SponsorBlockServer/test/cases/getUserID.ts

402 lines
18 KiB
TypeScript
Raw Normal View History

2021-06-25 09:33:41 +02:00
import fetch from 'node-fetch';
import {Done, getbaseURL} from '../utils';
import {db} from '../../src/databases/databases';
import {getHash} from '../../src/utils/getHash';
describe('getUserID', () => {
before(async () => {
const insertUserNameQuery = 'INSERT INTO "userNames" ("userID", "userName") VALUES(?, ?)';
2021-06-25 09:37:27 +02:00
await db.prepare("run", insertUserNameQuery, [getHash("getuserid_user_01"), 'fuzzy user 01']);
await db.prepare("run", insertUserNameQuery, [getHash("getuserid_user_02"), 'fuzzy user 02']);
await db.prepare("run", insertUserNameQuery, [getHash("getuserid_user_03"), 'specific user 03']);
await db.prepare("run", insertUserNameQuery, [getHash("getuserid_user_04"), 'repeating']);
await db.prepare("run", insertUserNameQuery, [getHash("getuserid_user_05"), 'repeating']);
2021-06-25 17:57:27 +02:00
await db.prepare("run", insertUserNameQuery, [getHash("getuserid_user_06"), getHash("getuserid_user_06")]);
2021-06-25 21:57:41 +02:00
await db.prepare("run", insertUserNameQuery, [getHash("getuserid_user_07"), '0redos0']);
await db.prepare("run", insertUserNameQuery, [getHash("getuserid_user_08"), '%redos%']);
await db.prepare("run", insertUserNameQuery, [getHash("getuserid_user_09"), '_redos_']);
await db.prepare("run", insertUserNameQuery, [getHash("getuserid_user_10"), 'redos\\%']);
await db.prepare("run", insertUserNameQuery, [getHash("getuserid_user_11"), '\\\\\\']);
2021-06-27 05:02:52 +02:00
await db.prepare("run", insertUserNameQuery, [getHash("getuserid_user_12"), 'a']);
2021-06-25 09:33:41 +02:00
});
it('Should be able to get a 200', (done: Done) => {
fetch(getbaseURL() + '/api/userID?username=fuzzy+user+01')
.then(async res => {
if (res.status !== 200) done('non 200 (' + res.status + ')');
else done(); // pass
})
2021-07-04 07:34:31 +02:00
.catch(() => done('couldn\'t call endpoint'));
2021-06-25 09:33:41 +02:00
});
it('Should be able to get a 400 (No username parameter)', (done: Done) => {
fetch(getbaseURL() + '/api/userID')
.then(res => {
if (res.status !== 400) done('non 400 (' + res.status + ')');
else done(); // pass
})
2021-07-04 07:34:31 +02:00
.catch(() => done('couldn\'t call endpoint'));
2021-06-25 09:33:41 +02:00
});
2021-06-25 17:57:27 +02:00
it('Should be able to get a 200 (username is public id)', (done: Done) => {
fetch(getbaseURL() + '/api/userID?username='+getHash("getuserid_user_06"))
.then(async res => {
if (res.status !== 200) done('non 200 (' + res.status + ')');
else done(); // pass
})
2021-07-04 07:34:31 +02:00
.catch(() => done('couldn\'t call endpoint'));
2021-06-25 17:57:27 +02:00
});
it('Should be able to get a 400 (username longer than 64 chars)', (done: Done) => {
fetch(getbaseURL() + '/api/userID?username='+getHash("getuserid_user_06")+'0')
.then(res => {
if (res.status !== 400) done('non 400 (' + res.status + ')');
else done(); // pass
})
2021-07-04 07:34:31 +02:00
.catch(() => done('couldn\'t call endpoint'));
2021-06-25 17:57:27 +02:00
});
2021-06-25 09:33:41 +02:00
it('Should be able to get single username', (done: Done) => {
fetch(getbaseURL() + '/api/userID?username=fuzzy+user+01')
.then(async res => {
if (res.status !== 200) {
done("non 200");
} else {
const data = await res.json();
if (data.length !== 1) {
done('Returned incorrect number of users "' + data.length + '"');
} else if (data[0].userName !== "fuzzy user 01") {
done('Returned incorrect username "' + data.userName + '"');
2021-06-25 09:37:27 +02:00
} else if (data[0].userID !== getHash("getuserid_user_01")) {
2021-06-25 09:33:41 +02:00
done('Returned incorrect userID "' + data.userID + '"');
} else {
done(); // pass
}
}
})
2021-07-04 07:34:31 +02:00
.catch(() => ("couldn't call endpoint"));
2021-06-25 09:33:41 +02:00
});
it('Should be able to get multiple fuzzy user info from start', (done: Done) => {
