breaking: remove socket.io/flags.js

refactor: helpers.loginUser returns a single object {jar, csrf_token}

src/routes/write/flags.js

@@ -11,7 +11,6 @@ module.exports = function () {
 	const middlewares = [middleware.ensureLoggedIn];
 
 	setupApiRoute(router, 'post', '/', [...middlewares], controllers.write.flags.create);
-	// setupApiRoute(router, 'delete', ...); // does not exist
 
 	setupApiRoute(router, 'get', '/:flagId', [...middlewares, middleware.assert.flag], controllers.write.flags.get);
 	setupApiRoute(router, 'put', '/:flagId', [...middlewares, middleware.assert.flag], controllers.write.flags.update);

src/socket.io/index.js

@@ -171,9 +171,10 @@ async function onMessage(socket, payload) {
 }
 
 function requireModules() {
-	const modules = ['admin', 'categories', 'groups', 'meta', 'modules',
-		'notifications', 'plugins', 'posts', 'topics', 'user', 'blacklist',
-		'flags', 'uploads',
+	const modules = [
+		'admin', 'categories', 'groups', 'meta', 'modules',
+		'notifications', 'plugins', 'posts', 'topics', 'user',
+		'blacklist', 'uploads',
 	];
 
 	modules.forEach((module) => {

test/api.js

@@ -208,7 +208,7 @@ describe('API', async () => {
 		});
 
 		// All tests run as admin user
-		jar = await helpers.loginUser('admin', '123456');
+		({ jar } = await helpers.loginUser('admin', '123456'));
 
 		// Retrieve CSRF token using cookie, to test Write API
 		const config = await request({
@@ -457,7 +457,7 @@ describe('API', async () => {
 				it('should successfully re-login if needed', async () => {
 					const reloginPaths = ['PUT /users/{uid}/password', 'DELETE /users/{uid}/sessions/{uuid}'];
 					if (reloginPaths.includes(`${method.toUpperCase()} ${path}`)) {
-						jar = await helpers.loginUser('admin', '123456');
+						({ jar } = await helpers.loginUser('admin', '123456'));
 						const sessionUUIDs = await db.getObject('uid:1:sessionUUID:sessionId');
 						mocks.delete['/users/{uid}/sessions/{uuid}'][1].example = Object.keys(sessionUUIDs).pop();
 

test/authentication.js

@@ -187,14 +187,12 @@ describe('authentication', () => {
 	});
 
 	it('should regenerate the session identifier on successful login', async () => {
-		const login = util.promisify(helpers.loginUser);
-		const logout = util.promisify(helpers.logoutUser);
 		const matchRegexp = /express\.sid=s%3A(.+?);/;
 		const { hostname, path } = url.parse(nconf.get('url'));
 
 		const sid = String(jar._jar.store.idx[hostname][path]['express.sid']).match(matchRegexp)[1];
-		await logout(jar);
-		const newJar = await login('regular', 'regularpwd');
+		await helpers.logoutUser(jar);
+		const newJar = (await helpers.loginUser('regular', 'regularpwd')).jar;
 		const newSid = String(newJar._jar.store.idx[hostname][path]['express.sid']).match(matchRegexp)[1];
 
 		assert.notStrictEqual(newSid, sid);

test/controllers-admin.js

@@ -36,7 +36,7 @@ describe('Admin Controllers', () => {
 				user.create({ username: 'admin', password: 'barbar' }, next);
 			},
 			regularUid: function (next) {
-				user.create({ username: 'regular' }, next);
+				user.create({ username: 'regular', password: 'regularpwd' }, next);
 			},
 			regular2Uid: function (next) {
 				user.create({ username: 'regular2' }, next);
@@ -66,9 +66,9 @@ describe('Admin Controllers', () => {
 	});
 
 	it('should 403 if user is not admin', (done) => {
-		helpers.loginUser('admin', 'barbar', (err, _jar) => {
+		helpers.loginUser('admin', 'barbar', (err, data) => {
 			assert.ifError(err);
-			jar = _jar;
+			jar = data.jar;
 			request(`${nconf.get('url')}/admin`, { jar: jar }, (err, res, body) => {
 				assert.ifError(err);
 				assert.equal(res.statusCode, 403);
@@ -602,14 +602,11 @@ describe('Admin Controllers', () => {
 
 	describe('mods page', () => {
 		let moderatorJar;
-
-		before((done) => {
-			helpers.loginUser('moderator', 'modmod', (err, _jar) => {
-				assert.ifError(err);
-				moderatorJar = _jar;
-
-				groups.join(`cid:${cid}:privileges:moderate`, moderatorUid, done);
-			});
+		let regularJar;
+		before(async () => {
+			moderatorJar = (await helpers.loginUser('moderator', 'modmod')).jar;
+			regularJar = (await helpers.loginUser('regular', 'regularpwd')).jar;
+			await groups.join(`cid:${cid}:privileges:moderate`, moderatorUid);
 		});
 
