Require req.user in all /db routes
This commit is contained in:
Scott Erickson
parent
c08d426c6b
commit
ee0195ab21
8 changed files with 34 additions and 18 deletions
server
spec
|
|
@ -433,9 +433,9 @@ class SubscriptionHandler extends Handler
|
||||||
productName = "#{user.get('country')}_basic_subscription"
|
productName = "#{user.get('country')}_basic_subscription"
|
||||||
|
|
||||||
Product.findOne({name: productName}).exec (err, product) =>
|
Product.findOne({name: productName}).exec (err, product) =>
|
||||||
return @sendDatabaseError(res, err) if err
|
return done({res: 'Database error.', code: 500}) if err
|
||||||
return @sendNotFoundError(res, 'basic_subscription product not found') if not product
|
return done({res: 'basic_subscription product not found.', code: 404}) if not product
|
||||||
|
|
||||||
if increment
|
if increment
|
||||||
purchased = _.clone(user.get('purchased'))
|
purchased = _.clone(user.get('purchased'))
|
||||||
purchased ?= {}
|
purchased ?= {}
|
||||||
|
|
|
||||||
|
|
@ -1,7 +1,7 @@
|
||||||
mw = require '../middleware'
|
mw = require '../middleware'
|
||||||
|
|
||||||
module.exports.setup = (app) ->
|
module.exports.setup = (app) ->
|
||||||
|
|
||||||
passport = require('passport')
|
passport = require('passport')
|
||||||
app.post('/auth/login', passport.authenticate('local'), mw.auth.afterLogin)
|
app.post('/auth/login', passport.authenticate('local'), mw.auth.afterLogin)
|
||||||
app.post('/auth/login-facebook', mw.auth.loginByFacebook, mw.auth.afterLogin)
|
app.post('/auth/login-facebook', mw.auth.loginByFacebook, mw.auth.afterLogin)
|
||||||
|
|
@ -14,6 +14,8 @@ module.exports.setup = (app) ->
|
||||||
app.get('/auth/unsubscribe', mw.auth.unsubscribe)
|
app.get('/auth/unsubscribe', mw.auth.unsubscribe)
|
||||||
app.get('/auth/whoami', mw.auth.whoAmI)
|
app.get('/auth/whoami', mw.auth.whoAmI)
|
||||||
|
|
||||||
|
app.all('/db/*', mw.auth.checkHasUser())
|
||||||
|
|
||||||
Achievement = require '../models/Achievement'
|
Achievement = require '../models/Achievement'
|
||||||
app.get('/db/achievement', mw.achievements.fetchByRelated, mw.rest.get(Achievement))
|
app.get('/db/achievement', mw.achievements.fetchByRelated, mw.rest.get(Achievement))
|
||||||
app.post('/db/achievement', mw.auth.checkHasPermission(['admin', 'artisan']), mw.rest.post(Achievement))
|
app.post('/db/achievement', mw.auth.checkHasPermission(['admin', 'artisan']), mw.rest.post(Achievement))
|
||||||
|
|
@ -28,7 +30,7 @@ module.exports.setup = (app) ->
|
||||||
|
|
||||||
Article = require '../models/Article'
|
Article = require '../models/Article'
|
||||||
app.get('/db/article', mw.rest.get(Article))
|
app.get('/db/article', mw.rest.get(Article))
|
||||||
app.post('/db/article', mw.auth.checkHasPermission(['admin', 'artisan']), mw.rest.post(Article))
|
app.post('/db/article', mw.auth.checkLoggedIn(), mw.auth.checkHasPermission(['admin', 'artisan']), mw.rest.post(Article))
|
||||||
app.get('/db/article/names', mw.named.names(Article))
|
app.get('/db/article/names', mw.named.names(Article))
|
||||||
app.post('/db/article/names', mw.named.names(Article))
|
app.post('/db/article/names', mw.named.names(Article))
|
||||||
app.get('/db/article/:handle', mw.rest.getByHandle(Article))
|
app.get('/db/article/:handle', mw.rest.getByHandle(Article))
|
||||||
|
|
@ -65,7 +67,7 @@ module.exports.setup = (app) ->
|
||||||