fetch(getbaseURL() + '/api/userID?username=fuzzy+user')
.then(async res => {
if (res.status !== 200) {
done("non 200");
} else {
const data = await res.json();
if (data.length !== 2) {
done('Returned incorrect number of users "' + data.length + '"');
} else if (data[0].userName !== "fuzzy user 01") {
done('Returned incorrect username "' + data.userName + '"');
2021-06-25 09:37:27 +02:00
} else if (data[0].userID !== getHash("getuserid_user_01")) {
2021-06-25 09:33:41 +02:00
done('Returned incorrect userID "' + data.userID + '"');
} else if (data[1].userName !== "fuzzy user 02") {
done('Returned incorrect username "' + data.userName + '"');
2021-06-25 09:37:27 +02:00
} else if (data[1].userID !== getHash("getuserid_user_02")) {
2021-06-25 09:33:41 +02:00
done('Returned incorrect userID "' + data.userID + '"');
} else {
done(); // pass
}
}
})
2021-07-04 07:34:31 +02:00
.catch(() => ("couldn't call endpoint"));
2021-06-25 09:33:41 +02:00
});
it('Should be able to get multiple fuzzy user info from middle', (done: Done) => {
fetch(getbaseURL() + '/api/userID?username=user')
.then(async res => {
if (res.status !== 200) {
done("non 200");
} else {
const data = await res.json();
if (data.length !== 3) {
done('Returned incorrect number of users "' + data.length + '"');
} else if (data[0].userName !== "fuzzy user 01") {
done('Returned incorrect username "' + data.userName + '"');
2021-06-25 09:37:27 +02:00
} else if (data[0].userID !== getHash("getuserid_user_01")) {
2021-06-25 09:33:41 +02:00
done('Returned incorrect userID "' + data.userID + '"');
} else if (data[1].userName !== "fuzzy user 02") {
done('Returned incorrect username "' + data.userName + '"');
2021-06-25 09:37:27 +02:00
} else if (data[1].userID !== getHash("getuserid_user_02")) {
2021-06-25 09:33:41 +02:00
done('Returned incorrect userID "' + data.userID + '"');
} else if (data[2].userName !== "specific user 03") {
done('Returned incorrect username "' + data.userName + '"');
2021-06-25 09:37:27 +02:00
} else if (data[2].userID !== getHash("getuserid_user_03")) {
2021-06-25 09:33:41 +02:00
done('Returned incorrect userID "' + data.userID + '"');
} else {
done(); // pass
}
}
})
2021-07-04 07:34:31 +02:00
.catch(() => ("couldn't call endpoint"));
2021-06-25 09:33:41 +02:00
});
2021-06-25 20:35:51 +02:00
it('Should be able to get with public ID', (done: Done) => {
2021-06-25 21:57:41 +02:00
const userID = getHash("getuserid_user_06");
2021-06-25 20:35:51 +02:00
fetch(getbaseURL() + '/api/userID?username='+userID)
.then(async res => {
if (res.status !== 200) {
done("non 200");
} else {
const data = await res.json();
if (data.length !== 1) {
done('Returned incorrect number of users "' + data.length + '"');
} else if (data[0].userName !== userID) {
done('Returned incorrect username "' + data.userName + '"');
} else if (data[0].userID !== userID) {
done('Returned incorrect userID "' + data.userID + '"');
} else {
done(); // pass
}
}
})
2021-07-04 07:34:31 +02:00
.catch(() => ("couldn't call endpoint"));
2021-06-25 20:35:51 +02:00
});
it('Should be able to get with fuzzy public ID', (done: Done) => {
2021-06-25 21:57:41 +02:00
const userID = getHash("getuserid_user_06");
2021-06-25 20:35:51 +02:00
fetch(getbaseURL() + '/api/userID?username='+userID.substr(10,60))
.then(async res => {
if (res.status !== 200) {
done("non 200");
} else {
const data = await res.json();
if (data.length !== 1) {
done('Returned incorrect number of users "' + data.length + '"');
} else if (data[0].userName !== userID) {
done('Returned incorrect username "' + data.userName + '"');
} else if (data[0].userID !== userID) {
done('Returned incorrect userID "' + data.userID + '"');
} else {
done(); // pass
}
}
})
2021-07-04 07:34:31 +02:00
.catch(() => ("couldn't call endpoint"));
2021-06-25 20:35:51 +02:00
});
it('Should be able to get repeating username', (done: Done) => {
fetch(getbaseURL() + '/api/userID?username=repeating')
