Skip to content
This repository has been archived by the owner on Sep 12, 2023. It is now read-only.

Commit

Permalink
unit(post): ensure post content is validated
Browse files Browse the repository at this point in the history
  • Loading branch information
@KennethTrecy
KennethTrecy committed Nov 15, 2022
1 parent 0d0c049 commit 32610bd
Show file tree
Hide file tree
Showing 2 changed files with 251 additions and 2 deletions.
125 changes: 124 additions & 1 deletion routes/api/post/create.post.spec.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ describe("Controller: POST /api/post", () => {
requester.expectSuccess()
})

it("cannot accept with dangerous tags", async() => {
it("cannot accept with only dangerous tags", async() => {
const controller = new Controller()
const { validations } = controller
const bodyValidation = validations[BODY_VALIDATION_INDEX]
Expand Down Expand Up @@ -87,6 +87,129 @@ describe("Controller: POST /api/post", () => {
expect(body).toHaveProperty("0.source.pointer", "data.attributes.content")
})

it("cannot accept with dangerous tags after", async() => {
const controller = new Controller()
const { validations } = controller
const bodyValidation = validations[BODY_VALIDATION_INDEX]
const bodyValidationFunction = bodyValidation.intermediate.bind(bodyValidation)
const post = await new PostFactory()
.content(() => "Hello<script> world</script>")
.makeOne()
requester.customizeRequest({
"body": {
"data": {
"attributes": {
"attachedRoleID": post.attachedRoleID,
"content": post.content
},
"relationships": {
"poster": {
"data": {
"id": String(post.poster?.id),
"type": "user"
}
},
"posterRole": {
"data": {
"id": String(post.posterRole?.id),
"type": "role"
}
}
},
"type": "post"
}
}
})

await requester.runMiddleware(bodyValidationFunction)

const body = requester.expectFailure(ErrorBag).toJSON()
expect(body).toHaveLength(1)
expect(body).toHaveProperty("0.source.pointer", "data.attributes.content")
})

it("cannot accept with dangerous tags before", async() => {
const controller = new Controller()
const { validations } = controller
const bodyValidation = validations[BODY_VALIDATION_INDEX]
const bodyValidationFunction = bodyValidation.intermediate.bind(bodyValidation)
const post = await new PostFactory()
.content(() => "<script>Hello world</script>!")
.makeOne()
requester.customizeRequest({
"body": {
"data": {
"attributes": {
"attachedRoleID": post.attachedRoleID,
"content": post.content
},
"relationships": {
"poster": {
"data": {
"id": String(post.poster?.id),
"type": "user"
}
},
"posterRole": {
"data": {
"id": String(post.posterRole?.id),
"type": "role"
}
}
},
"type": "post"
}
}
})

await requester.runMiddleware(bodyValidationFunction)

const body = requester.expectFailure(ErrorBag).toJSON()
expect(body).toHaveLength(1)
expect(body).toHaveProperty("0.source.pointer", "data.attributes.content")
})

it("cannot accept with dangerous tags inside", async() => {
const controller = new Controller()
const { validations } = controller
const bodyValidation = validations[BODY_VALIDATION_INDEX]
const bodyValidationFunction = bodyValidation.intermediate.bind(bodyValidation)
const post = await new PostFactory()
.content(() => "Hello<script> world</script>!")
.makeOne()
requester.customizeRequest({
"body": {
"data": {
"attributes": {
"attachedRoleID": post.attachedRoleID,
"content": post.content
},
"relationships": {
"poster": {
"data": {
"id": String(post.poster?.id),
"type": "user"
}
},
"posterRole": {
"data": {
"id": String(post.posterRole?.id),
"type": "role"
}
}
},
"type": "post"
}
}
})

await requester.runMiddleware(bodyValidationFunction)

const body = requester.expectFailure(ErrorBag).toJSON()
expect(body).toHaveLength(1)
expect(body).toHaveProperty("0.source.pointer", "data.attributes.content")
})

