Cloning personal items does not work

api/v1/controllers/items.mjs

@@ -736,6 +736,7 @@ export async function clone (req, res, next) {
   const newid = newId()
   const newItem = {
     id: newid,
+    personal: item.personal,
     folderid: item.folderid,
     title: `${item.title} - Copy`,
     kmsid: newData.kmsId,

test/items.spec.cjs

@@ -29,6 +29,47 @@ describe('Items', () => {
     assert.strictEqual(res3.status, 200)
   })
 
+  it('Clone item', async () => {
+    const res1 = await agent
+      .post(`${global.host}/api/v1/folders/sample1/items`)
+      .set('Authorization', `Bearer ${global.userJWT}`)
+      .send(global.itemCreateData)
+      .catch(v => v)
+
+    assert.strictEqual(res1.status, 201)
+    const itemid = res1.body.data.id
+
+    const res2 = await agent
+      .post(`${global.host}/api/v1/items/${itemid}/clone`)
+      .set('Authorization', `Bearer ${global.userJWT}`)
+      .catch(v => v)
+
+    assert.strictEqual(res2.status, 201)
+    const clonedid = res2.body.data.id
+
+    const res3 = await agent
+      .get(`${global.host}/api/v1/items/${clonedid}?key=${global.key}`)
+      .set('Authorization', `Bearer ${global.userJWT}`)
+      .catch(v => v)
+
+    assert.strictEqual(res3.status, 200)
+    res3.body.data.data = await global.decryptBlock(res3.body.data.data, global.key)
+    assert.strictEqual(res3.body.data.data, global.itemCreateData.data)
+
+    // Cleanup
+    const res4 = await agent
+      .delete(`${global.host}/api/v1/items/${itemid}`)
+      .set('Authorization', `Bearer ${global.userJWT}`)
+      .catch(v => v)
+    assert.strictEqual(res4.status, 200)
+
+    const res5 = await agent
+      .delete(`${global.host}/api/v1/items/${clonedid}`)
+      .set('Authorization', `Bearer ${global.userJWT}`)
+      .catch(v => v)
+    assert.strictEqual(res5.status, 200)
+  })
+
   it('Create item, bad data', async () => {
     const res1 = await agent
       .post(`${global.host}/api/v1/folders/sample1/items`)
@@ -179,7 +220,6 @@ describe('Items', () => {
     const res2 = await agent
       .get(`${global.host}/api/v1/items/${itemid}?key=${global.key}`)
       .set('Authorization', `Bearer ${global.userJWT}`)
-      .send(global.itemCreateData)
       .catch(v => v)
     res2.body.data.data = await global.decryptBlock(res2.body.data.data, global.key)
 

test/personal.spec.cjs

@@ -98,6 +98,65 @@ describe('Personal folders', function () {
     assert.strictEqual(res5.status, 200)
   })
 
+  it('Clone item, personal folder', async () => {
+    // Set personal password. Ignore the error, the password could be already set
+    await agent
+      .post(`${global.host}/api/v1/personal/password`)
+      .set('Authorization', `Bearer ${global.userJWT}`)
+      .send({ password: '123' })
+      .catch(v => v)
+
+    const res0 = await agent
+      .post(`${global.host}/api/v1/personal/unlock`)
+      .set('Authorization', `Bearer ${global.userJWT}`)
+      .send({ password: '123' })
+      .catch(v => v)
+
+    assert.strictEqual(res0.status, 200)
+    assert(Object.hasOwn(res0.body.data, 'jwt'))
+
+    const personalJWT = res0.body.data.jwt
+
+    const res1 = await agent
+      .post(`${global.host}/api/v1/folders/user1/items`)
+      .set('Authorization', `Bearer ${personalJWT}`)
+      .send(global.itemCreateData)
+      .catch(v => v)
+
+    assert.strictEqual(res1.status, 201)
+    const itemid = res1.body.data.id
+
+    const res2 = await agent
+      .post(`${global.host}/api/v1/items/${itemid}/clone`)
+      .set('Authorization', `Bearer ${personalJWT}`)
+      .catch(v => v)
+
+    assert.strictEqual(res2.status, 201)
+    const clonedid = res2.body.data.id
+
+    const res3 = await agent
+      .get(`${global.host}/api/v1/items/${clonedid}?key=${global.key}`)
+      .set('Authorization', `Bearer ${personalJWT}`)
+      .catch(v => v)
+
+    assert.strictEqual(res3.status, 200)
+    res3.body.data.data = await global.decryptBlock(res3.body.data.data, global.key)
+    assert.strictEqual(res3.body.data.data, global.itemCreateData.data)
+
+    // Cleanup
+    const res4 = await agent
+      .delete(`${global.host}/api/v1/items/${itemid}`)
+      .set('Authorization', `Bearer ${personalJWT}`)
+      .catch(v => v)
+    assert.strictEqual(res4.status, 200)
+
+    const res5 = await agent
+      .delete(`${global.host}/api/v1/items/${clonedid}`)
+      .set('Authorization', `Bearer ${personalJWT}`)
+      .catch(v => v)
+    assert.strictEqual(res5.status, 200)
+  })
+
   it('Reset personal password', async () => {
     // Delete personal password. Ignore the error.
     await agent