.then(async res => {
if (res.status !== 200) {
done("non 200");
} else {
const data = await res.json();
if (data.length !== 2) {
done('Returned incorrect number of users "' + data.length + '"');
} else if (data[0].userName !== "repeating") {
done('Returned incorrect username "' + data.userName + '"');
} else if (data[0].userID !== getHash("getuserid_user_04")) {
done('Returned incorrect userID "' + data.userID + '"');
} else if (data[1].userName !== "repeating") {
done('Returned incorrect username "' + data.userName + '"');
} else if (data[1].userID !== getHash("getuserid_user_05")) {
done('Returned incorrect userID "' + data.userID + '"');
} else {
done(); // pass
}
}
})
2021-07-04 07:34:31 +02:00
.catch(() => ("couldn't call endpoint"));
2021-06-25 20:35:51 +02:00
});
2021-06-25 21:57:41 +02:00
2021-06-27 05:02:52 +02:00
it('Should be able to get repeating fuzzy username', (done: Done) => {
fetch(getbaseURL() + '/api/userID?username=peat')
.then(async res => {
if (res.status !== 200) {
done("non 200");
} else {
const data = await res.json();
if (data.length !== 2) {
done('Returned incorrect number of users "' + data.length + '"');
} else if (data[0].userName !== "repeating") {
done('Returned incorrect username "' + data.userName + '"');
} else if (data[0].userID !== getHash("getuserid_user_04")) {
done('Returned incorrect userID "' + data.userID + '"');
} else if (data[1].userName !== "repeating") {
done('Returned incorrect username "' + data.userName + '"');
} else if (data[1].userID !== getHash("getuserid_user_05")) {
done('Returned incorrect userID "' + data.userID + '"');
} else {
done(); // pass
}
}
})
2021-07-04 07:34:31 +02:00
.catch(() => ("couldn't call endpoint"));
2021-06-27 05:02:52 +02:00
});
2021-06-25 21:57:41 +02:00
it('should avoid ReDOS with _', (done: Done) => {
fetch(getbaseURL() + '/api/userID?username=_redos_')
.then(async res => {
if (res.status !== 200) {
done("non 200");
} else {
const data = await res.json();
if (data.length !== 1) {
done('Returned incorrect number of users "' + data.length + '"');
} else if (data[0].userName !== "_redos_") {
done('Returned incorrect username "' + data.userName + '"');
} else if (data[0].userID !== getHash("getuserid_user_09")) {
done('Returned incorrect userID "' + data.userID + '"');
} else {
done(); // pass
}
}
})
2021-07-04 07:34:31 +02:00
.catch(() => ("couldn't call endpoint"));
2021-06-25 21:57:41 +02:00
});
it('should avoid ReDOS with %', (done: Done) => {
fetch(getbaseURL() + '/api/userID?username=%redos%')
.then(async res => {
if (res.status !== 200) {
done("non 200");
} else {
const data = await res.json();
if (data.length !== 1) {
done('Returned incorrect number of users "' + data.length + '"');
} else if (data[0].userName !== "%redos%") {
done('Returned incorrect username "' + data.userName + '"');
} else if (data[0].userID !== getHash("getuserid_user_08")) {
done('Returned incorrect userID "' + data.userID + '"');
} else {
done(); // pass
}
}
})
2021-07-04 07:34:31 +02:00
.catch(() => ("couldn't call endpoint"));
2021-06-25 21:57:41 +02:00
});
it('should return 404 if escaped backslashes present', (done: Done) => {
fetch(getbaseURL() + '/api/userID?username=%redos\\\\_')
.then(res => {
if (res.status !== 404) done('non 404 (' + res.status + ')');
else done(); // pass
})
2021-07-04 07:34:31 +02:00
.catch(() => ("couldn't call endpoint"));
2021-06-25 21:57:41 +02:00
});
it('should return 404 if backslashes present', (done: Done) => {
fetch(getbaseURL() + '/api/userID?username=\\%redos\\_')
.then(res => {
if (res.status !== 404) done('non 404 (' + res.status + ')');
else done(); // pass
})
2021-07-04 07:34:31 +02:00
.catch(() => ("couldn't call endpoint"));
2021-06-25 21:57:41 +02:00
});
it('should return user if just backslashes', (done: Done) => {
fetch(getbaseURL() + '/api/userID?username=\\\\\\')
.then(async res => {
if (res.status !== 200) {
done("non 200");
} else {
