From: Dessalines Date: Thu, 6 Aug 2020 18:30:01 +0000 (-0400) Subject: Start adding apub security checks. X-Git-Url: http://these/git/%24%7BgetStaticDir%28%29%7D/styles/static/readmes/%7BcanonicalUrl%7D?a=commitdiff_plain;h=7bb546c7c25fca4072c84c7993586ad180ac2bb5;p=lemmy.git Start adding apub security checks. --- diff --git a/ui/src/api_tests/comment.spec.ts b/ui/src/api_tests/comment.spec.ts index 8852a730..ab5418e1 100644 --- a/ui/src/api_tests/comment.spec.ts +++ b/ui/src/api_tests/comment.spec.ts @@ -16,6 +16,9 @@ import { getMentions, searchPost, unfollowRemotes, + createCommunity, + registerUser, + API, } from './shared'; import { PostResponse } from '../interfaces'; @@ -104,29 +107,49 @@ test('Delete a comment', async () => { test('Remove a comment', async () => { let commentRes = await createComment(alpha, postRes.post.id); - let removeCommentRes = await removeComment( - alpha, - true, - commentRes.comment.id - ); + + // Get the id for beta + let betaCommentId = (await searchComment(beta, commentRes.comment)) + .comments[0].id; + + // The beta admin removes it (the community lives on beta) + let removeCommentRes = await removeComment(beta, true, betaCommentId); expect(removeCommentRes.comment.removed).toBe(true); - // Make sure that comment is removed on beta - let searchBeta = await searchComment(beta, commentRes.comment); - let betaComment = searchBeta.comments[0]; - expect(betaComment.removed).toBe(true); + // Make sure that comment is removed on alpha (it gets pushed since an admin from beta removed it) + let refetchedPost = await getPost(alpha, postRes.post.id); + expect(refetchedPost.comments[0].removed).toBe(true); - let unremoveCommentRes = await removeComment( - alpha, - false, - commentRes.comment.id - ); + let unremoveCommentRes = await removeComment(beta, false, betaCommentId); expect(unremoveCommentRes.comment.removed).toBe(false); // Make sure that comment is unremoved on beta - let searchBeta2 = await searchComment(beta, commentRes.comment); - let betaComment2 = searchBeta2.comments[0]; - expect(betaComment2.removed).toBe(false); + let refetchedPost2 = await getPost(alpha, postRes.post.id); + expect(refetchedPost2.comments[0].removed).toBe(false); +}); + +test('Remove a comment from an admin on a different instance, make sure its not removed on the original', async () => { + let alphaUser = await registerUser(alpha); + let newAlphaApi: API = { + url: alpha.url, + auth: alphaUser.jwt, + }; + + // New alpha user creates a community, post, and comment. + let newCommunity = await createCommunity(newAlphaApi); + let newPost = await createPost(newAlphaApi, newCommunity.community.id); + let commentRes = await createComment(newAlphaApi, newPost.post.id); + expect(commentRes.comment.content).toBeDefined(); + + // Beta searches that to cache it, then removes it + let searchBeta = await searchComment(beta, commentRes.comment); + let betaComment = searchBeta.comments[0]; + let removeCommentRes = await removeComment(beta, true, betaComment.id); + expect(removeCommentRes.comment.removed).toBe(true); + + // Make sure its not removed on alpha + let refetchedPost = await getPost(newAlphaApi, newPost.post.id); + expect(refetchedPost.comments[0].removed).toBe(false); }); test('Unlike a comment', async () => {