 		it('should error with no privileges', (done) => {
@@ -652,42 +649,69 @@ describe('Admin Controllers', () => {
 		});
 
 		it('should error when you attempt to flag a privileged user\'s post', async () => {
-			const socketFlags = require('../src/socket.io/flags');
-			const oldValue = meta.config['min:rep:flag'];
-			try {
-				await socketFlags.create({ uid: regularUid }, { id: pid, type: 'post', reason: 'spam' });
-			} catch (err) {
-				assert.strictEqual(err.message, '[[error:cant-flag-privileged]]');
-			}
+			const { res, body } = await helpers.request('post', '/api/v3/flags', {
+				json: true,
+				jar: regularJar,
+				form: {
+					id: pid,
+					type: 'post',
+					reason: 'spam',
+				},
+			});
+			assert.strictEqual(res.statusCode, 400);
+			assert.strictEqual(body.status.code, 'bad-request');
+			assert.strictEqual(body.status.message, 'You are not allowed to flag the profiles or content of privileged users (moderators/global moderators/admins)');
 		});
 
-		it('should error with not enough reputation to flag', (done) => {
-			const socketFlags = require('../src/socket.io/flags');
+		it('should error with not enough reputation to flag', async () => {
 			const oldValue = meta.config['min:rep:flag'];
 			meta.config['min:rep:flag'] = 1000;
-			socketFlags.create({ uid: regularUid }, { id: regularPid, type: 'post', reason: 'spam' }, (err) => {
-				assert.strictEqual(err.message, '[[error:not-enough-reputation-to-flag]]');
-				meta.config['min:rep:flag'] = oldValue;
-				done();
+			const { res, body } = await helpers.request('post', '/api/v3/flags', {
+				json: true,
+				jar: regularJar,
+				form: {
+					id: regularPid,
+					type: 'post',
+					reason: 'spam',
+				},
 			});
+			assert.strictEqual(res.statusCode, 400);
+			assert.strictEqual(body.status.code, 'bad-request');
+			assert.strictEqual(body.status.message, 'You do not have enough reputation to flag this post');
+
+			meta.config['min:rep:flag'] = oldValue;
 		});
 
-		it('should return flag details', (done) => {
-			const socketFlags = require('../src/socket.io/flags');
+		it('should return flag details', async () => {
 			const oldValue = meta.config['min:rep:flag'];
 			meta.config['min:rep:flag'] = 0;
-			socketFlags.create({ uid: regularUid }, { id: regularPid, type: 'post', reason: 'spam' }, (err, flagId) => {
-				meta.config['min:rep:flag'] = oldValue;
-				assert.ifError(err);
-				request(`${nconf.get('url')}/api/flags/${flagId}`, { jar: moderatorJar, json: true }, (err, res, body) => {
-					assert.ifError(err);
-					assert(body);
-					assert(body.reports);
-					assert(Array.isArray(body.reports));
-					assert.strictEqual(body.reports[0].reporter.username, 'regular');
-					done();
-				});
+			const result = await helpers.request('post', '/api/v3/flags', {
+				json: true,
+				jar: regularJar,
+				form: {
+					id: regularPid,
+					type: 'post',
+					reason: 'spam',
+				},
 			});
+			meta.config['min:rep:flag'] = oldValue;
+
+			const flagsResult = await helpers.request('get', `/api/flags`, {
+				json: true,
+				jar: moderatorJar,
+			});
+
+			assert(flagsResult.body);
+			assert(Array.isArray(flagsResult.body.flags));
+			const { flagId } = flagsResult.body.flags[0];
+
+			const { body } = await helpers.request('get', `/api/flags/${flagId}`, {
+				json: true,
+				jar: moderatorJar,
+			});
+			assert(body.reports);
+			assert(Array.isArray(body.reports));
+			assert.strictEqual(body.reports[0].reporter.username, 'regular');
 		});
 	});
 
@@ -724,16 +748,9 @@ describe('Admin Controllers', () => {
 		let userJar;
 		let uid;
 		const privileges = require('../src/privileges');
-		before((done) => {
-			user.create({ username: 'regularjoe', password: 'barbar' }, (err, _uid) => {
-				assert.ifError(err);
-				uid = _uid;
-				helpers.loginUser('regularjoe', 'barbar', (err, _jar) => {
-					assert.ifError(err);
-					userJar = _jar;
-					done();
-				});
-			});
+		before(async () => {
+			uid = await user.create({ username: 'regularjoe', password: 'barbar' });
+			userJar = (await helpers.loginUser('regularjoe', 'barbar')).jar;
 		});
 
 		it('should allow normal user access to admin pages', async function () {

test/controllers.js

@@ -853,17 +853,11 @@ describe('Controllers', () => {
 		let jar;
 		let csrf_token;
 
