.contains(ids, user.id)).toBe(false)
done()
done()

8
spec/server/functional/clan.spec.coffee
View file

@ -1,9 +1,9 @@
config = require '../../../server_config'
require '../common'
utils = require '../../../app/core/utils' # Must come after require /common
Clan = require '../../../server/models/Clan'
User = require '../../../server/models/User'
request = require '../request'
utils = require '../utils'
describe 'Clans', ->
clanURL = getURL('/db/clan')
@ -53,7 +53,7 @@ describe 'Clans', ->
done()
it 'Anonymous create clan 401', (done) ->
logoutUser ->
utils.logout().then ->
requestBody =
type: 'public'
name: createClanName 'myclan'
@ -152,7 +152,7 @@ describe 'Clans', ->
loginNewUser (user1) ->
createClan user1, 'public', null, (clan1) ->
createClan user1, 'public', null, (clan2) ->
logoutUser ->
utils.becomeAnonymous().then ->
request.get {uri: "#{clanURL}/-/public" }, (err, res, body) ->
expect(err).toBeNull()
expect(res.statusCode).toBe(200)
@ -498,7 +498,7 @@ describe 'Clans', ->
user1.save (err) ->
expect(err).toBeNull()
createClan user1, 'private', 'my private clan', (clan1) ->
logoutUser ->
utils.becomeAnonymous().then ->
request.get {uri: "#{clanURL}/#{clan1.id}" }, (err, res, body) ->
expect(err).toBeNull()
expect(res.statusCode).toBe(200)

2
spec/server/functional/courses.spec.coffee
View file

@ -23,6 +23,7 @@ describe 'GET /db/course', ->
yield utils.clearModels([Course, User])
yield new Course({ name: 'Course 1' }).save()
yield new Course({ name: 'Course 2' }).save()
yield utils.becomeAnonymous()
done()
@ -36,6 +37,7 @@ describe 'GET /db/course/:handle', ->
beforeEach utils.wrap (done) ->
yield utils.clearModels([Course, User])
@course = yield new Course({ name: 'Some Name' }).save()
yield utils.becomeAnonymous()
done()

2
spec/server/functional/prepaid.spec.coffee
View file

@ -544,7 +544,7 @@ describe '/db/prepaid', ->
logoutUser () ->
fetchPrepaid joeCode, (err, res) ->
expect(err).toBeNull()
expect(res.statusCode).toEqual(403)
expect(res.statusCode).toEqual(401)
done()
it 'User can fetch a prepaid code', (done) ->

2
spec/server/functional/user.spec.coffee
View file

@ -39,7 +39,7 @@ describe 'POST /db/user', ->
it 'serves the user through /db/user/id', (done) ->
unittest.getNormalJoe (user) ->
request.post getURL('/auth/logout'), ->
utils.becomeAnonymous().then ->
url = getURL(urlUser+'/'+user._id)
request.get url, (err, res, body) ->
expect(res.statusCode).toBe(200)