app.get('/db/classroom/:handle', mw.auth.checkLoggedIn()) # TODO: Finish migrating route, adding now so 401 is returned
|
app.get('/db/classroom/:handle', mw.auth.checkLoggedIn()) # TODO: Finish migrating route, adding now so 401 is returned
|
||||||
|
|
||||||
CodeLog = require ('../models/CodeLog')
|
CodeLog = require ('../models/CodeLog')
|
||||||
app.post('/db/codelogs', mw.auth.checkHasUser(), mw.codelogs.post)
|
app.post('/db/codelogs', mw.codelogs.post)
|
||||||
app.get('/db/codelogs', mw.auth.checkHasPermission(['admin']), mw.rest.get(CodeLog))
|
app.get('/db/codelogs', mw.auth.checkHasPermission(['admin']), mw.rest.get(CodeLog))
|
||||||
|
|
||||||
Course = require '../models/Course'
|
Course = require '../models/Course'
|
||||||
|
|
@ -86,7 +88,7 @@ module.exports.setup = (app) ->
|
||||||
app.post('/db/user/:userID/request-verify-email', mw.users.sendVerificationEmail)
|
app.post('/db/user/:userID/request-verify-email', mw.users.sendVerificationEmail)
|
||||||
app.post('/db/user/:userID/verify/:verificationCode', mw.users.verifyEmailAddress) # TODO: Finalize URL scheme
|
app.post('/db/user/:userID/verify/:verificationCode', mw.users.verifyEmailAddress) # TODO: Finalize URL scheme
|
||||||
|
|
||||||
app.get('/db/level/:handle/session', mw.auth.checkHasUser(), mw.levels.upsertSession)
|
app.get('/db/level/:handle/session', mw.levels.upsertSession)
|
||||||
|
|
||||||
app.get('/db/prepaid', mw.auth.checkLoggedIn(), mw.prepaids.fetchByCreator)
|
app.get('/db/prepaid', mw.auth.checkLoggedIn(), mw.prepaids.fetchByCreator)
|
||||||
app.post('/db/prepaid', mw.auth.checkHasPermission(['admin']), mw.prepaids.post)
|
app.post('/db/prepaid', mw.auth.checkHasPermission(['admin']), mw.prepaids.post)
|
||||||
|
|
|
||||||
|
|
@ -76,6 +76,18 @@ beforeEach(function(done) {
|
||||||
cb(err);
|
cb(err);
|
||||||
});
|
});
|
||||||
},
|
},
|
||||||
|
function(cb) {
|
||||||
|
// Initialize products
|
||||||
|
var utils = require('../server/utils');
|
||||||
|
request = require('../server/request');
|
||||||
|
utils.initUser()
|
||||||
|
.then(function (user) {
|
||||||
|
return utils.loginUser(user, {request: request})
|
||||||
|
})
|
||||||
|
.then(function () {
|
||||||
|
cb()
|
||||||
|
});
|
||||||
|
},
|
||||||
function(cb) {
|
function(cb) {
|
||||||
// Initialize products
|
// Initialize products
|
||||||
request = require('../server/request');
|
request = require('../server/request');
|
||||||
|
|
|
||||||
|
|
@ -17,7 +17,7 @@ describe 'GET /db/article', ->
|
||||||
yield utils.loginUser(@admin)
|
yield utils.loginUser(@admin)
|
||||||
yield request.postAsync(getURL('/db/article'), { json: articleData1 })
|
yield request.postAsync(getURL('/db/article'), { json: articleData1 })
|
||||||
yield request.postAsync(getURL('/db/article'), { json: articleData2 })
|
yield request.postAsync(getURL('/db/article'), { json: articleData2 })
|
||||||
yield utils.logout()
|
yield utils.becomeAnonymous()
|
||||||
done()
|
done()
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -194,7 +194,7 @@ describe 'POST /db/article', ->
|
||||||
|
|
||||||
it 'does not allow anonymous users to create Articles', utils.wrap (done) ->
|
it 'does not allow anonymous users to create Articles', utils.wrap (done) ->
|
||||||
yield utils.clearModels([Article])
|
yield utils.clearModels([Article])
|
||||||
yield utils.logout()
|
yield utils.becomeAnonymous()
|
