This is part of an effort to consistently not embed User objects
in API responses. Usernames are returned instead.
Signed-off-by: David Mehren <git@herrmehren.de>
This is part of an effort to consistently not embed User objects
in API responses. Usernames are returned instead.
Signed-off-by: David Mehren <git@herrmehren.de>
By checking the "old" password of the user prior to a password change, the
password change function is more secured against abuse.
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
Because the rejection now happens automatically in the permissions guard it does not get to the controller method and does not report the Content-Type to text/markdown
Signed-off-by: Philip Molares <philip.molares@udo.edu>
Because the rejection now happens automatically in the permissions guard it now returns a 403 instead of 401
Signed-off-by: Philip Molares <philip.molares@udo.edu>
To make the create method easier to use in conjunction
with the authentication framework, this commit changes the type of
the `owner` parameter from `User | undefined` to `User | null`.
Signed-off-by: David Mehren <git@herrmehren.de>
The previously used HTTP error 400 'Bad Request' is not really
applicable here, as the client did not send a malformed message.
Signed-off-by: David Mehren <git@herrmehren.de>
Including both PublicApiModule and PrivateApiModule in the test setup
lead to the API routes overwriting each other.
This adds a router to separate the APIs as they are in the normal app.
Signed-off-by: David Mehren <git@herrmehren.de>
WebStorm does not support typescript.*.json files,
but always uses the nearest tsconfig.json.
Moving the test-specific tsconfig into the test folder allows WebStorm
to use the correct config for the E2E-tests and
stops it from showing unnecessary errors.
Signed-off-by: David Mehren <git@herrmehren.de>
This should help to make clear why code is executed when the TokenAuthGuard is encountered by a request. Currently, one has to connect both files via the string 'token', which is a bit cryptic
Signed-off-by: Philip Molares <philip.molares@udo.edu>
The function now expects a `Note` object instead of a noteId
and a `User` instead of a username to
make it more consistent with other functions.
Signed-off-by: David Mehren <git@herrmehren.de>
The function now expects a `Note` object instead of a noteId to
make it more consistent with other functions.
Signed-off-by: David Mehren <git@herrmehren.de>
This renames `createOrUpdateHistoryEntry` to `updateHistoryEntryTimestamp`,
which reduces confusion with the similarly named
`updateHistoryEntry` function.
Signed-off-by: David Mehren <git@herrmehren.de>
The DI tokens for services seem to have changed with NestJS 8.
As we can also use the class object instead of a hardcoded token,
this commit replaces the tokens accordingly.
Signed-off-by: David Mehren <git@herrmehren.de>
This adds a body to the route DELETE /notes/{note} of the public api to specify if the associated media uploads of the note should be kept or deleted.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
This adds a body to the route DELETE /notes/{note} of the private api to specify if the associated media uploads of the note should be kept or deleted.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
Previously, `fs.rmdir` was called multiple times on the same path,
even when the path was already deleted.
This causes test failures in Node 16.
This commit extracts the cleanup code into a utility function
and ensures that no error is thrown when the given path is already deleted.
Signed-off-by: David Mehren <git@herrmehren.de>
As the DTO is only for importing an existing history the lastVisited of those entries should also be posted.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
As the DTO is only for importing an existing history the pinStatus of those entries should also be posted.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
As the DTO is used to import a whole list of history entries rather than creating a single history entry (there is no way of doing that at the moment)
Signed-off-by: Philip Molares <philip.molares@udo.edu>
Since large parts of this test were copied from the public api e2e test, somethings still used the public api e2e test files.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
This ensures the folder is always deleted, even if there are still files (from previous broken tests) in it.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
The deletion of upload was moved to beforeEach and afterEach block in the 'POST /media' > 'fails' tests.
The test if the folder was not created, because there was no file uploaded, now correctly expects the behaviour.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
This ports the extra tests in the POST /media test from the private apis to the public apis E2E tests.
Also the whole test suit was renamed to 'Media'.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
This way the tests can run in any order as some of the media tests rely on an empty (or non-existing) uploads directory.
Also the me e2e test was renamed to the correct name.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
add test for GET /me/history/{note}
add error cases to PUT /me/history/{note} and DELETE /me/history/{note}
activate missing test GET /me/notes/
Signed-off-by: Philip Molares <philip.molares@udo.edu>
As the NotesController has the note already, because it checked with it if the user has the permission to perform the action, it's not necessary to get the note from the DB again, instead we should just provide the note to the functions directly.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
split success and fail cases in separate tests for better readability
add the correct user to all notes created by service (instead of api) to make the permissions checks viable.
extracted test content of notes to a global variable.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
Remove uploaded files after media e2e tests ran
Remove /uploads/ folder after all media e2e tests ran
This way the uploads folder doesn't grow while working on other e2e tests
Signed-off-by: Philip Molares <philip.molares@udo.edu>
Add history service to allow for CRUD operations.
Use history service in controllers to:
1. Allow manipulating of history entries
2. Guaranty the correct existence of history entries
Signed-off-by: Philip Molares <philip.molares@udo.edu>
