Allow the test suite to authenticate as different users

Author: MattIPv4

src/Structure/BaseRoute.js

@@ -10,12 +10,14 @@ class BaseRoute {
 
     isMod(req, res, next) {
         if (req.session.user.mod || req.session.user.admin) return next();
-        res.render('error', { title: 'Page not found', status: 404, message: 'The page you were looking for could not be found.' });
+        // res.render('error', { title: 'Page not found', status: 404, message: 'The page you were looking for could not be found.' });
+        res.status(403).render('authRequired', { title: 'Authentication is required' })
     }
 
     isAdmin(req, res, next) {
         if (req.session.user.admin) return next();
-        res.render('error', { title: 'Page not found', status: 404, message: 'The page you were looking for could not be found.' });
+        // res.render('error', { title: 'Page not found', status: 404, message: 'The page you were looking for could not be found.' });
+        res.status(403).render('authRequired', { title: 'Authentication is required' })
     }
 
 }

src/Website.js

@@ -38,13 +38,39 @@ class Website {
         this.app.use('/assets', express.static(path.join(__dirname, 'Assets')));
         this.app.use('/codemirror', express.static(path.join(__dirname, '..', 'node_modules', 'codemirror')));
         this.app.use((req, res, next) => {
+            // Test suite logic
+            res.locals.adblock = req.headers['x-disable-adsense'] === config.secret;
+            if (req.headers['x-auth-as-user'] === config.secret ||
+                req.headers['x-auth-as-admin'] === config.secret ||
+                req.headers['x-auth-as-mod'] === config.secret) {
+                req.session.user = {
+                    id: '123456789012345678',
+                    username: 'User',
+                    avatar: '',
+                    discriminator: '1234',
+                    locale: 'en-US',
+                    mfa_enabled: false,
+                    flags: 0,
+                    access_token: '',
+                    expires_in: 604800,
+                    refresh_token: '',
+                    scope: 'identify',
+                    token_type: 'Bearer',
+                    admin: false,
+                    mod: false
+                };
+                if (req.headers['x-auth-as-mod'] || req.headers['x-auth-as-admin']) req.session.user.mod = true;
+                if (req.headers['x-auth-as-admin']) req.session.user.admin = true;
+            }
+            if (req.headers['x-auth-as-anon'] === config.secret) req.session.user = undefined;
+
+            // App locals
             const host = req.get('host');
             res.locals.route = req.connection.encrypted ? 'https://' : 'http://' + host + req.path;
             res.locals.isProduction = host.toLowerCase().trim() === 'botblock.org';
             res.locals.isStaging = host.toLowerCase().trim() === 'staging.botblock.org';
             res.locals.isDevelopment = !res.locals.isProduction && !res.locals.isStaging;
             res.locals.language = req.cookies.lang;
-            res.locals.adblock = req.headers['x-disable-adsense'] && req.headers['x-disable-adsense'] === config.secret;
             res.locals.breadcrumb = req.path.split('/').splice(1, 3, null);
             res.locals.user = req.session.user;
             res.cookie('url', req.path.startsWith('/auth') ? '/' : req.path);

test/Routes/Lists.js

@@ -1,4 +1,4 @@
-const { describe, it, expect, request, db, locale, checks, authAsMod } = require('../base');
+const { describe, it, expect, request, db, locale, checks, auth } = require('../base');
 
 describe('/lists', () => {
     describe('GET', () => {
@@ -472,22 +472,59 @@ describe('/lists/:id', () => {
 
 describe('/lists/:id/edit', () => {
     const listId = 'botlist.space';
-    describe(`GET (:id = ${listId})`, () => {
-        const test = () => request().get(`/lists/${listId}/edit`);
-        it('returns the authentication required message', done => {
-            test().end((err, res) => {
-                checks.authRequired(res);
-                done();
+    describe('As an anonymous user', () => {
+        describe(`GET (:id = ${listId})`, () => {
+            const test = () => request().get(`/lists/${listId}/edit`);
+            it('returns the authentication required message', done => {
+                test().end((err, res) => {
+                    checks.authRequired(res);
+                    done();
+                });
+            });
+        });
+
+        describe(`POST (:id = ${listId})`, () => {
+            const test = () => request().post(`/lists/${listId}/edit`);
+            it('returns the authentication required message', done => {
+                test().end((err, res) => {
+                    checks.authRequired(res);
+                    done();
+                });
             });
         });
     });
 