||||||
[res, body] = yield request.postAsync({uri: getURL('/db/article'), json: articleData })
|
[res, body] = yield request.postAsync({uri: getURL('/db/article'), json: articleData })
|
||||||
expect(res.statusCode).toBe(401)
|
expect(res.statusCode).toBe(401)
|
||||||
done()
|
done()
|
||||||
|
|
@ -451,7 +451,7 @@ describe 'POST /db/article/:handle/new-version', ->
|
||||||
|
|
||||||
|
|
||||||
it 'does not work for anonymous users', utils.wrap (done) ->
|
it 'does not work for anonymous users', utils.wrap (done) ->
|
||||||
yield utils.logout()
|
yield utils.becomeAnonymous()
|
||||||
yield postNewVersion({ name: 'Article name', body: 'New body' }, 401)
|
yield postNewVersion({ name: 'Article name', body: 'New body' }, 401)
|
||||||
articles = yield Article.find()
|
articles = yield Article.find()
|
||||||
expect(articles.length).toBe(1)
|
expect(articles.length).toBe(1)
|
||||||
|
|
@ -580,7 +580,7 @@ describe 'GET and POST /db/article/:handle/names', ->
|
||||||
yield utils.loginUser(admin)
|
yield utils.loginUser(admin)
|
||||||
[res, article1] = yield request.postAsync(getURL('/db/article'), { json: articleData1 })
|
[res, article1] = yield request.postAsync(getURL('/db/article'), { json: articleData1 })
|
||||||
[res, article2] = yield request.postAsync(getURL('/db/article'), { json: articleData2 })
|
[res, article2] = yield request.postAsync(getURL('/db/article'), { json: articleData2 })
|
||||||
yield utils.logout()
|
yield utils.becomeAnonymous()
|
||||||
[res, body] = yield request.getAsync { uri: getURL('/db/article/names?ids='+[article1._id, article2._id].join(',')), json: true }
|
[res, body] = yield request.getAsync { uri: getURL('/db/article/names?ids='+[article1._id, article2._id].join(',')), json: true }
|
||||||
expect(body.length).toBe(2)
|
expect(body.length).toBe(2)
|
||||||
expect(body[0].name).toBe('Article 1')
|
expect(body[0].name).toBe('Article 1')
|
||||||
|
|
@ -679,4 +679,4 @@ describe 'DELETE /db/article/:handle/watchers', ->
|
||||||
article = yield Article.findById(article._id)
|
article = yield Article.findById(article._id)
|
||||||
ids = (id.toString() for id in article.get('watchers'))
|
ids = (id.toString() for id in article.get('watchers'))
|
||||||
expect(_.contains(ids, user.id)).toBe(false)
|
expect(_.contains(ids, user.id)).toBe(false)
|
||||||
done()
|
done()
|
||||||
|
|
|
||||||
|
|
@ -1,9 +1,9 @@
|
||||||
config = require '../../../server_config'
|
config = require '../../../server_config'
|
||||||
require '../common'
|
require '../common'
|
||||||
utils = require '../../../app/core/utils' # Must come after require /common
|
|
||||||
Clan = require '../../../server/models/Clan'
|
Clan = require '../../../server/models/Clan'
|
||||||
User = require '../../../server/models/User'
|
User = require '../../../server/models/User'
|
||||||
request = require '../request'
|
request = require '../request'
|
||||||
|
utils = require '../utils'
|
||||||
|
|
||||||
describe 'Clans', ->
|
describe 'Clans', ->
|
||||||
clanURL = getURL('/db/clan')
|
clanURL = getURL('/db/clan')
|
||||||
|
|
@ -53,7 +53,7 @@ describe 'Clans', ->
|
||||||
done()
|
done()
|
||||||
|
|
||||||
it 'Anonymous create clan 401', (done) ->
|
it 'Anonymous create clan 401', (done) ->
|
||||||
logoutUser ->
|
utils.logout().then ->
|
||||||
requestBody =
|
requestBody =
|
||||||
type: 'public'
|
type: 'public'
|
||||||