-		before((done) => {
-			user.create({ username: 'revokeme', password: 'barbar' }, (err, _uid) => {
-				assert.ifError(err);
-				uid = _uid;
-				helpers.loginUser('revokeme', 'barbar', (err, _jar, _csrf_token) => {
-					assert.ifError(err);
-					jar = _jar;
-					csrf_token = _csrf_token;
-					done();
-				});
-			});
+		before(async () => {
+			uid = await user.create({ username: 'revokeme', password: 'barbar' });
+			const login = await helpers.loginUser('revokeme', 'barbar');
+			jar = login.jar;
+			csrf_token = login.csrf_token;
 		});
 
 		it('should fail to revoke session with missing uuid', (done) => {
@@ -1081,12 +1075,8 @@ describe('Controllers', () => {
 
 	describe('account pages', () => {
 		let jar;
-		before((done) => {
-			helpers.loginUser('foo', 'barbar', (err, _jar) => {
-				assert.ifError(err);
-				jar = _jar;
-				done();
-			});
+		before(async () => {
+			({ jar } = await helpers.loginUser('foo', 'barbar'));
 		});
 
 		it('should redirect to account page with logged in user', (done) => {
@@ -1449,8 +1439,9 @@ describe('Controllers', () => {
 		it('should return false if user can not edit user', (done) => {
 			user.create({ username: 'regularJoe', password: 'barbar' }, (err) => {
 				assert.ifError(err);
-				helpers.loginUser('regularJoe', 'barbar', (err, jar) => {
+				helpers.loginUser('regularJoe', 'barbar', (err, data) => {
 					assert.ifError(err);
+					const { jar } = data;
 					request(`${nconf.get('url')}/api/user/foo/info`, { jar: jar, json: true }, (err, res) => {
 						assert.ifError(err);
 						assert.equal(res.statusCode, 403);
@@ -1518,8 +1509,9 @@ describe('Controllers', () => {
 		});
 
 		it('should increase profile view', (done) => {
-			helpers.loginUser('regularJoe', 'barbar', (err, jar) => {
+			helpers.loginUser('regularJoe', 'barbar', (err, data) => {
 				assert.ifError(err);
+				const { jar } = data;
 				request(`${nconf.get('url')}/api/user/foo`, { jar: jar }, (err, res) => {
 					assert.ifError(err);
 					assert.equal(res.statusCode, 200);
@@ -1706,12 +1698,8 @@ describe('Controllers', () => {
 
 	describe('post redirect', () => {
 		let jar;
-		before((done) => {
-			helpers.loginUser('foo', 'barbar', (err, _jar) => {
-				assert.ifError(err);
-				jar = _jar;
-				done();
-			});
+		before(async () => {
+			({ jar } = await helpers.loginUser('foo', 'barbar'));
 		});
 
 		it('should 404 for invalid pid', (done) => {
@@ -1966,12 +1954,8 @@ describe('Controllers', () => {
 
 	describe('category', () => {
 		let jar;
-		before((done) => {
-			helpers.loginUser('foo', 'barbar', (err, _jar) => {
-				assert.ifError(err);
-				jar = _jar;
-				done();
-			});
+		before(async () => {
+			({ jar } = await helpers.loginUser('foo', 'barbar'));
 		});
 
 		it('should return 404 if cid is not a number', (done) => {
@@ -2238,12 +2222,8 @@ describe('Controllers', () => {
 
 	describe('unread', () => {
 		let jar;
-		before((done) => {
-			helpers.loginUser('foo', 'barbar', (err, _jar) => {
-				assert.ifError(err);
-				jar = _jar;
-				done();
-			});
+		before(async () => {
+			({ jar } = await helpers.loginUser('foo', 'barbar'));
 		});
 
 		it('should load unread page', (done) => {
@@ -2305,21 +2285,10 @@ describe('Controllers', () => {
 		let csrf_token;
 		let jar;
 
-		before((done) => {
-			helpers.loginUser('foo', 'barbar', (err, _jar) => {
-				assert.ifError(err);
-				jar = _jar;
-
-				request({
-					url: `${nconf.get('url')}/api/config`,
-					json: true,
-					jar: jar,
-				}, (err, response, body) => {
-					assert.ifError(err);
-					csrf_token = body.csrf_token;
-					done();
-				});
-			});
+		before(async () => {
+			const login = await helpers.loginUser('foo', 'barbar');
+			jar = login.jar;
+			csrf_token = login.csrf_token;
 		});
 
 		it('should load the composer route', (done) => {