-    describe(`POST (:id = ${listId})`, () => {
-        const test = () => request().post(`/lists/${listId}/edit`);
-        it('returns the authentication required message', done => {
-            test().end((err, res) => {
-                checks.authRequired(res);
-                done();
+    describe('As a logged in user', () => {
+        describe(`GET (:id = ${listId})`, () => {
+            const test = () => auth.asUser(request().get(`/lists/${listId}/edit`));
+            it('returns the authentication required message', done => {
+                test().end((err, res) => {
+                    checks.authRequired(res);
+                    done();
+                });
+            });
+        });
+
+        describe(`POST (:id = ${listId})`, () => {
+            const test = () => auth.asUser(request().post(`/lists/${listId}/edit`));
+            it('returns the authentication required message', done => {
+                test().end((err, res) => {
+                    checks.authRequired(res);
+                    done();
+                });
+            });
+        });
+    });
+
+    describe('As a moderator', () => {
+        describe(`GET (:id = ${listId})`, () => {
+            const test = () => auth.asMod(request().get(`/lists/${listId}/edit`));
+            it('renders the edit page', done => {
+                test().end((err, res) => {
+                    expect(res).to.have.status(200);
+                    expect(res).to.be.html;
+                    done();
+                });
             });
         });
     });

test/base.js

@@ -1,22 +1,16 @@
 const config = require('../config');
-const i18n = require('../src/Util/i18n');
+const locale = require('../src/Util/i18n').__;
 const db = require('../db/db')();
 const checks = require('./helpers/checks');
+const auth = require('./helpers/auth');
+const request = require('./helpers/request');
 
 const { describe, it } = require('mocha');
+const { expect } = require('chai');
 
-const chai = require('chai');
-const chaiHttp = require('chai-http');
-const expect = chai.expect;
-chai.use(chaiHttp);
-
-const target = `${config.baseURL}:${config.port}`;
-const request = () => chai.request(target);
 const ratelimitBypass = (req) => req.set('X-Ratelimit-Bypass', config.secret);
 const resetRatelimits = () => ratelimitBypass(request().get('/api/reset'));
 
-const locale = i18n.__;
-
 const compareObjectProps = (a, b) => {
     const missing = [];
     const aProps = Object.keys(a);
@@ -43,13 +37,13 @@ module.exports = {
     describe,
     it,
     expect,
-    target,
     secret: config.secret,
     request,
     ratelimitBypass,
     resetRatelimits,
     db,
     locale,
     checks,
+    auth,
     compareObjects
 };

test/helpers/auth.js

@@ -0,0 +1,8 @@
+const config = require('../../config');
+
+const asAnon = (req) => req.set('X-Auth-As-Anon', config.secret);
+const asUser = (req) => req.set('X-Auth-As-User', config.secret).unset('X-Auth-As-Anon');
+const asMod = (req) => req.set('X-Auth-As-Mod', config.secret).unset('X-Auth-As-Anon');
+const asAdmin = (req) => req.set('X-Auth-As-Admin', config.secret).unset('X-Auth-As-Anon');
+
+module.exports = { asAnon, asUser, asMod, asAdmin };

test/helpers/checks.js

@@ -1,3 +1,6 @@
+const { expect } = require('chai');
+const locale = require('../../src/Util/i18n').__;
+
 const ratelimit = (context, limit, test, done, status = 200) => {
     context.retries(0);
     context.slow((limit * 1.15 + 1.5) * 1000);

test/helpers/request.js

@@ -0,0 +1,16 @@
+const config = require('../../config');
+const { asAnon } = require('./auth');
+const chai = require('chai');
+const chaiHttp = require('chai-http');
+chai.use(chaiHttp);
+
+const target = `${config.baseURL}:${config.port}`;
+const base = () => chai.request(target);
+
+module.exports = () => new Proxy(base, {
+    get(target, method) {
+        return function (...args) {
+            return asAnon(target()[method].apply(this, args));
+        };
+    }
+});