it("cannot accept invalid data", async() => {
const controller = new Controller()
const { validations } = controller
Expand Down
128 changes: 127 additions & 1 deletion routes/api/post/update(id).patch.spec.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ describe("Controller: PATCH /api/post/:id", () => {
requester.expectSuccess()
})

it("cannot accept with dangerous tags", async() => {
it("cannot accept with dangerous tags only", async() => {
const controller = new Controller()
const { validations } = controller
const bodyValidation = validations[BODY_VALIDATION_INDEX]
Expand Down Expand Up @@ -88,6 +88,132 @@ describe("Controller: PATCH /api/post/:id", () => {
expect(body).toHaveProperty("0.source.pointer", "data.attributes.content")
})

it("cannot accept with dangerous tags after", async() => {
const controller = new Controller()
const { validations } = controller
const bodyValidation = validations[BODY_VALIDATION_INDEX]
const bodyValidationFunction = bodyValidation.intermediate.bind(bodyValidation)
const post = await new PostFactory().insertOne()
const newPost = await new PostFactory()
.content(() => "Hello<script> world</script>")
.makeOne()
requester.customizeRequest({
"body": {
"data": {
"attributes": {
"content": newPost.content
},
"id": String(post.id),
"relationships": {
"poster": {
"data": {
"id": String(post.poster?.id),
"type": "user"
}
},
"posterRole": {
"data": {
"id": String(post.posterRole?.id),
"type": "role"
}
}
},
"type": "post"
}
}
})

await requester.runMiddleware(bodyValidationFunction)

const body = requester.expectFailure(ErrorBag).toJSON()
expect(body).toHaveLength(1)
expect(body).toHaveProperty("0.source.pointer", "data.attributes.content")
})

it("cannot accept with dangerous tags before", async() => {
const controller = new Controller()
const { validations } = controller
const bodyValidation = validations[BODY_VALIDATION_INDEX]
const bodyValidationFunction = bodyValidation.intermediate.bind(bodyValidation)
const post = await new PostFactory().insertOne()
const newPost = await new PostFactory()
.content(() => "<script>Hello world</script>!")
.makeOne()
requester.customizeRequest({
"body": {
"data": {
"attributes": {
"content": newPost.content
},
"id": String(post.id),
"relationships": {
"poster": {
"data": {
"id": String(post.poster?.id),
"type": "user"
}
},
"posterRole": {
"data": {
"id": String(post.posterRole?.id),
"type": "role"
}
}
},
"type": "post"
}
}
})

await requester.runMiddleware(bodyValidationFunction)

const body = requester.expectFailure(ErrorBag).toJSON()
expect(body).toHaveLength(1)
expect(body).toHaveProperty("0.source.pointer", "data.attributes.content")
})

it("cannot accept with dangerous tags before", async() => {
const controller = new Controller()
const { validations } = controller
const bodyValidation = validations[BODY_VALIDATION_INDEX]
const bodyValidationFunction = bodyValidation.intermediate.bind(bodyValidation)
const post = await new PostFactory().insertOne()
const newPost = await new PostFactory()
.content(() => "Hello<script> world</script>!")
.makeOne()
requester.customizeRequest({
"body": {
"data": {
"attributes": {
"content": newPost.content
},
"id": String(post.id),
"relationships": {
"poster": {
"data": {
"id": String(post.poster?.id),
"type": "user"
}
},
"posterRole": {
"data": {
"id": String(post.posterRole?.id),
"type": "role"
}
}
},
"type": "post"
}
}
})

await requester.runMiddleware(bodyValidationFunction)

const body = requester.expectFailure(ErrorBag).toJSON()
expect(body).toHaveLength(1)
expect(body).toHaveProperty("0.source.pointer", "data.attributes.content")
})

it("cannot accept invalid data", async() => {
const controller = new Controller()
const { validations } = controller
Expand Down

0 comments on commit 32610bd

Please sign in to comment.