From 992810a33b83dc1689d1749fa319df13f4312026 Mon Sep 17 00:00:00 2001 From: Boris Date: Tue, 11 Jun 2024 15:10:42 +0800 Subject: [PATCH] fix: share Unauthorized should be 401 (#659) --- apps/nestjs-backend/test/share.e2e-spec.ts | 38 ++++++++++++++++++- .../utils/axios-instance/anonymous-user.ts | 1 - packages/core/src/errors/http/constant.ts | 2 +- 3 files changed, 38 insertions(+), 3 deletions(-) diff --git a/apps/nestjs-backend/test/share.e2e-spec.ts b/apps/nestjs-backend/test/share.e2e-spec.ts index 0fd701570..0e27aefe3 100644 --- a/apps/nestjs-backend/test/share.e2e-spec.ts +++ b/apps/nestjs-backend/test/share.e2e-spec.ts @@ -14,8 +14,9 @@ import { updateViewColumnMeta as apiUpdateViewColumnMeta, updateViewShareMeta as apiUpdateViewShareMeta, SHARE_VIEW_COPY, + SHARE_VIEW_AUTH, } from '@teable/openapi'; -import type { ITableFullVo, ShareViewGetVo } from '@teable/openapi'; +import type { ITableFullVo, ShareViewAuthVo, ShareViewGetVo } from '@teable/openapi'; import { map } from 'lodash'; import { createAnonymousUserAxios } from './utils/axios-instance/anonymous-user'; import { getError } from './utils/get-error'; @@ -98,6 +99,41 @@ describe('OpenAPI ShareController (e2e)', () => { ); expect(resultData.data.records).toEqual([]); }); + + it('password in grid view', async () => { + const result = await createView(tableId, gridViewRo); + const gridViewId = result.id; + const shareResult = await apiEnableShareView({ tableId, viewId: gridViewId }); + const gridViewShareId = shareResult.data.shareId; + await apiUpdateViewShareMeta(tableId, gridViewId, { password: '123123123' }); + const error = await getError(() => + anonymousUser.get(urlBuilder(SHARE_VIEW_GET, { shareId: gridViewShareId })) + ); + expect(error?.status).toEqual(401); + }); + + it('password in grid view had auth', async () => { + const result = await createView(tableId, gridViewRo); + const gridViewId = result.id; + const shareResult = await apiEnableShareView({ tableId, viewId: gridViewId }); + const gridViewShareId = shareResult.data.shareId; + await apiUpdateViewShareMeta(tableId, gridViewId, { password: '123123123' }); + const res = await anonymousUser.post( + urlBuilder(SHARE_VIEW_AUTH, { shareId: gridViewShareId }), + { + password: '123123123', + } + ); + const resultData = await anonymousUser.get( + urlBuilder(SHARE_VIEW_GET, { shareId: gridViewShareId }), + { + headers: { + cookie: res.headers['set-cookie'], + }, + } + ); + expect(resultData.data.viewId).toEqual(gridViewId); + }); }); describe('api/:shareId/view/form-submit (POST)', () => { diff --git a/apps/nestjs-backend/test/utils/axios-instance/anonymous-user.ts b/apps/nestjs-backend/test/utils/axios-instance/anonymous-user.ts index b420753a7..0d156eb24 100644 --- a/apps/nestjs-backend/test/utils/axios-instance/anonymous-user.ts +++ b/apps/nestjs-backend/test/utils/axios-instance/anonymous-user.ts @@ -9,7 +9,6 @@ export const createAnonymousUserAxios = (appUrl: string) => { }); anonymousAxios.interceptors.request.use((config) => { - config.headers.Cookie = undefined; config.headers['X-Anonymous-User'] = true; return config; }); diff --git a/packages/core/src/errors/http/constant.ts b/packages/core/src/errors/http/constant.ts index 06dc46b58..679e70ee9 100644 --- a/packages/core/src/errors/http/constant.ts +++ b/packages/core/src/errors/http/constant.ts @@ -4,8 +4,8 @@ import { HttpErrorCode } from './http-response.types'; export const ErrorCodeToStatusMap: Record = { [HttpErrorCode.VALIDATION_ERROR]: 400, [HttpErrorCode.UNAUTHORIZED]: 401, + [HttpErrorCode.UNAUTHORIZED_SHARE]: 401, [HttpErrorCode.RESTRICTED_RESOURCE]: 403, - [HttpErrorCode.UNAUTHORIZED_SHARE]: 403, [HttpErrorCode.NOT_FOUND]: 404, [HttpErrorCode.INTERNAL_SERVER_ERROR]: 500, [HttpErrorCode.DATABASE_CONNECTION_UNAVAILABLE]: 503,