disallow empty new warnings

2024-09-19 20:51:19 +02:00 · 2023-09-27 15:09:35 -04:00 · 2023-09-27 15:09:35 -04:00 · 1b5a079bbd
commit 1b5a079bbd
parent ad666ff487
2 changed files with 51 additions and 11 deletions
--- a/src/routes/postWarning.ts
+++ b/src/routes/postWarning.ts
@ -47,6 +47,9 @@ export async function postWarning(req: Request, res: Response): Promise<Response
            const previousWarning = await db.prepare("get", 'SELECT * FROM "warnings" WHERE "userID" = ? AND "issuerUserID" = ? AND "type" = ?', [userID, issuerUserID, type]) as warningEntry;

            if (!previousWarning) {
+                if (!reason) {
+                    return res.status(400).json({ "message": "Missing warning reason" });
+                }
                await db.prepare(
                    "run",
                    'INSERT INTO "warnings" ("userID", "issueTime", "issuerUserID", "enabled", "reason", "type") VALUES (?, ?, ?, 1, ?, ?)',
--- a/test/cases/postWarning.ts
+++ b/test/cases/postWarning.ts
@ -9,8 +9,10 @@ describe("postWarning", () => {
    const endpoint = "/api/warnUser";
    const getWarning = (userID: string, type = 0) => db.prepare("get", `SELECT "userID", "issueTime", "issuerUserID", enabled, "reason" FROM warnings WHERE "userID" = ? AND "type" = ?`, [userID, type]);

-    const warneduserID = "warning-0";
-    const warnedUserPublicID = getHash(warneduserID);
+    const warneduserOneID = "warning-0";
+    const warnedUserTwoID = "warning-1";
+    const warnedUserOnePublicID = getHash(warneduserOneID);
+    const warnedUserTwoPublicID = getHash(warnedUserTwoID);
    const warningVipOne = "warning-vip-1";
    const warningVipTwo = "warning-vip-2";
    const nonVipUser = "warning-non-vip";
@ -23,7 +25,7 @@ describe("postWarning", () => {
    it("Should be able to create warning if vip (exp 200)", (done) => {
        const json = {
            issuerUserID: warningVipOne,
-            userID: warnedUserPublicID,
+            userID: warnedUserOnePublicID,
            reason: "warning-reason-0"
        };
        client.post(endpoint, json)
@ -44,7 +46,7 @@ describe("postWarning", () => {
    it("Should be not be able to create a duplicate warning if vip", (done) => {
        const json = {
            issuerUserID: warningVipOne,
-            userID: warnedUserPublicID,
+            userID: warnedUserOnePublicID,
        };

        client.post(endpoint, json)
@ -64,7 +66,7 @@ describe("postWarning", () => {
    it("Should be able to remove warning if vip", (done) => {
        const json = {
            issuerUserID: warningVipOne,
-            userID: warnedUserPublicID,
+            userID: warnedUserOnePublicID,
            enabled: false
        };

@ -84,7 +86,7 @@ describe("postWarning", () => {
    it("Should not be able to create warning if not vip (exp 403)", (done) => {
        const json = {
            issuerUserID: nonVipUser,
-            userID: warnedUserPublicID,
+            userID: warnedUserOnePublicID,
        };

        client.post(endpoint, json)
@ -107,7 +109,7 @@ describe("postWarning", () => {
    it("Should re-enable disabled warning", (done) => {
        const json = {
            issuerUserID: warningVipOne,
-            userID: warnedUserPublicID,
+            userID: warnedUserOnePublicID,
            enabled: true
        };

@ -126,14 +128,14 @@ describe("postWarning", () => {

    it("Should be able to remove your own warning", (done) => {
        const json = {
-            userID: warneduserID,
+            userID: warneduserOneID,
            enabled: false
        };

        client.post(endpoint, json)
            .then(async res => {
                assert.strictEqual(res.status, 200);
-                const data = await getWarning(warnedUserPublicID);
+                const data = await getWarning(warnedUserOnePublicID);
                const expected = {
                    enabled: 0
                };
@ -145,14 +147,14 @@ describe("postWarning", () => {

    it("Should not be able to add your own warning", (done) => {
        const json = {
-            userID: warneduserID,
+            userID: warneduserOneID,
            enabled: true
        };

        client.post(endpoint, json)
            .then(async res => {
                assert.strictEqual(res.status, 403);
-                const data = await getWarning(warnedUserPublicID);
+                const data = await getWarning(warnedUserOnePublicID);
                const expected = {
                    enabled: 0
                };
@ -161,4 +163,39 @@ describe("postWarning", () => {
            })
            .catch(err => done(err));
    });
+
+    it("Should not be able to warn a user without reason", (done) => {
+        const json = {
+            issuerUserID: warningVipOne,
+            userID: warnedUserTwoPublicID,
+            enabled: true
+        };
+
+        client.post(endpoint, json)
+            .then(res => {
+                assert.strictEqual(res.status, 400);
+                done();
+            })
+            .catch(err => done(err));
+    });
+
+    it("Should be able to re-warn a user without reason", (done) => {
+        const json = {
+            issuerUserID: warningVipOne,
+            userID: warnedUserOnePublicID,
+            enabled: true
+        };
+
+        client.post(endpoint, json)
+            .then(async res => {
+                assert.strictEqual(res.status, 200);
+                const data = await getWarning(warnedUserOnePublicID);
+                const expected = {
+                    enabled: 1
+                };
+                assert.ok(partialDeepEquals(data, expected));
+                done();
+            })
+            .catch(err => done(err));
+    });
 });