const data = await res.json();
if (data.length !== 1) {
done('Returned incorrect number of users "' + data.length + '"');
} else if (data[0].userName !== "\\\\\\") {
done('Returned incorrect username "' + data.userName + '"');
} else if (data[0].userID !== getHash("getuserid_user_11")) {
done('Returned incorrect userID "' + data.userID + '"');
} else {
done(); // pass
}
}
})
2021-07-04 07:34:31 +02:00
.catch(() => ("couldn't call endpoint"));
2021-06-25 21:57:41 +02:00
});
it('should not allow usernames more than 64 characters', (done: Done) => {
fetch(getbaseURL() + '/api/userID?username='+'0'.repeat(65))
.then(res => {
if (res.status !== 400) done('non 400 (' + res.status + ')');
else done(); // pass
})
2021-07-04 07:34:31 +02:00
.catch(() => ("couldn't call endpoint"));
2021-06-25 21:57:41 +02:00
});
it('should not allow usernames less than 3 characters', (done: Done) => {
fetch(getbaseURL() + '/api/userID?username=aa')
.then(res => {
if (res.status !== 400) done('non 400 (' + res.status + ')');
else done(); // pass
})
2021-07-04 07:34:31 +02:00
.catch(() => ("couldn't call endpoint"));
2021-06-25 21:57:41 +02:00
});
2021-06-27 05:02:52 +02:00
it('should allow exact match', (done: Done) => {
fetch(getbaseURL() + '/api/userID?username=a&exact=true')
.then(async res => {
if (res.status !== 200) {
done("non 200");
} else {
const data = await res.json();
if (data.length !== 1) {
done('Returned incorrect number of users "' + data.length + '"');
} else if (data[0].userName !== "a") {
done('Returned incorrect username "' + data.userName + '"');
} else if (data[0].userID !== getHash("getuserid_user_12")) {
done('Returned incorrect userID "' + data.userID + '"');
} else {
done(); // pass
}
}
})
2021-07-04 07:34:31 +02:00
.catch(() => ("couldn't call endpoint"));
2021-06-27 05:02:52 +02:00
});
it('Should be able to get repeating username with exact username', (done: Done) => {
fetch(getbaseURL() + '/api/userID?username=repeating&exact=true')
.then(async res => {
if (res.status !== 200) {
done("non 200");
} else {
const data = await res.json();
if (data.length !== 2) {
done('Returned incorrect number of users "' + data.length + '"');
} else if (data[0].userName !== "repeating") {
done('Returned incorrect username "' + data.userName + '"');
} else if (data[0].userID !== getHash("getuserid_user_04")) {
done('Returned incorrect userID "' + data.userID + '"');
} else if (data[1].userName !== "repeating") {
done('Returned incorrect username "' + data.userName + '"');
} else if (data[1].userID !== getHash("getuserid_user_05")) {
done('Returned incorrect userID "' + data.userID + '"');
} else {
done(); // pass
}
}
})
2021-07-04 07:34:31 +02:00
.catch(() => ("couldn't call endpoint"));
2021-06-27 05:02:52 +02:00
});
it('Should not get exact unless explicitly set to true', (done: Done) => {
fetch(getbaseURL() + '/api/userID?username=user&exact=1')
.then(async res => {
if (res.status !== 200) {
done("non 200");
} else {
const data = await res.json();
if (data.length !== 3) {
done('Returned incorrect number of users "' + data.length + '"');
} else if (data[0].userName !== "fuzzy user 01") {
done('Returned incorrect username "' + data.userName + '"');
} else if (data[0].userID !== getHash("getuserid_user_01")) {
done('Returned incorrect userID "' + data.userID + '"');
} else if (data[1].userName !== "fuzzy user 02") {
done('Returned incorrect username "' + data.userName + '"');
} else if (data[1].userID !== getHash("getuserid_user_02")) {
done('Returned incorrect userID "' + data.userID + '"');
} else if (data[2].userName !== "specific user 03") {
done('Returned incorrect username "' + data.userName + '"');
} else if (data[2].userID !== getHash("getuserid_user_03")) {
done('Returned incorrect userID "' + data.userID + '"');
} else {
done(); // pass
}
}
})
2021-07-04 07:34:31 +02:00
.catch(() => ("couldn't call endpoint"));
2021-06-27 05:02:52 +02:00
});
2021-06-25 09:33:41 +02:00
});