fix: share Unauthorized should be 401 (#659)

teableio · Jun 11, 2024 · 992810a · 992810a
1 parent a30bdf6
commit 992810a
Show file tree

Hide file tree

Showing 3 changed files with 38 additions and 3 deletions.
diff --git a/apps/nestjs-backend/test/share.e2e-spec.ts b/apps/nestjs-backend/test/share.e2e-spec.ts
@@ -14,8 +14,9 @@ import {
   updateViewColumnMeta as apiUpdateViewColumnMeta,
   updateViewShareMeta as apiUpdateViewShareMeta,
   SHARE_VIEW_COPY,
+  SHARE_VIEW_AUTH,
 } from '@teable/openapi';
-import type { ITableFullVo, ShareViewGetVo } from '@teable/openapi';
+import type { ITableFullVo, ShareViewAuthVo, ShareViewGetVo } from '@teable/openapi';
 import { map } from 'lodash';
 import { createAnonymousUserAxios } from './utils/axios-instance/anonymous-user';
 import { getError } from './utils/get-error';
@@ -98,6 +99,41 @@ describe('OpenAPI ShareController (e2e)', () => {
       );
       expect(resultData.data.records).toEqual([]);
     });
+
+    it('password in grid view', async () => {
+      const result = await createView(tableId, gridViewRo);
+      const gridViewId = result.id;
+      const shareResult = await apiEnableShareView({ tableId, viewId: gridViewId });
+      const gridViewShareId = shareResult.data.shareId;
+      await apiUpdateViewShareMeta(tableId, gridViewId, { password: '123123123' });
+      const error = await getError(() =>
+        anonymousUser.get<ShareViewGetVo>(urlBuilder(SHARE_VIEW_GET, { shareId: gridViewShareId }))
+      );
+      expect(error?.status).toEqual(401);
+    });
+
+    it('password in grid view had auth', async () => {
+      const result = await createView(tableId, gridViewRo);
+      const gridViewId = result.id;
+      const shareResult = await apiEnableShareView({ tableId, viewId: gridViewId });
+      const gridViewShareId = shareResult.data.shareId;
+      await apiUpdateViewShareMeta(tableId, gridViewId, { password: '123123123' });
+      const res = await anonymousUser.post<ShareViewAuthVo>(
+        urlBuilder(SHARE_VIEW_AUTH, { shareId: gridViewShareId }),
+        {
+          password: '123123123',
+        }
+      );
+      const resultData = await anonymousUser.get<ShareViewGetVo>(
+        urlBuilder(SHARE_VIEW_GET, { shareId: gridViewShareId }),
+        {
+          headers: {
+            cookie: res.headers['set-cookie'],
+          },
+        }
+      );
+      expect(resultData.data.viewId).toEqual(gridViewId);
+    });
   });
 
   describe('api/:shareId/view/form-submit (POST)', () => {

diff --git a/apps/nestjs-backend/test/utils/axios-instance/anonymous-user.ts b/apps/nestjs-backend/test/utils/axios-instance/anonymous-user.ts
@@ -9,7 +9,6 @@ export const createAnonymousUserAxios = (appUrl: string) => {
   });
 
   anonymousAxios.interceptors.request.use((config) => {
-    config.headers.Cookie = undefined;
     config.headers['X-Anonymous-User'] = true;
     return config;
   });

diff --git a/packages/core/src/errors/http/constant.ts b/packages/core/src/errors/http/constant.ts
@@ -4,8 +4,8 @@ import { HttpErrorCode } from './http-response.types';
 export const ErrorCodeToStatusMap: Record<HttpErrorCode, number> = {
   [HttpErrorCode.VALIDATION_ERROR]: 400,
   [HttpErrorCode.UNAUTHORIZED]: 401,
+  [HttpErrorCode.UNAUTHORIZED_SHARE]: 401,
   [HttpErrorCode.RESTRICTED_RESOURCE]: 403,
-  [HttpErrorCode.UNAUTHORIZED_SHARE]: 403,
   [HttpErrorCode.NOT_FOUND]: 404,
   [HttpErrorCode.INTERNAL_SERVER_ERROR]: 500,
   [HttpErrorCode.DATABASE_CONNECTION_UNAVAILABLE]: 503,