name: createClanName 'myclan'
|
name: createClanName 'myclan'
|
||||||
|
|
@ -152,7 +152,7 @@ describe 'Clans', ->
|
||||||
loginNewUser (user1) ->
|
loginNewUser (user1) ->
|
||||||
createClan user1, 'public', null, (clan1) ->
|
createClan user1, 'public', null, (clan1) ->
|
||||||
createClan user1, 'public', null, (clan2) ->
|
createClan user1, 'public', null, (clan2) ->
|
||||||
logoutUser ->
|
utils.becomeAnonymous().then ->
|
||||||
request.get {uri: "#{clanURL}/-/public" }, (err, res, body) ->
|
request.get {uri: "#{clanURL}/-/public" }, (err, res, body) ->
|
||||||
expect(err).toBeNull()
|
expect(err).toBeNull()
|
||||||
expect(res.statusCode).toBe(200)
|
expect(res.statusCode).toBe(200)
|
||||||
|
|
@ -498,7 +498,7 @@ describe 'Clans', ->
|
||||||
user1.save (err) ->
|
user1.save (err) ->
|
||||||
expect(err).toBeNull()
|
expect(err).toBeNull()
|
||||||
createClan user1, 'private', 'my private clan', (clan1) ->
|
createClan user1, 'private', 'my private clan', (clan1) ->
|
||||||
logoutUser ->
|
utils.becomeAnonymous().then ->
|
||||||
request.get {uri: "#{clanURL}/#{clan1.id}" }, (err, res, body) ->
|
request.get {uri: "#{clanURL}/#{clan1.id}" }, (err, res, body) ->
|
||||||
expect(err).toBeNull()
|
expect(err).toBeNull()
|
||||||
expect(res.statusCode).toBe(200)
|
expect(res.statusCode).toBe(200)
|
||||||
|
|
|
||||||
|
|
@ -23,6 +23,7 @@ describe 'GET /db/course', ->
|
||||||
yield utils.clearModels([Course, User])
|
yield utils.clearModels([Course, User])
|
||||||
yield new Course({ name: 'Course 1' }).save()
|
yield new Course({ name: 'Course 1' }).save()
|
||||||
yield new Course({ name: 'Course 2' }).save()
|
yield new Course({ name: 'Course 2' }).save()
|
||||||
|
yield utils.becomeAnonymous()
|
||||||
done()
|
done()
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -36,6 +37,7 @@ describe 'GET /db/course/:handle', ->
|
||||||
beforeEach utils.wrap (done) ->
|
beforeEach utils.wrap (done) ->
|
||||||
yield utils.clearModels([Course, User])
|
yield utils.clearModels([Course, User])
|
||||||
@course = yield new Course({ name: 'Some Name' }).save()
|
@course = yield new Course({ name: 'Some Name' }).save()
|
||||||
|
yield utils.becomeAnonymous()
|
||||||
done()
|
done()
|
||||||
|
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -544,7 +544,7 @@ describe '/db/prepaid', ->
|
||||||
logoutUser () ->
|
logoutUser () ->
|
||||||
fetchPrepaid joeCode, (err, res) ->
|
fetchPrepaid joeCode, (err, res) ->
|
||||||
expect(err).toBeNull()
|
expect(err).toBeNull()
|
||||||
expect(res.statusCode).toEqual(403)
|
expect(res.statusCode).toEqual(401)
|
||||||
done()
|
done()
|
||||||
|
|
||||||
it 'User can fetch a prepaid code', (done) ->
|
it 'User can fetch a prepaid code', (done) ->
|
||||||
|
|
|
||||||
|
|
@ -39,7 +39,7 @@ describe 'POST /db/user', ->
|
||||||
|
|
||||||
it 'serves the user through /db/user/id', (done) ->
|
it 'serves the user through /db/user/id', (done) ->
|
||||||
unittest.getNormalJoe (user) ->
|
unittest.getNormalJoe (user) ->
|
||||||
request.post getURL('/auth/logout'), ->
|
utils.becomeAnonymous().then ->
|
||||||
url = getURL(urlUser+'/'+user._id)
|
url = getURL(urlUser+'/'+user._id)
|
||||||
request.get url, (err, res, body) ->
|
request.get url, (err, res, body) ->
|
||||||
expect(res.statusCode).toBe(200)
|
expect(res.statusCode).toBe(200)
|
||||||
|
|
|
||||||
Reference in a new issue